Thursday, 30 August 2018

Critical Benefits of Network Security

It seems like every week you hear about another major corporation that has had their network breached, which resulted in their customers’ personal data being stolen. Cyber bandits are constantly coming up with new ways to exploit the network security systems of some of the largest companies in the world. Sometimes, it is easier for them to attack smaller businesses that do not have the sort of robust network security that is necessary to thwart their attacks. Utilizing the services of a knowledgeable Houston network security company is your best option to protect your vital business information.

Network Security, Cyber Security, ISC2 Guides, ISC2 Study Materials

The National Cyber Security Alliance recently reported that 20 percent of small companies are victims of cyber-attacks. Only 40 percent of those companies remained in business six months later. Every owner of a small business needs to understand the fundamentals of maintaining a secure network and internet security, including the different types of network security threats and how to prevent or mitigate the damage by implementing a Houston backup and disaster recovery plan for their company.

Network Security and Your Business


Any type of program or activity that is intended to safeguard your network’s infrastructure is part of your network security. The best systems will use a combination of hardware and software solutions to identify and resist the broad range of potentially damaging cyber threats before they can get into and infect your network. The easiest way is to consult with a specialist in Houston managed IT services to set up a battery of programs that work together to keep your network safe from hackers. This could involve installing any or all of the following, which are especially critical if your employees access your network remotely.

◈ Anti-virus and anti-spyware detectors
◈ Firewalls
◈ Virtual private networks
◈ Intrusion prevention systems

The Most Common Security Threats


Your network faces a variety of security threats, such as malware, spyware and viruses. Any of these can make their way into your network via a random email or an inadvertent click-through to a website. Sometimes, they immediately go to work by locking up your system. Other times, they infiltrate your system to see where the sensitive files are kept. After identifying the vulnerable area in your network, they gather company and customer data, including social security numbers, credit card information and passwords. The best network security prevents these programs from gaining access to your system.

Professional hackers can exploit weaknesses in operating systems. If they can find a way into your network, they can gather and disseminate sensitive company data and customer information. Until your IT department can develop a patch to stop the intrusion, the hackers can help themselves to whatever exclusive or confidential data they desire.

How Small Business Benefits from Network Security

In addition to keeping your network up and running, network security has other benefits for small businesses.

◈ Employees can work from remote locations.

◈ The network can be expanded and enhanced depending on your company’s needs.

◈ Small businesses can comply with regulations established by the government and your specific industry.

◈ Clients will be confident that their sensitive information is safe.

◈ Secure remote network access encourages collaboration among employees and strengthens communication links to clients.

◈ Your liability is lessened in the event of a security breach.

◈ If a breach does occur, the recovery time is shorter.

The Cost of a Security Breach


It only takes one security breach to bring down your company. Clients are reluctant to continue conducting business with companies that have had a security invasion. The average cost to a business is approximately $130 per record. That kind of unexpected expense can bankrupt a company. Plus, your business then has to spend additional money to re-establish your brand’s reputation and your clients’ trust. Forewarned is forearmed. It is better to strengthen your network security before anything bad occurs.

Tuesday, 28 August 2018

Avoiding the Security Pitfalls of Digital Transformation

Security, Digital Transformation, Cybersecurity, ISC2 Study Materials

By 2020, 60 percent of enterprises will be implementing a digital transformation strategy as they seek to leverage technologies such as cloud and software-defined infrastructures. However, as they embark on a digitization journey, too many are ignoring security risks that could bite them back later.

Earlier this year, telecommunications giant AT&T developed a cybersecurity report based on interviews with 15 subject matter experts, including several (ISC)² members, to determine who holds responsibility for this transformation process. The report cautions organizations to be sure they evaluate and update their defense systems before implementing digitization plans. “Security models are changing as infrastructure goes virtual. If the number of cyberattacks in the news points to any one pattern, it’s that companies are grappling with how to secure their businesses from ‘edge-to-edge,’ across their endpoints, networks and cloud services,” the report says.

Some companies are taking a short-term approach to cybersecurity by overly relying on cyber insurance. “More than a quarter (28 percent) of organizations see cyber insurance as a substitute for cyber defense investment, rather than as one component of a multi-layered cybersecurity strategy.”

While cybersecurity can address the immediate impact of a breach, it cannot prevent long-term reputational damage. Instead, organizations should take a more balanced, comprehensive approach that includes layered security implementations and help from third parties where appropriate.

The report points out that U.S. companies are the least confident in their in-house security, according to the AT&T 2017 Global State of Cybersecurity survey, with 56 percent of U.S. respondents expressing confidence, compared to 70 percent in EMEA and 72 percent in APAC.

Security Steps


Properly planning for digital transformation requires several steps. The first is to gain an understanding of all security implications and then come up with a plan to address them. Organizations need a solid understanding of the security controls they have in place to determine if they are appropriate as their infrastructures evolve to include software-defined systems and Internet of Things (IoT) devices.

Then they should address whatever gaps they identify through a multi-layered security strategy and advanced security measures. For instance, it makes sense to virtualize security to replace simple firewalls with advanced web filtering and data loss prevention, the report suggests.

Another recommendation is to get buy-in not only from the top but also across the entire enterprise. For one thing, it’s important to recognize that the CFO is often the executive in charge of digital transformation, which means the CFO needs to be part of the team in charge of cybersecurity.

“This might seem counterintuitive for a technical project, but the CFO’s compliance and risk management responsibilities and their budget-allocation powers make them an obvious leader,” the report says. But because of the CFO’s “traditional lack of technical expertise,” the cybersecurity team also needs to include the CISO, CTO or whoever else is responsible for security.

