Ask The Experts: New Device Check Lists

This time around on Ask The Experts, we have a question from a reader and it got some great responses from the team:

 

Q: “I need a quick 10 item or less checklist that I can apply to new devices when my company wants to put them on our network. What kinds of things should I do before they get deployed and are in use around the company?”

 

Bill Hagestad started us off with:

The Top 10 checklist items a CISO/or equivalent authority should effectively manage before installing, configuring and managing new devices on a network includes the following;

 

1)Organize your staff and prepare them for the overall task of documenting and diagramming your network infrastructure – give them your commander’s network management intent;

2)Create a physical and logical network map – encourage feedback from your team regarding placement of new hardware and software;

3)Use industry standards for your network including physical and logical security, take a good look at NIST Special Publication SP 800-XX Series;

4)Make certain that you and your team are aware of the requisite compliance standards for your business and industry, it will help to ensure you are within legal guidelines before installing new devices or perhaps you may discover the hardware or software you are considering isn’t necessary after all;

5)Ensure that after you have created the necessary network maps for your infrastructure in Step 2) above, conduct a through inventory of all infrastructure which is both critical and important to your business, then document this baseline;

6)Create a hardware/software configuration change procedure; or if you already have his inlace, have your team review it for accuracy; make certain everyone on the team knows to document all changes/moves/additions on the network;

7)Focus not only on the correlation of newly implemented devices on the internal networks but also look at the dependencies and effects on external infrastructure such as voice/data networks – nothing worse than making an internal change to your network and having your Internet go down unnecessarily;

8)Ensure that new network devices being considered integrate gracefully into your existing logging and alerting mechanisms; no need to install something new only to have to recreate the proverbial wheel in order to monitor it;

9)Consider the second & third order effects of newly installed devices on the infrastructure and their potential impact on remote workers and mobile devices used on the network;

10)Install HoneyPoint Security Server (HPSS) to agentlessly & seamlessly monitor external and potential internal threats to your newly configured network….

 

Of course a very authoritative guide is published by the national Security Agency called appropriately “Manageable Network Plan” and available for download @:

 

http://www.nsa.gov/ia/_files/vtechrep/ManageableNetworkPlan.pdf


Jim Klun added:

1. Make sure the device is necessary and not just a whim on the part of management.   Explain that each new device increases risk. 

2. If the device’s function can be performed by an existing internal service, use that service instead. 

3. Inventory new devices by name, IP addresses, function and – most importantly – owners.  There should be a device owner and a business owner who can verify continued need for the device.  Email those owners regularly,   querying them about continued need. Make sure that these folks have an acknowledged role to support the application running on the devices and are accountable for its security. 

4. Research the device and the application(s) its support.  Have no black boxes in your datacenter.  Include an abstract of this in the inventory. 

5. Make sure a maintenance program is in place – hold the app and device owner accountable. 

6. Do a security audit of the device wehn fully configured. Hit it with vulnerability scanners and make sure that this happens at least quarterly. 

7. Make sure monitoring is in place and make very sure all support staff are aware of the device and any alerts it may generate. Do not blind-side the operations staff. 

8. If the device can log its activities ( system and application ) to a central log repository, ensure that happens as part of deployment. 

9. Make sure the device is properly placed in your network architecture. Internet-exposed systems should be isolated in an Internet DMZ.  Systems holding sensitive data should similarly be isolated. 

10. Restrict access to the device as narrowly as possible. 

 

Finally.. if you can, for every device in your environment, log its network traffic and create a summary of what is “normal” for that device.  

Your first indication of a compromise is often a change in the way a system “talks”. 

 

Adam Hostetler chimed in with: 

Will vary a lot depending on device, but here are some suggestions

 

1. Ensure any default values are changed. Passwords, SNMP strings, wireless settings etc.

2. Disable any unnecessary services

3. Ensure it’s running the latest firmware/OS/software

4. Add the device to your inventory/map, catalog MAC address, owner/admin, etc.

5. Perform a small risk assessment on the device. What kind of risk does it introduce to your environment? Is it worth it?

