July 21, 2015
Posted by Robert under I.T.
Leave a Comment
In Part 1 we looked at cyber attack models and discussed some of the pros and cons of different variants. This time we’ll walk through a fictitious attack as it traverses the middle phases that most attack models have in common: Delivery, Exploitation, Installation, and Command & Control (C2 or CnC). Along the way, we’ll look at ways your network architecture can help make life more difficult for attackers, what types of monitoring controls you might wish to consider for these phases, and finally examine some indicators that you may not have considered. Before we begin, let’s discuss two subjects: indicators and how network architecture can aid in cyber defense.
July 10, 2012
When organizations consider outsourcing applications or processes to cloud providers, there are many areas to evaluate carefully. Security is always near, or at the top of the list. Of the many facets of security to evaluate when selecting cloud providers, asking for disclosure of relationships to other cloud providers or third parties of interest is one not to forget. Let’s examine a simple scenario where this could impact your ability to meet compliance and/or regulatory requirements. (more…)
July 9, 2012
Posted by Robert under DNS
The time has arrived! Malware Monday, as some have labeled it. The FBI has shut off the DNS servers it maintained to allow those infected with the malware to continue to operate and provide additional time for cleanup. The malware re-directed web site requests to sites where the its authors could make money off of advertising — so called “click hijacking.” And make money they did — supposedly about $14 million USD. (more…)
June 12, 2012
With millions of passwords stolen from LinkedIn, eHarmony and Lastfm.com in the past few weeks, it is a good idea to re-think your password strategy. It should certainly make it clear that re-using one or even several passwords across many web sites can be dangerous. But creating and remembering individual passwords for the ever-growing collection of web sites that comprise our digital lives can be daunting. What should you do? (more…)
June 11, 2012
Networks, like the enterprises they support, evolve over time. It is extremely rare that one has the opportunity to re-evaluate the underlying assumptions behind a logical network design and the IP address schema, and with the advantage of hindsight, make course corrections that can provide flexibility and accommodate the security controls needed now and into the future. Such an opportunity may only come along once a decade or more. Most corporate enterprises did not connect to the Internet until the late 1990’s or early 2000’s, and their experience with TCP/IP was limited, but many are still living with the choices made long ago. If you could re-design your enterprise network IP address space today, what would you change? The example that follows provides one such way for a large private network. Of course you have to have a driver for undertaking such a project and the creation of security zones is a good one! (more…)
June 8, 2012
Establishing isolated security zones within an enterprise network is an effective strategy for reducing many types of risk, and this is especially obvious when one considers how permeable networks are today. The old perimeter defense model is no longer sufficient. Some would argue it is no longer necessary — that de-perimeterization is inevitable, we should prepare for a future of blended networks without clear boundaries and security should be moved inward. Ultimately, all security is about protecting a valuable asset – data – but that protection involves a defense-in-depth strategy that includes all layers. (more…)