Fauie Technology

eclectic blogging, technology and hobby farming

Author: Chris Fauerbach (page 2 of 16)

Calling all Cybersecurity Technical folks!

Over the next time period, I’m planning on putting together some interviews in podcast format between me and some security folks that I know.  I also to meet some new ones in the process!

There are tons of security podcasts and interviews with security folks.  Most seem to be covering current events, outages, new threats, etc.

My goal is to bring focus on the technology that we use in the security landscape to fix things, but to also talk about some best practices when it comes to creating new tools and applications.

Know anyone I should talk to?

Some potential job titles:

CISSO

VP Engineering/CTO

Security Architect

Security Analyst

… etc

send them my way!

 

chris

[[[  at ]]]]

fauie

(((((  dot )))))

com!

 

 

Indexed Data: The Common Stack

Throughout the past 20 years of my career, I’ve seen a lot of data.  Small data applications that handle a few transactions (re: blogs),  large applications (multi-tenant network data collection).

Just about every single one of them has dealt with text searching in some capacity or another.

These days, if I’m moving data in work projects or fun/personal projects, I’m relying over and over on the same stack.

Logstash/Beats -> Kafka -> Logstash -> Elasticsearch with some cool visualizations in Kibana.

Want to know why?

It just freaking works. Especially well for time based events.   Even if it’s not time based, it works.

… best of all?   It’s all freaking free.

You can stand up a single node with all of the above on it.    Easy.  Sure, it won’t scale on a single node, but, each component of that list scales horizontally.

Prototype small, grow big.

Thoughts on Equifax – Tokenization

The past week’s news cycle has been covered by information regarding the Equifax breach.  There are rumors on how the breach happens, rumors and accusations (arm chair judge Judy and executioner) about improper stock sales, and a half million class action law suits.

(I exaggerate on numbers)

This post isn’t going to talk about breaches in general, it’s not going to talk about this breach from a technical standpoint… what I’m going to talk about is something different.

If your bank gets hacked, crap, that sucks.   If your doctor/insurance gets hacked, crap, that sucks.   They’ll sign you up for identity protection, and you’ll forget about it.

The interesting part about Equifax, is that you don’t have an account with them.  You’ve never interacted with Equifax, unless your credit score… but guess what?  That’s not the information that got stolen.

The data that got stolen, the super important data about your life, was given to them by other entities.  Your bank gave them your information.  Your credit card company gave them your information.  Did you know they did that?

You gave them permission to in your contract, but, did you realize you did? (Of course not, no one reads the fine print!)

Now that you’re ticked off because someone else shared your data, to someone who couldn’t protect it… what do you do?

Nothing.

That’s the way credit reporting and your credit score work.   For you to have a credit score, entities have to report to Equifax, Transunion and Experian.

What could have been done?   Tokenization.

There’s a concept in security, and more specifically secure data storage and transmission called tokenization.  Essentially, a developer trades a secret piece of data (SSN, account numbers, etc) and swaps it for a token.   The token can later be swapped back for the initial piece of data if necessary.  This is great inside a company, like a bank.  Instead of storing a SSN in a operational database, you store the token.  The only time you need the SSN could be printing paper that needs it, or filing a legal document.

There’s a challenge with tokenization for credit reporting.  Every bank needs to report someone like ME as the same person.    Bank A can’t have token 1234 for me, while Bank B reports me as ABCD.  They both need to report me as the same.   If Bank A and Bank B can both report on me as ABCD1234 then Equifax et al, don’t need to know my SSN.   The banks I have a relationship do.

How do we accomplish this?  That’s the big big challenge…   could be my next billion dollar idea… (yeah, I just gave it away, but, execution is 99% of the challenge)

 

Cybersecurity – The Value of Community Threat Data

I’ve written about community threat intelligence data before,  and I want to reiterate my stance now, after 14 months on the job at Perch Security (https://perchsecurity.com )

I have the pleasure of building out the network sensor and the infrastructure that processes all network traffic from each of our customer’s sensors.  It’s amazing how quickly we have been able to enable small community members (financial services, healthcare, mining, etc) to be able to detect on network intelligence that is highly targeted for their industry.

Prior to stepping in a small 7 person community credit union had a firewall.  When we came in, they could start detecting network threats, anomalies , etc.

This isn’t about Perch, and how Perch is awesome (although Perch is awesome), this is about the value of the intelligence.

When you’re evaluating a security tool, find out where the intel comes from… if the answer is “Our Honeypot”… run the other way

If the answer is “our threat intelligence analysts”, ask how it’s relevant to you.   Make sure the rules and the intelligence you’re detecting on is not lost in the noise.

Think about this one.  DHS AIS pushes out approximately 50k+ malicious IP addresses.   That’s a lot of things to look for.   Are they targeted? Are they critical to your industry?  I can answer that pretty solidly, nope.

Not DHS’ fault, but, half the intel they seem to produce is from honeypots.  Honeypots are stupid, and nearly the worst source of intelligence.  OMG! You found something scanning your public IP address..     ayup.   you’re going to.  Does that mean I have to take resources on my firewall or in my IDS signature space to cover that IP ?  Nope.   Scans (Recon) don’t always turn to attacks (Weaponization).

Look for things that you know are attacking your industry.

If you’re a water utility, look for SCADA

If you’re finances, look for Struts (too soon?), don’t waste time blocking Shodan (love Shodan though) scans.

Prioritize your community intelligence.

Prioritize behaviors , specifically around exploits (If you run a python shop, seeing a struts attempt doesn’t matter!)

Know your network.

 

 

Equifax – Post Breach – The New Normal

In light of the new HUGE data breach from Equifax, it’s time to consider a new normal, where we are all breached, and we have no secret information.

Essentially, with the loss of records pertaining to Personally Identifiable Information (PII) for half of all Americans, we have to ask:

“Can we continue to assume our private information is private?”

Historically, we’ve kept our SSN and credit/debit card numbers private.  We guard them, and hope no one finds them out, cause if they do, they can open credit accounts, mortgages, but furniture, etc in our names.  It’s identity theft.  Fraud.

What happens now that half of the people in the US are affected?

This may be freeing for normal folks like us.  No longer caring who sees our SSN or Credit Card numbers.   Heck, the bad guys have them already!

Banks, Lenders, etc are the ones that need to be concerned.  How can they reliably know that it’s ME signing up for a new bank account, or car loan.   How can they KNOW for sure that it’s not a bad actor in  <insert bad actor country here>.


A few scenarios I can think of:

Banks start to go nuts for validation.  Phone calls,  SSN, DOB, insane credit validation based on previous addresses, etc.   Not sure they’ll be enough.

The slow death of electronic only accounts?    Are we going to have to go to the bank for everything?  Open a new account, go to the bank. Apply for a new loan, go to the bank.

Is that enough?

Do we all need new IDs?    We keep our public identifier, like SSN, but, we all get a ‘private’ key that only we can use?  Yeah, that’ll get out too.


Security is hard.


What about a hardware token?  The federal gov’t gives us all a heavily encrypted RFID chip/implant.   There’s no way to duplicate/spoof it.  If every computer can guarantee the identity of the chip holder, then there’s no doubt the person applying for a credit line, is that same person.  Essentially a non-duplicatable digital signature that anyone can verify, but no one can mimic.  Is this technically possible?   Maybe.

Feasible?  Nope

 

Older posts Newer posts

© 2018 Fauie Technology

Theme by Anders NorenUp ↑