OSI Security - Penetration Testing & Web Application Security Consultants
  • Home
  • Try
  • Pricing
  • Services
    • Managed Monthly Penetration Testing Service
    • Managed Quarterly Penetration Testing Service
    • Email Security Review
    • Request a quote for Penetration Testing
    • Bug Bounty Penetration Test
    • Remote Support
  • Solutions
  • Company
    • Advisories
    • Customers
    • News and Press Releases
    • Blog
    • Contact
    • Careers
  • Home
  • Try
  • Pricing
  • Services
    • Managed Monthly Penetration Testing Service
    • Managed Quarterly Penetration Testing Service
    • Email Security Review
    • Request a quote for Penetration Testing
    • Bug Bounty Penetration Test
    • Remote Support
  • Solutions
  • Company
    • Advisories
    • Customers
    • News and Press Releases
    • Blog
    • Contact
    • Careers

Cyber Security on the Cheap

18/5/2017

 
The words ‘Security’ and ‘Cheap’ often instantly arouse suspicion. It will quickly make people question if the product/service being advertised really will secure their assets, as needed. This article however, is not trying to necessarily sell any product, but more just to give advice on what companies can do to mitigate threats to their organisation no matter their financial state.

User Level Security:
For years good practices have been talked about and encouraged in organisations; however, in reality people still don’t follow these recommendations. The best example of this is passwords. Passwords are difficult enough to remember when they’re just a passphrase with a 1 on the end, so when it comes to a random series of different numbers, letters, upper and lower-case characters, it becomes almost impossible to remember. So what is the next logical solution? To write the password down on a sticky note on your computer. All this has done is changed the threat from IT Security to Physical Security. The recommendation for this would be a password vault stored on the user’s computer such as LastPass or KeePass, so that you can store passwords without having to write them down. Be careful to keep an eye out for the latest threats to these programs, and keep them regularly updated, to minimise threats.

Hire a Professional:
This immediately sounds expensive, as industry rates can range from $2000 - $4000 per day. But keep an eye out as there are other companies around that offer competitive rates to this, and still offer a quality service. Using existing IT Staff to look for issues is not as ideal as hiring a Security Expert, but it is definitely not a bad idea. Asking IT Staff to keep systems updated, to shutdown unused ports, and to monitor traffic are all good methods of this.

Software:
Not all good software is expensive. In fact a lot of good open-source security tools can be found online, and installed on a variety of operating systems. If Linux is not an issue to use Kali Linux by Offensive Security, and the Security Onion are great Linux distributions, containing collections of useful open-source security software. Kali Linux comes with lots of software geared at testing security by attempting to break it, while the Security Onion comes with software geared at monitoring and detecting such behaviour.

These are just some of the ways you can mitigate threats to your organisation, no matter the size or the budget. Security is not for the rich, it’s for whoever desires it, and is willing to take steps to improve the security for themselves, or for their organisation.

Comments are closed.
    View my profile on LinkedIn

    Archives

    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    December 2015
    August 2015
    April 2014
    May 2013
    April 2013
    July 2012
    May 2012
    November 2011
    August 2011
    July 2011
    February 2011
    January 2011
    October 2010
    August 2010
    June 2010

    Categories

    All
    Apache
    Backdoor
    Best Practice
    Configuration
    Credentials
    Desktop
    DNS
    Encryption
    Exploit
    Firewall
    Hardening
    HTTP
    HTTP/S
    IDS
    Information Disclosure
    Linux
    Malware
    Man-in-the-middle
    Newsletter
    Patch
    Policy
    Samba
    Server
    Service
    SMB
    SMTP
    Unix
    VPN
    Vulnerability
    Web Browser
    Web Server
    Zero Day

    RSS Feed

OSI Security is an approved supplier to the NSW Government
OSI Security is an approved supplier to the Victorian Government
OSI Security is an approved supplier to the Queensland Government
OSI Security is an approved supplier to the New Zealand Government
Picture
External Penetration Testing
Managed Security Services
​Source Code Review
Web Application Security Testing
Firewall Configuration and Rulesets
WiFi Access Point and Client Auditing
Forensics and Data Recovery
System Hardening and Configuration
Metasploit Pro
Tenable Nessus
Acunetix Web Scanner
Nexpose Vulnerability
Secunia Software Inspection
Elcomsoft Password Cracking
PortSwigger BurpSuite
HP Fortify
 
Contact
Clients
Advisories
Privacy policy
​
Ethics Statement
Disclosure Policy
OSI SECURITY ACN 144 579 751 © 2010 - 2021.
​ALL RIGHTS RESERVED.
Join newsletter

Picture

OSI Security is proud to support a number of recognised charities, development projects and industry groups...

The Australian Computer Museum Society Incorporated
Hackers Helping Hackers
sqlmap.org
Metasploit Framework
2600-AU Australia