6. Test and update the device in a separate dev segment, if you have one.

7. Make sure the device fits in with corporate usage policies

8. Perform a vulnerability assessment against the device. 

9. Search the internet for any known issues, vulnerabilities or exploits that might effect the device.

  1. Configure the device to send logs to your logging server or SEIM, if you have one.

 

And John Davis got the last word by adding: 

From a risk management perspective, the most important thing a CISO needs to ensure is in place before new devices are implemented on the network is a formal, documented Systems Development Life Cycle or Change Management program. Having such a program in place means that all changes to the system are planned and documented, that security requirements and risk have been assessed before devices have purchased and installed, that system configuration and maintenance issues have been addressed, that the new devices are included in business continuity planning, that proper testing of devices (before and after implementation on the network) is undertaken and more. If a good SDLC/Change Management program is not in place, CISOs should ensure that development and implementation of the program is given a high priority among the tasks they wish to accomplish.

 

Whew, that was a great question and there is some amazing advice here from the experts! Thanks for reading, and until next time, stay safe out there! 

 

Got a question for the experts? Give us a shout on Twitter (@microsolved or @lbhuston) and we’ll base a column on your questions!

Yo, MSI Raps Podcast Episode 1

This is the latest version of Yo, MSI Raps. We have decided to make these episodes open to public finally, so we will start with this one.

This is an open round table discussion between members of the MSI Technical Team. It is candid, friendly and, we hope, interesting. 🙂

This time around, the team talks about privacy, the news around the NSA collection of data and impacts of surveillance on liberty. 

You can check out the podcast here!

Look for these sessions to be released more frequently and on topics that are in the news. We hope you enjoy them, and feel free to give us feedback via Twitter (@lbhuston or @microsolved) and/or via the comments section.

Thanks for listening!

CYBER SA ~ 1300Z27AUG2013

Good Morning Cyber SA Fans;

Relentless reports from many countries regarding the largest DDoS attack to hit the Internet in the People’s Republic of China…say don’t they have the Cisco-powered Great Firewall? Lots of cyber SA to enjoy this Tuesday the 27th of August 2013…relish in today’s cyber news…there’s more waiting on you for tomorrow!

Enjoy!

中国互联网络信息中心 National Nodes DNS DDOS attacks suffered in the history of the largest
http://www.cnnic.net.cn/gjymaqzx/aqgg/aqggaqsj/201308/t20130826_41325.htm

People’s Republic of China Internet hit by ‘largest ever’ attack…uh oh, let loose the dogs of war…
http://www.france24.com/en/20130827-china-internet-hit-largest-ever-attack
Chinese internet hit by largest ever DDoS attack
http://www.v3.co.uk/v3-uk/news/2290946/chinese-internet-hit-by-largest-ever-ddos-attack
Chinese Internet Hit by Attack Over Weekend
http://blogs.wsj.com/chinarealtime/2013/08/26/chinese-internet-hit-by-attack-over-weekend/
People’s Republic of China’s internet hit by the country’s “largest ever” attack
http://gigaom.com/2013/08/26/chinas-internet-hit-by-the-countrys-largest-ever-attack/

Emerging markets drive Chinese browser firm UCWeb’s global expansion – Xinhua | English.news.cn
http://news.xinhuanet.com/english/sci/2013-08/24/c_132658921.htm

PLA Cavalry: Use the Beidou satellite system to good effect -…
http://english.peopledaily.com.cn/90786/8378444.html
Chinese satellite movements alarm experts
http://www.i24news.tv/en/news/international/asia-pacific/130820-chinese-satellite-movements-baffle-experts
PLA stresses goal of stronger military – People’s Daily Online
http://english.peopledaily.com.cn/90786/8377139.html
PLA command confrontation drill concludes – People’s Daily Online
http://english.peopledaily.com.cn/90786/8373718.html

Chinese shipbuilder reveals breakthrough technology – People’s Daily Online
http://english.peopledaily.com.cn/202936/8370062.html

