The Forgotten Place #5

By cliangNo Comments
It is self-explanatory. There are similar faults posted previously. Risk of consequence must be understood before deploying information automation tool. If the display is for information of the mall, failure does not matter much and at most the reputation of the management office. But if the display shows real time high value trading, failure will cause substantial direct and indirect financial impacts. Direct is the loss of opportunity to conduct transaction by the users of the display. Indirect could be claims thru litigation by users of the display causing their direct loss due to this failure. Technically, multi-displays are deployed for resilience. From policy perspective, users must sign usage agreement to undertake consequence due to machine failure and disclaim the service provide for any direct or indirect losses. ...
Read More

Address

By cliangNo Comments
There is a key difference between physical and cyber worlds. In physical world, addresses for non-military areas are public. You have to label your apartment properly so that mail from postage service or goods from courier will not miss the destination. Major map service providers have the information online for public accessibility. In cyber world, IP address is sensitive information and securely protected in document, electronic information transfer. This is because if threat actor has landed in the internal network, the first thing is to conduct reconnaissance in understanding what are network nodes present, then trying to reveal its OS footprint in deciding what could be exploited. If IP address (and even worst with the host information, like in network diagram) are disclosed, it will save threat actor substantial amount of work in the discovery phase. However, whatever protections are imposed, it is just a matter of making the penetrating more difficult. There are always new threats, vulnerable OS, vulnerable software...
Read More

Security By Trust

By cliangNo Comments
In physical world, we trust this glass roof is safe and secure to walk on because there are underlying processes to sustain its safety: Regular inspection and maintenance Regulatory requirement for license issue and renewal 3rd party insurance etc. In addition in building this infrastructure, the design will cater for the intended loading with safety margin, wind speed, anchor points stability plus build it per engineering standard to ascertain the quality. We will therefore have no doubt and trust these arrangements are in place and safely step on it. In cyber world, things are different. There might be cybersecurity standards as foundation but the design and build will require competent practitioners. Even there is comprehensive verification tests before commissioning, there are always new cyber threats requiring recurring effort to sustain the protection effectiveness. Deception to lurk victim into malicious web site to compromise the device or application will further complicate the situation. Then, how do we stay secure in the cyber world? It's a very...
Read More

Welcome

By cliangNo Comments
When we establish usage terms, we must consider the consequence and adopt the most appropriate wordings. Similar to other system settings, do not take default even for logon banner. In the past, there was incident threat actor penetrated into FTP server but caught. There is no legal ground to indicate this is unauthorized activity because the FTP server gives "Welcome to xxx FTP server, …" upon logon. There is no explicit wording of unauthorized usage will be prosecuted. So, there is the need to have holistic review what are default settings come with the software or application, review and revise accordingly. ...
Read More

Time

By cliangNo Comments
Time is an interesting phenomenon. It dominates everything both in physical and cyber worlds. All living individual or objects are under influence of time: getting aged. All data traffic are regulated with time as base reference for synchronization and handshaking. Everyone has equal amount of time. Time cannot be borrowed nor saved for later use. Time is abstract that cannot be touched nor felt its existence. That said, how do we deal with time? This is really use case based. In time-sensitive action, time is kept down to micro or nano second. Examples are stock trading transaction and racing. In certain case, "coarse" time reference may be used like the illustration that hour indication is sufficient - morning, afternoon, evening or night time. It all depends how time reference is deployed in the use case, and how time measurement is secure to maintain integrity. Inevitably, a comprehensive risk assessment (not just cyber but the business as a whole) is required to understanding risk...
Read More

Search & Destroy

By cliangNo Comments
This is typical blacklisting approach. Anti-malware protection is installed in the computer. It stays resident in the kernel and actively looking for file changes, I/O behaviors against known signature then destroy (or neutralize) the malicious actions. The practice also include periodic search all files in the computers to detect if any malware prior to detection signature release has already resides in the computer. Now, technology has evolved into auto-signature generation from OEM (i.e. upon receipt of malicious sample, new signature will be added), heuristic detection. This sounds comprehensive protection. But we must not forget the signature update must be frequency and its legitimacy. Other than using a fradulent signauture, legitimate signature sometimes will cause system fault. As an organization, anti-malware protection must be centrally managed, i.e. collect event logs, deploy signature update to relax burden of end users. A sandbox will be needed to test new signature before deploy to all computers in order to minimize the risk of service interruption. ...
Read More

Orchestration

By cliangNo Comments
One of the pain points in cybersecurity is the protections are always choosing the "best of breed" technology. This is fine except each technology has its own protection management tool, GUI, dashboard. As as result, SOC or IR personnel will need to dive into each cyber protection solution and analyze time of sequence event. Orchestration technology is available to consolidate logs from various log sources to make life easier. However, cautions must be exercised: Are extra investment or recurring operating costs properly funded and ready? The ROI might result into workforce reduction to justify the deployment. That means some one might lose the job. How are the integration done? Will this breach network zoning? Last but not the least, how to validate the solution is successfully deployed as a means of acceptance criteria. ...
Read More

Trust #4

By cliangNo Comments
A machine in the corner of the mall for digital currency exchange. Whether you use it or not is a kind of risk taking because you don't know what is behind the machine, who operates it, any proper business license to protect your money if things go wrong. In digital world, we must not solely put focus just on cyber protection. Every aspect counts towards a secure business model. From the digital currency operator's perspective, secure cyber protection is not enough. Physical security, anti-tampering to manipulate network connection, I/O port interfaces and so on are all attack vectors. From he customer perspective, trustworthy of the machine is the prime concern. ...
Read More

Physics #3

By cliangNo Comments
In automation world, cyber components control the machinery or the physical portion. Examples of machinery are turbine, passenger lift, vehicle, vessel, aircraft, vehicle, entry control etc. I have seen certain cyber security practitioners who solely put focus on the cyber part and ignore the physical part. That's no ideal. We MUST treat both portions with sufficient protection and good operating conditions. If the components are very cyber secure while the physical wear and tear conditions are ignored, this is just like the "operation is successfully but the patient is dead". ...
Read More

Protocol

By cliangNo Comments
Protocol requires proper data format and valid ranges in different preset fields per design to work properly. Threat actors are trying to manipulate the different fields and data ranges in order to exploit weakness of underlying process to handle the protocol. Just like the illustrated locks. It allow dual admins to unlock it where each admin has own access key. If a "malicious" admin who does not follow the protocol to make the locks in series but putting them in parallel, then access is denied to other admin because unlock will require both keys at the same time. Therefore, when we talk about security, there are lots of considerations: robustness of the process enforceable by strong technology with people acting honestly and all driven by laws & regulations (or organization policies). Protection is beyond encryption, firewall, system hardening. These are evadable.Most said human is the weakess link. Yes, this is still true but we must include factors like Incompetent cybersecurity practitioners providing recommendations without...
Read More