iOS Security

I’m sure both Google and Apple take security seriously when it comes to their mobile OS. But I actually place my trust in Apple over Google because Apple is the creator of the device and the OS. With that said they don’t allow people to look at their source code. Apple also does a pretty decent job of gatekeeping their App Store. Google Android source code can be modified to run on different hardware platforms and each of these hardware vendors have their own set of privacy and security policies. Software and the data can get messy and over complicated. With Apple, you get Apple policy. Read more here.

I would like to share this news with you because it made me happy:

https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/

ALERT: Fake Lightning cable

If you are an Apple user please be aware of where you get your lightning cable from. Don’t borrow one from someone. Don’t accept or purchase a cable that doesn’t come from Apple directly.

A hacker has modified a Lightning cable in order to gain remote access to your device. I believe it works via wireless so the attacker needs to also be in close proximity to your device.

Read more here.

Browser privacy settings

If you run Chrome or Firefox or any other of the popular browsers you can do a few things to the settings in order to keep your data a little more private.

I’m talking more specifically about Google Chrome right now, but the same concept applies to all.

Here’s some settings to look for:

  • Turn off sync and services
  • Turn off offer to save passwords
  • Turn off payment methods
  • Turn off Addresses and more
  • Turn off allow Chrome Sign in
  • Turn ON Do Not Track
  • Turn off Allow sites to check for payment methods
  • Turn off Preload Pages
  • Site Settings – Notifications – Do not allow any sites to use notifications or prompt for them

These are just a few of the settings you can use to your advantage with any browser. Just make sure you check all your settings before using a specific web browser.

CEH

Redirecting my efforts toward a CEH cert instead of a CISSP.

CEH is more of what I’m looking for in terms of technical level. It’s a nice complement to my formal education and years in the field.

Learn more in this video

Australian Cyber Security Guide

Please read this guide for context.

I love the attempt here to outline a simple strategy for defending technology assets. I will take what the Australian Government has laid out here and build upon it as it is a good foundation. Sometimes, it seems a nearly impossible task, but with the right energy focused on the right target, you’ll have a better chance at success.

Another perspective on these building blocks could be the Australian Government showing us their thought processes and internal and external defense perimeter. In a sense, giving the dark forces an advantage by providing a blueprint for how their systems are defended and in reverse, compromised.

To be honest, if an organization hasn’t already laid out these essential building blocks for defense, they are behind the 8 ball.

Advanced security controls

Many people are looking for a place to put their data and keep it private. Or not private, in some cases. What can you do to ensure highest security standards are in place and your data is protected from bad actors?

Previously, I wrote a document covering some basic cyber security guidelines for the average computer user. Now, it is necessary that I attempt to cover the broad range of security measures available to IT professionals. I recommend using the highest security standards wherever possible.

Each scenario is different, but there is a baseline level of standards we need to define. I am not trying to re-invent the wheel here, just point you in the right direction. Therefore, I have a few resources that will help identify the target areas:

  1. NIST – Security and Privacy Controls for Federal Information Systems and Organizations (2015)
  2. FedRAMP Security Controls Baseline.xlsx (2018)

Please also feel free to read any other cyber security publication from your field, as it may be helpful in your specific environment.

Facebook Data

Told you so: Click Here and here

It’s only the beginning folks. Someone is collecting and analyzing it all. Beware.

I’ll say yes, I have a FB account, however, I don’t enter factual data. For example: I am from Slovakia.