Penetration tests are a critical part of securing your technological estate. They simulate what a malicious actor would carry out when trying to access your systems. Such testing can identify vulnerabilities that need to be acted on to prevent attacks. Testing should be conducted frequently and after major changes to your network or applications. This article will discuss some of the classic tools that can be used to penetrate your network.
Some of the largest organisations across the globe have been in the news for having their data stolen by hackers. One of the most common sources of breaches is data being taken from Cloud Object Stores. These organisations have been hit with multi-million dollar fines from regulators and incur irreparable damage to their brand. Given the countless security options available on cloud Object Stores, why are they the root of so many data breaches?
Data breaches can occur in various ways. This article will focus on breaches where the data is taken from cloud Object Stores.
Hardening is the process of removing the unnecessary services and configuration and adding a secure framework to resources so that the attack surface area is reduced. Hardening can apply to any technical resource such as virtual machines, databases, containers and networks. It sounds like a no-brainer and an organisation may want to implement every hardening technique possible to achieve an impenetrable fortress for their technology estate. However, not all guidelines should be followed, no matter how good they may sound.
Resources such as virtual machines in the cloud are typically deployed from base images that can be obtained from the…
If you are asking for help, it means you have not planned for being under DDoS attack. You should have.
Distributed Denial of Service (DDoS) has become the most common form of cyber-attack. There have been numerous public cases of organisations being “DDoSd”, rendering their sites and resources to become unavailable. An attack can last from a few minutes to days and can result in major disruption to users and the organisation being targeted.
The goal of DDoS is to disrupt a particular service by sending it more traffic than it can cope with and prevent legitimate traffic from reaching…
In recent years, the growth of Serverless has been monumental. More and more organisations are realising the benefits of the technology of not having to manage the underlying infrastructure and being able to scale on demand. Much of the growth has been haphazard and without a strategy which has lead to security being much of an afterthought.
This article will describe how an organisation can protect its Serverless solution. It will focus on solutions deployed in AWS with its Serverless offering, Lambda. Nevertheless, many of the principles can be applied to all cloud platforms.
Serverless technology enforces the use of…
Virtual Private Networks (VPNs) have been around for decades, providing security for remote access to organisational resources. The technology is mature, common and reliable. However, there is a new kid on the block: Identity-Aware Proxies (IAPs) which form part of the Zero Trust Security Model. IAPs are vying to replace the use of VPNs.
VPNs provide secure access to resources. They are a safe way for users to connect to organisational networks over the internet from remote locations. Once a user is connected to a VPN, they are able to access services, applications and resources that reside within the network.
Major global organisations being involved in security breaches is becoming common. These “mega-breaches” involve the loss of data for 100s of millions of customers. Many of these organisations are recognisable brands that are familiar to most people. Breaches occur when attackers gain access to systems, applications and data of that organisation and their customers. The implications to the organisation for losing control of its technology and data are vast, ranging from regulatory fines, reputational damage to third-party litigation.
This article will examine some of the notable data breaches, how they occurred and how they may have been prevented.
People are always the weakest link in any security chain. They are the number one focus for malicious attackers, particularly when many people are currently working from home because of the Coronavirus crisis. They are isolated and vulnerable to being socially engineered to give up sensitive information. Away from the pack they can be targeted with ease.
This article describes 5 common social engineering techniques that are used by attackers and what can be done to prevent them.
Social engineering is the practice of psychological techniques that are used on people with the intention of eliciting sensitive information from them…
The global Coronavirus crisis has altered everyone’s lives in a way that I’ve never seen. I had been planning to renew the AWS DevOps Engineer Professional Certification when the Coronvirus reached the country. Schools closed and I was told to work from home. The country came to a standstill. I could have easily postponed the studying and the exam until life resumed some form of normality. However, I decided to proceed.
I had passed it 3 years ago and was thinking about not renewing it. The AWS Professional certifications are advanced and they take up a lot of time, effort…
The AWS Well-Architected Framework is used by AWS to help workloads adhere to best practices. AWS partners provide Well-Architected reviews to ensure that customer workloads are configured optimally.
There are 5 pillars which cover: