THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Knowing the detailsWhen it comes to hacking, there are two major culprits to blame. Well, the Democratic Party tried to blame the hacking of Mrs. Clinton’s email server on the Russians. While it was really, the Chinese doing it and they got the emails in real time. So maybe those 33,000 that have seemed to evaporate in mid-air can be found. Maybe if the President were to ask President Xi of China if we can get those back, we could have some closure to the Clinton scandals (maybe). Malware Installed The way the Chinese did it was ingenious if you think about it. They installed malicious software that routed Secretary Clinton’s personal emails to China in real time. The hackers were able to gain access to a “secured server” and were able to install software that went undetected. This sort of setup is not only dangerous, but it is also illegal due to the classification of the email that was going across the server. The malware was sophisticated enough that it went undetected for perhaps months, if not longer while the server was in operation. Due to the illegal activities of destroying government property (in the form of emails) and other activities we may never know fully the impact of the Chinese hacking of the Mrs. Clinton’s email server. Her use of sophisticated hardware wiping software will make it nearly impossible to retrieve the information that forensic investigators would need in order to piece together the data about what software was used on the system. Email Targeting Reasons When it comes to emails, they present a very interesting target. Not only do you get to see what sort of things that people are doing in their personal life. Nevertheless, you are able to see more details than just trying to hack an account and guessing the name of their favorite pet as a kid. Emails are a personal and intimate picture into our daily lives. This is one reason whey hardening email servers is so important for any business or government. While the specific details of the Chinese hack into the server remains a secret at the time of this blog posting. It is safe to say that Mrs. Clinton’s email was a specific target that the Chinese were very interested in having access to. (This is one reason why you don’t use unsecured devices in a foreign country). The risk of using an unsecured system in a country that is known to have a very sophisticated hacking apparatus is just asking for trouble. Hardening Servers
When it comes to email servers, they should be treated with special care due to that so many organizations rely on them for most of their business communications, if not all. Servers need special care when setting them up. The following steps should be taken:
Ethics in IT Security While it continues to baffle me as an IT Security Professional about those that would commit such an egregious act in the first place. No matter who you work for, if there are blatant acts to circumvent the legal system you should determine if it is in line with your own personal ethics. If like most of us, we run across information that may be of a sensitive nature. It comes with the territory of being in this industry. When anyone who has ever had a security clearance for the government knows, you go through rigorous training and classes on the handling of classified information. Regardless of whether you thought it was one way, and then come to find out that it was something different, ignorance is not an excuse. Especially for someone who had her experience and background. (She should have known better). Summary While the details of this compromise are still coming out, we don’t know the specifics of the type of malware that was used or who knew that the compromise even happened. Creating a system that is outside of legal conformities also puts all of the information that is contained or that passes through it a position of vulnerability. If the server was in a secured environment or used government equipment, then there may be some loopholes. This may have permitted the setup and configuration of the server offsite. However, with what we know is Mrs. Clinton didn’t ask, and if she did, those in charge would have denied it. Disclaimer Statement: This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, or organizations that the owner may or may not be associated with in a professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any individual or political party. All content provided on this blog is for informational purposes only. The owner of this blog makes no representation as to the accuracy or completeness of any information on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
0 Comments
Scanning won’t cut it anymoreWhen it comes to IT Security, an organization wants to make sure that they are doing everything right. Whether it is scanning for vulnerabilities or looking for malware on the network, a company will spend time, effort, and money to make sure that they are doing everything right in protecting their business. As the IT Security Professional, it is our responsibility to make sure that those resources are used effectively. Are you using applications or systems that are actually helping you? How do you know? Network Monitoring Network monitoring and vulnerability management are areas that many IT Security Professionals focus their time and energy on these days. Especially with all of the compliance requirements that have been mandated by the government. This has led to a sense of security when it comes to using network monitoring applications or systems. As we rely on these systems to automate the processes that we were doing by hand just a few years ago. It is important to remember that these systems need to have a human in the middle to interpret the information, and then to take action on those areas that have been highlighted. Making the Case Making the case for going after advanced persistent threats (APTs) should be a no brainer. Nevertheless, the truth is that not every threat is going to make itself known to the scanning application(s) (or to multiple applications, for that matter) which may give a false sense of security. This will cause those that may be responsible for network maintenance to not believe the results. The goal for all IT Security Professionals is to both, educate others in the organization to the importance of vulnerability scanning, and to make sure action is taken when a threat or vulnerability is found. While APTs do pose a threat to the network, they are a hidden threat that goes under the radar until they actually do something to the company. By then, it’s too late, and the potential for information loss is significantly greater. Behavior is NOT a Signature While a lot of network monitoring software will utilize a signature of the potential malware or threat in order to detect it. Looking at system behavior and network traffic is a better way to track down those systems that may be compromised. Heuristics is an area that has the ability to look at the whole picture and to see areas that may not look like they are connected, but when looked at heuristically, they make perfect sense. The benefit for heuristics is that software changes at a rapid pace, but behaviors don’t. In order to detect malware applications, some network monitoring applications require a signature in order to detect it. Between the time the new version of the detection application is being updated and sent out to customers, a heuristic application may have already caught it due to its behavior. The malware will utilize any means necessary in order to hide or go undetected. Attack Approach Most APTs will use a multiphase attack methodology. These are the phases regardless of how they entered the network that may be followed depending on the organizational structure of the group(s) conducting the attack against your network:
Key Indicators of APT Attack
While APTs have been known to evade detection by most anti-virus scanning applications, there are some signs to watch for if you suspect that your network may be compromised by an APT:
Mitigation Strategy While detection of APTs may be difficult, there are mitigation steps that every organization can take in order to lessen the potential risk of an attack. The steps are listed below:
Gaining Control Once an APT has been identified, all effected systems should be brought offline and network access disabled. This will help to isolating the systems on the network and also helps to lessen the damage that may be caused by an ongoing compromise of the network. While this will stem the loss of data, it is not meant as a fix. These steps just remove the immediate threat, recovery steps will need to be taken once the threat has been identified and isolated. Summary APTs are continuing to plague organizations as they struggle with dealing with securing their data. This can lead to data loss and an impact to the business in ways that may not be realized for years to come. No matter what type of business you are in, the potential threat is there for APTs to cause havoc for your network. Also, due to the complexity of detecting and protecting against APTs, businesses need to be proactive in their approach to these threats and all members of the support teams and groups need to understand the need to act swiftly once a threat has been identified or suspected. Using an application and systems that not only use heuristics but also those that use signature based detection in conjunction with the behaviors are the ones best utilized in these circumstances. It is not just the signature that will catch the threat, but what is actually going on behind the scenes that you are not looking at that will help to identify what is really going on, on your network. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|