Archive

Archive for the ‘Discussion’ Category

Denial of Service Attack (DDoS) – lessons learnt, smart network design and what you can do to stop it

February 23rd, 2014 Comments off

Have been doing a bit of research on DDoS recently,  and what can be done to be less vulnerable. So, if you want to understand how most DoS Protection services work, here’s a really quick summary:

How does a DDoS Protection Service Work?

The DDoS protection provider service basically acts as an HTTP reverse proxy which filters both good and bad inbound requests. There are a number of ways the service will filter the requests to weed out the bad ones – whereby it then passes on the good requests to the origin (usually a web server) where it is processed, and a response is then passed back through the filtering service to the requesting client.

The client should not be able to interact directly with the origin. A lot of known DDoS protection services rely on DNS to re-route traffic. Other DDoS protection services utilise in-line devices, or alternatively use BGP based mitigation approaches – which are harder to get around.

 

So How Do You Bypass DNS based DDoS Protection?

Any DDoS Protection Service that uses DNS can be bypassed – whereby after a bit more research into the origin – this can be attacked directly. The flaw is dependent on the protection service using DNS to resolve.  Obviously DNS isn’t a security control designed to block any traffic, and it is definitely not a network access control. The obvious way around this is to keep the origin IP address secret, however this is security by obscurity.

Below are some interesting / useful videos on the topic:

 

BlackHat USA 2013-  Surviving a 300Gb DDoS attack

1 min 160Gb DDoS attack directed at an enterprise customer – overview of Prolexic in action

DDoS Protection flaws and what to do about it

Share/Bookmark
Categories: Discussion Tags:

The changing landscape of Cyber / Security & that penny dropping moment

January 25th, 2014 Comments off

After a dramatic number of major global security breaches & incidents over the past couple of years – such as TargetRSASonyHackgate etc, as well as a massive surge of public interest as an outcome of the NSA surveillance scandal (Prism), it seems peoples perception and understanding of IT Security / Cyber Security & privacy has finally changed for the better.

The penny seems to be finally dropping at the top end of town that all businesses who rely on a solid online reputation, and ability to securely provide service in our highly connected world need to fully take on board the importance of Cyber Security.

The rapid growth of cloud based services and the increased take-up of SaaS (software as a service) by large businesses and enterprises has created excellent opportunities for businesses to leverage these capabilities and enable new and innovative services – however it’s important not to forget that these opportunities come with security challenges that need to be addressed. It can be done, however there’s an increased importance in getting security right.

After all these events over the past few years it is clear that it is no longer just us security guys fear mongering or being an insurance policy for things that never happen. Simply put – these incidents are happening, at an increasing rate. But it’s not all doom and gloom – we can protect and prevent this from happening.

I thought it would therefore be useful to share a small selection of videos I’ve come across recently which convey this message…

Enjoy!

 

Categories: Discussion Tags:

Cloud computing deep dive series

December 11th, 2013 Comments off

Infoworld.com have recently published a number of mega guides and deep dives about cloud computing.

Follow the link below to view some very interesting topics. The public cloud mega guide is very topical!

 

http://www.infoworld.com/d/cloud-computing/deepdive

Categories: Discussion Tags:

The Revolution in IT Has Already Begun – Cloud Adoption

July 1st, 2012 Comments off

2012… Who’d have thought only 5 to 10 years ago that we would now be in what can only be described as a revolutionary change within the IT industry. Well – I’m hoping you may have noticed… we’ve now reached a pinnacle point in time where those who are brave enough will reap the benefits and will be rewarded with growth in the next few years ahead. Yes – I’m talking about cloud adoption in business & the enterprise.

Thanks to technology advancements over the past decade, the business world has become an increasingly adaptive, and fast paced competitive world, where only those who are prepared to fail (but fail quickly and cost effectively) will survive. It’s therefore time to become a part of the journey, and to adapt to what can only be described as an industrial revolution within the world of IT… before your competitors leave you far behind.   It’s “IT Transformation” Time!!

