Grade of Protection #3

By cliangNo Comments
The commodities (toys) are encapsulated in the vending machine (plastic containers). All containers share the same Point of Sales (PoS) device - the Octopus sensor. Upon successful payment, the outlet valve is released to pass out the selected item. You might wonder if these vending machines are securely protected as they are placed in open area and unattended. This is a typical scenario for cybersecurity practitioner in recommending business people the appropriate level of protection. There are CCTV in the arcade to record people accessing the vending machine. Physical brute force attack will be recorded. And for vending machine like this, physical is far more effective over cyber attack to collect the toys. Having recorded footage of physical attack won't be useful without the laws & regulations coming into place. The deterrent is that offender will be caught and prosecuted for criminal act. Last but not least, consider the total value of the commodities plus the equipment itself. If...
Read More

Policy #8

By cliangNo Comments
We face many "policies" (directives) everyday - whether in real world or in the cyber space. And we are told to comply with these policies for keeping ourselves safe or secure in both domains. Sometimes, don't blindly follow the policy because policy makers could make mistake: lack of field experience, don't understand the subject matter well, having implicit assumption causing incorrect interpretation or putting something that is even not practically achievable. As an user, you need to think, contribute or challenge policy makers. There isn't perfectness in this world. Things always need continuous improvement. Policy makers are expected Solicit opinions objectivelyListen feedbacksResolve ambiguityAddress incorrectness If they don't, they simply fail. ...
Read More

DeMilitarized Zone (DMZ)

By cliangNo Comments
DMZ becomes the de facto standard for network segmentation. It is used to control network traffic across trust and untrusted network zones. Network traffic is used instead of network connection because the latter is not precise. A network cable is connected across components but what does matter is the traffic flowing thru. The network zoning is typically implemented by network firewall. More functions like anti-malware protection, site filtering, application requests screening are adding to the network firewall making it the so-called next generation (NG) firewall. To enhance customer confidence, there are 3rd party accredition for firewall cybersecurity. No matter how secure the component is manufactured and deployed, the important aspects to maintain a secure network perimeter are: Proper design, i.e. placing the firewall(s) at the correct network nodeProper configuration, i.e. device management and least privilege firewall rulesPeriodic assessment, i.e. validate if the configuration is still valid (don't retain the associated firewall rules when system has retired)Proper maintenance, i.e. update firmware...
Read More