The report captures all essential activities undertaken by BtCIRT in the year 2018. The overall mission of BtCIRT is to enhance cyber security in Bhutan by enabling cybersecurity information coordination and establishing computer security incident handling capabilities within the country. Please click here to read the Report....
PGP for Secure Communication
Everyday thousands of otherwise sensitive information is being exchange over email or stored on disk not even realising that someone could intercept it on transit or while on rest, causing devastating consequences. Securing sensitive data in either state is imperative as attackers find increasingly sophisticated tools and techniques to compromise systems and gain access. While different tools and techniques are available that can be used to protect data in either state, encryption plays a vital role in maintaining data confidentiality. Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is...
Securing SSH
SSH is a software package that enables system administrators to securely administer their systems from a remote network with user authentication, commands, output, and file transfers being encrypted to protect against attacks in the network. While it is much more secure than common login services such as telnet, ftp, rlogin, rsh, and rcp, its default installation isn’t hardened. This advisory covers some of the hardening measures you can take to secure ssh. For details Securing SSH...
The memcached Reflection/Amplification DDoS Attack
Description Memcache is temporary data storage service used to improve the overall performance of the website by storing chunks of data in a cache. If misconfigured memcached on port 11211 UDP & TCP is used to cause reflection DOS attack (send a spoofed packet to a device and have it reflected back). Memcached allows access to the data stored in the cache without any form of authentication and the attacker can easily access data in the corresponding caches and even modify them. How to Fix: Bind the Memcache server to a particular Source IP Only. Don’t expose this service in...
Safer Internet Day 2018
Tuesday 6th of February 2018 is globally marked as Safer Internet Day 2018 with the theme: ” Create, Connect and Share Respect: A better Internet starts with you“ . Every individual internet user has a role to play in making the internet a safer space. BtCIRT encourages everyone to review following advisories at BtCIRT website and remember simple steps you as an individual cyber citizen can take to secure internet world. Protecting-Privacy-on-the-internet Browser Security Protection from Phishing Mobile Security We also recommend you to visit childnet-safer-internet-day and https://www.saferinternet.org.uk/safer-internet-day/2018 to gain insight on how to be safer online....