Deep Packet Inspection (DPI)

By cliangNo Comments
As cyber attacks have already moved from network layer to application tier, DPI is a must to examine contents to detect malicious intention. Some technologies (like web proxy) even break the TLS for content inspection incurring cyber threats from user perspective that https is no longer trusted to be secure. In a corporate environment Privacy is not guaranteed via a blanket statement by consent to being monitored when start using the IT facilities, e.g. displayed in logon banner. As an user, check the site certificate if issued by site owner or another party to understand if traffic is being intercepted For network in public Usually connectivity is via WLANYou have no idea what is behind the infrastructure, whether it has been maniuplated for malicious intention. So, follow the OS platform recommended public network profile upon connection -- Don't allow your device being discovered -- Disable folder sharing -- Setup another web browser without login credential saved for general web surfing -- Never use insecure...
Read More

Expectation & Limitation

By cliangNo Comments
Every technology has its own limitation. Don't just listen to Sales or look at Product Brochure. Their tactics are to highlight what are the strengths or success stories of the desirable protection scenarios and hide limitations. There are many examples of limitations quoted in previous blogs: Is network anomalies detection able to spot "missing" but not extra among "unusual" traffic from baseline profile?Is company "authorized" USB drive effective for DLP or limiting malware?Is Touch ID really secure,,, etc. Understand the technology what works and what doesn't. Set stake holders expectation for limitations and the required compensating controls. Voice these out before recommending the protection technology if really fit for adoption. ...
Read More

Trust #2

By cliangNo Comments
When Internet is just launched to the consumer market, it's costly. Need to subscribe the service from your local Internet Service Provider (ISP) and connect from home via telephone line with dial-up modem. Both bandwidth and data volume are limited. Technology advancement makes the Internet become a default facility for the community. Free wi-fi hotspots and free Internet kiosks are available. The important thing to note - do you trust these platforms? Even though the providers do not have malicious intend, are these devices secured from planting malicious tools to capture sensitive information? If you need to use Internet like this, limit to just web surfing without login to search information. Always bring your own device as an integral part of your wallet when travelling. Use a VPN gateway service if possible to defeat MITM (Man-In-The-Middle) attack because certain web proxies are able to intercept TLS (Transport Layer Security, or https) traffic for content inspection. You...
Read More

Real Image

By cliangNo Comments
Virtualization is great technology deployed in ICT (or even ICS). There are many merits for live system or application development but we must not forget: It is still the same platform subject to regular cyber maintenanceSame cyber protection like removing unused applications, disabling unused system services, using least privilge session to run application etc.Regular backup for recovery provision to minimize unplanned service interruption: whether conventional backup approach or real image of the virtualized environment ...
Read More

Technology

By cliangNo Comments
Technology helps avoiding mistake, operating continuously and enforcing certain outcome. However, technology is designed and deployed by human. There must be faults during the above process (that's why we have patch Tuesday or so). In the illustrated vault, it has thick door and wall. That should be strong to withstand theft, physical attack or natural disaster to secure contents stored there. If the access to vault is not well managed, then the intended protection will be void. ...
Read More

Manual Control – Rare to Find

By cliangNo Comments
Yes, it is and mostly replaced by automation which is everywhere nowadays: Be seen like car park entry/exit control, house hold appliance, lift or escalator in building Behind the scene like cruise control in vehicle, electricity transmission and distribution Automation means controls are managed and executed by components with prebuilt intelligence. Unlike ICT dealing with solely information processing, automation influences physical process or object movement. If such intelligence has fault or being manipulated maliciously, adverse consequence will be resulted. Secure by design, regular cyber maintenance and periodic assurance are necessary to sustain healthiness of the automation system for intended operations. ...
Read More

Operation Risk #2

By cliangNo Comments
Part of the critical infrastructure is in close proximity for public access. Two main types of attacks causing service interruption. Cyber attack takes advantage of launching behind the scene anywhere. Contributors for successful attack include but not limited to: Lack of cyber protection including detectionVulnerable systems and applications using configuration defaults or outdated versionInsufficient control over remote access However, the facility is also subject to physical attack because of the "weak" perimeter. Prevention is not effective but relying detection to respond, sufficient resilience to maintain service. Therefore, the asset owner needs to Firstly identify or categorize the value and impact of the asset The next is to deploy effective counter-measures and the protection focus should not be just in cyber sense though this is always hot topic exaggerated by media and mostly exploited by vendors to create FUD in convincing asset owner to adopt their solutionsPhysical security, equipment faults, general tear-and wear are equally important to consider ...
Read More

Warning Message

By cliangNo Comments
We are more cautious about warning messages in physical world to keep ourselves safe from risk of fatality. In cyber world, we should use the same attitude. If there are system warning messages (e.g. malicious files or threats detected), we have to be vigilant or refer to persons with sufficient knowledge what's about. However, be also cautious about fake messages to lure victim installing unnecessary ad-ware or even malware. It's important to maintain your computing platform with: Latest version with security patchesAnti-malware protection from known sources with sound rating from the cyber communityHost-based firewallNon-administrative rights in logon session Further, have home router to act as certain network perimeter between your computer and the untrusted Internet; if you are using mobile device, consider to subscribe cloud based proxy for protection. ...
Read More

Perimeter #2

By cliangNo Comments
Perimeter is intended to control and scrutinize access. Now, systems are interconnected and standalone system is no longer considered effective. This will then expose the attack surface. Example is port 80. You have web site for point of presence in the market. Web site needs to allow anonymous access, or the Internet surfer. Though firewall is deployed, the web port (TCP 80, 443 or whatever is required) must be opened. Attack then shifts to application like injecting malicious contents passing thru the network layer, submitting large amount of requests to slow down or corrupt the system, manipulating client side data and resubmit to back-end. Counter-measures will then require Software Secure Development LifecycleSecure configurationRegular security patches and upgradesPeriodic comprehensive assessment (indeed, some industries mandate this)Situation awareness for different types of roles involved ...
Read More