Protect – Page 10 – The SECOND Advisories Limited

Deep Packet Inspection (DPI)

23rd March 201923rd March 2019 By cliangNo Comments

As cyber attacks have already moved from network layer to application tier, DPI is a must to examine contents to detect malicious intention. Some technologies (like web proxy) even break the TLS for content inspection incurring cyber threats from user perspective that https is no longer trusted to be secure. In a corporate environment Privacy is not guaranteed via a blanket statement by consent to being monitored when start using the IT facilities, e.g. displayed in logon banner. As an user, check the site certificate if issued by site owner or another party to understand if traffic is being intercepted For network in public Usually connectivity is via WLANYou have no idea what is behind the infrastructure, whether it has been maniuplated for malicious intention. So, follow the OS platform recommended public network profile upon connection -- Don't allow your device being discovered -- Disable folder sharing -- Setup another web browser without login credential saved for general web surfing -- Never use insecure...

Expectation & Limitation

19th March 201919th March 2019 By cliangNo Comments

Every technology has its own limitation. Don't just listen to Sales or look at Product Brochure. Their tactics are to highlight what are the strengths or success stories of the desirable protection scenarios and hide limitations. There are many examples of limitations quoted in previous blogs: Is network anomalies detection able to spot "missing" but not extra among "unusual" traffic from baseline profile?Is company "authorized" USB drive effective for DLP or limiting malware?Is Touch ID really secure,,, etc. Understand the technology what works and what doesn't. Set stake holders expectation for limitations and the required compensating controls. Voice these out before recommending the protection technology if really fit for adoption. ...

Retrofit

23rd February 201923rd February 2019 By cliangNo Comments

Three scenarios: (a) fix design flaw to make system secure, (b) address new vulnerabilities that are unknown before, or (c) comply with newly established regulations. There is no crystal ball to foresee (b) or (c) but for (a), this can be avoided if good practices are exercised during development stage. ...

Trust #2

18th February 201918th February 2019 By cliangNo Comments

When Internet is just launched to the consumer market, it's costly. Need to subscribe the service from your local Internet Service Provider (ISP) and connect from home via telephone line with dial-up modem. Both bandwidth and data volume are limited. Technology advancement makes the Internet become a default facility for the community. Free wi-fi hotspots and free Internet kiosks are available. The important thing to note - do you trust these platforms? Even though the providers do not have malicious intend, are these devices secured from planting malicious tools to capture sensitive information? If you need to use Internet like this, limit to just web surfing without login to search information. Always bring your own device as an integral part of your wallet when travelling. Use a VPN gateway service if possible to defeat MITM (Man-In-The-Middle) attack because certain web proxies are able to intercept TLS (Transport Layer Security, or https) traffic for content inspection. You...

Shoulder Surfing

14th February 201914th February 2019 By cliangNo Comments

No matter how the end point is secured, a careless end user will nullify all the deployed counter-measures like MDM (Mobile Device Management), Secure Access, Encryption. ...

Trust

9th February 20199th February 2019 By cliangNo Comments

When you come across a free USB socket to charge your mobile device, will you trust and use it? You never know what is behind that your mobile device will connect to. Mobile device now contains lots of "useful" information for hacker. The information ranges from personal contact, photo, notes, corporate email to saved credentials. The best is to use own charging device. ...

Real Image

6th February 20196th February 2019 By cliangNo Comments

Virtualization is great technology deployed in ICT (or even ICS). There are many merits for live system or application development but we must not forget: It is still the same platform subject to regular cyber maintenanceSame cyber protection like removing unused applications, disabling unused system services, using least privilge session to run application etc.Regular backup for recovery provision to minimize unplanned service interruption: whether conventional backup approach or real image of the virtualized environment ...

Technology

1st February 20191st February 2019 By cliangNo Comments

Technology helps avoiding mistake, operating continuously and enforcing certain outcome. However, technology is designed and deployed by human. There must be faults during the above process (that's why we have patch Tuesday or so). In the illustrated vault, it has thick door and wall. That should be strong to withstand theft, physical attack or natural disaster to secure contents stored there. If the access to vault is not well managed, then the intended protection will be void. ...

Manual Control – Rare to Find

28th January 201928th January 2019 By cliangNo Comments

Yes, it is and mostly replaced by automation which is everywhere nowadays: Be seen like car park entry/exit control, house hold appliance, lift or escalator in building Behind the scene like cruise control in vehicle, electricity transmission and distribution Automation means controls are managed and executed by components with prebuilt intelligence. Unlike ICT dealing with solely information processing, automation influences physical process or object movement. If such intelligence has fault or being manipulated maliciously, adverse consequence will be resulted. Secure by design, regular cyber maintenance and periodic assurance are necessary to sustain healthiness of the automation system for intended operations. ...

Operation Risk #2

20th January 201920th January 2019 By cliangNo Comments

Part of the critical infrastructure is in close proximity for public access. Two main types of attacks causing service interruption. Cyber attack takes advantage of launching behind the scene anywhere. Contributors for successful attack include but not limited to: Lack of cyber protection including detectionVulnerable systems and applications using configuration defaults or outdated versionInsufficient control over remote access However, the facility is also subject to physical attack because of the "weak" perimeter. Prevention is not effective but relying detection to respond, sufficient resilience to maintain service. Therefore, the asset owner needs to Firstly identify or categorize the value and impact of the asset The next is to deploy effective counter-measures and the protection focus should not be just in cyber sense though this is always hot topic exaggerated by media and mostly exploited by vendors to create FUD in convincing asset owner to adopt their solutionsPhysical security, equipment faults, general tear-and wear are equally important to consider ...