3 min
Detection and Response
How to Detect Devices on Your Network Running Telnet Services
Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
2 min
Should Security Teams Use CSP Nonces to Better Comply with PCI?
This week, tCell sponsored BSidesSF [https://bsidessf.org/]. Many things I’ve
heard about the conference proved to be true, and the technical depth of
conversations I had at our table was definitely enough to keep me on my toes.
One of the most interesting conversations was with a company that wanted to talk
about Content Security Policies (CSP). They had come to the conclusion that new
revisions of the PCI security standards [https://www.pcisecuritystandards.org/]
would require that they imple
4 min
InsightIDR
How to detect weak SSL/TLS encryption on your network
In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min
InsightIDR
How to detect new server ports in use on your network
In this blog, we discuss how to detect new server ports in use on your network.
2 min
Stateful WAF AKA the Bronze Age
The first post in this series kicked off our history series on the development
of web application firewalls
[/stateless-web-application-firewall-aka-the-stone-age], with a discussion of
what the earliest technology was capable of. Early WAFs were based on pattern
recognition. That made them fast, but it also made it easy for attackers to
sidestep the rigid patterns that were the building blocks of the first-gen WAF.
If the problem is that stone age WAFs have stateless rules, then the obvious
4 min
Coinhive: Making Other People’s Web Browsers Mine Cryptocurrency
Over the weekend, we had a discussion at tCell about cryptocurrency, because
there was a rash of stories
[https://scotthelme.co.uk/protect-site-from-cryptojacking-csp-sri/] about
cryptocurrency mining being done through malicious JavaScript. (Scott Helme of
securityheaders.io [https://securityheaders.io/]noted that the Information
Commissioner’s Office, the UK’s data privacy regulator, was among the many web
sites affected [https://twitter.com/Scott_Helme/status/962684239975272450].)
According
4 min
XSS Bug Reports Made Easy
When attackers compromise a website with XSS
[/2017/08/why-is-cross-site-scripting-so-hard], it is important to understand
what actually happened leading up to the exploit, as well as information on how
the exploit was performed, and have clear information on how to remediate.
The importance of this was recently illustrated to me in working with one of our
customers on an alert triggered by an XSS [/2017/08/prevent-xss-attacks] exploit
on the customer’s web application. This blog is an accoun
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
2 min
Think Like a Hacker: Going Beyond Network Security
From health care companies to credit agencies and telecommunication firms,
hackers didn’t hold back in 2017. With no simple solution to hacking on the
horizon, it’s a safe bet that 2018 will come with its own share of data
breaches, compromises and concerns.
Short of pulling the plug and living in the dark, how can companies protect
their data and beat hackers at their own game?
It’s all in your head.
Key Characteristics To Thinking Like A Hacker
Here’s the bottom line: IT security fai
6 min
Automation and Orchestration
How to Choose a Security Orchestration and Automation Platform
In the market for a security orchestration and automation platform
[https://www.rapid7.com/solutions/security-orchestration-and-automation/] but
don’t know what solution is right for you? Or perhaps you’ve made some rushed
decisions with past products and want to take a more careful approach this time
around? We get it — sifting through all different security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/] options on the
market today is no walk in the park. At the end
2 min
Protecting Your Web Site from the Doubleclick XSS Vulnerability
Advertising largely supports free content on the Internet, and many significant
sites rely on DoubleClick for Publishers (DFP), Google’s advertising platform
for publishers to monetize their traffic. Unfortunately for the AdOps world, DFP
has been hosting cross-site scripting (XSS)-vulnerable ads since 2015! Ouch.
You’re writing compelling content for your readers and using Google ads to pay
the bills. Google has tools for you, and you’ve just found out that these tools
could compromise your
2 min
Detection and Response
Firewall Reporting Excessive SYN Packets? Check Rate of Connections
In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.
3 min
Deploying CSP Properly
Browser makers began implementing the Content Security Policy, or CSP
specification back in 2011. Since then, many development teams and organizations
have adopted CSP wholeheartedly to try and thwart XSS attacks, but it seems the
effort may have been wasted for the majority.
To analyze recent CSP adoption, Google performed an Internet-wide analysis [1]
on a search engine corpus of approximately 100 billion pages from over 1 billion
hostnames; the result covers CSP deployments on 1,680,867 hos
4 min
Automation and Orchestration
How to Securely Handle a Lost or Stolen Device: A Practical Workflow
It’s 10pm and you receive an email from a teammate that their laptop was stolen
at a local networking event. You learn that not only was their computer
unlocked, but they were logged into their company email and Salesforce accounts
at the time the device was stolen.
Devices like laptops and phones hold a lot more value than the technology
itself. Everything from customer data to company files and account logins are
stored and easily accessible on these devices, making them easy targets for data
4 min
Automation and Orchestration
Security Career Paths: Common and Unique Roles
Security is one of the most in-demand roles today. According to recent numbers
[https://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html]
, the demand for security workers is expected to grow to 6 million worldwide by
2019. So how do you get into or grow your career in security?
What makes security so interesting is the many directions you can take —
traditional or not. This post will walk you through how to build