I feel like there's always been a bit of confusion when it comes to GRE and IPsec tunnels. Questions like when to use them and which was more secure are brought up frequently. Hopefully this article clears up any confusion on the differences between these two frequently used tunneling methods.
Pages
Friday, December 30, 2016
Wednesday, December 28, 2016
Vetting Out Cloud Apps Like A Pro
Putting your data in the cloud isn't an excuse to be lazy about security. The cloud makes things flexible, but it doesn't mean you skimp on security. When moving systems, applications or data into the cloud we still need to perform our due diligence to protect our assets.
Here's an article I wrote describing a few methods to vet out cloud applications before it becomes a security afterthought.
Here's an article I wrote describing a few methods to vet out cloud applications before it becomes a security afterthought.
Tuesday, December 27, 2016
Establishing A Data Protection Committe
Data security and privacy are major concerns now within enterprises and creating a data protection committee is a way to establish responsibility, strategic direction and member buy-in throughout the organization. Developing a data protection committee and brining in members from deep within the company will assist with getting insight into security concerns you might have initially overlooked.
Here's an article I wrote for CloudPassage describing the creation of a data protection committee in greater detail.
Here's an article I wrote for CloudPassage describing the creation of a data protection committee in greater detail.
Friday, December 23, 2016
What is fuzzing and why do I need it?
Fuzzing is my new favorite word and not just because it's fun to say! Fuzzing is a method used in software testing that allows for automated, or manual, techniques to input invalid, random and unexpected data in a program to see if it can generate errors. These errors can be either functional or security related and using fuzzing techniques helps develop code that's more stable and secure.
Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.
Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.
Thursday, December 22, 2016
Post Exploit Visibility
Great article from Efflux Systems discussing post-exploitation, eliminating blind spots and improving security operations via correlation and automation. There's been a lot of talk about this subject lately and they bring a good perspective to the conversation.
It's worth a read!
It's worth a read!
Wednesday, December 21, 2016
Open Season - Building Syria's Surveillance State - Privacy International
Once again, here's some great work done by "Privacy International" revealing the Syrian governments repressive surveillance state. The report dives into how they perform surveillance, the middlemen involved and how the Assad regime has used technology as a weapon against their own people.
As the report mentions, "The lead up to the Arab Spring was open season for surveillance companies - they provided technologies to eager government clients widely know to be publicly engaged in repression." Seeing the tragedy of Aleppo unfold in the media, it's hard to believe how these surveillance companies sleep at night.
Take a look at the report here: https://privacyinternational.org/sites/default/files/OpenSeason.pdf
As the report mentions, "The lead up to the Arab Spring was open season for surveillance companies - they provided technologies to eager government clients widely know to be publicly engaged in repression." Seeing the tragedy of Aleppo unfold in the media, it's hard to believe how these surveillance companies sleep at night.
Take a look at the report here: https://privacyinternational.org/sites/default/files/OpenSeason.pdf
A Look Back at 2016
Here's an article I contributed to for Tripwire tying up the some of the biggest items of the year. Lots of other really good contributors on here too.
Friday, December 9, 2016
Into the Abyss - What is Upstream Surveillance?
This is infographic made by the ACLU on "Upstream Surveillance". You can read the article in it's entirety here.
Wednesday, December 7, 2016
CLDAP DDoS Amplification is a Thing
Just about any protocol, if not protected properly, can be abused my attackers. We've see this recently with CLDAP being used in DDoS amplification attacks across the internet. In this article, I explain what DDoS amplification is and why leaving unneeded services on the internet provides attackers ammunition to quickly launch attacks against their victims. With any amplification DDoS, attackers rely on insecure, misconfigurationed or unpatched systems sitting on the public internet to be used as a weapon in their assault. At this point, our negligence in using technology properly (patching and configuration) becomes an enabler for attackers looking to abuse them for their own gain.
Monday, December 5, 2016
What happens after a malicious link is clicked?
Most security teams are focused on how to stop people from clicking malicious links, which they should be, but I don't see enough thought on what should be done after a link has been clicked. Yes, we need to spend time implementing tools that will help prevent "click happy" people, but we also need to prepare for the inevitable. Seriously, it's going to happen and it won't stop anytime soon.
So, in this article I wrote for SearchSecurity I go over a few areas we should be thinking about after a malicious link has been clicked. I think it's equally important to know how to react to these situations as it is implementing technology that will prevent it. It's a big deal.
So, in this article I wrote for SearchSecurity I go over a few areas we should be thinking about after a malicious link has been clicked. I think it's equally important to know how to react to these situations as it is implementing technology that will prevent it. It's a big deal.
Friday, November 11, 2016
Tuesday, November 8, 2016
Change the candidates by changing the process
In order to establish change in a nation we need to bring solutions to issues, not complaints. During the 2016 election cycle I’ve heard more gripping about the available candidates then I’ve ever heard during any other previous Presidential election. The reason citizens are voting today isn’t because they think their candidate will serve this country with respect, but because they're scared of the “other” candidate winning. People are no longer voting for candidates of quality, but being pushed to vote in fear that a candidate they dislike less will be elected. When we cast our ballot for the lesser of two evils we’re still voting for evil. That’s what people don’t seem to realize when they state this logic.
Anyway, that’s the issue, but we’re not here to just
complain without action. What can we do in order to fix this this? In my
opinion we need more transparency with the government. I think we’ve seen many
candidates promoted based of wealth and being part of an already established
agreement. With the release of documents by WikiLeaks we saw just how much of
this was true within the Democratic party. When your own party leadership has to
resign due to back channel deals being made to promote one candidate and suppress
another it removes democracy from the people. When a candidate can make crude claims
you don’t agree with personally, but it’s the party you voted for in the past
and you’re now feeling remorse about your available options; we have a problem as a nation. This is what many Americans
feel right now and it these two candidates that will receive the majority of the
votes during this election.
In order to add more transparency to this process and to
bring about change from the people, I think we should add an additional voting option. I’ve
heard many people say this election that they’re not only upset about the candidates,
but so annoyed with the options they’re not voting. This is the type of
outrage that our government needs to hear by the casting of ballots, but when
your protest vote doesn’t get recorded how do you bring about change?
What if, this is hypothetical here, we had the option to
vote “abstain” on the ballot? Many people will abstain from voting and not vote
in protest, but what if your protest vote was tallied and recorded? We’ve tried
to start other parties and this hasn’t really taken with the majority of Americans
in a two party system, but if there was an option to vote your displeasure with
the available candidates it might assist with getting better party nominees.
Too many people feel the need to vote for anyone within their party, but this
allows you to go outside it. The need for additional parties would be a welcome
change, but having the option to show recorded protest is another I find very
interesting.
Now you’re probably saying, “So what, you’re just taking a
vote away from a candidate. Who cares?” Well what if we had enough people vote
in this manner that the majority of the people “abstained” from selecting an
available candidate? If these states or even the country isn’t satisfied with
them we have it pushed to the House to vote on like they would do if a
candidate doesn’t reach the 270 electoral votes. This of course isn’t perfect,
but it’s an option and it gives transparency to the voting process and allows candidates
to be held responsible. Essentially, this gives the power back to the people,
not the party.
I’d be very interested in your thoughts.
Wednesday, October 26, 2016
The Digital Defenders: Privacy Guide for Kids (Comic)
Check out EDRi's "Digital Defenders guide on privacy". It's a comic directed towards kids about the benefits of privacy and security. It goes into privacy on social media, password security, smartphones and even how to use Signal and Tor all throughout a well drawn comic. Overall, this is an awesome piece of work that drives home a great message to children.
If possible, please donate to their cause here: Donations.
If possible, please donate to their cause here: Donations.
Tuesday, October 25, 2016
Threat Intelligence Sharing Should Start at the Top
How many vendor phone calls do you dodge every day? One of the most consistent calls that I receive is from
vendors selling the latest, greatest “Threat Intelligence” product. If you are not familiar with threat
intelligence, it is the aggregation of suspicious or known malicious information
from multiple sources around the world.
This information is then used to warn subscribers of the impending
threats. It is a way for a subscriber of
a particular service to achieve “actionable intelligence” about an impending
threat. Sounds neat!
However, I have heard at least one brave webcaster declare
that threat intelligence is a steaming pile of dung. This is a bold statement
in a world that seems over-run with constant news of cyber-attacks and an even
louder tocsin by the public about the urgency to stop it.In a recent meeting with a threat intelligence provider, I
too am starting to hold my nose when I am given the pitch about threat
intelligence.Most of the threat intelligence vendors will proudly speak
of information sharing, that is, when they see a pattern of malicious traffic
forming against one of their clients, they will share that information amongst
the threat intelligence feed to their other clients.
We are all aware by now of the unprecedented DDoS attack
against Brian Krebs In mid- September. This
attack was the largest DDoS ever witnessed on the internet; traffic clocked at
620Gbps was aimed at Brian Krebs’ server. We all felt threatened that such an attack could be so
easily carried out by using all of the unsecured IoT devices out there. We were all equally shocked at Akamai’s
initial response to dump Brian, yet we understood the difficult business decision
that they had to make to protect their paying customers.
So, why am I all of a sudden holding my nose about threat
intelligence? A vendor was demonstrating
their “superior threat intelligence product” and part of their presentation
included a boastful commentary about how they saw the attack against Krebs
forming before it took place. Their excellent intelligence gathering
capabilities allowed them to see the attack against Akamai in formation.
Allow that to sink in for a moment.
Here are some questions for that vendor: Are you actually
boasting that you stood idly by when you witnessed the formation of the
greatest attack to date against the entire internet?
And this model you are selling derives its power from
information sharing?
The incongruence of ideology here is somewhat baffling. Sort of like boasting about your superior
powers in space defense, yet when an asteroid, capable of an extinction-level
event is heading towards the planet, you chose to stand by because it will not
impact your country. What is the logical
or ethical sense of that?
I understand business decisions, and how sharing with a
competitor is generally considered a poor business decision, but if threat
intelligence companies won’t share their information with another intelligence
company in the greater interest of the preservation of the internet, why should
they expect anyone to subscribe to their sharing and intelligence service? Threat intelligence sharing should start at the top.
Guest Author: Art Logan
Monday, October 24, 2016
Lessons Learned from the DynDNS DDoS
As everyone probably knows, DynDNS was recently hit by a massive DDoS
which in turn caused large sites to be either nonresponsive or extremely
sluggish. Dyn DNS was hosting records for these organizations when an
application layer SYN flood attack against their DNS service brought them to
their knees. The attack caused legitimate DNS requests for these sites to be
“lost in the mix” with a steady flow of garbage requests saturating Dyn's DNS service. After watching the attack play out, I had a few thoughts on the
subject I’d thought I’d share.
I’ve personally fought DDoS attacks in the past and they’re not
fun. To be bluntly honest, they’re a pain in the butt. Many times they come out of nowhere and it’s
an all hands on deck situation when the flood starts. But after seeing the
recent attacks on Krebs, OVH and now Dyn, it seems that everyone on Twitter has
recently become a DDoS expert. It takes some skill and most importantly
experience when dealing with DDoS attacks, so let’s not take this subject
lightly. We need to learn from our mistakes and the incidents of others to
achieve the best security we can possibly offer. Let’s not just start being a
Twitter warrior with nothing to back it up. Okay, I feel better now.
This being said, now that we all know DDoS is a huge issue
(because the media doesn’t lie, of course!) those who work in the security
field can’t plead ignorance anymore. Just because your industry doesn’t
normally see DDoS attacks doesn’t mean they won’t pop up and smack you in the
face now. With the tools and vulnerable systems to create massive botnets we
might only be seeing the beginning of what’s in store. Everyone in charge of
security needs to start the process of creating a DDoS runbook today. This
needs to become a table top within your incident response plan. Incident
handlers and groups outside of security need to understand how to handle DDoS
attacks when they occur. The last thing you want is an attack to occur without
any preparation. The Dyn DNS team did a great job explaining to the public how
the attack was being handled and gave frequent updates through this site: www.dynstatus.com. This is
important during an attack that knocks you off the grid. Communication is key
during this time, especially to your customers.
Another thing to consider is how a DDoS attack will be mitigated.
With attacks cranking in at over 1Tbps there is no on-premise DDoS mitigation
appliance in the world that’s going to handle the load right off the bat. Not
only will they not physically handle the load, but the ISP’s will have issues
fulfilling traffic of this magnitude. The current infrastructure just isn’t
designed to handle this amount of traffic traversing its network. The best
method of mitigating these services isn’t with onsite DDoS appliances, but with
cloud providers like Akamai (formerly Prolexic), Cloudflare, or Google Jigsaw.
They’ve positioned their network to be resilient, with multiple scrubbing
centers throughout the world to absorb and filter the malicious traffic as close
to the source as possible. By using anycast and having traffic from customers
directed to them via BGP, these cloud providers make sure they don’t become a bottleneck
and allow customers to receive large amounts of bandwidth via proxy. I
personally feel this is the only way to efficiently defend against the volumetric attacks we’ve seen this past month. Also, Colin
Doherty was announced as the new CEO of Dyn this October 6th. He was
the former CEO of Arbor Networks (a company selling and specializing on premise
DDOS solutions). I don’t know if this had anything to do with the situation,
but it’s interesting. If anything, hopefully his experience in the industry
helped with the mitigation.
For the cloud providers who are absorbing and mitigating DDoS
traffic on their networks, they’re going to have to expand their available
bandwidth quickly. Many cloud based DDoS mitigation providers need to have
bandwidth increased by a certain percentage each time they see an attack
increase. They all want to be a particular percentage higher than the largest
DDoS attack on record. This is because they too have to scale towards the attacks
as they come in. They’re not only dealing with the one large attack occurring
today, but possibly three more like it tomorrow at the same time. These
providers need to keep a close eye on bandwidth utilization and attack size
monthly to keep up with the growing botnet sizes.
I’m not sure what happened with the Dyn DNS attack from a
mitigation standpoint, but it’s a good opening for customers to start speaking with
their third party vendors on incident response; especially on DDoS. Many third
parties say they have DDoS prevention, but how? Is it home grown? On-premise?
In the cloud? These questions need to be answered. Also, if a DDoS hits a SAAS provider will all
clients go down? These and similar questions need to be asked of your cloud
providers to validate your hosted services will be available when needed.
IoT will continually be an issue going forward when it comes to
DDoS. I don’t see anything in the near future putting a stop to the abuse of
IoT systems on the internet. In Brian
Krebs latest article he mentions Underwriters Laboratories and how they’ve been
used in the past to become a sign of approval for devices going to market in
the electronics field. I think there does have to be something similar in the
future that assist with reviewing the code of appliances before being put onto
the internet. At this point I’d settle for standard OWASP top 10 type scans,
but would to see static analysis testing done for vulns. I don’t know how this
will work with systems overseas, since most of the Miria botnet infected DVR
and IP cams from a Chinese company named XiongMai Technologies. Either way, we
need to at least follow standard security practices of password management,
patching and secure coding when it comes to IoT devices. This isn’t rocket
science, especially when many of these systems were using default hardcoded
passwords and being logged remotely with telnet. Sigh.
My concern with botnets of this size is that someone’s going to
create multiple IoT botnets quietly and unleash something with traffic limits
that can’t be stopped. There are other vulnerable IoT systems on the web which
will eventually be found, but what if this time they weren’t used right away.
What if the creator keeps finding other vulns in different systems and ends up
with a botnet-of-botnets with enough power to overwhelm even the largest DDoS
cloud providers. Now take this a step further: What if this was then used for
political or terrorism? I know this
sounds like fear mongering, but it’s a valid concern. In this case, people
would die or be hurt in the process. This is a concern of mine with the amount
of insecure IoT devices being connected to the internet today. It might seem
farfetched, but it’s no longer outside the scope of reality. The Miria botnet
was seen as being used in the Dyn DNS attack (by Flashpoint, L3 and Akamai),
but it seems that there were other systems being controlled in the botnet too. It
just seems that there a never-ending pool of IoT devices that attacker can
select form at this point.
As of right now I haven’t seen any official motive for the attack,
but there doesn’t always have to be one. I saw people mention that it’s a test
for the Unites States election, WikiLeaks took credit for it due to America
pulling Assange’s internet, internet activists blaming Russia, etc. Either way,
everyone in security needs to be prepared for these attacks and if you’re not
already planning now, at least start thinking about it. We’re no longer given
the luxury of being comfortably numb.
Tuesday, October 18, 2016
WikiLeaks and the Dead Man's Code
No matter how you personally feel about Julian Assange and his organization Wikileaks, the silencing of his internet access is a clear attempt into pressuring him not to release the information he's in possession of. At this point, the cutting of his internet in the Ecuadorian embassy seems to be the action of a state actor who's attempting to quite WikiLeaks. I think it would foolish to think that this would stop WikiLeaks from moving on with their mission of transparency and is more of a power move by those concerned about what he might have.
WikiLeaks as an organization has proven to be resilient against attacks in the past (either by the financial blockade of denying VISA, Mastercard and PayPal the ability to process donations flowing to their site, Amazon dropping them off their service, constant DDoS attacks against their site, etc), but this particular attempt was more personal. I'm not sure what the mindset was of removing his internet access, but I would have to think those who orchestrated this outage would know he'd have contingency plans in effect for something of this nature.
Yesterday there were multiple tweets from the WikiLeaks Twitter account which people called a "Dean Man's Code". This started rumors that Assagne had been killed and that these were decryption codes for sensitive information about to be released. They have since been deleted, but are being considered per-commitment codes or a way to prove authenticity of any downloads of the dumps of documentation WikiLeaks has in their possession. After his latest dumps against Hilary Clinton there has been rumors that the documents were being edited, or that they were fake. Maybe this is Wikileaks attempt to validate them before being downloaded.
Either way, it's a difficult place for both parties involved. Assange has been holed up in the embassy for years and is supposedly in bad health. For someone that contains potential damaging information against another party it would be dangerous to think he'd be pressured into following along. He's cornered right now and that makes him even more dangerous to his opposition.
It's should also be mentioned that WikiLeaks only publishes what they're given. There's a fair amount of editing down to the documents themselves, but they're being given to this organization because people feel the need to shed light on what they deem inappropriate behavior. If there's damaging information to people within these leaks it wasn't this group that went out and "stole" them, they were given the documents and WikiLeaks has made it their duty to attempt to bring transparency to a situation they deem important.
We need to consider all things in perspective when thinking about WikiLeaks. Many people don't like the organization because of Assange's ego, the way they seem to be attacking certain individuals, or the damage to a group these documents may shed. At the end of the day it's my opinion that by trying to intimidate WikiLeaks into going quite also intimidates whistleblowers from having a voice. This in my opinion, is bigger than Julian and Hiliary's ego combined. There needs to be a place people can alert of wrong doing (after multiple attempts to take make the problem known through standard channels) and for the time being that place seems to be WikiLeaks.
WikiLeaks as an organization has proven to be resilient against attacks in the past (either by the financial blockade of denying VISA, Mastercard and PayPal the ability to process donations flowing to their site, Amazon dropping them off their service, constant DDoS attacks against their site, etc), but this particular attempt was more personal. I'm not sure what the mindset was of removing his internet access, but I would have to think those who orchestrated this outage would know he'd have contingency plans in effect for something of this nature.
Yesterday there were multiple tweets from the WikiLeaks Twitter account which people called a "Dean Man's Code". This started rumors that Assagne had been killed and that these were decryption codes for sensitive information about to be released. They have since been deleted, but are being considered per-commitment codes or a way to prove authenticity of any downloads of the dumps of documentation WikiLeaks has in their possession. After his latest dumps against Hilary Clinton there has been rumors that the documents were being edited, or that they were fake. Maybe this is Wikileaks attempt to validate them before being downloaded.
Either way, it's a difficult place for both parties involved. Assange has been holed up in the embassy for years and is supposedly in bad health. For someone that contains potential damaging information against another party it would be dangerous to think he'd be pressured into following along. He's cornered right now and that makes him even more dangerous to his opposition.
It's should also be mentioned that WikiLeaks only publishes what they're given. There's a fair amount of editing down to the documents themselves, but they're being given to this organization because people feel the need to shed light on what they deem inappropriate behavior. If there's damaging information to people within these leaks it wasn't this group that went out and "stole" them, they were given the documents and WikiLeaks has made it their duty to attempt to bring transparency to a situation they deem important.
We need to consider all things in perspective when thinking about WikiLeaks. Many people don't like the organization because of Assange's ego, the way they seem to be attacking certain individuals, or the damage to a group these documents may shed. At the end of the day it's my opinion that by trying to intimidate WikiLeaks into going quite also intimidates whistleblowers from having a voice. This in my opinion, is bigger than Julian and Hiliary's ego combined. There needs to be a place people can alert of wrong doing (after multiple attempts to take make the problem known through standard channels) and for the time being that place seems to be WikiLeaks.
Monday, October 17, 2016
OpenSSL vulnerabilities allow DDoS-attacks
On
September 22nd,
2016 OpenSSL announced the elimination of more than a dozen
vulnerabilities in it's cryptographic library. Among the bugs was a
mistake which
allowed attackers to carry out DoS-attacks within their software.
What's the problem
OpenSSL is a popular
open-source cryptographic library which allows for the creation of encrypted internet
connections using SSL or TLS. It's also used by the vast majority of websites and networks today. A
critical
vulnerability (CVE-2016-6304) is contained in OpenSSL versions 1.0.1,
1.0.2
and 1.1.0 and has been fixed in the new versions 1.1.0a, 1.0.2i b 1.0.
The vulnerability within these older versions lies in the fact that in
successive TLS renegotiations, the server doesn't release the memory
allocated
for one of the TLS protocol extensions - status request, but
"frays" a pointer to it, essentially causing a memory leak.
TLS
Renegotiations -
a mechanism that allows a client or server to change TLS connection
settings on the fly without interrupting the current session. The
parties
exchange Hello messages and certificates as in conventional handshakes,
but in here it uses an already established secure channel. A status
request extension assists with speeding up the server certificate status
checking, if the latter provides a
mechanism OCSP Stapling. By abusing this method, an attacker
can cause a memory leak each time a TLS renegotiation is requested. The size
of the memory leak ranges from 16 to 64 kilobytes (depending on the version of
OpenSSL in use).
A little background on OCSP (Online
Certificate Status Protocol) - This protocol is supported by all modern web browsers, it's designed to ensure verification of the digital certificate
installed on the site. OCSP
is divided into
both client and server responsibilities. When an application or a web browser
attempts SSL-certificate validation the client sends a HTTP-request to
an online
database which returns the status of the certificate. However, to speed
up the
validation mechanism for the client, the server itself can access the
OCSP
servers and then return the OCSP responses to the client within the
handshake step.
This mechanism is called OCSP stapling and allows the customer to avoid
the
waste of resources to appeal to the OCSP servers.
That's
not all
The OpenSSL
Foundation security bulletin from September 22nd also describes another vulnerability
CVE-2016-6307 (it has a low priority vulnerability rating). An error in the code library
version 1.1.0 could allow an attacker to carry out DoS-attacks by sending
large tls_get_message_header() header. Later it became
clear that a patch for the vulnerability CVE-2016-6307 spawned yet another
vulnerability (CVE-2016-6309). As a result of applying the patch to fix the DoS issue a buffer
processing error was generated causing applications to execute arbitrary code. After this was deteremined another patch was
released to fix this defect.
How
to protect yourself
Servers
that use the
OpenSSL version to 1.0.1g are non-affected by the CVE-2016-6304
vulnerability when
working in standard configuration. Administrators of vulnerable
resources should use the no-ocsp option to mitigate the chances of DDoS
against their systems. In
addition to this DDoS fix, the OpenSSL Foundation team has also fixed
another vulnerability (CVE-2016-6305)
in the library version 1.1.0, which could be used to carry out
DoS-attacks. Staying current on patches, as always, will help remediate
the risks within the OpenSSL libraries.
Saturday, October 15, 2016
United States vs Russia: Cyber-Saber Rattling Reachs All Time High
The cyber-saber rattling has reached an all-time high between the
United States and Russia. According to the NBC News and other media outlets:
“Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging "clandestine" cyber operation designed to harass and "embarrass" the Kremlin leadership.”
While America is “choosing targets”, or as Joe Biden recently said in the link above, preparing to “send a message to Putin” which will be “at a time of our choosing” is falling directly into what our adversary’s want. They’re goading us into creating another cold war, except this time its cyber related.
What America, or honestly anyone under attack, needs to do first it establish a solid defense of their own networks and systems. We’re worrying too much about attacking other nations, or showing who has the biggest cyber muscles, that we’re continually leaving ourselves vulnerable to attack. A nation under the microscope, especially during an election year, needs to hunker down and protect itself before anything else. We keep hearing questions about how our leaders will increase cyber security and their first response to this question is to go on the attack. Today’s cyber-elephant is Russia, yesterday it was China, next month it will be someone else, but we’re still not fixing the problem. This problem is combined with everyone sucking at security to begin with and having the ol’ cyber beer muscles when they’re offended/hacked. What makes a nation with its new found cyber toys think going on the offense with a weak defense will succeed? Not good.
We’re taking the bait Russia is throwing at us and we’re being drawn into another fight for no reason. If we put the same focus on protecting our data that we did trying to exploits someone else, we might not be in this mess. Our attackers are going to change and by trying to pummel them into submission will only increase the attacks towards us. We need to clean our house first before we even consider going on the offensive. I’m not saying we should sit back and let other nations bully us from afar, but there needs to be real wisdom on when we should initiate an offense. We surely shouldn’t engage because we’re embarrassed or because our pride is hurt. Lord knows we’ve attempted similar attempts ourselves. Hopefully, we’ll realize this before it’s too late.
“Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging "clandestine" cyber operation designed to harass and "embarrass" the Kremlin leadership.”
While America is “choosing targets”, or as Joe Biden recently said in the link above, preparing to “send a message to Putin” which will be “at a time of our choosing” is falling directly into what our adversary’s want. They’re goading us into creating another cold war, except this time its cyber related.
