Category: Uncategorized

This law has undergone numerous revisions since it was first enacted in 1986, but Title 18, Sec. 1030 is clear on the point that using a computer to intrude upon or steal something from another computer is illegal. “There is no law that actually allows you to engage in an attack,” says Ray Aghaian, a partner with McKenna Long & Aldridge, and a former attorney with the Department of Justice’s Cyber & Intellectual Property Crimes Section.“

According to Ahlm, the companies tracking the bad guys collect vast amounts of data on Internet activity and can hone in on specific “actors” who engage in criminal activity. “Without touching or hacking the individual, they can tell you how trustworthy they are, where they are, what kind of systems they use,” says Ahlm.

While private companies cannot take offensive action with any such intelligence, they can use it defensively to thwart suspicious actors if they’re found to be sniffing around company data. “Based off your intelligence of who’s touching you,” says Ahlm, “you can selectively disconnect them or greatly slow them down from network access.”

In the grand scheme of fight-back tricks, this is one that causes relatively little harm but does a lot of good,” says Matthew Prince, co-founder and CEO. This company drew raves—as well as criticism—for creating a way to spam back at spammers, clogging their systems and preventing them from sending out more spam.

Hacking back can also have unintended consequences, such as damaging hijacked computers belonging to otherwise innocent individuals, while real criminals remain hidden several layers back on the Internet.

Link: http://www.pcworld.com/article/2038226/hacking-back-digital-revenge-is-sweet-but-risky.html

The most popular applications at this shipping company have many thousands of users, so at first having roughly 10 percent of your users operating as administrators may not seem like that big a deal. But users should always be lowest privilege level, and having an excessive number of application administrators is as bad as having too many OS administrators. Every additional admin doesn’t just increase his or her own risk; if they’re compromised, they add to the takedown risk of all the others.

But no one had thought to do the same analysis on the application administrators (at least not until I came along — that’s why they pay me the big bucks). Even when they compromise the passwords of the entire domain and all the network administrators, what they are really after lies on application servers, which is why application administrators can do you in. I’ve done a few of these audits; it’s usually easy to find the problem children, and you can eliminate a lot of them.

My favorite applications are the RBAC (role-based access control) ones where almost no one is an admin, and even the admins are limited in what they can do.

That’s why I’m as worried about how a company controls and audits application administrators as I used to be about OS and network administrators.

Link: http://www.infoworld.com/d/security/too-many-admins-spoil-your-security-218023?source=rss_security

1. Consistency
2. Continuous
3. Correlation
4. Contextual
5. Compliant
6. Centralization
7. Cloud

In this case, our working definition of “continuous” is unique for every organization and needs to be commensurate with their risk and resources.

Correlation: In the modern enterprise, there are simply too many silos of information, too many endpoints for access, too many variables of risk and not enough visibility or resources to properly protect all the assets of an enterprise. Correlation needs to tie together the cooperative capabilities of such tools as SIEM, Log Management, Identity and Access Management, malware scanning, etc… If security is about maintaining visibility, correlation would be its magnifying glass.

Compliance: The common thread for the alphabet soup that is compliance (HIPAA, PCI, FISMA, FFIEC, CIP, SOX, etc…) is the need to know who is logging in, accessing what assets and ensuring only the appropriately credentialed users can do those things. When you are dealing with sensitive information like credit card numbers, social security numbers, patient history/records, and the like, the need to have a strong and continuous monitoring initiative is not just a driving force to avoid fines, but it is the basis of good and trustworthy operation.

So much has been written about compliance and network security, so that all I will add is understand the responsibility you have towards customers, partners, employees, users, accurately calculate the risk in maintaining their information and vigilantly maintain the monitoring process that makes you a good steward of their trust.

The continual increase in daily network threats and attacks makes it challenging to maintain not only a complex heterogeneous environment but to also ensure compliancy by deploying network-wide security policies.

Addressing the issue from the cloud solves several pressing issues while providing the necessary heft to create the visibility to govern credentialing policies, remediate threats and satisfy compliance requirements across any sized enterprise. What’s more, all the solutions noted from above – from SIEM to Access Management—are available from the cloud.

Link: http://cloudcomputing.sys-con.com/node/2642497

Now is the time to consider dismantling the barriers that often exist between IT and physical security teams, so that evolving cyber risks can be tackled more effectivelyFor example, Verizon’s 2012 data breach investigations report found that ten per cent of breaches involve some form of physical attack, while a…

In all cases, good communication was the critical ingredient for success and resulted in the necessary funding, over a period of years, to establish and maintain a workable security program. To start the budget discussion, you must stress cost avoidance rather than profits and you will need hard, empirical evidence to depict the business risks and associated costs. Therefore, the best way to approach senior management to fund your cybersecurity program is to cast the expenditures using an ROI approach.

1. Set the foundation for security funding before you need it; and once established, keep it strong.
2. Don’t use scare tactics.

3. Establish your cybersecurity credentials within your organization.

4. Relate your security risks to the business.

5. Outline the need in plain English.

6. Develop a plan that meets the security needs but also considers financial constraints.

7. Once you get the funding, follow the plan you outlined.

8. Provide constant feedback on the security program.

9. Use outside resources to support your request.

10.Always emphasize that cyber security is not an “information technology” issue — it is an organizational risk management issue.

Link: http://www.csoonline.com/article/732053/10-tips-to-secure-funding-for-a-security-program?source=CSONLE_nlt_update_2013-04-21

Forensics folks have been doing this for years during investigations, but proactive continuous full packet capture – for the inevitable incident responses which haven’t even started yet – is still an early market. That’s a start, but you will likely require some kind of Big Data thing, which should be clear after we discuss what we need this detection platform to do.

We spent a time early in this process on sizing up the adversary for some insight into what is likely to be attacked, and perhaps even how. But once you do the work to model the likely attacks on your key information, and then enumerate those attack patterns in your tool, you can get tremendous value.

We have already listed a number of different threat intelligence feeds, which can be used to search for specific malware files, command and control traffic, DNS request patterns, and a variety of other indicators.

So you can search your security data infrastructure for almost anything you are collecting – or even better, for a series of events and/or files within your environment – quickly and accurately to narrow down your searches to the most likely attacks.

We have every confidence that big data holds promise for security intelligence, both because we have witnessed attacker behavior captured in event data just waiting to be pulled out, and because we have also seen miraculous ideas sprout from people just playing around with database queries.

You are clearly constrained in terms of internal capabilities (you will be looking for a lot of data scientists over the next few years), as well as the lack of maturity of technologies such as Hadoop, MapReduce, Pig, Hive, and a variety of others in the security context.

But companies seriously looking to detect advanced attackers within their environments will be capturing packets to supplement the other data they already collect, and subsequently starting to use Big Data technologies to mine it all.

Link: https://securosis.com/blog/the-cisos-guide-to-advanced-attackers-mining-for-indicators