With October designated as Cyber Security Awareness Month, it got me thinking about the connections between awareness and trust. Cisco has made significant investments in what we call “Trustworthy Systems.” These products and services integrate security features, functions, and design practices from the very beginning. We do this because we know that people will be depending on Cisco products for communications critical to their personal and professional missions. Read More »
In the last week alone, two investigations I have been involved with have come to a standstill due to the lack of attribution logging data. One investigation was halted due to the lack of user activity logging within an application, the other from a lack of network-based activity logs. Convincing the asset owners of the need for logging after-the-fact was easy. But ideally, this type of data would be collected before it’s needed for an investigation. Understanding what data is critical to log, engaging with the asset owners to ensure logs contain meaningful information, and preparing log data for consumption by a security monitoring organization are ultimately responsibilities of the security monitoring organization itself. Perhaps in a utopian world, asset owners will engage an InfoSec team proactively and say, “I have a new host/app. To where should I send my log data which contains attributable information for user behavior which will be useful to you for security monitoring?” In lieu of that idealism, what follows is a primer on logs as they relate to attribution in the context of security event monitoring. Read More »
Ten years ago, I remember driving around my neighborhood with a laptop, wireless card, and an antenna looking at the Service Set Identifiers (SSID) of all the open wireless networks. Back then, a home user’s packets often flew through the air unencrypted with nary a thought to who might be listening.
As a protocol, Wireless Fidelity (WiFi), has continually improved (IEEE 802.11) and today it is the preferred communication channel for a multitude of home devices including video game consoles, cameras, streaming video devices, mobile phones, tablets, and list goes on. As October is National Cyber Security Awareness Month, we outline typical WiFi risks and share sensible precautions.
In my last three homes, the Internet Service Provider (ISP) installation technician arrived with a cable modem that included four Ethernet ports and native WiFi default enabled. In each case, the technician explained that I could manage the cable modem through the settings webpage. When I inquired about management authentication credentials all of the technicians told me that passwords were not enabled by default, which naturally caused some consternation due to the obvious security implications.
It turns out that most ISPs will provide a modem without WiFi capabilities upon request. You can also request that a WiFi enabled modem be converted to bridge mode which will allow you to attach and manage your own WiFi access point (AP) without worrying about conflicts. Read More »
During World War I, British artist and navy officer Norman Wilkinson proposed the use of “Dazzle Camouflage” on ships. The concept behind Dazzle Camouflage, as Wilkinson explained, was to “paint a ship with large patches of strong colour in a carefully thought out pattern and colour scheme …, which will so distort the form of the vessel that the chances of successful aim by attacking submarines will be greatly decreased.” The Dazzle Camouflage was not intended to hide the presence of the ships themselves, but instead was created to hide the ships size, shape, direction, and speed from would-be attackers.
- Razzle Dazzle Camouflage applied to a ship
For all of you savvy technologists and those well versed in the security realm many of these tips may be old hat but, based on many of my discussions with both personal and professional peers, I know that most, if not all, of these Best Common Practices (BCPs) are not exactly “common.”
- Use non-trivial passwords – While most sites and applications now dictate requirements (lower/upper alphabetical, numerical, symbols, minimum length) for passwords, there are still those that rely on the user to utilize complex passwords. Password selection brings with it a challenging dichotomy – on one hand we are being told (and sometimes forced!) to use complex not-so-easy-to-guess passwords and on the other hand we are expected to be able to remember all of these passwords without writing them down and sticking them on our laptop! Check out Numeric Password Follies and Keep passwords safe and secure with password management for some information from previous Cisco Security Blog posts that may help you choose and manage your passwords more effectively.
- And now that we have finally chosen an acceptable complex password, and we have been able to commit it to memory!, we now have to make sure we Change Our Passwords Regularly! You will find that many of your “more secure” sites implement a specific time frame, e.g., 30 or 60 days, after which time you _must_ change your password. For all those sites, applications, and situations in which this is not the case, it is HIGHLY recommended that you take the proactive approach and manually change your password regularly. It shouldn’t be that hard – just create a repeating reminder in your daily calendar to help you remember to change your passwords!
- And while on the subject of passwords, here’s another recommended best practice! Don’t use the same password everywhere!!! Again, our minds can only contain so many passwords (in addition to everything we need to remember on a daily basis) and things like passwords probably fall to the bottom of our priorities, so use a password manager tool. Because we often take the easy way out and, once we’ve developed that very complex, non-trivial password that we discussed in our first tip, we hang on to it for dear life and use it EVERYWHERE! Bad move! There are few days that go by in the security world where we don’t come across a hack or data breach that was helped along the way by the fact that so many people use the same passwords for both personal and professional sites and applications. Several examples of these breaches can be found in these previous Cisco Security Blog posts: July, a Busy Month for Breaches, Compromised Accounts, Stepping Stones, and 6.5 million password hashes suggest a possible breach at LinkedIn.
- If it looks like phish and “smells” like phish it probably is phish – Do NOT open emails that appear “phishy” – go directly to the known website of the supposed sender of the email. You should also be careful clicking links in emails from known contacts that do not have human-looking text from your friend. For example, be leery of emails which contain nothing but one URL/link or emails that start out with text such as “open this, it is funny.” Agree with your friend to send something he knows that will identify him when he sends a single link. For example ask him her to put in “I was born in XXX, July 1934″ or what team he supports.
- Keep your operating system (OS) and application software up to date. Many OS vendors, e.g., Microsoft, provide automated means of updating software on a regular basis, so take advantage of this offering if your vendor provides it. It is certainly understandable that probably a great many of you have important devices and simply cannot take the chance with automated updates, but for those with less mission-critical concerns it is a worthwhile practice to use automatic software updates. The Cisco Security Intelligence Operations portal includes a section devoted to security alerts affecting both Cisco and non-Cisco products.
- Have your “social engineering” guard up at all times. For many of us, the combination of our personalities and lack of time causes us to become more trustworthy and accepting all invitations – whether by email, phone call, or text – on their surface. What we need to do when working online is put on our “tinfoil hat” and simply not trust anyone! So, when you get that next email soliciting you to “click on the link” to resolve a banking dispute think twice, do NOT click on that link, and then log in directly to the website of your bank (or call them) and resolve that “issue” the proper way. Clicking on links sent to you via email or text could cause you to inadvertently and unknowingly provide login credentials and Personally Identifiable Information (PII) to the bad guys. Check out Levi Gundert’s recent post on how the loss (or theft) of PII can impact you.
- While Anti Virus (AV) Software is certainly not a silver bullet and probably won’t stop some of today’s more complex threats, it is still a useful tool to have in our security toolbox both for our corporate and personal devices. Although most corporate IT departments push out updates regularly to our professional devices, we need to also ensure that the AV Software running on our home and personal devices is kept current and is regularly updated.
- Understand the security measures that are available (and not available!) for social networking sites and applications. Many of you and your peers use some form of social networking – e.g., Twitter, Facebook, LinkedIn, etc. – and it is imperative that you are aware of what information gets shared and what mechanisms are available to you to restrict access to the data you want shared to only those people with whom you wish to share! You would probably be surprised to find out that the data that gets shared, both freely and inadvertently, is often leveraged for malfeasance such as phishing emails!
- Who you gonna call? Know who and how to report any suspect network security incidents, i.e., phishing, spam, malware, DoS, etc. This recommendation may border on the nebulous but it is really important, whether you are on your personal device at home or on a corporate device, that you know that there are resources available should you come across activity, e.g., phishing emails, evidence of DDoS attack activities, etc., that you can contact to get assistance. This could be your ISP, your corporate IT department, Help Desk, Information Security (InfoSec) department, or even a friend or coworker.
- Be vigilant and stay abreast of cyber security news! Regardless of your role and your technical acumen, find at least one source of security intelligence to monitor via RSS, email, Twitter, or by just directly visiting websites. Please visit the Cisco SIO portal, which includes a variety of information such as security alerts, blog posts, technical white papers, best common practices, and upcoming security conferences. Some additional recommended sources of this information include CERT, NANOG, Full Disclosure, Bugtraq, SANS Internet Storm Center (ISC), and Krebs on Security…..to name a few.
My call to action to all of you is to go out there and work together to make our cyber world just a little bit safer – one byte, one email, one phish, and one website at a time!