arrow-left2arrow-right2Vector Smart Object7Vector Smart Object2Vector Smart Object111Vector Smart Object1snapchat

Internetwork Engineering Blog

IE and industry related news, articles, announcements, and more.

What’s a Whitelist and Why Do You Need One?

[fa icon="calendar'] July 17, 2018 - Written by Richard Babb
Posted in Intelligent Infrastructure, Security


With the internet, in all its glory, playing host to over 1.8 billion websites that can be accessed by virtually anyone in the world, it stands to reason that businesses may not want users accessing some of these websites due to security threats, inappropriateness, or other factors while on their network. How can businesses control what websites their users gain access to? Typically, most organizations have utilized a blacklist, which identifies websites that users are not allowed to access. This method is not very restrictive and can be problematic in that it allows access to everything, and I do mean EVERYTHING, that is not on the blacklist. A whitelist, as you might guess, is the exact opposite of a blacklist, and only grants access to websites explicitly identified on the list. If the site isn’t on the list, then the user isn’t granted access to it. The concept of a whitelist has been around for many years in website filtering but has seldom been implemented. It can also be problematic because, given the breadth and depth of the internet, only a fraction of the available websites would be allowed.

Read More

In an era of intensified cybercrime, organizations can improve business outcomes with advanced malware protection

[fa icon="calendar'] July 9, 2018 - Written by Internetwork Engineering
Posted in Security

 

Read More

Advances In Cybercrime Demand Greater Protection: A look at retrospective security versus point-in-time solutions

[fa icon="calendar'] June 28, 2018 - Written by Internetwork Engineering
Posted in Security


With cybercrime predicted to reach $6 trillion annually by 2021 and to be more profitable—and therefore, more attractive to criminal organizations—than the global combined trade of all major illegal drugs, businesses can no longer rely on traditional network security tools and expect to achieve protection.[1] 

Read More

Time Flies Like An Arrow; Fruit Flies Like Apple

[fa icon="calendar'] April 26, 2018 - Written by Derrick Whisel
Posted in Security

InfraGard recently put out a Flash Alert for a piece of malware called Fruit Fly. I sat through this briefing during last year’s Black Hat/DefCon conference and this malware is unique because it can live in an environment for months, if not years, undetected. There are no ransomware screens alerting the user that they’ve been infected or the ominous blue screen of death. It was first discovered in January of 2017 by Thomas Reed who works for Malwarebytes, who’s also a top Mac OS security researcher and conducted the initial analysis, but since then other variants been identified, dissected, and monitored.

Read More

Did MyFitnessPal Just Have a MAC Attack?

[fa icon="calendar'] April 12, 2018 - Written by Derrick Whisel
Posted in Security

On March 25th, Under Armour was made aware that they had an unauthorized party gain access and acquire data associated with 150 million MyFitnessPal user accounts. The information they could’ve gathered includes, but is not limited to, usernames, email addresses, and hashed passwords. What are hashed passwords? Hashed passwords, from a high level, happen when passwords are ran through a mathematical function to create an encrypted version and a message authentication code (MAC) of a plaintext password. In MyFitnessPal’s case, they used a bcrypt hashing function, the same type that was used by formerly hacked Ashley Madison. After the Ashley Madison hack, the entire database and all password hashes were made available to the hackers of the world and now they have the password hashes of MyFitnessPal too.

 

What does this mean for those of you that have an account on MyFitnessPal? 

Read More