Archive for RB

| July 28, 2015
Comments Off on Snoops Offer Security Tips

Snoops Offer Security Tips

Snoops Offer Security TipsIn one of the more ironic, notice I did not say tragic, turns in the post-Snowden era, the National Security Agency (NSA) has published a report with advice for companies on how to deal with malware attacks. FierceITSecurity says the report (PDF) boils down to “prevent, detect and contain.” To be more specific, the report recommends that IT security pros:

  • Segregate networksSegregate networks so that an attacker who breaches one section is blocked from accessing more sensitive areas of the network;
  • Protect and restrict administrative privileges, in particular high-level administrator accounts, so that the attacker cannot get control over the entire network;
  • Deploy, configure, and monitor application whitelisting to prevent malware from executing;
  • Restrict workstation-to-workstation communication to reduce the attack surface for attackers;
  • Deploy strong network boundary defenses such as perimeter and application firewalls, forward proxies, sandboxing and dynamic analysis filters (PDF) to catch the malware before it breaches the network;
  • Network monitringMaintain and monitor centralized host and network logging product after ensuring that all devices are logging enabled and their logs are collected to detect malicious activity and contain it as soon as possible;
  • Implement pass-the-hash mitigation to cut credential theft and reuse;
  • Deploy Microsoft (MSFT) Enhanced Mitigation Experience Toolkit (EMET) or other anti-exploitation capability for devices running non-Windows operating systems;
  • Employ anti-virus file reputation services (PDF) to catch known malware sooner than normal anti-virus software;
  • Implement host intrusion prevent systems to detect and prevent attack behaviors; and
  • Update and patch software in a timely manner so known vulnerabilities cannot be exploited.

The author quotes from the report;

I Luv your PCOnce a malicious actor achieves privileged control of an organization’s network, the actor has the ability to steal or destroy all the data that is on the network … While there may be some tools that can, in limited circumstances, prevent the wholesale destruction of data at that point, the better defense for both industry and government networks is to proactively prevent the actor from gaining that much control over the organization’s network.

rb-

For those who have not been following along, the TLA’s have been attacking and manipulating anti-virus software from Kasperskey.

SpyingWe also now know suspect that the TLA’s have compromised at least one and probably two hardware vendors. The Business Insider recalls, way back in 2013, as part of the Edward Snowden NSA spying revelations.German publication Spiegel wrote an article alleging that the NSA had done a similar thing — put code on Juniper Networks (JNPR) security products to enable the NSA to spy on users of the equipment. 

Over at Fortinet (FTNT) they had their own backdoor management console access issue that appeared in its FortiOS firewalls, FortiSwitch, FortiAnalyzer and FortiCache devices. These devices shipped with a secret hardcoded SSH logins with a secret passphrase.

The article seems like advertising for the TLA’s hacking program.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| July 23, 2015
Comments Off on British Petroleum Connects Oil Rigs to Internet

British Petroleum Connects Oil Rigs to Internet

British Petroleum Connects Oil Rigs to InternetIn one of the stupidest moves outside of the U.S. gooberment lately, British Petroleum (BP) has connected 650 of its oil wells to the “Industrial Internet.” The same BP that spilled 4.9 million gallons of oil into the Gulf of Mexico in 2010, now plans to connect 4000 oil rigs around the world to the Internet, via the Internet of Things.

BP oil spill pelicanAn article at FierceBigData says that by connecting its wells to the Internet of Things (IoT), BP engineers will gain real-time access to common machine and operational data sets. The aim is to use the data to make better decisions, improve efficiency, prevent failures and reduce costly downtime.

Kate Johnson, General Electric (GEIntelligent Platforms Software CEO and GE Chief Commercial Officer who is running the project for British Petroleum said in a statement to the press.

… our strategy is simple: Get Connected. Get Insights. Get Optimized. By connecting BP’s oil wells around the world, we’re giving them access to better insights that can ultimately drive new efficiencies in their oil fields and increase oil production.

Apparently, GE’s software will allow BP to capture, store, contextualize and visualize data in real-time.

Internet of ThingsThe author clarifies that “Industrial Internet” is a term GE dubbed for Internet, there are just more things connecting to it. And many of the same problems will grow as a result, namely security issues and data breaches galore. Here’s hoping BP and GE are careful to build security in from the ground up and not an add-ons afterthought. Hopefully, there were lessons learned from the Internet’s earlier days.

rb-

The latest IoT insecurity is that Chrysler cars with U-Connect can be cyber-tagged from miles away. I have covered IoT insecurity issues for a while here, here, and here. With all of that in mind..