Sina, People’s Republic of China’s answer to Twitter, enters the mobile messaging battle with its own app
http://thenextweb.com/asia/2013/08/26/sina-chinas-answer-to-twitter-enters-the-mobile-messaging-battle-with-its-own-app/
People’s Republic of China’s ‘new relationship’ trap
http://www.washingtontimes.com/news/2013/aug/26/fisher-chinas-new-relationship-trap/?
People’s Republic of China Bans a Law Professor From Classroom | Inside Higher Ed
http://www.insidehighered.com/quicktakes/2013/08/26/china-bans-law-professor-classroom
Kenya and People’s Republic of China sign $5bn deals
http://www.bbc.co.uk/news/world-africa-23768488
Australia’s mining boom rolls on for Chinese entrepreneur in the outback
http://www.reuters.com/article/2013/08/25/us-australia-mining-idUSBRE97O03R20130825
European Equipment Suppliers Win Third Of £2bn China Mobile 4G Contract
http://www.techweekeurope.co.uk/news/china-mobile-4g-european-equipment-125662?
People’s Republic of China launches its first air-to-air missile from helicopter – The Times of India
http://timesofindia.indiatimes.com/world/china/China-launches-its-first-air-to-air-missile-from-helicopter/articleshow/22063826.cms
45 Signs That the People’s Republic of China Is Colonizing America
http://wanderingchina.org/2013/08/25/45-signs-that-china-is-colonizing-america-the-american-dream-online-risingchina-colonizingamerica/

U.S. spied on UN: German weekly – Xinhua | English.news.cn
http://news.xinhuanet.com/english/world/2013-08/26/c_125242562.htm

DPRK offers mobile internet access for foreigners – Xinhua |
http://news.xinhuanet.com/english/world/2013-02/25/c_132191596.htm

Koobface worm-flinging gangster linked to pharma spam ops • The Register
http://www.theregister.co.uk/2013/08/26/koobface_carder_pharma_spam_tieup/

MoleRats Hackers Hitting Israeli Government With Poison Ivy Malware
http://www.techweekeurope.co.uk/news/molerats-attacks-israel-egypt-125668?

Semper Fi;

謝謝
紅龍

Cyber SA for 1302Z26AUG2013

Good Monday Morning Fans!

Extraordinary amount of Cyber Situational Awareness (SA) news from around the globe today!

The People’s Republic of China suffers a massive DDoS attack; Chinese military modernization of information warfare doctrine circa 2000 & 2008 – There are also stories about Russian Cybercrime; India’s cyber architecture and much other relevant good stuff to share in the variety of news posts below!

Enjoy!

People’s Republic of China suffers major DDoS attack on .cn domain
http://www.pcworld.com/article/2047427/china-suffers-major-ddos-attack-on-cn-domain.html#
People’s Republic of China’s Internet hit by biggest cyberattack in its history
http://money.cnn.com/2013/08/26/technology/china-cyberattacks/index.html?

Information Defense: An Important Part of Information Warfare…解放军报网络版-军事沙龙
This is Chinese Military (中國人民解放軍) Information Warfare (信 息战争) Doctrine Circa 2000

http://www.pladaily.com.cn/item/vote/houqing/content/7-015.htm
Chinese Military Networks also Need to Relate To Battle Strategies…网络攻防战也需讲谋略
This is Circa 2007 – 中國人民解放軍信 息作战

http://www.chinamil.com.cn/site1/xwpdxw/2007-11/06/content_1007865.htm
Cyber Warfare & the People’s Republic of China…Has the Wolf Come Yet?网络战,狼真的来了吗
This is Circa 2007 – 中國人民解放軍信 息作战

http://www.chinamil.com.cn/site1/xwpdxw/2007-11/01/content_1002668.htm
Chinese Military Active Defense: Target Enemy Critical Infrastructure信息防卫–信息化战争的重要一环
This is Chinese Military (中國人民解放軍) Information Warfare (信 息战争) Doctrine Circa 2008

http://www.chinamil.com.cn/site1/2008b/2008-06/17/content_1320115.htm

U.S., China and an unthinkable war
Both have planned for a conflict they hope to avoid.
http://www.latimes.com/opinion/commentary/la-oe-gompert-kelly-war-china-u-s–20130826,0,6126914.story?
US Navy seeks more cooperation with China in counter-piracy exercise
http://www.stripes.com/news/navy/us-navy-seeks-more-cooperation-with-china-in-counter-piracy-exercise-1.237354?
John McCain, China Trade Barbs Over Senkaku Islands
http://thediplomat.com/the-editor/2013/08/26/john-mccain-china-trade-barbs-over-senkaku-islands/?
China’s worried elites
Not since Mikhail Gorbachev began speaking of ‘Glasnost’ and ‘Perestroika’ has there been such a ferment among policy intellectuals.

