Firestorm – how to avoid the latest Next Generation Firewall vulnerability

A new, severe vulnerability in Next Generation Firewalls was earlier this week unveiled by cyber threat detection specialist, Cynet. The vulnerability, dubbed FireStorm, allows an internal entity or malicious code to interact and extract data out of an organisation, completely bypassing the firewall limitation. Continue reading “Firestorm – how to avoid the latest Next Generation Firewall vulnerability” →

The Smart Home Cyber Security Manifesto

At the Smart Homes and Building Association (SH&BA) “Smart Home Breakthrough Summit” last week, a new Cyber Security Manifesto was unveiled by CONTEXT, a leading European IT market analysis company, and the SH&BA Security Panel. Continue reading “The Smart Home Cyber Security Manifesto” →

Prime Minister orders cyber-attacks to test Whitehall security

Earlier this week it was reported that David Cameron had ordered simulated cyber-attacks on every Whitehall department, to discover if government computers that hold the personal information of millions of people are vulnerable to hackers. Continue reading “Prime Minister orders cyber-attacks to test Whitehall security” →

Governance must cover products too

One of the ongoing security debates is about how to get the board of directors engaged in the security of their businesses. The recent article “Ignorance on cyber security no longer an option for boards” is the latest in a long line of reports saying boards must do better. Two things struck me reading this particular article. Continue reading “Governance must cover products too” →

Cars Need a Root of Trust

Fiat Chrysler has suffered a widely publicised attack where hackers remotely killed a Jeep. The resolution has been to send a USB stick in the post to owners, for which they have been criticised. The criticism is in two parts.

Continue reading “Cars Need a Root of Trust” →

How do you evaluate an Information Exchange Gateway solution?

How do you evaluate an Information Exchange Gateway solution? I’ve blogged previously on Cyber Matters about how Information Exchange Gateways (IEGs) need to be built in a flexible manner to meet a variety of customer requirements. The other big question from potential customers is how do they know that they can trust a solution? Continue reading “How do you evaluate an Information Exchange Gateway solution?” →

DNS Tunnelling

A recent project at Nexor required us to look at the challenges of providing access to the DNS from a secure environment. It reminded me of the issues related to DNS tunnelling.
Continue reading “DNS Tunnelling” →

Does Two Factor Authentication Actually Weaken Security?

Readers of this blog will know that I am a strong advocate of two-factor authentication, commenting on it in various blog articles.

This article by Paul Moore caught my attention this week:
Continue reading “Does Two Factor Authentication Actually Weaken Security?” →

The Secure Internet of Things

The Internet of Things (IoT) is big news at the moment, being used as a title for just about everything that interacts with the internet, be it man or machine. In some areas the commentary is just starting to recognise that security and privacy are issues. And as you expect, various players are putting forward their solutions. Continue reading “The Secure Internet of Things” →

Flexibility should come as standard in Information Exchange Gateways

In my role as a Solution Architect regular readers of this blog will know that this year I’ve been heavily involved in Information Exchange Gateways. I was recently over in Brussels at the European Defence Agency (EDA) headquarters to deliver a final presentation on the IEG work we have done for them. Possibly the biggest challenge that came up in the meeting was around the flexibility required in enabling secure information exchange. Continue reading “Flexibility should come as standard in Information Exchange Gateways” →