Security

Content Security Policy: more security with web content

Websites can be full of security risks, especially when it comes to active content like JavaScript. Cross-site scripting enables cyber criminals to modify this content for their own purposes. This is dangerous for website operators and especially for internet users. The Content Security Policy tries to reduce this risk. Learn what’s behind the security standard and how it works. [...]  

The intrusion detection and intrusion prevention systems at a glance

A stable network is characterised not only by the appropriate hardware structures, but also by a watertight security concept. In addition to back-up solutions and intelligent fail-safe systems, protection against external access attempts is a must. Intrusion detection systems (IDS) and intrusion protection systems (IPS) are an excellent addition to the classic firewall and are therefore a sensible safeguard for many computer networks. [...]  

HPKP: What is behind the public-key pinning extension for HTTP

SSL/TLS certificates play an increasingly important role in the transmission of sensitive data. They guarantee that data packets reach the desired addressee without any detours. Problems only arise when internet users are deliberately redirected by invalid certificates from dubious certification bodies – a scenario that can be prevented using so-called HTTP public key pinning (HPKP). [...]  

Encryption methods: An overview

E-mail, instant messaging, or voice-over IP: If you want to communicate over the internet, you should make sure that the data transfer process can be trusted. The same goes for the World Wide Web. With online banking and digital shopping, money transactions are increasingly being carried out online. Popular encryption methods like DES, AES, or RSA should guarantee the security of passwords, credit card numbers, and other sensitive data. But what do these cryptic abbreviations mean, and how does encryption work on the internet? [...]  

WLAN security: how to make your wireless network into a fortress

When you’re travelling with portable devices, you’ll find public WLAN everywhere, giving you access to the world wide web. Even in residential and work spaces, practical wireless networking is widespread. It’s easy to forget that there’s a risk involved when transferring data using one of these access points. In the following article, we explain the biggest security risks and show you how to make your WLAN more secure. [...]  

IP Spoofing: Simple manipulation of data packets by attackers

Sending data over networks is one of the most important and highest utilised functions of the modern computer era. But the structure of the necessary TCP/IP connections makes it all too easy for criminals to intercept data packets along their way and either view or alter their contents. One of the most common methods of attack is IP spoofing, which allows DoS and DDoS attacks, among other things that cannot be traced back to the attacker. [...]  

ARP Spoofing – flaws in network security

When it comes to network security, administrators focus primarily on attacks from the internet. But often times, the danger lurks in the internal network. If the LAN turns out to be a blind spot in the security IT, then internal attackers have an easy time. A popular method of attack is ARP spoofing. With this, hackers switch undetected between two communication partners in order to intercept, read, or manipulate data traffic. What exactly is ARP spoofing and what types of countermeasures exist? [...]  

Ransomware, adware, etc. – how can you protect yourself?

The internet is a playground for cybercriminals and fraudsters – for many, this is an annoying and frightening reality. The threats from unwanted software range from harmless advertising to trojans, which can paralyse complete computer networks. The forms of malicious software or malware are diverse, the countermeasures often very simple. In our article, you can read about how ransomware, spyware, adware, and scareware differ, and how you can effectively protect your computer. [...]  

SQL Injection: Protect your database system

There are daily reports on how security gaps in applications are exploited – because hardly a day goes by without a new gap being discovered or a known gap being closed. One attack method, which has always been based on exploiting such weak points, is called SQL injection. But what is actually hidden behind the malicious database exploitation and how can you protect your database system from it? [...]  

What is a honeypot?

Businesses use IDSs (intrusion detection systems) and firewalls in order to keep attackers away from sensitive IT systems. These safeguards can be enhanced through so-called honeypots, which bait hackers to isolated network areas where more information on their attack patterns can be collected. Find out more here on how honeypots work and with which programs honeypots can be implemented for both server side and client-side setups. [...]