A man-in-the-middle (MITM) attack occurs when someone sits between two computers (such as a laptop and remote server) and intercepts traffic
"This person can eavesdrop on, or even intercept, communications between the two machines and steal information.
Man-in-the-middle attacks are a serious security concern. Here's what you need to know, and how to protect yourself.
Two's Company, Three's a Crowd
The 'beauty' (for lack of a better word) of MITM attacks is the attacker doesn't necessarily have to have access to your computer, either physically or remotely. He or she can just sit on the same network as you, and quietly slurp data. A MITM can even create his own network and trick you into using it..."
Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?
"While the extraordinary times in which we find ourselves are creating challenges on many levels, some sectors of society are enjoying a boom.
Cyber criminals are among of the beneficiaries of coronavirus, as the lockdown forces people to adopt often unfamiliar practices, including working from home, that create openings in previously well-protected company infrastructures and networks..."
VPN, cloud, and phishing misunderstandings show up in myths about security and remote work. Security experts break down the truth about how to stay safe
"One of the easiest security risks to overlook? Thinking there is no risk.
That's true when it comes to tools, people, and processes. When you think there's little to no chance of something going awry, your risk exposure often expands. Complacency can cause this mindset and may be a growing risk factor, but we'll get back to that later. Simple misunderstandings are often the root of security overconfidence. We might think we know something, but what if that knowledge is off-base or outdated?..."
Phishing prevention has become essential as more criminals turn towards online scams to steal your personal information
"We've learned to dodge spam emails, but phishing emails can look deceivingly credible. Some are even personalized specifically for you. Since you will likely be exposed to a phishing attack eventually, you'll need to know the red flags. Because scams are nothing new on the web, but phishing is harder to spot than you might think.
Across the web, phishing attacks have baited unsuspecting victims into handing over bank info, social security numbers, and more. Plus, cybercriminals have become even savvier with their disguises. Sometimes these scams hide behind voices you know and trust, like your coworkers, your bank, or even your government. If you so much as click a link, you could be the scammer's next victim..."
People aren't protecting themselves from cybersecurity risks even though they know they should, a study on password psychology by LogMeIn reveals
"Year after year there is heightened global awareness of hacking and data breaches, yet consumer password behaviors remain largely unchanged. Data from the survey shows that 91 percent of people know that using the same password on multiple accounts is a security risk, yet 66 percent continue to use the same password anyway.
With people spending more time online, the evolution of cybersecurity threats and the unchanged behavior in creating and managing passwords creates a new level of concern around online security..."
SSH, which stands for Secure Shell, isn't very secure by default, opting for basic password authentication with no other limits. If you really want to lock down your server, you'll need to do more configuring
"Don't Allow Password Logins - Use SSH Keys
The first thing to do is get rid of password authentication completely and switch to using SSH keys. SSH keys are a form of public key encryption; you have a public key that acts like your username, and a private key that acts like your password (except this password is 2,048 characters long). Your private key is stored on your disk, but is encrypted with a passphrase and ssh-agent. When you go to SSH into a server, instead of asking for your password, the ssh-agent connects to the server using your keys.
Even if you're already using SSH keys, you'll still want to ensure that your password logins are turned off, as the two aren't mutually exclusive..."
Identity and access management tools are adapting with the times, and these five trends are here to meet the challenges of protecting today's complex enterprise networks
"Years of data breaches stemming from credential theft, attacks targeting privileged user accounts and poor password practices have led to a major evolution in identity and access management technology designed to protect enterprise data.
Five IAM trends are addressing the need for greater user account and network protection. They are meant to mitigate the damage that could be done as network perimeters are erased, organizations move more applications to the cloud and enterprises increase overall complexity..."
See all Archived IT - Security articles
See all articles from this issue