Like the author says, hopefully, GE gets it right, because BP’s track record is abysmal. IF they don’t get it right, economic terrorists could use flaws in the IoT to cut off oil production from these wells to drive up the cost of oil from other wells in the middle-east. Ecological terrorists could use these same flaws to blow up oil rigs like what happened at Deep Water Horizon in 2010 and contaminate all the Gull of Mexico or the Alaska North Slope or Africa or Saudi Arabia. What would happen if they were able to blow up all 4,000 wells due to weaknesses in the IoT stack

 

Related articles
  • BP to pay $18.7 billion for 2010 oil spill (cinewsnow.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| July 21, 2015
Comments Off on Apple favors IPv6 as IPv4 Dries Up

Apple favors IPv6 as IPv4 Dries Up

Apple favors IPv6 as IPv4 Dries UpThe American Registry for Internet Numbers (ARIN) has reported that the IPv4 well is just about dry in North America. On 01 July 2015, ARIN had to refuse a request for a block of IPv4 addresses. The ARIN statement says that there are still a few IPv4 numbers available in smaller block sizes. But for all intents and purposes, there are no more unassigned public IPv4 addresses. As of July 18, 2015, the ARIN IPv4 Deletion page reports only 335 /24 IPv4 address ranges are available. It is time to start looking at IPv6.

Will have an impact on the large enterprisesThe good news, according to FierceEnterpriseCommunications, is the IPv4 drought isn’t yet affecting most of the internal networks of enterprises. But it’s just a matter of time before it starts to have a greater impact on the largest of enterprises. Microsoft (MSFT), for instance, found it was out of IPv4 addresses a few weeks ago. And for the first time in ARIN’s history, they denied a company that requested a large block of IPv4 addresses. Tom Coffeen, chief IPv6 evangelist at Infoblox, in a statement to FierceEnterpriseCommunications explained:

Though the IPv4 well has run dry and threatens service providers, the sky hasn’t yet landed on enterprise networks … Most enterprises still rely on private IPv4 for their internal networks. The small number of public, routable IPv4 addresses required to connect enterprise networks to the Internet is typically provided by the ISP, making IPv4 much more critical for Internet services providers.

IPv6One company that is reacting to IPv4 scarcity is Apple (AAPL). Apple’s latest operating systems – iOS 9 for iPhones and iPads and OS X El Capitan for Macs are designed to take advantage of IPv6. The new operating systems select the fastest connection with the lowest latency, whether IPv4 or IPv6, using the Happy Eyeballs algorithm, explained David Schinazi, the CoreOS networking engineer at Apple. Devices use the Happy Eyeballs algorithm to decide which protocol to use, as many applications use a “dual-stack” approach to networking, making available both IPv4 and IPv6 connections.

FierceMobileIT says this worked out to be a 50/50 split between IPv4 and iPv6 in iOS 8 and OS X Yosemite, but for the new OSes, IPv6 will be chosen by the algorithm around 99 percent of the time, according to Apple beta testing. Apple’s Schinazi wrote in a post on the Internet Engineering Task Force mailing list that Apple considers IPv6 mainstream.

IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels, IPv4 carrier-grade NATs [network address translations] are increasing in numbers, and throughput may even be better on average over IPv6

The author reports that testing performed by Apple shows that the new OSes should use IPv6 addresses around 99 percent of the time. Apple operating systems have supported IPv6 by default for Mac users as part of the OS X 10.2 Jaguar release in May 2002.

Mr, Schinazi cautioned that both OSes are in beta so things might change for the final versions. “If this behavior proves successful during the beta period, you should expect more IPv6 traffic from Apple products in the future,” he added.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| July 16, 2015
Comments Off on Project Manager Thought Crimes

Project Manager Thought Crimes

Project Manager Thought CrimesThe folks at TaskWorld designed this infographic as a warning to project managers about 5 thought crimes that PM’S should never ever think. The article says these thought crimes can be a real impediment to your ability to be a good project manager. One of the characteristics of a good manager is their ability to show a level of maturity when handling their staff.

Thought Crimes Project Managers Make

 

rb-

Of course I have never been guilty of any of these project manager assumptions. I do know a guy how has tripped over a few of these road-bumps.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Project Management | Tags: , , , , ,
| July 14, 2015
Comments Off on TLA Does Good?

TLA Does Good?

TLA Does Good?ZDNet reports that in the last batch of Snowden documents, there may finally be some evidence that some TLA’s were doing some good. They spied on criminals too. Apparently one Snowden document boasts of how “criminals” can be found through a TLA program.

some TLA's spied on criminals and not citizensUsing this program TLAs can identify cyber attackers. ZDNet says that malicious users causing a “distributed denial-of-service” or DDoS attack, where a group of people overload a server or network with a flood of network traffic can be traced and identified. The TLA also used its program to troll online criminal forums.

rb-

Unfortunately, for law-abiding U.S. citizens, none of the Snowden documents to date have shown that the info collected on criminals was used to stop cyber attacks or was passed on to law enforcement to take action.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »