cliang – Page 14 – The SECOND Advisories Limited

Big or Small

5th April 20195th April 2019 By cliangNo Comments

Cyber assets, no matter big or small, must be managed via the same practice and same maintenance regarding cybersecurity as long as they are hosted in the same ecosystem. Zoning might make certain difference but things could be broken due to many reasons. Defense-in-depth must be adopted. ...

Dormant

29th March 201929th March 2019 By cliangNo Comments

Malware nowadays is getting sophisticated - has small footprint, evade sandbox & detection, determine platform to inject the applicable payload, some even change account password, disable all network interfaces to completely lock you out. Backup is one of the mitigation means for recovery of the pre-victim state at cost of losing certain application data. The challenge is that malware might have already existed in the previous state in dormant form and the backup carries it. What should best be done? In extreme case, no Internet and even standalone with communication, no removable media and all I/O ports sealed, zero-trust of any users with all system privileges locked down, application white-listed, use kiosk mode. Imagine you are working in an organization like this. You won't be working long as the business will soon cease in such environment. And after all, who should be appointed to maintain the system that this inevitably requires root privileges. This is a risk taking consideration....

Deep Packet Inspection (DPI)

23rd March 201923rd March 2019 By cliangNo Comments

As cyber attacks have already moved from network layer to application tier, DPI is a must to examine contents to detect malicious intention. Some technologies (like web proxy) even break the TLS for content inspection incurring cyber threats from user perspective that https is no longer trusted to be secure. In a corporate environment Privacy is not guaranteed via a blanket statement by consent to being monitored when start using the IT facilities, e.g. displayed in logon banner. As an user, check the site certificate if issued by site owner or another party to understand if traffic is being intercepted For network in public Usually connectivity is via WLANYou have no idea what is behind the infrastructure, whether it has been maniuplated for malicious intention. So, follow the OS platform recommended public network profile upon connection -- Don't allow your device being discovered -- Disable folder sharing -- Setup another web browser without login credential saved for general web surfing -- Never use insecure...

Expectation & Limitation

19th March 201919th March 2019 By cliangNo Comments

Every technology has its own limitation. Don't just listen to Sales or look at Product Brochure. Their tactics are to highlight what are the strengths or success stories of the desirable protection scenarios and hide limitations. There are many examples of limitations quoted in previous blogs: Is network anomalies detection able to spot "missing" but not extra among "unusual" traffic from baseline profile?Is company "authorized" USB drive effective for DLP or limiting malware?Is Touch ID really secure,,, etc. Understand the technology what works and what doesn't. Set stake holders expectation for limitations and the required compensating controls. Voice these out before recommending the protection technology if really fit for adoption. ...

Point of Attraction

27th February 201927th February 2019 By cliangNo Comments

Everything has multiple perspectives. A point of attraction could become the point of attack. Example is setting up web site for presence in the cyber world. The business people wish to have high hit rates of the web site to enhance brand visibility, collect surfer behaviors for analytics, thus pushing the right level of promotion and adjust market strategy. All these are to prove the ROI for web site TCO. The technical people wish to lock down the web site to avoid being defaced or being planted with malicious codes for persistent threats. All these will inevitably affect certain functionalities or incurred extra cost. Such investment is to prove avoidance cost rather than ROI because people generally expect cyber secure - rather than by investing $X, $Y will be gained. Bridging the gap will require cyber governance at the top level to set out cyber directives within an organization, resolve issues and have a final say for conflicts arising,...

Retrofit

23rd February 201923rd February 2019 By cliangNo Comments

Three scenarios: (a) fix design flaw to make system secure, (b) address new vulnerabilities that are unknown before, or (c) comply with newly established regulations. There is no crystal ball to foresee (b) or (c) but for (a), this can be avoided if good practices are exercised during development stage. ...

Trust #2

18th February 201918th February 2019 By cliangNo Comments

When Internet is just launched to the consumer market, it's costly. Need to subscribe the service from your local Internet Service Provider (ISP) and connect from home via telephone line with dial-up modem. Both bandwidth and data volume are limited. Technology advancement makes the Internet become a default facility for the community. Free wi-fi hotspots and free Internet kiosks are available. The important thing to note - do you trust these platforms? Even though the providers do not have malicious intend, are these devices secured from planting malicious tools to capture sensitive information? If you need to use Internet like this, limit to just web surfing without login to search information. Always bring your own device as an integral part of your wallet when travelling. Use a VPN gateway service if possible to defeat MITM (Man-In-The-Middle) attack because certain web proxies are able to intercept TLS (Transport Layer Security, or https) traffic for content inspection. You...

Shoulder Surfing

14th February 201914th February 2019 By cliangNo Comments

No matter how the end point is secured, a careless end user will nullify all the deployed counter-measures like MDM (Mobile Device Management), Secure Access, Encryption. ...

Trust

9th February 20199th February 2019 By cliangNo Comments

When you come across a free USB socket to charge your mobile device, will you trust and use it? You never know what is behind that your mobile device will connect to. Mobile device now contains lots of "useful" information for hacker. The information ranges from personal contact, photo, notes, corporate email to saved credentials. The best is to use own charging device. ...

Real Image

6th February 20196th February 2019 By cliangNo Comments

Virtualization is great technology deployed in ICT (or even ICS). There are many merits for live system or application development but we must not forget: It is still the same platform subject to regular cyber maintenanceSame cyber protection like removing unused applications, disabling unused system services, using least privilge session to run application etc.Regular backup for recovery provision to minimize unplanned service interruption: whether conventional backup approach or real image of the virtualized environment ...