Design & Build #2

By cliangNo Comments
A deployed function looks not elegant. Is this due to design problem, or deployment is not in accordance to the design? Fixing it will be costly without retrofit. Similarly, this happens to cyber protection. Protection effectiveness will be degraded or even none if improper design, or incorrectly deployed. To address this pitfall, comprehensive assessment from design, configuration check before commissioning and regular health check at O&M stage are necessary. Even if the system has not been changed, the external threat landscape has evolved and need to strengthen control to protect. ...
Read More

Access Control #3

By cliangNo Comments
Controlling cyber (or network) access is always a main concern to limit threat vectors for lateral movement once they have gained a stepping stone within the infrastructure. The physical access aspect must not be forgotten. No matter how sophiscated controls are implemented and in place, if the core equipment is exposed to access at wish, this will defeat all these cyber controls. Bear in mind that all controls are to defer the access as much as possible. There is no bullet proof solution. A comprehensive risk assessment against the target of evaluation is very important to develop effective compensating controls. ...
Read More

Anonymity

By cliangNo Comments
Privacy is a major concern nowadays. Sensitive info need to be tokenized or masked while leaving functional info unchanged during business analytic or conducting system tests. Nevertheless, a function might be uniquely provided by a particular individual within the information sample. In this case, even if the identity is masked, the functional aspect can also traced back to that particular individual. This is something like weak hashing function subject to reversible attack. This is the situation to watch out and need to voice out the limitation to data subject and data owner. ...
Read More

Life Cycle Management #2

By cliangNo Comments
Like in physical world, automation components do have life time. Example is mechanical attributes of traditional hard disk drive, they are also subject to wear-and-tear during operating life. Storage technology now uses solid state without mechanical portion, we must not forget the underlying platform and applications. Apparently they won't have wear-and-tear operating condition, but the advancement of technology adoption will introduce obsolescence of the platform and applications. From vendors perspective, they will retire products not longer fit for purposes in the market and therefore drop resources to support. Hence, even if your automation components are still operating with minimal wear and tear condition, these components will still need to be refreshed for new version, bugs / vulnerabilities fixed, continuous vendor support in order to maintain the business outcome. Proper life cycle management of the ICT/ICS components cannot be overlooked. ...
Read More

Distance

By cliangNo Comments
Keeping social distance is recommended to avoid virus infection of COVID-19 attack. Similarly, cyber distance takes the same concept to minimize or slow down cyber attack. The cyber distance is done by incorporating perimeters at multiple layers in network and applications. Don't forget the human awareness and usage behavior are the added layers too. ...
Read More

Assumption #2 (2nd topic)

By cliangNo Comments
No matter individual or enterprise, there are information stored in the cloud. The pre-requisite to use cloud is the communication line from your end point to the hosting location. Most rely the as-built cyber protections like TLS, 2-step authentication offered by the provider. No doubt, these are deemed secure. But if your information is of high value, you need to consider the appropriate level of extra layers, e.g. single tenancy, dedicated hosting location with physical access control,  further end-to-end communication encryption, database level encryption or tokenization, periodic security assessment, regular situation awareness to keep your people from being victim of spear phishing attack. All these don't mean 100% security but to demonstrate your due diligence to secure your data....
Read More

Cyber Footprint

By cliangNo Comments
We are living both in the physical and cyber worlds and these worlds are closely coupled. We have left lots of cyber footprints - posts in social media, emails to others, auto-toll road, facial recognition via video analytics by surveillance camera, RFiD cards in the pocket, cell phone IMEI with location service, electronic identity of many, purchase preference, web browsing habit, medical & education history ... not to mention those event logging.  All these can be traced back to an individual, if intended. An individual might also locate the peers from cyber world to reach out physically.  Common example is proposed contact by social network via your connected friends. Machines are also controlled by automation where these controls are "living" in the cyber world. Performance of machines are feeding back to machine learning to improve physical operational efficiency. Unless you stay in the wild completely off the grid, hunting and farming for food, using natural fuel, living in a closed & trusted community without electronic...
Read More

Penetration

By cliangNo Comments
Cybersecurity is becoming commodity skill and therefore same terminology will have different interpretation by different parties. Pick penetration test (pTest) as an example. For beginners they simply pick up automated scanner then scan the network and hosts. Whatever reported in the scanner and recommendations are their findings and that's all. A more skillful pTester will review the reported finding, validate its applicability with owner for a practical and achievable follow up before reporting. A professional pTester will go beyond further. Before engagement Understand what is the target of evaluation Advise owner the risk of doing automated scan rather than blindly perform the scan because others say so Agree on approach of execution to set expectation Agree on picking representable samples to manage resources (for both sides) Determine where to place the scanner - before or behind any network perimeter Before execution Load scanner with updated signature and agree on types of test (brute force password attack? DoS test?) Validate target node is accessible ...
Read More

Threat Hunting

By cliangNo Comments
Suddenly, new market jargon "threat hunting" is spreading around under cybersecurity domain. It is a kind of proactive measure to uncover if your environment has already been penetrated and critical info are being exfiltrated. This kind of exercise is best executed by 3rd party periodically, because: If this is due to insider threat, it won't be surfaced In-house workforce might have assumption for certain things that won't go wrong Periodic check is for assurance because the threat hunting only spots situation at a particular point in time and its past, it cannot predict the future A more holistic approach is to augment this threat hunting exercise with workforce and business process strengthening to identify vulnerabilities for effective risk reduction....
Read More

Spam

By cliangNo Comments
Everything in the world is relative. For some, spam mails are annoying and try to filter them off the mailbox as spams usually associate with unsolicited sales or phishing attack. But for others, spam are considered as valuable resources. Honeypots are setup to collect spams, analyze and understand the trend, the TTP (Tactics, Techniques, and Procedures) of phishers in order to bring up awareness and counter-measures....
Read More