Raising Awareness


To ensure everyone within the organization is invested in digital transformation and security, it makes sense to run training programs and workshops explaining how the new infrastructure will affect day-to-day operations. Cybersecurity awareness training should be ongoing, the report says.

The better a company’s employees understand security risks, the more likely they are to avoid doing something that could cause a breach. As companies become more reliant on digital and automated processes, this will become more important than ever.

Saturday, 25 August 2018

CASP Vs CISSP Security Certifications: Choose the Best

CASP Security Certifications, CISSP Security Certifications, CISSP Study Material, ISC2 Certification

Certification: CISSP - Certified Information Systems Security Professional


In the present scenario, the Information Security industry is growing faster than before. Its high time to look for the most sought after certifications required for working in the information security industry. Today we are going to focus on two certifications CompTIA’s CASP and ISC^2’s CISSP, and look which is better and which should be opted.

Both the CASP and CISSP certifications are vendor –neutral, focusing on the general security approaches, solutions and technologies. We will be comparing both the certification, but before that have a closer look to both.

CompTIA CASP


Like every other certification of CompTIA, this certification is also vendor neutral. It does not have any prerequisites, but it requires the individual to have 10+ years of experience. This is a step ahead of CompTIA Security+ certification. This exam is responsible for target validation of advanced level of security skills and knowledge accepted internationally. The CompTIA CASP is based on CompTIA Security+ and focuses on the technical and enterprise level.

The exam measures the student’s skills and technical knowledge that is required to design conceptualizes, and engineer solutions that are secure in complex environments. The candidates who clear the exam apply their critical thinking and judgment over a broad range. The question paper of CASP consist of 80 questions covering topics like Enterprise Security, Research and Analysis, Risk Management, Policy/Procedure and Legal, Integration of Computing, Business Disciplines, and Communications.

ISC2 CISSP


The international Information Systems Security Certification Consortium governs CISSP (Certified Information Systems Security Professional) which is an independent certification for information security. The certification is valid worldwide according to the reports of (ISC)2. The CISSP obtained the ANSI ISO/IEC Standard 17024:2003 accreditation in June 2004. Te certification is also approved by Department of Defense of US, for both of Information Assurance Technical (IAT) and Information Technical Managerial (IAM) categories. It is the baseline certification for the US National Security Agency’s ISSEP program.

The individual looking for getting CISSP certified should have five years of IT experience or four years of experience and a degree, in addition to this you have to score 70 percent in the test having 250 multiple choice questions. The question paper of CISSP consists of 250 questions with allotted time of 6 hours. The test shows that whosoever clears it learnt about the broad knowledge of security and earned a passing score in lengthy, intense and expensive paper. The certified professionals who have the CISSP certification need to have five year of experience in the IT industry to secure their certification.

CASP vs CISSP


The CISSP is more accepted than CASP; CISSP is widely accepted and is considered the standard certification for the security professionals. It is the most opted certification by the IT professionals as it has more weightage than any other certification. The CISSP exam is more longer and harder, consists of 250 questions for 6 hrs, while CASP is 2 hour exam of 80 questions. The candidates have to verify their prior experience after they pass the exam they need to get authorized from a person holding the certificate and have a stand in the industry. So if the CISSP is the best what is the need of CASP? CASP is being accepted because of being cheaper, easier, requires no recommendation, etc. and it can be a confidence booster to the IT professionals. The question is which should be obtained CASP or CISSP. You should go for CISSP, because CASP is being cheap, easier but is not that much useful professionally. CISSP is though not as eminent as it used to be, but it still has more weightage, but the CASP is not.

Differences between the both exams


Both the test involves hard work, dedication towards achieving the target. The tests are not atall easy, where CISSP have enough study material on the other hand CASP don’t have enough material to study. As stated by many CASP is considered more technical than CISSP which is more administrative. This is might be true, but the CASP is straight forward in comparison to CISSP which have questions to select the competent candidates.  The CASP takes few hrs to complete in comparison to CISSP which is rigorous exam of 6 hours with questions checking the ability of the candidates. So it can be said that CISSP is more sought after and rigorous. The CISSP exam have 250 question in 6hrs while CASP have 80 questions in 2 and half hrs  most of the people will respect you too attempt CISSP.

Why the preference of CISSP over CASP


Choosing between CISSP and CASP is not all easy. CISSP is more industry based, technical, updated, have performance based questions that allow you to have better knowledge of the security systems. In comparison to CASP which is less rigorous, cheaper than CISSP, have straight forward questions, making the candidate easier to clear the exam. Having a CISSP certification will benefit you more than CASP.

Individuals having CISSP certifications, provides an organization the working knowledge of system security. The certification gives them confidence to be committed to their profession. The certification provides them differentiation between career options, on the basis of marketability and credibility of the job option. The certification provides you certain benefits, like exchange of ideas and peer networking. The certification allows you to earn comparatively more than the individuals without the certifications. The certification allows individuals to fulfill requirements of government and private organization for security certifications.

The certification will allow the employers to position the candidates on the field that are recognized internationally. While working with contractors and vendors, the certification provides the employers increased work credibility. Because of all these benefits CISSP is most sought after certification despite being tough and costly.

Friday, 24 August 2018

Traditional Security

Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides

These concerns involve computer and network intrusions or attacks that will be made possible or at least easier by moving to the cloud. Cloud providers respond to these concerns by arguing that their security measures and processes are more mature and tested than those of the average company.  Another argument, made by the Jericho Forum is:  "It could be easier to lock down information if it's administered by a third party rather than in-house, if companies are worried about insider threats… In addition, it may be easier to enforce security via contracts with online services providers than via internal controls".