There have been various radical advancements in technology over the past few years, including virtualization, consumer driven advancements in mobility, and ultimately changes in how as individuals and business we interact and consume IT services within today’s world. Yes – I have to agree that the term “cloud” is the most over-hyped but often misunderstood topic, however let’s get straight to the point here and demystify just how big a change we are about to witness within the world of IT and business.

The key thing I need to re-iterate is that there are some HUGE opportunities for businesses that are brave enough to embark on what can only be described as a transformational change in the use of Information Technology.  OK, so everyone has heard of the term “cloud”, but the majority of us don’t fully comprehend just what it is or how much it will change the way in which we consume IT and operate as a business.

There are so many myths and misconceptions about cloud adoption which ultimately prevent most large businesses and enterprises from embarking on the cloud journey. For clarities sake, I’m predominantly talking about Infrastructure (IaaS) and Software (SaaS) Services in the cloud in this context.

 

Enterprise Cloud Adoption Strategy Tips

So, without further ado, I wanted to share my initial recommendations & tips for any large business or enterprise considering cloud adoption….

 

1. BRING THE OUTSIDE IN

Bring the outside in – and drive some interest and excitement from a cloud adoption perspective with your influential leaders by demonstrating what other competitors and market leaders are doing in this space. Most are very vocal online about what they have achieved, and what they intend to do from a cloud adoption perspective. Check out some of the big banks within Australia…

 

2. BUSINESS AGILITY THROUGH CLOUD ADOPTION

Ensure your leaders understand that it’s not just about “cost saving” being the driver for cloud adoption, but more importantly it’s all about true “business agility”.

The focus here should be around having the ability as a business to be quick to adapt – both in providing new services, solutions and the required IT environments to bear fruit of new business opportunities, but also to be able to “fail quick”.  Enabling the business to fail, cut their losses quickly and cheaply when a new product, service or concept doesn’t work out can make a huge difference financially. It also encourages businesses to innovate and try more “out there” ideas.

Gone are the days of procuring new IT hardware, or signing a 3 to 4 year lease agreement with your IT vendor for IT services. Stranded IT costs for failed projects should be a thing of the past. If not – your commercials and ultimately your relationship with your IT vendor needs some focus.

 

3. START SMALL… THEN GET BIG

Start your cloud adoption journey in small palatable pieces. Consider running a proof of concept for low hanging fruit so you can build some further interest and momentum from an adoption perspective. Pick low profile systems which are not critical, don’t have customer data, and are easy pickings.

 

4. PARTNER WITH THOSE IN THE KNOW

Consider partnering with cloud adoption specialists who fully understand the technology offerings and common misconceptions and challenges. They should help you visualise how cloud will integrate and change how you operate as an IT function. They should be able to help draw together a starting position, and a plan of attack for cloud adoption.

 

5. RELATIONSHIPS, RELATIONSHIPS, RELATIONSHIPS…

There is a mammoth amount of change in the relationships, roles and the related processes wrapped around IT that needs to occur in order for our new IT world to materialise. The traditional IT roles, and IT outsourcing models, need to adapt to enable a new cloud model. Reconsider the relationships you have, and the approach you need to take on new service providers, whilst building in adaptability from a commercial perspective.

 

6. SECURITY AS AN ENABLER FOR CLOUD ADOPTION

Lastly, and most importantly, build security right in from the start. Security can ultimately be the enabler for cloud adoption, so businesses need to change their perception of IT security, and put in the time and effort to partner and work proactively with security to get the best outcomes.

 

 

What are your experiences or views of enterprise cloud adoption? Feel free to share your thoughts, experiences and opinions here.

I am very passionate about what is happening within the world of  cloud adopton and mobility, so if you wish to discuss this topic direct – please get in touch using the contact page on this site, or tweet me @PhilHall - http:/www.twitter.com/philhall

 

Categories: Discussion Tags:

Hello Apple iOS 6, Apple iPhone 5, and Apple iTV… Another exciting year ahead!

June 23rd, 2012 Comments off

Let’s just say that there’s lots of the usual speculation and rumours when it comes to news from the Apple camp re the impending release of the Apple iPhone 5 and the latest iteration of the integrated Apple iTV. iOS6 is looking very promising, however obviously my agreement with Apple prevents me from saying anything about it!

