Wednesday, October 18, 2017

BSidesCT 2017

Had a very good time at BSidesCT 2017 with Tyler and The King from Castle Ventures.  The organizers did a very nice job, Webster Bank provided a great venue, and there were some very informative presentations.  While I was there I had the pleasure of meeting Doug White from Security Weekly.  Did a brief interview with him, which you find on YouTube.  We will be back next year.  In the mean time check out the Security Weekly podcasts.

Tuesday, May 23, 2017

Guarding your Cyber Castle

In the days of lords and ladies, knights and pages, the lord of the manor decided what was important and not important to him.  If it was important it stayed in the castle.  If it was disposable and easily sacrificed it stayed outside the moat.  Then all the lord’s efforts were spent defending the castle and watching the crown jewels, ignoring all that he owned outside the walls.
Organizations need to follow a similar approach and focus their efforts on protecting the crown jewels of the organization.  These are the trade secrets, critical deal files, sensitive employee information, and confidential customer data.  This approach allows you to prioritize your investments in security initiatives.  If that critical data is stored in a folder on a file server, we need to watch that directory like a hawk.   Here is checklist of what we want to do:

  • ·        Restrict access to the folder to people who have a legitimate business need
  • ·        Backup the data, with a least one off-line copy
  • ·        Track permission changes to the folder
  • ·        Track permission changes to the groups associated with that folder
  • ·        Collect user activity and send activity reports to the business owner of the data
  • ·        Identify unusual patterns of behavior by a user or a system
  • ·        Alert on access by a new user or system correlate with the access approval process
  • ·        Periodically review people’s access rights to the sensitive folder
  • ·        Classify the data in the folder with tags
  • ·        Track the motion of files once they leave the folder
  • ·        Encrypt the data

Of course, there are other things you want to do protect the infrastructure (firewall = moat), but with this focus on your important digital assets, the odds of defending your castle are much higher.

Saturday, May 13, 2017

The Cyber Shit has hit the Fan

The WannaCry ransomware outbreak that stated yesterday is troubling in several ways.

There Internet is a wonderful thing.  It has the changed the world in some many wonderful ways.  One of the keys to the success of the Internet, is trust.  We do business with people we never meet, we buy products from companies across the globe located in places we’ve never been, and we stay in other peoples’ homes (and let strangers stay in ours) simply based on a digital image.  That trust (and the Internet as a whole) is a fragile thing.  Resiliency was not bot built into the technologies we use and human emotions can only take so much.  The trust and faith we have and need will wear away as more and more bad things happen.

Certainly, the evil thugs who launched the malware should be despised by all. Unfortunately, it is not easy to find them and bring them to justice.  What is even more troubling is the behavior of the US government.  What “spying” and “intelligence” is worth the destruction that took place yesterday and continues to wreak havoc?  The NSA should immediately disclose any vulnerabilities it discovers to manufacturers unless we are engaged in an active war.  At this point the US government has no active declarations of war (and the War on Terror is as poor excuse to jeopardize every computer in the world) so it is time to totally revamp the Vulnerabilities Equity Process.  We need to protect all people against real cyber threats that occur every day rather than fighting some ephemeral threat that may or may not be stopped by leaving millions of computers to vulnerability to exploits.   

This is our wake-up call!

For a good technical explanation of how to deal with this, head to the Varonis blog for information on securing systems with DatAlert.