I read up on some recent SANS White papers and a topic caught my eye, toting the weakness of Defense in Depth Alright, I'm taking notes. Companies spend millions of dollars on ITS and they are still getting hacked, well the ones worth hacking into anyway. Sony PS3 customer credit card data, Citibank, US military drones, like really run targets! So what are some alternatives, what are the weaknesses and strengths of technologies today?
The author seems to promote the fact that Defense in Depth is not employed properly by governments and IT departments doing IT Security and Cyber Defence. The Layered defense approach works for the physical and kinetic world (as they call earth). Even an armed intruder cannot walk through walls of fire (clever). However all kinds of cyber threats can be "encapsulated" and shift silently through one layer to the next, both OSI Layer and Layers of Security I presume. Frequency of attack is increasing, and skill level required for success attack is decreasing. IT departments have limited people, process and technology. Hackers can launch attacks as effectively and quickly overseas as next door with limitless power, process and technology. Actions cross international boundaries and legal jurisdictions.
Analogies of common approaches
1) Fire prevention - more like the use of a fire extinguisher or incident handling when an intrusion occurs
2) Nuclear Energy - the core is highly reactive. Clarification please?
3) Engineering - many redundancies built in, failover and contingency plans
4) Online gaming - chance encounters, attack by attrition, using up resources until they're gone
Defense in Breadth was a complementary initiative, involving multiple vendors not competing but rather collaborating. Perhaps something as simple as preventing the attackers from getting back out the internet with the stolen sensitive electronic information. Threat detection, intrusion detection, network baseline monitoring, anomalous behaviour tracking.
Cyber Siege Defense sounds cool but I couldn't quite capture it in notes. Rather I got out of it one really good idea about Managing the Attacker with strategies like
1) Understand the mindset and motivation
2) Feed false information by setting up honeypots or false data
3) Increase the attackers level of effort
4) Drive up their costs, combine defensive technologies to increase complexity
5) Deprive the profits they seek
6) Damage their reputation
What does this all mean? The whole point I got out of it was rather dismal, the hackers know everything that is commercially available and it's weaknesses. Some professionals have to take the SANS course to even learn what the weaknesses are. How do you know that hackers aren't on the same course and laughing at everyone in the back of the room?
Now it's too late, you're already under attack. I found some notebook ideas here useful for incident handling on Windows anyway. Here's a link to a CIRT Whitepaper. Well that is SAN safe link, but how do you know it's really safe, and it's not downloading malicious code? That's what I mean that the weakest security is the OSI Layer 8, the Between Chair and Monitor Error, desktop USER.
More fuel to the fire that IT Security is defenceless... even CEO's agree.
Friday, February 24, 2012
Thursday, February 23, 2012
Career Choices 101
Reitman's a women's clothing line for everyday wear has a catchy advertising tagline, "You have a job evaluation everyday" and there's a poster size image of a woman dressed in a business suit looking ready for a job interview. Well obviously you have to be qualified for the job, well in some jobs looks are part of the qualifications!
 |
| Boothbabe |
Wikipedia has an interesting article on "promotional models". The caption for this photo indicates that the woman is a "booth babe" at a defense industry trade show. (Not the fat dude in combats) Well maybe but what if she was an HR Rep for the company, or even an Engineering Manager. I've never heard of that word before but then again, how many defense industry trade shows have I been too.
For some jobs, good looks are implied - Flight Attendant, Supermodel, etc. Looked at recent job postings where they specifically noted looks as a requirement. A Swedish hospital posted a hiring ad looking for Hot Looking Nurses, a hiring campaign that was well received. You still had to have a nursing degree and job related qualifications to apply.
There are alot of google search results for Import Car Model or how to become an import car model. The general opinion was that most import car models were asian, and I didn't realize that because I thought a requirement was actually being naturally blonde and tall. Turns out I'm wrong, the hottest import car model in Canada is Steph Ly, I was suprised to learn is the sister of a childhood friend who studied accounting and moved on to life in/on fast cars. It was tough to find a webpage that was not blocked by the firewall at work. Another popular asian model is Min Hee Hwang from South Korea. They call her the race queen so I thought she was a race car driver like Danica Patrick.. but drivers are usually in the drivers seat right? There aren't nearly as many photos or web posts dedicated to her (in English). I would categorize her look as classic authentic beauty, stoic, with Japanime-qualities, but not like Kat von D hot. But what do I know. I like looking at the cars in TunerZine.com; I learned alot about my new car featured this month actually, newer Toyota Prius, and the Engineering features behind that. I finally clicked Model because I was looking for a new car. Well anyway they weren't talking about a model number for a car... so that's how this whole article got started.
