Cyber Security Through Technology Risk Management

Introduction. We are going to discuss various file transfer options in brief and the security concerns associated with them. By understanding how these solution operate we can have an informed decision over its usage across the organization . Let's see if we could find answers to below question.  Differences between FTP, SFTP, FTPS and FTP over SSH? Why not just use FTP? Why should I use SFTP instead of FTP? Is SFTP better than FTPS?

WPAD protocol is a mechanism used by web clients to locate a browser configuration file ( WPAD.dat ) to obtain nearby proxy server details.

Assume you are supporting a big datacenter where multiple Access Switches are connected to the core switches or routers and  then tracing a device like a PC or a server for troubleshooting or security purposes is one of those tasks  that you often end up doing. This is not a difficult task but can certainly  a time consuming.

What is PAC File? Proxy Auto Configuration file is text file having a single function containing various rules coded in JavaScript that instructs web browser to forward traffic to a proxy server or directly to the destination server. Along with proxy server details there are optional and additional parameter that specify when and under what circumstances a browser forwards traffic to proxy server. Example: function FindProxyForURL(url, host) { if (shExpMatch(url, "*.google.com/*"))        return 10.10.10.1:8080;        return DIRECT' } Advantage of PAC file: PAC file can be hosted on a centralized place such as workstation, internal web server, or server outside the corporate network. Perform Load distribution Handle proxy failover. Supported by all browsers. Exceptions rules can be configured for internal or external sites. Provides critical security, ensuring that traffic is always proxied when it should be. History Original...

SANS Institute and Center for Internet Security (CIS) together with other organizations, developed the 20 Critical Security Controls (CSC) for Effective Cyber Defense. CIS Controls are not a replacement for any existing compliance framework such ISMS, NIST, CSF, PCI etc, rather it’s core building block toward any GRC journey.