Category: security

Public Image

I get asked on the regular why I’m not on Facebook, Twitter, Instagram, or any other social media platform.  I usually just respond with some short response that terminates that rabbit hole of an explanation right then and there.  What am I saving these people that ask from?  This, this shit right here;

Reason number 1 why I don’t do social media; Public image.  Yeah, it sounds silly, but I tend to do dumb things.  I really don’t need these things showing up at inopportune times.  I especially don’t want to have to explain to my son why there is a traffic cone on my head in that picture, and that’s on the tame side of things.  I am 2 very different people on the internet, there is my troll gamer self that will set his Steam display name to something like Rectal Bleeding for the lulz, and there is my professional self, answering questions on IT forums and posting reviews etc.  It is incredibly rare that these two operate under the same name, or in the same place.  Here is an exception, since I will probably never reveal my name here.

Reason number 2 why I don’t do social media; I want more fulfilling relationships with people.  I don’t want to know about the amazing meal friend 1 had last week.  When I see them next I want them to tell me about it.  I want to be able to go to a social gathering and I hear from them what they have been up to since I saw them last.  People tend to interject at this point that they keep in touch with family that aren’t local to them through the platform, the counter-point is to ask if their phone can still make phone calls.

Reason number 3 why I don’t do social media; No more stress.  It’s downright silly how much effort people put in to keeping up with everything that is going on in the world.  I don’t think I put enough emphasis on this; It’s downright silly how much effort people put in to keeping up with everything going on in the world. That’ll have to do.  I’ve had to point out to people that the internet will still be there tomorrow, or in a couple hours.  You don’t get anything other than a hollow accomplishment for being up-to-date on your feed.  In my opinion it’s better to concentrate your attention on things that will be more rewarding in the long run.

Reason number 4 why I don’t do social media; Tin foil hats!  Yeah, I’m one of those people that believes that most social media platforms have roots in surveillance.  Could be government, could be corporations, could be that weird guy down the street that doesn’t go out during the day.  Either way, I don’t want to broadcast my life to them in an easy to consume manner.

Number 5; If I am the product, I am going to chose which store I am in.  “If a service is free, you are the product”  Over the majority of the past decade profitability through ad-revenue has gone from supplemental income to a legitimate business model.  As a firm believer in voting with my wallet or controlling where money goes, I tend to not support companies that I just plain don’t like.  This is why I tend to not go to WalMart.  Most social media platforms are free to the user because they get their revenue from advertisements, or someone that wants the data (see reason #4).  So, since I am going to be the product, I am going to chose where I am featured.

Personally I think that social media is responsible for a substantial amount of mental health issues in the world.  The culture is that people must read all their notifications to make sure they are up to date with all their friends and make sure they know everything that’s going on with their Aunt Tina in Kentucky even though all she posts is pictures of her McDonald’s Lunch daily.

Of course, I should address the elephant in the room here; I’m posting on a blog, which is in essence a form of social media.  Yep.  There’s a counter-point to everything I listed above.  Pretty much it all boils down to; While it may look like there is a target to my writing, I am doing this more for myself than anything else.

Insights on Security

As anyone in the IT world can tell you, security is by far the biggest concern in any organization.  With the prevalence of Crypto-Locker RansomWare variants, on top of the already innumerable amount of malicious software in the wild, it’s enough to keep anyone up at night.  In less than a decade IT had to shift its mindset from the traditional “I’ve got anti-virus, and it updates daily” to a more aggressive stance, parsing logs and network activity, and behavioral tracking.  The problem has become that traditional Anti-Virus isn’t enough anymore.

I remember fondly being the go-to for what Anti-Virus / Anti-Malware / General Internet Condom to use that is the “best” where I would take in to account performance weight against effectiveness, and choosing the software package that hits the best ratio of performance to functionality to Price.

Now, since the internet is so ubiquitous and there are developers everywhere that view it as their sole purpose to exploit vulnerabilities in computer systems.  Regardless if their intention is to promote security or something more nefarious, it is nearly impossible to stay ahead of the game, even in my small environment.

Anatomy of an attack

To better understand how to best secure your environment you first need to understand how an attack happens.  Knowing the fundamentals of an attack lay the groundwork that will put you in the best position possible.

  1. Reconnaissance
    • Just as we’re doing here, an attacker is going to gather all the possible information about their target that they can.
    • A determined attacker will utilize any means necessary to gather information on the target, including going through waste.
    • Other methods include network scanning, determining open ports and services on your network and what the responses are on those ports
    • An attacker may also do some online research about the target, looking for job postings, or even mirror the target’s web-site to get information about the structure of the network.
  2. Assessment
    • With reconnaissance done, it’s time to assess the information.
    • Comparing responses from the network scan against published vulnerabilities and determining what the most effective mode of entry is going to be.
    • Determine the direction of the attack, go to the target, or coerce the target to come to the attacker.
  3. Exploit
    • The attacker has gathered what the attack surface is, determined the vulnerability, and how it is going to be used.
    • During the exploit different payloads may yield different results, and the prime directive is to gain “persistence” or permanent access.  It is possible that to avoid detection after access is gained an attack may lay dormant for some time.
    • Once access is gained an attack will typically “pivot” to some other local resource that is more valuable (think Database, File Server, User Data)
Mitigation

Prevention is an idea of the past, so get that out of your mind.  Mitigation is attainable.   Knowing how an attack plays out makes it easier to take the steps necessary to secure your environment.  The saving grace of most attacks is that they are done with Free or Open Source tools, meaning you can perform all the steps of an attack yourself.  Particularly important are the Reconnaissance and Assessment steps (you can also exploit as well and then re-perform Reconnaissance and Assessment from within the network if you’ve gained access.)

Once you’ve gathered appropriate data, you now have something to work with.  This will give you a view on where your vulnerabilities are and how to mitigate them, be it through software patching or updating firewall settings etc.

So, you’ve secured your network, you’re good now right?  Nope.  All securing your network does is mitigate attacks originating outside the network and attempting to gain access.  There’s still attacks that get the target to come to the attacker.  These attacks are the hard one to protect against because they can come from almost anywhere, and all they usually require is user interaction.

Some methods to mitigate reverse attacks.
  • Instate application white-listing
    • Rather than pick what applications to block pick which applications are able to run
  • block executable content wherever possible (temp directories, user profiles, etc.)
  • Train the human element to be mindful
    • Far and away this is the toughest hurdle.  Users will always be the weakest link in IT Security.
    • Training should include:
      • Email best practices
      • Removable media (USB keys, CDs, DVDs etc..) should not be trusted
      • Authorized vs Unauthorized personnel
      • What information is pertinent to the conversation and what isn’t

While security is an ever evolving topology an IT professional should be pragmatic and vigilant in efforts to not become the victim.