Ok it's officially a series, there are two of them.
In this series I am doing a little poking fun at the computer companies we love, for fun and as an exercise in free speech. I guess I survived the expected attacks from Apple fanbois so is there anyone who expected me to let Microsoft off the hook?
Don't expect any fast breaking news, I'm just having fun here.
Bill Gates' brain child Microsoft the publisher of the Operating systems and Productivity tools. DOS and Windows, the most un-unix of the Unix family.
Also know for a time as "the evil empire" and
Microsoft was initially known for another thing, BASIC. Not that their stuff is basic but that they made BASIC for Unix, DOS, and other platforms. VB.net now but BASIC is not just a basic programming language, most people forget what it stands for, Beginners All purpose Symbolic Instruction Code. Yes, Beginners and Instruction, so, for people who don't yet know how to really program to learn with and eventually move on to a "real" programming language like say Forth or Lisp (or C, Java, VC#...) but somehow people forgot that they weren't using a real language and now half the world runs on VB, thanks Bill.
The founder of Microsoft is the ultimate geek's geek. He made the tools that a lot of us geeks use to make tools for real people. I follow his example and make tools using his tools for other geeks to make tools. I think that makes us all tools.
Bill Gates, the ultimate ladies man, skinny, paste white skin, but lots of money.
Microsoft, known to some as "The Evil Empire" because of their long running battle with those people who would have all information and software free (as in speech not necessarily as in beer.)
They got this name for a lot of things, destroying Netscape, Novel Networks, Borland Compilers and trying to kill Linux. They lost a battle about abusing their monopoly in desktop computers and in Europe about what web browser people use but they still hold the top spot in Desktop computer OSs although they lost the battle for mobile platforms to Android and iOS. I still think that Windows Mobile 6.5 is the best mobile OS but I am just 1 person and apparently it is "too computery".
So what did Microsoft do? They changed their mobile OS to be much more dumber down (but apparently not as dumbed down as iOS and Android since it still doesn't sell) and then tried to put that mobile OS on the computers on our desktops. Apparently you shouldn't make computers less computery as it didn't catch on and so they got so befuddled by that they forget how to count. Yup Windows 7, Windows 8, Windows 10. Either they switched to Base 9 counting or some have suggested "7 ate 9".
It's OK they forget how to count in previous occasions as well, notably with Excel 2007. (850*77.1 = 65535 Not 100,000)
One of the more innovative things to come from Microsoft in recent years is Patch Tuesday. One day a month everything that needs a fix delivered to your desktop all at once to every desktop system world wide. One day a month for all IT folks to panic and hope the latest rushed out fixes don't break every system in their networks. Thanks Microsoft.
There you go, Microsoft, what would we do without you.
Saturday, January 24, 2015
Cyber Security stats from Surveys (I found them shocking)
Survey from EiQ Networks: (sample size not as
big as I would hope.)
Some
startling statistics, just 15% of IT people think they are prepared for a
security breach. Just 21% think that what they have in place can
mitigate the risk.
Only 80% about
use a firewall (Another survey put this at 87%.) Only 28% are using host based firewalls. (You have to use both or one system being compromised suddenly becomes every system is compromised.) Only 2 thirds use
anti-virus. Only 60% use some type of intrusion detection, mostly just
watching logs.
Only 60% have even a partial process to respond to an attack and only 30% think that process is solid.
Another
survey from ISACA (bigger sized survey) shows that 67% of it
professional have heard of APTs but half of those think they can protect
against them.
And the people who think they are ready to
protect their networks from an APT are relying on the things that don’t
work against APTs, Firewalls and Anti-virus. Like the keys to your house
these things only work against the regular run of the mill threats and
are practically useless to an APT threat. We still need them but they
are nowhere near enough. (They don’t get it, even seasoned professionals
in the cyber security industry don’t seem to get it.)
Couple
this with Cisco’s survey 75% of CIO’s think that their security tools
are effective but less than half of them patch their systems regularly. Also don’t really get it. What else are they not doing if they don't patch their systems?
