A security minded guy forced to buy a Wifi enabled cleaning robot

First I want to tell you all that I wanted a vacuum cleaning robot without Internet connection, but I couldn’t find one which fulfilled the requirements. At first I thought the DEEBOT M81 from ECOVACS would be such a device (vacuum and mop combo and possible to carry between rooms as it works randomly), but […]

from A security minded guy forced to buy a Wifi enabled cleaning robot

WannaCry happened and nobody called me during my vacation – I tell you why

I was since last Wednesday on a biking biking trip through Austria and Bavaria, when on Friday reading main stream media the world broke down with WannaCry. Ok, I thought sensationalism by the main media but now as I’m at home, I cannot believe what I read in tech blogs and the IT media. I […]

from WannaCry happened and nobody called me during my vacation – I tell you why

Mitigating application layer (HTTP(S)) DDOS attacks

DDOS attacks seem to be new norm on the Internet. Years before only big websites and web applications got attacked but nowadays also rather small and medium companies or institutions get attacked. This makes it necessary for administrators of smaller sites to plan for the time they get attacked. This blog post shows you what […]

from Mitigating application layer (HTTP(S)) DDOS attacks

Implementing IoT securely in your company – Part 3

This is Part 3 of the series implementing IoT securely in your company, click here for part 1 and here for part 2. As it is quite common that new IoT devices are ordered and also maintained by the appropriate department and not by the IT department, it is important that there is a policy […]

from Implementing IoT securely in your company – Part 3

Implementing IoT securely in your company – Part 2

After Part 1 which focused on setting up your network for IoT this post focus on making sure that the devices are the right ones and that they work in your network. The first can be accomplished by asking basic security questions and talking only with the more secure vendors further.  In my experience that […]

from Implementing IoT securely in your company – Part 2

Implementing IoT securely in your company – Part 1

The last articles in this blog about IoT (often called Internet of Targets 😉 ) where about a specific cam or about IoT at home. This article series will be different, it will focus on the IoT in companies. Part one will talk about what you need to in order to prepare your network for […]

from Implementing IoT securely in your company – Part 1

248 days uptime is bad for a Mikrotik running RouterOS below 6.34

I’ve some info for you, if you’re running Mikrotik RouterOS in a version below 6.34rc45 and are using a tunnel (like IPIP over IPsec). If you don’t boot the router for about 248 days, your router will get inaccessible. This is specially bad if your routers are in remote locations and you’ve got multiple routers […]

from 248 days uptime is bad for a Mikrotik running RouterOS below 6.34

Howto live-sniffer traffic on a remote Linux system with Wireshark

You ask why you should need this at all? Easy, sometimes a tcpdump is not enough or not that easy to use: You want to check the TTL/hop count of BGP packets before activating TTL security You want to look at encrypted SNMPv3 packets (Wireshark is able to decrypt it, if provided the password) You […]

from Howto live-sniffer traffic on a remote Linux system with Wireshark

Howto protect BGP router against DOS and injection attacks

It is good practice to configure an individual MD5 password for each BGP peer, but this is not enough. Why? Resource consumption attacks against TCP connections protected with MD5 as the router must verify the MD5 signature of packets it receives Many routers are based on Linux as there base operating system and there is […]

from Howto protect BGP router against DOS and injection attacks