Security
OSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress
The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of WordPress activity. WordPress is a powerful open-source Content Management System (CMS). Its biggest security weakness has always been its biggest blessing – its extensibility (e.g., plugin,…
Read MoreOSSEC For Website Security: PART II – Distributed Architectures Using Agents and Managers
This article assumes you already have OSSEC deployed. If you need a refresher, refer to the Part I of OSSEC for website security, written March 2013. OSSEC is popular open-source Host Intrusion Detection System (HIDS). It was founded by Daniel Cid, and currently maintained by a very large community of security professionals. Please note that…
Read MoreHow to enable 2FA on Twitter with Authy, Google Authenticator or another Mobile Application
It’s been a long time since I have had to enable 2FA on Twitter and found the process completely infuriating. Twitter’s 2FA configuration uses SMS as the default option, this is no longer advised by NIST. We don’t have to look far to understand why; in the TTP’s leveraged to hijack a customers domain portfolio…
Read MoreTips to Protect Your Domain[s] Investments
A few months back I was working with a customer that was having the worst day of their lives. Attackers had taken full control of their most critical digital asset – their domains and the domains of their customers. The organization affected was an agency. They built and managed sites for their customers and in…
Read MoreA Primer on DNS and Security
If you’re reading this article you’ve interacted with DNS. In fact, you’d be hard pressed to spend any time online and not interact with DNS. Many of us spend very little time thinking about it. By design, it’s a “set-it and forget-it” tool that is often set up on our behalf (e.g., our home network,…
Read MoreHow HTTPS Works – Let’s Establish a Secure Connection
The need to use HTTPS on your website has been spearheaded by Google for years (since 2014), and in 2018 we saw massive improvements as more of the web became encrypted by default. Google now reports that 94% of its traffic on the web is now encrypted. What exactly does HTTPS mean though? And how…
Read More