6 min
IoT
NCSAM Security Crash Diet, Week 4: IoT
The final week of our 'Security Crash Diet' series for NCSAM explores what the IoT device purchasing process is like for consumers who want to buy IoT with security in mind. Spoiler: It isn't easy.
2 min
Automation and Orchestration
Why Security Teams Should Embrace (Not Fear) Automation
It’s not the coming of the apocalypse. It’s not the end of the security
profession. And it’s certainly not a bad thing. We’re talking about the rise of
automation. As security threats become a bigger part of the day-to-day concerns
at all types of organizations, bringing in machines has become necessary to keep
up. In fact, security automation can help you become even more valuable as an
employee. Being at the heart of the security orchestration and automation
[https://www.rapid7.com/solutions/s
6 min
Phishing
NCSAM Security Crash Diet, Week 3: Privacy and Backups
In week three of Rapid7's NCSAM 'Security Crash Diet' series, our cybersleuth 'Olivia' tests practical advice on privacy (think location-sharing) and has a few scary moments with backups.
8 min
5 Wrong Lessons From Equifax, and the Missed Opportunity of OWASP
Much ink has been spilled on the Equifax breach, along with plenty of
(well-deserved) public excoriation of all responsible parties, starting from the
top.
However, quantity is no substitute for quality, and certainly not when it comes
to tech journalism. Oftentimes, the content of such articles is dictated by the
need for attention: clickbait first, substance never. As a result, there’s a
missed opportunity to turn a disaster into a teachable moment.
What’s worse is that many people will
1 min
Komand
Everything You Need to Know About Building a Career in Security
Are you thinking about pursuing a career in security? Or have you already
started one, and you’re wondering what it will take to get to the next level?
Perhaps you have been in the security field for a long time, and it’s starting
to feel a little stale?
Regardless of where you are in your journey, we’ve put together a helpful guide
full of valuable information and real-world anecdotes about what it means to
pursue this dynamic and challenging vocation.
Free eBook: Defining Your Career Path as
5 min
Rapid7 Perspective
NCSAM Security Crash Diet, Week 2: Social and Travel
Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.
2 min
Guest Perspective
NIST Standards and Why They Matter
A primer on implementing NIST recommendations by guest author Matt Kelly
2 min
InsightIDR
How to Detect BitTorrent Traffic on your Network
Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.
5 min
Cybersecurity
NCSAM Security Crash Diet, Week 1: Maintenance
One of Rapid7's employees tries a month of different 'security diets' in the spirit of National Cyber Security Awareness Month. Week one highlights the importance of maintenance.
3 min
Komand
SOC Series: How to Choose the Right Skills for Your SOC
Do you have the right mix of skills in your security operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/]? Whether your
SOC is brand new or has been around for years, you need to be sure it’s built to
meet the demands of today’s complex security landscape.
In this post, we’ll define the most important skills any SOC should have today
so you can be sure to have the right mix of people to safeguard your business.
Effective Team and Communication Skills
Regard
3 min
Automation and Orchestration
How to Password Protect Apache Directories with mod_authn_dbd and MySQL on Ubuntu Linux
Synopsis
The mod_authn_dbd is an Apache module that provides the functionality for Apache
to authenticate users with MySQL database. This module provides authentication
front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by
looking up users in MySQL tables. Apache’s mod_authn_dbd supports a wide range
of drivers such as, ODBC, MSSQL, SyBase, MySQL, Oracle, PostgreSQL and SQLite.
This module allows execution of arbitrary SQL for user / password matching and
also support al
3 min
Automation and Orchestration
How To Secure Apache with Let's Encrypt on Ubuntu Linux
Synopsis
Improving your website security has generally been most complicated and
expensive task for every Linux administrator. Let’s Encrypt is a free,
automated, and open certificate authority that provides free X.509 certificates
for Transport Layer Security encryption via an automated process. It is very
complex process to install and add an SSL certificate to a web server. You can
make it easier with the help of Let’s Encrypt. You can easily encrypt data
[https://www.rapid7.com/fundamentals/
4 min
Automation and Orchestration
How to Secure SSH Server using Port Knocking on Ubuntu Linux
Synopsis
Port Knocking is a method used to secure your port access from unauthorised
users. Port Knocking works by opening ports on a firewall by generating a
connection attempt on a set of prespecified closed ports. Once a correct
sequence of connection attempts is received, the firewall will open the port
that was previously closed. The main purpose of port knocking is to defend
yourself against port scanners. Changing your default ssh port is not a secure
method to protect your server, becaus
3 min
Automation and Orchestration
How to Secure MySQL Server on Ubuntu Linux
Synopsis
Now a day database server is very critical and necessary component for any
applications. Databases can be found in everything from web applications, web
server to smartphones and other devices. Most of software applications rely on a
database to store its data. This is the reason why databases are the number one
target of any attackers. Among all the databases MySQL and MariaDB has become
the world’s most popular open source database due to its fast performance, high
reliability and eas
4 min
Introducing Web Server Agents
We at tCell are excited to announce the availability of tCell’s Web Server Agent
(WSA). The WSA joins our stable of agents for JavaScript, Java, Ruby, Python,
Node.js, and .Net, extending our monitoring and protection capabilities to
common web servers (NGINX is available now, and we’re accepting requests to join
the tech preview for Apache and IIS.)
But first, why this move? For that, I’ll need to take you back a few years, when
people were All About that Bass and yelling “Timber”.
In the