Concerns in this category include:

Traditional security Threat #1. VM-level attacks


Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides
VM-Level Attacks

Potential vulnerabilities in the hypervisor or VM technology used by cloud vendors are a potential problem in multi-tenant architectures.  Vulnerabilities have appeared in VMWare, Xen, and Microsoft’s Virtual PC and Virtual Server. Vendors such as Third Brigade mitigate potential VM-level vulnerabilities through monitoring and firewalls.

Traditional security Threat #2. Cloud provider vulnerabilities


Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides

These could be platformlevel, such as an SQL-injection or cross-site scripting vulnerability in salesforce.com. For instance, there have been a couple of recent Google Docs vulnerabilities and the Google response to one of them is here: There is nothing new in the nature of these vulnerabilities; only their setting is novel.  In fact, IBM has repositioned its Rational AppScan tool, which scans for vulnerabilities in web services as a cloud security service (see Blue Cloud Initiative).

Traditional security Threat #3. Phishing cloud provider


Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides

Phishers and other social engineers have a new attack vector, as the Salesforce phishing incident shows.

Traditional security Threat #4. Expanded network attack surface


Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides
Expanded Network Attack Surface

The cloud user must protect the infrastructure used to connect and interact with the cloud, a task
complicated by the cloud being outside the firewall in many cases. For instance, shows an example of how the cloud might attack the machine connecting to it.

Traditional security Threat #5. Authentication and Authorization


The enterprise authentication and authorization framework does notnaturally extend into the cloud. How does a company meld its existing framework to include cloud resources?  Furthermore, how does an enterprise merge cloud security data (if even available) with its own security metrics and policies?

Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides
Authentication and Authorization

Traditional security Threat #6. Forensics in the cloud


Traditional Security, Security Gudies, ISC2 Study Materials, ISC2 Guides
Forensics in the cloud

Traditional digital forensic methodologies permit investigators to seize equipment and perform detailed analysis on the media and data recovered. The likelihood therefore, of the data being removed, overwritten, deleted or destroyed by the perpetrator in this case is low. More closely linked to a CC environment would be businesses that own and maintain their own multi-server type infrastructure, though this would be on a far smaller scale in comparison. However, the scale of the cloud and the rate at which data is overwritten is of concern.

Tuesday, 21 August 2018

Cloud Computing - An Introduction

Cloud Computing, Cloud Security, ISC2 Study Materials, ISC2 Learning

Cloud Computing:


Cloud Computing is a technology, which provides computation, software, data access and storage services, without requiring the client/end-user knowledge of the physical location and configuration of the system that delivers the service.

Types of cloud computing:


Cloud Computing can be classified into 4 types based on hosting.


Public Cloud: 

◈ Computing infrastructure is hosted at the vendor’s premises.

◈ The customer has no visibility over the location of the cloud computing infrastructure.

◈ The computing infrastructure is shared between organizations.

Private Cloud:  

◈ Computing architecture is dedicated to the customer and is not shared with other organisations.

◈ They are expensive and are considered more secure than Public Clouds.

◈ Private clouds may be externally hosted ones as well as in premise hosted clouds.

Hybrid Cloud: 

◈ Organisations host some critical, secure applications in private clouds.

◈ The not so critical applications are hosted in the public cloud.

◈ The combination is known as Hybrid Cloud.

◈ Cloud bursting is the term used to define a system where the organisation uses its own infrastructure for normal usage, but cloud is used for peak loads.

Community Cloud:

◈ The cloud infrastructure is shared between the organizations of the same community.

◈ For example, all the government agencies in a city can share the same cloud but not the non government agencies.

Classification of Cloud:


On the basis of service, there are three types available in cloud computing.

Cloud Computing, Cloud Security, ISC2 Study Materials, ISC2 Learning
1. Infrastructure as a Service(IAAS): 

Hardware related services are provided using the principles of Cloud Computing. These include disk storage and virtual servers. Amazon EC2, Amazon S3, Rackspace Cloud Servers are some of the leading vendors.

2. Platform as a service(PAAS): 

Development platforms are provided on the cloud. The platforms may not be compatible with each other. Wikipedia puts it appropriately as “‘Platform as a service’ (PaaS) the delivery of a computing platform and solution stack as a service.PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities, providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet.PaaS offerings may include facilities for application design, application development, testing, deployment and hosting as well as application services such as team collaboration, web service integration and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation and developer community facilitation. These services may be provisioned as an integrated solution over the web.“ Google App Engine, Microsoft Azure and Saleforce’s force.com are the leaders in this category.

3. Software as a service (SAAS): 

This is the most common form of cloud computing which we see in action. It is a complete software offering on the cloud. They are accessed by the customers on pay per use basis. Saleforce.com’s CRM, Google apps  etc are the prime example of such a service. Salesforce.com’s CRM, Gmail and Hotmail are prime examples of SAAS.

Sunday, 19 August 2018

What is Ransomware?

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware, ISC2 Study Material, ISC2 Learning, ISC2 Tutorial and Material

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.

Ransom Prices and Payment


Ransom prices vary depending on the ransomware variant and the price or exchange rates of digital currencies. Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators commonly specify ransom payments in bitcoins. Recent ransomware variants have also listed alternative payment options such as iTunes and Amazon gift cards. It should be noted, however, that paying the ransom does not guarantee that users will get the decryption key or unlock tool required to regain access to the infected system or hostaged files.

