Technology

Stepping Stone

20th June 2019 By cliangNo Comments

Systems and components are connected in the cyber space. Some have misconception that my setup are for development, or its failure does impose significant impacts, why do I bother to secure it? Because if these systems or components are insecure, they could be deployed as gateway for hacker to penetrate into other internal infrastructure. This lateral network movement contributes to many high profile data breach incidents. Other infrastructure/facilitiy elements are often mostly neglected, e.g. UPS, CRAC (Computer Room Air Conditioner), BMS, IP-camera, IP-KVM etc. As long as they are connected in your network, you should care....

Network

18th May 2019 By cliangNo Comments

Network exists in both physical and cyber worlds. Both have physical portion and content portion. Even in cyber perspective, both the physical media and the info exchange are required to protect but most focus is on the content part. If the adversary is able to access network equipment physically, then all those secured configuration will become insecure. Therefore, in any security assessment, physical aspect must not be forgotten....

Born or Made

1st May 2019 By cliangNo Comments

Cybersecurity vulnerabilities are broadly categorized into 2 types: [a] Inherent weakness in the component, protocol (e.g. PLC, ftp) that is insecure by design [b] Improper deployment causes a secure component (e.g. FIPS-140-2 Level-4 certified crypto module) into insecure due to lack the required surrounding elements (likely broken business process or human negligence) Type [a] can be overcome at time of procurement to specify requirement. Type [b] can be identified via vulnerability assessment of the deployed solution in people, process and technology perspectives...

Big or Small

5th April 20195th April 2019 By cliangNo Comments

Cyber assets, no matter big or small, must be managed via the same practice and same maintenance regarding cybersecurity as long as they are hosted in the same ecosystem. Zoning might make certain difference but things could be broken due to many reasons. Defense-in-depth must be adopted. ...

Deep Packet Inspection (DPI)

23rd March 201923rd March 2019 By cliangNo Comments

As cyber attacks have already moved from network layer to application tier, DPI is a must to examine contents to detect malicious intention. Some technologies (like web proxy) even break the TLS for content inspection incurring cyber threats from user perspective that https is no longer trusted to be secure. In a corporate environment Privacy is not guaranteed via a blanket statement by consent to being monitored when start using the IT facilities, e.g. displayed in logon banner. As an user, check the site certificate if issued by site owner or another party to understand if traffic is being intercepted For network in public Usually connectivity is via WLANYou have no idea what is behind the infrastructure, whether it has been maniuplated for malicious intention. So, follow the OS platform recommended public network profile upon connection -- Don't allow your device being discovered -- Disable folder sharing -- Setup another web browser without login credential saved for general web surfing -- Never use insecure...

Expectation & Limitation

19th March 201919th March 2019 By cliangNo Comments

Every technology has its own limitation. Don't just listen to Sales or look at Product Brochure. Their tactics are to highlight what are the strengths or success stories of the desirable protection scenarios and hide limitations. There are many examples of limitations quoted in previous blogs: Is network anomalies detection able to spot "missing" but not extra among "unusual" traffic from baseline profile?Is company "authorized" USB drive effective for DLP or limiting malware?Is Touch ID really secure,,, etc. Understand the technology what works and what doesn't. Set stake holders expectation for limitations and the required compensating controls. Voice these out before recommending the protection technology if really fit for adoption. ...

Trust #2

18th February 201918th February 2019 By cliangNo Comments

When Internet is just launched to the consumer market, it's costly. Need to subscribe the service from your local Internet Service Provider (ISP) and connect from home via telephone line with dial-up modem. Both bandwidth and data volume are limited. Technology advancement makes the Internet become a default facility for the community. Free wi-fi hotspots and free Internet kiosks are available. The important thing to note - do you trust these platforms? Even though the providers do not have malicious intend, are these devices secured from planting malicious tools to capture sensitive information? If you need to use Internet like this, limit to just web surfing without login to search information. Always bring your own device as an integral part of your wallet when travelling. Use a VPN gateway service if possible to defeat MITM (Man-In-The-Middle) attack because certain web proxies are able to intercept TLS (Transport Layer Security, or https) traffic for content inspection. You...

Real Image

6th February 20196th February 2019 By cliangNo Comments

Virtualization is great technology deployed in ICT (or even ICS). There are many merits for live system or application development but we must not forget: It is still the same platform subject to regular cyber maintenanceSame cyber protection like removing unused applications, disabling unused system services, using least privilge session to run application etc.Regular backup for recovery provision to minimize unplanned service interruption: whether conventional backup approach or real image of the virtualized environment ...

1st February 20191st February 2019 By cliangNo Comments

Technology helps avoiding mistake, operating continuously and enforcing certain outcome. However, technology is designed and deployed by human. There must be faults during the above process (that's why we have patch Tuesday or so). In the illustrated vault, it has thick door and wall. That should be strong to withstand theft, physical attack or natural disaster to secure contents stored there. If the access to vault is not well managed, then the intended protection will be void. ...

Manual Control – Rare to Find

28th January 201928th January 2019 By cliangNo Comments

Yes, it is and mostly replaced by automation which is everywhere nowadays: Be seen like car park entry/exit control, house hold appliance, lift or escalator in building Behind the scene like cruise control in vehicle, electricity transmission and distribution Automation means controls are managed and executed by components with prebuilt intelligence. Unlike ICT dealing with solely information processing, automation influences physical process or object movement. If such intelligence has fault or being manipulated maliciously, adverse consequence will be resulted. Secure by design, regular cyber maintenance and periodic assurance are necessary to sustain healthiness of the automation system for intended operations. ...