Revolvy Trivia Quizzes Revolvy Lists Revolvy Topics

Mobile secure gateway

Mobile secure gateway (MSG) is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security.

MSG is typically composed of two components - Client library and Gateway. The client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS. This represents a secured channel used for communication between the mobile application and hosts. Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network.

Client library

The Client library is linked with the corresponding mobile application, and that provides secure access via the Gateway to the set of Hosts. The Client library exposes public API to the mobile application, mimicking platform default HTTP client library. The application uses this API to communicate with the desired hosts in a secure way.

Gateway

Gateway is a server or daemon typically installed onto physical or virtual appliance placed into DMZ. Gateway public interface is exposed to the Internet (or other untrusted network) and accepts TCP/IP connections from mobile applications. It operates on IPv4 and/or IPv6 networks. Incoming client connections typically use SSL/TLS to provide security for the network communication and a mutual trust of communicating peers. Communication protocol is typically based on HTTP.[1]

Host

Gateway forwards requests from connected apps to a collection of configured hosts. These are typically HTTP or HTTPS servers or services within an internal network. The response from a host is sent back to the respective mobile app.

References
  1. "Mobile Security". www.peerlyst.com. Retrieved 6 May 2016.
External links

Continue Reading...
Content from Wikipedia Licensed under CC-BY-SA.

Mobile secure gateway

topic

Mobile secure gateway ( MSG ) is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security . MSG is typically composed of two components - Client library and Gateway. The client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS . This represents a secured channel used for communication between the mobile application and hosts. Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network. Client library The Client library is linked with the corresponding mobile application , and that provides secure access via the Gateway to the set of Hosts. The Client library exposes public API to the mobile application, mimicking platfo ...more...



3-D Secure

topic

3-D Secure is an XML -based protocol designed to be an additional security layer for online credit and debit card transactions. It was originally developed by Arcot Systems (now CA Technologies ) and first deployed by Visa with the intention of improving the security of Internet payments and is offered to customers under the name Verified by Visa . Services based on the protocol have also been adopted by MasterCard as MasterCard SecureCode , and by JCB International as J/Secure . American Express added 3-D Secure on November 8, 2010, as American Express SafeKey , in select markets and continues to launch additional markets. Analysis of the protocol by academia has shown it to have many security issues that affect the consumer, including greater surface area for phishing and a shift of liability in the case of fraudulent payments. 3-D Secure adds an authentication step for online payments. Description and basic aspects The basic concept of the protocol is to tie the financial authorization process with an on ...more...



Payment gateway

topic

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses , online retailers , bricks and clicks , or traditional brick and mortar . The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider . A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank . Typical transaction processes When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction. A customer places an order on website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service. If the ord ...more...



Mobile device management

topic

Mobile device management ( MDM ) is an industry term for the administration of mobile devices , such as smartphones , tablet computers , laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices. Overview MDM is a way to ensure employees stay productive and do not breach corporate policies. Many organizations control activities of their employees using MDM products/services. MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories. MDM implementations may be either on-premises or cloud-based. MDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones , smartphones, tablet computers, ruggedized mobile computers, mobile printers, ...more...



Multi-factor authentication

topic

Multi-factor authentication ( MFA ) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). Two-factor authentication (also known as 2FA ) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication. A good example from everyday life is the withdrawing of money from a ATM ; only the correct combination of a bank card (something that the user possesses) and a PIN ( personal identification number , something that the user knows) allows the transaction to be carried out. Authentication factors The use of multiple authentication factors to prove one's identity is based on the premise that an unauthorized actor is unlikely to be a ...more...



Security-focused operating system

topic

This is a list of operating systems with a sharp security focus. Here, "security-focused" means that the project is devoted to increasing the security as a major goal. As such, something may be secure without being "security-focused." For example, almost all of the operating systems mentioned here are faced with security bug fixes in their lifetime; however, they all strive consistently to approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment. Security-focused does not mean security-evaluated operating system , which refers to operating systems that have achieved certification from an external security-auditing organization. An operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements is called a " trusted operating system ". The list is alphabetical and does not imply a ranking. Linux The Linux kernel provides among other security feature ...more...



