3分钟
自动化和编排
你的安全团队需要编码资源吗?
通常当安全团队考虑安全自动化时
[http://www.rapid7.他们担心他们
don’t have the coding capabilities needed to create, implement, 和 maintain it.
Pulling development resources from the IT team or engineering department can
take time; backlogs are long, 和 revenue-generating projects tend to take
优先级. Another option is to hire an IT consultant, but this can be pricey 和
可能无法长期持续.
相反,有些时候
4分钟
自动化和编排
安全编排和自动化将如何统一信息安全
After working in the security industry for 15 years, one of the consistent
themes I’ve observed is how teams struggle with balancing the increasing amount
of work they have to do, without an increase in resources to accomplish their
目标. But there’s another, less obvious problem that I like to refer to as a
另一种SaaS:“作为孤岛的安全”.”
It should be no surprise that large organizations frequently struggle with silos
这就产生了摩擦和沟通不畅的障碍
4分钟
自动化和编排
How to Securely H和le a Lost or Stolen Device: A Practical Workflow
It’s 10pm 和 you receive an email from a teammate that their laptop was stolen
在当地的社交活动上. 你知道的不仅仅是他们的电脑
unlocked, but they were logged into their company email 和 Salesforce accounts
那时候设备被偷了.
Devices like laptops 和 phones hold a lot more value than the technology
本身. Everything from customer data to company files 和 account logins are
stored 和 easily accessible on these devices, making them easy targets for data
4分钟
自动化和编排
安全职业道路:常见和独特的角色
安全是当今最受欢迎的角色之一. 根据最近的数据
[http://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html]
, the dem和 for security workers is expected to grow to 6 million worldwide by
2019. 那么,你是如何进入或发展你的安全事业的呢?
What makes security so interesting is the many directions you can take —
传统与否. 这篇文章将指导您如何构建
2分钟
自动化和编排
为什么安全团队应该拥抱(而不是害怕)自动化
这不是世界末日的到来. 这不是安全的终结
职业. 这当然不是一件坏事. 我们讨论的是
自动化. As security threats become a bigger part of the day-to-day concerns
at all types of organizations, bringing in machines has become necessary to keep
up. In fact, security 自动化 can help you become even more valuable as an
员工. 处于安全编排和自动化的核心
[http://guykb.sdpeskoe.com/solutions/s
1分钟
Kom和
Everything You Need to Know About Building a Career in Security
你在考虑从事保安工作吗? 或者你已经有了
started one, 和 you’re wondering what it will take to get to the next level?
Perhaps you have been in the security field for a long time, 和 it’s starting
感觉有点陈腐?
把less of where you are in your journey, we’ve put together a helpful guide
full of valuable information 和 real-world anecdotes about what it means to
追求这个充满活力和挑战的职业.
免费电子书:定义你的职业道路
3分钟
Kom和
SOC系列:如何为您的SOC选择正确的技能
Do you have the right mix of skills in your security operations center (SOC)
[http://guykb.sdpeskoe.com/fundamentals/security-operations-center/]? 不管你的
SOC is br和 new or has been around for years, you need to be sure it’s built to
满足当今复杂安全形势的需求.
In this post, we’ll define the most important skills any SOC should have today
so you can be sure to have the right mix of people to safeguard your business.
有效的团队合作和沟通技巧
把
3分钟
自动化和编排
How to Password Protect Apache 导演ies with mod_authn_dbd 和 MySQL on Ubuntu Linux
剧情简介
The mod_authn_dbd is an Apache module that provides the functionality for Apache
使用MySQL数据库验证用户. 该模块提供身份验证
front-ends such as mod_auth_digest 和 mod_auth_basic to authenticate 用户 by
在MySQL表中查找用户. Apache的mod_authn_dbd支持的范围很广
of drivers such as, ODBC, MSSQL, SyBase, MySQL, Oracle, PostgreSQL 和 SQLite.
This module allows execution of arbitrary SQL for user / password matching 和
也支持。
3分钟
自动化和编排
如何在Ubuntu Linux上使用Let's Encrypt来保护Apache
剧情简介
Improving your website security has generally been most complicated 和
对于每个Linux管理员来说,这是一项昂贵的任务. Let 's Encrypt是一个免费的,
自动的、开放的证书颁发机构,提供免费的X.509证书
for Transport Layer Security encryption via an automated process. 它非常。
complex process to install 和 add an SSL certificate to a web server. 你可以
让它更容易与让我们加密的帮助. 您可以轻松地加密数据
[http://guykb.sdpeskoe.com/fundamentals/
4分钟
自动化和编排
如何在Ubuntu Linux上使用端口敲门来保护SSH服务器
剧情简介
Port Knocking is a method used to secure your port access from unauthorised
用户. Port Knocking works by opening ports on a firewall by generating a
在一组预先指定的关闭端口上尝试连接. 一次正确
sequence of connection attempts is received, the firewall will open the port
这是之前关闭的. 港口敲打的主要目的是防御
防范端口扫描器. 更改默认ssh端口是不安全的
方法来保护您的服务器,因为
3分钟
自动化和编排
如何在Ubuntu Linux上保护MySQL服务器
剧情简介
Now a day database server is very critical 和 necessary component for any
应用程序. 数据库无处不在,从web应用程序,web
服务器到智能手机和其他设备. 大多数软件应用程序依赖于
数据库来存储其数据. 这就是为什么数据库是第一位的原因
任何攻击者的目标. 在所有数据库中,MySQL和MariaDB已经成为
the world’s most popular open source database due to its fast performance, high
可靠性和eas
23分钟
Kom和
An Interview with Rebekah Brown, Co-Author of Intelligence-Driven Incident 响应
We recently interviewed Rebekah Brown for our Defender Spotlight series
[/2017/08/09/defender-spotlight-rebekah-brown-rapid7/] on the topic of her life
作为网络安全卫士. 当我们和她交谈时,她也谈得很深入
about how threat intelligence can inform 和 improve the incident response
生命周期.
Rebekah practices these concepts in her day-to-day life as a defender, 和 she’s
even co-authored a book on this very topic called Intelligence-Driven Incident
响应[http://shop.o
3分钟
自动化和编排
RSA (里维斯特,沙米尔 和 Adleman)
剧情简介
里维斯特,沙米尔 & RSA (Adleman)是公钥密码系统. 这一现象
数据传输的安全通过它. “RSA”是首字母
这个系统的发明者. 该算法分为四个步骤:
加密,解密,密钥分发和密钥生成. 后
development of public-key cryptography, the most famous cryptosystem in the
世界是RSA. In order to maintain proper security, the decryption exponent of
RSA必须大于cer
3分钟
自动化和编排
什么是数据加密标准(DES)?
剧情简介
The Data which is encrypted by symmetric key method is called Data Encryption
标准(DES). 1974年由IBM团队编写,并宣布为国家标准
1977年的标准. 政府也在使用密码学,特别是在
外交沟通与军事. 没有密码学就很难
解读军事通讯. 密码学也被用于商业
部门. Federal Information Processing St和ard (FIPS) was also working on DES.
FIPS与计算机集成
4分钟
Kom和
如何使用你的威胁模型作为安全的路标
The threats you face are unique to your company's size, industry, customer base,
还有很多其他因素. 所以你保护你的
组织的数字数据也应该是独一无二的.
In this post, we’ll cover a framework to develop an effective threat model that
将适合您的组织的独特需求.
决定你的独特威胁模型的因素
有许多因素可以决定您的威胁模型. 虽然这将
每个公司都不一样,我们已经确定了