http://www.upi.com/Top_News/Analysis/Walker/2013/08/26/Walkers-World-Chinas-worried-elites/UPI-48771377490260/

China IP Rights. The Lackey View.
http://www.chinalawblog.com/2013/08/china-ip-rights-the-lackey-view.html

Sinopec profits surge as China eases pricing rules
http://www.bbc.co.uk/news/business-23838922
China to investigate vice president of oil firm CNPC
http://uk.reuters.com/article/2013/08/26/uk-china-oil-cnpc-idUKBRE97P01V20130826?
China’s Military Says Pacific Rim Is American Propaganda
http://kotaku.com/chinas-military-says-pacific-rim-is-american-propagand-1196612758
PH, Vietnam hold talks to boost defense amid China tension
http://globalnation.inquirer.net/84123/ph-vietnam-hold-talks-to-boost-defense-amid-china-tension

Top Japanese firms’ classified info leaked on People’s Republic of China’s Baidu
http://www.japantimes.co.jp/news/2013/08/08/national/leading-japanese-firms-confidential-documents-leaked-on-chinese-website/

People’s Republic of China Wants to Rise Peacefully, But So What?
http://thediplomat.com/flashpoints-blog/2013/08/22/china-wants-to-rise-peacefully-but-so-what/?

The Pervasiveness of Foreign Collection Efforts via Cyber Espionage
http://ci.speartip.com/blog/bid/329389/The-Pervasiveness-of-Foreign-Collection-Efforts-via-Cyber-Espionage
Cybersecurity Expert: Assume You’re Being Attacked Right Now
http://www.crn.com/news/security/240160280/cybersecurity-expert-assume-youre-being-attacked-right-now.htm

Local man Taiwanese gets suspended sentence spying the People’s Republic of China
http://www.chinapost.com.tw/taiwan/national/national-news/2013/08/23/387135/Local-man.htm
Chinese mainland’s Internet speed ranks 98th |Industries |chinadaily.com.cn
http://www.chinadaily.com.cn/business/2013-08/16/content_16898964.htm

People’s Republic of China’s Huawei, ZTE win bulk of China Mobile’s $3 billion 4G bonanza: sources
http://www.reuters.com/article/2013/08/23/us-chinamobile-4g-idUSBRE97M02020130823
Is Taiwan’s HTC about to get acquired by People’s Republic of China’s ZTE, Lenovo or Huawei?
http://www.networkworld.com/news/2013/082213-android-roundup-273111.html
Electric carmaker Tesla hits roadblock in People’s Republic of China over trademark
Tesla will pay dearly for not havinf read of Apple’s dillemma regarding IP & Trademark registration within the People’s Republic of China…but I’m certain they hired only the best to get them to this point 🙂

http://www.reuters.com/article/2013/08/23/us-china-autos-tesla-idUSBRE97M0D920130823
Despite denials, docs show McAuliffe company asked feds to fast-track visa for investor tied to spy list
MAKING CONNECTIONS: Chinese telecommunications company like Huawei Technologies Co. “provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems,”