GSM

topic

The GSM logo is used to identify compatible devices and equipment. The dots symbolize three clients in the home network and one roaming client. GSM ( Global System for Mobile Communications , originally Groupe Spécial Mobile ) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation digital cellular networks used by mobile devices such as tablets , first deployed in Finland in December 1991. As of 2014, it has become the global standard for mobile communications – with over 90% market share, operating in over 219 countries and territories. 2G networks developed as a replacement for first generation ( 1G ) analog cellular networks, and the GSM standard originally described as a digital, circuit-switched network optimized for full duplex voice telephony . This expanded over time to include data communications, first by circuit-switched transport, then by packet data transport via GPRS (General Packet Radio Services) and EDGE (Enhanced ...more...



Secure coding

topic

Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment. Buffer Overflow Prevention Buffer overflows , a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overflow ...more...



Mobile security

topic

Mobile security , or more specifically mobile device security , has become increasingly important in mobile computing . Of particular concern is the security of personal and business information now stored on smartphones . More and more users and businesses use smartphones to communicate, but also to plan and organize their users' work and also private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks . Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), wifi , Bluetooth and GSM , the de facto g ...more...



Social engineering (security)

topic

OPSEC alert Social engineering , in the context of information security , refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught-on among computer and information security professionals. Information security culture Employee behavior can have a big impact on information security in organizations. Cultural concepts can help different segments of the organization work effectively or work against effectiveness towards information security within an organization. "Exploring the Relationship between Organizational Culture and Information Security Culture" provides the following definition of information security cu ...more...



Email encryption

topic

Email encryption is encryption of email messages to protect the content from being read by other entities than the intended recipients. Email encryption may also include authentication . Email is prone to disclosure of information. Most emails are currently transmitted in the clear (not encrypted) form. By means of some available tools, persons other than the designated recipients can read the email contents. Email encryption has been used by journalists and regular users to protect privacy. Email encryption can rely on public-key cryptography , in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send. Encryption protocols Protocols for email encryption include: Bitmessage Pretty Good Privacy (PGP, commercial) OpenPGP , an open standard for PGP encryption GNU Privacy Guard (GPG, free) S/MIME TLS Mail sessions encryption The STARTTLS SMTP extension i ...more...



SQL injection

topic

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. In a 2012 study, it was observed that the average web application received 4 attack campaigns per mo ...more...



Firewall (computing)

topic

In computing , a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet . Firewalls are often categorized as either network firewalls or host-based firewalls . Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines. History The term " firewall " originally referred to a wall intended to confine a fire within a building. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. The term was applied in the late 1980s to network technology that emerged when the Internet was fairly new in terms of its global use and connectivity. The predecessors to firewalls for netw ...more...



Network switching subsystem

topic

Network switching subsystem ( NSS ) (or GSM core network ) is the component of a GSM system that carries out call switching and mobility management functions for mobile phones roaming on the network of base stations . It is owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider public switched telephone network (PSTN). The architecture contains specific features and functions which are needed because the phones are not fixed in one location. The NSS originally consisted of the circuit-switched core network , used for traditional GSM services such as voice calls, SMS , and circuit switched data calls. It was extended with an overlay architecture to provide packet-switched data services known as the GPRS core network . This allows mobile phones to have access to services such as WAP , MMS and the Internet . Mobile switching center (MSC) Description The mobile switching center (MSC) is the primary service delivery node for GSM/CDMA, respo ...more...



Network security

topic

Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and sim ...more...



Secure by design

topic

Secure by design , in software engineering , means that the software has been designed from the ground up to be secure . Malicious practices are taken for granted and care is taken to minimize impact when a security vulnerability is discovered or on invalid user input. Generally, designs that work well do not rely on being secret . While not mandatory, proper security usually means that everyone is allowed to know and understand the design because it is secure. This has the advantage that many people are looking at the computer code , which improves the odds that any flaws will be found sooner (see Linus' law ). Of course, attackers can also obtain the code, which makes it easier for them to find vulnerabilities as well. Also, it is important that everything works with the least amount of privileges possible (see the principle of least privilege ). For example, a Web server that runs as the administrative user ("root" or admin) can have the privilege to remove files and users that do not belong. A flaw in suc ...more...



Array Networks

topic

Array Networks is an American networking hardware company. It sells network traffic encryption tools. Array Networks was founded in 2000 by Lawrence Lu and is based in Milpitas, California . Originally called ClickArray Networks, it was renamed Array Networks in 2001 by then-incoming CEO Don Massaro who said the longer name "sounded too dot-commy". It received funding from the venture capital firm U.S. Venture Partners and the private equity firm H&Q Asia Pacific . On May 13, 2009, Array Networks became the first non-Taiwan company to be listed on the Taiwan Stock Exchange . The company sold 54 million shares that had a total value of about $79 million. In 2009, 43% of the company's market share was in China, and its main product type sold there consisted of SSL VPN devices. It also had 200 employees in China, which CEO Michael Zhao said made China a "natural choice" for an IPO, In comparison, the company had 70 employees in Silicon Valley . but because China did not allow non-Chinese companies on ...more...



TeleMessage

topic

TeleMessage is an American software company based in Boston, Massachusetts. Founded in 1999, its messaging solution portfolio includes secure enterprise messaging, mobile communications archiving and high-volume text messaging services. Corporate history TeleMessage was founded in 1999 in Tel Aviv , Israel raising more than 10 million dollars in its first 2 series of investment rounds. In August 2005, Messaging International PLC acquired TeleMessage. The company then went public and was traded on the London Stock Exchange AIM section under the Messaging International name. In August 2016, after being a public company for 11 years, TeleMessage delisted from the London Stock Exchange and privatized. All management and major shareholders remain the same. Guy Levit is the current CEO and Horacio Furman is the company chairman. Products TeleMessage's solutions consists of three product lines: Secure Enterprise Messaging, Mobile Archiver - Mobile Communications Archiving, and Mass Messaging. Secure Enterprise Mes ...more...



AppTec

topic

AppTec GmbH is a privately held company providing Enterprise Mobility Management software managing applications, configuration, and security of smartphones and tablets. AppTec has its headquarters in Basel, Switzerland. The company also has offices in London and Freiburg . AppTec is used by over 3,800 companies worldwide. History AppTec was founded in 2011 by serial entrepreneur, Sahin Tugcular . Products AppTec Enterprise Mobile Manager : An on-premise or cloudbased Mobile Device Management solution focused on providing mobile device lifecycle management and mobile security across devices, applications, the network, and data. AppTec ContentBox : Enterprise File Sync and Share SecurePIM : Mobile PIM Container App for encrypted communication on mobile devices. Whether for work or play, encrypt and send sensitive data by email, and protect documents, contacts and appointments from third-party access on mobile devices with SecurePIM. AppTec Universal Gateway : Imagine, that during the set up of smartphones and t ...more...



Malware

topic

Malware , short for malicious software , is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses , worms , Trojan horses , ransomware , spyware , adware , scareware , and other malicious programs. It can take the form of executable code , scripts , active content, and other software. Malware is defined by its malicious intent, acting against the requirements of the computer user — and so does not include software that causes unintentional harm due to some deficiency. Programs supplied officially by companies can be considered malware if they secretly act against the interests of the computer user. An example is the Sony rootkit , a Trojan horse embedded into CDs sold by Sony , which silently installed and concealed itself on purchasers' computers with the intention of preventing illicit copying; it also reported on users' listening habits, and unintentionally created vulnerabilities that were exploited by unrelated malware. Antivirus software and ...more...



Wandera

topic

Wandera is a privately held company backed by Bessemer Venture Partners and 83North Venture Capital. The SaaS service provides customers with a Secure Mobile Gateway (SMG) which compresses mobile data, enforces acceptable usage policies, provides multi-level mobile threat detection by scanning on device and in the cloud, and provides data usage reporting to business organizations to help protect business data. Wandera is co-founded in 2013 by brothers Eldar and Roy Tuvey who formerly co-founded ScanSafe which was acquired by Cisco in 2009. Wandera has offices in London , England , San Francisco , California and Brno , Czech Republic . Recognition In 2013, Wandera was nominated for the Redherring Europe Top 100 Awards. In April 2014, Wandera was named a “Cool Vendor in Enterprise Mobility, 2014″ by Gartner . References "About Wandera" . Lunden, Ingrid. "Wandera nabs 7million from Bessemer to Give Enterprises a Way to Control Mobile Data Use Using SaaS" . TechCrunch . Retrieved 17 April 2013 . Kepes, Ben. "Wan ...more...



Intrusion detection system

topic

An intrusion detection system ( IDS ) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms. There is a wide spectrum of IDS, varying from antivirus software to hierarchical systems that monitor the traffic of an entire backbone network. The most common classifications are network intrusion detection systems ( NIDS ) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of a HIDS, while a system that analyzes incoming network traffic is an example of a NIDS. It is also possible to classify IDS by detection approach: the most well-known variants are signature-based detection ...more...



Keystroke logging

topic

Keystroke logging , often referred to as keylogging or keyboard capturing , is the action of recording (logging) the keys struck on a keyboard , typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware . While the programs themselves are legal, with many of them being designed to allow employers to oversee the use of their computers, keyloggers are most often used for the purpose of stealing passwords and other confidential information. Keylogging can also be used to study human–computer interaction. Numerous keylogging methods exist: they range from hardware and software-based approaches to acoustic analysis. Application For Logging Keystrokes Software-based keyloggers A logfile from a software-based keylogger, based on the screencapture above. These are computer programs designed to work on the target computer's software . Keyloggers are ...more...



Information security

topic

Information security , sometimes shortened to InfoSec , is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information . It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). The chief area of concern for the field of information security is the balanced protection of the Confidentiality, Integrity and Availability of data, also known as the CIA Triad, while maintaining a focus on efficient policy implementation and no major hampering of organization productivity. To standardize this discipline, academics and professionals collaborate and seek to set basic guidelines and policies on password , antivirus software , firewall , encryption software , legal liability and user/administrator training standards. Overview IT security Sometimes referred to as computer security , information technology security (IT security) is information security applied to technology (most often s ...more...



Application security

topic

Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities . Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such design , development , deployment , upgrade , or maintenance . An always evolving but largely consistent set of common security flaws are seen across different applications, see common flaws Terms Asset . A resource of value such as the data in a database, money in an account, file on the filesystem or any system resource. Vulnerability . A weakness or gap in security program that can be exploited by threats to gain unauthorized access to an asset. Attack (or exploit). An action taken to harm an asset. Threat . Anything that can exploit a vulnerability and obtain, damage, or destroy an asset. Techniques Different techniques will find different subsets of the security vulnerabilities lurking in an application and are most effective a ...more...



Rootkit

topic

A rootkit is a collection of computer software , typically malicious , designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term rootkit is a concatenation of " root " (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware . Rootkit installation can be automated, or an attacker can install it once they've obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting a known vulnerability (such as privilege escalation ) or a password (obtained by cracking or social engineering tactics like " phishing "). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key ...more...



Antivirus software

topic

ClamTk, an open source antivirus based on the ClamAV antivirus engine, originally developed by Tomasz Kojm in 2001. Antivirus or anti-virus software (often abbreviated as AV ), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software . Antivirus software was originally developed to detect and remove computer viruses , hence the name. However, with the proliferation of other kinds of malware , antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers , ransomware , keyloggers , backdoors , rootkits , trojan horses , worms , malicious LSPs , dialers , fraudtools , adware and spyware . Some products also include protection from other computer threats , such as infected and malicious URLs , spam , scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced pers ...more...



Cyber security standards

topic

Cybersecurity standards (also styled cyber security standards ) are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including prevention or mitigation of cyber-attacks . These published materials consist of collections of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies. History Cybersecurity standards have existed over several decades as users and providers have collaborated in many domestic and international forums to effect the necessary capabilities, policies, and practices - generally emerging from work at the Stanford Consortium for Research on Information ...more...



Mobile banking

topic

Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a smartphone or tablet . Unlike the related internet banking it uses software, usually called an app , provided by the financial institution for the purpose. Mobile banking is usually available on a 24-hour basis. Some financial institutions have restrictions on which accounts may be accessed through mobile banking, as well as a limit on the amount that can be transacted. Transactions through mobile banking may include obtaining account balances and lists of latest transactions, electronic bill payments , and funds transfers between a customer's or another's accounts . Some apps also enable copies of statements to be downloaded and sometimes printed at the customer's premises; and some banks charge a fee for mailing hardcopies of bank statements. From the bank's point of view, mobile banking reduces the cost of handling transactions by ...more...



Fuzzing

topic

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program . The program is then monitored for exceptions such as crashes , or failing built-in code assertions or for finding potential memory leaks . Typically, fuzzers are used to test programs that take structured inputs. This structure is specified, e.g., in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are "valid enough" in that they are not directly rejected by the parser, but do create unexpected behaviors deeper in the program and are "invalid enough" to expose corner cases that have not been properly dealt with. For the purpose of security, input that crosses a trust boundary is often the most interesting. For example, it is more important to fuzz code that handles the upload of a file by any user than it is to fuzz the code that parses a configuration file that is accessible o ...more...



