Sharpening cyber defenses with an “attacker’s eye view”

To understand risk exposure, security pros gather and digest intelligence feeds about vulnerabilities, indications of compromise (IOCs) and other machine-readable data all the time. But real-time insight into what adversaries are seeing in underground forums, the dark web, social media and other sharing sites is hard to come by. Yet it is precisely this attacker’s eye view you need to gain a clear picture of your risk profile, to prioritize which threats are likely – even imminent – versus others.

With 411 breaches so far this year exposing 17,678,050 records, according to the Identity Theft Resource Center report, there is a growing need to use this insight to better inform and tune defenses. However, it takes more than downloading the TOR browser bundle or devising a good underground cover identity to access these sources and gather actionable intelligence. What can you do to avoid wasting time, keep your employers out of trouble with the law and make a difference in anticipating risk? It starts with understanding the intelligence gap that exists between you and your adversaries.

To read this article in full or to leave a comment, please click here

US agency tells electric utilities to shore up authentication

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.To read this article in full or to leave a comment, please click here

Technology Short Take #53

Welcome to Technology Short Take #53. In this post, I’ve gathered links to posts about networking, virtualization, Docker, containers, Linux, configuration management, and all kinds of other cool stuff. Here’s hoping you find something useful!

Networking

  • Anthony Spiteri, who works at an Australian service provider running NSX, has some in-depth articles discussing vShield Edge and NSX Edge (part 1, part 2, part 3, and part 4). Anthony discusses features supported by both, how they handle high availability, how VPN services work, and how to handle certificates. It looks like very useful information for anyone supporting NSX in their environment.
  • Here’s a nice article on using Ansible with Arista EOS. This isn’t something I’ve had the chance to do just yet (currently needing to focus my efforts on Ansible with Linux/Cumulus Linux), but it certainly seems relatively straightforward. Without having done this myself, it seems like I’d prefer to run pyeapi on the switches directly, so the Ansible configuration remains clean (instead of having to use a local connection for the switches but SSH for everything else). Of course, I’m sure there are trade-offs each way.
  • I think I’ve mentioned this before (it’s really hard to Continue reading

Researchers create P2P Alibi Routing to avoid censorship and government surveillance

A team of University of Maryland Institute for Advanced Computer Studies (UMIACS) researchers developed "provable avoidance routing" that they call Alibi Routing; it's an overlay routing protocol that provides Internet users with a method to avoid sending their data through countries known for their censorship. Users specify where they want their packets NOT to go and Alibi Routing can provide "concrete proof" that users' data did not pass through "undesired geographic regions."The researchers unveiled Alibi Routing at the 2015 Association for Computing Machinery Special Interest Group on Data Communication (ACM SIGCOMM) conference. The research paper (pdf) "introduces a primitive, provable avoidance routing that, when given a destination and region to avoid, provides 'proof' after the fact that a packet and its response did not traverse the forbidden region. We rely on the insight that a packet could provide an 'alibi'—a place and time where it was—to prove that it must have avoided the forbidden region in transit from source to destination."To read this article in full or to leave a comment, please click here

Wyndham vs. FTC: Corporate security pros need to lawyer up about data breach protection, experts say

Corporate security executives need to meet with their legal teams to find out whether the way they protect customer data will keep them out of trouble with the Federal Trade Commission should that information be compromised in a data breach.Based on a U.S. Circuit Court of Appeals decision yesterday, the best course of action is to learn what kinds of actions the FTC has taken in the past – and why - against companies whose defenses are cracked and whose customer data is stolen. Lisa SottoTo read this article in full or to leave a comment, please click here

Certifi-gate flaw in Android remote support tool exploited by screen recording app

An application available in the Google Play store until yesterday took advantage for months of a flaw in the TeamViewer remote support tool for Android in order to enable screen recording on older devices.The app's developer discovered the vulnerability independently from security researchers from Check Point Software Technologies who presented it earlier this month at the Black Hat security conference along with similar flaws in other mobile remote support tools.The Check Point researchers dubbed the issues Certifi-gate because they stem from failures to properly validate the digital certificates of remote support apps that are supposed to communicate with privileged plug-ins installed in the system.To read this article in full or to leave a comment, please click here

How a Cisco SE Navigates Cisco.com

At the time that I’m writing this I’ve been working at Cisco for just over 3 years as a Systems Engineer. Prior to that I worked for multiple Cisco customers and was heavily involved in Cisco technologies. I know what a monster cisco.com is and how hard it can be to find what you’re looking for.

