Cyber Security

Baseline implementation for threat identification

Baseline implementation for threat identification
Why security tools are needed? The general answer is that “They easily identify the suspicious traffic / activities and generate automatic alerts”. But who defines which traffic is normal and which traffic is suspicious? The process of identifying the nature of the traffic is  crucial for effective security tool implementation. No security tool works out of the box and starts generating meaningful alerts. Also, there are no universal set of rules which can be applied to all networks. The security analyst needs to collect input from various event sources and analyze it to identify normal nature of the network. Then a benchmark should be set which defines the nature of the traffic. All the rules and alerts should be created by using this benchmark as the baseline.
 

Cyber Security - Open Source vs Closed Source

Cyber Security - Open Source vs Closed Source
“An open door house or closed door house.” Which one is more secure? Most of us will say that the closed door house is more secure. Yes, you’re probably right or wrong !! This actually depends on the way you look at it.
 
Now just consider the house as a software and then ask which one is more secure, open source or closed source?
 
With the evolution of the digital world, everyone is expecting enhanced security, reliability, low cost, better performance and easy to use software. To fulfil the need we are leaning more towards open source tools, libraries, compilers, language packs etc. When the complete code is open to all how it can be safe and secure from the attackers where  attackers will have detailed knowledge about the source used in products. Do you think it is worrisome?
 

Cyber kill usage for Advanced Persistent Threat

Cyber kill usage for Advanced Persistent Threat

Industry-wide, cyber security defenders are struggling to keep pace with increasingly advanced (and well-funded) criminal campaigns. These campaigns have substantial, bottom-line impacts and require rapid response with advanced counter-measures. These criminal campaigns are called Advanced Persistent Threats,Many organizations have sound fundamental cyber security capabilities. However, advanced persistent threat (APT) tactics require more agile and advanced defenses. Organizations must continue the fundamentals while adding more advanced and complimentary capabilities. New technologies and methodologies are needed to detect, prevent and respond to threats in near real-time.

To explore the full article, please open the attached pdf.

Authored by Vikas Kumar
TCS Enterprise Security and Risk Management 

 

 

Hiding in plain sight: Examining support for steganographically hidden content on the internet

Hiding in plain sight: Examining support for steganographically hidden content on the internet

Steganography is the practice of hiding a message or a file within another file so that only the sender and receiver know of its existence. It may also involve the use of cryptography, where the secret message/file is encrypted before being hidden. The objective is to ensure that transmission of secret data remains unsuspected and undetectable. Unlike encrypted files, steganographically hidden messages do not attract attention or arouse suspicion.

Steganography is both an art and a science. As a science it has evolved with advancement in technology, hiding techniques & tools, and as an art it has evolved with ingenuity of man. This advancement has made it easy for anyone to practice it from anywhere on the planet.

This article presents an approach to examine whether a website allows support for steganographically hidden content by evaluating a varied mix of social media sites, image hosting sites, media sites and a few easily available steganography tools.

Catch a Thief by Being One : Control the Gain - Part IV

Catch a Thief by Being One : Control the Gain - Part IV

In previous article, we understood the phases where an attacker prepares for an attack enumerate the target environment and scans the entire network. More information about the target is acquired, more vulnerability can be identified and more attack vectors can be prepared to launch the attack.

Now that attacker has all this data, he has the vulnerability identified, scanned network architecture and the loopholes which can be utilized to gain access of the target network. Third phase, the step where an actual attack is performed, is known as Gaining Access.

To gain access, attacker might try to use anyone or more than one method:

Not just adequate to array- Management is more imperative

Not just adequate to array- Management is more imperative

Generally, people have this idea in mind that Information Security arrangements are for reacting on security breaches rather than preventing them. But on the contrary, preventing problems by strengthening security is more effective and less expensive than reacting to breaches after they occur. We deploy so many layers of security in an organization; still we face issues and security breaches quite often. It is high time for us to think about the reasons behind this. Below are few reasons which I could think of:

1.       In an enterprise wide environment, weakest link in security chain is the end mile network point. Endpoints and their users become the loophole in the properly tighten security structure. Security teams should ensure that even the last network device is covered in the scope of Security deployment. Also, customers should help to patch this loophole.

Catch a Thief by Being One : Let us Get Started - Part I

Catch a Thief by Being One : Let us Get Started - Part I

The recent IT landscape has forced the organizations to go online with every ounce of data they have. In the current scenario, Data is everything and if that is made public, securing and classifying it becomes a top priority.

When we talk about Security, three basic elements called as Infosec CIA triangle comes into our mind i.e. confidentiality, integrity and availability.

Each and every effort should be put in to ensure above three things. There are so many techniques to protect the data and to ensure these in an organization but the key point is that above three attributes of data must be protected.

Although these elements are so common, they are most effective principles which a Security Engineer can cling upon. Now, that we have already discussed the basics of Information security. Let us get into the real discussion of catching a thief by being one.

A parental guide to cyber bullying

A parental guide to cyber bullying
Bullying is just that; it’s only in more recent years that ‘cyber bullying’ has become prevalent. Bullying is bullying, irrespective of age it’s been in society for as long as you wish to consider. But it does leave a nasty taste in your mouth!
 
No parent wishes to learn that their child is being bullied, be it physically, mentally or in the virtual world. The following is a proactive guide for any parent or carer; it’s simple and jargon free to enable you to become cyber safety smart parent.

The guide …..

Communication is paramount, any parent should be able to discuss bullying in an open manner with their child.  Though in doing so, you need to discuss ground rules which should be reviewed periodically and yes it will have to be in a disciplined manner, certainly from the parental perspective.
 

Some APT talks ÔÇô Part 2 ÔÇô Detect the Undetected

Some APT talks ÔÇô Part 2 ÔÇô Detect the Undetected

We have discussed about APT and its attack vectors in Part 1. Now it is important how we plan the mitigation strategies? There are multiple solutions in the market that offers different tools to effectively mitigate APT’s.  It would be boring and repetitive if I go through the best practices and the technologies I have already discussed in this forum such as User Awareness, Password policies, Patching etc. We will have a look at something new- Deception, a proactive way of dealing with these sorts of cyber attacks.

Pages

Subscribe to RSS - Cyber Security