Distance #2

By cliangNo Comments
Keeping distance on the road avoids accidents causing injuiry or fatality due to sudden situation changes. Keeping social distance avoids pandemic spreading among group of people. Similarly, keeping network distance will be cyber safer as it makes cyber attack harder. Network distance is established via defence layers between untrusted network and the target resources so as to drop or neutralize unintended traffic. The more layers, the more network distance that network traffic has to go thru to reach the destination. Layers, for example, are: Network perimeter (firewall, proxy, IPS, IDS)Application gateway (reverse proxy, DPI)Platform hardening (folder permissiom, white list/black list, no unused modules nor system sevices)System application hardening (change default setting, deny unauthenticated request)Business application hardening (observe good coding practices) While adding layers, don't forget to assess if network latency will be introduced affecting specific applications. Last but not least, all these layers shall have latest version and apply least privilege to combat threat actors as much as possible. ...
Read More

Visibility #3

By cliangNo Comments
Below the iceberg, there is a large portion that is out of sight. That's why it is dangerous for vessels when approaching an iceberg. You need to keep a safe distance from it to avoid hitting it. The iceberg is often used to illustrate the dark web. The visible part is WWW (World Wide Web), below is the deep web then further down the dark web. The general perception on dark web is bad or associated with cyber criminals. However like penetration test tools, the tools can be misused to attack other computers but also to serve as a means to uncover infrastructure weakness for cybersecurity enhancement. The difference is between unauthorized and authorized intention. In the case of dark web, the usefulness might be Understand how the underground market business model operate, what are on sales such that you will revisit how to secure these cyber assets in your own environmentUncover if your or corporate information is there for sales ...
Read More

Design & Build #2

By cliangNo Comments
A deployed function looks not elegant. Is this due to design problem, or deployment is not in accordance to the design? Fixing it will be costly without retrofit. Similarly, this happens to cyber protection. Protection effectiveness will be degraded or even none if improper design, or incorrectly deployed. To address this pitfall, comprehensive assessment from design, configuration check before commissioning and regular health check at O&M stage are necessary. Even if the system has not been changed, the external threat landscape has evolved and need to strengthen control to protect. ...
Read More

Access Control #3

By cliangNo Comments
Controlling cyber (or network) access is always a main concern to limit threat vectors for lateral movement once they have gained a stepping stone within the infrastructure. The physical access aspect must not be forgotten. No matter how sophiscated controls are implemented and in place, if the core equipment is exposed to access at wish, this will defeat all these cyber controls. Bear in mind that all controls are to defer the access as much as possible. There is no bullet proof solution. A comprehensive risk assessment against the target of evaluation is very important to develop effective compensating controls. ...
Read More

Anonymity

By cliangNo Comments
Privacy is a major concern nowadays. Sensitive info need to be tokenized or masked while leaving functional info unchanged during business analytic or conducting system tests. Nevertheless, a function might be uniquely provided by a particular individual within the information sample. In this case, even if the identity is masked, the functional aspect can also traced back to that particular individual. This is something like weak hashing function subject to reversible attack. This is the situation to watch out and need to voice out the limitation to data subject and data owner. ...
Read More

Life Cycle Management #2

By cliangNo Comments
Like in physical world, automation components do have life time. Example is mechanical attributes of traditional hard disk drive, they are also subject to wear-and-tear during operating life. Storage technology now uses solid state without mechanical portion, we must not forget the underlying platform and applications. Apparently they won't have wear-and-tear operating condition, but the advancement of technology adoption will introduce obsolescence of the platform and applications. From vendors perspective, they will retire products not longer fit for purposes in the market and therefore drop resources to support. Hence, even if your automation components are still operating with minimal wear and tear condition, these components will still need to be refreshed for new version, bugs / vulnerabilities fixed, continuous vendor support in order to maintain the business outcome. Proper life cycle management of the ICT/ICS components cannot be overlooked. ...
Read More

Distance

By cliangNo Comments
Keeping social distance is recommended to avoid virus infection of COVID-19 attack. Similarly, cyber distance takes the same concept to minimize or slow down cyber attack. The cyber distance is done by incorporating perimeters at multiple layers in network and applications. Don't forget the human awareness and usage behavior are the added layers too. ...
Read More

Assumption #2 (2nd topic)

By cliangNo Comments
No matter individual or enterprise, there are information stored in the cloud. The pre-requisite to use cloud is the communication line from your end point to the hosting location. Most rely the as-built cyber protections like TLS, 2-step authentication offered by the provider. No doubt, these are deemed secure. But if your information is of high value, you need to consider the appropriate level of extra layers, e.g. single tenancy, dedicated hosting location with physical access control,  further end-to-end communication encryption, database level encryption or tokenization, periodic security assessment, regular situation awareness to keep your people from being victim of spear phishing attack. All these don't mean 100% security but to demonstrate your due diligence to secure your data....
Read More

Cyber Footprint

By cliangNo Comments
We are living both in the physical and cyber worlds and these worlds are closely coupled. We have left lots of cyber footprints - posts in social media, emails to others, auto-toll road, facial recognition via video analytics by surveillance camera, RFiD cards in the pocket, cell phone IMEI with location service, electronic identity of many, purchase preference, web browsing habit, medical & education history ... not to mention those event logging.  All these can be traced back to an individual, if intended. An individual might also locate the peers from cyber world to reach out physically.  Common example is proposed contact by social network via your connected friends. Machines are also controlled by automation where these controls are "living" in the cyber world. Performance of machines are feeding back to machine learning to improve physical operational efficiency. Unless you stay in the wild completely off the grid, hunting and farming for food, using natural fuel, living in a closed & trusted community without electronic...
Read More

Penetration

By cliangNo Comments
Cybersecurity is becoming commodity skill and therefore same terminology will have different interpretation by different parties. Pick penetration test (pTest) as an example. For beginners they simply pick up automated scanner then scan the network and hosts. Whatever reported in the scanner and recommendations are their findings and that's all. A more skillful pTester will review the reported finding, validate its applicability with owner for a practical and achievable follow up before reporting. A professional pTester will go beyond further. Before engagement Understand what is the target of evaluation Advise owner the risk of doing automated scan rather than blindly perform the scan because others say so Agree on approach of execution to set expectation Agree on picking representable samples to manage resources (for both sides) Determine where to place the scanner - before or behind any network perimeter Before execution Load scanner with updated signature and agree on types of test (brute force password attack? DoS test?) Validate target node is accessible ...
Read More