Apple Venture into Smart TVs…. the Apple TV (not a box under it, but part of it- integrated TV!)

The Apple iTV release will be another innovative change in consumer land, whereby voice or gesture commands will rule supreme overlaying on demand IP based content. Who can argue with paying twice as much for a tv (they’re much cheaper any way these days), when it integrates with your other Apple devices, let’s you “airplay” at the flick of a wrist onto your Apple TV 55″ screen if you find something interesting whilst internet surfing on your hand held device, and enables you to enjoy the delights of on-demand IP based TV. Oh… and with voice & Microsoft Kinect style movement recognition for interacting… the nirvana of consumer home entertainment is about to arrive!

 

NFC Apple Style

The thing in my mind that will be the game changer this year from Apple is the introduction of NFC (Near Field Communication) to Apple devices. It’s nothing new from a technology perspective, but in the hands of Apple they have the potential to make NFC into the innovative game changer – like what they did with iTunes and the music scene.

Let me explain… think of your new shiny iPhone 5 as your complete virtual wallet in the air, paying for goods at the swipe of a reader, integrated as your electronic pass to enter your company building, a hotel room key, bus / train ticket or taxi ride, a secure means of logging onto your laptop or computer, or any kind of electronic payment / ID or fingerprint… and then you’re only just scratching the surface as to how this technology will change how we live and interact on a daily basis.

 

Enterprise Opportunities – MDM & NFC

The next few months from an Apple NFC & Mobile Device Management capability technology perspective are going to continue to be a game changer from a consumer and enterprise perspective, however the key thing I re-iterate to businesses and large enterprises is to be brave, and to invest in branching out in ways to make the most of the new opportunities this technology evolution presents.

For Enterprise IT departments…. if you haven’t already deployed a Mobile Device Management capability – you need to do so, so that you can make the most of the technology and the opportunities presented.

Lastly, the majority of IT departments in Enterprises now understand that security aspects relating to these opportunities become increasingly paramount, and in essence a true business “enabler” to make this all possible and for the future to take shape.

It’s like thinking of why you have brakes on your fast sports car?…… to make them STOP?……..

No.

We actually have brakes on cars so you can drive FASTER.

It’s the same for IT security – a business enabler. Especially applies to mobility, and the security challenges we need to understand & address.

 

Feel free to add your views, thoughts or opinions on any of the topics above.

Categories: Discussion Tags:

Apple & The Enterprise – Security Considerations for iPhone 4S, iOS5 & iCloud

September 28th, 2011 Comments off

Over the next couple of months, it’s all going to go nuts yet again with Apple frenzy, hype and excitement over the new iPhone 4S  and the release of iOS version 5….  but after all the dust has settled – what will the real impact be from an enterprise & security perspective?

OK… so maybe that’s why I love my job when it comes to situations like these, as I get to play with the new toys and enlighten people about all the cool changes, the business opportunities, and what we can do from a technical perspective to minimise any associated risks. Before we get to the heart of it – if you didn’t already know based on my previous posts – it’s probably worth being up front and mentioning that I am indeed an Apple fan, however never-the-less that doesn’t mean I’m blinkered or oblivious to some of the security problems we will come across from an enterprise perspective when these new devices and changes hit us.

So…. let’s get started…

 

Huge Uptake of new devices & iOS5 for existing users

Firstly, I think yet again there will be an increased uptake in the new Apple iPhone device, and even more people moving away from Blackberrys (poor RIM) to the new iPhone 4S. Apple Insider recently released some interesting study results indicating 45% of Blackberry users and 24% of Android device owners said they would purchase the upcoming new Apple handset.

Whilst I don’t think there’s going to be a huge quantum shift in terms of the phone or the technology (yes the new CPU will be great, but something I’m already used to on my iPad 2 running the Apple iOS5 beta), the combination of a new device plus all the cool features of iOS5 will draw more people to buy it.

