October 22, 2013
By Raj Sabhlok, ManageEngine
The Silk Road and NSA spying may be old news, but The Onion Router (Tor) continues to generate interest among Internet users seeking online anonymity. Tor isn’t all upside, though. As I found out, you pay a price for privacy.
To put things in context, Tor hides your online activity, plain and simple. It covers your tracks, including your browsing history, identity and physical location. Tor also anonymizes the websites you visit and their operators.
While such activity might sound inherently nefarious, remember that Tor technology also grants anonymity to people fighting tyranny, oppression and other injustices. And for the record, the Tor Project was initially funded by the U.S. government.
Given the many legitimate, compelling use cases, it may be time to ask if Tor is right for you. Well, I’ve put Tor through its paces and come up with my top five tips to help you decide.
(Photo credit: Wikipedia)
See Full Article: http://ow.ly/q1mAP
October 21, 2013
By Erich Diener, Echopass Corp. Posted by John Casaretto
You know where your most valuable data is stored. Your data is locked safely in a fortress of layered defenses. You’ve protected those treasures with well-configured edge devices, a lean fully-patched DMZ, a tightly woven net of firewall ACLs and an intentional architecture that separates your servers’ functions. Your logs are continually examined and anomalous behavior is analyzed. Your privileged identities are well defined by role and rigorously managed.
Overall, you’re able to sleep well at night knowing that you have a well-oiled machine protecting your company’s — and your customers’ — most valuable data. Right?
There’s Not an App for That
Alas, enterprise-level security is not so simple. There are some incredible apps and hardware available today to support networks and protect sensitive data. But technology is not the silver bullet to solving security concerns. And simply buying more technology won’t make you any safer.
In this age of ever-increasing industry and government enforced compliance and regulations, the cost of a breach or loss of sensitive information can sound the death knell for all but the largest businesses. Ironically your best security assets are three things you’re probably overlooking.
See Full Article: http://ow.ly/q1jbZ
September 12, 2013
By Amy Dusto
Increasing numbers of technology providers offer their products via the “cloud”—or hosted on the Internet rather than as software a retailer licenses and installs on its own machines. But keeping consumer data secure while it moves around the web, rather than between a merchant’s own servers, presents new challenges for merchants and vendors alike, according to the PCI Security Standards Council.
The council is a global forum founded in 2006 by payment card companies American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Its mission is to develop and maintain rules for protecting consumers’ payment card data. In February, it released a new set of guidelines for data security in cloud computing, which outlines the responsibilities of both a vendor and a merchant sharing data over the web, among other things.
This month, Echopass Corp., a cloud-hosted contact center, announced it has updated its technology to meet the new standards. Although the vendor is not a payments processor, it works to comply with PCI standards because customer service agents sometimes handle sensitive customer data, says Dennis Empey, chief information security officer at Echopass. For instance, agents may take Social Security or credit card numbers by phone, he says.
See Full Article: http://ow.ly/oOSZX
By Erich Diener
August 12, 2013
Ever since Black Hat USA wrapped up last week, I’ve been thinking about the irony of attendees going into heightened security mode during the conference itself – like never connecting to open Wi-Fi or encrypting all information stored on your laptop – then likely slipping back into a more lax mode throughout the rest of the year.
You see we’re on guard at events like Black Hat and DEF CON, ready to be pwned at any moment by mischievous hackers. So while these conferences do a great job reminding us of the many emerging methods of hacking – and counteractively, securing – computers, electronics and connected devices, they only come once a year.
But, what if we all acted like Black Hat attendees year-round? Or perhaps more crucially, what if your company acted like a Black Hat attendee every single day, always remaining hyper-vigilant about the latest risks and prepared to mitigate criminal hacks?
Fresh from this year’s Black Hat briefings, here are six ways to make every day a Black Hat day…
See Full Article: http://ow.ly/nOeK6