What America, or honestly anyone under attack, needs to do first it establish a solid defense of their own networks and systems. We’re worrying too much about attacking other nations, or showing who has the biggest cyber muscles, that we’re continually leaving ourselves vulnerable to attack. A nation under the microscope, especially during an election year, needs to hunker down and protect itself before anything else. We keep hearing questions about how our leaders will increase cyber security and their first response to this question is to go on the attack. Today’s cyber-elephant is Russia, yesterday it was China, next month it will be someone else, but we’re still not fixing the problem. This problem is combined with everyone sucking at security to begin with and having the ol’ cyber beer muscles when they’re offended/hacked. What makes a nation with its new found cyber toys think going on the offense with a weak defense will succeed? Not good.
We’re taking the bait Russia is throwing at us and we’re being drawn into another fight for no reason. If we put the same focus on protecting our data that we did trying to exploits someone else, we might not be in this mess. Our attackers are going to change and by trying to pummel them into submission will only increase the attacks towards us. We need to clean our house first before we even consider going on the offensive. I’m not saying we should sit back and let other nations bully us from afar, but there needs to be real wisdom on when we should initiate an offense. We surely shouldn’t engage because we’re embarrassed or because our pride is hurt. Lord knows we’ve attempted similar attempts ourselves. Hopefully, we’ll realize this before it’s too late.
Wednesday, October 12, 2016
Universities Get an "F" in Cyber Security
In a recent article by “The Institute”, it brings up the topic that students and schools are both shying away from Cyber Security education. Within their article it goes on to say:
“Only three of the top 50 university computer science programs in the United States require students to take a cybersecurity course, and many don’t even offer a class on the subject, according to a recent study by CloudPassage, a cloud computing security company.”
They happen to quote our friends at Cloudpassage and the study they did regarding the same subject. Within their study, they have a few Key Findings, but this one stands out:
“None of the top 10 U.S. computer science programs require a cybersecurity course for graduation. In fact, three of the top 10 university programs don’t even offer an elective course in cybersecurity.”
This finding shows that the leaders in charge of education aren't taking cyber security seriously. It's still seen as an afterthought and not a skill that can be applied to all industries of academia. This limited mindset has helped cause a gap in knowledge and is lead employers left scrambling when it comes to hiring real talent. Consider this quote from their article:
“The skills gap is so wide, he says, that employers are recruiting from other fields, like biology and law, to find talent. People in such fields, he points out, have learned skills required of cybersecurity professionals, such as problem-solving and finding flaws in human and legal systems, which can translate to computer systems.”
I’m glad that security is becoming integrated into schools, but it’s concerning that it’s more of an afterthought, instead of a requirement. Hopefully, as time goes by we’ll continue to see the awareness of cyber security pushed into all disciplines during the education process and beyond.
Monday, October 10, 2016
Frontline Sentinel Makes a Few More Recommended Reading Lists
I was recently informed this blog was added to a few more "recommended reading lists" on information security. I'm super pumped to be included on these lists as a resource on cyber security. Thanks again for reading and check out the other blogs that were mentioned too!
- http://workhack.com/security.php
- http://uh.edu/tech/cisre/resources/blogs/
- https://www.onionid.com/blog/17-amazing-blogs-on-insider-threats-you-should-be-following/
- http://www.masterofhomelandsecurity.org/national-security.html
- http://www.securityinnovationeurope.com/blog/40-information-security-blogs-you-should-be-reading
Friday, October 7, 2016
The Biggest Cybersecurity Threats Are Inside Your Company
This may come as a shock to the majority of the public but the amount of threats (as defined by CSOs, IT managers and security specialists) are found within the confines of the company itself. Yes, hackers do still exist and there are times when they succeed in their nefarious deeds and penetrate security measures and cause a breach. And, while this type of cyberthreat is the kind to be highlighted in the front pages of newspapers and magazines, it represents but a small fraction of cybersecurity threats to a company.
Whether they want to believe it or not, the biggest threat to the overwhelming majority of companies comes from within. Whether their actions were intentional or not, employees not hackers are considered to be larger threats to a company’s security. Most alarming is that these incidents of error are not decreasing, but are increasing steadily.
In a recent study by IBM, it was found that a third of all cyberattacks that a company faces can be directly linked to the actions of (or lack thereof) its employees. Disgruntled employees who often have access to sensitive, and even classified, data are a likely cause. These employees simply copy the data to a flash drive or upload it to a third party cloud service, and just like that the company’s security measures have been breached. These types of offenders are usually trained and know the ins-and-outs of the system enough to bypass its security protocols. These employees are methodical and act with deliberate intent, often having planned the heist for week or months ahead of time.
Then there are opportunists. These bad apples often stumble across a weak link in the security fence, quickly exploit it and harvest any and all data made available to them. They often do not know what to do with the data they just pilfered. If the data contains money that can be easily liquidated then that is the most likely course of action, however another likely event is that they would sell the information on the black market, which in this day and age is easily accessible via the Dark Web.
Finally, there is the last category which is a catch all for errors of omission. These can include anything from poor email handling strategies to bad decision making and phishing strategies. Basically, in this category employees do not intend to expose their company to a cyberthreat, but because they failed to pursue the correct course of action, they have basically let the fox in the hen house.
The bad news is that these are very real scenarios and the roles that insiders play in putting the company in danger is has been on a steep uptick. The good news, is that strategies can be implemented to decrease such incidents and even eliminate them altogether (in some cases). Errors of omission, while broader, may be the easiest to tackle, that is because there are protocols that can be created to plug the leaks and fortify the wall of security that surrounds a company’s systems. Email handling, web surfing and download protocols should be created and enforced throughout the organisation without exception. And yes, that includes the C-suite of executives.
The human component is a bit harder to deal with, as you never know when the “switch” will be flung in the minds of people. What may be a great and stalwart employee one day, may very well be a malicious hacker the next day. Compartmentalisation of systems and restricting access to those that have been cleared to do so will definitely decrease the amount of intrusions and internal hacks that occur. Furthermore, making things just a little bit harder to access is often all it takes to deter or hinder the opportunist from going through with the crime. By creating a blacklist of sharing software and cloud services that can be run on company devices, you are effectively decreasing the number of outlets with which a disgruntled employee can smuggle out company data. Employ deep analytics that are able to track who has accessed what files and directories, and it should be able to send out a warning if file transfers are taking place.
It should go without saying, but it is still worth to mention that the easiest way to prevent a lot of intrusions and cybersecurity threats is to implement a data security plan. Many would be surprised at how the implementation of even the most minimal of security measures is effective at deterring a great deal of threats, both externally and internally. The amount of threats your company is exposed to just gets smaller, the more layers of security are added. While this last piece of advice may seem like a “no-brainer”, the sad fact is that more often than not businesses choose to operate without even the most basic of cybersecurity measures.
