User management is an important task of the administrator. He or she sets up users and user IDs and assigns or revokes access authorizations for IT systems or applications. User administration can be performed directly locally in the system concerned or via an externally connected, centralized database solution. In today’s digital age, user management plays … Read more
The WLAN encryption standard WPA3 (Wi-Fi Protected Access 3) was adopted in June 2018 as an addition to the existing standard WPA2. WPA3 brings significant improvements in authentication and encryption. It is also expected to simplify the configuration of WLAN devices and increase security at public hotspots. In an increasingly interconnected world, securing our digital … Read more
Active Directory is a directory service from Microsoft. With the help of the service, objects and resources in a Windows network can be managed centrally and access can be controlled. The structure of a company or an organization can be reproduced logically with an Active Directory. The delimitation of the different areas is realized via … Read more
Welcome, fellow digital explorers! Have you ever wondered about those secret digital chinks that mischievous hackers exploit? Well, you’re in for a treat! Today, we’re diving headfirst into the fascinating world of security vulnerabilities. Buckle up and get ready for a wild ride as we uncover the hidden truths behind these sneaky weak spots that … Read more
A Threat Intelligence Service provides up-to-date information on the threat situation of IT security due to cyber attacks and other threats. For this purpose, the service collects data from various sources and makes it available in processed form. In today’s complex and rapidly evolving security landscape, ensuring the safety and protection of nations and their … Read more
A public key infrastructure (PKI) is a security infrastructure that provides services for the secure exchange of data between communication partners. With the help of the PKI, certificates and the affiliation of public keys can be verified. What is PKI? PKI stands for Public Key Infrastructure. It is a framework of technologies, policies, and procedures … Read more
The Layer 2 Tunneling Protocol (L2TP) represents an evolution of PPTP and L2F and is standardized in various RFCs. With the Layer 2 Tunneling Protocol, protocols of the data link layer (Layer 2) of the ISO/OSI layer model can be tunneled over IP networks. Together with IPsec, it can be used for secure VPN connections. … Read more
Bring Your Own Key describes a concept for the encrypted storage of data on the platform of a cloud provider. It is not the provider who generates and manages the necessary key material, but the user or customer. BYOK offers a higher level of security. For even greater security, concepts such as BYOE (Bring Your … Read more
The Certified Cloud Security Professional is a certification from (ISC)². The certification is aimed at people who work in the cloud and IT security environment. With certification, they demonstrate in-depth knowledge of cloud security of various topics. For the CCSP, proof of several years of experience in various cloud topics is required. As the world … Read more
Intrusion detection or intrusion prevention system (IDS / IPS) is a security solution that monitors a network or a network component such as a server or a switch and attempts to detect rule violations and harmful incidents such as hacker attacks, which are then partially averted automatically. We show how IDS and IPS differ and … Read more
Have you ever wondered how devices on your home network can connect to the vast world of the internet? Or how companies manage to conserve public IP addresses while still enabling communication between their internal networks and the outside world? The answer lies in a fundamental networking technology called Network Address Translation, or NAT. In … Read more
The Certified Information Systems Security Professional (CISSP) certification provides IT professionals with evidence of comprehensive knowledge in the area of IT security. The certification was developed by the Information Systems Security Certification Consortium (ISC)². To obtain the certification, theoretical knowledge and practical experience must be demonstrated. Cybersecurity plays a critical role in safeguarding sensitive information … Read more
With the help of a command-and-control server, botmasters control the infected computers of a botnet. Commands can be sent to individual or all computers, for example, to launch distributed denial of service (DDoS) attacks. Receiving data from the botnet computers and other activities are also possible. The number and structure of networking of C&C servers … Read more
In today’s digital landscape, network security plays a crucial role in safeguarding sensitive information and ensuring the smooth functioning of business operations. With the rise of cloud computing, organizations are increasingly adopting cloud platforms like Microsoft Azure to host their applications and data. One essential component of securing network traffic in Azure is the Network … Read more
Businesses face an ever-growing number of sophisticated cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. To combat these threats, organizations require advanced security solutions that go beyond traditional approaches. One such solution gaining prominence is Extended Detection and Response (XDR). In this article, we will explore the concept of … Read more
In today’s interconnected digital world, the term “botnet” has gained notoriety as a formidable threat to online security. But what exactly is a botnet? In simple terms, a botnet refers to a network of compromised computers, also known as “bots” or “zombies,” controlled by a malicious actor, the botmaster. These networks can consist of thousands … Read more
Threats are everywhere in today’s world. From cyberattacks to natural disasters, organizations and individuals face a wide range of risks that can disrupt operations, cause financial loss, or harm people’s well-being. In order to effectively protect themselves, it is crucial to have a clear understanding of potential threats and develop strategies to mitigate them. This … Read more
Temporal Key Integrity Protocol (TKIP) is a security protocol for WLAN networks that was developed to provide an alternative for WEP, which is considered insecure, as quickly as possible. Like WEP, TKIP is based on the RC4 algorithm for encrypting data and has been considered insecure since 2009. Wireless networks have revolutionized the way we … Read more
WPA stands for Wi-Fi Protected Access and refers to the successor standard to WEP for encryption and authentication in WLANs that was adopted in 2003. WPA was intended to eliminate the known security gaps and vulnerabilities of WEP and provide security in wireless networks again. Like WEP, WPA is no longer considered sufficiently secure today … Read more
The guideline VdS 10000 contains specifications and offers concrete assistance for the implementation of an information security management system, especially for small and medium-sized enterprises (SMEs). It also describes concrete measures that can be used to secure the IT infrastructures of these companies in order to achieve an appropriate level of protection. VdS 10000 replaces … Read more