Ransomware Infection and Behavior


Users may encounter this threat through a variety of means. Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload either dropped or downloaded by other malware. Some ransomware are known to be delivered as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems.

Once executed in the system, ransomware can either lock the computer screen, or, in the case of crypto-ransomware, encrypt predetermined files. In the first scenario, a full-screen image or notification is displayed on the infected system's screen, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware prevents access to files to potentially critical or valuable files like documents and spreadsheets.

Ransomware is considered "scareware" as it forces users to pay a fee (or ransom) by scaring or intimidating them. In this sense, it is similar to FAKEAV malware, but instead of capturing the infected system or encrypting files, FAKEAV shows fake antimalware scanning results to coax users into purchasing bogus antimalware software.

Friday, 17 August 2018

Security Advisory: Spectre and Meltdown Remediation

Cybersecurity continues to make headlines in the New Year, including public disclosure on January 3rd of two new vulnerabilities that affect most modern computer processors. Spectre and Meltdown represent a new class of vulnerability that takes advantage of performance optimizations used by modern computer processors to access protected memory. Successful exploitation of these vulnerabilities could allow threat actors to access data that would otherwise be considered secure. Protecting platforms at risk – including servers, desktops, laptops, mobile devices, and hypervisors – will require deployment of software updates.

Spectre and Meltdown, ISC2 Guides, ISC2 Certification, ISC2 Learning, ISC2 Study Materials

Patching is certainly the priority at this time, but as we regularly caution our clients, patching also introduces risk in two forms: 1. performance impact to systems and 2. conflicts that may occur with end-point security solutions such as anti-virus. To manage that risk, you should take a methodical and measured approach to patching that includes thorough testing against representative systems in different environments within your organization.

Six Steps for Remediation


Organizations should follow a risk-based approach to update impacted systems without causing undue disruption to business operations. To update impacted systems within your environment we provide the following process outline. Please note that customizations may be required for your environment based on your operations and risk appetite:

1. Identify impacted systems within your extended environment (including cloud infrastructure, cloud services and mobile devices).

2. Identify relevant vendors and contact vendors for their latest patching or vulnerability mitigation advice.

3. Develop a patching plan.

◈ Consider cloud infrastructure and systems that are used to access the web as a priority.

◈ Consider the web browsers in your environment as higher risk.

◈ Consider security solutions that process arbitrary code (i.e. malware sandboxes) as potentially higher risk (although currently no in the wild exploitation has been observed).

◈ Consider the existing workload of systems, particularly those close to your core operations. Patching may incur a performance impact.

◈ Consider host based security controls that may cause conflicts following patching until updates for those host based controls are available that take into account the new operating system patches.

◈ Understand the vendor recommended order for applying updates to systems i.e. Microsoft suggest updating Anti-Virus first, then applying operating system updates, then applying any BIOS or microcode updates.

◈ Ensure you have a back-out plan in case of unforeseen impact resulting from applying updates.

◈ Communicate with key business stakeholders regarding the patching plan, the need to patch and where they can report any potential impact of the patching if they experience issues.

4. Test patches on a representative sample of systems, under normal workloads, accounting for any peak workloads that are normally experienced.

◈ There is a risk that performance will be degraded following patching. Systems currently under heavy load may be particularly vulnerable.

5. Deploy patches using a phased approach with monitoring periods between blocks of update activity.

6. Monitor for unforeseen impact.

Tuesday, 14 August 2018

Advanced Malware vs. Malware: How to Protect Your Enterprise from Both

Malware vs. Advanced Malware


Malware (short for malicious software) refers to any type of software designed to cause harm to a device. There are many different types of malware, the most common being: viruses, rootkits, spyware, worms and trojan horses. Malware causes slow browser speeds, can change or delete data, access confidential data, disable systems and networks, cause a hard drive crash and much more.

Advanced Malware vs. Malware, ISC2 Study Materials, ISC2 Guides

Advanced malware is malware that has a specific target and mission and is most likely carried out against an organization or enterprise. It can even target certain people at an organization like systems administrators. Advanced malware uses specially modified malware that uses several different ways and techniques to penetrate a system. These attacks avoid detection by traditional security controls and even some sandboxing technologies built to dynamically analyze malware. Combatting these advanced malware attacks consumes significant amounts of remediation time and security budgets.

Threat actors are using increasingly advanced malware designed to evade traditional signature-based protections, network security monitoring tools and even some sandbox technology. In addition, lack of experienced resources and overreliance on technology exposes weaknesses in network security, resulting in failure to detect and/or respond to a major information security breach.

What Is a Zero-Day Threat?


A zero-day threat or attack is an advanced malware that exploits previously unknown networks vulnerability within an organization's operating system. This malware, called a "zero-day" refers to the time of the attack because it occurs before the vulnerability has been discovered by a developer or on the same day.

How Can Organizations Combat Advanced Malware Threats?


Advanced malware detection solutions produce so much detail about the suspicious activity that most organizations do not have the resources to thoroughly investigate and analyze it. The best technology means nothing if you don't have the right expertise to react to the alert, quickly decipher complex reports, investigate the threat, and determine the right response. And meanwhile, the threat actors aren't standing still – they're developing measures to circumvent controls in some traditional sandbox environments.

Organizations need an advanced malware protection solution that ensures the right technology, intelligence and security expertise are in place. The network intrusion detection solution must be able to identify and respond to advanced and evasive cyber threats in order to ensure the organization isn't the next big news story.