Whatever career you choose though, make sure it is something you are passionate about. Engineering is a broad field that starts out with Electrical, Mechanical, Chemical, Civil and then they start branching off into various specialties like Aerospace, Environmental, Bio Medical, Bio Mechanical, Process, Manufacturing, Geomatics, Computer and so on. Automobile Engineer, design the fastest and sexiest car on the planet! Personally I wish I had chosen Mining Engineering instead, to look for all those sparkly diamonds!
So are there good looking girls and boys in Engineering? Yah a few for sure. I read a cartoon before that touched on this issue. There's a girl sitting at a desk between two guys. The guy on the left leans over and says "Being a girl in engineering, your odds are good." She looks over at the guy on the right and says "The odds are good, but the goods are odd." I did a google search on "engineers good looking" and it's funny there are not too many photos of people but just machines. Now that's funny.
 |
| Big Bang Theory - Howard Walowitz the Engineer. |
Monday, February 20, 2012
Superpowers in the Super Computing Race
Forget the arms race, it's all about supremacy in super computers and math skills. I saw a desktop CRAY computer running the simulations for certain DSP solution for Matlab and Simulink, and it got me thinking, well what if I had a business case and I could ask my boss to buy me one? First off though, I would have to clearly explain what is 786 gigaflops, and if it will run Linux.
A teraflop is a measure of a computer's computing speed or processing power, based on the acronym FLOPS - Floating Operations Per Second. A teraflop is a trillion or 10 to the 12th-power flops (Note the use of the plural, no need for an additional "s"), available on the market for most affordable parallel computing solutions. And of course, within the realm of possibility or imagination is a computer capable of petaflops, a thousand teraflops or a quadrillion (thousand trillion) flops.
Supercomputers are capable of so many amazing tasks, previously to discover new elements, detect dark matter components. simulate nuclear chain reaction or particle collisions. At present, they can model climate change, crack codes, model protein behaviours and drug reactions. Therefore it's obvious that the top buyers include the biosciences, computer aided engineering and defense industries. Hewlett-Packard, Dell and IBM are all competitors in the market. This CRAY system came out in 2008, so I'm a bit 2000-and-late but in this world, by the time you've already built and deployed the number one system, someone has already imagined something 20 times better.
Canada
As of Nov 2011, Canada did not have a system listed within the public top 500 supercomputer list. Boo.
However we do see Supercomputers on the trading floor at the Toronto Stock Exchange (perhaps the server room) called electronic traders. Math geeks design the algorithms (users input parameters like selling or holding thresholds) or dark pools (when trades have to be hidden from algorithms).
Computation resource allocation on the SciNet, another system at the University of Toronto is very competitive though. The Compute Canada's Resource Allocation Committees are in charge of connecting researchers with computational and personnel resources to run calculations for biomedical research, climate change modeling and even galaxy formation simulations.
Japan
Japan ranks number one. As of Nov 2011, the K Computer, based at the Riken Advanced Institute for Computational Science in Japan was the first to clear 10 petaflops, beating its own record. Hardware includes 705,024 Fujitsu Sparc64 processor cores.
Read more: http://news.cnet.com/8301-30685_3-57324194-264/japanese-supercomputer-first-to-clear-10-petaflops/#ixzz1mwp3L6yU
US
The Blue Gen/L can do 0.5 Quadrillion operations per second, the most powerful in 2005-2008. The Blue Gen is deployed at Livermore, San Francisco where 263 supercomputers from the Top 500 list also reside.
