The top-down approach to security is when an information security program moves ahead with management approval. The appropriate security funding is secured and there is a proper plan and direction towards the program. This approach is more efficient and generates better results. In short, the top-down approach is a more active and serious approach to security.
In contrast, the bottom-up approach to security is a reactive approach to solving information security concerns. Only after there has been a data breach or several hacking incidents does the company decide to act. This approach will only generate “stop gap” results and not long term results.
Irrespective of our profession we have all encountered the term “firewalls” in our life. We are all glued to our laptops or mobile devices and are constantly engaged in business or personal conversations all the time. These digital and electronic conversations will sooner or later bring the malicious part of the Internet into play. We come across viruses/malicious traffic/ worms/phishing scams all out to steal our personal and business information. Firewalls are a type of countermeasure to stop these elements.
“Password” is the simplest and easiest way to authenticate a user. It is also one of the most easily understood ways to authenticate a user. Recall, that authentication is the process of uniquely identifying a user and making sure that “they are who they are”. The username and password combination is the defacto method of identifying a user in all websites.
We see programming languages all around our digital lives and there have been a few languages that have stood the trials and tribulations of time. Each language is created with a different purpose and sometimes, the whole motive behind it erodes with new technologies.
Have a look at the image below:
Are you squinting and trying to hard to figure what is written in the phrase below?
This was the ‘Captcha’ phrase that was used to differentiate between ‘humans’ and ‘bots’. This has been slowly replaced by the new ‘reCaptcha’. Before we get into the details of the ‘reCaptcha’ let us discuss ‘Captcha’ and what it was meant for.
Each year we hear of numerous security breaches or incidents. Name any organization/social media site and there is a possibility, that you too would have received a message “that there was a security breach but your information may have been compromised or your information is safe”. Given the magnanimity of today’s security scenario, wherein even non-security professionals can understand the repercussions of a security incident, it is but necessary to enforce additional security measures to bolster a home or business environment. It is here that the concept of ‘Defense in depth’ comes to the rescue of novice and experienced security practitioners alike. The meaning of ‘Defense in depth’ and the various components of ‘Defense of depth’ approaches forms the basis of discussion in this post.
We are constantly leaving a large digital footprint while we are moving around the virtual world. These digital footprints cause privacy conscious individuals(and other individuals with different purposes) to seek operating systems and browsers that give more anonymity. . ‘Tails’ ‘the amnesic incognito live system’ is synonymous with anonymous surfing and the perfect OS to escape surveillance. It was first released in 2009 and is funded by the Tor project, Debian and other projects. We will explore the details about Tails, what it is and the corresponding ‘Tor’ network in this post.
Ignorance may make us think that the Internet is a safe place – but the unseen forces that rule the Internet(such as hackers and other network detection tools) always seek to gain an entry into strategic business networks and home networks. The information security industry has borrowed the concept of ‘demilitarization’ from the army to bring in the concept of ‘DMZ’ or ‘Demilitarized zone’ to secure internal networks. DMZ is a semi-secure area in the network that contains important resources.
As a newbie to the world of Information security, we are often bowled by the various security definitions that we encounter in various security posts. We will see the various security terms followed by an in-depth explanation of Vulnerability in this post.