There
is also some noise in cyber circles about companies that think that
since they were already attacked once (Sony for instance) they won’t be
attacked again.
So
sum that up to this; Most companies are not even doing the basics
right. Not patching, poor firewall use, hoping that outdated technology
like antivirus will help but they don’t even get that the threat they
face has changed and even when presented with examples think it won’t
happen to them or that since they have already been attacked are somehow
immune. And they don’t have a proper plan to deal with it and I bet
they also don’t have a plan of how to recover from it afterward either.
So what to do.
Cyber Security must do all of the motherhood stuff, firewalls (both perimeter and host), patching, anti-virus (even on Linux), etc. Segment your network so that the important stuff (Point of Sale, production, software development, whatever your company does) is not on your main network and that outside access is also on it's own network (like hvac and pepsi machines) and that access from the main network is controlled if allowed at all. If the only thing required is access out don't let access in.
And then if your line of business is at all a target for an APT then assume you are already compromised. If you could be a target you are a target and if you think you can't be a target prove it don't just think it.
You have to teach your employees how to recognize spam and phishing emails and not to open them. If you have employees that are not learning switch them to Linux with only user privileges. Better yet switch as many users as you can, without affecting their job function, to Linux. It's just safer and more secure. (Based on that there are so few malware for Linux and so many for Windows. and that the user access rights on Linux are not administrator level where on Windows so often it is.) Having a mixed network is more work but your IT people may complain but if they are good they will be fine. And put more money into IT. The biggest issue with cyber security is not that people can't do it but that companies are failing to fund it properly. Use open source tools, use free Linux firewalls and security tools like IPFire. Take the money you save and hire IT people. free tools with more people is better than paid tools (which are mostly based on the free tools and packaged to make them pretty) and not enough IT staff.
Also listen to your staff, regular and IT when they say there is something wrong. Most security breaches are not caught by IT but by sufficiently empowered users.
You need to do intrusion detection, something like snort but also honeypots: Fake systems that are not used for anything real on your network but if they get activity means someone is checking out your systems from the inside. Your systems are compromised and the attacker is looking for stuff to steal. Make them obvious and tempting and fill them with fake data. More on this another time perhaps. For now just do the motherhood issues and get enough IT staff to do their jobs.
Friday, January 16, 2015
Feeding the Trolls (Part 1 Apple Fanboys)
Hi,
I have been thinking about the attack on Charlie Hebdo and attacks on people saying their piece. I stand in solidarity with the writers and cartoonists but I don't share their talent in graphics. I also think that the Islamic bear is being poked enough right now, but there are other "holy cows" out there that need poking and I think that there is enough much room to poke things in the technology industry.
Of course there will be some easy targets and the fanbois of those targets will get upset and that is OK, preferred even and hopefully they will respond with words and argument rather than threats and bullets. I also hope to make this into a series, if I remember and no-one guns me down in the street.
Lets start this off with everyone's favorite half eaten fruit, The red delicious of computers, Apple.
The maker of the PC that runs the prettiest version of Unix, the Macintosh.
This is a company that so reveres it's founder that when he bit an apple, it tasted bad, he threw away the apple and they made the logo from it. Lucky for us not the piece he bit out of it. Just think, if he liked the apple their logo would be just the core.
Apple has always been the company that makes the simplest easiest to use computers and over charging for them. They even had mice before Microsoft did but like every thing else they made, simplified for easy use by say, bloggers, so only has one button. Maybe Apple users can only handle one button, I'm not sure.
Apple also makes the iPod, a really good easy to use, over priced, MP3 player, and the iPhone a really good easy to use, over priced, MP3 player, with an add-on cell phone, and the iPad, a really good easy to use, over priced, MP3 player with a big screen.
Steve Jobs made a huge impact in the PC world in so many ways, pioneering many different things both at Apple and for the period he was away from Apple that I for one am very happy he did create computers and software and the devices he made. But it's still fun to poke fun at the company he made.