The up and coming Sequoia is being built by IBM, for end 2012, capable of 20 quadrillion operations per second, that's 20 petaflops. The main challenges being to write software to run across all the chips amounting to 1.6 million processors 96 racks of 32 slim servers
I like the supercomputer made from many old model Sony PS3's in parallel used by the US Air Force for satellite imagery analysis, demonstrated years ago. Many researchers have already done the same though this is no longer possible with newer generation PS3.
China
In Nov 2010 China was number one with the Tianhe-1A doing 2.5 Quadrillion operations per second
by Dawning Information Industry Ltd. Tianhue means "The Milky Way", although surpassed within six weeks by Japan. Another amazing fact, China owns 74 of the 500 biggest supercomputers in the world
By 2020 the Chinese have something in the works to rival 500x Sequoia and 8x power of Tianhe
Cisco
Anyway it's not supercomputing but here is the fastest Cisco switch ever. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_data_sheet0900aecd8017a72e.html I'm bringing this up simply because one has to consider connectivity to these super computers and all the glorious applications.
A teraflop is a measure of a computer's computing speed or processing power, based on the acronym FLOPS - Floating Operations Per Second. A teraflop is a trillion or 10 to the 12th-power flops (Note the use of the plural, no need for an additional "s"), available on the market for most affordable parallel computing solutions. And of course, within the realm of possibility or imagination is a computer capable of petaflops, a thousand teraflops or a quadrillion (thousand trillion) flops.
Supercomputers are capable of so many amazing tasks, previously to discover new elements, detect dark matter components. simulate nuclear chain reaction or particle collisions. At present, they can model climate change, crack codes, model protein behaviours and drug reactions. Therefore it's obvious that the top buyers include the biosciences, computer aided engineering and defense industries. Hewlett-Packard, Dell and IBM are all competitors in the market. This CRAY system came out in 2008, so I'm a bit 2000-and-late but in this world, by the time you've already built and deployed the number one system, someone has already imagined something 20 times better.
Canada
As of Nov 2011, Canada did not have a system listed within the public top 500 supercomputer list. Boo.
However we do see Supercomputers on the trading floor at the Toronto Stock Exchange (perhaps the server room) called electronic traders. Math geeks design the algorithms (users input parameters like selling or holding thresholds) or dark pools (when trades have to be hidden from algorithms).
Computation resource allocation on the SciNet, another system at the University of Toronto is very competitive though. The Compute Canada's Resource Allocation Committees are in charge of connecting researchers with computational and personnel resources to run calculations for biomedical research, climate change modeling and even galaxy formation simulations.
Japan
Japan ranks number one. As of Nov 2011, the K Computer, based at the Riken Advanced Institute for Computational Science in Japan was the first to clear 10 petaflops, beating its own record. Hardware includes 705,024 Fujitsu Sparc64 processor cores.
Read more: http://news.cnet.com/8301-30685_3-57324194-264/japanese-supercomputer-first-to-clear-10-petaflops/#ixzz1mwp3L6yU
US
The Blue Gen/L can do 0.5 Quadrillion operations per second, the most powerful in 2005-2008. The Blue Gen is deployed at Livermore, San Francisco where 263 supercomputers from the Top 500 list also reside.
The up and coming Sequoia is being built by IBM, for end 2012, capable of 20 quadrillion operations per second, that's 20 petaflops. The main challenges being to write software to run across all the chips amounting to 1.6 million processors 96 racks of 32 slim servers
I like the supercomputer made from many old model Sony PS3's in parallel used by the US Air Force for satellite imagery analysis, demonstrated years ago. Many researchers have already done the same though this is no longer possible with newer generation PS3.
China
In Nov 2010 China was number one with the Tianhe-1A doing 2.5 Quadrillion operations per second
by Dawning Information Industry Ltd. Tianhue means "The Milky Way", although surpassed within six weeks by Japan. Another amazing fact, China owns 74 of the 500 biggest supercomputers in the world
By 2020 the Chinese have something in the works to rival 500x Sequoia and 8x power of Tianhe
Cisco
Anyway it's not supercomputing but here is the fastest Cisco switch ever. http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_data_sheet0900aecd8017a72e.html I'm bringing this up simply because one has to consider connectivity to these super computers and all the glorious applications.
