Category Archives: Secure IT -FAQ

Practical Security: Browser Security Settings


August 06, 2014

By Norman Yue (CTO)
Originally published: http://advancedpersistentjest.com/2014/07/22/practical-security-browser-security-settings/

This series of blog posts will aim to look at some “quick wins”, which an organisation or a security team (or even interested users) can realistically put into place immediately, what they are, and how they impact both security and usability.

This is not aimed at being remotely comprehensive, or reaching a “perfect” state of security – while a few people might browse the Internet with non-HTML non-image content off by default, we realize this probably isn’t feasible for most users, and having an actual Security Policy based on what you actually need is a Really Good Idea [tm].

While most people (and by extension, organisations) simply take their browser for granted, modern browsers typically have a slew of settings (not necessarily explicitly related to security) which can impact the security context for end-users. Here are a few “quick win” solutions which can easily be put in place, with minimal impact for users. Continue reading

[FAQ] Protecting my RFID Card


March 12, 2013

RFID is a type of wireless technology, used by many organisations to provide access control for buildings.

RFID (Radio Frequency IDentification) Cards allow you to obtain sensitive information to help identify objects that have been fitted with special RF identification tags in order to easily manage assets and materials, determine access control and track inventory.

Being able to identify and account for items so quickly and easily, it is vital that we secure these cards adequately.

Here are some ideas on how to protect your RFID card; Continue reading

Online Frauds and Scams – how safe are you online?


March 05, 2013

By Helen Teixeira, Securus Global

Originally published in Profile Financial Services – Summer 2013 Newsletter

“Technology is a queer thing. It brings you great gifts with one hand – and it stabs you in the back with the other.”

This quote from CP Snow (a respected 20th century UK scientist and author) could have been written specifically for the internet age. This incredible resource, which has brought us unimagined access to knowledge and huge productivity growth, hasn’t come without a cost. These tools are now available to fraudsters and scammers as well as legitimate individuals and businesses, and they are being used to serve criminal as well as positive ends. This article looks at who the attackers are, how they attack, and what you can do to protect yourself online.

How big is cybercrime?

According to the ABS, between 2007 and 2011 the number of victims of personal fraud in Australia increased from just under 800,000 to almost 1.2 million – an increase of 50% in just a few short years*. Around the world, “Cybercrime” is a well-funded, sophisticated global industry estimated to be worth around USD 388 billion annually – bigger than the legitimate global travel industry***. Continue reading

[FAQ] Security Considerations for Customised Off The Shelf (COTS) Product Security


February 27, 2013

Introduction

There are a number of elements that relate to the early stages of the Software/System Development Lifecycle (SDLC) that should be considered in regards to security. Unfortunately, for a number of projects, our company becomes involved at the final stages of the process, which often results in highlighting a lack or ineffective due diligence at the early phases. It is difficult to manage a project where the software is found out to be inherintly insecure and often leads to excessive launch delays, greatly increased budget requirements for additional resolution or even an outright cancelling of an expensive project.

While many people hate the analogy of “buying a car” when it is applied to IT, it is actually particularly relevant for product selection. In both cases, you have to be wary of products being rebadged, inferior internals within the product, whether it performs well in a test drive, an inability to easily conduct ongoing maintenance and poor after-purchase support.

Surely if I bought a product from a large software vendor everything would be fine?

A product that carries the supposed weight of a large multinational corporate has absolutely no bearing on its quality. Keep in mind that large corporates typically tend to conduct company acquisitions today rather than gamble on developing a product from scratch internally. The quality of the product is usually directly dependent on the company who authored the software – whom you may not have even heard of.

Continue reading