Technology – Page 2 – The SECOND Advisories Limited

Unnecessary Control #2

15th June 2022 By cliangNo Comments

Control must be enforceable. If control can be circumvented or bypassed, then there is no point to deploy such control. That's why we need to keep updating the system, infrastructure to sustain their effectiveness over time due to emerging threats are out. There are many examples out there in the cyber world. Attack and defense are competing each other. Once in the digital journey, allocate resources to address multiple aspects to stay secure: Collect threat intelligence and their impacts to own environmentAssess operation risks to prioritize protectionMaintain workforce competency and situation awarenessRefresh technology obsolescenceEstablish achievable and enforceable cybersecurity directives ...

Full Coverage

4th June 2022 By cliangNo Comments

Traffic camera is only deployed at risky locations to detect unsafe driving behavior but not everywhere This time, I talk about auditor instead of cybersecurity practitioner that I have come across. In an ICS audit, auditor has questioned why the deployed anomalies detection does not have full coverage of all devices. This will impose cyber risks due to malicious traffic cannot be detect early. Despite thorough elaboration with the following rationales, auditor is still not satisfied: The ICS is isolated from the Internet and not even any other peer ICSWithin the ICS, the plant units are further zoned in the network such that cyber threats are contained prohibiting lateral movement to compromise the entire ICSThe ICS is hardened with removable media lock downOutgoing process information data to other the repository in the ICS network is thru unidirectional gateway enforcing push out to avoid reverse TCP attack in the case of stateful network firewallFull coverage will have only very a small gain in detection capability...

Perimeter

9th May 20229th May 2022 By cliangNo Comments

When you move the contents to the cloud, it is above the perimeter. Even if you are pretty sure you have the dedicated cloud environment allocated, configuration issues, physical security and human factors could endanger your contents in the cloud. Cyber protections must be imposed properly: access control and management, encryption of all 3 data states (data-in-use, data-in-motion, data-at-rest) and most importantly the key management process. ...

Administrative Control

24th April 20221st June 2022 By cliangNo Comments

Certain cybersecurity practitioners insist to impose technical controls to secure the infrastructure/system. To some degrees yes, basic technical controls will prohibit human error or low skill attacks. Adding technical controls will never secure the infrastructure/system more. At some points, more controls will even degrade the security due to a number of issues: People will find ways to circumvent controls because affecting productivity (writing down complex password)New control might introduce new system weaknessExtra efforts are required to sustain the control effectiveness (upgrade, backup, other housekeeping tasks: patch, patch, patch ...) These are always the neglected elements. Sometimes, exercise administrative control will enforce discipline internally while externally relying laws & regulations. ...

Seasonal Factor

13th March 202213th March 2022 By cliangNo Comments

There are network anomaly detection technologies to alert abnormal network traffic of potential cyberattack. The pre-requisite is let the technology learn the current network traffic pattern as baseline profile. Then anything outside this profile boundary will be treated as anomalies and triggers alert. It is a great technology - no signature or definition update for zero TCO maintenance. All are self-sustained. However, the key question is how long should the technology acquire the correct baseline profile? Some vendors claim just one or two weeks suffices. Really? Even with 80/20 rule, such short duration shall generate many false alerts that eventually affecting confidence. Realistically, duration in a year for setting up the baseline profile deems necessary to fully cover the normal traffic. After all, human perception especially senior management is important for successful deployment. A KPI dashboard shall provide visibility of the value of the technology. Last but not the least, network anomalies detection is just one layer of defense. We should strengthen...

Spare Capacity

7th February 20227th February 2022 By cliangNo Comments

Roof needs to cater for extra loading due to different weather conditions Availability is one of the protection objectives in cybersecurity. When deploying new systems, the design must cater for spare capacity. Usage patterns need to be understood too as this will surge capacity demand instantaneously. Capacity refers to bandwidth, storage, processing speed. This must be estimated in the next 3-5 years with the projected growth rate plus the peak demand, setting threshold to trigger alert to resolve the capacity issue. It can be adding more storage, or archiving historical records offline, or deleting records per corporate retention policy. It is part of system management to maintain a healthy cyber environment to run business. Otherwise, business services will be interrupted. ...

We are all just prisoners here, of our own device …

2nd December 20213rd December 2021 By cliangNo Comments

The lyrics from "Hotel California": the song was recorded in 1976 and the prediction is so true Disruptive technologies and their rapid advancement have changed the way we live. With proliferation of Internet hotspot (mostly free) & powerful mobile device (smaller size, powerful processor, larger storage), now everyone is able to get connected from casual reading email, browsing the web, sharing status in social media, chatting via instant message to checking flight status, exchange rates, performing critical decision like confirming high value transactions. With so much convenience, we rely heavily on this tiny device to keep our memories (contact info, photos, reminders), credentials (digital wallet, second factor authenticator) and get connected. We can't afford to lose it nor have it malfunctioned. Otherwise, we shall be handicapped in the physical world. We are now the prisoner of our device … ...

ROAM

7th November 20217th November 2021 By cliangNo Comments

Remote Office Access Method (inspired by ISAM, VSAM in old days) has undergone significant changes over the past decades due to technology advancement. The need arises to provide better efficiency for system support especially if expertise is required from overseas. In early days, when remote access is required via dumb terminal with dial up connection, call back is required to authenticate the pre-registered phone number. With routable network, 2-factor authentication via secure token is required to permit the remote session from Virtual Private Network (VPN) connection. This requires complex pre-registration of the user identity associated with the token in generating the one-time password (OTP). The evolution continues into 2-step authentication with OTP in different form factors: SMS, apps in consumer mobile device or designated email. Enrollment becomes easier with guided self-service making admin-less. Access technology is also evolving from full tunnel VPN to split tunnel VPN through Transport Layer Security (TLS) via web browser or apps in workstation with rich desktop experience as if...

WiFi

27th October 202127th October 2021 By cliang1 Comment

Getting connected to the Internet for various activities (getting updates from email, news, social media, weather, checking maps, traffic condition etc.) becomes an expected living habit due to mature technology and well established infrastructure. This need is even more when travelling around. Free or paid Internet access is available anywhere in library, hotel, airport, café, shopping malls and even inflight. Therefore WiFi cybersecurity is a concern. I have heard criticism from a cybersecurity practitioner on a single workstation (specific business function) in getting system updates via corporate guest WiFi is insecure and the connection should be switched to a 4G/5G data plan but there is no reason behind. This appears as an irrational advice. By default, Internet isn't secure whether it's WiFi or data plan. The recommendation should provide reason why it is insecure and mostly importantly practical measure to secure. If we look at this further, the insecurity from WiFi is likely due to: The infrastructure does not impose...

Onion Approach

5th August 20215th August 2021 By cliangNo Comments

Information protection is usually via layered defence, sometimes refers as the "onion approach". In physical world, protected contents are placed inside secure facility thru multiple control points with access granularity like site level, particular zone(s) in the site, building, equipment room and cabinet before reaching the target. When things are changed accessible from network, reliance on physical access is still required but there are added controls to the cyber portion. Layered protection counterparts are: network firewall, application firewall, middleware gateway, RBAC, multi-factor authentication. Latest concept is zero-trust (ZT): user identity (and the authorized roles), request originated from which device (and platform), via trusted or untrusted network, type of application raising the request, types of contents for access, industry compliance and latest threat intelligence are all the variables in determining the permission for access. The same onion approach applies except more complexity in setting up and maintenance of these dynamic parameters. ...