Your organization has to minimize the threat actor's window of opportunity before extensive damage can be done. It's critical that you have access to a robust intelligence framework; one that tracks the countless movements of the elusive threat groups that are out there, especially if you're going to rapidly detect and respond.

Your first priority should be finding a specialized advanced analyst team who can identify and diagnose these evasive threats -- not just accurately, but also timely -- based upon these new complex alerts.

Choosing an Advanced Malware Protection and Detection Provider


Protect against evasive malware and advanced threats by finding an advanced malware protection and detection (AMPD) provider that offers an elite layer of defense against emerging threats. The right team will combine vast intelligence capabilities with advanced technology to help you see, rapidly analyze and accurately diagnose security threats, and get focused guidance that speeds your malware incident response and its removal.

Advanced Malware vs. Malware, ISC2 Study Materials, ISC2 Guides

Advanced Malware Protection and Detection Benefits


1. Full system emulation to catch the most evasive malware

AMPD's full system emulation goes beyond traditional sandbox technology to detect the new class of malware designed to evade sandbox environments.

2. Intelligence as a service

Choose an AMPD provider that can deliver customized and focused threat research and actionable information to address issues.

3. Accurate diagnosis

Your AMPD's analysts often have pre-knowledge of malware others may consider to be zero-day or misdiagnose as something else. This saves valuable time in the event of a breach.

4. Accelerates incident response and reduces cost

Advanced Malware Protection and Detection reduces cost by helping customers quickly and accurately diagnose the threat, and provides actionable next steps that accelerates incident response and reduces the exposure to the malware threat.

Sunday, 12 August 2018

What Is a Man-in-the-Middle Attack?

A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.

Key Concepts of a Man-in-the-Middle Attack


◈ Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
◈ A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
◈ Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Man-in-the-Middle Attack Examples


ISC2 Certification, Attack, ISC2 Tutorial and Materials, ISC2 Guides

The hacker is impersonating both sides of the conversation to gain access to funds. This example holds true for a conversation with a client and server as well as person-to-person conversations. In the example above, the attacker intercepts a public key and with that can transpose his own credentials to trick the people on either end into believing they are talking to one another securely.

Interactions Susceptible to MITM Attacks


◈ Financial sites – between login and authentication
◈ Connections meant to be secured by public or private keys
◈ Other sites that require logins – where there is something to be gained by having access

ISC2 Certification, Attack, ISC2 Tutorial and Materials, ISC2 Guides

Other Forms of Session Hijacking


Man-in-the-middle is a form of session hijacking. Other forms of session hijacking similar to man-in-the-middle are:

◈ Sidejacking - This attack involves sniffing data packets to steal session cookies and hijack a user’s session. These cookies can contain unencrypted login information, even if the site was secure.

◈ Evil Twin - This is a rogue Wi-Fi network that appears to be a legitimate network. When users unknowingly join the rogue network, the attacker can launch a man-in-the-middle attack, intercepting all data between you and the network.

◈ Sniffing - This involves a malicious actor using readily available software to intercept data being sent from, or to, your device.

Friday, 10 August 2018

Don’t Forget Victimology as a Cybersecurity Strategy

As cybersecurity professionals overwhelmed with compliance requirements, regulations, and a multitude of tradecraft frameworks, we sometimes lose focus on what we really are at our roots. We are cybercrime fighters. We move through our day as cybersecurity leaders defending our organization's employee data, customer data, and trade secrets from cybercriminals. As such, we must focus on our adversaries just as much as we focus on the people, processes, and technology used to defeat them. This is an all-too-often overlooked element of effective cybersecurity and when used correctly, this – along with aligning sound cybersecurity principles with the business goals of our organizations in a risk-based approach – can help an organization achieve cybersecurity efficacy.

Cybersecurity Strategy, Cybersecurity Certification, ISC2 Study Material

Aligning cybersecurity practices to criminological and criminal justice principles is frequently overlooked in the cybersecurity industry because we tend to focus on IT fundamentals. In actuality, when technology is being used to facilitate a crime or the technology itself is the target of a crime – this is the very definition of cybercrime. Integrating criminological and criminal justice principles into a cybersecurity program helps to achieve effective cybercrime protection thereby protecting the assets of an organization as well as the personal and private data of its employees and consumers. Bottom line – when we are talking about cybersecurity, we're often talking about fighting crime, and one proven technique used in criminology is the science of victimology.

Cyber Victimology – Protecting Individuals and Organizations


In criminology, the term victimology is described as studying victims of crimes, the emotional and psychological effects of the crime, and relationships between perpetrators and victims. Important to note here is that studying the victim provides law enforcement investigators insight into who likely committed the crime, why they committed the crime, and the methods they use. This is no different in cybercrime. In fact, Professor Jaishankar of the International Journal of Cyber Criminology has a wealth of research specifically on this topic as well as other specific cyber criminology topics. Professor Jaishankar discusses phenomenon in cybercrime, which includes the overlap between physical crime and online crime. He is a proponent of the new cybercrime theory known as the Space Transition Theory, a theory that proposes that people behave differently in cyberspace than they do in the physical world. Cybercrime is no longer simply hacking and attacking systems – it is an attack on people, their organizations, and the people who make up those organizations. In Jaishankar's book Cybercrime and Victimization of Women, the professor clarifies the definition of cybercrime from the perspective of the victim. So how is this perspective relevant to a business organization's cybersecurity practice?

Just as an individual person has victimology-based characteristics, so do organizations. An organization's business interests, political action campaigns, vigilance level, protection abilities, and cyber risk tolerance are just some of the characteristics that can determine if an organization is more likely to be attacked, by whom, how, and why. This can provide a cybersecurity leader actionable information about how to best protect their organization and its executive leadership from attacks. For example, an organization that performs some type of excavation or resource mining may be a direct target for an eco-terrorist group. A high profile CEO at an organization whose business or political action campaigns do not resonate well with certain hacktivist groups can personally be targeted for both physical attacks as well as cyber-based attacks. Taking the time to establish what an organization's victimology is can help a CISO and their team parallel the right protections and determine what risk posture the organization should assume. This places the business risk into perspective for the Board of Directors. It adds likelihood and impact, which are details that have influence in the boardroom.

Mapping Victimology to Cybersecurity Strategy


Organizations have leadership and each member of that leadership team is a human being with traits of victimology. Along with the leadership, the organization takes on its own unique victimology profile as well. This profile is made up of its core business goals, employee cybersecurity awareness, individual vigilance, organizational awareness, organizational risk appetite and overall cybersecurity protection efficacy. These characteristics make organizational cyber victimology much more complex. The key task for CISOs is to understand the victimological profile of both their organization and their organization's leadership. Then the CISO must map these to the specific cybersecurity program they build while identifying potential adversaries, commonly used tactics, and the subsequent prioritized protections that need to be put into place for the organization's defense.

This is a key reason CISOs need to consider cyber executive protection for key executive staff – they and their families are often the primary victims of complex cybercrime attacks due to their victimology. They can also become triggers for attacks against their organizations or vice versa. A few of the key considerations taken into account in cyber executive protection include the following:

1. Analysis of the principal's cyber habits
2. The principal's cyber and cyber-physical vulnerability
3. Profiles of the principal's inner circle
4. The risk of attack

For instance, a CEO of an organization which profits from animal byproducts may attract attention and become a target of organizations such as the Earth Liberation Front or Anonymous, well-known hacktivist groups that established cyber-attack campaigns in the name of animal rights. These groups utilize specific behavioral tactics, techniques, and procedures (TTP), and organizations should employ the victimology traits of an organization and its executive leadership to identify the weaknesses that these types of adversaries will likely attack. TTP's such as spear phishing, watering hole attacks, and brute forcing all used by advanced persistent threat (APT) groups are just one example of TTP's used by specific hacking groups. This provides a roadmap for an organization's cybersecurity defense efficacy and key components of what the cybersecurity program should include.

Adapt Your Cybersecurity Program to Your Risk Profile


This leads to a few major considerations for the CISO or executive cybersecurity leadership of an organization:

1. A CISO should develop a comprehensive victimology profile of their organization, the organization's key leadership, and key leadership's close staff.

2. Organizations should deploy effective threat intelligence. An effective threat intelligence service should include criminal intelligence analysis along with technical intelligence. This helps with both preemptive protection mechanisms as well as post-event attribution.

3. Don't exclusively focus on technology and IT frameworks – also consider criminological elements when building your cybersecurity plan.

4. A good solution to solving the major shortage of cybersecurity talents is to leverage criminal justice and criminology majors for roles and not just technologists. They bring this essential (and often overlooked) element of cybersecurity.

An effective cybersecurity program also includes social science elements such as sociology, criminology, and victimology. These elements are specifically those found in criminology and criminal justice. Combining victimology profiling both organizationally and individually can provide effective information in building an effective cybersecurity plan. CISOs must stop falling into the trap of only centering on IT frameworks or methodologies. Inevitably, security leaders and their teams fight crime and help secure their organizations from threat actors. Embracing a holistic approach that incorporates victimology, includes solid threat intelligence, and cyber executive protection will help ensure your cybersecurity program has achieved maturity and efficacy.

Wednesday, 8 August 2018

14 Main Advantages and Disadvantages of Computer Networking

Computer Networking, Cybersecurity, Security, ISC2 Study Material

Computer networking has become one of the most successful ways of sharing information, where all computers are wirelessly linked together by a common network. Now, businesses and organizations heavily rely on it to get messages and information across to essential channels. Not only has that it benefited establishments, but also individuals, as they also need to share important information every day. But no matter how useful computer networking is, it does not come without drawbacks. Here are its advantages and disadvantages:

List of Advantages of Computer Networking


1. It enhances communication and availability of information. 

Networking, especially with full access to the web, allows ways of communication that would simply be impossible before it was developed. Instant messaging can now allow users to talk in real time and send files to other people wherever they are in the world, which is a huge boon for businesses. Also, it allows access to a vast amount of useful information, including traditional reference materials and timely facts, such as news and current events.

2. It allows for more convenient resource sharing. 

This benefit is very important, particularly for larger companies that really need to produce huge numbers of resources to be shared to all the people. Since the technology involves computer-based work, it is assured that the resources they wanted to get across would be completely shared by connecting to a computer network which their audience is also using.

3. It makes file sharing easier. 

Computer networking allows easier accessibility for people to share their files, which greatly helps them with saving more time and effort, since they could do file sharing more accordingly and effectively.

4. It is highly flexible. 

This technology is known to be very flexible, as it gives users the opportunity to explore everything about essential things, such as software without affecting their functionality. Plus, people will have the accessibility to all information they need to get and share.

5. It is an inexpensive system. 

Installing networking software on your device would not cost too much, as you are assured that it lasts and can effectively share information to your peers. Also, there is no need to change the software regularly, as mostly it is not required to do so.

6. It increases cost efficiency. 

With computer networking, you can use a lot of software products available on the market which can just be stored or installed in your system or server, and can then be used by various workstations.