I have been thinking about the attack on Charlie Hebdo and attacks on people saying their piece. I stand in solidarity with the writers and cartoonists but I don't share their talent in graphics. I also think that the Islamic bear is being poked enough right now, but there are other "holy cows" out there that need poking and I think that there is enough much room to poke things in the technology industry.
Of course there will be some easy targets and the fanbois of those targets will get upset and that is OK, preferred even and hopefully they will respond with words and argument rather than threats and bullets. I also hope to make this into a series, if I remember and no-one guns me down in the street.
Lets start this off with everyone's favorite half eaten fruit, The red delicious of computers, Apple.
The maker of the PC that runs the prettiest version of Unix, the Macintosh.
This is a company that so reveres it's founder that when he bit an apple, it tasted bad, he threw away the apple and they made the logo from it. Lucky for us not the piece he bit out of it. Just think, if he liked the apple their logo would be just the core.
Apple has always been the company that makes the simplest easiest to use computers and over charging for them. They even had mice before Microsoft did but like every thing else they made, simplified for easy use by say, bloggers, so only has one button. Maybe Apple users can only handle one button, I'm not sure.
Apple also makes the iPod, a really good easy to use, over priced, MP3 player, and the iPhone a really good easy to use, over priced, MP3 player, with an add-on cell phone, and the iPad, a really good easy to use, over priced, MP3 player with a big screen.
Steve Jobs made a huge impact in the PC world in so many ways, pioneering many different things both at Apple and for the period he was away from Apple that I for one am very happy he did create computers and software and the devices he made. But it's still fun to poke fun at the company he made.
Saturday, January 10, 2015
Another rambling about malware, some history and impact
In the history of the personal computer there have been instances of malware that have been notorious firsts for affects and compromises we thought would never happen. Starting with the first viruses that spread from system to system by attaching themselves to other programs. The early viruses were clunky and easy to spot and remove. Most of the early viruses just did things like take over your screen and make noises.
It didn't take long for them to start causing damage, deleting files or wiping hard drives. AV programs were new and quickly became popular. And then viruses not only were terminate stay resident and copying from system to system but they became stealthy. They started to hide in places like the MBR of a hard drive and start themselves before the OS did and became root kits but also self modifying to change their signature to stay one step ahead of the AV and OS companies.
Some of the first root kits were for Windows NT, the aptly named NTRootKit for instance.
Then malware started to spread by attaching to documents and worms were born. These were macros and not "real" programs but the damage was just as severe. The love bug was an early example of this. These Macro viruses spread faster and further than anything before them, love bug was thought to have caused $10 billion before it was finally defeated.
For a while malware got boring. Not a lot of new stuff happened until we got word of a virus that put itself into the Bios. We thought that the bios was safe, flashing a bios was an arduous process that you had to be very careful to do and if you messed it up you bricked your computer. But an unnamed virus in CHina was found that when the virus was detected the owners cleaned he hard drive and it came back, then removed the hard drive and it came back. Finally they checked the bios and there it was. Apparently it was a company competitor that knew what brand and model computor was being used in one company and made a virus to cause them damage and be a competitive advantage.
Next Stuxnet. They did a few things we thought no-one could do. They were the first notorious air gap jumping virus. With new information we can now say they did this by infecting the updates being delivered to the computers from the manufacturer as Stuxnet attacked those manufacturers first. They found a hole, a supplier that had privileged access and used that supplier to gain access to the air gapped network. new techniques for communicating with air gapped systems developed in the last year mean that if an air gap is breached then updating the malware is no longer impossible.
Malware then morphed into distributed computing to birth the botnet. Hundreds or thousands of infected computers all taking orders from a central set of command and control computers to send spam, do denial of service attacks (DDoS) and spread themselves even further. The bane of Windows XP and Windows Server.