Most people I know are already finding excuses for why they will upgrade their iPhone 4… and it will be the same no doubt in the enterprise.  The C level execs will push to get a brand new phone as soon as they’re available – as we’ve seen a change in the way in which shiny new gadgets find their way from the top down into the enterprise… as the big boys often compete with their peers in the boardroom.

Then we also need to consider how many existing iPhone 4 and iPad 2 devices are already out there in the enterprise – just waiting for all those funky new iOS5 features.

 

So what?

Well, before the majority of your company have these new devices in their hands or already have existing iPhone 4 or iPad 1 or 2′s, there’s a few things to consider from an enterprise security perspective:

 

iOS 5 – iCloud and Security in the Enterprise.

iOS 5 introduces many new features, but the most newsworthy is iCloud. I’m not going to cover what it is in detail, or how it works, however I want us to focus on what issues we will see in the enterprise relating to it. It’s not that iCloud is insecure – and I’m sure no doubt there will be hackers out there trying their hardest to break into it. It’s more about the staff member who has this new technology, and what they choose to do with it which is more worrying.

Up until now, enterprises have struggled to control / contain the risks relating to file sharing / syching capabilities already available through services such as Google Docs, SugarSync, Dropbox, Box.net etc. What Apple are about to do though is make this type of cloud based file storage & synchronisation functionality available natively in the iOS, Apple applications, and 3rd party apps using iCloud… the problem is about to become much bigger, and no doubt just like when the cloud hype hit our shores, governing parties such as APRA will start to take notice, and will start to ask interesting questions, and pushing more expectations onto companies that they govern.

So worst case is that documents created on a device used in the enterprise will be sucked into the cloud, and then replicated automatically onto a number of other devices outside of the enterprise. Many large companies have managed to keep some sort of control by restricting the use of Dropbox etc through web proxies, however the main thing from a security perspective is not necessarily a concern of the strength of security controls, but more so about what the user will do with it.

Most staff who don’t care about security (after all that’s someone else’s job to worry about company risk) so will happily and naively store sensitive documents all over the place… it’s just that the Apple iCloud will make this so much easier to do, and a much much BIGGER problem.

 

Your Apple ID & Password – Keys to the Apple iCloud Kingdom… your docs, your photos, your music…

One important concept to understand is that with iCloud your Apple ID and password will become much more important …. it will be your ID and keys to your photostreams, synchronised documents, music etc etc –  access to everything will be just an Apple ID and password click away!! Now no one shares their Apple ID’s… do they!!!?!?!? ;-0

 

Bandwidth & Data Usage Impacts

There are other impacts such as data / bandwidth utilisation – as music streaming, iCloud synching and OTA udpates will surely have an impact. But just how much we will soon find out.

 

Solving Your Enterprise Security iCloud Concerns

So what to do about it?… Mobile Device Management platforms will obviously help (if you have one!), Microsoft Exchange ActiveSync policies will potentially improve things too, however that depends if you’re willing to lock down on the use of iCloud. Stop users from using the cloud?! Sounds like a hard thing to do.

Hopefully Apple will offer some more granular control for this technology – but maybe by the time most enterprises start to worry about this the horse has already bolted.

 

User Awareness & Risk Acceptance

The other things you can do is to ensure that end users are made aware of the risks, and that they take accountability and responsibility. Force anyone using your enterprise service to sign an “Acceptable Use” agreement, whereby there are informed of the risks, data considerations, and what responsibilities they take on when using an Apple iOS5 device within the enterprise.

Lastly – make sure your company has done the right thing from a risk management perspective – especially if you are governed from a compliance point of view. Ensure that a full risk review and assessment has been completed, whereby senior execs and CIO level are formally made aware of this risks & concerns, and sign off any risks at an appropriate level with full evidence and traceability back to those that made the decision.

Follow “PhilHall” on twitter, and be sure that you’ll be kept up-to-date from a security perspective.

Categories: Discussion Tags:

Recent Sony hack – a call for Oz Disclosure Changes?

April 27th, 2011 Comments off

Another hack – another potential compromise of customer data….  and this time the target was Sony.  This event is starting to spark calls for the government to legislate mandatory disclosure – but will it ever happen!?

