People – Page 8 – The SECOND Advisories Limited

Cyber Footprint

12th September 2019 By cliangNo Comments

We are living both in the physical and cyber worlds and these worlds are closely coupled. We have left lots of cyber footprints - posts in social media, emails to others, auto-toll road, facial recognition via video analytics by surveillance camera, RFiD cards in the pocket, cell phone IMEI with location service, electronic identity of many, purchase preference, web browsing habit, medical & education history ... not to mention those event logging. All these can be traced back to an individual, if intended. An individual might also locate the peers from cyber world to reach out physically. Common example is proposed contact by social network via your connected friends. Machines are also controlled by automation where these controls are "living" in the cyber world. Performance of machines are feeding back to machine learning to improve physical operational efficiency. Unless you stay in the wild completely off the grid, hunting and farming for food, using natural fuel, living in a closed & trusted community without electronic...

Threat Hunting

29th July 2019 By cliangNo Comments

Suddenly, new market jargon "threat hunting" is spreading around under cybersecurity domain. It is a kind of proactive measure to uncover if your environment has already been penetrated and critical info are being exfiltrated. This kind of exercise is best executed by 3rd party periodically, because: If this is due to insider threat, it won't be surfaced In-house workforce might have assumption for certain things that won't go wrong Periodic check is for assurance because the threat hunting only spots situation at a particular point in time and its past, it cannot predict the future A more holistic approach is to augment this threat hunting exercise with workforce and business process strengthening to identify vulnerabilities for effective risk reduction....

Born or Made

1st May 2019 By cliangNo Comments

Cybersecurity vulnerabilities are broadly categorized into 2 types: [a] Inherent weakness in the component, protocol (e.g. PLC, ftp) that is insecure by design [b] Improper deployment causes a secure component (e.g. FIPS-140-2 Level-4 certified crypto module) into insecure due to lack the required surrounding elements (likely broken business process or human negligence) Type [a] can be overcome at time of procurement to specify requirement. Type [b] can be identified via vulnerability assessment of the deployed solution in people, process and technology perspectives...

Deep Packet Inspection (DPI)

23rd March 201923rd March 2019 By cliangNo Comments

As cyber attacks have already moved from network layer to application tier, DPI is a must to examine contents to detect malicious intention. Some technologies (like web proxy) even break the TLS for content inspection incurring cyber threats from user perspective that https is no longer trusted to be secure. In a corporate environment Privacy is not guaranteed via a blanket statement by consent to being monitored when start using the IT facilities, e.g. displayed in logon banner. As an user, check the site certificate if issued by site owner or another party to understand if traffic is being intercepted For network in public Usually connectivity is via WLANYou have no idea what is behind the infrastructure, whether it has been maniuplated for malicious intention. So, follow the OS platform recommended public network profile upon connection -- Don't allow your device being discovered -- Disable folder sharing -- Setup another web browser without login credential saved for general web surfing -- Never use insecure...

Retrofit

23rd February 201923rd February 2019 By cliangNo Comments

Three scenarios: (a) fix design flaw to make system secure, (b) address new vulnerabilities that are unknown before, or (c) comply with newly established regulations. There is no crystal ball to foresee (b) or (c) but for (a), this can be avoided if good practices are exercised during development stage. ...

Shoulder Surfing

14th February 201914th February 2019 By cliangNo Comments

No matter how the end point is secured, a careless end user will nullify all the deployed counter-measures like MDM (Mobile Device Management), Secure Access, Encryption. ...

Trust

9th February 20199th February 2019 By cliangNo Comments

When you come across a free USB socket to charge your mobile device, will you trust and use it? You never know what is behind that your mobile device will connect to. Mobile device now contains lots of "useful" information for hacker. The information ranges from personal contact, photo, notes, corporate email to saved credentials. The best is to use own charging device. ...

Protocol

27th December 201827th December 2018 By cliangNo Comments

The road is clear and why are these pedestrians waiting for? This is because all road users need to observe the protocol in the road system to keep alive. Similarly, we need to observe protocol in the cyber world to keep secure. Examples are: Maintain access credential secret and renew regularlyActivate 2-step authentication if identity provider supportsBeware of emails that appear legitimate requesting for sensitive or personal informationBe alert for too good to be true rewardsAvoid using shared computers in the public that anyone can accessAvoid plugging into USB power ports in public to charge your portable devices (cell phone, tablet)etc. ...

Policies #3 (From Directive to Enforcement)

24th December 201824th December 2018 By cliangNo Comments

1. Use case Authenticate the user of parking is "Aliens" status, a yes/no decisionGrant usage durationDisclaim loss/damage responsibilities 2. Enforcement If yes: allowIf not: rejectIf violate: consequence 3. Somehow, vulnerabilities exist: Identity provider is compromised Method of authentication is circumventedResult of authentication is manipulatedBarrier to the authorized resource (parking lot) fails and being bypassed without authentication 4. Consequence: False negative: non-alien is mistaken as alien for fraudulent useFalse positive: genuine alien is mistaken as non-alien resulting into denial of service 5. Counter-measure: Protect identity providerSecure communication from end point to identity providerEnsure authentication result integrityConduct periodic system health-checkPerform regular patrol of parking lotPost terms of use and consequence of violation (e.g. tow away at vehicle owner's expense) ...

Insider

18th December 201817th June 2021 By cliang1 Comment

This is a popular topic in Board Room too. No matter how much cyber protection technologies are invested and deployed, controls always have insufficient coverage to deal with insider. According to PNNL Predictive Adaptive Classification Model for Analysis and Notification, it involves substantial data sources and derivatives to identify insider threats. This may be possible with big data but after all, who will watch the watcher? Source: PNNL - Predictive Adaptive Classification Model for Analysis and Notification: Internal Threat The line of defence shall be: Preventive controls as barrier (where technology is available and investment is justified)Detective controls as digital evidence (when events are reviewed effectively to identify offender)Administrative controls as management directives (when productive activities have higher preference over prohibitive measures)Corporate disciplinary process or contractual undertaking enforcement for offenderLaws & regulations as the ultimate deterrent ...