Questions tagged [defense]

Defense is the use of security countermeasures to protect the integrity of the information assets in an IT system and/or infrastructure.

Defense is the use of security countermeasures to protect the integrity of the information assets in an IT system and/or infrastructure.

248 questions
303
votes
3 answers

CRIME - How to beat the BEAST successor?

With the advent of CRIME, BEAST's successor, what possible protection is available for an individual and/or system owner in order to protect themselves and their users against this new attack on TLS?
Kyle Rosendo
  • 3,965
  • 4
  • 18
  • 17
172
votes
26 answers

Convince people not to share their password with trusted others

IT workers are usually trusted by their family members who readily share passwords (Facebook, email, twitter, you-name-it!) so they can get easy help to set what-ever-parameter they don't find or explanation of a challenging situation. I always try…
Auzias
  • 1,518
  • 2
  • 8
  • 14
103
votes
19 answers

How to explain to traditional people why they should upgrade their old Windows XP device?

This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using their PCs. The particular issues vary, but this time…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
100
votes
10 answers

Does it improve security to use obscure port numbers?

I recently started a job at a small company where the CTO prefers to host SSH services at obscure, high numbered ports on our servers rather than the well known port 22. His rationale is that "it prevents 99% of script kiddy attacks." I'm curious…
William Rosenbloom
  • 1,516
  • 2
  • 6
  • 12
88
votes
12 answers

What is different about being targeted by a professional attacker?

It is often said that security tools such as firewalls, antivirus programs, etc. are only effective against random, untargeted attacks. If you are specifically targeted by an intentional, professional attacker (e.g. state sponsored, NSA, Chinese…
user2174870
  • 1,378
  • 2
  • 11
  • 13
71
votes
17 answers

Why do law-abiding citizens need strong security?

The layman's counter-argument I run in to for any complaint about inadequate security seems to always take the form: You don't need security if you aren't doing something illegal. This kind of response is frustrating to say the least. In part…
Ian C.
  • 820
  • 6
  • 8
54
votes
4 answers

How secure is 7z encryption?

I have a text file in which I store all my bank details. I compress and encrypt it with 7-Zip using the following parameters: Compression parameters: Archive format: 7z Compression level: Ultra Compression method: LZMA2 Dictionary size: 64…
43
votes
5 answers

What can a hacker do with an IP address?

I have an internet connection with a static IP address. Almost all staff in my office know this IP address. Should I take any extra care to protect myself from hackers?
open source guy
  • 1,909
  • 9
  • 25
  • 27
39
votes
10 answers

Why is it important to apply security best practices when the risk they protect against is very low?

Sometimes, security best practices protect you against attacks that are very improbable. In these scenarios, how do you defend the implementation of such security measures? For example, password-protecting access to the BIOS of a thinclient. A BIOS…
Eloy Roldán Paredes
  • 1,507
  • 12
  • 25
32
votes
6 answers

How safe are employee laptops in China against International corporate espionage?

I recently took a business trip to China. Our IT department told me I could not take my normal machine, and instead gave me a loaner. This loaner had MS Outlook and was linked to my normal company e-mail account. I logged into the corporate…
Stone True
  • 2,022
  • 2
  • 17
  • 25
31
votes
2 answers

What role does clock synchronization play in SSL communcation

We've recently implemented WS Trust security over SSL for our client / server communications. Our application is used by thousands of our customers, spread out all over the world. One of the problems we've had in the past with secure…
mclark1129
  • 413
  • 1
  • 4
  • 6
29
votes
7 answers

When do honest people need privacy or anonymity? (e.g. they have nothing to hide)

I'm having a discussion with someone who thinks they don't need technical measures of privacy or anonymity. Common arguments against needing to care about privacy or anonymity include: Everything about them can be Googled or searched from public…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
28
votes
3 answers

NoScript: How to determine which sites/scripts to whitelist?

NoScript is a great plug-in, both for security and for ad blocking. However, I've found it's not always easy to figure out what scripts need to be permitted on certain pages, to be able to use the features I want while still blocking unnecessary…
Iszi
  • 26,997
  • 18
  • 98
  • 163
27
votes
2 answers

Guidance for implementors of HTTPS-only sites (Server side)

The recent trend in HTTPS attacks is to attack the HTTP protocol. What should I do to increase my site's security if the only protocol I want is HTTPS? Some easy to implement ideas are Implement HTTPS Strict Transport Security Issue the…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
27
votes
4 answers

I detected someone probing my site for weaknesses, what can I do about it?

My site has been getting probed by a bunch of IPs from Morroco (trying to submit forms, trying out potential URLs, trying to execute scripts etc..), I have a strong suspicion it's the same person after observing the pattern of how they behave.…
1
2 3
16 17