Bolstering Endpoint Security

By: John Maddison

For many organizations, endpoint security remains the weak link in their security strategy. While organizations are able to ensure that endpoint clients are installed on company-owned assets, security becomes more challenging when workers use their personal devices for work-related activities. The organizational risks introduced several years ago by BYOD have been compounded as the number of critical business applications and the volume of data being accessed have grown rapidly as a result of ongoing global digital transformation (DX) efforts.

Of course, not all endpoint devices are the same, and each requires a somewhat different approach. Traditional endpoint devices, even those owned by employees, can still be required to install a security client in order to access network resources. Likewise, handheld devices such as tablets and smartphones can be protected using mobile device management (MDM) solutions. And even the most primitive IoT devices can be secured using proximity-based protections.

Laying a proper endpoint security foundation

Like most security issues, success begins with laying the proper foundation. In the case of endpoint security, this begins with two fundamental strategies:

  • Organizations need to implement a comprehensive Network Access Control Any device seeking to access network resources needs to meet certain baseline requirements, such as being malware free. If it a user-based device, then it must also be patched and running a current version of any mandated security software. Once a device meets that criteria, it then needs to be assigned to specific network resources using a variety of contextual criteria, including type of device, business unit it or its user are assigned to, current status of the user, and even physical location or time of day.

More: https://www.csoonline.com/article/3356461/bolstering-endpoint-security.html

Leaked Document Appears to Show NSA Infiltrated Cryptos, Tor, VPN

By: sikur

Capturar

by  C. Edward Kelso

February 2, 2018

A photograph posted on imageboard 4chan appears to show a leaked 21 August 2017 memorandum from the US Army Cyber Protection Brigade. The document alludes to the US Army teaming with the National Security Administration (NSA) in ongoing successful investigations against “Tor, I2P, and VPN,” with a request for additional funding for further projects against cryptocurrencies.

Leaked Document Appears to Show Privacy Solutions Compromised

“The success we have had with Tor, I2P, and VPN,” begins a reportedly leaked picture of a memorandum on imageboard 4chan, complete with Department of Defense letterhead, appearing to be from the United States Army’s Cyber Protection Brigade “cannot be replicated with those currencies that do not rely on nodes. There is a growing trend in the employment of Stealth address and ring signatures that will require additional R&D.”

It has been long assumed government military and law enforcement infiltrated and compromised aspects of The Onion Router (Tor), Invisible Internet Project (I2P), Virtual Private Networks (VPNs), and other ways of masking online activity, but confirmations were hard to come by.

Leaked Document Appears to Show NSA Infiltrated Cryptos, Tor, VPN

The picture in question appears to be legitimate, though a large dose of skepticism is always warranted in cases such as these. It isn’t always clear, either, why someone should wish this information be leaked. Nevertheless, the posted photograph shows an official looking document brought up on a terminal monitor, and just to the right is a Common Access Card or CAC, complete with picture, typical of a Department of Defense employee. In leaks, often easter eggs are left as a tell or clue. That’s not exactly apparent here, and it really could just be an instance of sloppiness.

Another reasonable theory has to do with playing on the notorious fears of the crypto community, which at times can be easily sent into whips of cloak and dagger hysteria. A great way to limit usage of privacy solutions is to send out into the ecosystem rumors of their being anything but, a kind of Machiavellian version of spreading fear, uncertainty, doubt.

MORE: https://news.bitcoin.com/leaked-document-appears-to-show-nsa-infiltrated-cryptos-tor-vpn/?utm_source=OneSignal%20Push&&utm_medium=notification&&utm_campaign=Push%20Notifications

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

VPNs Won’t Save You from Congress’ Internet Privacy Giveaway

By: sikur

ComputerVPNTA-97235709

By Klint Finley

Date: 03.28.2017

GET READY TO say good-bye to your online privacy. Not that you ever really had it anyway.

The House of Representatives voted today to reverse Obama-era regulations preventing internet service providers from selling your web browsing history on the open market. A few Republicans broke rank to vote against the resolution, while Democrats stayed unified in opposing it. (The Senate’s approval last week stuck strictly to party lines.)

The rules, passed by the Federal Communications Commission last year, have yet to take effect. If President Donald Trump signs the resolution, they never will. What’s more, the measure bars the FCC from passing similar protections in the future. Even if Trump were to have an unexpected change of heart, the current FCC chair signaled earlier this month that he would likely kill or suspend the rules anyway. In the meantime, your internet provider is already free to sell your data without your opt-in permission.

MORE: https://www.wired.com/2017/03/vpns-wont-save-congress-internet-privacy-giveaway/?mbid=nl_32817_p3&&CNDID=45504921

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist