DOCSLIB.ORG

Demystifying Africa's Cyber Security Poverty Line

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Demystifying Africa's Cyber Security Poverty Line Demystifying Africa’s Cyber Security Poverty Line Tanzania Chapter The Africa Cyber Immersion Centre is a state-of-the-art research, innovation and training facility that seeks to address Africa’s ongoing and long-term future needs through unique education, training, research, and practical applications. For more information Serianu Limited contact: [email protected] http://www.serianu.com Tanzania Cyber Security 3 Report Content Editor’s Note and Acknowledgement Cost of Cyber Crime We are excited to finally publish the 2nd edition of Tanzania We estimate that cyber-attacks cost Tanzanian 4 Cyber Security Report 2017. 54 businesses around $99.5 million a year. Foreword Sector Ranking in 2017 2017 has seen a jump in cyberattacks or cybercrimes. Cyber security is no longer a concern fof the Ransomware, DDoS attacks, data breaches were all financial & banking sectors only. 7 synonymous with 2017. 56 Executive Summary Home Security It is in our own best interests to make sure everyone – from the young to the old, on The global landscape of cyber threats is quickly changing. snapchat, facebook and twitter - know and 9 60 practice basic security habits. Top Trends Africa Cyber Security Framework We analysed incidents that occurred in 2017 and compiled Attackers are now launching increasingly a list of top trends that had a huge impact on the economic sophisticated attacks on everything from and social well-being of organisations and Tanzanian citizens. business critical infrastructure to everyday 13 69 devices such as mobile phones. Top Priorities for 2018 Appendixes 19 We have highlighted key priorities for 2018. 71 Cyber Intelligence Statistics, Analysis, & Trends References We have monitored organisations’ network for malware and cyber threat attacks such as brute-force attacks 25 against the organisation’s servers. 74 2017 Tanzania Cyber Security Survey This survey identifies current and future Cyber security needs within organisations and the most prominent 38 threats that they face. Tanzania 4 Cyber Security Report Editor’s Note and Acknowledgement We are extremely pleased to publish the 2nd edition of the Tanzania Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in Cyber intelligence, Cyber security trends, industry risk ranking as well as home security. Over the last 5 years, we have consistently strived to demystify the state of Cyber security in Brencil Kaimba Africa. In this edition themed Demystifying Africa’s Cyber Security Poverty Line, we take a deeper look at the financial limitations impacting many Tanzanian organisations. Our research is broken Editor-in-chief down into the following key areas: Top Trends: We analysed incidents that Sector Risk Ranking: The risk appetite What can our readers look occurred in 2017 and compiled a list of for organisations varies. In this section, forward to in this report? top trends that had a huge impact on we rank different sectors based on their the economic and social well-being of risk appetite, number of previous attacks organisations and Tanzanian citizens. This reported, likelihood and impact of a This report GIVes section provides an in-depth analysis of successful attack. insiGHTFUL analYsis OF these trends. Anatomy of a Cyber Heist: This section CYBER SECUritY issUes, Cyber Intelligence: This section highlights provides a wealth of intelligence about trends and threats various Cyber-attacks, technical how Cybercriminals operate, from IN AFRICA. ITS sections reconnaissance, gaining access, attacking methodologies, tools, and tactics that are WELL researched attackers leverage to compromise and covering their tracks. This section organisations. The compromise statistics is tailored to assist Security managers and STRUctURED TO and indicators provided in this section identify pain points within the organisation. cater for THE NEEDS empower organisations to develop a OF all ORGanisational Home Security: In light of the increased proactive Cyber security posture and STAFF inclUdinG bolster overall risk. residential internet penetration, smart phone use and cases of Cyber bullying, it Board Directors. has become necessary to raise awareness Survey Analysis: This section analyses on Cyber security matters at a non- THE anatomY OF A the responses we received from over 700 corporate level. This section highlights key CYBER-heist WAS organisations surveyed across Africa. It challenges in the modern smart home and measures the challenges facing Tanzanian compiled with SECUritY sheds light on the growing issue of Cyber organisations, including low Cyber security bullying. implementers and budgets and inadequate security impact forensic INVestiGators awareness that eventually translates to limited capabilities to anticipate, detect, Africa Cyber Security Framework (ACSF): IN MIND WHILE THE TOP respond and contain threats. In order to assist businesses in Africa, priorities section especially SMEs, we developed the Africa Cyber Security Framework (ACSF). This caters for Directors Cost of Cyber Crime Analysis: Here we section highlights the four (4) key domains closely examine the cost of Cybercrime in and Senior EXECUTIVes. of ACSF which serves to help businesses Tanzanian organisations and in particular, to identify and prioritize specific risks plus gain a better appreciation of the costs to We have also highlighted other steps that can be taken to address these the local economy. We provide an estimate social issues such as home risks in a cost effective manner. of this cost, which includes direct damage security that plays an important plus post-attack disruption to the normal role away from the corporate course of business. standpoint. Demystifying Africa’s Cyber Security Poverty Line Tanzania Cyber Security 5 Report Appreciation Commentaries In developing the Tanzania Cyber Security Report 2017, the Serianu CyberThreat Aashiq Sharif Intelligence Team received invaluable collaboration and input from key partners as listed below; CEO - Raha - Liquid Telecom Tanzania Ltd Ben Roberts We partnered with Kabolik an IT and Business consulting firm based in Tanzania whose prime focus is enabling clients Chief Technical Officer, to get the best value from their information and IT assets Liquid Telecom Group by developing holistic end-to-end solutions that release customers to focus on their core business and activities. Dr. Carina Wangwe Kabolik provided immense support through research and Head, ICT - SSRA (Social Security provision of statistics, survey responses, local intelligence on Regulatory Authority) top issues and trends highlighted in the report. Dr. Edward Hoseah CEO - Hoseah & Co. Advocates, The USIU’s Centre for Informatics Research and Innovation Former DG-PCCB (Prevention and (CIRI) at the School of Science and Technology has been our Combating of Corruption Bureau) key research partner. They provided the necessary facilities, research analysts and technical resources to carry out the ASP Joshua Mwangasa extensive work that made this report possible. Deputy Head of Cybercrime Unit, TPF (Tanzania Police Force) The ISACA-Tanzania Chapter provided immense support Eng. Peter Ulanga through its network of members spread across the country. Key statistics, survey responses, local intelligence on top CEO & Fund Manager, issues and trends highlighted in the report were as a result Universal Communications Service Access of our interaction with ISACA-Tanzania chapter members. Fund (UCSAF) Adv. Josephat Mkizungo Senior State Attorney - The Serianu CyberThreat Attorney General’s Chambers Intelligence Team Joseph Mathenge We would like to single out individuals who worked tirelessly Chief Operating Officer, Serianu Limited and put in long hours to deliver the document. Olabode Olaoke Eric Ochaka Samuel Keige Mark Muema PricewaterhouseCoopers Dadi Masesa George Kiio Nabihah Rishad Barbara Munyendo Margaret Ndungu Dr. Peter Tobin Kevin Kimani Morris Ndungu Privacy and Compliance Expert, BDO Consulting, Mauritius USIU Team Jeff Karanja Ms. Paula Musuva Kigen Kuta Jamilla Uchi Information Security Consultant Folarin Adefemi Isaac Demystifying Africa’s Cyber Security Poverty Line Tanzania 6 Cyber Security Report Building Data Partnerships In an effort to enrich the data we are collecting, Serianu continues to build corporate relationships with like-minded institutions. Recently, we partnered with The Honeynet Project ™ and other global Cyber intelligence organisations that share our vision to strengthen the continental resilience to cyber threats and attacks. As a result, Serianu has a regular pulse feeds on malicious activity into and across the continent. Through these collaborative efforts and using our Intelligent Analysis Engine, we are able to anticipate, detect and identify new and emerging threats. The analysis engine enables us identify new patterns and trends in the Cyber threat sphere that are unique to Tanzania. Our new Serianu CyberThreat Command Centre (SC3) Initiative serves as an excellent platform in our mission to improve the state of Cyber security in Africa. It opens up collaborative opportunities for Cyber security projects in academia, industrial, commercial and government institutions. For details on how to become a partner and how your organisation or institution can benefit from this initiative, email us at [email protected] Design, layout and production: Tonn Kriation Disclaimer The views and opinions expressed in this report are those of the authors and do not necessarily reflect the official position
Load more

Recommended publications
  • Ransom Where?
    Ransom where? Holding data hostage with ransomware May 2019 Author With the evolution of digitization and increased interconnectivity, the cyberthreat landscape has transformed from merely a security and privacy concern to a danger much more insidious by nature — ransomware. Ransomware is a type of malware that is designed to encrypt, Imani Barnes Analyst 646.572.3930 destroy or shut down networks in exchange [email protected] for a paid ransom. Through the deployment of ransomware, cybercriminals are no longer just seeking to steal credit card information and other sensitive personally identifiable information (PII). Instead, they have upped their games to manipulate organizations into paying large sums of money in exchange for the safe release of their data and control of their systems. While there are some business sectors in which the presence of this cyberexposure is overt, cybercriminals are broadening their scopes of potential victims to include targets of opportunity1 across a multitude of industries. This paper will provide insight into how ransomware evolved as a cyberextortion instrument, identify notorious strains and explain how companies can protect themselves. 1 WIRED. “Meet LockerGoga, the Ransomware Crippling Industrial Firms” March 25, 2019; https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/. 2 Ransom where? | May 2019 A brief history of ransomware The first signs of ransomware appeared in 1989 in the healthcare industry. An attacker used infected floppy disks to encrypt computer files, claiming that the user was in “breach of a licensing agreement,”2 and demanded $189 for a decryption key. While the attempt to extort was unsuccessful, this attack became commonly known as PC Cyborg and set the archetype in motion for future attacks.
    [Show full text]
  • Software Catalog for Patch Management and Software Deployment 
    Software Catalog for Patch Management and Software Deployment Find all supported 3rd party applications that can be patched and deployed in Monitoring & Asset Management below. Click on a software to get a more detailed view of the respective versions. (Last Update: 2021/03/23) Vendors # Citrix 4 7-Zip 4 Code4ward.net 5 A CoreFTP 5 Acro 4 Corel 5 Adobe 4 CrowdStrike, Inc 5 AdoptOpenJDK 4 D AIMP Dev Team 4 dotPDN LLC 5 Amazon Services LLC 4 Dropbox 5 Apache Software Foundation 4 E Apple 4 Evernote Corporation 5 Atlassian 4 F Audacity 4 FileZilla 5 Azul Systems, Inc 4 Foxit Corporation 5 B G Bandicam Company 4 GIT 5 Barco, Inc 4 GIMP.org 5 BlueJeans Network, Inc. 4 Glavsoft 5 Botkind, Inc. 4 Google 5 Box.com 4 Gretech Corp 5 C Inkscape 5 CDBurnerXP 4 IrfanView 5 Cisco 4 Software Catalog for Patch Management and Software Deployment J P Jabra 5 PeaZip 10 JAM Software 5 Pidgin 10 Juraj Simlovic 5 Piriform 11 K Plantronics, Inc. 11 KeePass 5 Plex, Inc 11 L Prezi Inc 11 LibreOffice 5 Programmer‘s Notepad 11 Lightning UK 5 PSPad 11 LogMeIn, Inc. 5 Q M QSR International 11 Malwarebytes Corporation 5 Quest Software, Inc 11 Microsoft 6 R MIT 10 R Foundation 11 Morphisec 10 RarLab 11 Mozilla Foundation 10 Real 11 N RealVNC 11 Neevia Technology 10 RingCentral, Inc. 11 NextCloud GmbH 10 S Nitro Software, Inc. 10 Scooter Software, Inc 11 Nmap Project 10 Siber Systems 11 Node.js Foundation 10 Simon Tatham 11 Notepad++ 10 Skype Technologies S.A.
    [Show full text]
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • BDP-Case-Study-Architecture-Industry.Pdf
    Case Study Achieving Resilience During the COVID19 Crisis: BDP Shares their Splashtop Story About BDP Alistair Kell PRINCIPAL, IT AND PROCESS AT BDP Founded in 1961, BDP is the 2nd largest architect-led firm in the UK, with over 16 locations globally and 1,350 employees. BDP has a leading track record in all major sectors, including health, education, workplace, retail, urbanism, heritage, housing, transport, leisure, public safety, and energy utilities. This includes the restoration of the UK Houses of Parliament. Summary Alistair Kell, principal and head of information technology and processes at BDP, explains how during the COVID19 crisis, his company-- an international, interdisciplinary practice of architects, designers, engineers and urbanists -- got all employees working remotely in 48 hours with Splashtop Remote Access Solutions. When COVID19 hit, BDP looked at several options to enable employees to work from home. The number of software employees needed to access for working efficiently, the big size of the team, and a sense of urgency made this quite the challenge: • Hardware needs - Would employees have a personal computer they could connect from at home, or would they only have a BDP laptop? • Keeping the current infrastructure stable - How could BDP keep everything stable while ensuring there were no unnecessary changes to the company underlying infrastructure? • Urgency and cost - How could BDP deploy quickly without incurring an unreasonable cost? Due to all these concerns, BDP believed that the whole process to go remote would take at least two or three weeks of turmoil in getting ready. However, thanks to BDP’s IT team and Splashtop remote access solutions, it didn’t take so long.
    [Show full text]
  • 2016.4 Vol.28 Mac はマルウェアから 100%安全か
    2016.4 Vol.28 Mac はマルウェアから 100%安全か セキュリティプレス・アン Mac 向けセキュリティソリューション AhnLab V3 365 Clinic for Mac Mac はマルウェアから 100%安全か AppleのMacは、多くの人にマルウェアから安全だと思われている。しかし実際はWindowほどではないにせよ、Mac向けのマルウ ェアもマルウェア史の初期から存在し続けていた。それは現在も同じで、Macも安全地帯ではないということだ。 今回のプレス・アンでは、最新Mac向けマルウェアの特徴を分析し、Mac環境を保護する方策を探る。 Appleのマッキントッシュ(Macintosh、以下Mac)に対するユーザーの信頼は厚く、次のような挿絵からも見て取れる。コンピューター使用中感電し たキャラに、「コンピューターに異常はないかい?」と聞いたところ「これはMacだから大丈夫」と断言する内容である。 [図1] The Brads- Impossible 2 セキュリティプレス・アン その信頼はセキュリティに関しても絶大で、どうやらMacは安全な環境であると思われているらしい。しかし前述のようにMac向けマルウェアは昔か ら存在していたし、Macの運営環境である「OS X」に移行してから10年間、脅威は持続的に発見されている。もちろんWindowに比べればMac向け マルウェアが少ないのは確かだが、最近発見されるマルウェアの傾向を見るとMacもまたマルウェアの安全地帯ではないことが分かる。最近登場して いるMac向けマルウェアの特徴を分析し、Macを保護するソリューションを見てみよう。 主なMacマルウェア 現在のMacも多くの進化を遂げた。プロセッサやOSの変化により、[図2]のようにOS環境がOS Xに変更された前後で発見されたマルウェアは異なる。 初期 偽装した セキュリティ プログラム リリース リリース [図2] Mac向けマルウェア史タイムライン OS X移行後に登場したマルウェアに関する詳細情報は次の通りだ。 マルウェア(発見時期) 特徴 備考 Renepo -システムセキュリティ設定: 低 -OS X 初のマルウェア (2004) -OS X ファイアウォール解除 -2004/3/3、ニックネーム DimBulbが「Macintosh Underground -ソフトウェアアップデート機能解除 forum」に参加後、3/13からスクリプトワームに対して掲載し、フォーラ -ohphoneX(ボイス及びビデオ共有)、d ムの参加者とマルウェア作成を開始。9/10の掲載バージョンが10/23に sniff(暗号スニファ)、John the Rippe 外部に知れ渡り、10/24から大炎上したことから作成を放棄 r(暗号クラック)をダウンロードインストール -Apple社ではマルウェアではないと否認し、対応せず RSPlug(Dnschanger) -DNSアドレスを変更してフィッシングサイ -使用者に実害を与えた初のOS X向けマルウェア (2007.10) トに誘導し、金銭的要求 3 セキュリティプレス・アン マルウェア(発見時期) 特徴 備考 MacSweeper -常に何かを診断し、購入要求 -OS X初の偽装アンチウィルスプログラム (2008.1.17) -KiVVi Softwareで作成し、強制マーケティングに使用したことで公式謝 罪 -2011/5以降Mac Defender、Mac Protector、Mac Security、 Mac Guard、Mac Shieldなど偽装プログラムが大幅に増加 -Apple社は同年5月末セキュリティアップデートを行い、偽装アンチウィルス
    [Show full text]
  • Realvnc @ LC August 2018 LC User Meeting
    RealVNC @ LC August 2018 LC User Meeting Cameron Harr Title (optional) Aug. 21, 2018 LLNL-PRES-XXXXXX This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344. Lawrence Livermore National Security, LLC RealVNC @ LC § What is RealVNC? § What did we have? § What do we have now? § What’s coming in the future? § How do you use it? 2 LLNL-PRES-xxxxxx Cloud versus direct with VNC Connect VNC Connect is unique among remote access software in its ability to offer both cloud and direct connectivity methods within a single product. At first glance, knowing whether to connect directly or via our cloud service can seem confusing. However, there are clear benefits to each connection method. The trick is knowing how to maximize these benefits. This brief product guide provides an overview of the differences between cloud and direct connectivity, and offers some advice on how each method can be used to your greatest advantage. Key terminology Throughout this guide, we refer to certain RealVNC-specific terminology. VNC Connect is comprised of two separate apps: VNC Server and VNC Viewer. You must install and license VNC Server on the computer you want to control. This is known as your VNC Server computer. You must then install VNC Viewer on the computer or device you want to take control from, which is known as your VNC Viewer device. You do not need to license this device, meaning you can freely connect to your VNC Server computer from as many devices as you wish.
    [Show full text]
  • Netsupport Manager 12.50
    NetSupport Manager 12.50 Getting Started Guide Copyright© 2017 NetSupport Ltd All rights reserved Contents DEFINITIONS............................................................... 4 Installation .................................................................. 4 System Prerequisites ........................................................ 4 Planning an Installation .................................................... 6 Starting the Installation .................................................... 7 NetSupport Licence Agreement .......................................... 8 Licence Information ......................................................... 8 Select Setup Type ............................................................ 8 Custom Setup ................................................................. 9 Ready to Install ............................................................. 11 Installation Complete ..................................................... 12 Existing Installation Detected .......................................... 12 Uninstalling NetSupport Manager ..................................... 13 Evaluation Kit ................................................................ 13 Advanced Installation ................................................ 15 Creating an administrative (network) installation ............... 15 Silent/Unattended Installations ........................................ 16 Install Configuration Options dialog ............................. 17 NetSupport Manager Deploy – NetSupport Manager’s Remote
    [Show full text]
  • Release 0.0.1 Alan Mitchell
    bmon Documentation Release 0.0.1 Alan Mitchell Sep 16, 2021 Users 1 User Introduction 3 2 System Administrator Introduction5 3 Developer Introduction 7 4 Contact Information 9 4.1 User Introduction.............................................9 4.2 System Administrator Introduction................................... 10 4.3 How to Install BMON on a Web Server................................. 13 4.4 How to Install BMON on a Local Web Server.............................. 18 4.5 Add Buildings and Sensors....................................... 27 4.6 Sharing BMON across Multiple Organizations............................. 40 4.7 Setting Up Sensors to Post to BMON.................................. 41 4.8 Multi-Building Charts.......................................... 60 4.9 Sensor Alerts............................................... 68 4.10 Creating a Dashboard.......................................... 74 4.11 Transform Expressions.......................................... 76 4.12 Calculated Fields............................................. 80 4.13 Periodic Scripts.............................................. 92 4.14 How to Create Custom Jupyter Notebook Reports........................... 107 4.15 Custom Reports............................................. 108 4.16 Backing Up and Analyzing Data from the System........................... 111 4.17 System Performance with High Loading................................ 113 4.18 Using CSV Transfer........................................... 115 4.19 Developer Introduction.........................................
    [Show full text]
  • Ransomware Is Here: What You Can Do About It?
    WHITEPAPER Ransomware is Here: What you can do about it? Overview Over the last few years, ransomware has emerged as one of the most devastating and costly attacks in the hacker arsenal. Cyber thieves are increasingly using this form of attack to target individuals, corporate entities and public sector organizations alike by holding your system or files for ransom. Unlike other forms of cyber theft that often involve stolen financial or healthcare information, ransomware cuts out the middleman. In cases where an attacker steals health or financial documents, they must sell them on to third parties to make money. As far as ransomware is concerned, the money comes directly from the victim. Ransomware is a quickly growing threat vector. According to the FBI’s Internet Crime Complaint center (IC3), infected users made complaints about ransomware 2,453 times in 2015—nearly double the figure for 2014. What’s more, these figures most likely represent only the tip of the iceberg, as many users pay their ransom without making a report to the authorities. A recent survey conducted by a Cyber Security Research Center at the University of Kent found that over 40% of those infected with CryptoLocker actually agreed to pay the ransom demanded, which is a big incentive for hackers to target more systems. Lastly, hackers are rapidly iterating both malware and distribution techniques. In early Q2 of 2016, a new variant of ransomware, known as CryptXXX, emerged on the scene. This program is packed in such a way that users and antivirus software may initially confuse it for a Windows DLL file.
    [Show full text]
  • Test-Beds and Guidelines for Securing Iot Products and for Secure Set-Up Production Environments