Cisco Self Defending Network Strategy
I found a CCNA test question on the Cisco Self Defending Network Strategy so I looked it up.
Cyber Security
Trust and Identity Management, responsible for security of critical assets
Threat Defence, respond to problems caused by security outbreaks
Physical Security
Potential security breaches should be evaluated.
Asses the potential impact of stolen netwokr resources and equipments
Secure Connectivity, ensures privacy and confidentiality
Properties of a Self Defending Network
Network Availability: remain active when under attack
Ubiquitous Access: provide secure access from any location
Admission Control: authenticate all users, devices and their posture
Application Intelligence: extend application visibility controls into the network
Day-Zero Protection: ensure endpoints are immune to new threats
Infection Containment: rapidly identify & contain virulent attacks
Network Monitoring:
Monitoring Analysis Response System (MARS) provides security monitoring for networks and hosts
Key Components and Necessary Behaviours
Summary of Cisco Threat Detection Technologies
IPS Sensor Application
Adaptive Security Appliance (ASA)
Cisco Security Agent (CSA)
Cisco PIX Firewall
FWSM Catalyst 6500 Firewall Services Module
IOS Firewall (feature of Cisco IOS)
IPS (feature of Cisco IOS)
Movies on Network Security
War Game (script kiddies break into the Pentagon computers)
Hackers (Angelina Jolie, 1995. Hacking, dial-up modems, social engineering, dumpster diving)
The Net (not so much hacker movie, but privacy issues online)
Mission Impossible 4: Ghost Protocol (breaking network security and halting a nuclear disaster)
Cyber Security
Trust and Identity Management, responsible for security of critical assets
Threat Defence, respond to problems caused by security outbreaks
Physical Security
Potential security breaches should be evaluated.
Asses the potential impact of stolen netwokr resources and equipments
Secure Connectivity, ensures privacy and confidentiality
Properties of a Self Defending Network
Network Availability: remain active when under attack
Ubiquitous Access: provide secure access from any location
Admission Control: authenticate all users, devices and their posture
Application Intelligence: extend application visibility controls into the network
Day-Zero Protection: ensure endpoints are immune to new threats
Infection Containment: rapidly identify & contain virulent attacks
Network Monitoring:
- Syslog maintans a lot of data, feature of Cisco IOS
- Simple Network Management Protocol (SNMP) Cisco IOS feature for network management
Monitoring Analysis Response System (MARS) provides security monitoring for networks and hosts
- Netflow provides packet level stats
- Cisco Traffic Anomaly Detector Module - detects high speed DoS attacks
- Firewall and IDS - IPS Sensor Application, Adaptive Security Appliance (ASA) and Cisco Security Agent (CSA)
Key Components and Necessary Behaviours
- 100% Network Up Time. Keep functioning in the presence of viruses and related infections.
- Network Admission Control (NAC) program. NAC allows customers to determine what level of network access to grant to an endpoint based on its security posture
- Infection Containment as a third-order dampener to the virus and worm propagation effect.
- Adaptive Threat Defense (ATD) capabilities, which enhances the ability of a network to respond to threats based on a new set of Anti-X technologies.
- Network Intrusion Detection Systems (NIDS), integrate NIDS into its router and switching platforms and transforms aspects of into an intrusion prevention system (IPS) with inline filtering capabilities.
- Beyond endpoints, apply to points of presence (POPs) in the network (firewalls, network intrusion detection systems -NIDS, routers, switches, and hosts) with context while learning the L2 and L3 network topology.
Summary of Cisco Threat Detection Technologies
IPS Sensor Application
Adaptive Security Appliance (ASA)
Cisco Security Agent (CSA)
Cisco PIX Firewall
FWSM Catalyst 6500 Firewall Services Module
IOS Firewall (feature of Cisco IOS)
IPS (feature of Cisco IOS)
Movies on Network Security
War Game (script kiddies break into the Pentagon computers)
Hackers (Angelina Jolie, 1995. Hacking, dial-up modems, social engineering, dumpster diving)
The Net (not so much hacker movie, but privacy issues online)
Mission Impossible 4: Ghost Protocol (breaking network security and halting a nuclear disaster)
Subscribe to:
Posts (Atom)