Wednesday, October 18, 2017
BSidesCT 2017
Had a very good time at BSidesCT 2017 with Tyler and The King from Castle Ventures. The organizers did a very nice job, Webster Bank provided a great venue, and there were some very informative presentations. While I was there I had the pleasure of meeting Doug White from Security Weekly. Did a brief interview with him, which you find on YouTube. We will be back next year. In the mean time check out the Security Weekly podcasts.
Tuesday, May 23, 2017
Guarding your Cyber Castle
In the days of lords and ladies, knights and pages, the lord
of the manor decided what was important and not important to him. If it was important it stayed in the
castle. If it was disposable and easily sacrificed
it stayed outside the moat. Then all the
lord’s efforts were spent defending the castle and watching the crown jewels,
ignoring all that he owned outside the walls.
Organizations need to follow a similar approach and focus their
efforts on protecting the crown jewels of the organization. These are the trade secrets, critical deal
files, sensitive employee information, and confidential customer data. This approach allows you to prioritize your
investments in security initiatives. If
that critical data is stored in a folder on a file server, we need to watch
that directory like a hawk. Here is checklist
of what we want to do:
- · Restrict access to the folder to people who have a legitimate business need
- · Backup the data, with a least one off-line copy
- · Track permission changes to the folder
- · Track permission changes to the groups associated with that folder
- · Collect user activity and send activity reports to the business owner of the data
- · Identify unusual patterns of behavior by a user or a system
- · Alert on access by a new user or system correlate with the access approval process
- · Periodically review people’s access rights to the sensitive folder
- · Classify the data in the folder with tags
- · Track the motion of files once they leave the folder
- · Encrypt the data
Of course, there are other things you want to do protect the
infrastructure (firewall = moat), but with this focus on your important digital
assets, the odds of defending your castle are much higher.
Saturday, May 13, 2017
The Cyber Shit has hit the Fan
The WannaCry ransomware outbreak that stated yesterday is troubling
in several ways.
There Internet is a wonderful thing. It has the changed the world in some many
wonderful ways. One of the keys to the
success of the Internet, is trust. We do
business with people we never meet, we buy products from companies across the
globe located in places we’ve never been, and we stay in other peoples’ homes
(and let strangers stay in ours) simply based on a digital image. That trust (and the Internet as a whole) is a
fragile thing. Resiliency was not bot
built into the technologies we use and human emotions can only take so
much. The trust and faith we have and
need will wear away as more and more bad things happen.
Certainly, the evil thugs who launched the malware should be
despised by all. Unfortunately, it is not easy to find them and bring them to
justice. What is even more troubling is
the behavior of the US government. What “spying”
and “intelligence” is worth the destruction that took place yesterday and
continues to wreak havoc? The NSA should
immediately disclose any vulnerabilities it discovers to manufacturers unless
we are engaged in an active war. At this
point the US government has no active declarations of war (and the War on
Terror is as poor excuse to jeopardize every computer in the world) so it is
time to totally revamp the Vulnerabilities Equity Process. We need to protect all people against real
cyber threats that occur every day rather than fighting some ephemeral threat
that may or may not be stopped by leaving millions of computers to vulnerability
to exploits.
This is our wake-up call!
For a good technical explanation of how to deal with this, head to the Varonis blog for information on
securing systems with DatAlert.
Subscribe to:
Posts (Atom)