Back Door

By cliangNo Comments
Each house has its own perimeter to control entry.  However behind the perimeter, they are mutually accessible at the back end.  Thus, break-in to one house will allow intruder transverse to its neighbor without going thru the neighbor's perimeter. Same attack surface applies in the cyber world.  Therefore, test and live environments must be segregated.  The former is less cyber hygiene because it is subject to broader access by developer or vendor with loose controls....
Read More

The Race

By cliangNo Comments
It's about attack and defense in the cyber space. In early days, breaking login is via password brute force attack to try every combination. Then, password settings are imposed to enforce password complexity, password history, password age, account lock out etc. Rainbow table comes into the scene.  All password combinations are pre-computed into its equivalent hash to match the collected irreversible hash.  Break-in is then fast. Salt and pepper are then added to the password hash as counter-measure to rainbow table. Pass-the-hash will defeat the salts as the authenticated credential is cached in memory.  By installing persistent backdoor and listen to admin login, grab the hash then traverse via the network. So, the race continues.  And no matter how advance the cyber protections are deployed, a negligent user with unattended login session will render all these useless. Therefore, educating user for proper discipline and usage in the cyber space is the number one defense....
Read More

Cyber Citizen

By cliangNo Comments
We are really living in the cyber era.  From early childhood, kids will touch on device, get connected or even act in the cyber world. Like physical world, the parents (or school) must educate the good practices in the cyber world, just like to understand and observe the road protocols.  The aim is to avoid getting hurt by careless road users - whether the careless road users are others or self....
Read More

Tagging

By cliangNo Comments
Tag or label is an important aspect to document cyber assets like hardware components or cabling. This is not an one-off exercise.  Assets are subject to replacement due to fault, addition because of new system functionalities or removal upon decommissioning.  It is therefore necessary to maintain an accurate asset inventory with consistent labeling scheme. This asset inventory will not only help to locate faulty component for problem shooting or to isolate compromised component but also reflects the correct position of asset value in the company books....
Read More

Access Control #2

By cliangNo Comments
Access control is intended to allow only authorized subject to reach the protected resources. A comprehensive assessment including penetration test (network and physical), or Red Team Testing, is necessary to evaluate the effectiveness of the control and identify weaknesses like: Misconfiguration System defaults Normal operations run via high system privileges Unpatched systems or components Inherent back door Staff lack of awareness Phishing victim Unattended equipment Unattended login session Insecure entry points (both network and physical) via brute force ...
Read More

The Past

By cliangNo Comments
Earlier, I talked about network anomaly detection. It is the kind of technology based on the past activities to predict if your network is healthy and normal. Key considerations to evaluate for deployment: The "past" activities must be correctly understood by the technology in the first place as the baseline reference Using a typical life cycle management concept, the algorithm must be intelligent enough to manage the entire suite of new, change, delete use cases of network traffic without too much false negative nor false positive Predict "new" traffic deviated from the baseline with different severity level per intention Whether the algorithm is equipped with deep packet inspection (or even better with machine learning capability) to inspect expected connections with different payload from baseline Report missing traffic from baseline that could be sign of malfunctioned field device(s) to the host or controller Challenges are: Competency and capability of the deployment team to understand your environment Criteria to sign off as project completion from...
Read More

Automation

By cliangNo Comments
Everyday, we rely so much on automation ... be seen or behind the scene: rice cooker, temperature control of air conditioner, TV program recorder, garage entry, escalator, fire alarm system, traffic light, public lighting, vehicle, train, vessel, cargo terminal, electric grid, etc. Are we ready to bear with the failure in any of these automation?  Or how long we can tolerate with degraded service? These are the basis to derive the alternate processing model to resume service though it might not be up to the expected service quality.  Shortening the unplanned outage time or increasing service quality during outage will be materialized into substantial monetary terms. Cybersecurity practitioner can only facilitate the thought process but the ultimate decision is from business - risk taking between optimal or optional investment to meet the business target....
Read More

Neighborhood

By cliangNo Comments
As if in physical world, mutual support and care are important to maintain safety in the cyber world. Unlike physical world, we might not "see" our neighbors nor their houses.  But the merit is that even if we are far away physically, we can still take care of our cyber neighbors. Things like these we can do: Notifying our cyber neighbor when that cyber identity is likely compromised and launch phishing attack Sharing near-miss cyber incident to alert others from falling into the same scam Not forwarding threat info received from untrusted sources in creating unnecessary network traffic or panic ...
Read More

Governance

By cliangNo Comments
Last article, I talked about PPTP.  With organization policies formally established, the next is the governance to make it work.  Otherwise, policies are just slogan in the air. The governance must be driven by the governing body (usually the senior management in the organization) that includes but not limited to: Mandate cybersecurity directives (policies) for enforceable, repeatable and achievable business process Approve risk acceptance for deviation from these established policies Stipulate strategic decision to ensure business outcomes align with organization business objectives like digital transformation, Recovery Time Objective (RTO), recovery priority, funding The hard part is the the governing body needs to determine the right path for the organization rather than distracted by sales pitches or FUD exaggerated by the media....
Read More

PPT, PPTP

By cliang1 Comment
People, Process and Technology (PPT) are always referred as the foundation in the cybersecurity community. Yes, they are. But without establishing formal organization policies to drive, many pitfalls will be envisaged Misalignment among business units Misinterpreted context of the policies Lack of management support for continuous improvement Insufficient skill set in the workforce Therefore, a more precise model PPTP (People, Process, Technology, Policies) deems suitable.  Without the last P, it's like a chair with broken leg that will fall (fail)....
Read More