7. It boosts storage capacity. 

Since you are going to share information, files and resources to other people, you have to ensure all data and content are properly stored in the system. With this networking technology, you can do all of this without any hassle, while having all the space you need for storage.

List of Disadvantages of Computer Networking


1. It lacks independence. 

Computer networking involves a process that is operated using computers, so people will be relying more of computer work, instead of exerting an effort for their tasks at hand. Aside from this, they will be dependent on the main file server, which means that, if it breaks down, the system would become useless, making users idle.

2. It poses security difficulties. 

Because there would be a huge number of people who would be using a computer network to get and share some of their files and resources, a certain user’s security would be always at risk. There might even be illegal activities that would occur, which you need to be careful about and aware of.

3. It lacks robustness. 

As previously stated, if a computer network’s main server breaks down, the entire system would become useless. Also, if it has a bridging device or a central linking server that fails, the entire network would also come to a standstill. To deal with these problems, huge networks should have a powerful computer to serve as file server to make setting up and maintaining the network easier.

4. It allows for more presence of computer viruses and malware. 

There would be instances that stored files are corrupt due to computer viruses. Thus, network administrators should conduct regular check-ups on the system, and the stored files at the same time.

5. Its light policing usage promotes negative acts. 

It has been observed that providing users with internet connectivity has fostered undesirable behavior among them. Considering that the web is a minefield of distractions—online games, humor sites and even porn sites—workers could be tempted during their work hours. The huge network of machines could also encourage them to engage in illicit practices, such as instant messaging and file sharing, instead of working on work-related matters. While many organizations draw up certain policies on this, they have proven difficult to enforce and even engendered resentment from employees.

6. It requires an efficient handler. 

For a computer network to work efficiently and optimally, it requires high technical skills and know-how of its operations and administration. A person just having basic skills cannot do this job. Take note that the responsibility to handle such a system is high, as allotting permissions and passwords can be daunting. Similarly, network configuration and connection is very tedious and cannot be done by an average technician who does not have advanced knowledge.

7. It requires an expensive set-up.

Though computer networks are said to be an inexpensive system when it is already running, its initial set up cost can still be high depending on the number of computers to be connected. Expensive devices, such as routers, switches, hubs, etc., can add up to the cost. Aside from these, it would also need network interface cards (NICs) for workstations in case they are not built in.

Sunday, 5 August 2018

Cybersecurity vs. Network Security vs. Information Security

Cybersecurity, Network Security, Information Security, Security

We are in a time where businesses are more digitally advanced than ever, and as technology improves, organizations’ security postures must be enhanced as well. Failure to do so could result in a costly data breach, as we’ve seen happen with many businesses. Threat actors are going after any type of organization, so in order to protect your business’s data, money and reputation, it is critical that you invest in an advanced security system. But before you can start developing a security program for your organization, it’s critical that you understand the different types of security and how they all work together.

What is Information Security?


Information security (also known as InfoSec) ensures that both physical and digital data is protected from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. Information security differs from cybersecurity in that InfoSec aims to keep data in any form secure, whereas cybersecurity protects only digital data. If your business is starting to develop a security program, information security is where you should first begin, as it is the foundation for data security.

Governance Framework

When you’re creating your information security program, you’ll want to start with having the proper governance structure in place. Governance is the framework established to ensure that the security strategies align with your business objective and goals. Governance bridges the gap between business and information security, so the teams can efficiently work together. The framework also defines the roles, responsibilities and accountabilities of each person and ensures that you are meeting compliance.

CIA Triad

When InfoSec experts are developing policies and procedures for an effective information security program, they use the CIA (confidentiality, integrity and availability) triad as a guide. The components of the CIA triad are:

◈ Confidentiality: ensures information is inaccessible to unauthorized people—most commonly enforced through encryption—which is available in many forms
◈ Integrity: protects information and systems from being modified by unauthorized people; ensures the data is accurate and trustworthy
◈ Availability: ensures authorized people can access the information when needed and that all hardware and software are maintained properly and updated when necessary

The CIA triad has become the de facto standard model for keeping your organization secure. The three fundamental principles help build a vigorous set of security controls to preserve and protect your data.


What is Cybersecurity?


Cybersecurity, a subset of information security, is the practice of defending your organization’s networks, computers and data from unauthorized digital access, attack or damage by implementing various processes, technologies and practices. With the countless sophisticated threat actors targeting all types of organizations, it is critical that your IT infrastructure is secured at all times to prevent a full-scale attack on your network and risk exposing your company’ data and reputation.

Social Engineering

When cyber-threat actors target your organization, they research not only your business, but your employees as well. They know that employees outside of IT security aren’t as aware of cyber threats, so they execute cyberattacks that exploit human vulnerabilities. Through the process of social engineering, threat actors manipulate people into giving the access to sensitive information. The most common social engineering attacks include:

◈ Phishing: usually in the form of emails or chats, where the threat actors pose as a real organization to obtain personal information

◈ Pretexting: when a threat actor impersonates an authority figure or someone that the target would easily trust in order to get their personal information

◈ Baiting: when threat actors leave a malware-infected device, such as a USB or CD, in a place where it can be easily found by someone, who would then use the infected device on their computer and accidentally install the malware, giving the threat actors access into the target’s system

◈ Quid pro quo: when a threat actor requests personal information in exchange for some form of reward, i.e. money, free gift or a free service

As a business leader, it is your responsibility to build a culture of security awareness and fill in the gaps in your team's cybersecurity knowledge and understanding. It’s essential that your workforce be informed of cybersecurity risks, so it will be less likely for an employee to fall victim to an attack.

