Category Archives: Security

The Necessity of Securing Backups

April 26th, 2008
Posted in Security | No Comments

Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data […]

Secure Coding: Principles & Practices

August 28th, 2007

I read Graff and van Wyk’s Secure Coding: Principles & Practices to completion, but not because each page was more enlightening than the previous. I realized that the same themes and adages were being repeated constantly after having read half the book. Because it was pretty easy to get midway through the book, I decided […]

Securing SSH Connections

April 26th, 2007

Sure, traffic between an SSH client and server is enciphered, but how can certainty that the correct server is directly processing client requests be enhanced. A man in the middle attack occurs when an SSH server poses as the desired host, and forwards messages between the desired host and the client. The fake SSH server […]

Comments for RFC 959 – File Transfer Protocol

February 13th, 2007

I do not allow people to use Telnet on servers that I manage, because usernames and passwords are transmitted over the network as clear text. As concerned about security as people are, I am surprised at peoples’ insistence on using FTP. FTP, a network protocol that also transmits password information as clear text, continues to […]

Pray for Better, Prepare for Worse

October 21st, 2006

All things mechanical will fail. A lack of sound disaster recovery procedures should keep a knowledgeable IT administrator awake at night. Measures to prevent data loss are needed by many recovery scenarios and are a worthwhile vehicle to discuss the overall need to practice disaster recovery procedures. Data backups are a key component of disaster […]