From real-time tracking to crew and operational management, enabling the benefits of always-on connectivity and on-board ICT is no easy task for a marine fleet operating in geographies around the world. Svitzer wanted to enable a new era of modern digital operations and standardised ship-to-shore communications for all its vessels; managing the entire distributed global fleet network from one central location.
With the rapid growth of mobile devices, cloud-based applications, credit card purchases, and the Internet of Things in the distributed enterprise, maintaining network security is more difficult — and more important — than ever before. Data breaches come in all shapes and sizes, and with increasing prevalence. To help protect customers and companies, let’s review and discuss some of the best practices for mitigating network security risks.
Last week the OpenSSL project released an advisory that describes a new SSL vulnerability. Now commonly known as “POODLE” ("Padding Oracle On Downgraded Legacy Encryption"), this vulnerability is less dangerous that its predecessor, the Heartbleed bug—primarily because of the conditions needed to exploit it (see below).
POODLE is essentially an attack on the SSLv3 protocol. It was discovered in September (and published on October 14) by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz.
A few weeks ago I had a chance to attend the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. (PCI is shorthand for the Payment Card Industry Data Security Standard, a guideline to help organizations that process, store or transmit card payments.) Two highlights for me were presentations by the PCI’s new general manager Stephen W. Orfei, and another by Adm.
As with most professions these days, information security specialists need to continually strike a balance between focusing on the issues most relevant to their jobs—while keeping at least an eye on what’s going on everywhere else. One of the more efficient ways to do this is to attend conferences, which help you learn a lot about a lot of things—in a short amount of time.
As the old saying goes, when you’re being chased by a bear, you don’t have to run faster than the bear. You just have to run faster than the people you’re with. The same is true when it comes to data security.
Post Heartbleed, those of us involved in network security could take a lesson from the CDC. One of the biggest barriers to stopping the repeated threats of an Avian Flu pandemic is the resistance on the part of many nations to share information when the flu takes hold in their country. We saw this in May 2013 when China refused to release English-language versions of relevant statistics and facts about an outbreak in their country of a new bird flu called H7N9.
I talked last week about how the Heartbleed bug was unique in how long it went undiscovered, how many things it affected, and how hard it was to tell if anyone had used it to access data. Today I’d like to talk about what CradlePoint did to reestablish protections for our customers.
Now that the dust has settled in the aftermath of the Heartbleed bug, I thought it might be useful to summarize some of the things CradlePoint learned and did that will help us better protect our clients in the future. Let me be clear that CradlePoint acted swiftly to resolve the issues created by Heartbleed as soon as the vulnerability was discovered. I’ll talk about the remediation steps we took in my next post.
On Thursday, Dec. 19, 2013, Target revealed that data from 40 million of its customers’ credit and debit card accounts had been accessed by hackers. I’d like to discuss how and why this happened. But before I do, I want to make it clear that I’m not singling out Target as having done anything wrong. I’m using what happened to them simply to illustrate the kind of situation many companies are facing—even those with very good security systems and personnel.