Security in Obscurity

Exploiting networks with ARP Poisoning

The ARP protocol can be used by an attacker to manipulate the network traffic sent between system, July 2020

The Address Resolution Protocol (ARP) is a network protocol used by a router to map layer three IP addresses to layer two MAC addresses for systems communicating on the network. The records stored by the router are held in the form of a table (ARP table) that allows the router to more quickly identify where to send network traffic. Given the inherent trust a system will place in network equipment and the information provided by it, the ARP protocol can be used by an attacker to manipulate the network traffic sent between system.

Securing Microsoft O365: SharePoint Online (Part 3)

Securing O365 Guide: Part 3 of 3, May 2020

There are a number of services at your finger tips when leveraging Microsoft O365. From a collaboration standpoint, SharePoint Online will afford you the ability to work with both internal and external partners. When considering to leverage the service, hardening it will be key to ensure the product can be properly while reducing security risk.

Securing Microsoft O365: Exchange Online (Part 2)

Securing O365 Guide: Part 2 of 3, April 2020

When it comes to hardening Microsoft O365, Exchange Online is one common service utilized which offers you a number of security features to implement. While Microsoft may take care of the email infrastructure, the shared responsibility model will require you to consider your options in how you harden your environment. Taking advantage of these features can provide a path forward.

Securing Microsoft O365: Accessing Services (Part 1)

Securing O365 Guide: Part 1 of 3, February 2020

For many companies Microsoft O365 has afforded them the ability to not only shift their traditional on premise infrastructure to the cloud but shift entirely away from an infrastructure model to embrace a software-as-a-service (SAAS) model. And while the SAAS model and O365 specifically can greatly reduce the internal dependencies on securing your email or collaboration environment, the shared security model still does place some onus on a company to secure their O365 tenant.

Securing your iOS device

Whether you are using your mobile device for work or personal use it is important to choose equipment that is secure, November 2019

Mobile devices continue to account for a growing share of the computer market not only in the consumer space but in the business world as well. Bring Your Own Device (BYOD) policies in work environments are typical and the uses for mobile devices have expanded beyond communication and Internet access to handling confidential data such as online banking or document collaboration. Whether you are using your mobile device for work or personal use it is important to choose equipment that is secure. While the majority of the mobile market place is made up of a variety of android devices, I argue in this thought that you should consider using an iOS device when taking security into account. Additionally, beyond your equipment selection it is important to harden the OS configuration to reduce the likelihood that it can be exploited by a malicious attack.