Data Security (Inc. Data Loss Prevention), Cyber Security, Privacy, Website Security, Email Security, Malware/Viruses, Open Source Intelligence, Cyber Security/Product Training

Service Offerings

  • Cyber security training
  • Product reviews
  • Blog or article writing
  • Cyber security consulting for SME & HNWI
View more details here or email me.

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else, email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

Servers added to the IT Security Guide

Details
Category: Blog
A server is the central hub of computers within a network and is often the central store for all computers. Lose it, have it hacked or have it corrupted and you have lost everything. Servers are often more forward-facing than desktops and laptops and servers in the cloud (VPS) are even more forward-facing and need more work to secure them. Out of the box, a Windows server needs quite a few tasks done to ‘security harden’ it. The information below is for a Windows server but some items may apply to other operating systems.................... Read the full page here.

Cloud Computing added to the IT Security Guide

Details
Category: Blog
Cloud computing is the latest fashion in computing and, like it or not, it will be the future. One day computers will barely store anything and you will connect to a remote hosted desktop meaning your desktop computer is no longer in your home but in a data centre somewhere. This of course will reduce costs, make backup easier and mean more flexibility but it opens a whole can of worms around security, continuity and privacy. Before picking a cloud service you really need to investigate and ask a bunch of questions like these................... Read the full page here.

We offer ultra secure online backup...... no you do not

Details
Category: Blog
No this is not a Punch and Judy article, its much more serious than that, its about guarding your data.

Last Saturday night (12th) I stumbled upon a company which offered "ultra secure" web hosting, vps, dedicated servers, hosted email and backup. So I sent them a email asking for more detailed information and securing policy details. In the meantime I thought there "ultra secure" backup option might be useful so I noticed they did a trial and signed up.

The strange thing was is that the login and signup page was http, i.e. not https and no encryption between me and them. So I signed up with a new password and also checked the source code and there was definitely no encryption. I installed the client backup agent and gave it a test folder to do.

It backed up swiftly and appears on the online portal. Great, all seems ok? Now time for some testing so I opened up Wireshark and could sniff the username/password, o/s, url, ips, file names, hard drive addresses - both for the website and backup agent. Shocking! I emailed the provider with what I found and no reply so far.

So the next time a company claims to have military grade security and encryption do not take their word for it! This is the problem with cloud service, you do not know how its controlled.

Read more …

Page 56 of 59