http://sayanythingblog.com/entry/despite-denials-docs-show-mcauliffe-company-asked-feds-to-fast-track-visa-for-investor-tied-to-spy-list/?
Africa’s Big Brother Lives in Beijing – Is Huawei wiring Africa for surveillance? Or just for money?
http://www.foreignpolicy.com/articles/2013/07/30/africas_big_brother_lives_in_beijing_huawei_china_surveillance?page=full
U.S. Fears People’s Republic of China’s Huawei Backed Spy Network In Africa (Update) –
http://chinadigitaltimes.net/2013/08/huawei-in-africa-new-spy-network/?
People’s Republic of China’s Huawei Secures $1.5 Billion Equivalent 5-year Term Loan
http://www.cellular-news.com/story/61663.php?
People’s Republic of China’s ZTE to post third quarterly profit due to cost cuts
http://www.reuters.com/article/2013/08/21/us-zte-results-idUSBRE97K0XB20130821
People’s Republic of China’s Baidu buys majority stake in group buying site Nuomi | PCWorld
http://www.pcworld.com/article/2047322/chinas-baidu-buys-majority-stake-in-group-buying-site-nuomi.html

Multinationals in China…Guardian warriors and golden eggs
The state’s crackdowns on big firms are not all about bashing foreigners

http://www.economist.com/news/business/21584045-states-crackdowns-big-firms-are-not-all-about-bashing-foreigners-guardian-warriors-and?
Volvo building two additional assembly plants in People’s Republic of China
http://www.leftlanenews.com/volvo-to-build-assembly-plants-in-china.html
Foreign Executives Need to Exercise Due Care in the People’s Republic of China
http://www.china-briefing.com/news/2013/08/23/foreign-executives-need-to-exercise-due-care-in-china.html

Xiaomi’s new funding round skyrockets valuation to $10B
http://venturebeat.com/2013/08/22/xiaomis-new-funding-round-skyrockets-valuation-to-10b/
People’s Republic of China arrests activist who campaigned about leaders’ wealth | Reuters
http://in.reuters.com/article/2013/08/23/china-dissident-idINDEE97M05520130823

Review of US surveillance programs to be led by panel of intelligence insiders
http://www.theguardian.com/world/2013/aug/22/nsa-surveillance-review-panel-insiders
US intelligence services go ‘on the record’ with new Tumblr blog
http://www.theguardian.com/world/2013/aug/22/us-intelligence-community-tumblr-surveillance
If You’ve Ever Traveled to a “Suspicious” Country, This Secret Program May Target You
http://www.motherjones.com/politics/2013/08/carrp-fbi-immigration-terrorism-aclu
How an Idealistic President Embraced Cyber Espionage
http://www.huffingtonpost.com/nikolas-kozloff/how-an-idealistic-preside_b_3799193.html

Exclusive: UK’s secret Mid-East internet surveillance base is revealed in Edward Snowden leaks
http://www.independent.co.uk/news/uk/politics/exclusive-uks-secret-mideast-internet-surveillance-base-is-revealed-in-edward-snowden-leaks-8781082.html
New Study: Senior U.S. Military Schools Struggle to Include Cyber Education in Curricula
http://pellcenter.salvereginablogs.com/files/2013/08/JPME-Cyber-Leaders-Final.pdf
http://pellcenter.salvereginablogs.com/new-study-senior-u-s-military-schools-struggle-to-include-cyber-education-in-curricula/

New figures reveal extent of cybercrime risk to UK population
http://phys.org/news/2013-08-figures-reveal-extent-cybercrime-uk.html
www.cyber.kent.ac.uk/Survey1.pdf

Nasdaq outage resembles political hacker attacks – These are not the Hackers you are looking for…
http://macdailynews.com/2013/08/22/nasdaq-outage-resembles-political-hacker-attacks/

Serious cyber attack hits Belgian military intelligence service
http://www.mo.be/en/article/serious-cyber-attack-hits-belgian-military-intelligence-service

FEATURE-Ex-Soviet hackers play outsized role in cyber crime world
http://www.reuters.com/article/2013/08/22/russia-cybercrime-idUSL6N0G61KM20130822

German IT officials reportedly deem Windows 8 too ‘dangerous’ to use
http://bgr.com/2013/08/21/microsoft-windows-8-nsa-back-door/

Govt to chart road map to safeguard India’s cyber security…
http://www.dnaindia.com/india/1879193/report-govt-to-chart-road-map-to-safeguard-india-s-cyber-security-architecture

Semper Fi;

謝謝
紅龍

Using HoneyPoint as a Nuance Detection System in Utility Companies

I often get asked about how utility companies deploy HoneyPoint in an average implementation. To help folks with that, I whipped up this quick graphic that shows a sample high level deployment. 