The Sony Hack incident is said to have occurred between the 17th and 19th of April 2011, whereby hackers gained access to Sony’s PlayStation network, potentially gaining access to the account information of a reported 77 million users.  It is understood that this includes names, addresses and…. drum roll please….  customer credit card information. Uhh ooo!

Sony posted details on a Sony blog on the 22nd of April, indicating that there had been an ‘external breach’. They have also reported to have released a further statement today.

What’s more interesting about this story is that it’s sparked some discussions relating to mandatory disclosure. In recent comments on the Sony hack by Rob Forsyth (A/NZ managing director of Sophos), Forsyth is reported to have suggested that the government must legislate for mandatory disclosure, noting that it has been proposed in a large number of privacy recommendations.

If personally identifiable information is lost, companies must notify both the general public and the individuals whose information has been stolen…

 

Forsyth told ABC radio programme The World Today that the theft of address and birth date details, and possibly credit card numbers (although Sony currently maintains that there is no evidence that these were compromised in the breach) – highlights Australia’s lack of a disclosure regime.

“Sony was not quick to notify people that there had been a breach of security,” RMIT lecturer Dr Mark Gregory told the same programme, even though the speed with which the network was shut down demonstrated that Sony was aware of the problem before it went public. Gregory backed Forsyth’s call for a disclosure regime.

Government needs to legislate a proper regime for this – said Gregory.

 

 

Your Views Needed!

There’s been talk of the need for changes to disclosure laws for a few years now, but does anyone think this will ever happen in Australia? The majority of security vendors often talk of this happening, but maybe we need to see a few more major data breaches / incidents before people start to take this more seriously and finally do something about it!

What’s your view on mandatory disclosure laws in Australia?

Keen to hear your views – so feel free to comment / reply on this post.

 

Categories: Discussion Tags:

Rumblings around the RSA SecureID APT Hack?

March 22nd, 2011 Comments off

The recent news about the RSA Advanced Persistent Threat (APT) hack  and its potential impact on SecureID users has been a hot topic in the IT security world over the past few days, with many security experts speculating about what the real impact and exposure may in fact be for current RSA SecureID customers and users.  I’m not going to provide background info here as to how RSA tokens work, as this has been suitably covered by many others -  click here to read more if interested.

The alorythm RSA uses for SecureID tokens isn’t a secret, but the key concern (pun intended) is that RSA have neither confirmed or denied whether seed records were involved in the breach.   

Since the first initial Open Letter to RSA Customers there have been further details released in the RSA  SecureCare Online Note guides published on March 17.  Of the various statements, the main one causing most interest to many relates to advice about the token serial number (the number printed on the back of each token).

 

Never give the token serial number, PIN, tokencode, token passcode or passwords to anyone.

 

What’s raising eyebrows and driving further interest in this story is that people are now speculating that maybe the bad guys who hacked and obtained data from RSA could potentially generate a token-code using the serial number of the SecureID.  Many of us do not believe this is possible, however let’s see if any further news articles or press releases come out over the next few days.  Companies using RSA SecureIDs will no doubt be given further specific information after signing NDAs.

What we do know for sure is that there will be further speculation and rumours as to the exact potential impact of this recent incident.  The main thing RSA will need to do is to re-assure their customers, as many are concerned as to how this situation came to be in the first place… surely RSA have tight security for their own systems?  Hopefully RSA can turn things around.

For now we can only sit and wait for further details before providing advice to customers and SecureID users as to the true potential impact. Worst outcome may be that RSA will need to replace the various tokens out there.

Categories: Discussion Tags:

Apple jailbreak arms race as iPad 2 jailbreak ion1c exploit details released

March 17th, 2011 Comments off

It seems to be a continuing arms race between Apple and the iOS jailbreak community, whereby new exploits and techniques are being publicised literally days after Apple release newer versions of their iOS.

For now it looks as though Apple are losing the battle, as again it’s only been a week since Apple released iOS4.3, and already there’s confirmation fro i0n1c (Stefan Esser) that an untethered jailbreak method is possible.

httpv://www.youtube.com/watch?v=v9DL5nj_SC8

 

For those who aren’t familiar with tethered / untethered jailbreaks, traditional jailbreaking methods have changed, whereby newer methods rely on booting a jailbroken device whilst being connected via USB to the jailbreak install / program on a PC / Mac.