Since starting at Cisco, the amount of time I’ve spent on cisco.com has shot up dramatically. Add to that studying for my CCIE and it goes up even more. In fact, cisco.com is probably the number 1 or 2 site I visit on a daily basis (in close competition with Google/searching).

After spending all this time on the site and given how vast the site is and how hard it can be to find that specific piece of information you’re looking for, I’m writing this post as an aid to help other techies, like myself, use the site more effectively.

Layout of this Post

This post is structured to follow (part of) Cisco’s network design lifecycle as a way to help you parse this post later on when you need a quick reference. The sections are:

Worth Learning: The Power Grid

Stop mulling over the latest (now dead) command line, and learn something useful. If you work in networking, you work with electricity. But how many people really know how the power grid works? Even though I have relatives and friends who’ve worked in the power industry all their lives, I’m still learning new things about the grid, and the way it works.

Four items of interest in this area for today.

A really short and simple video

A longer, boring video with lots of presentations and details

An interesting paper on coal to data

An article giving the other side of the renewable hype

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Learning: The Power Grid appeared first on 'net work.

This WAN Is Your WAN, This WAN Is My WAN

Straw Bales on Hill Landscape, Tuscany, Italy

Straw Bales on Hill Landscape, Tuscany, Italy

Ideas coalesce all the time in every vertical. You don’t really notice it until you wake up one day and suddenly everything around you looks identical. Wireless becoming the new access layer. Flash storage taking hold of the high end performance crown. And in networking we have the dominance of all things software defined. One recent development has coming along much faster than anyone could have predicted: Software Defined Wide Area Networking (SD-WAN).

Automatic For The People

SD-WAN is a force in modern networking because people want simplicity. While Ivan does a great job of decoupling marketing from reality, people still believe that SD-WAN is the silver bullet that will fix all of their WAN woes. Even during the original discussions of SD-WAN technology at conferences like ONUG, the overriding idea wasn’t around tying sites together or driving down costs to the point of feasibility. It was all about making life easier.

How does SD-WAN manage to accomplish this? It’s all black box networking. Just like the fuel injector in your car. There’s no crying about interoperability or standards-based protocols. You just plug things in and it all works, even if Continue reading

Five signs an employee plans to leave with your company’s data

A global high-tech manufacturer had reached its boiling point after several of its sales reps left the company unexpectedly and took with them sales leads and other data to their new employers.The company needed to stop the thefts before they happened. So the company hired several security analysts who manually looked at the behavior patterns for all sales reps working on its cloud-based CRM system, and then matched them with the behaviors of those who ultimately quit their jobs. What they were able to correlate was startling.Sales reps that had shown a spike in abnormal system activity between weeks nine and 12 of a financial quarter generally quit at the end of week 13 – in many cases because they knew they weren’t going to meet their sales quotas, says Rohit Gupta, president of cloud security automation firm Palerra, which now works with the manufacturer.To read this article in full or to leave a comment, please click here

Vint Cerf: ‘Sometimes I’m terrified’ by the IoT

Vint Cerf is known as a "father of the Internet," and like any good parent, he worries about his offspring -- most recently, the IoT."Sometimes I'm terrified by it," he said in a news briefing Monday at the Heidelberg Laureate Forum in Germany. "It's a combination of appliances and software, and I'm always nervous about software -- software has bugs."The Internet of Things will offer the ability to manage many of the appliances we depend on, acknowledged Cerf, who won the Turing Award in 2004. With its ability to continuously monitor such devices, it also promises new insight into our use of resources, he said.INSIDER: 5 ways to prepare for Internet of Things security threats Devices such as Google's Nest thermostat, for instance, can "help me decide how well or poorly I've chosen my lifestyle to minimize cost and my use of resources -- it can be an important tool," he said.To read this article in full or to leave a comment, please click here

Vint Cerf: ‘Sometimes I’m terrified’ by the IoT

Vint Cerf is known as a "father of the Internet," and like any good parent, he worries about his offspring -- most recently, the IoT. "Sometimes I'm terrified by it," he said in a news briefing Monday at the Heidelberg Laureate Forum in Germany. "It's a combination of appliances and software, and I'm always nervous about software -- software has bugs." The Internet of Things will offer the ability to manage many of the appliances we depend on, acknowledged Cerf, who won the Turing Award in 2004. With its ability to continuously monitor such devices, it also promises new insight into our use of resources, he said. Devices such as Google's Nest thermostat, for instance, can "help me decide how well or poorly I've chosen my lifestyle to minimize cost and my use of resources -- it can be an important tool," he said.To read this article in full or to leave a comment, please click here

1 3,348 3,349 3,350 3,351 3,352 3,844