MIS Redaktion

Neuer Artikel: Informationssicherheit in Versorgungsunternehmen umsetzen: Einige praktische Erfahrungen

Informationssicherheit in Versorgungsunternehmen umsetzen: Einige praktische Erfahrungen by: Stefan Schumacher Versorgungsunternehmen sind als Betreiber kritischer Infrastrukturen vielfältigen Angriffen aus dem Internet ausgesetzt. Sowohl einfache Bürorechner, Abrechnungssystem als auch Industriesteuerungsanlagen werden regelmäßig von verschiedenen Akteuren attackiert. Darunter fallen auch ungezielte automatisierte Massenangriffe. Der Beitrag zeigt, wie Sie Ihre Infrastruktur vor Angriffen schützen können, wie Sie dazu strategisch vorgehen müssen und welche technisch-organisatorische Maßnahmen implementiert werden sollten.

Weiterlesen

Neuer Artikel: Building Your Own Web Application Firewall as a Service: And Forgetting about False Positives

Building Your Own Web Application Firewall as a Service: And Forgetting about False Positives by: Juan Berner When a Web Application Firewall (WAF) is presented as a defensive solution to web application attacks, there is usually a decision to be made: Will the solution be placed inline (and risk affecting users due to outages or latency) or will it be placed out of band (not affecting users but not protecting them either).

Weiterlesen

Neuer Artikel: BitCracker: BitLocker meets GPUs

BitCracker: BitLocker meets GPUs by: Elena Agostini and Massimo Bernaschi BitLocker is a full-disk encryption feature available in recent Windows versions. It is designed to protect data by providing encryption for entire volumes and it makes use of a number of different authentication methods. In this work we present a solution, named BitCracker, to attempt the decryption, by means of a dictionary attack, of memory units encrypted by BitLocker with a user supplied password.

Weiterlesen

Neuer Artikel: Drones, the New Threat from the Sky

Drones, the New Threat from the Sky by: Dominique C. Brack This paper is about drones. Drone risks and countermeasures. Drones have become an inherent risk not just for critical infrastructure but also public events (sports, concerts) and privacy. I wrote about the exclusive risk catalogue I have developed for a small highly secialised startup called DroneGuard.

Weiterlesen

Neuer Artikel: Defense Informs Offense Improves Defense: How to Compromise an Industrial Control Systems Network – and How to Defend it

Defense Informs Offense Improves Defense: How to Compromise an Industrial Control Systems Network – and How to Defend it by: Joseph Slowik ICS attacks have an aura of sophistication, high barriers to entry, and significant investment in time and resources. When looking at the situation from a defender's perspective, nothing could be further from the truth.

Weiterlesen