Subsequent full reboots of a device must be done whilst being connected to the PC / MAC running the jailbreak app. Fine for those who don’t reboot, however a pain for those that run out of juice or need to reboot on a regular basis! An untethered jailbreak is basically where the device is jailbroken, and can then boot independantly without needing to be connected to the machine running the Jailbreak App.

So as Apple patch more of the holes and exploits – will things change in this arms race, or will it continue whereby new jailbreaks are found, and literally released just days after Apple update?

Obviously the size of the iOS updates are becoming increasingly larger – so the update required by end users becomes more noticable. Will Apple start to provide more regular iOS updates in shorter time frames to minimise the impact?

Personally – I don’t think so. I’m guessing things will remain the same until Apple make some additional hardware changes to combat some of the exploits out there and make things harder for the likes of Comex, i0n1c and the Chronic Dev Team.

Feel free to share your views, thoughts on the arms race topic.

Categories: Discussion Tags:

2011 Security Predictions – The Year of the MDM?

March 1st, 2011 Comments off

Looking through the various IT Security predictions for 2011, as well as some of the themes relating to technology trends, it’s pretty obvious that there already is and will be a growing demand for allowing the use of new mobile devices in the enterprise. 

The iPad 2 and iPhone 5 - will need an MDM!

There’s also some big challenges ahead when it comes to the convergence of personal and corporate mobile device usage  – whereby there’s a huge desire to allow employees to Bring Your Own (BYO) devices into the enterprise. Some companies are even taking this idea as far as looking to allow employees to bring not only their mobile smart phone devices, but also their own laptops into the work place and doing away with the traditional standard supported environment build on a company laptop or desktop workstation.

So from a security perspective – is this possible, and can it be achieved without degrading the level of security / risk exposure for an enterprise?

Well… if you’d asked me this question a year ago, there were only a few select and expensive ways of doing this…. however I’d say the answer is now a definite “YES” from a smartphone / mobile device perspective  – due to the number of technology companies now providing Mobile Device Management (MDM) Platform capabilities.

If you look through the various offerings out there, you’ll quickly discover that there are now way too many MDM platforms to consider. Some of these solutions have been proven and in this space for a while, whereas others are new and definately unproven.

I know several companies who have successfully gone down various paths – including Good Technologies, one of the large Australian banks has just signed up with McAfee, and other banks / financial institutions are currently considering and reviewing Mobile Iron, as well as AirWatch.

The Mobile Device Management (MDM) market will move quickly, especially as Apple will shortly be moving on from the Apple iPhone 4 and releasing more and more devices and updates such as the next Apple iPhone 5, the Apple iPad 2, as well as a new iOS 5 operating system.  Lots of phone reviews in the making!! Other predictions is that the telcos will move into the MDM game, and will provide this as an additional offering on top of your corporate data service. Will definately be an interesting and fast paced time in this space – and I intend to provide more updates on this site, so come back soon.

2011 The Year of …..?

So…. my big prediction for 2011, is that this is actually the year of the MDM platform – which in turn as it matures will enable businesses to offer more flexibility when it comes to mobile devices.

Beyond this will be a wave of interest in technologies that allow employees to BYO their own devices.  It’s also another good opportunity to solve some of the traditional security issues by incorporating virtual desktop solutions, whereby mobile devices only has access to corporate data processing and stored on a secure virtual desktop instance – thus minimising some of the security challenges.

Your Opinions, Views, Thoughts, Questions….?

Are you looking at any enterprise MDM platforms – if so, feel free to get in touch, share your experiences, or pick my brains for any offerings you are currently considering.

Categories: Discussion Tags:
  • About Phil
  • Contact Phil
  • AWS
  • Discussion
  • News
  • Privacy
  • Tips
  • Uncategorized
  • 2014
  • 2013
  • 2012
  • 2011
  • 2010
  • 2009
  • 2008