Protect – Page 11 – The SECOND Advisories Limited

Warning Message

13th January 201913th January 2019 By cliangNo Comments

We are more cautious about warning messages in physical world to keep ourselves safe from risk of fatality. In cyber world, we should use the same attitude. If there are system warning messages (e.g. malicious files or threats detected), we have to be vigilant or refer to persons with sufficient knowledge what's about. However, be also cautious about fake messages to lure victim installing unnecessary ad-ware or even malware. It's important to maintain your computing platform with: Latest version with security patchesAnti-malware protection from known sources with sound rating from the cyber communityHost-based firewallNon-administrative rights in logon session Further, have home router to act as certain network perimeter between your computer and the untrusted Internet; if you are using mobile device, consider to subscribe cloud based proxy for protection. ...

Perimeter #2

8th January 20198th January 2019 By cliangNo Comments

Perimeter is intended to control and scrutinize access. Now, systems are interconnected and standalone system is no longer considered effective. This will then expose the attack surface. Example is port 80. You have web site for point of presence in the market. Web site needs to allow anonymous access, or the Internet surfer. Though firewall is deployed, the web port (TCP 80, 443 or whatever is required) must be opened. Attack then shifts to application like injecting malicious contents passing thru the network layer, submitting large amount of requests to slow down or corrupt the system, manipulating client side data and resubmit to back-end. Counter-measures will then require Software Secure Development LifecycleSecure configurationRegular security patches and upgradesPeriodic comprehensive assessment (indeed, some industries mandate this)Situation awareness for different types of roles involved ...

Protocol #2

5th January 20195th January 2019 By cliangNo Comments

Heartbeat is required in resilience configuration such that primary and secondary devices are constantly communicating. A question for the reader: if somehow they can't communicate, how does the infrastructure know if: The link fails, orThe counterpart is down ...

The Same I

2nd January 20192nd January 2019 By cliangNo Comments

In cyber world, this means risk. Deployed cyber components require up-keeping their healthiness, like applying security patches and updating with latest protection definition. If they remain the same as yesterday, sooner they shall get compromised causing undesirable consequence that depends on the nature of business. ...

Protocol

27th December 201827th December 2018 By cliangNo Comments

The road is clear and why are these pedestrians waiting for? This is because all road users need to observe the protocol in the road system to keep alive. Similarly, we need to observe protocol in the cyber world to keep secure. Examples are: Maintain access credential secret and renew regularlyActivate 2-step authentication if identity provider supportsBeware of emails that appear legitimate requesting for sensitive or personal informationBe alert for too good to be true rewardsAvoid using shared computers in the public that anyone can accessAvoid plugging into USB power ports in public to charge your portable devices (cell phone, tablet)etc. ...

Policies #3 (From Directive to Enforcement)

24th December 201824th December 2018 By cliangNo Comments

1. Use case Authenticate the user of parking is "Aliens" status, a yes/no decisionGrant usage durationDisclaim loss/damage responsibilities 2. Enforcement If yes: allowIf not: rejectIf violate: consequence 3. Somehow, vulnerabilities exist: Identity provider is compromised Method of authentication is circumventedResult of authentication is manipulatedBarrier to the authorized resource (parking lot) fails and being bypassed without authentication 4. Consequence: False negative: non-alien is mistaken as alien for fraudulent useFalse positive: genuine alien is mistaken as non-alien resulting into denial of service 5. Counter-measure: Protect identity providerSecure communication from end point to identity providerEnsure authentication result integrityConduct periodic system health-checkPerform regular patrol of parking lotPost terms of use and consequence of violation (e.g. tow away at vehicle owner's expense) ...

Insider

18th December 201817th June 2021 By cliang1 Comment

This is a popular topic in Board Room too. No matter how much cyber protection technologies are invested and deployed, controls always have insufficient coverage to deal with insider. According to PNNL Predictive Adaptive Classification Model for Analysis and Notification, it involves substantial data sources and derivatives to identify insider threats. This may be possible with big data but after all, who will watch the watcher? Source: PNNL - Predictive Adaptive Classification Model for Analysis and Notification: Internal Threat The line of defence shall be: Preventive controls as barrier (where technology is available and investment is justified)Detective controls as digital evidence (when events are reviewed effectively to identify offender)Administrative controls as management directives (when productive activities have higher preference over prohibitive measures)Corporate disciplinary process or contractual undertaking enforcement for offenderLaws & regulations as the ultimate deterrent ...

Insecurity

15th December 2018 By cliangNo Comments

Road system in physical world is designed for safe (secure) use - sign board, speed limit, road shoulder, proper lane separation. There is occasion insecurity taking place. There are many contributing factors such as: Adverse weather (low visibility, slippy road, hurricane) Malfunctioned equipment (vehicle) Collateral damage due to other road accidents Body condition of driver, under medical or drug influence Inexperienced or negligence drivers Similar principles apply in cyber world Untrained user or human error Failure to handle exception situation properly Unpatched system components exposing to known vulnerabilities Attack from peers nodes of connected system There is one more contributing factor: if security hasn't been integrated into design and deployment of the target system, it won't be secure....

Back Door

12th December 2018 By cliangNo Comments

Each house has its own perimeter to control entry. However behind the perimeter, they are mutually accessible at the back end. Thus, break-in to one house will allow intruder transverse to its neighbor without going thru the neighbor's perimeter. Same attack surface applies in the cyber world. Therefore, test and live environments must be segregated. The former is less cyber hygiene because it is subject to broader access by developer or vendor with loose controls....

The Race

9th December 2018 By cliangNo Comments

It's about attack and defense in the cyber space. In early days, breaking login is via password brute force attack to try every combination. Then, password settings are imposed to enforce password complexity, password history, password age, account lock out etc. Rainbow table comes into the scene. All password combinations are pre-computed into its equivalent hash to match the collected irreversible hash. Break-in is then fast. Salt and pepper are then added to the password hash as counter-measure to rainbow table. Pass-the-hash will defeat the salts as the authenticated credential is cached in memory. By installing persistent backdoor and listen to admin login, grab the hash then traverse via the network. So, the race continues. And no matter how advance the cyber protections are deployed, a negligent user with unattended login session will render all these useless. Therefore, educating user for proper discipline and usage in the cyber space is the number one defense....