Thursday, Nov 21, 2024
How true is it that “security is everyone’s responsibility”? I know that in principle this is true but in practice it is exceptionally hard for everyone to understand the context and overall risk.
I was reading yesterday about DevOps being not an easy entry to working in IT as there is often a large amount of different and separated tools that are required. And I had a large discussion with a friend recently about how the industry has become very specialised. When I started developing/engineering, I would often know a bit about lots of things; PHP, Python, Javascript, Server Admin, Networking. Whereas now we almost require experts in a small sub-section of this (Javascript to React to Next.js). But how can you understand security context if you are super-specialised in one area?
...
Thursday, Jan 13, 2022
Had a good moment yesterday. I spent 2 hours “troubleshooting” a problem where I had terminated 2 ends of armoured ethernet in my house… Turns out that I had wired them upside down. Reminded me of years ago getting dusty cabling up buildings in the middle of the night.
Actually, I’m pretty glad that I don’t have to do that anymore.
Striped Orange Orange Striped Green Blue Striped Blue Green Striped Brown Brown
Monday, Jun 28, 2021
There is so much great documentation within the AWS docs, sometimes it is as much about finding the right article to lead the way. I just stumbled on [AWS’s Security Reference Architecture guide(https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/architecture.html)], this is like a treasure map for cloud security fanatics! It’s built around a simple three‑tier web app (web, app, data), but the twist is that every layer is build with security in mind: IAM, logging, network defenses, encryption—you name it, it’s diagrammed and explained. You get clear advice on account structure (Security, Infrastructure, Workloads OUs), where each AWS service fits, how they talk to each other, plus pointers to code templates in CloudFormation or Terraform.
...
Tuesday, Jul 30, 2013
As I am sure most of you are aware, spam, in the case of unsolicited advertising or off-topic posting as opposed to the processed meat, and bots, the ones that remotely attempt to do stuff on your site, are two of the largest problems for any website that allows comments, signups, creation of content or such like. I have recently been looking into ways to prevent spam and bot-based site registrations in Drupal 7, as on several sites we were experiencing that Captcha’s were simply not preventing enough. Using a various combination of the below modules, we were able to prevent up to 90% of the previous spam and bot-based registration with little effect to regular users.
...
Friday, Dec 31, 2010
After the recent period of DDoS (Distributed Denial of Service) attacks on sites which appear to have been linked to Wikileaks; PayPal, Mastercard, Amazon etc. A question arose to me. Is there any way that a business can prevent themselves from being vunerable to DDoS attacks.
Now to define a DDoS attack. Wikipedia defines it as “an attempt to make a computer resource unavailable to its intended users” (DoS Wiki). To use an analogy, if we think of a server as a plughole in a sink. It is a specific size because it can cope with the amount of water that is being poured into the sink. However, what happens if the amount of water (traffic) becomes to great to be emptied. It will spill over the sink.
...
Connect on LinkedIn. Follow me on Twitter. Grab the RSS Feed