• 5 Common Types of Security Professionals

    Posted over 2 years ago
    by rhalbheer}

    I am following Shoaib’s blog since quite a while – actually due to the beauty of the Internet, we only met virtually so far Smile.

    He just posted on his blog: 5 Common Types of Security Professionals

    I really like this post. The way he categorizes them is:

    • The NO-MASTER
    • The By-The-Book Preacher
    • The Dinosaur
    • The Technology-Solves-It-All
    • The paranoid

    The reason, why I like it so much is that I am deeply convinced that security can only be successful if it is aligned to business needs and not necessarily to policies and to fear. So, thinking about where security can become a business enabler would often be worthwhile. Additionally, we probably should think about our risks as well. It might well be that the we think that the world might end if a certain risk materializes but it might not even make it in the Top-100 risks of your company…

    So, maybe we should change our approach or at least be honest and look in which of the 5 buckets we fit…

    Thanks Shoaib

    Roger

  • Windows Defender Offline

    Posted over 2 years ago
    by rhalbheer}

    A few days ago, Windows Defender Offline was released. This is basically the tool to use, if you are unable to remove malware from a running PC.

    To quote the website:

    Sometimes, malicious and other potentially unwanted software, including rootkits, try to install themselves on your PC. This can happen when you connect to the Internet or install some programs from a CD, DVD, or other media. Once on your PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline can help remove such hard to find malicious and potentially unwanted programs using definitions that recognize threats. Definitions are files that provide an encyclopedia of potential software threats. Because new threats appear daily, it's important to always have the most up-to-date definitions installed in Windows Defender Offline. Armed with definition files, Windows Defender Offline can detect malicious and potentially unwanted software, and then notify you of the risks.

    You find it here.

    Roger

  • Cybersecurity–Do we need to change the approach?

    Posted over 2 years ago
    by rhalbheer}

    Years ago information security or cybersecurity was in the hands of specialists, which set the rules and the users had to follow – in theory. Whether the users really followed the rules, policies and recommendations is a different story but it worked that way. I rarely remember a CIO/CFO or CEO really being interested in security – until things broke.

    Today, life is different. If I look at the public space, a lot of people want to talk about cybersecurity in one way or another, a lot of governments across the globe started cybersecurity initiatives etc. This is a really good development as societies will run into huge challenges if technology fails but it poses some new challenges as well:

    • As security professionals, we are not used to simplify our messages and the work we do. We are not really used to explain cybersecurity to people who are already challenged with technology in general.
    • This leads from my point of view to government elites, politicians and a lot of private sector organizations using military terminology. All of a sudden we get caught in talking about “weaponizing technology” – which leads politicians thinking about applying similar rules and laws that regulate the distribution of weapons to technology. For us it is fairly clear that this does not work that way in most cases but the terminology implies this. The same thing happens, when it comes to defense. Military is used to “shoot back”. I had this discussion with a lot of people in different governments and non-IT people have a challenge understanding that it might be really, really hard to even figure out who is (technically) behind an attack – worse to figure out who is politically behind an attack. Or do we really for sure know who stood behind Stuxnet? There are public speculations but that’s it.
    • Trends like “Bring your own device” or social networks challenge our approach to security and our approach to defending our networks.

     

    So, what needs to change? In my opinion, different things:

    • I do quite some roundtables and sessions with people who do not know technology too well and security not at all. The typical approach (not mine) mainly by security product vendors is to use a lot of data to scare people, tell them what is wrong and how bad the world is – just to tell them in the next steps that their products addresses all the issues. To me, it is rather about education than about scare. It is about showing the people the world on the Internet is not that different to the real world – criminals mainly use the new technologies to commit “old” crimes with some exceptions like that the criminal does not have to show up at your store anymore. But we as a community need to change the way we talk. We need to simplify the message and help non-security people get a better feeling for the real risks.
    • We need to push back heavily when people use military terminology. I do not want to get into the discussion of “militarization of the cyberspace” but I want to make it clear that the analogies of the military world do not work. I love analogies but only if they work – here they fail. It is even worse, they lead to wrong conclusions. I heard politicians talking about regulating cyber weapons. How do you want to regulate lines of code?

    Therefore, we mainly need to change the way we communicate outside the core set of security people. We need to leave the bubble and make our knowledge accessible to business people in a pragmatic way and understandable…

    Roger

  • Build your own sniffing kit

    Posted over 2 years ago
    by rhalbheer}

    When people look at attackers, they always think that they are extremely smart people. There are really smart people building the kits but the ones applying it? Well, you just need the right guidance:

    Hacker's Tiny Spy Computer Cracks Corporate Networks, Fits In An Altoid Tin

    Fairly easy, isn’t it?

    Roger

  • Keep all your software updated and current

    Posted over 2 years ago
    by rhalbheer}

    I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To me, today Windows XP is a huge risk out there. It was an outstanding operating system when it was launched but it is definitely outdated if you think about how the threat landscape looked like only 5-10 years ago. I am aware of the fact that not all systems can be upgraded because of compatibility issues, a vendor might not even exist anymore. Then these systems need definitely be shielded in different ways to keep them as far off the network as possible.

    The reason for this post is, that I still see a lot of customers who developed a really good practice for handling Microsoft updates but not for the rest. I just read these two articles this morning:

    So, make sure you cover all your software including third-party apps and open source.

    Roger