Talking points about data governance in Internet of Things

Talking points about data governance in Internet of Things

Attached to this post are some presentation slides that I used as starting point for discussion in a seminar about the importance of data governance in the Internet of things. IoT today is really an hot topic and having to deal with data governance and management has implication in security, ethics, business and economic as well. Moreover, in addition to privacy issues, there are also those issues related to the direct security of the devices and their communications. In short, a very vast topic … [Read more]

Business Continuity and Disaster Recovery Plan

Business Continuity and Disaster Recovery Plan

This is a document written for an italian magazine by Emanuele De Lucia (Information Security n°27 @ Edisef Editore) and used for a training course headed by the author.In this paper are covered topics useful to ensure business continuity of our organizations. The common differences between a BCP and a DRP and others topics such as “centers of redundancy” and “high availability infrastructures” are also dealt.The article can be viewed on Information Security Magazine website:  … [Read more]

Conflitti Digitali: Classificazione e Retroscena

Conflitti Digitali: Classificazione e Retroscena

“Conflitti Digitali: Classificazione e Retroscena” is an article written for a seminar to which the author has participated as speaker. The text is very discursive and examines the evolution of a new way of thinking about the offense: the wars in the cyber space and their backstory. For now, the text is available in italian only... Download Now

OpenSSL TLS HeartBeat (HeartBleed) Vulnerability Subnet Scan

OpenSSL TLS HeartBeat (HeartBleed) Vulnerability Subnet Scan

This script allows to test a full /24 subnet for OpenSLL TLS HeartBeat (HeartBleed) Vulnerability. Originally coded by Jared Stafford ([email protected]) to test this weakness on a single host at a time, it has been modified by Emanuele De Lucia to allow the scan of an entire subnet. This modification has been made for work reasons within few hours by the notice of the vulnerability, in order to readily identify the affected services within a very wide range of systems exposed. May be … [Read more]

IPv6 Security Overview

IPv6 Security Overview

The paper considers the new Internet Protocol (IPv6 or IPng) that is about to replace the old IPv4. The arguments come from reading some texts about it, with a point of view to security that is expected. It also quickly shows the possible evolution of today's most common cyber attacks, as well as some technical details about the suite of IPSec protocols, because its security model will be required to be supported by all IPv6 implementations. It's possible to read this document on GoGo6.com … [Read more]

(D)DOS: Practical Approach – Hakin9.org – IT Security Magazine

(D)DOS: Practical Approach - Hakin9.org - IT Security Magazine

Hakin9 IT Security Magazine published an article of mine about a practical approach to (D)DoS attacks. In this paper are showed several offensive practices on how to conduct a DDoS attack, with a strong hand on techniques, tools and code chunks. There are also present screenshots and link references to the authors of the various exploits used (when used), as well as even a simple client-server C SYN Flood program created by me in order to better explain how botnets work... Look it on Hakin9 … [Read more]

(D)DoS: Mitigation Strategies

(D)DoS: Mitigation Strategies

DDoS, or Distributed Denial of Service, is a cyber-attack in which an attacker tries to bring the functioning of a computer system that provides a service, such as a website, to the limit of its performance, generally working on one of the input parameters until it is no longer capable of delivering the service. These attacks are usually carried out by sending many packets of requests against the targeted service, saturating its resources and making the system “unstable,” thereby preventing … [Read more]