De-Coder’s Ring

Software doesn’t have to be hard

Author: Chris Fauerbach (page 3 of 20)

Cybersecurity – The Value of Community Threat Data

I’ve written about community threat intelligence data before,  and I want to reiterate my stance now, after 14 months on the job at Perch Security (https://perchsecurity.com )

I have the pleasure of building out the network sensor and the infrastructure that processes all network traffic from each of our customer’s sensors.  It’s amazing how quickly we have been able to enable small community members (financial services, healthcare, mining, etc) to be able to detect on network intelligence that is highly targeted for their industry.

Prior to stepping in a small 7 person community credit union had a firewall.  When we came in, they could start detecting network threats, anomalies , etc.

This isn’t about Perch, and how Perch is awesome (although Perch is awesome), this is about the value of the intelligence.

When you’re evaluating a security tool, find out where the intel comes from… if the answer is “Our Honeypot”… run the other way

If the answer is “our threat intelligence analysts”, ask how it’s relevant to you.   Make sure the rules and the intelligence you’re detecting on is not lost in the noise.

Think about this one.  DHS AIS pushes out approximately 50k+ malicious IP addresses.   That’s a lot of things to look for.   Are they targeted? Are they critical to your industry?  I can answer that pretty solidly, nope.

Not DHS’ fault, but, half the intel they seem to produce is from honeypots.  Honeypots are stupid, and nearly the worst source of intelligence.  OMG! You found something scanning your public IP address..     ayup.   you’re going to.  Does that mean I have to take resources on my firewall or in my IDS signature space to cover that IP ?  Nope.   Scans (Recon) don’t always turn to attacks (Weaponization).

Look for things that you know are attacking your industry.

If you’re a water utility, look for SCADA

If you’re finances, look for Struts (too soon?), don’t waste time blocking Shodan (love Shodan though) scans.

Prioritize your community intelligence.

Prioritize behaviors , specifically around exploits (If you run a python shop, seeing a struts attempt doesn’t matter!)

Know your network.

 

 

Equifax – Post Breach – The New Normal

In light of the new HUGE data breach from Equifax, it’s time to consider a new normal, where we are all breached, and we have no secret information.

Essentially, with the loss of records pertaining to Personally Identifiable Information (PII) for half of all Americans, we have to ask:

“Can we continue to assume our private information is private?”

Historically, we’ve kept our SSN and credit/debit card numbers private.  We guard them, and hope no one finds them out, cause if they do, they can open credit accounts, mortgages, but furniture, etc in our names.  It’s identity theft.  Fraud.

What happens now that half of the people in the US are affected?

This may be freeing for normal folks like us.  No longer caring who sees our SSN or Credit Card numbers.   Heck, the bad guys have them already!

Banks, Lenders, etc are the ones that need to be concerned.  How can they reliably know that it’s ME signing up for a new bank account, or car loan.   How can they KNOW for sure that it’s not a bad actor in  <insert bad actor country here>.


A few scenarios I can think of:

Banks start to go nuts for validation.  Phone calls,  SSN, DOB, insane credit validation based on previous addresses, etc.   Not sure they’ll be enough.

The slow death of electronic only accounts?    Are we going to have to go to the bank for everything?  Open a new account, go to the bank. Apply for a new loan, go to the bank.

Is that enough?

Do we all need new IDs?    We keep our public identifier, like SSN, but, we all get a ‘private’ key that only we can use?  Yeah, that’ll get out too.


Security is hard.


What about a hardware token?  The federal gov’t gives us all a heavily encrypted RFID chip/implant.   There’s no way to duplicate/spoof it.  If every computer can guarantee the identity of the chip holder, then there’s no doubt the person applying for a credit line, is that same person.  Essentially a non-duplicatable digital signature that anyone can verify, but no one can mimic.  Is this technically possible?   Maybe.

Feasible?  Nope

 

scattered desk, scattered mind?

I’m putting a few things together.  Typically, my desk is pretty cluttered.    almost hoarder level cluttered.

yet, I know where everything is.   pencils, paperclips, bills, etc.

Reading through some of my old code, it begins nice and organized, but, over time, it gets a bit cluttered.

having lived in startup world for a long time, I tend to not have other people maintain or update my code, so it hasn’t been a super big problem…   but, it’s one of my dirty little coding secrets.

 

 

Professional and Personal Communications

There are four million ways to communicate with friends and colleagues right now.

  • Facebook
  • LinkedIn
  • Slack
  • Skype
  • Email
  • SMS/iMessage
  • Google Chat/Talk/What the heck is it called these days?
  • Instagram
  • Snapchat
  • Phone
  • WhatsApp
  • In games
  • Alex Video
  • Facetime

The list goes on.

What do you prefer for business comm?  Personal communication?    Synchronous vs Asynchronous communication?

Few examples of why I’m curious.   I’ve usually thought of LinkedIn as asynchronous and professional communications.

Slack, synchronous, although can be used async for sure… private/personal and professional

Snapchat?  unless your’e a digital marketer, it’s private…

what do you think?

 

Older posts Newer posts

© 2017 De-Coder’s Ring

Theme by Anders NorenUp ↑