What is Network Security?


Network security, a subset of cybersecurity, aims to protect any data that is being sent through devices in your network to ensure that the information is not changed or intercepted. The role of network security is to protect the organization’s IT infrastructure from all types of cyber threats including:

◈ Viruses, worms and Trojan horses
◈ Zero-day attacks
◈ Hacker attacks
◈ Denial of service attacks
◈ Spyware and adware

Your network security team implements the hardware and software necessary to guard your security architecture. With the proper network security in place, your system can detect emerging threats before they infiltrate your network and compromise your data.

There are many components to a network security system that work together to improve your security posture. The most common network security components include:

◈ Firewalls
◈ Anti-virus software
◈ Intrusion detection and prevention systems (IDS/IPS)
◈ Virtual private networks (VPN)

When your network security is compromised, your first priority should be to get the attackers out as quickly as possible. The longer they stay in your network, the more time they have to steal your private data. According to Ponemon Institute’s 2013 Cost of Data Breach study, excluding catastrophic or mega data security breaches, the average cost of a data breach per compromised record in the U.S. is $188. The average total cost to an organization in the U.S. is more than $5.4 million. The most effective method of lessening the total cost is by getting the attackers out of your network as soon as possible.

Friday, 3 August 2018

Difference Between Security and Privacy

Both security and privacy are interdependent and they are often synonymous with each other. Many of us may believe both are closely related terms and one cannot have one without the other, while some would argue that one can have security without privacy, but not the other way around. Both terms are synonymous with technology and networks.

The impact of technology on our lives continues to rise, with digital businesses moving at a much faster pace than traditional businesses. As large organizations embrace technologies such as big data, Internet of Things, and cloud, security is a necessary evil. In this technology-driven digital era where everything is connected and easily accessible, security must be more than an afterthought. This article explains how the two differ from each other rather than related.

What is Security?


Security refers to personal freedom from external forces. It’s the state of being free from potential threats or dangers. Just like a home security system which protects the integrity of your household, data security protects your valuable data and information from prying eyes by safeguarding your passwords and documents.

Security and Privacy, ISC2 Security, ISC2 Certification, ISC2 Study Materials

Security refers to protective measures put in place to protect digital data from unauthorized users, such as cyber criminals and hackers. Technology has gotten more advanced, so does hackers, and so should data security measures. While security does not guarantee that data or information cannot be compromised, strict security measures and protocols help preventing unauthorized access. So, it’s always recommended to safeguard your online accounts with strong passwords, with different combinations on different websites that require a log in.

The main objectives of security are confidentiality, integrity, and availability. The goal is to strengthen internal control and restrict unauthorized access from both internal and external factors, thereby protecting the confidentiality and integrity of resources and assets.

All security measures try to address at least one of the three goals:

1. Protecting the confidentiality
2. Preserving the integrity of information assets
3. Promoting availability of data and information.

These measures apply to areas such as personnel security, network security, and administrative security. The security protocols and measures define what you wish to protect and from what. To develop strong and legit security policies, you must define you security objectives, which will further help you draw up the security plan for a secure system.

What is Privacy?


Privacy is one’s right to freedom from intrusion and prying eyes. It’s the state of being free from unwanted attention and secret surveillance. Privacy is more like a notion that includes secrecy. It’s one of the core principles of human dignity.

Security and Privacy, ISC2 Security, ISC2 Certification, ISC2 Study Materials

Let’s take the window, the one in your home. A window has various functions. For one, it updates the interiors with a graphical control element. It allows people to enjoy the beautiful outdoors, and at the same time, it also provides access to outsiders or unwanted visitors from getting inside. Just like you look outside, others may look inside. To prevent outsiders from peeking into your windows, you can put a curtain or a drape to cover the window. This is called privacy. Restricting the view protects your privacy as intruders or thieves may not be able to see who or what’s inside. Similarly, information security protects limits access to personal data or information.

Difference between Security and Privacy


1. Definition of Security and Privacy

While both are interlinked terms that are often used in conjunction with each other. While one cannot exist without the other, they are often misappropriated. Security is the state of personal freedom or being free from potential threats, whereas privacy refers to the state of being free from unwanted attention.

2. Objectives of Security and Privacy

The three main goals of security are confidentiality, integrity and availability. Security means safeguarding your information assets and confidential data from unauthorized access. It affects both information security and cyber security. All security protocols address at least one of the three goals. Privacy, on the other hand, refers to the rights of individual and organizations with respect to personal information.

3. Programs for Security and Privacy

A security program refers to a set of protocols and regulations set in place to protect all the confidential information assets and resources that an organization collects and owns. It focuses on the data and information rather than personal information of individuals. Privacy program, on the other hand, focuses on protecting only personal information such as log in credentials, passwords, etc.

4. Principles of Security and Privacy

The three core principles of security include protecting confidentiality, preserving integrity of information assets, and promoting availability of data and information. Privacy defines the rights of individual and organizations with respect to personal information. To some extent, privacy can be achieved with security initiatives and security depends on privacy of credentials and access to data.

5. Dependency

Security and privacy go hand-in-hand. One can envision an environment which is secure but doesn’t guarantee privacy. Similarly, one can imagine a home which is private because of the windows, but it doesn’t guarantee security from outsiders. Security can be achieved without privacy, but privacy cannot be achieved without security. It security is weak or vulnerable, it automatically affects privacy.

Security vs. Privacy: Comparison Chart


Security and Privacy, ISC2 Security, ISC2 Certification, ISC2 Study Materials