While it may seem normal, even natural, for companies to keep their vigilant eyes looking outwards. They should pay an equal attention, if not greater, to the on-goings and threats that may come from within. So why then does it seem that only external attacks make the headlines? Well that’s because no company ever wants to admit that it hires criminals or those that can be perceived as criminals. There are public relations and optics to worry about after all. Now more than ever, companies must know or should know their employees on a much deeper level in attempt to discern their motives, intent and whether or not they are seeking to harm the company. This is not to say that company’s should not trust its employees, indeed doing so may very well lead to that company’s demise. However, the figures do not lie. Attacks are coming from within, and since companies are already investing in security to prevent attacks from without, it should not take that much more to implement measures from internal cyberattacks.
Guest Author - David ShareWhether they want to believe it or not, the biggest threat to the overwhelming majority of companies comes from within. Whether their actions were intentional or not, employees not hackers are considered to be larger threats to a company’s security. Most alarming is that these incidents of error are not decreasing, but are increasing steadily.
In a recent study by IBM, it was found that a third of all cyberattacks that a company faces can be directly linked to the actions of (or lack thereof) its employees. Disgruntled employees who often have access to sensitive, and even classified, data are a likely cause. These employees simply copy the data to a flash drive or upload it to a third party cloud service, and just like that the company’s security measures have been breached. These types of offenders are usually trained and know the ins-and-outs of the system enough to bypass its security protocols. These employees are methodical and act with deliberate intent, often having planned the heist for week or months ahead of time.
Then there are opportunists. These bad apples often stumble across a weak link in the security fence, quickly exploit it and harvest any and all data made available to them. They often do not know what to do with the data they just pilfered. If the data contains money that can be easily liquidated then that is the most likely course of action, however another likely event is that they would sell the information on the black market, which in this day and age is easily accessible via the Dark Web.
Finally, there is the last category which is a catch all for errors of omission. These can include anything from poor email handling strategies to bad decision making and phishing strategies. Basically, in this category employees do not intend to expose their company to a cyberthreat, but because they failed to pursue the correct course of action, they have basically let the fox in the hen house.
The bad news is that these are very real scenarios and the roles that insiders play in putting the company in danger is has been on a steep uptick. The good news, is that strategies can be implemented to decrease such incidents and even eliminate them altogether (in some cases). Errors of omission, while broader, may be the easiest to tackle, that is because there are protocols that can be created to plug the leaks and fortify the wall of security that surrounds a company’s systems. Email handling, web surfing and download protocols should be created and enforced throughout the organisation without exception. And yes, that includes the C-suite of executives.
The human component is a bit harder to deal with, as you never know when the “switch” will be flung in the minds of people. What may be a great and stalwart employee one day, may very well be a malicious hacker the next day. Compartmentalisation of systems and restricting access to those that have been cleared to do so will definitely decrease the amount of intrusions and internal hacks that occur. Furthermore, making things just a little bit harder to access is often all it takes to deter or hinder the opportunist from going through with the crime. By creating a blacklist of sharing software and cloud services that can be run on company devices, you are effectively decreasing the number of outlets with which a disgruntled employee can smuggle out company data. Employ deep analytics that are able to track who has accessed what files and directories, and it should be able to send out a warning if file transfers are taking place.
It should go without saying, but it is still worth to mention that the easiest way to prevent a lot of intrusions and cybersecurity threats is to implement a data security plan. Many would be surprised at how the implementation of even the most minimal of security measures is effective at deterring a great deal of threats, both externally and internally. The amount of threats your company is exposed to just gets smaller, the more layers of security are added. While this last piece of advice may seem like a “no-brainer”, the sad fact is that more often than not businesses choose to operate without even the most basic of cybersecurity measures.
While it may seem normal, even natural, for companies to keep their vigilant eyes looking outwards. They should pay an equal attention, if not greater, to the on-goings and threats that may come from within. So why then does it seem that only external attacks make the headlines? Well that’s because no company ever wants to admit that it hires criminals or those that can be perceived as criminals. There are public relations and optics to worry about after all. Now more than ever, companies must know or should know their employees on a much deeper level in attempt to discern their motives, intent and whether or not they are seeking to harm the company. This is not to say that company’s should not trust its employees, indeed doing so may very well lead to that company’s demise. However, the figures do not lie. Attacks are coming from within, and since companies are already investing in security to prevent attacks from without, it should not take that much more to implement measures from internal cyberattacks.
Director at Amazing Support
http://www.amazingsupport.co.uk/
David has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, a Microsoft Silver accredited and specialist Managed IT Support and IT Services company. David actively helps SME businesses receive better Managed IT Support and IT Services in the London and Hertfordshire areas. He also assists overseas companies who are looking to expand their business operations into the UK and helps with their inward investment IT process. A professional member of The Chartered Institute for IT (BCS) and an event speaker promoting business start-ups and technology awareness. Married with a son, you will often see him riding his bicycle around the Hertfordshire towns! David regularly participates in charity bike rides for the British Heart Foundation.
Thursday, October 6, 2016
Strategies to Defend Against Ransomware Today
Here's an article I contributed towards for Tripwire with some advice on defending against
ransomware. At the end of the day, if we don't pay the ransom these attacks will go away. Here are some steps from David Balaban, Travis Smith and myself on the precautions needed to defend against ransomware today.
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/a-three-pronged-strategy-to-help-organizations-defend-against-ransomware-attacks-2/
ransomware. At the end of the day, if we don't pay the ransom these attacks will go away. Here are some steps from David Balaban, Travis Smith and myself on the precautions needed to defend against ransomware today.
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/a-three-pronged-strategy-to-help-organizations-defend-against-ransomware-attacks-2/
Tuesday, October 4, 2016
Why the Mirai IoT Botnet Changed the DDoS Game
Over the weekend the Mirai code for the IoT botnet was
released on the internet. Essentially, this allows copy cats and borderline
script kiddies to adjust the code as needed for their own misguided use. The
Mirai botnet was the botnet that took down both Krebs and OVH last week and
there’s been debate as to the number of hosts commanded by it. Either way, it
ended up throwing two of the largest DDoS attacks ever seen. The OVH attack tipped
the scales at around 1 tbps, which is like wielding your own personal Death
Star across the internet.

This being said, I think we’ll see the Mirai botnet start declining, but that they’ll be an uptick in IoT related DDoS attacks. This was only one botnet, made mostly from small cameras attached to the internet, but what happens when someone goes out and starts creating a botnet from multiple IoT related devices? What if they slowly harvest vulnerabilities within the plethora of insecure IoT devices? An attacker could slowly command an army of soda machines, thermostats, cars, DVRs, etc that when combined will be larger than anything we’ve ever seen before. This like a botnet-of-botnets (BoB) making one mega-botnet to rule them all (okay, now there’s LOTR references in here too, sorry).