Authorization

topic

Authorization is the function of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular . More formally, "to authorize" is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from ( authentication ) shall be approved (granted) or disapproved (rejected) . Resources include individual files or an item's data , computer programs , computer devices and functionality provided by computer applications . Examples of consumers are computer users, computer Software and other Hardware on the computer. Overview Access control in computer systems and networks rely on access policies . The access control process can be divided into the following phases: policy definition phase where access is ...more...



Security hacker

topic

A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network . Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the computer underground. There is a longstanding controversy about the term's true meaning. In this controversy, the term hacker is reclaimed by computer programmers who argue that it refers simply to someone with an advanced understanding of computers and computer networks, and that cracker is the more appropriate term for those who break into computers, whether computer criminal ( black hats ) or computer security expert ( white hats ). A 2014 article concluded that "... the black-hat meaning still prevails among the general public". History Bruce Sterling , author of The Hacker Crackdown In computer secur ...more...



Payload (computing)

topic

In computing and telecommunications , the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery. In the context of a computer virus or worm , the payload is the portion of the malware which performs malicious action. The term is borrowed from transportation , where payload refers to the part of the load that pays for transportation. Security In computer security , the payload is the part of the private user text which could also contain malware such as worms or viruses which performs the malicious action; deleting data, sending spam or encrypting data. In addition to the payload, such malware also typically has overhead code aimed at simply spreading itself, or avoiding detection. Programming In computer programming , the most common usage of the term is in the context of message protocols, to differentiate the protocol overhead from the actual data. For example, a JSON web service response might be: { "data" : { "message" : ...more...



Customer-premises equipment

topic

Customer-premises equipment or customer-provided equipment ( CPE ) is any terminal and associated equipment located at a subscriber's premises and connected with a carrier's telecommunication channel at the demarcation point ("demarc"). The demarc is a point established in a building or complex to separate customer equipment from the equipment located in either the distribution infrastructure or central office of the communications service provider . CPE generally refers to devices such as telephones , routers , network switches , residential gateways (RG), set-top boxes , fixed mobile convergence products, home networking adapters and Internet access gateways that enable consumers to access communications service providers' services and distribute them around their house via a local area network (LAN). A CPE can be an active equipment, as the ones mentioned above or a passive equipment such as analogue-telephone-adapters or xDSL-splitters. Included are key telephone systems and most private branch exchanges ...more...



Atom Technologies

topic

Atom Technologies is a payment services provider, headquartered in Mumbai , India . Atom was started in 2006 and is a subsidiary of the Financial Technologies Group , founded by Jignesh Shah. The company has historically focused upon the distribution of payment and banking services through the use of mobile technology . Atom Technologies has provides products and services for mobile payments , interactive voice response (IVR) based payments, and mobile based service distribution framework. Products Atom Technologies' products include: Online banking and internet payment gateway (IPG): An internet payments platform Interactive voice response (IVR): helps organizations to accept payments through credit and debit card over a phone call Mobile computing app that enables payment services. The Atom mobile app allows payments through debit and credit cards , IMPS , cash cards , and net banking Point of sale to provide payment services, Atom provides brick and mortar merchant, acquiring and transaction processing ser ...more...



Allot Communications

topic

Allot headquarters in Hod HaSharon , near Tel Aviv Allot Communications is a provider of security and monetization products based in Hod HaSharon , Israel . Allot solutions use Deep Packet Inspection (DPI) technology to change broadband pipes into smart networks offering complete network visibility, application control and subscriber management . In 2016, the company reported $90.4 million in revenue. History Allot Communications was founded in 1996, by Michael Shurman and Yigal Jacoby, who served as chief executive and chairman until 2006. Jacoby previously founded Armon Networking, a manufacturer of RMON -based network management solutions, which was sold to Bay Networks for $33 million in 1996. In November 2003, Deloitte & Touche named Allot the fourth fastest-growing company on its Israel Technology Fast 50 list, citing the company's revenue growth of nearly 1,900% in a year's time. By 2004, Allot raised $38 million in several rounds of funding from several venture capital funds , including: Genes ...more...



Vulnerability (computing)

topic

In computer security , a vulnerability is a weakness which allows an attacker to reduce a system's information assurance . Vulnerabilities are the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface . Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems. A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances ...more...



