Session cookies are often seen as one of the biggest problems for security and privacy with HTTP, yet often times, it's necessary to utilize it to maintain state in modern web applications. By default, it is insecure and vulnerable to be intercepted by an authorized party. Cookies typically store session identifiers that may offer full access to an account, therefore if a cookie is intercepted, … [Read more...]
How to Setup HTTP Strict Transport Security (HSTS) on IIS
HTTP Strict-Transport-Security (HSTS) response header is used to tell browsers that the particular website should only be accessed solely over HTTPS. This is a powerful feature that is easy to implement to mitigate the risks for the communication to be intercepted by hackers and keep your website visitors safe. Enabling HTTP Strict Transport Security on IIS See the steps below to enable HSTS on … [Read more...]
How to Enable TLS 1.2 as the Default Security Protocol on Windows Servers
Transport Layer Security (TLS) are cryptographic protocols designed to provide communications security over a computer network, typically between a website and a browser. TLS 1.0 and its deprecated predecessor, SSL are vulnerable to some well-known security issues such as POODLE and BEAST attacks. According to NIST, these vulnerabilities cannot be fixed or patched, therefore all companies, … [Read more...]
How to Create Key Pair Using Kleopatra (GnuPG)
If you need to find a free solution to encrypt file or email, Gpg4win (GNU Privacy Guard for Windows) may be more than enough encryption than what you need. It is a free software and pretty straightforward to install. Before you can use it though, you need to create a key pair first and this may be confusing to beginners. Here are the steps to generate a key pair in GPG4Win Kleopatra: Launch … [Read more...]
Live Cyber Attacks Map
A live cyber attacks map from various companies may give you a different outlook on Internet security. Fire Eye Cyber Threat Map No longer available The explanation from Norse Security's website: "Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows … [Read more...]