Dormant

By cliangNo Comments
Malware nowadays is getting sophisticated - has small footprint, evade sandbox & detection, determine platform to inject the applicable payload, some even change account password, disable all network interfaces to completely lock you out. Backup is one of the mitigation means for recovery of the pre-victim state at cost of losing certain application data. The challenge is that malware might have already existed in the previous state in dormant form and the backup carries it. What should best be done? In extreme case, no Internet and even standalone with communication, no removable media and all I/O ports sealed, zero-trust of any users with all system privileges locked down, application white-listed, use kiosk mode. Imagine you are working in an organization like this. You won't be working long as the business will soon cease in such environment. And after all, who should be appointed to maintain the system that this inevitably requires root privileges. This is a risk taking consideration....
Read More

Deep Packet Inspection (DPI)

By cliangNo Comments
As cyber attacks have already moved from network layer to application tier, DPI is a must to examine contents to detect malicious intention. Some technologies (like web proxy) even break the TLS for content inspection incurring cyber threats from user perspective that https is no longer trusted to be secure. In a corporate environment Privacy is not guaranteed via a blanket statement by consent to being monitored when start using the IT facilities, e.g. displayed in logon banner. As an user, check the site certificate if issued by site owner or another party to understand if traffic is being intercepted For network in public Usually connectivity is via WLANYou have no idea what is behind the infrastructure, whether it has been maniuplated for malicious intention. So, follow the OS platform recommended public network profile upon connection -- Don't allow your device being discovered -- Disable folder sharing -- Setup another web browser without login credential saved for general web surfing -- Never use insecure...
Read More

Expectation & Limitation

By cliangNo Comments
Every technology has its own limitation. Don't just listen to Sales or look at Product Brochure. Their tactics are to highlight what are the strengths or success stories of the desirable protection scenarios and hide limitations. There are many examples of limitations quoted in previous blogs: Is network anomalies detection able to spot "missing" but not extra among "unusual" traffic from baseline profile?Is company "authorized" USB drive effective for DLP or limiting malware?Is Touch ID really secure,,, etc. Understand the technology what works and what doesn't. Set stake holders expectation for limitations and the required compensating controls. Voice these out before recommending the protection technology if really fit for adoption. ...
Read More