Protocol

By cliangNo Comments
The road is clear and why are these pedestrians waiting for? This is because all road users need to observe the protocol in the road system to keep alive. Similarly, we need to observe protocol in the cyber world to keep secure. Examples are: Maintain access credential secret and renew regularlyActivate 2-step authentication if identity provider supportsBeware of emails that appear legitimate requesting for sensitive or personal informationBe alert for too good to be true rewardsAvoid using shared computers in the public that anyone can accessAvoid plugging into USB power ports in public to charge your portable devices (cell phone, tablet)etc. ...
Read More

Policies #3 (From Directive to Enforcement)

By cliangNo Comments
1. Use case Authenticate the user of parking is "Aliens" status, a yes/no decisionGrant usage durationDisclaim loss/damage responsibilities 2. Enforcement If yes: allowIf not: rejectIf violate: consequence 3. Somehow, vulnerabilities exist: Identity provider is compromised Method of authentication is circumventedResult of authentication is manipulatedBarrier to the authorized resource (parking lot) fails and being bypassed without authentication 4. Consequence: False negative: non-alien is mistaken as alien for fraudulent useFalse positive: genuine alien is mistaken as non-alien resulting into denial of service 5. Counter-measure: Protect identity providerSecure communication from end point to identity providerEnsure authentication result integrityConduct periodic system health-checkPerform regular patrol of parking lotPost terms of use and consequence of violation (e.g. tow away at vehicle owner's expense) ...
Read More

Insider

By cliang1 Comment
This is a popular topic in Board Room too.  No matter how much cyber protection technologies are invested and deployed, controls always have insufficient coverage to deal with insider. According to PNNL Predictive Adaptive Classification Model for Analysis and Notification, it involves substantial data sources and derivatives to identify insider threats. This may be possible with big data but after all, who will watch the watcher? Source: PNNL - Predictive Adaptive Classification Model for Analysis and Notification: Internal Threat The line of defence shall be: Preventive controls as barrier (where technology is available and investment is justified)Detective controls as digital evidence (when events are reviewed effectively to identify offender)Administrative controls as management directives (when productive activities have higher preference over prohibitive measures)Corporate disciplinary process or contractual undertaking enforcement for offenderLaws & regulations as the ultimate deterrent ...
Read More

Insecurity

By cliangNo Comments
Road system in physical world is designed for safe (secure) use - sign board, speed limit, road shoulder, proper lane separation. There is occasion insecurity taking place.  There are many contributing factors such as: Adverse weather (low visibility, slippy road, hurricane) Malfunctioned equipment (vehicle) Collateral damage due to other road accidents Body condition of driver, under medical or drug influence Inexperienced or negligence drivers Similar principles apply in cyber world Untrained user or human error Failure to handle exception situation properly Unpatched system components exposing to known vulnerabilities Attack from peers nodes of connected system There is one more contributing factor: if security hasn't been integrated into design and deployment of the target system, it won't be secure....
Read More

The Race

By cliangNo Comments
It's about attack and defense in the cyber space. In early days, breaking login is via password brute force attack to try every combination. Then, password settings are imposed to enforce password complexity, password history, password age, account lock out etc. Rainbow table comes into the scene.  All password combinations are pre-computed into its equivalent hash to match the collected irreversible hash.  Break-in is then fast. Salt and pepper are then added to the password hash as counter-measure to rainbow table. Pass-the-hash will defeat the salts as the authenticated credential is cached in memory.  By installing persistent backdoor and listen to admin login, grab the hash then traverse via the network. So, the race continues.  And no matter how advance the cyber protections are deployed, a negligent user with unattended login session will render all these useless. Therefore, educating user for proper discipline and usage in the cyber space is the number one defense....
Read More

Cyber Citizen

By cliangNo Comments
We are really living in the cyber era.  From early childhood, kids will touch on device, get connected or even act in the cyber world. Like physical world, the parents (or school) must educate the good practices in the cyber world, just like to understand and observe the road protocols.  The aim is to avoid getting hurt by careless road users - whether the careless road users are others or self....
Read More

Access Control #2

By cliangNo Comments
Access control is intended to allow only authorized subject to reach the protected resources. A comprehensive assessment including penetration test (network and physical), or Red Team Testing, is necessary to evaluate the effectiveness of the control and identify weaknesses like: Misconfiguration System defaults Normal operations run via high system privileges Unpatched systems or components Inherent back door Staff lack of awareness Phishing victim Unattended equipment Unattended login session Insecure entry points (both network and physical) via brute force ...
Read More

Neighborhood

By cliangNo Comments
As if in physical world, mutual support and care are important to maintain safety in the cyber world. Unlike physical world, we might not "see" our neighbors nor their houses.  But the merit is that even if we are far away physically, we can still take care of our cyber neighbors. Things like these we can do: Notifying our cyber neighbor when that cyber identity is likely compromised and launch phishing attack Sharing near-miss cyber incident to alert others from falling into the same scam Not forwarding threat info received from untrusted sources in creating unnecessary network traffic or panic ...
Read More

Mistaken Identity

By cliangNo Comments
This is to attack trust based on some one you know. In physical world, this is harder as you will recognize the person by appearance unless via impersonation like those in "Mission Impossible". In cyber world, email and social network ID are easier for spoofing, not-to-mention compromised identity are on sales in the dark web. Therefore, Part-1: protect your cyber identity.  Even if you consider such cyber identity doesn't harm yourself, it could cause collateral damage to those who know you Part-2: now, you are cautious about your cyber identity.  Establish preparedness to manage the situation when you suspect your cyber identity is compromised for malicious intention Part-3: from a 3rd party perspective, when you receive "unusual" request(s) from cyber identity for those you know or appeared as legitimate, validate their request(s) via other trusted communication channels (like phone call, or official web link) ...
Read More

The Human Factor

By cliangNo Comments
Email becomes part of our life in both cyber and physical worlds.  We execute actions in physical world based on email context in cyber world. Email is an example of mixed information classification because the sensitivity is content driven.  Therefore, applying protection per the highest sensitivity requirement will be the one-size-fits-all solution.  Typical email technical controls are S/MIME, TLS, RMS, 2FA etc. No matter how secure the protections are applied, a negligent but legitimate business user will defeat them all. Educate the consequence of improper usage will uplift the human awareness, and becoming the first line of defense....
Read More