Tag Archives: cyber security

Computer Security 101

Computer Security in the IT world — a daily intellectual battle dangerously played between the good and the bad guys like a complicated chess game on a global level. Every day consists of countless battles, skirmishes, espionage excursions, reconnaissance, securing data, subterfuge, encryption, deceptions, surveillances, clandestine communications, and rambo raids in a ghostly intellectual dual between the defender and attacker.

The clever guy on either sides wins.

Our world relies on unified interconnected data, services, and computing resources for all aspects of our daily lives. Almost all sectors of our economy have come to critically depend on their availability, and ubiquity and correctness—failure in any part of the system could have devastating consequences on the rest of the system.

What are the attackers targeting?

Each day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal commercial secrets and money, access government and defence related information, disrupt government and industry service, and exploit information security weaknesses through the targeting of partners, subsidiaries, and supply chains at home and abroad.

What is Cyberspace?

“Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services.”

— UK Cyber Security Strategy

Many players pose a risk to information

Cyber criminals interested in making money through fraud or from the sale of valuable information; Industrial competitors and foreign intelligence services, interested in gaining an economic advantage for their own companies or countries; Hackers who find interfering with computer systems an enjoyable challenge; Hacktivists who wish to attack companies for political or ideological motives; Employees, or those who have legitimate access, either by accident or deliberate misuse.

The threat is not only technical

Many attempts to compromise information involve what is known as social engineering, or the skillful manipulation of people and human nature. It is often easier to trick someone into clicking on a malicious link in an email that they think is from a friend or colleague than it is to hack into a system, particularly if the recipient of the email is busy or distracted. And there are many well documented cases of hackers persuading IT support staff to open up areas of a network or reset passwords, simply by masquerading as someone else over the phone.

Anatomy of a computer intrusion

Reconnaissance: Attackers research and identify individuals whom they will target through open source means.

Intrusion into the network: The attackers send spear-phishing emails to targeted users within the company with spoofer emails that include malicious links or attached malicious documents.

Obtain user credentials: Attackers get most of their access using valid user credentials. The most common type: domain-administrator credentials.

Establish a back door: With domain administrative credentials, attackers will move literally within the victim’s network, installing back doors for future and continued exploitation.

Install multiple utilities: Utility programs are installed on the victim’s network to conduct system administration, steal passwords, get emails, and list running processes.

Data exfiltration: The attackers obtain emails, attachments, and files from the victim’s servers and then encrypt and exfiltrate the data via the attackers’ command and control infrastructure.

Maintaining persistence: If the attackers suspect they are being directed or remediated, they will use other methods to ensure they don’t lose their presence in the victim’s network, including updating their malware.

Best practices against a cyberattack

While there is no silver bullet to prevent all attacks, the risks can be mitigated, and you can rest more comfortably, if you employ a multi faceted security program. A program that often times is simply based upon best practices:

If you’re an employee:

Use a complex alphanumerical password with a combination of numbers, letters (uppercase and lowercase) and symbols.

Change your passwords regularly

Do NOT open emails and attachments from unfamiliar sources, even if they looked official.

Do NOT install or connect any personal software or hardware to your organization’s network or hardware without permission from your IT department.

Report all suspicious or unusual problems with your computer to your IT department.

If you’re in the Management & IT department:

Implement defence-in-depth: a layered defence strategy that includes technical, organizational, and operational controls.

Implement technical defences: firewalls, intrusion detection systems, and internet content filtering.

Update your anti-virus software daily.

Regularly download vendor security patches for all your software.

Change the manufacturer’s default passwords on all of your software

Monitor, log, and analyze successful and attempted intrusions to your systems and networks.

Protecting against an attack or reacting to an attack is not a black art; most of the methods needed to protect critical information are already known and we just need to employ those methods more effectively. Preparation in advance of the 2:00 am phone call is everything.

Your data is your most precious commodity; prepare to protect it, and prepare to deal with the impact of a loss.

Further Reading

Canada’s Cyber Security Strategy

 — Public Safety Canada

Protect Myself from Cyber Attacks

 — Department of Homeland Security USA

Written by

Hi! My name is Woody, Senior Technical Lead & Product Manager at a leading software security company based in Montreal, Canada.

Palo Alto Networks Buys Cyber Security Startup Founded By Former NSA Engineers, Morta

Next Story
In its first acquisition, security company Palo Alto Networks is acquiring stealthy cyber security startup Morta Security. Financial details were not disclosed about the transaction, but Morta raised over $1 million from Andreessen Horowitz, Data Collective, Greylock Partners, Norwest Venture Partners, Data Collective, Larry Link, and Peter Wagner.

While the startup remained in stealth over the past year and didn’t reveal any details on its product, Morta was developing a new technology to counter advanced cyber threats. The startup is based on the premise that traditional layered network defense is broken and their offering will actually be able to fend off advanced attackers from complex hacks and more.

The Morta team brings an interesting set of skills and deep expertise to Palo Alto Networks, gained through experience at the NSA, the U.S. Air Force, and others. Palo Alto Networks says the acquisition will help its WildFire threat protection offerings, including the development of new toolsets that will accelerate the detection of sophisticated cyber threats and enable advanced protection capabilities for Palo Alto Networks enterprise security platform customers.

For background, Palo Alto Networks’s proprietary hardware and software detects data threats as they come into an enterprise environment. It’s made for the new types of attacks that come through the web in the form of malware. The company’s offering is designed for all the ways people access the web, either through their laptops or their mobile devices. What makes Palo Alto Networks distinct is that it goes beyond what traditional firewalls are capable of doing. Most networking technology is meant for threats that come from basic email or web browsing. But today’s threats come in the form of botnet attacks and other modern techniques, such as phishing attacks.

In a call with TechCrunch today, Palo Alto’s founder and CTO Nir Zuk says that there is a new generation of sophisticated threats for enterprise networks including sandboxing and others. Malware was part of the first and second generation of attacks, he adds. But with the third generation, there are little protections from these more sophisticated attacks. Shah says his technology addresses detection of this third generation of attacks.

Morta will help the company detect and prevent some of the world’s more advanced cyber attacks, and has said in the past that it has an “unconventional approach to security” because the core team has expertise from playing “critical roles in cyber defense at places such as the National Security Agency and U.S. Military.” These tools, technologies and experiences from Morta’s talent will be brought to Palo Alto Networks, says Shah.

This acquisition is certainly interesting considering the recent acquisition of Mandiant by security company FireEye for $1 billion. Zuk compared Mandiant to “the Ghostbusters of cyber security,” meaning that the company cleans up the mess after it happens. Morta and Palo Alto, he says, is actually tackling the problem at a different place — the detection level.

While the Morta deal is significantly smaller, and the functions of the startups vary, perhaps we’ll be seeing more consolidation in the network and cyber security world in 2014