security Archives - The Silicon Underground

Home » security

What is DNS over TLS?

Dave Farquhar security October 10, 2019October 11, 2019 0 Comment

Web browser manufacturers Google and Mozilla have been taking heat lately for wanting to implement a technology called DNS over TLS. This is an important technology, so let’s talk about what DNS over TLS does and why you need it.

An increasing amount of our communications online is encrypted, which keeps other people from snooping on what we do. Not encrypting our traffic to DNS, which is the Internet’s phone book, makes it possible to see who we’re communicating with online, even though the communications themselves aren’t visible. DNS over TLS seeks to close this huge privacy gap. When your operating system says your connection is secured, it’s only talking basic security.

Deliberate security threats

Dave Farquhar security October 1, 2019October 5, 2019 0 Comment

A friend of a friend suggested to me that I should carefully preserve my Commodores and other vintage computer gear, because it’s the only secure computer equipment available. I said I don’t complain too loudly since security is my job. He then said I’ll always have a job, because so many security threats are deliberate. While he’s not wrong, saying all security threats are deliberate is unhealthy. Here’s why.

Deliberate security threats certainly exist, because planting backdoors in the supply chain is the best way to get into certain highly sensitive networks. But I’ll argue that more security threats are honest mistakes than intentional sabotage.

Cyber security degree or certifications?

Dave Farquhar security September 24, 2019September 3, 2019 0 Comment

From time to time I get questions from people looking to break into my field. Here’s a good one: What’s better to get, a cyber security degree or certifications?

If you’re in school now, get the degree. But if you’re not currently in school, and can learn on your own, the certification route is much cheaper, and probably faster. The key is having something on your resume that gets you through HR, and most companies know they can’t demand both.

Why patching can make your Kenna score go up instead of down

Dave Farquhar security September 18, 2019August 25, 2019 0 Comment

Kenna is a revolutionary vulnerability management tool. It completely changed my approach to vulnerability management. But it can be hard to get used to. The most maddening thing about it is how you can deploy an update, and then your Kenna score increases. That’s not the outcome you wanted. Here’s why patching can make your Kenna score go up instead of down, and what to do about it.

Kenna’s math is tricky, but the thing to remember is the risk score isn’t exactly an average. Once you deploy enough patches for high-risk vulnerabilities, your risk score will start to drop as expected. The key is sticking with it long enough for the score to drop.

How does Nessus detect vulnerabilities?

Dave Farquhar security September 16, 2019August 24, 2019 0 Comment

Nessus is a popular vulnerability scanner, but there are some misconceptions about what it does and how it works. So how does Nessus detect vulnerabilities, and why is that important? Let’s explain.

Nessus detects vulnerabilities in two major ways, either by scanning ports or scanning files. Scanning files requires it to log in to the system, but it is considerably more accurate.

Copy an option profile in Qualys

Dave Farquhar security September 11, 2019August 24, 2019 0 Comment

Since I don’t do it very often, I always forget how to copy an option profile in Qualys. So here’s how, even if I’m the only one who ever can’t remember.

Sometimes I need to make a copy of an option profile so I can make a change to it without building a new one from scratch.
Read more

What does secured mean for Internet access?

Dave Farquhar security September 9, 2019October 11, 2019 0 Comment

Both Windows and your web browser go out of their way to tell you if your Internet connection is secured, or not secured. Secured certainly sounds better than not secured. But what does secured mean for Internet access? Let’s talk about it.

“Secured” is a friendly word to say your network connection is encrypted. But what that means, exactly, depends on whether it’s your web browser or your operating system saying the connection is secure. The most important thing to remember is that in this case, your browser can compensate for Windows, but Windows can’t compensate for the browser.

Confirmed vs potential vulnerabilities in Qualys

Dave Farquhar security September 5, 2019August 11, 2019 0 Comment

When you’re looking at a vulnerability scan, you may find several types of line items on the report. Two of them are confirmed and potential vulnerabilities. Let’s take a look at confirmed vs potential vulnerabilities in Qualys.

Potential vulnerabilities are incomplete, in that they show an indication of vulnerability, but not enough for Qualys to confirm it. Confirmed vulnerabilities are more reliable, as Qualys was able to pinpoint a vulnerable file or setting on the system. In some scan results, Qualys refers to potential vulnerabilities as “practice.” As far as Qualys is concerned, practice and potential are interchangeable terms.

Is USB blocking misguided security?

Dave Farquhar security August 29, 2019October 11, 2019 0 Comment

Blocking USB ports on corporate computers certainly is an inconvenience. But it’s something many companies do in the name of security. The question is, is USB blocking misguided security? Does it solve a problem, or just create others?

There are serious security concerns with USB devices, besides the danger of people copying huge troves of corporate data onto a USB stick and taking that information with them. That’s why many companies, and the government, limit what you can use USB for, or sometimes block it completely.

Qualys vs Kenna

Dave Farquhar security August 21, 2019September 5, 2019 0 Comment

Qualys and Kenna’s relationship is complicated. Several years ago the two companies were partners until Qualys tried to clone Kenna. Now, to hear Qualys talk, you don’t need Kenna anymore if you have Qualys. So let’s look into Qualys vs Kenna in regards to that claim.

← Previous