After having a look at the article, .NET Web Services Security, I feel as though the author was very informative for readers to understand what is required of a .NET secure web service. The article informs readers as to why security in web services is important, and what goes along with that security, such as several authentication techniques, and the log-in method.
Persons looking for insight on creating .NET web services should understand why it is important to include security with that service. Web service are all about connecting businesses, and if your service isn't safe, no one will want to do business with you. If a web service has no authentication or passwords, there will be no way to create a reliable user base for persons to shop / communicate on the web service.
A web service needs authentication, otherwise there is no way to validate that a user is actually who they say they are. Basic authentication requires callers to send credentials to the server. There are several different paths that can be used for authentication on a web service. The following are some of the authentication that the author of the article mentions: Basic Windows Authentication, Digest Windows Authentication, Integrated Windows Authentication, and Custom Authentication.
The log-in method is a very basic method used by a web service to accept a users credentials. It should only be used over HTTPS since credentials are sent over clear text (easily visible, not hidden or encrypted).
I believe that anyone interested in creating a .NET web service should highly consider security as one of their top concerns. If their is no authentication, or even the use of the basic log-in method and its requirements, then two things will most likely happen: Your business won't be trusted by users or especially other businesses, and the web service will probably become a playground for a hacker somewhere who would see an unsecure web service like a child sees a candy store.
Blog by Hans Harvey
Blog Post 11
Sources-
Author: Juval Lowy
Title: .NET Web Services Security
Address: http://www.codemag.com/Article/0307071
Tuesday, November 19, 2013
Tuesday, November 12, 2013
Thoughts on A DHL Delivery which is nothing but Malware - Windows Users Warned of Attack / Email Management and Security
After having a look at the article, A DHL Delivery which is nothing but Malware - Windows Users Warned of Attack, it seems fairly apparent that email systems can come under attack from just about anything. If you aren't a skeptic about something that looks even remotely out of the ordinary, you can get burned. I believe in order to prevent people from falling for phishing attacks, they need to be enlightened to look for the signs of a harmful email.
When recipients received emails from a fake (but legitimate looking) DHL email that a package failed to deliver, recipients cant help but be curious what the email is about. Attached to the email was a link to a webpage or an attachment to a document. If any of the recipients had opened any of the contents within the email, their computers would have been infected with malicious software.
Users need to be cautious at all times, and its not good to be too trusting with emails. Anti-virus and other malware protection can give a false sense of security, and there is no such thing as absolute security.
If an email looks suspicious, its better to not trust it outright. You can Google to see if anyone else has received the email, and to find out the legitimacy of the email. You could go to the legitimate site of the 'supposed' email (not clicking on a link from a suspicious email, but Googling the site) to see if there is any news about it, talking to customer support or something. If you have knowledge with HTML you could have a look at the source code of the email, to try and find anything that looks out of place.
I believe the best advice I would give is to just be a skeptic at all times with your email. Whenever anything looks odd or out of place, go with your gut feeling and second guess an emails legitimacy. It's always better to be cautious, than to risk getting your computer infected with malicious software.
Blog by Hans Harvey
Blog Post 10
Sources-
Author: Graham Cluley
Title: A DHL Delivery which is nothing but Malware - Windows Users Warned of Attack
Address: http://nakedsecurity.sophos.com/2013/03/20/dhl-delivery-malware/
When recipients received emails from a fake (but legitimate looking) DHL email that a package failed to deliver, recipients cant help but be curious what the email is about. Attached to the email was a link to a webpage or an attachment to a document. If any of the recipients had opened any of the contents within the email, their computers would have been infected with malicious software.
Users need to be cautious at all times, and its not good to be too trusting with emails. Anti-virus and other malware protection can give a false sense of security, and there is no such thing as absolute security.
If an email looks suspicious, its better to not trust it outright. You can Google to see if anyone else has received the email, and to find out the legitimacy of the email. You could go to the legitimate site of the 'supposed' email (not clicking on a link from a suspicious email, but Googling the site) to see if there is any news about it, talking to customer support or something. If you have knowledge with HTML you could have a look at the source code of the email, to try and find anything that looks out of place.
I believe the best advice I would give is to just be a skeptic at all times with your email. Whenever anything looks odd or out of place, go with your gut feeling and second guess an emails legitimacy. It's always better to be cautious, than to risk getting your computer infected with malicious software.
Blog by Hans Harvey
Blog Post 10
Sources-
Author: Graham Cluley
Title: A DHL Delivery which is nothing but Malware - Windows Users Warned of Attack
Address: http://nakedsecurity.sophos.com/2013/03/20/dhl-delivery-malware/
Tuesday, November 5, 2013
Thoughts on Database Security: At Rest, but not at risk / Role of Database Activity Monitoring in Database Security
After having a look at the article, Database Security: At rest, but not at risk, It becomes pretty apparent that a large magnitude of companies do not do all that they can or should to prevent database security breaches. About 174 million companies were compromised in 20ll. A survey by the independent Oracle Users group revealed that 31% of the respondents anticipated major data breach. Why then, were all of these companies so unprepared? I believe these companies would benefit from attempting to find potential vulnerabilities in their database security systems, and from finding ways to prevent the vulnerabilities from happening. If these companies don't find the weaknesses to their security systems themselves, others will, and that will have far worse consequences.
It would also be beneficial to make any solutions to vulnerabilities simple. There is a greater possibility that a new vulnerability will be created, if the solution to said vulnerabilities is too complex.
One of the concerns many of these companies may have, is the amount of money it would cost to upgrade their database security systems to an acceptable level. Is it better to save $10,000 and not have an effective security system in place, or have a breach, and have all of your customers information get leaked because you didn't spend that 10 grand?
Businesses are being faced with more and more sophisticated database attacks every year. If they aren't prepared, they will end up as just another statistic on a short blog like the one I found. If businesses want to avoid that, they should adhere to better practices, such as finding and removing vulnerabilities, keeping solutions relatively simple, and spending that extra money to keep up to date with database security systems.
Blog by Hans Harvey
Blog Post 9
Sources-
Author: Mary Brandel
Title: Database Security: At Rest, but not at risk
Address: http://www.csoonline.com/article/712460/database-security-at-rest-but-not-at-risk
It would also be beneficial to make any solutions to vulnerabilities simple. There is a greater possibility that a new vulnerability will be created, if the solution to said vulnerabilities is too complex.
One of the concerns many of these companies may have, is the amount of money it would cost to upgrade their database security systems to an acceptable level. Is it better to save $10,000 and not have an effective security system in place, or have a breach, and have all of your customers information get leaked because you didn't spend that 10 grand?
Businesses are being faced with more and more sophisticated database attacks every year. If they aren't prepared, they will end up as just another statistic on a short blog like the one I found. If businesses want to avoid that, they should adhere to better practices, such as finding and removing vulnerabilities, keeping solutions relatively simple, and spending that extra money to keep up to date with database security systems.
Blog by Hans Harvey
Blog Post 9
Sources-
Author: Mary Brandel
Title: Database Security: At Rest, but not at risk
Address: http://www.csoonline.com/article/712460/database-security-at-rest-but-not-at-risk
Subscribe to:
Posts (Atom)