21 April 2017 at 1:13pm
The popularity of software-as-a-service (SaaS) applications presents challenges for successful e-mail delivery. The application provider takes on the responsibility for supporting e-mail infrastructure, and as a customer you have a lack of traditional hands-on control of e-mail processing, routing and controls.
16 February 2017 at 3:22pm
Organisations connecting to Janet are required to implement three policies: the Eligibility Policy determines who may be given access to the network; the Security Policy sets out responsibilities for protecting the security of the network and its users; the Acceptable Use Policy identifies a small number of act
31 August 2016 at 2:12pm
The Board of European Regulators of Electronic Communications (BEREC) have now released the final version of their net neutrality guidelines, following a public consultation that received nearly half a million responses. These seem to have resulted in clarifications of the draft version, rather than any significant change of policy.
11 August 2016 at 2:31pm
You may have noticed the quiet appearance of ISO 27001 (and ISO 9001!) logos on our website – a few weeks ago our information security management system was successfully certified against ISO/IEC 27001:2013 for the following Trust and Identity services.
5 July 2016 at 8:32am
A new EU law, created earlier this year, requires public network providers to ensure "network neutrality" – roughly, that every packet be treated alike unless there are legitimate reasons not to.
16 June 2016 at 11:00pm
At the FIRST conference, James Pleger and William MacArthur from RiskIQ described a relatively new technique being used to create DNS domain names for use in phishing, spam, malware and other types of harmful Internet activity. Rather than registering their own domains, perpetrators obtain the usernames and passwords used by legitimate registrants to manage their own domains on registrars' web portals.
14 June 2016 at 10:50am
Information sharing is something of a holy grail in computer security. The idea is simple enough: if we could only find out the sort of attacks our peers are experiencing, then we could use that information to protect ourselves. But, as Alexandre Sieira pointed out at the FIRST conference, this creates a trust paradox.
1 April 2016 at 4:25pm
The slides from our Networkshop session on Learning from Software Vulnerabilities are now available. All three talks showed how managing the process of finding, reporting and fixing vulnerabilities can improve the quality of software and the security of our systems.
12 August 2015 at 2:52pm
Recently I had a thought-provoking discussion on Twitter (thanks to my guides) on the practice of setting your users phishing tests: sending them e-mails that tempt them to do unsafe things with their passwords, then providing feedback. I've always been deeply ambivalent about this. Identifying phishing messages is hard (see how you do on OpenDNS's quiz), and creating "teachable moments" may well be a good way to help us all learn.
25 March 2015 at 8:51am
E-infrastructures are large computer systems with considerable processing and storage capacity and in some cases, holding valuable or sensitive data. They are therefore likely to be attractive targets for attackers with a wide range of motivations. However, to support international research, e-infrastructures must be accessible to users located anywhere on the Internet. In many cases users will upload and run their own software or virtual machines and exchange large volumes of data over high-speed networks.
Subscribe to security