Go offline with the Player FM app!
6-26-14 Podcast References
Archived series ("Inactive feed" status)
When? This feed was archived on January 18, 2021 03:07 (). Last successful fetch was on March 16, 2018 15:40 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 151826103 series 1038942
“Every day that we spent not improving our products was a wasted day.”
—Joel Spolsky
Montana Notifying 1.3 Million After State Health Agency Server Hacked
http://www.securityweek.com/montana-notifying-13-million-after-state-health-agency-server-hacked
http://www.csoonline.com/article/2367661/montana-data-breach-exposed-13-million-records.html
C-IT Recommendation
- Verify your company has an effective and enforced access control standard and policy which defines roles and baselines for system administrators. Ensure the standard and policy expresses that access should be removed when an employee transfers within the organization or leaves the organization.
- Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
- Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
- ex: Database Administrator should not have the rights of the Operating System Administrator
- Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have unnecessary access should have privileged access be immediately removed.
- Utilize job rotation, and mandatory vacations for all privileged roles. Job rotation allows administrators to
- understand that someone else is stepping in to perform the job responsibilities and may be able to detect malicious behavior and consequently deter the administrator’s malicious behavior
- Utilize dual control (separation of duties) for highly sensitive activities.
- Ex: The individual who makes changes in production source code hand off their changes to someone else for installation control.
- This deters malicious behavior as each individual knows an honest employee may detect the behavior
- Validate your organization has an efficient Security Operations Center (SOC) of which trained analysts are trained to alert on potential malicious events or malicious sources.
- Ensure your organization has a security incident investigation process that includes discovering breach, and disclosing the breach. Validate your process aligns with the requirements of your regions regulations.
- Consult your Risk Management team to see if your company has any cybersecurity insurance.
- If you have coverage, ensure the organization has performed an information security risk assessment to see if the current coverage is adequate for your company’s risk appetite. If you do not have coverage, consider performing an information security risk assessment to transfer potential financial loss in case there is a need to pay for forensic investigations, credit monitoring, reputation management, business interruption, and compliance with state breach notification laws in the case of a data breach.
Article Resources
Role Based Access Control (has links to other resources including the “Economic Benefits of Role Based Access Control”)
http://csrc.nist.gov/groups/SNS/rbac/
Separation of duty definition
http://www.pcmag.com/encyclopedia/term/51110/separation-of-duties
NIST Computer Security Incident Handling Guide
http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
‘Luuuk’ Cybercrime Operation Steals €500,000 From Bank
http://www.securityweek.com/luuuk-cybercrime-operation-steals-%E2%82%AC500000-bank
http://www.darkreading.com/luuuk-stole-half-million-euros-in-one-week/d/d-id/1278845?
C-IT Recommendation
- Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
- Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
- Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
- Test business functionality of each type of device and record any issues impacting any business functions on the devices.
- If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
- Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
- Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.
Article Resources
Man in the browser attack definition
http://searchsecurity.techtarget.com/definition/man-in-the-browser
Securelist technical description of Luuuk attack
http://www.securelist.com/en/blog/8230/Use_the_force_Luuuk
‘Havex’ malware strikes industrial sector via watering hole attacks
http://www.securityweek.com/attackers-using-havex-rat-against-industrial-control-systems
C-IT Recommendation
From the end-user perspective
- Ensure your organization has a strong asset inventory with an accurate configuration management database.
- Identify all devices which have the vulnerable versions of Adobe Flash Player
- Deploy the Adobe security update to test machines in your environment
- Test business functionality of each type of device and record any issues impacting any business functions on the devices.
- If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted
- Finally, as always it is good practice to run a vulnerability scan against the devices to ensure the vulnerability has been addressed.
From the Website Perspective
- Ensure your company is using a strong Web Code review process before publishing sites
- Use a software code security analysis tool to check your website for potential vulnerabilities
- Require your security team to perform penetration testing after any code changes to your externally facing websites.
- If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved
50 episodes
Archived series ("Inactive feed" status)
When? This feed was archived on January 18, 2021 03:07 (). Last successful fetch was on March 16, 2018 15:40 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 151826103 series 1038942
“Every day that we spent not improving our products was a wasted day.”
