Author Archives: Richard M. Robinson

IPv6 security manual for pentesting

IPv6 is the new Internet protocol that makes every device, telephone and computer on the Internet accessible. The old Internet protocol, IPv4, has long since had no new addresses and requires more and more art and aerial work to keep equipment on the Internet accessible. The switch from IPv4 to IPv6 is a considerable investment for the service providers: it requires a lot of knowledge and can only be implemented step by step. As a result, the subject easily disappears from the agenda. The shortage of IPv4 addresses is increasingly leading to stability problems on the internet and, in connection with this, to problems for security and privacy. In order to continue to facilitate the growth of the internet, service providers must switch to IPv6.

If you would like to check whether your website and mail servers support IPv6 correctly and also use other standards that are essential for the stability and security of the Internet.

Together with several IT security companies (Fox-IT, ITsec, Madison-Gurkha, Pine Digital Security, Riscure) TNO has recently drawn up a white paper in the field of IPv6 security. This white paper aims to provide a manual from the perspective of penetration testers in order to perform future tests better and/or more efficiently.

Safer computer networks through IPV6 testing methodology

More and more communication between computer systems takes place by means of the new Internet Protocol, IPv6. However, an increase in use also involves an increase in the risk of cyber attacks. TNO considers it important to contribute to reducing these risks.

In collaboration with Fox-IT, ITsec, Madison-Gurkha, Pine Digital Security and Riscure, a manual has been drawn up that allows security researchers to analyse IPv6 computer networks. In this manual, the most common problems are explained and provided with the information to test for their presence and information about possible countermeasures. The realisation of this has been supported by a subsidy from the Ministry of Economic Affairs, which stimulates innovation within an SME sector.

IPV6

The rise of IPv6 continues steadily, and more and more new equipment supports this protocol. If an organization chooses to have its computer systems communicate on the basis of IPv6, there are choices that need to be made: for example, about the way in which systems get the right settings, and the settings of security products such as firewalls. This is comparable to the IPv4 protocol, but often just a bit different. Where IPv4 has been used for decades, the awareness of the measures to be taken is generally much higher.

PENTESTING

One way to test the security level is based on a so-called ‘penetration test’ or ‘pen test’. From the perspective of an attacker, an attempt is made to break into or damage a computer network. However, a concrete manual based on which an IPv6 environment can be tested was not (publicly) available. The result of this research has changed this, and future tests can be performed better and/or more efficiently. This ultimately reduces the damage caused by future cyber attacks.

7 Simple Steps and Plugins to Increase the Security of Your WordPress Web Site

In this article we are going to touch important points when it comes to give security and maintenance to your website built with WordPress.

We have already written in this blog about Basic WordPress Security Tips.

If you want to know the difference between WordPress.org and WordPress.com go in and read these articles.

 

WordPress.com vs WordPress.org – Which is the best? and What is Needed to Install the WordPress.ORG Platform?

 

If you are already building your business with WordPress and its wide variety of plugins (Enter and read our recommendation of the Best WordPress Plugins) then this article will serve as a guide of what you need to do to give technical support to your WordPress or find help from experts who can help you with your WordPress needs.

You’ve spent hours and hours searching for information on Google and only find posts in forums that have no answers to your problems and most of this information is in English and may not be your native language.

There is a problem with so much information about WordPress that you have to spend hours looking for the solution to your problem and many times (if the problem is not so popular) the answer is not found.

Then the next solution is going to be to find someone you know who is an expert in WordPress or hire a developer.

This can take days or weeks to find a reliable person to take care of your WordPress website.

Difference between Platform and Application

My first article is dedicated to clarifying the differences between platform and application. As I’ve been gathering information and researching about software as a service, I’ve been raising questions about what the companies promoting the idea or trend and those who point to the cart and add terminology, label the software as a service and the platform as a service.

 

For example, Salesforce is an on-demand CRM, and in many articles or blogs, salesforce is mentioned as the most used on-demand platform in the world. But isn’t salesforce a CRM? and therefore, isn’t salesforce an application and can it be considered software as a service? If we want to mess up the situation a bit more, it turns out that Salesforce has just launched the force.com platform that allows Salesforce users to use other applications developed by third parties, either service companies or independent developers (although salesforce has actually been offering operational applications other than its CRM since 2006). Therefore and always under my personal opinion:

What is a Platform?

It is all hardware and/or software support that the applications use in and for their execution.

What kind of platforms can we have?

Computing. It is one or more machines with operating system that offer processing for the execution of applications.

Storage. These platforms are usually used by applications in their execution and there can be two types of related storage (Database) or unrelated (Disk for file storage).