The same family of malware as Stuxnet also produced some other firsts, the first time an industrial system was attacked on that large of a scale and they also used flaws in Microsoft's Windows Update to put viruses on computers using certificates to make the malware look like a legitimate patch through the OS update system. Flame/Duqu also were used to not just get information from computers but also information of the surroundings and people around those computers. They listened with microphones, used the cameras and wireless/bluetooth to find people, figure out their schedules and may have been used to target Iranian politicians and scientists for assassinations.
New malware happens all the time but for years a "real" virus, one that is binary, not a script, passes itself from machine to machine by infecting programs and is self replicating into different programs is rare. It is also rare to have a virus attack more than one operating system but last year there was one that while it was small in infections size and looked to me like a trial was detected. It infected Windows, Linux and reportedly Mac as they all use the same CPU family.
And then there are the hardware/malware attacks. When you plug a USB device into a computer the device and the computer talk so that the computer knows how to work with the device. But any USB device can be any type of device or even more than one at the same time. The first instance of this was not even looking like a USB device but an IPod dock. It was not only a dock and a set of speakers but also carried malware and infected the IPod/IPone and then installed malware. But any USB deice can do this. You could have a keyboard with a USB memory component and carry malware or a usb stick that is a regular stick and if there was malware in the memory could be cleaned but also in the USB firmware there could be a virus that cannot be cleaned. Or the firmware could also connect as a keyboard and issue commands or include a wireless wifi hub with no password required or just pulled data from the computer and broadcast it indiscriminately.
There are also reports of many devices with backdoors, extra hardware added by countries after things are shipped from companies either from within the country or as it passes through.
Malware can be firmware now.
A story we have been following is a German steel works that someone took control of the computers away from the staff and it caused the smelter to be completely damaged. They lost control of the computer and they were unable to shut down the smelter in a safe way. I just imagine that it just kept getting hotter and hotter until something broke and a flood of molten metal swept through the building. I still want to see pictures.
Then there are some notorious hacks. Sony has been hacked a number of times (you would think they would learn) and we can learn a few things from them. (Sorry Sony but I have to)
From the lulz-sec hacks we learned that a widely distributed company has som many different divisions that they can't keep track of them all so when lulz-sec found a sony network with no firewall they just couldn't resist. Yes one of the ways they got into PS Network was through credentials they got from a completely unprotected network. When the doors are thrown open and everything shared (they had windows shares with no security and rights set to everyone read) is that really a hack or is it authorized access when the access rights are everyone read? yes honest people would not have gone in but all firewalls are for now is keeping honest people honest. We all know that most "honest" people will still pick up the money dropped on the sidewalk. But I digress...
What we have learned from the latest Sony Pictures hack is even if you are doing most of all of the things you should do you can and probably will get compromised so you had better have a recovery plan in place. Sony Pictures scrambled to recover and even operate after their network was "burnt to the ground" and this is a new level. What is built into your network and procedures and culture to allow you to rebuild after everything is wiped clean. And if you have manufacturing or other processes what if your equipment is damaged or out of control.
Target showed us that you must segregate your networks. Don't put your must protect stuff on the same network as your general business network and certainly not on a network that external contractors/suppliers can get to.
All of these things have happened, the ways we protect things cannot possibly take all of them into account. Motherhood processes like patching have been turned against us. Air gaps don't even work so just keeping the system off of the network is not enough and may even be setting you up for a bigger crash.
Anti-virus hasn't worked for years, the new malware changes by the hour some times and signature files can't keep up. It does however allow us to stop all of the older versions of things so we still need to use it but don't rely on it.
Firewalls help keep out the lulzsec types and anonymous, mostly. But they are useless in the face of social engineering and driveby downloads.
A lot of people would say that most/all of the attacks above involved Windows (and they did) but switching to Linux or Mac would also switch the malware there once everyone switches but having a fair number of Linux systems on a network will make it more resilient.
Intrusion detection should work but none of the big attacks were ever caught by it until after the fact. IDS can't stop the Windows update attacks or any other new and evolving attack as they are again rule and or signature based.