—Joel Spolsky
Montana Notifying 1.3 Million After State Health Agency Server Hacked
http://www.securityweek.com/montana-notifying-13-million-after-state-health-agency-server-hacked
http://www.csoonline.com/article/2367661/montana-data-breach-exposed-13-million-records.html
C-IT Recommendation
- Verify your company has an effective and enforced access control standard and policy which defines roles and baselines for system administrators. Ensure the standard and policy expresses that access should be removed when an employee transfers within the organization or leaves the organization.
- Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
- Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
- ex: Database Administrator should not have the rights of the Operating System Administrator
- Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have unnecessary access should have privileged access be immediately removed.
- Utilize job rotation, and mandatory vacations for all privileged roles. Job rotation allows administrators to
- understand that someone else is stepping in to perform the job responsibilities and may be able to detect malicious behavior and consequently deter the administrator’s malicious behavior
- Utilize dual control (separation of duties) for highly sensitive activities.
- Ex: The individual who makes changes in production source code hand off their changes to someone else for installation control.
- This deters malicious behavior as each individual knows an honest employee may detect the behavior
- Validate your organization has an efficient Security Operations Center (SOC) of which trained analysts are trained to alert on potential malicious events or malicious sources.
- Ensure your organization has a security incident investigation process that includes discovering breach, and disclosing the breach. Validate your process aligns with the requirements of your regions regulations.
- Consult your Risk Management team to see if your company has any cybersecurity insurance.
- If you have coverage, ensure the organization has performed an information security risk assessment to see if the current coverage is adequate for your company’s risk appetite. If you do not have coverage, consider performing an information security risk assessment to transfer potential financial loss in case there is a need to pay for forensic investigations, credit monitoring, reputation management, business interruption, and compliance with state breach notification laws in the case of a data breach.
Article Resources
Role Based Access Control (has links to other resources including the “Economic Benefits of Role Based Access Control”)
http://csrc.nist.gov/groups/SNS/rbac/
Separation of duty definition
http://www.pcmag.com/encyclopedia/term/51110/separation-of-duties
NIST Computer Security Incident Handling Guide
http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
‘Luuuk’ Cybercrime Operation Steals €500,000 From Bank
http://www.securityweek.com/luuuk-cybercrime-operation-steals-%E2%82%AC500000-bank
http://www.darkreading.com/luuuk-stole-half-million-euros-in-one-week/d/d-id/1278845?
C-IT Recommendation
- Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs with a crimeware kit
- Ensure your organization has a solid anti-malware solution at the end point and that all endpoints are covered.
- Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
- Test business functionality of each type of device and record any issues impacting any business functions on the devices.
- If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
- Consult with your Vulnerability and Threat Management Team (VTM) to verify all production systems are patched with the latest updates.
- Implement an advanced malware solution such as Invincea Freespace, FireEye Web Security (NX Series), Source Fire FireAmp to keep remote connections from initiating from your internal network.
Article Resources
Man in the browser attack definition
http://searchsecurity.techtarget.com/definition/man-in-the-browser
Securelist technical description of Luuuk attack
http://www.securelist.com/en/blog/8230/Use_the_force_Luuuk
‘Havex’ malware strikes industrial sector via watering hole attacks
http://www.securityweek.com/attackers-using-havex-rat-against-industrial-control-systems
C-IT Recommendation
From the end-user perspective
- Ensure your organization has a strong asset inventory with an accurate configuration management database.
- Identify all devices which have the vulnerable versions of Adobe Flash Player
- Deploy the Adobe security update to test machines in your environment
- Test business functionality of each type of device and record any issues impacting any business functions on the devices.
- If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted
- Finally, as always it is good practice to run a vulnerability scan against the devices to ensure the vulnerability has been addressed.
From the Website Perspective
- Ensure your company is using a strong Web Code review process before publishing sites
- Use a software code security analysis tool to check your website for potential vulnerabilities
- Require your security team to perform penetration testing after any code changes to your externally facing websites.
- If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved
50 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.