Collaborate Disseminate
Fastly WAF service was down a while ago, and it has affected a lot of major internet platforms and sites such as Amazon, PayPal, eBay, Spotify, HBO Max, the UK’s main government website – Gov.uk, and many more. This has affected dozens of … Continue reading How can a service like Fastly have such an impact on the Internet? [closed]
What are the possible ways to protect an organization’s web servers from a DDoS attack without giving away your web server’s https private keys?
Many of the common solutions for DDoS protection of a web server (eg CloudFlare) require you t… Continue reading Webserver DDOS protection without giving away private keys (https, tls, ssl)
Image Source: Wikimedia
via The Grugq, come’s an enlightening view focusing on the security mindset of the original architects of the now ubiquitous internet.
If you can tear your sequestered, hunkered-down or quarantined eyeballs away from doomscrol… Continue reading Security Mindset, Indeed
Organisations are still underestimating the risks created by insufficiently secured operational technology (OT). One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful… Continue reading Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality
I always hear people say "test your backups", but I have no idea how that is done in practice when you have to deal with complex infrastructures.
For personal backups it’s easy to rely on something like checksums, because all you… Continue reading How should backups be tested in large offices?
I have an upcoming exam for a Security course. The following question has come up a couple times in past exams and I could use some help formulating an answer.
Suppose a user downloads an unsigned application software (say an
email client… Continue reading If an attacker can inject any code into an email client on a users computer, how can he compromise confidentiality, integrity and availability?
There is the following question on a practice test:
Which service are you addressing by installing a RAID array and load
balancer?
A. Confidentiality
B. Availability
C. Accountability
D. Integrity
The correct an… Continue reading Practice question for Security+ that I think is wrong. Integrity vs availability
I have a Java App running, which prints out messages into STDOUT and also has an active interactive console (also accepts STDIN), when the server has started up.
How do I securely give access to an external person (outside the network) to… Continue reading How do you securely give access to a Java App interactive console (Linux/GNU)?
Maintaining visibility and availability when you suddenly have a large remote footprint takes planning. Continue reading VPN Concerns with Unplanned Remote Employees
We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But… Continue reading How Organizations Can Achieve Security Availability