There is no magic bullet for Cyber Security. There is only doing the things we all must do, perimeter protection, segregation, AV, patching, IDS (including honeypots and other diversionary tactics), running a firewall on every system, educating your users, vigilance and being prepared for when you will eventually be compromised.
Defense in depth and vigilance and be safe out there.
It didn't take long for them to start causing damage, deleting files or wiping hard drives. AV programs were new and quickly became popular. And then viruses not only were terminate stay resident and copying from system to system but they became stealthy. They started to hide in places like the MBR of a hard drive and start themselves before the OS did and became root kits but also self modifying to change their signature to stay one step ahead of the AV and OS companies.
Some of the first root kits were for Windows NT, the aptly named NTRootKit for instance.
Then malware started to spread by attaching to documents and worms were born. These were macros and not "real" programs but the damage was just as severe. The love bug was an early example of this. These Macro viruses spread faster and further than anything before them, love bug was thought to have caused $10 billion before it was finally defeated.
For a while malware got boring. Not a lot of new stuff happened until we got word of a virus that put itself into the Bios. We thought that the bios was safe, flashing a bios was an arduous process that you had to be very careful to do and if you messed it up you bricked your computer. But an unnamed virus in CHina was found that when the virus was detected the owners cleaned he hard drive and it came back, then removed the hard drive and it came back. Finally they checked the bios and there it was. Apparently it was a company competitor that knew what brand and model computor was being used in one company and made a virus to cause them damage and be a competitive advantage.
Next Stuxnet. They did a few things we thought no-one could do. They were the first notorious air gap jumping virus. With new information we can now say they did this by infecting the updates being delivered to the computers from the manufacturer as Stuxnet attacked those manufacturers first. They found a hole, a supplier that had privileged access and used that supplier to gain access to the air gapped network. new techniques for communicating with air gapped systems developed in the last year mean that if an air gap is breached then updating the malware is no longer impossible.
Malware then morphed into distributed computing to birth the botnet. Hundreds or thousands of infected computers all taking orders from a central set of command and control computers to send spam, do denial of service attacks (DDoS) and spread themselves even further. The bane of Windows XP and Windows Server.
The same family of malware as Stuxnet also produced some other firsts, the first time an industrial system was attacked on that large of a scale and they also used flaws in Microsoft's Windows Update to put viruses on computers using certificates to make the malware look like a legitimate patch through the OS update system. Flame/Duqu also were used to not just get information from computers but also information of the surroundings and people around those computers. They listened with microphones, used the cameras and wireless/bluetooth to find people, figure out their schedules and may have been used to target Iranian politicians and scientists for assassinations.
New malware happens all the time but for years a "real" virus, one that is binary, not a script, passes itself from machine to machine by infecting programs and is self replicating into different programs is rare. It is also rare to have a virus attack more than one operating system but last year there was one that while it was small in infections size and looked to me like a trial was detected. It infected Windows, Linux and reportedly Mac as they all use the same CPU family.
And then there are the hardware/malware attacks. When you plug a USB device into a computer the device and the computer talk so that the computer knows how to work with the device. But any USB device can be any type of device or even more than one at the same time. The first instance of this was not even looking like a USB device but an IPod dock. It was not only a dock and a set of speakers but also carried malware and infected the IPod/IPone and then installed malware. But any USB deice can do this. You could have a keyboard with a USB memory component and carry malware or a usb stick that is a regular stick and if there was malware in the memory could be cleaned but also in the USB firmware there could be a virus that cannot be cleaned. Or the firmware could also connect as a keyboard and issue commands or include a wireless wifi hub with no password required or just pulled data from the computer and broadcast it indiscriminately.
There are also reports of many devices with backdoors, extra hardware added by countries after things are shipped from companies either from within the country or as it passes through.
Malware can be firmware now.
A story we have been following is a German steel works that someone took control of the computers away from the staff and it caused the smelter to be completely damaged. They lost control of the computer and they were unable to shut down the smelter in a safe way. I just imagine that it just kept getting hotter and hotter until something broke and a flood of molten metal swept through the building. I still want to see pictures.
