Keyloggers: how do they work and how do you protect yourself from them?

Keyloggers are programs or devices that get access to your credentials by recording your keystrokes. Keyloggers hide in operating system software and leak data. Some keylogger hardware is even more sophisticated, since it can document your keyboard behaviour or tap directly into the data stream. Learn how keyloggers work and which variants are available in our guide. We also give you tips on how...

iTAN, mTAN, chipTAN? An overview of all TAN procedures

Security in online banking has always been a cornerstone of the industry – TAN procedures like chipTAN are what make it possible. However, there are also many other variants of this two-factor authentication system that can be used to protect your banking transactions. As they say, a chain is only as strong as its weakest link – and in this case, it’s the user. Find out which TAN procedures are...

SAML: the XML framework for SSO at a glance

Simplifying log-in processes makes websites more user friendly, and also helps to increase the security of user data. One of the most popular solutions for implementing authentication processes is SAML (security assertion mark-up language). Through a variety of components such as special protocols and message formats, this XML-based framework helps to implement internal and cross-company log-on...

What are rainbow tables?

Rainbow tables: they may sound innocent, but they’re actually a strong attack method for cybercriminals. Using rainbow tables, you can find out specific passwords in just a few seconds. To protect yourself and your users from such attacks, you should understand how the tables function. We explain rainbow tables using an example.

Password manager – a glance at the best tools

Would you give your account number to a stranger? Most probably not. But millions of internet users may as well be giving away their personal data (and money!) when using passwords that hackers can crack in a matter of seconds. Password managers provide methods for creating and managing truly secure passwords.

Using cloud services securely

In the digital age, we are increasingly resorting to cloud services: At work, people collaborate on projects together in the cloud, and in their free time, they share photos from their last vacation. At the same time, cloud storage is by no means free from security risks. The multi-cloud environments of larger companies, in particular, are becoming a challenge for cloud security. Here, we will...

Content Security Policy: more security with web content

Websites can be full of security risks, especially when it comes to active content like JavaScript. Cross-site scripting enables cyber criminals to modify this content for their own purposes. This is dangerous for website operators and especially for internet users. The Content Security Policy tries to reduce this risk. Learn what’s behind the security standard and how it works.

The intrusion detection and intrusion prevention systems at a glance

A stable network is characterised not only by the appropriate hardware structures, but also by a watertight security concept. In addition to back-up solutions and intelligent fail-safe systems, protection against external access attempts is a must. Intrusion detection systems (IDS) and intrusion protection systems (IPS) are an excellent addition to the classic firewall and are therefore a sensible...

HPKP: What is behind the public-key pinning extension for HTTP

SSL/TLS certificates play an increasingly important role in the transmission of sensitive data. They guarantee that data packets reach the desired addressee without any detours. Problems only arise when internet users are deliberately redirected by invalid certificates from dubious certification bodies – a scenario that can be prevented using so-called HTTP public key pinning (HPKP).

Encryption methods: An overview

E-mail, instant messaging, or voice-over IP: If you want to communicate over the internet, you should make sure that the data transfer process can be trusted. The same goes for the World Wide Web. With online banking and digital shopping, money transactions are increasingly being carried out online. Popular encryption methods like DES, AES, or RSA should guarantee the security of passwords, credit...