List of network protocols (OSI model)

topic

This is a list of network protocols , categorized by their nearest Open Systems Interconnection (OSI) model layers. This list is not exclusive to only the OSI protocol family . Many of these protocols are originally based on the Internet Protocol Suite (TCP/IP) and other models and they often do not fit neatly into OSI layers. Layer 1 (Physical Layer) Telephone network modems IRDA physical layer USB physical layer EIA RS-232 , EIA-422 , EIA-423 , RS-449 , RS-485 Ethernet physical layer 10BASE-T , 10BASE2 , 10BASE5 , 100BASE-TX , 100BASE-FX , 100BASE-T , 1000BASE-T , 1000BASE-SX and other varieties Varieties of 802.11 Wi-Fi physical layers DSL ISDN T1 and other T-carrier links, and E1 and other E-carrier links SONET/SDH Optical Transport Network (OTN) GSM Um air interface physical layer Bluetooth physical layer ITU Recommendations: see ITU-T IEEE 1394 interface TransferJet Etherloop ARINC 818 Avionics Digital Video Bus G.hn / G.9960 physical layer CAN bus (controller area network) physical layer Mobile Industr ...more...



Microsoft Forefront Threat Management Gateway

topic

Microsoft Forefront Threat Management Gateway ( Forefront TMG ), formerly known as Microsoft Internet Security and Acceleration Server ( ISA Server ), is a network router , firewall , antivirus program , VPN server and web cache from Microsoft Corporation . It runs on Windows Server and works by inspecting all network traffic that passes through it. Features Microsoft Forefront TMG offers a set of features which include: Routing and remote access features: Microsoft Forefront TMG can act as a router , an Internet gateway , a virtual private network (VPN) server, a network address translation (NAT) server and a proxy server . Security features: Microsoft Forefront TMG is a firewall which can inspect network traffic (including web contents, secure web contents and emails) and filter out malware , attempts to exploit security vulnerabilities and content that does not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers application layer protection , stateful filtering , content ...more...



Proofpoint, Inc.

topic

Proofpoint is an enterprise security company based in Sunnyvale, California that provides software as a service and products for inbound email security , outbound data loss prevention , social media , mobile devices , digital risk , email encryption , electronic discovery ("eDiscovery”), and email archiving . History Founding The company was founded in June 2002 by Eric Hahn , formerly the CTO of Netscape Communications . It launched July 21, 2003, after raising a $7 million Series A funding round, releasing its first product, and lining up six customers as references, and was backed by venture investors Benchmark Capital and Stanford University . An additional $9 million in Series B funding led by New York-based RRE Ventures was announced in October, 2003. Proofpoint became a publicly traded company in April 2012. At the time of its initial public offering (IPO), the company's shares traded at $13 apiece; investors purchased more than 6.3 million shares through the IPO, raising more than $80 million. Proofp ...more...



Merchant services

topic

Merchant services is a broad category of financial services intended for use by businesses. In its most specific use, it usually refers to merchant processing services that enables a business to accept a transaction payment through a secure (encrypted) channel using the customer's credit card or debit card or NFC / RFID enabled device. More generally, the term may include: Credit and debit cards payment processing Check guarantee and check conversion services Automated Clearing House check drafting and payment services Gift card and loyalty programs Payment gateway Merchant cash advances Online transaction processing Point of sale (POS) systems Electronic benefits transfer programs, such as ration stamps (called food stamps in the U.S.). Merchant service providers typically require the merchant to have a merchant account with the provider, either directly or through a referral partner, such as banks or B2B service companies. All banks in the United Kingdom, except for Barclays / Barclaycard , offer merchant ...more...



Voice over IP

topic

Voice over Internet Protocol (also voice over IP , VoIP or IP telephony ) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet . The terms Internet telephony , broadband telephony , and broadband phone service specifically refer to the provisioning of communications services (voice, fax , SMS , voice-messaging) over the public Internet, rather than via the public switched telephone network (PSTN). The steps and principles involved in originating VoIP telephone calls are similar to traditional digital telephony and involve signaling, channel setup, digitization of the analog voice signals, and encoding. Instead of being transmitted over a circuit-switched network , the digital information is packetized, and transmission occurs as IP packets over a packet-switched network . They transport media streams using special media delivery protocols that encode audio and video with audio codecs , and video c ...more...