Then there are some notorious hacks. Sony has been hacked a number of times (you would think they would learn) and we can learn a few things from them. (Sorry Sony but I have to)
From the lulz-sec hacks we learned that a widely distributed company has som many different divisions that they can't keep track of them all so when lulz-sec found a sony network with no firewall they just couldn't resist. Yes one of the ways they got into PS Network was through credentials they got from a completely unprotected network. When the doors are thrown open and everything shared (they had windows shares with no security and rights set to everyone read) is that really a hack or is it authorized access when the access rights are everyone read? yes honest people would not have gone in but all firewalls are for now is keeping honest people honest. We all know that most "honest" people will still pick up the money dropped on the sidewalk. But I digress...
What we have learned from the latest Sony Pictures hack is even if you are doing most of all of the things you should do you can and probably will get compromised so you had better have a recovery plan in place. Sony Pictures scrambled to recover and even operate after their network was "burnt to the ground" and this is a new level. What is built into your network and procedures and culture to allow you to rebuild after everything is wiped clean. And if you have manufacturing or other processes what if your equipment is damaged or out of control.
Target showed us that you must segregate your networks. Don't put your must protect stuff on the same network as your general business network and certainly not on a network that external contractors/suppliers can get to.
All of these things have happened, the ways we protect things cannot possibly take all of them into account. Motherhood processes like patching have been turned against us. Air gaps don't even work so just keeping the system off of the network is not enough and may even be setting you up for a bigger crash.
Anti-virus hasn't worked for years, the new malware changes by the hour some times and signature files can't keep up. It does however allow us to stop all of the older versions of things so we still need to use it but don't rely on it.
Firewalls help keep out the lulzsec types and anonymous, mostly. But they are useless in the face of social engineering and driveby downloads.
A lot of people would say that most/all of the attacks above involved Windows (and they did) but switching to Linux or Mac would also switch the malware there once everyone switches but having a fair number of Linux systems on a network will make it more resilient.
Intrusion detection should work but none of the big attacks were ever caught by it until after the fact. IDS can't stop the Windows update attacks or any other new and evolving attack as they are again rule and or signature based.
There is no magic bullet for Cyber Security. There is only doing the things we all must do, perimeter protection, segregation, AV, patching, IDS (including honeypots and other diversionary tactics), running a firewall on every system, educating your users, vigilance and being prepared for when you will eventually be compromised.
Defense in depth and vigilance and be safe out there.
Friday, January 09, 2015
A "solution" to cyber security (there isn't one.)
I keep hearing a few things in the chatter about cyber security that make me cringe. People claiming they have the "solution" to cyber security and the "we already got hit so we don't have to worry" fallacy.
You can't fix cyber security like solving a puzzle. There are no magic set of pieces that when put together make a solid picture that fixes everything. And if you have been hit already, expect it again, and again until you either go out of business. You got attacked and now they know they can attack you. If you put all the right pieces in place you will still be compromised again and you will start over.
Cyber security is not a target but an ever evolving battle where the opposition is always and rapidly evolving and so must your defense. Your defense must be tailored to your network, information, processes and people. It has to start with knowing what you are trying to protect and evolving your understanding of what you are trying to protect. It doesn't matter what else you do, if you don't know what you are trying to protect (and everything is not an answer) you won't know what controls you need to put in place to protect it.
And there is no way to make your network (corporate network here, home is another matter) 100% secure and you have to face the fact that either you will be or already have been compromised. You just may not know it yet.
The consensus is that all companies are or have been compromised and the sad fact is most don't know it. The average compromise to discovery is months, 6 to 9 months. And your IT Security is probably not who will find it. You still need them but they just don't have the tools and resources to find the threats you are faced with.
