It goes without saying that you should always be on top of required updates—we're a couple months into 2016 and Apple has already issued major security updates for OS X and iOS. In some cases, however, users may be partial or restricted to their particular flavor of Apple's flagship OS. Whether you're running Snow Leopard, Yosemite, or El Capitan, the following are 10 tips for fine tuning your OS X instance for a better security posture.
Adding a little bit of structure into one's affairs never hurts, especially when it comes to IT business processes and assets. To this end, various frameworks offer blueprints for achieving key organizational objectives like compliance and security. Three of the more popular frameworks—COBIT, ITIL, and TOGAF—are widely used by enterprises in this regard—let's see how they compare when it comes to bolstering cybersecurity and digital resilience.
Upon its release, Windows 7 was hailed as "the most secure Windows ever"—true enough at the time, but its predecessor Windows Vista didn't exactly set a high bar security-wise. Nonetheless, the updated OS shipped with literally hundreds of security changes and additions, addressing the needs of a more security-conscious home and business user base with features like AppLocker, BitLocker Drive Encryption technology, and more. Despite these improvements, Windows 7 has its own set of critical vulnerabilities—here are the top 11 on the list and how to fix them.
Though Windows Server 2008—with features like hard drive encryption, ISV security programmability, and an improved firewall—is a significant leap forward in terms of security when compared to its predecessor Windows Server 2003, it is certainly not without its own security flaws. The following are the top 20 critical Windows Server 2008 vulnerabilities and tips on how to remediate them.
Apache Tomcat is the leading Java application server by market share and the world's most widely used web application server overall. Currently at version 8, the popular web server has not been without its security flaws, perhaps most famously publicized in this incident of aircraft hacking by security researcher Chris Roberts earlier this year. However, hardening Tomcat's default configuration is just plain good security sense—even if you don't plan on using it on your plane's network. The following are 15 way to secure Apache Tomcat 8, out-of-the-box.
According to Web3Techs, Nginx is the second most popular web server platform behind Apache, which is quite a feat considering the latter’s longstanding footprint in this arena. That said, more high performance websites are using Nginx over Apache for content and application delivery services, and its adoption rate has been steadily increasing over the years for good reason: it’s fast (blazingly so), lightweight, and available on all major OS platforms. The following are 10 important tips for hardening your Nginx deployment against the threat of cyber attacks.
In the pantheon of open source heavyweights, few technologies are as ubiquitous as the MySQL RDBMS. Integral to popular software packages like WordPress and server stacks like LAMP, MySQL serves as the foundational data platform for a vast majority of websites and cloud services on the internet today. Unfortunately, its popularity translates to more commonly known attack vectors and security exploits —the following are 11 ways to shore up MySQL security and protect your data more effectively.
Traditional IT security mechanisms are simply ineffective at protecting today's enterprise cloud and hybrid infrastructures against cyber attackers. For this reason, numerous upstarts have risen to the challenge with innovative approaches to implementing security in the data center and beyond. Two leaders in this category—Tanium and CloudPassage—utilize peer-to-peer and botnet-based technologies for quicker breach detection and remediation. Let' see how the two stack up in this comparison.
It's been said many times before, but is always worth repeating: enterprises need a layered approach to security for combating today's cyber threats. Illumio ASP and AlienVault USM provide just that: working in conjunction with traditional security solutions like firewalls and IDS/IDPS solutions (or in USM's case, providing its own), the two platforms further smooth the attack surface area with features such as policy-based controls, security analytics, and crowd-sourced threat intelligence, among others. Let's see how they stack up in this comparison.
Hackers as portrayed on the big screen are usually sitting hooded in front of a monitor with sleek, shiny black hat tools laid out on the screen. Though in reality such tools in past years were mostly CLI-based, a new generation of penetration testing (pen testing) and ethical hacking tools feature both slick UIs and powerful functionality for testing cyber security controls and posture. In this comparison, we'll look at two of the best: the Kali Linux and BackBox Linux pen testing and ethical hacking distros.
As Redmond's flagship RDBMS solution, SQL Server provides the underlying data platform for a broad range of Microsoft enterprise solutions— from Sharepoint to BizTalk Server. This, of course, makes bolstering SQL Server security a critical necessity for protecting MS-centric infrastructures against attackers. To this end, the following are 11 ways to harden MS SQL Server 2008 security.
The twelfth major release of Apple's flagship desktop and server operating system dropped on September 30th, 2015, bringing with it a host of new and improved features like Split View, a smarter Spotlight, Metal for Core Graphics, and under-the-hood performance improvements, among others. Alas, benefits do not without a price—in this case, myriad of security issues and exploitable vulnerabilities. The following are the top 10 of the lot followed by remediation tips.
PostgreSQL may be the world’s most advanced open source database, but its 82 documented security vulnerabilities per the CVE database also make it highly exploitable. Granted, the popular object-relational database is considered superior to others when it comes to out-of-the-box security, but proper measures are still required to protect web applications and underlying data. The following are 10 common ways to secure your PostgreSQL implementation from cyber attackers.
Network Protocol Analyzers (a.k.a. traffic packet analyzers or sniffers) are essential instruments in the network and/or security professional’s toolbox. The ability to examine traffic in motion across a network is critical for optimizing network topologies, troubleshooting malfunctioning or poorly-performing applications, and perhaps most importantly—identifying and mitigating cyber attacks. In this comparison, we’ll look at two leading network protocol analysis tools—Wireshark and Netcat—to see how they stack up against each other.
Solaris 10 is the most widely deployed Unix operating system on the market, despite flip-flopping between open and close-sourced status multiple times between versions. Notwithstanding, users are well-advised to stay proactive in bolstering the security of deployments. The Center for Internet Security (CIS) provides guidelines for a wide range of enterprise software that can be helpful in this regard—the following are 10 of its security benchmarks for Solaris 10.
OS X may be considered Apple's desktop OS magnum opus, but it certainly hasn't been without its share of vulnerabilities (1,250 to date per the CVE database). The following are the top 11 OS X vulnerabilities and exploitation prevention tips.
Despite crossing over the half-decade mark since its release, Red Hat Enterprise Linux (RHEL) 5 is still in widespread use—and will continue to be supported by Red Hat through November 30th 2020. Security enhancements in later versions of RHEL like improved Security Enhanced Linux (SELinux) and virtual machine security (i.e., Svirt) warrant a timely upgrade, but organizations unable to do so can still bolster RHEL 5 for a strong security posture.
When it comes to software, certain key attributes serve as a litmus test for enterprise-readiness—quality and breadth of support, reporting and policy management capabilities, and scalability are common, among others. Three characteristics in particular are also increasingly important to enterprise automation solutions: the graphical user interface (GUI), integration capabilities, and security.
As the two leading IT automation platforms by market share, Chef and Puppet have been compared against each other extensively—for UpGuard’s recent take, please see Puppet vs. Chef Revisited. In this comparison, we’ll instead approach matters a little differently by comparing and contrasting Hosted Chef—the SaaS version of the product—with the full-fledged, flagship Puppet Enterprise offering.
A long time ago in a datacenter far, far away, developers and operators were writing specialized scripts by hand to manage IT resources. Configuration management (CM) and automation tools integrated these processes into streamlined solutions for delivering repeatable, rapidly deployable IT environments. Well, times they are a changin’ again, and automation tools have evolved—this time into comprehensive IT lifecycle management platforms for automating resource deployment from bare-metal to the application stack.
Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.