Computer security software

topic

Computer security software or cybersecurity software is any computer program designed to enhance information security . The defense of computers against intrusion and unauthorized use of resources is called computer security . Similarly, the defense of computer networks is called network security . Types of security software Access control Anti-keyloggers Anti-malware Anti-spyware Anti-subversion software Anti-tamper software Antivirus software Cryptographic software Computer Aided Dispatch (CAD) Firewall Intrusion detection system (IDS) Intrusion prevention system (IPS) Log management software Records Management Sandbox Security information management SIEM See also Computer security Data security Emergency management software Computer security software or cybersecurity software is any computer program designed to enhance information security . The defense of computers against intrusion and unauthorized use of resources is called computer security . Similarly, the defense of computer networks is called networ ...more...



SMS

topic

E.161 , the most common mobile keypad alphabet layout. Short Message Service ( SMS ) is a text messaging service component of most telephone , World Wide Web , and mobile device systems . It uses standardized communication protocols to enable mobile devices to exchange short text messages. An intermediary service can facilitate a text-to-voice conversion to be sent to landlines. SMS was the most widely used data application, with an estimated 3.5 billion active users, or about 80% of all mobile subscribers, at the end of 2010. SMS, as used on modern devices, originated from radio telegraphy in radio memo pagers that used standardized phone protocols. These were defined in 1985 as part of the Global System for Mobile Communications (GSM) series of standards. The protocols allowed users to send and receive messages of up to 160 alpha-numeric characters to and from GSM mobiles. Although most SMS messages are mobile-to-mobile text messages, support for the service has expanded to include other mobile technolo ...more...



Security testing

topic

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements. Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from. Confidentiality A security measure which protects against the disclosure of information to parties other than the intended recipient is by no means the only way of ensuring ...more...



Mavenir Systems

topic

Mavenir Systems ( NYSE :MVNR ) was a software-based telecommunications networking provider based in Richardson, Texas . The company's software was aimed to deliver internet protocol (IP)-based voice, video, rich communications and enhanced messaging services to clients. Mavenir Systems provided service to approximately 120 mobile networks globally. Rashad Ali founded the company in 2005. Pardeep Kohli served as the company's president and CEO . In March 2015, Mitel announced to buy Mavenir Systems for $560 million. Thus the first incarnation of Mavenir came to an end. Two years later, as the result of the merger of established company Xura with the Mavenir Systems part of Mitel and the startup Ranzure , a new company named Mavenir was formed. History Mavenir Systems was founded in 2005. In December 2008, the company completed a funding round for $17.5 million. Another funding round for $13.5 million backed by Alloy Ventures , Austin Ventures and North Bridge Venture Partners was completed in June 2010 ...more...



Software development security

topic

Security is part of software development process , is an ongoing process involving people and practices, and ensures application confidentiality, integrity, and availability. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind. [1] Security is most effective if planned and managed throughout every stage of software development life cycle (SDLC), especially in critical applications or those that process sensitive information. The solution to software development security is more than just the technology. Software development challenges As technology advances, application environment s become more complex and application development security becomes more challenging. Applications, systems, and networks are constantly under various security attacks such as malicious code or denial of service . Some of the challenges from the application development security point of view include Viruses, Trojan horses, Logi ...more...



Web application security

topic

Web application security, is a branch of Information Security that deals specifically with security of websites , web applications and web services . At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Security threats With the emergence of Web 2.0 , increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading . As a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems . The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks which typically result from flawed coding, an ...more...



Security bug

topic

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of: Authentication of users and other entities Authorization of access rights and privileges Data confidentiality Data integrity Security bugs need not be identified nor exploited to qualify as such. Causes Security bugs, like all other software bugs , stem from root causes that can generally be traced to either absent or inadequate: Software developer training Use case analysis Software engineering methodology Quality assurance testing ...and other best practices Taxonomy Security bugs generally fall into a fairly small number of broad categories that include: Memory safety (e.g. buffer overflow and dangling pointer bugs) Race condition Secure input and output handling Faulty use of an API Improper use case handling Improper exception handling Resource leaks , often but not always due to improper ...more...



Computer access control

topic

In computer security , general access control includes identification , authorization , authentication , access approval, and audit . A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords , biometric scans, physical keys , electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems. In a capability-based model, holding an unforge-able reference or capability to an object provides access to the object (roughly analogous to how possession of one's house key grants one access to one's house); access is conveyed to another party by transmitting such a capab ...more...




Next Page
Javascript Version
Revolvy Server https://www.revolvy.com