This Week in Enterprise Tech 59
From The Official TWiT Wiki
Guest: Raphael Mudge
Topic: Network penetration testing demo, Verizon won't activate the Nexus 7 LTE, Blackberry to go private, and more.
Recorded: September 23, 2013
Published: September 23, 2013
This Week in Enterprise Tech 59:
Network penetration testing demo, Verizon won't activate the Nexus 7 LTE, Blackberry to go private, and more.
- Jeff Jarvis' unable to activate Nexus 7 despite no technical prevention, Verizon has "not certified" the device for activation.
- May be the legal department causing the support block.
- Carriers would rather lease you a phone than have the consumer purchase the phone on their own, in order to get a term contract.
- Carriers are obligated to accept any device on their network, unless the device will cause issues to their network.
- Users will buy a locked device, and then move the SIM card to an unlocked device.
- FCC ruled carriers cannot charge separately for tethering (double dipping).
- Carriers also cannot restrict or deny a user solely based on network usage.
- Competition may take advantage of limiting carriers to promote their less limited network.
- Large carriers will require a large movement of users to competing carriers based on network limiting before they will change.
Blackberry Goes Private
- BBM halted due to server crash.
- Buyout offered at $9/share
- Blackberry may be easier to deploy in the Enterprise (BYOD Support)
- Blackberry Enterprise Server
- Penetration Testing tries to test technology by trying to break it.
- Metasploit is a modular collection of vetted and current tools to exploit technology vulnerabilities.
- Red team testing tries to achieve access to restricted data etc.
- Metasploit lowers the bar to secure networks, and can be automated.
- Metasploit can be used by script kitty, but is used by many professionals.
- Building a VM that matches the target system, or the system you wish to secure, can provide a safe way to PEN test.
- Finding the weakest link is often fastest.
- Weakest link is often the human (social engineering).
- Phishing attacks have to be prevented by IT (working with HR0, training employees.
- Attacks can be done both external from a network, within a network, and also from a client's workstation attacking an internal application.
- Attacks can be done on a client's running processes, so once a user has logged into their webmail, bank, etc., he attacker can open a new window on their own machine over proxy, and also use their authenticated session
- Hackers no longer want to hack just to vandalize, their are financial gains to compromise systems.
- Exploit tools supersede anti-virus/security software.
- PEN tools can test assumptions, such as, "our firewall will block xyz".
- Outside professionals can bring a different point of view to look for vulnerabilities.
Hardware & Software Mentions
- Omnialert Promo Code: TWIET
- Ad time:
- Citrix Promo Code: ENTERPRISE
- Ad time:
- Ring Central Promo Code: TWIT
- Call: (800) 543-9980
- Ad time:
- Recorded Date: September 23, 2013
- Release Date: September 23, 2013
- Log line:
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|