Technology – Page 8 – The SECOND Advisories Limited

Access Control

25th October 2018 By cliangNo Comments

In physical world, access control is done by certain barrier that this barrier will be disabled for entry by authenticated individual. The same applies in cyber world. Access control in both worlds are to manage "honest" users but not malicious users intentionally bypassing the barrier(s). The laws & regulations are the last resort to stop offenders....

FUD

21st October 201821st October 2018 By cliangNo Comments

Fear, Uncertainty, Doubt (FUD) is the tactic vendors are trying to sell you their cybersecurity solution. Typically, this is done via several stages: Share damages for cyber incidents in the public like substantial fines by the Court or huge claims from customers, loss in reputation, drop in stock price, revenue loss due to business operation interruption plus other fees like investigation, containment and recovery How your other peers are doing Market share and strength of their solution from independent analyst's ranking How their solution is able to help and protect you Certainly, having cybersecurity protection deployed is better than none but what you need to know: Limitation of the solution as there is no bullet proof protection technology Total Cost of Ownership (TCO) to operate including competent skill set and extra resources Understand how effective the protection to limit the risks and threat actors that the organization is facing because each organization has its own business priority, people and culture issues Most importantly,...

Black List, White List, Sandbox

18th October 2018 By cliangNo Comments

Malware is the key attack act in the cyber space. Black list is used in anti-malware protection, anti-spam or web site filters for blocking the bad. This will require frequent update of the black list definition because new species will evade the filter. Then we don't know what we don't know. To nail down to the scenario we know what we know, white list defines trusted components or connection and permits their execution. Examples are application white listing technology or firewall rules. So, what about something in between? This is because either white list or black list demands regular definition update for effective protection. Sandbox technology provides an isolated environment to execute and observe behaviors of codes to determine if hostile or not. The ideal solution is a combination of these technologies for best defense. Of course, this is still not 100% guaranteed to be cyber secure....

Grade of Protection

14th October 2018 By cliangNo Comments

When we deploy protection, normally it might be of civilian grade even it appears harder to break in. If attack is originated from state-level as a targeted attack, such civilian grade countermeasure won't be effective. That is why a 360 degree assessment is needed to decide threat actors, likelihood, consequence and then the corresponding countermeasures....

Zero

11th October 201821st October 2018 By cliangNo Comments

The topic can associate to many things The boundary between positive and negative value Calibration for instrumentation integrity Absolute zero (temperature) Zero-day exploit, attack One of the 2 binary digits From zero to hero Zero-trust ... The zero-trust model (or architecture) is chosen here. In cyber space with zero-trust, every component needs to be re authenticated for trust even if inside the network. This is to limit lateral movement when adversary once gains access to an insecure node. This model will reimagine the work process. Of course, to what degree applying this model will be the trade off of security and productivity plus the risks tolerated....

Improper Control

10th October 2018 By cliangNo Comments

Apparently, the control is ineffective and cannot secure the entire asset. Comprehensive assessment is required and independent 3rd party review to validate if controls are adequately deployed....

Bandwidth

9th October 2018 By cliangNo Comments

Cloud computing is popular and every organization is migrating into this platform because of almost zero lead time to provision the infrastructure without waiting for delivery, installation, configuration and commissioning. Further, manpower resource to manage the infrastructure is shifted into service provider. Of course, this refers to using Cloud outside the organization rather than an on-premise private Cloud. While Cloud computing (no matter Iaas, PaaS, SaaS) has many merits, the overlooked layer is the bandwidth from your organization to the hosting site. This is the most critical infrastructure to maintain survivability in terms of resilience and business continuity plan....

The Human Factor

8th October 2018 By cliangNo Comments

Email becomes part of our life in both cyber and physical worlds. We execute actions in physical world based on email context in cyber world. Email is an example of mixed information classification because the sensitivity is content driven. Therefore, applying protection per the highest sensitivity requirement will be the one-size-fits-all solution. Typical email technical controls are S/MIME, TLS, RMS, 2FA etc. No matter how secure the protections are applied, a negligent but legitimate business user will defeat them all. Educate the consequence of improper usage will uplift the human awareness, and becoming the first line of defense....

Backup & Recovery

7th October 2018 By cliangNo Comments

Service availability expectation is high nowadays. Customers expect everything is always up and running any time for usability. Backup for recovery becomes challenging: platform & applications, system configuration and application data are changing at different frequencies. It is necessary to formulate the backup strategy at design stage or be part of the major change to meet the recovery time objective by deploying viable technologies. GFS (Grandfather, Father, Son), or 3 generations, is still considered as the minimum set for full backup to recover the entire system at certain point in time. It's how frequent this is done and what are other business continuity activities to complement the "outdated" information....

Masquerade #2 – Mouse Over

6th October 20187th October 2018 By cliang1 Comment

Mouse over on the hyperlink will show you the intended web address to reach. Traditionally, this is used to understand what web site will be visited. However, this “defense” mindset has to be changed. The displayed link should not be trusted because it can be masqueraded. All the demo URL should be non-reachable as there are no such Domain Names registered. To limit malicious people registering my demo URL to launch real attack, the .gov gTLD is chosen. It is no harm to click below but not in other unknown sources. Click me. Are you reaching the expected "www.trusted-site.gov" as seen via mouse over?...