Thanks for reading! Let me know what you think, or if you have an interest in discussing an implementation in your environment.

Chinese Military Cyber SA Special Edition ~ 1330Z23AUG2013

Good Morning Fans – it’s Friday;

Today’s Cyber SA is a special edition highlighting historical and very recent cyber military doctrine developments in the People’s Republic of China (中國人民共和國 ) military, the People’s Liberation Army (PLA)中國人民解放軍…

Enjoy this special edition…and while you do, ask yourself the question about why your over priced ‘cyber’ intel vendor didn’t show you these items yet…the fire them and contact the Red Dragon ~ 紅龍 @ MicroSolved…

Enjoy!

Chang Wanquan: Hacker actions never supported by Chinese military – People’s Daily Online
http://english.peopledaily.com.cn/90786/8373519.html
今日利剑在手 明日缚住苍龙…
解放军画报…- Beijing Military Region to strengthen information technology division of qualified personnel
“Today, tomorrow, sword in hand defeats the restrained Black Dragon…”
http://www.plapic.com.cn/txt/201308b/20130807B.htm

Network Management Center of Nanjing Military Region Chen Yande – 南京军区某部网管中心 陈彦德
http://chn.chinamil.com.cn/xwpdxw/jskjxw/2011-07/28/content_4611103.htm
Unidirectional optical transmission cast “network shield”…单向光传输铸“网 盾”■新疆军区某部维修科科长 吴国龙
http://chn.chinamil.com.cn/xwpdxw/jskjxw/2011-07/21/content_4555913.htm
U.S. Department of Defense released the first copies of “cyberspace Action Strategy”
美国防部发布首份《网络空间行动战略》
http://chn.chinamil.com.cn/xwpdxw/2011-07/15/content_4487744.htm
中國人民解放軍信 息战争网 络战…Chinese Military Information Warfare & Network Warfare circa…2008
http://www.chinamil.com.cn/site1/jstppd/2008-02/18/content_1127942.htm
In People’s Republic of China, ‘defaming cultural icons’ online can land you in jail | TechHive
http://www.techhive.com/article/2047103/china-arrests-two-for-using-the-internet-to-defame-cultural-icon.html
Western defense firms refuse Chinese buyers to deter copycats
http://www.wantchinatimes.com/news-subclass-cnt.aspx?cid=1101&MainCatID=11&id=20130815000117
US Snubs Russia, People’s Republic of China Doesn’t
http://thediplomat.com/china-power/us-snubs-russia-china-doesnt/
Airsea Battle VS Offshore Control: Can the US Blockade the People’s Republic of China?
http://thediplomat.com/the-naval-diplomat/2013/08/19/airsea-battle-vs-offshore-control-can-the-us-blockade-china/

Content-Based Mobile Edge Networking (CBMEN)
http://www.darpa.mil/Our_Work/STO/Programs/Content-Based_Mobile_Edge_Networking_(CBMEN).aspx

Anatomy of a brute force attack – how important is password complexity?
http://nakedsecurity.sophos.com/2013/08/16/anatomy-of-a-brute-force-attack-how-important-is-password-complexity/

DDoS Attacks Used As Cover For Other Crimes – The Akamai Blog
https://blogs.akamai.com/2013/08/new-deputy-under-secretary-for-cybersecurity.html?

Semper Fi,

謝謝
紅龍

More on Persistent Penetration Testing from MSI

MicroSolved has been offering Persistent Penetration Testing (PPT) to select clients now for a couple of years. We have been testing and refining our processes to make sure we had a scalable, value driven, process to offer our full client base. We have decided to open the PPT program up to another round of clients, effective immediately. We will be open to adding three additional clients to the PPT group. In order to qualify, your organization must have an appetite for these services and meet the criteria below:

The services:

  • MSI will actively emulate a focused team of attackers for either a 6 or 12  month period, depending on complexity, pricing and goals
  • During that time, MSI will actively and passively target your organization seeking to reach a desired and negotiated set of goals (usually fraud or theft of IP related data, deeper than traditional pen testing)
  • Full spectrum attacks will be expressed against your organization’s defenses in red team mode, across the time window 
  • Once an initial compromise occurs and the appropriate data has been identified and targeted, we will switch to table top exercises with the appropriate team members to discuss exploitation and exfiltration, prior to action
  • If, and only if, your organization approves and desires, then exploitation and exfiltration will occur (note that this can be pivoted from real world systems to test/QA environments at this point)
  • Reporting and socialization of the findings occurs, along with mitigation strategies, awareness training and executive level briefings
  • The process then repeats, as desired, through the terms and sets of goals

The criteria for qualification; Your organization must:

  • Have full executive support for the initiative, all the way to the C-level and/or Board of Directors
  • Have a mature detection and egress process in place (otherwise, the test will simply identify the needs for these components)
  • Have the will to emulate real world threat activity without applying compliance-based thinking and other unnatural restraints to the process
  • Have a capable security team for MSI to work with that has the capability to interface with the targeted lines of business in a rapid, rational and safe manner
  • If desired, have the capability to construct testing/QA platforms and networks to model real world deployments in a rapid and accurate fashion (requires rapid VM capability)
  • Be open to engaging in an exercise with an emulated aggressive adversary to establish real world risk and threat profiles
  • Be located in the US (sorry, we are not currently accepting non-US organizations for this service at this point)

If your organization meets these requirements and you are interested in discussing PPT services, please drop me a line (Twitter: @lbhuston), or via email at Info at microsolved dot com. You can also reach me via phone at (614) 351-1237 x 201.

CYBER SA for 1130Z22AUG2013

Good morning Cyber Fans –

Remember Red Dragon’s rules of cyber SA and newsworthy items – with writer deadlines both Wednesday, yesterday and the weekends are when you are likely to discover & learn about the nascent and unusual from cyber land…

In today’s edition of CYBER SA we have a decent batch of cyber related stories out of the People’s Republic of China…(中國人民共和國), news of Russia’s Cyber Initiatives; Iranian Oil going to China thanks to Hillary; proof that the United Kingdom has been definitely colonized by the Chinese under the ROE for Operation Middle Kingdom; HUAWEI’s endeavors in both Poland and Indonesia..yes and the latest silliness from our own shores…

Enjoy my friends – it is only Thursday!

Chinese Ransomlock Malware Changes Windows Login Credentials |
http://www.symantec.com/connect/blogs/chinese-ransomlock-malware-changes-windows-login-credentials
Poison Ivy RAT Spotted in Three New Attacks…ties to hackers in People’s Republic of China
http://threatpost.com/poison-ivy-rat-spotted-in-three-new-attacks/102022
Revamped Aumlib, Ixeshe Malware Found in New People’s Republic of China Attacks
http://threatpost.com/revamped-aumlib-ixeshe-malware-found-in-new-china-attacks/101965

In global cyber war, Silicon Valley urged to take care of own
As U.S., People’s Republic of China spar over attacks, Google others told to step up.
http://www.sltrib.com/sltrib/money/56411570-79/china-security-cyber-government.html.csp

Veterans of 2001 Sino-US cyberwar become entrepreneurs
While some veterans of the Sino-US cyberwar of 2001 remain true to the ‘spirit of geeks’, many have since carved out profitable internet businesses
http://www.scmp.com/news/china/article/1298200/hackers-entrepreneurs-sino-us-cyberwar-veterans-going-straight

People’s Republic of China: ‘An economic force to be reckoned with’ | Asia | DW.DE | 21.08.2013
http://www.dw.de/china-an-economic-force-to-be-reckoned-with/a-17036412?maca=en-rss-en-all-1573-xml-atom
People’s Republic of China Takes Aim at Western Ideas
http://www.nytimes.com/2013/08/20/world/asia/chinas-new-leadership-takes-hard-line-in-secret-memo.html?_r=1&&pagewanted=all

Surrounded: How the U.S. Is Encircling People’s Republic of China with Military Bases
US military options now must counter People’s Republic of China’s Operation Middle Kingdom in Asia Pacific….
http://killerapps.foreignpolicy.com/posts/2013/08/20/surrounded_how_the_us_is_encircling_china_with_military_bases

US, People’s Republic of China still wary of each other despite military cooperation talk
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130821000115&cid=1703

People’s Republic of China’s Rise, Disputed Territories & Competition Between Major Powers In Asia-Pacific Concern For Canada And Australia – Report
http://www.eurasiareview.com/21082013-chinas-rise-disputed-territories-and-competition-between-major-powers-in-asia-pacific-concern-for-canada-and-australia-report/?

