Deep Packet Inspection (DPI) Firewall

By cliangNo Comments
No doubt, the technology is secure. But without assessing the situation holistically, this is inconclusive. Rulesets might be wrongly set or firewall is wrongly configured, then the DPI firewall is insecure. If the connecting components are in a restricted and lock down environment, a DPI firewall is overkill and won't contribute to enhance more security. By the same token, media always exaggerate cyber threats. We must judge if such threat scenarios are likely in our environment rather than blindly doing unnecessary lock down on existing systems. An example is the ransomware attack via inactive user account thru VPN without 2-factor authentication, or authenticated users via PrintNightmare exploit. Something must be done but not to complete today. Security enhancement must be assessed, managed rather than in a piecemeal manner. The latter might even create more problems after blindly applying the counter-measures. Remember - action without plan is nightmare; plan without action is day dream. ...
Read More

Policy #9

By cliangNo Comments
When writing policies, positive logic shall be adopted. It eases readers understand what is allowed rather than spending time to evaluate the allowed exception. In the illustration, the first impression: no entry is applied to the named vehicle types and need a second thought to locate the word "except". A wrongly communicated message might then cause different outcome. This should be avoided in written directives. ...
Read More

Privacy

By cliangNo Comments
We have a lot of personal data exposed in the cyber world in our daily life. To name a few, the "intrusive components" are: Electronic pass for toll road: where you are heading to, or even your entire journey if throughout the itinerary, there are traffic cameras and auto toll collection pointsCCTV: inside building, public areas, dashcam in vehicles nearbyCredit card: traces back to your identify, location, amount consumed, commodity purchasedHealth monitoring device: you wear in your body to capture your health data continuously, share in the technology provider's community if you wishOperating System: sharing the diagnostic data with the technology vendor when problem occurs or during online trouble shootingWeb site cookies: IP address to geo-location of your web surfing location, your web preferenceDigital photo: modern cameras are equipped with geo-tagging The most intrusive device is your cell phone. You carry it almost all the time. It exposes your geo-location from which cell towers your phone is connecting to. What should...
Read More

Declassification

By cliangNo Comments
Confidential information is costly to maintain. Imagine all the 3 data states (data-in-motion, data-at-rest, data-in-use) will require technology and the underlying process to manage the authorized access and usage while denying otherwise. Most often except a few, sensitive information will diminish its value or impact overtime. An example of the "few" is the formula of a soft drink that remains as trade secret to standout the products from its competitors. Other than technical controls like encryption or multi-factors authentication access for digital information, there are simply regulations to protect artist work copyrights, alogrithm patent etc. that are published in public domain. Secret government documents also have expiry date to release for public interests. The declassification together with destruction process are therefore an important stage in the information lifecycle management process. Without these, the burden to maintain secrecy will increase over time and become unmanageable. ...
Read More

Discovery

By cliangNo Comments
This is widely adopted in various process like: Asset discovery: to scan the network and take inventory of the components connected in the networkElectronic document discovery: to scan the network resources for automatic information classification and privacy complianceForensic eDiscovery: to collect cyber activities from the designated equipment uncovering the sequence of events No matter which application, the essential aspect is the correct use of the tool. Otherwise, incorrect or inaccurate information is captured that could incur undesirable consequence where decision will base upon. Training or certification for the competent person running the process will be the key. ...
Read More

100% Cyber Secure #2

By cliangNo Comments
Worry about breaching GDPR or PCIDSS? The most effective means is to avoid capturing these info that need protection. Accepting cash addresses the problem statement. However, the restaurant must not forget if they accept reservation with name and contact number, then it is also a channel of GDPR breach. Accepting cash will introduce risk of being robbed. The is typical pitfall that most security practitioners overlook. Implementing new cybersecurity protection also incurs other new risks. Therefore, holistic assessment is always required in any business risk identification and mitigation. Further, a fresh-eye review is necessary to eliminate any "blind spots". ...
Read More

Enforcement #3

By cliangNo Comments
At certain situations, enforcement of policy relies on administrative control when technical controls are not feasible. But how do we ensure no offender? No, we can't. The only thing we can do is to establish consequence-based deterrent enforced by laws & regulations. The most severe deterrent is death sentence. A traffic sign prohibits vehicle longer than 10m or over 10 tones on left turn as illustrated. There is no stopping you to do so but if your truck exceeds this limit and still turning left, your truck might be trapped in the road curve blocking other road users, crashing vehicle in the opposite lane, or damaging any other third party properties. Then you are fully accountable for civil offence if negligence or criminal offence if deliberately doing so. Similarly, management always talks about how to stop insider threats in dealing with cybersecurity. The same philosophy applies - discrepancy action for employees or contractual obligation for business partners with...
Read More

Enforcement #2

By cliangNo Comments
Durnig pandemic situation, InfraRed body temperature detection technology is great - contactless, accurate, multi-persons processing, seamlessly and transparent to customers. But the illustrated scenario lacks of enforcement - persons with detected abnormal body temperature are still able to go in. A policy statement (notice at entrance) must be established to deny visit of persons with abnormal body temperature. Further, a security guard or so needs to watch the outcome of measured body temperature to enforce such policy. Without enforcement, deploying great technology doesn't make sense. This applies to cybersecurity domain as well. ...
Read More

Concealment

By cliangNo Comments
Two lanes but 3 traffic signs. Is the middle lane hidden? Information concealment is one of the techniques to hide important content. There are many tools that comes with steganographic processing. Usually, media files are chosen as the host file to store the secret data but their native usage (viewing photo, watching video with associated apps) are unaffected even with secret data injected. Media files are the popular host because photo, audio or video are basically having larger size. The objective is let secret message stored there and staying low profile without being caught. Yet, this technique is aimed at hiding small amount of data (like passcode, geo-location) because too much data might increase the host size that is unproportionable to its original form. ...
Read More

Choke Point

By cliangNo Comments
In physical world, it is a geographical critical and strategic passage. Armed force is able to control what is allowed and what is not for passing thru. In cyber world, similar concept is deployed in network perimeter controlling data traffic what is allowed and what is not in reaching the destination node(s). Source ports don't matter. The camera aperture is the good metaphor. Light sources don't matter. What matter is to control the incoming lights from whatever directions to reach the camera senor for composing an ideal photo. I came across a cybersecurity practitioner who is so innovative to request controls of the network source ports in the firewall as well. This involves application logic and configuration changes yet the effectiveness to enhance cybersecurity is really in doubt. ...
Read More