Either way, the Mirai IoT botnet has shown that DDoS is about to turn it up to 11 real soon and hopefully the Akamai’s, Cloudflares, Google, etc are going to be ready for it. These providers are always looking to have N-size the amount of bandwidth from the largest known DDoS attack on record, so this might leave have them scrambling to determine bandwidth sizes for the future. I also think the ISPs need to start playing a bigger role here when it comes to botnets of this size, but regulation and corporation from other countries would also need to be involved and this has always historically been difficult.
So this is why Mirai changed the game. It almost completely brought down a DDoS mitigation network, which means if there were two botnets of equal size it would be difficult to maintain. This also means if they can’t support multiple attacks of this size their other customers will be left unprotected and vulnerable to attack, or even leaving their “always on” customers with a potential internet outage. Lastly, this starts the herding of an untapped market of IoT devices ripe for the picking and I think we’ll see copy cats using similar code on different IoT devices real soon. Things are about to get interesting.

This being said, I think we’ll see the Mirai botnet start declining, but that they’ll be an uptick in IoT related DDoS attacks. This was only one botnet, made mostly from small cameras attached to the internet, but what happens when someone goes out and starts creating a botnet from multiple IoT related devices? What if they slowly harvest vulnerabilities within the plethora of insecure IoT devices? An attacker could slowly command an army of soda machines, thermostats, cars, DVRs, etc that when combined will be larger than anything we’ve ever seen before. This like a botnet-of-botnets (BoB) making one mega-botnet to rule them all (okay, now there’s LOTR references in here too, sorry).
Either way, the Mirai IoT botnet has shown that DDoS is about to turn it up to 11 real soon and hopefully the Akamai’s, Cloudflares, Google, etc are going to be ready for it. These providers are always looking to have N-size the amount of bandwidth from the largest known DDoS attack on record, so this might leave have them scrambling to determine bandwidth sizes for the future. I also think the ISPs need to start playing a bigger role here when it comes to botnets of this size, but regulation and corporation from other countries would also need to be involved and this has always historically been difficult.
So this is why Mirai changed the game. It almost completely brought down a DDoS mitigation network, which means if there were two botnets of equal size it would be difficult to maintain. This also means if they can’t support multiple attacks of this size their other customers will be left unprotected and vulnerable to attack, or even leaving their “always on” customers with a potential internet outage. Lastly, this starts the herding of an untapped market of IoT devices ripe for the picking and I think we’ll see copy cats using similar code on different IoT devices real soon. Things are about to get interesting.
Monday, October 3, 2016
Shine Your Light on the Dark Web
Here's an article I wrote about using the dark web as a monitoring tool. Honestly, we should be using every tool at our disposal in order get a step up when it comes to defending against attackers. If attackers are using the dark web as a tool for malicious activity, then we need to flip the tables on them and use it for our advantage. This is pure intelligence which can be used as an early warning sign that "bad crap is coming". Either you do nothing and wait, or you attempt to infiltrate the lion's den.
Saturday, October 1, 2016
Wanted: Conversation with forensic psychologist to assit with security research
I'm looking for introductions to behavioral or forensic psychologists in regards to a cyber security research project I'm working on. I'd like to setup a conversation and pick their brains on a couple of topics. Anyone you guys recommend?
If so, please contact me at mpascucci [at] frontlinesentinel.com.
If so, please contact me at mpascucci [at] frontlinesentinel.com.
Monday, September 26, 2016
Why Data Security is Important for Startups?
It is hard to overstate the importance of data security,
especially for small firms like start ups. The 2016 threat environment for
hacking and breaching is quite dangerous. Bad actors overseas in places like
Russia and China frequently raid companies of all sizes looking for anything
they can find, from personal information to commit fraud with to industrial
secrets and strategic plans. Hackers can target a company for anything from the
profit motive to political motivations or even just personal enjoyment. Start
ups need to be aware of the damage that these breaches can cause so they can
prepare themselves for the worst.
There are many bad outcomes that result from a hack, breach, or leak. First of all, there is the sensitivity of the data itself. As the introduction explained, there are many different ways that data can be of value to attackers, and that usually translates into hurting the company. For example, having internal production secrets stolen might result in the emergence of a knockoff competitor product later on. The leak of employee records will probably lead to fraud perpetuated in their names. Worst of all, the loss of sensitive customer information can also lead to fraud and a massive decrease in trust. There are headlines every month about the latest company to get hacked and have consumer credit card information or identifying data stolen. This includes everything from small startups that never got going to major corporations like Target. If this happens even once, then a start up can potentially lose its entire customer base. No current client will feel comfortable staying knowing that there has been a hack, and future clients will think twice because the hack indicates a failure of security.
Moreover, obscurity is not it security. Too many companies hope to just fly under the radar, hoping that no attacker will notice them. The reality is that there are so many potential attackers and executing an attack against an unguarded target is so easy that it is trivial for a hacker or group to target any company with an Internet presence. Once they gain entry, the attackers might simply lie dormant for months or even years, soaking up data. They could use their presence in one company as a springboard to hack others, either through collecting information that leads them to a specific target or by making use of the infected computers' resources to boost their efforts. Hackers target small, new companies constantly because they know these small companies are less likely to be able to make a significant investment in security. That leaves them vulnerable, and even the smallest startup can hold valuable data. Combine that idea with the fact that hacking is cheap and easy, and it is no surprise that no company is safe. Just because you haven't made a splash is not a reason to expect hackers to leave you alone. In fact, if you have a website and online assets, it's well within the realm of possibility that someone has attempted an unauthorized access of your assets.
There are many bad outcomes that result from a hack, breach, or leak. First of all, there is the sensitivity of the data itself. As the introduction explained, there are many different ways that data can be of value to attackers, and that usually translates into hurting the company. For example, having internal production secrets stolen might result in the emergence of a knockoff competitor product later on. The leak of employee records will probably lead to fraud perpetuated in their names. Worst of all, the loss of sensitive customer information can also lead to fraud and a massive decrease in trust. There are headlines every month about the latest company to get hacked and have consumer credit card information or identifying data stolen. This includes everything from small startups that never got going to major corporations like Target. If this happens even once, then a start up can potentially lose its entire customer base. No current client will feel comfortable staying knowing that there has been a hack, and future clients will think twice because the hack indicates a failure of security.