    IoT4CPS – Trustworthy IoT for CPS FFG - ICT of the Future Project No. 863129 Deliverable D7.4 Test-beds and guidelines for securing IoT products and for secure set-up production environments The IoT4CPS Consortium: AIT – Austrian Institute of Technology GmbH AVL – AVL List GmbH DUK – Donau-Universit t Krems I!AT – In"neon Technologies Austria AG #KU – JK Universit t Lin$ / Institute for &ervasive 'om(uting #) – Joanneum )esearch !orschungsgesellschaft mbH *+KIA – No,ia -olutions an. Net/or,s 0sterreich GmbH *1& – *1& -emicon.uctors Austria GmbH -2A – -2A )esearch GmbH -)!G – -al$burg )esearch !orschungsgesellschaft -''H – -oft/are 'om(etence 'enter Hagenberg GmbH -AG0 – -iemens AG 0sterreich TTTech – TTTech 'om(utertechni, AG IAIK – TU Gra$ / Institute for A((lie. Information &rocessing an. 'ommunications ITI – TU Gra$ / Institute for Technical Informatics TU3 – TU 3ien / Institute of 'om(uter 4ngineering 1*4T – 1-Net -ervices GmbH © Copyright 2020, the Members of the IoT4CPS Consortium !or more information on this .ocument or the IoT5'&- (ro6ect, (lease contact8 9ario Drobics7 AIT Austrian Institute of Technology7 mario:.robics@ait:ac:at IoT4C&- – <=>?@A Test-be.s an. guidelines for securing IoT (ro.ucts an. for secure set-up (ro.uction environments Dissemination level8 &U2LI' Document Control Title8 Test-be.s an. gui.elines for securing IoT (ro.ucts an. for secure set-u( (ro.uction environments Ty(e8 &ublic 4.itorBsC8 Katharina Kloiber 4-mail8 ,,;D-net:at AuthorBsC8 Katharina Kloiber, Ni,olaus DEr,, -ilvio -tern )evie/erBsC8 -te(hanie von )E.en, Violeta Dam6anovic, Leo Ha((-2otler Doc ID8 DF:5 Amendment History Version Date Author Description/Comments VG:? ?>:G?:@G@G -ilvio -tern Technology Analysis VG:@ ?G:G>:@G@G -ilvio -tern &ossible )esearch !iel.s for the -2I--ystem VG:> >?:G<:@G@G Katharina Kloiber Initial version (re(are.
    [Show full text]
  • The Application Usage and Risk Report an Analysis of End User Application Trends in the Enterprise
    The Application Usage and Risk Report An Analysis of End User Application Trends in the Enterprise 8th Edition, December 2011 Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com Table of Contents Executive Summary ........................................................................................................ 3 Demographics ............................................................................................................................................. 4 Social Networking Use Becomes More Active ................................................................ 5 Facebook Applications Bandwidth Consumption Triples .......................................................................... 5 Twitter Bandwidth Consumption Increases 7-Fold ................................................................................... 6 Some Perspective On Bandwidth Consumption .................................................................................... 7 Managing the Risks .................................................................................................................................... 7 Browser-based Filesharing: Work vs. Entertainment .................................................... 8 Infrastructure- or Productivity-Oriented Browser-based Filesharing ..................................................... 9 Entertainment Oriented Browser-based Filesharing .............................................................................. 10 Comparing Frequency and Volume of Use
    [Show full text]
  • Web Vulnerabilities (Level 1 Scan)
    Web Vulnerabilities (Level 1 Scan) Vulnerability Name CVE CWE Severity .htaccess file readable CWE-16 ASP code injection CWE-95 High ASP.NET MVC version disclosure CWE-200 Low ASP.NET application trace enabled CWE-16 Medium ASP.NET debugging enabled CWE-16 Low ASP.NET diagnostic page CWE-200 Medium ASP.NET error message CWE-200 Medium ASP.NET padding oracle vulnerability CVE-2010-3332 CWE-310 High ASP.NET path disclosure CWE-200 Low ASP.NET version disclosure CWE-200 Low AWStats script CWE-538 Medium Access database found CWE-538 Medium Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629CVE-2013-0631 CVE-2013-0 CWE-287 High 632 Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 High Adobe Coldfusion 8 multiple linked XSS CVE-2009-1872 CWE-79 High vulnerabilies Adobe Flex 3 DOM-based XSS vulnerability CVE-2008-2640 CWE-79 High AjaxControlToolkit directory traversal CVE-2015-4670 CWE-434 High Akeeba backup access control bypass CWE-287 High AmCharts SWF XSS vulnerability CVE-2012-1303 CWE-79 High Amazon S3 public bucket CWE-264 Medium AngularJS client-side template injection CWE-79 High Apache 2.0.39 Win32 directory traversal CVE-2002-0661 CWE-22 High Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017 CWE-20 High Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425 CWE-20 High Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 Medium Apache 2.x version older than 2.0.43 CVE-2002-0840 CVE-2002-1156 CWE-538 Medium Apache 2.x version older than 2.0.45 CVE-2003-0132 CWE-400 Medium Apache 2.x version
    [Show full text]