Execution of applications. They are necessary platforms for the execution of one or several applications.

Of course, we can have the combination of some or all and generally is what usually happens. A clear example is the platforms resulting from the known and used MVC model where we have platforms for computing, storage and execution of applications to support the architecture.

What is an Application?

An application is a type of computer program designed to facilitate the user the accomplishment of a certain type of work. And in our case, in addition the applications use the platforms in and for their execution.

Once the terms and concepts have been defined, we put our feet on the ground and I wonder: Is the word platform really used to refer to a single, or the combination of several or all at once? Well, at least I don’t and I’m referring to the platform for the most outstanding service it offers me. For example: When we talk about databases we can refer to a storage platform although in reality we know that behind we have a computing platform or when we talk about an application server, we can refer to a platform for the execution of applications when in reality we know that behind we have a computing and storage platform.

But I am sure that even so we will have problems to classify applications and platforms depending on the service they offer and we will see, learn and correct as we go into the world of applications and platforms as a service.

 

Big data, the key to the new digital gold

We live in a sea of data. Internet, mobile devices, social networks… Throughout the day each one of us generates a lot of information, so much so that our mobile device is able to predict exactly what we are going to do tomorrow or if last year around this time we were looking for a gift for our partner who is now on sale in this store or the other. We leave record of virtually everything we do. This new environment even allows us to interact with brands, offering with each interaction useful information about what as a customer I want and expect.

This situation to which we are very accustomed can become the key in the commercial strategy of any company: “To know the behavior of the client or the market”.

Aware of the infinite possibilities that this data offers from a commercial and business point of view, the most advanced companies have made great investments in what is commonly known as Big Data. We could say that it is something that everyone talks about but whose unlimited possibilities not everyone knows.

It is frequent that Big Data is associated with technology as if it were one more computer tool whose management and responsibility falls exclusively on the CIOs. In fact, until now the CIO and the CMO worked absolutely independently, but the digital revolution has changed everything. A new paradigm is emerging in which technology and business will have to work hand in hand collecting and deciphering large volumes of data that allow intelligent decisions to be made.

When both departments work aligned, the technology will offer the necessary tools to the business department; thus, through a thorough knowledge of the client, commercial policies will be defined that translate into higher sales and better margins.

The paradigm shift is so great that even companies are demanding new professional profiles that do not exist in the market.

With this unique approach in the market that combines technology and business, Unir Advanced Studies has designed its advanced Big Data for Leaders program. Under a methodology that adjusts to the demanding agenda of professionals and managers combining live online sessions with face-to-face networking sessions, it offers the possibility of knowing how large companies understand this new paradigm.

3 applications that strengthen parent-teacher communication

Phone calls, e-mails, and parent-teacher conferences are some of the most common ways to connect with teachers, but not necessarily the most convenient. Both you and the teachers may be too busy during the day to call and send emails. Sometimes, it can also be hard to try to talk to the teacher when you’re dropping off or picking up your child at school. You’ll ask your child about his or her school day, but he or she may not give you many details either. For those reasons, you’ll have to find better ways to connect to what’s going on in class.

Your child’s teacher may choose to communicate through one of the following parent-teacher communication applications. That way you can easily receive notifications and keep up with what’s going on in the classroom every day.

ClassDojo

This free application is perfect for younger students since teachers can use it to reward students’ abilities by assigning points according to their effort and daily work. The use of this application also allows children to share their achievements and daily work through picture messages. The teacher can also share photos, videos and advertisements in Class Story or send you private messages. As a parent, you can easily join the class using your cell phone, tablet, or computer. Importantly, ClassDojo automatically translates messages into more than 30 languages so you can communicate even if you don’t speak English.

Remind

Remind offers a free way to send instant text messages between parents and teachers from a cell phone. Teachers can send reminders, homework assignments, or other messages directly to parents. These messages can include documents, photos, and also video. Also, in Remind, none of the other parents will be able to see your phone number, so you can maintain a certain level of privacy. Another advantage is that the teacher can add automatic notifications so that all parents are informed when she’s out of the classroom. With Remind, you’ll also be able to communicate even if you don’t speak English, since messages can be translated into more than 70 languages.

Edmode

Edmodo is a safe and easy way for teachers and parents to communicate for free. Among many other functions, teachers can create accounts for each student, quickly create groups, assign assignments, tests, and manage each student’s progress. The teacher can also send out weekly newsletters or communicate directly with parents when needed. The teacher can also share assignments, announcements and important dates, events and reminders. That way you’ll always be up to date. Edmodo can be translated into 19 different languages, including Spanish.