Moreover, obscurity is not it security. Too many companies hope to just fly under the radar, hoping that no attacker will notice them. The reality is that there are so many potential attackers and executing an attack against an unguarded target is so easy that it is trivial for a hacker or group to target any company with an Internet presence. Once they gain entry, the attackers might simply lie dormant for months or even years, soaking up data. They could use their presence in one company as a springboard to hack others, either through collecting information that leads them to a specific target or by making use of the infected computers' resources to boost their efforts. Hackers target small, new companies constantly because they know these small companies are less likely to be able to make a significant investment in security. That leaves them vulnerable, and even the smallest startup can hold valuable data. Combine that idea with the fact that hacking is cheap and easy, and it is no surprise that no company is safe. Just because you haven't made a splash is not a reason to expect hackers to leave you alone. In fact, if you have a website and online assets, it's well within the realm of possibility that someone has attempted an unauthorized access of your assets.
Knowing that, you have to
decide on a response. For one thing, to a certain extent you must develop a
plan of action that responds to an existing hack. That means treating hacks as
an inevitable occurrence that will happen some day, like a storm or earthquake,
and planning accordingly. Settle on what you will say to win back the trust of
your clients, how you will move forward under different circumstances, and how
to manage the entire PR element of the event. Too many companies wind up trying
to wing it because they never planned for what would happen in the event of a
successful hack. Be proactive and prepare. As for real security, you can try
making use of the cloud or an online data room, but you are best off with a powerful security consultant. They can do
the heavy lifting and guide you to best practices, especially if you are too
small to have your own dedicated IT department. Remember, hacks happen to
everyone. It's up to you to choose how you will control the hack's fallout and
minimize the damage. Expect the best and prepare for the worst.
Saturday, September 3, 2016
Back to School Cyber Security Tips
Kids all around the country are getting ready to go back to school. Here's an article I contributed for Tripwire that offers some tips on how to keep them safe online in the process:
http://www.tripwire.com/state-of-security/security-awareness/back-to-school-tips-on-how-your-children-can-stay-safe-online/
http://www.tripwire.com/state-of-security/security-awareness/back-to-school-tips-on-how-your-children-can-stay-safe-online/
Wednesday, July 13, 2016
Top New Amazon AWS Cloud Security Features
Enterprises are moving to the cloud and with that we have to secure it. Amazon has taken notice, being the largest cloud provider in the world, that if they don't secure their cloud offering customers will continue being scared of the cloud. This has been Amazon's approach from the beginning and they've continually added security services to their cloud offering in order protect your data and draw you into the cloud.
Here's an article I wrote for Search Security on some of Amazon's new security services: http://searchcloudsecurity.techtarget.com/tip/Top-AWS-security-features-organizations-need-to-know-about
Here's an article I wrote for Search Security on some of Amazon's new security services: http://searchcloudsecurity.techtarget.com/tip/Top-AWS-security-features-organizations-need-to-know-about
Tuesday, June 28, 2016
How Microsegmentation Helps With Security
Here's an article I wrote for CloudPassage on why "Micro-segmentation helps with security". More to come on this topic shortly.
https://blog.cloudpassage.com/2016/06/27/microsegmentation-helps-security/
Friday, June 10, 2016
Deception in Depth Conference
Here's the link for this month's "Long Island Security Groups" next meetup. The topic this month will be on "deception technology".
We'll be having all the big names in the deception field presenting on their technology and explaining why deception techniques are needed for security professionals protecting their networks today. Hackers don't play fair, neither should you. Hope to see you there! http://www.meetup.com/Long-Island-Security-Group/events/231725055/
We'll be having all the big names in the deception field presenting on their technology and explaining why deception techniques are needed for security professionals protecting their networks today. Hackers don't play fair, neither should you. Hope to see you there! http://www.meetup.com/Long-Island-Security-Group/events/231725055/
Wednesday, June 8, 2016
Cloud WAFs Can Improve Application Security
Here's an article I wrote for TechTarget's "SearchCloudSecurity" edition regarding the benefits of utilizing a cloud WAF within your organization. There are numerous benefits to implementing a WAF in the cloud, which I go into more in the below link. Here are my thoughts on the technology and why it's a good idea to have this service pushed to the cloud.
http://searchcloudsecurity.techtarget.com/tip/How-cloud-WAF-implementations-can-improve-application-security
http://searchcloudsecurity.techtarget.com/tip/How-cloud-WAF-implementations-can-improve-application-security
Tuesday, June 7, 2016
How Microsegmentation Gives You Better Network Security
Here's an article I wrote for CloudPassage regarding how micro-segmentation allows for more control and better security throughout your network. By not having to go North/South in your network for security controls allows for a more flexible, agile and secure network.
https://blog.cloudpassage.com/2016/06/07/why-you-need-microsegmentation/
https://blog.cloudpassage.com/2016/06/07/why-you-need-microsegmentation/
Monday, May 23, 2016
The Failed Decision of Weaponizing Drones
There comes a time in a decision-making process where you
end up standing miles away from where you thought the answer to your initial decision
was going to take you. It’s not a sudden thing and ends up slowly moving you
away from where you thought you would have been before the decision. It’s like
turning around, seeing where you started miles away in the distance, and not
realizing how or when you got where you’re standing.
I feel many times this is how the American public feels
about drone warfare. At what point did we have this technology turn into
something of surveillance during times of true war, to a personal squad of
borderless and warrantless killing machines? When did we accept the right to
become judge, jury and executioner in a conflict that we’re not only fighting
in, but also antagonizing? When will we
realize that by destroying tribes of people in an unsanctioned war we’re not
making our lives any easier, but only swatting the hive for future attacks?
The “table-turning test” is a true example of eating your
own ethical dog food. If we had people within our borders attempting to do
other countries harm in a physically way, but were melted from the sky by a
third party country before they were able to, America would cause a full out
war. I understand the need to protect
our country, I understand the love of one’s country and wanting to defend it,
but I still can’t understand the murder that we’re causing across the globe
without a second thought. By loving one's country we should be concerned on how we deal with conflict in general and not just trying to eliminate conflict with more aggression.
At what point in time will the American public look back and
realize that not only are foreign enemies being targeted, but anyone who’s considered
an enemy of the state? With mass surveillance already in place the next natural
step to keep order and monitor to civilians would be by using an unseen force
that can be deployed from anywhere, to anyplace and without detection. My
concern is that future of this type of mindset, the assassination of enemies
with technology without thinking twice, would continue to dredge down to a
local level. I know there’s been talk about protecting civilians from this type
of abuse, but that’s only because they know how far an idea can spin away from
them. If this happens the American public will turn around looking for their initial
answer to their decision on drone warfare and instead of seeing in the distance
where they started from, they’ll only see the charred earth of their starting
point.
Subscribe to:
Posts (Atom)