It is not just your problem, everyone including places like DHS, the FBI and every other 3 letter acronym are having the same problem so don't beat yourself up for it. You can't protect everything. You still have to do the normal firewall, AV, IDS things to keep the script kiddies out but for APT actors you have to decide what you cannot afford to lose and prioritize your efforts. Split the really must keep stuff off from the rest of your network and put robust controls in place with more layers of firewalls, VPN only access, encrypt the heck out of it and surround it with fakes that will keep the attackers busy.
And if we learned anything from Sony Pictures it is this, make a recovery plan for the possibility that you lose everything. What will you be doing when email doesn't work. How will you communicate with staff and far flung parts of your organization. Do you have backups, off-site backups and a fall-back plan to do things like pay your employees, what won't work if non of your computers do.
And then keep updating your plan, practice what you will do when attacked and keep doing the motherhood procedures but don't think any of this will keep you 100% safe, be prepared.
You can't fix cyber security like solving a puzzle. There are no magic set of pieces that when put together make a solid picture that fixes everything. And if you have been hit already, expect it again, and again until you either go out of business. You got attacked and now they know they can attack you. If you put all the right pieces in place you will still be compromised again and you will start over.
Cyber security is not a target but an ever evolving battle where the opposition is always and rapidly evolving and so must your defense. Your defense must be tailored to your network, information, processes and people. It has to start with knowing what you are trying to protect and evolving your understanding of what you are trying to protect. It doesn't matter what else you do, if you don't know what you are trying to protect (and everything is not an answer) you won't know what controls you need to put in place to protect it.
And there is no way to make your network (corporate network here, home is another matter) 100% secure and you have to face the fact that either you will be or already have been compromised. You just may not know it yet.
The consensus is that all companies are or have been compromised and the sad fact is most don't know it. The average compromise to discovery is months, 6 to 9 months. And your IT Security is probably not who will find it. You still need them but they just don't have the tools and resources to find the threats you are faced with.
It is not just your problem, everyone including places like DHS, the FBI and every other 3 letter acronym are having the same problem so don't beat yourself up for it. You can't protect everything. You still have to do the normal firewall, AV, IDS things to keep the script kiddies out but for APT actors you have to decide what you cannot afford to lose and prioritize your efforts. Split the really must keep stuff off from the rest of your network and put robust controls in place with more layers of firewalls, VPN only access, encrypt the heck out of it and surround it with fakes that will keep the attackers busy.
And if we learned anything from Sony Pictures it is this, make a recovery plan for the possibility that you lose everything. What will you be doing when email doesn't work. How will you communicate with staff and far flung parts of your organization. Do you have backups, off-site backups and a fall-back plan to do things like pay your employees, what won't work if non of your computers do.
And then keep updating your plan, practice what you will do when attacked and keep doing the motherhood procedures but don't think any of this will keep you 100% safe, be prepared.
Sunday, January 04, 2015
A new year dawns and with it the same old issues as always. From our point of view though the new year is a new time of plenty, plenty of malware, plenty of attacks and you will be hacked, if you aren't already.
2014 certainly was fun and now with 2015 here I expect it to only get more fun.
There is only one way to be sure you won't be attacked and that is don't use a computer (maybe my father was right, naw... you wouldn't be able to read this if you stopped using a computer.)
2014 certainly was fun and now with 2015 here I expect it to only get more fun.
There is only one way to be sure you won't be attacked and that is don't use a computer (maybe my father was right, naw... you wouldn't be able to read this if you stopped using a computer.)
I saw a headline today Cyber security groups use fake computers to trap hackers where the write is all aflutter about this "new" way to detect attackers by putting up fake computers with fake software. The story didn't elaborate much but it just seems that some company has convinced the reporter that honeypots were a new thing and the reporter didn't do any homework. I swear that almost every day there is another company showing up proclaiming their new idea which turns out to be something any good security guy has been doing for years.
There was a good story though at TechCrunch:This Cybersecurity Medicine Might Be Tough To Swallow
The story boils down to my point above, if you want to be sure and not be vulnerable then be prepared to not use your computers. But then whatr would we use to surf for cat pictures?
Happy New Year!
Subscribe to:
Posts (Atom)
