Many will considered this to be a dead topic, especially when there are numerous articles extorting the virtues of technology solutions or that nothing is infallible, especially when we have young employees who use computers with careless efficiency. However, there are a few fundamental controls that will pay heaps of dividends if we do it right, yeah, the right thing:
1. No local administrative rights for end-users.
2. USB port and removable device lockdown for write access, including in-built flash media reader.
3. Lockdown of BIOS system and security configuration - BIOS administrative password required.
4. Enabled TLM Chip with Drivelock capability if the computer supports it.
5.
Tuesday, June 7, 2011
Friday, March 25, 2011
RSA Hacked - Beware of Attacks
RSA was hacked last week and insofar they have released sketchy information on what was compromised and how their corporate customers can truly protect themselves. Online clients of corporate Internet application such as Internet Banking and Trading applications provide the greatest financial gain for the attackers.
Since it has been a week, all corporate customers should be already prepared for the worst case scenario and in progress with their communication plans, replacement program for the tokens, and reset of user passwords. Login and user activity logs for the applications should be also monitored to check that online clients are not already victims of man-in-the-middle attacks, where userids and passwords can be harvested through fake intermidiary 2FA login page. MITM attacks can be achieved through various methods such as spear phishing or arp poisoning.
The underground hacker scene has been quiet, with nary a whisper on the RSA attacks, which give rise to suspicion that this is a pro job with very targeted objective and the stolen RSA materials are just a mean to an end. Let's hope that you are not their target.
Since it has been a week, all corporate customers should be already prepared for the worst case scenario and in progress with their communication plans, replacement program for the tokens, and reset of user passwords. Login and user activity logs for the applications should be also monitored to check that online clients are not already victims of man-in-the-middle attacks, where userids and passwords can be harvested through fake intermidiary 2FA login page. MITM attacks can be achieved through various methods such as spear phishing or arp poisoning.
The underground hacker scene has been quiet, with nary a whisper on the RSA attacks, which give rise to suspicion that this is a pro job with very targeted objective and the stolen RSA materials are just a mean to an end. Let's hope that you are not their target.
Thursday, March 17, 2011
5 Ways to Make Sure You Aren't the Next Wikileak
There are a lot of articles on Wikileaks in recent months, the latest being the leak on Japan Nuclear Plants....not good, and my heart goes out to my friends and colleagues in Japan now, Japanese or others.
This article by CIO website, focuses on five key tips to help your government agency or enterprise avoid being the source of the next Wikileak. Good reminders really.
http://www.cio.com/article/664945/5_Ways_to_Make_Sure_You_Aren_t_the_Next_Wikileak?source=rss_all
This article by CIO website, focuses on five key tips to help your government agency or enterprise avoid being the source of the next Wikileak. Good reminders really.
http://www.cio.com/article/664945/5_Ways_to_Make_Sure_You_Aren_t_the_Next_Wikileak?source=rss_all
Low Orbit Ion Cannon - DoS attacks
What a neat way to have script kiddies joining the people revolution. It's so easy, you don't even have the time to think about consequences any more.
It was reported that LOIC was used in Dec 2010 to attack the websites of companies and organizations that were openly opposing WikiLeaks. More than 30,000 download of the tools were reported to have occurred between 8 - 10 Dec 2010, and may have been routed through anonymization network such as Tor to remove traces. The success of the DoS attacks relies on an opt-in botnet within LOIC software, which volunteers the user's personal computer to be tethered to a single command server to launch the targeted attacks.
LOIC can be simply downloaded from SourceForge http://sourceforge.net/projects/loic/.
It was reported that LOIC was used in Dec 2010 to attack the websites of companies and organizations that were openly opposing WikiLeaks. More than 30,000 download of the tools were reported to have occurred between 8 - 10 Dec 2010, and may have been routed through anonymization network such as Tor to remove traces. The success of the DoS attacks relies on an opt-in botnet within LOIC software, which volunteers the user's personal computer to be tethered to a single command server to launch the targeted attacks.
LOIC can be simply downloaded from SourceForge http://sourceforge.net/projects/loic/.
What should HBGary have done using Google Cloud Computing Services
This is rich. The article is an excerpt of an interview that HBGary CTO Greg Hoglund had with CSO correspondent Robert Lemos in the aftermath of Anonymous breakin to HBGary email systems and to the super rootkits that Greg was developing.
The important message of this excerpt however, is on what to do if you have cloud computing services, especially with Google.
http://www.networkworld.com/news/2011/031711-hbgarys-hoglund-identifies-lessons-in.html?page=1
The important message of this excerpt however, is on what to do if you have cloud computing services, especially with Google.
http://www.networkworld.com/news/2011/031711-hbgarys-hoglund-identifies-lessons-in.html?page=1
Data Protection Compliance Survey
Read this article. It provides a summary of the Thales report "What Auditors Think about Crypto Technologies", which is based on sponsored research recently conducted by The Ponemon Institute. One key point of interest to me is the mention that the use of HSMs for encryption and key management reduces the time spent on demonstrating compliance with privacy and data protection requirements. The key word here is "compliance". It doesn't mean that it is more secure. In fact, IT organisations often thought that deploying HSM is the be all and end all, and often neglect key management. Key management to many of them means key generation and usage. Little thought is put on key expiry, rollover and renewal.
http://it.tmcnet.com/news/2011/03/17/5384344.htm
http://it.tmcnet.com/news/2011/03/17/5384344.htm
Mobile Banking?
An interesting survey done by Mobio Identity Systems for the North America market.
http://www.nearfieldcommunicationsworld.com/2011/03/17/36483/mobile-payment-security-concerns-put-brakes-on-m-commerce-market/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nfcw+%28Near+Field+Communications+World%29
How is it that DBS, Citibank and OCBC offers mobile banking apps on iPhone/iPad? Have they done their due diligence in addressing mobile computing security?
http://www.nearfieldcommunicationsworld.com/2011/03/17/36483/mobile-payment-security-concerns-put-brakes-on-m-commerce-market/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nfcw+%28Near+Field+Communications+World%29
How is it that DBS, Citibank and OCBC offers mobile banking apps on iPhone/iPad? Have they done their due diligence in addressing mobile computing security?
Subscribe to:
Comments (Atom)