3 min
Komand
SOC Series: How to Choose the Right Skills for Your SOC
Do you have the right mix of skills in your security operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/]? Whether your
SOC is brand new or has been around for years, you need to be sure it’s built to
meet the demands of today’s complex security landscape.
In this post, we’ll define the most important skills any SOC should have today
so you can be sure to have the right mix of people to safeguard your business.
Effective Team and Communication Skills
Regard
3 min
Automation and Orchestration
How to Password Protect Apache Directories with mod_authn_dbd and MySQL on Ubuntu Linux
Synopsis
The mod_authn_dbd is an Apache module that provides the functionality for Apache
to authenticate users with MySQL database. This module provides authentication
front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by
looking up users in MySQL tables. Apache’s mod_authn_dbd supports a wide range
of drivers such as, ODBC, MSSQL, SyBase, MySQL, Oracle, PostgreSQL and SQLite.
This module allows execution of arbitrary SQL for user / password matching and
also support al
3 min
Automation and Orchestration
How To Secure Apache with Let's Encrypt on Ubuntu Linux
Synopsis
Improving your website security has generally been most complicated and
expensive task for every Linux administrator. Let’s Encrypt is a free,
automated, and open certificate authority that provides free X.509 certificates
for Transport Layer Security encryption via an automated process. It is very
complex process to install and add an SSL certificate to a web server. You can
make it easier with the help of Let’s Encrypt. You can easily encrypt data
[https://www.rapid7.com/fundamentals/
4 min
Automation and Orchestration
How to Secure SSH Server using Port Knocking on Ubuntu Linux
Synopsis
Port Knocking is a method used to secure your port access from unauthorised
users. Port Knocking works by opening ports on a firewall by generating a
connection attempt on a set of prespecified closed ports. Once a correct
sequence of connection attempts is received, the firewall will open the port
that was previously closed. The main purpose of port knocking is to defend
yourself against port scanners. Changing your default ssh port is not a secure
method to protect your server, becaus
3 min
Automation and Orchestration
How to Secure MySQL Server on Ubuntu Linux
Synopsis
Now a day database server is very critical and necessary component for any
applications. Databases can be found in everything from web applications, web
server to smartphones and other devices. Most of software applications rely on a
database to store its data. This is the reason why databases are the number one
target of any attackers. Among all the databases MySQL and MariaDB has become
the world’s most popular open source database due to its fast performance, high
reliability and eas
4 min
Introducing Web Server Agents
We at tCell are excited to announce the availability of tCell’s Web Server Agent
(WSA). The WSA joins our stable of agents for JavaScript, Java, Ruby, Python,
Node.js, and .Net, extending our monitoring and protection capabilities to
common web servers (NGINX is available now, and we’re accepting requests to join
the tech preview for Apache and IIS.)
But first, why this move? For that, I’ll need to take you back a few years, when
people were All About that Bass and yelling “Timber”.
In the
2 min
Detection and Response
The Legal Perspective of a Data Breach
The following is a guest post by Christopher Hart, an attorney at Foley Hoag and
a member of Foley Hoag’s cybersecurity incident response team. This is not meant
to constitute legal advice; instead, Chris offers helpful guidance for building
an incident preparation and breach response framework in your own organization.
A data breach is a business crisis that requires both a quick and a careful
response. From my perspective as a lawyer, I want to provide the best advice and
assistance I possibl
23 min
Komand
An Interview with Rebekah Brown, Co-Author of Intelligence-Driven Incident Response
We recently interviewed Rebekah Brown for our Defender Spotlight series
[/2017/08/09/defender-spotlight-rebekah-brown-rapid7/] on the topic of her life
as a cybersecurity defender. When we spoke with her, she also talked in-depth
about how threat intelligence can inform and improve the incident response
lifecycle.
Rebekah practices these concepts in her day-to-day life as a defender, and she’s
even co-authored a book on this very topic called Intelligence-Driven Incident
Response [http://shop.o
3 min
Automation and Orchestration
RSA (Rivest, Shamir and Adleman)
Synopsis
Rivest, Shamir & Adleman (RSA) is the public key cryptosystem. The phenomenon
of data transmission is secured through it. The letters “RSA” are the initials
of the inventor of the system. Four steps are incorporated in this algorithm:
Encryption, Decryption, Key Distribution and Key Generation. After the
development of public-key cryptography, the most famous cryptosystem in the
world is RSA. In order to maintain proper security, the decryption exponent of
RSA must be greater than cer
3 min
Automation and Orchestration
What is Data Encryption Standard (DES)?
Synopsis
The Data which is encrypted by symmetric key method is called Data Encryption
Standard (DES). It was prepared by IBM Team in 1974 and declared as national
standard in 1977. Government was also using cryptography, especially in
diplomatic communication and military. Without cryptography it’s difficult to
interpret military communication. Cryptography was also used in commercial
sector. Federal Information Processing Standard (FIPS) was also working on DES.
FIPS was integrated with comput
4 min
Komand
How to Use Your Threat Model as a Guidepost for Security
The threats you face are unique to your company's size, industry, customer base,
and many other factors. So your approach to protecting your
organization's digital data should be unique, too.
In this post, we’ll cover a framework to develop an effective threat model that
will fits your organization's unique needs.
The Factors that Determine Your Unique Threat Model
There are many factors that can determine your threat model. And while this will
vary from company to company, we've identified th
9 min
How to Prevent XSS Attacks
In my last post, we covered what is XSS and why it’s so hard to prevent, which
can seem overwhelming, given what we know now. With even major web sites making
mistakes should the rest of us just give up unplug our internet connections and
go read a book? Of course not, there are a number of techniques that the
community has developed to mitigate the risks of XSS. Here’s what we can do to
prevent XSS attacks.
Training
The first line of defense is Training the developers. At this point, it is
3 min
Automation and Orchestration
Exploring SHA-1 (Secure Hash Algorithm)
Synopsis
In computer cryptography, a popular message compress standard is utilized known
as Secure Hash Algorithm (SHA). Its enhanced version is called SHA-1. It has the
ability to compress a fairly lengthy message and create a short message abstract
in response. The algorithm can be utilized along various protocols to ensure
security of the applied algorithm, particularly for Digital Signature Standard
(DSS). The algorithm offers five separate hash functions which were created by
National Sec
3 min
Automation and Orchestration
Triple DES, 3-DES Network Encryptor
Synopsis
Triple Data Encryption Algorithm (3DES) is an advancement of the popular DES
standard. 3DES utilizes symmetric key block cipher. Using three unrelated 64
bit keys, 3DES was created to encrypt 64 bit blocks of data. In DES block,
each key is utilized as an input. Without creating an entire new cryptosystem,
3DES can highlight the apparent defect in DES. Through exerting the algorithm
three times in progression with three unlike keys, 3-DES simply enhances the key
size of DES. As DES
3 min
Automation and Orchestration
Understanding Dynamic Multipoint Virtual Private Network (DMVPN)
Dynamic Multipoint Virtual Private Network (DMVPN) is a solution which enables the data to transfer from one site to another, without having the verification process of traffic.