The untold truth behind the US rebalancing policy|
http://www.wantchinatimes.com/news-subclass-cnt.aspx?cid=1703&MainCatID=17&id=20130811000079

A gap in U.S. sanctions law allows People’s Republic of China to import more Iranian oil
http://online.wsj.com/article/SB10001424127887324619504579026333611696094.html

UK’s BBC Strikes China Content Deal…agrees to OP Middle Kingdom ROE
http://variety.com/2013/tv/news/bbc-strikes-china-content-deal-1200583306/
People’s Republic of China media: Online rumours
http://www.bbc.co.uk/news/world-asia-china-23776560
Xinhua reveals People’s Republic of China’s ‘Area 51’ in Inner Mongolia
http://www.wantchinatimes.com/news-subclass-cnt.aspx?cid=1101&MainCatID=11&id=20130821000013

Security probes into foreign companies backed by People’s Republic of China’s netizens
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130821000139&cid=1101
People’s Republic of China’s Sinochem plans further investment in Brazil’s offshore oil
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130821000010&cid=1102
People’s Republic of China’s Everbright’s strategic investments keep firm afloat after errors
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130821000062&cid=1206
People’s Republic of China arrests Weibo users for “inciting public dissatisfaction with the government”
http://www.techinasia.com/china-arrests-weibo-users-inciting-public-dissatisfaction-government/?
A Chinese Wikipedia editor is banned from leaving People’s Republic of China until 2016
http://www.techinasia.com/wikipedia-china-editor-banned-from-leaving-country/?
Indonesia’s flagship airline Garuda spotted using People’s Republic of China’s AliPay
http://www.techinasia.com/garuda-indonesia-alipay/?
Apple’s iPad sees People’s Republic of China market share shrink to 28%
http://www.techinasia.com/apple-ipad-market-share-china-shrinks-to-28-percent-q2-2013/?

What Is the People’s Republic of China Unable To Make?
http://www.ibtimes.com/chinese-companies-struggling-gain-foothold-global-market-1392949?ft=rc480
Chinese Telecom ZTE Latches Onto Firefox for Image of Privacy – The Epoch Times
http://www.theepochtimes.com/n3/255482-chinese-telecom-latches-onto-firefox-for-image-of-privacy/
People’s Republic of china to Lead – Growth in Wind Energy to Boost Global Operations and Maintenance (O&M) Market
http://www.investorideas.com/news/2013/renewable-energy/08201.asp
ChinaSoft International and Alibaba Cloud to Build Pilot Smart Government Services Cloud for Zhejiang
http://www.istockanalyst.com/business/news/6541645/chinasoft-international-and-alibaba-cloud-to-build-pilot-smart-government-services-cloud-for-zhejiang

Apple loses ground in People’s Republic of China smartphone market
http://www.eetasia.com/ART_8800688899_499488_NT_71fe3e9a.HTM
Apple Takes A Small Step Toward Boosting Its Presence In the People’s Republic of China
http://www.businessinsider.com/apple-takes-a-small-step-toward-boosting-its-presence-in-china-2013-8?
Apple’s iPad suffers drastic decline in share of Chinese tablet market while cheap competitors grow
http://appleinsider.com/articles/13/08/20/apples-ipad-suffers-drastic-decline-in-share-of-chinese-tablet-market-while-cheap-models-grow

Japan’s nuclear crisis deepens, China expresses ‘shock’
http://www.reuters.com/article/2013/08/21/us-japan-fukushima-severity-idUSBRE97K02B20130821
Malaysia’s Celcom signs five year digital services deal with People’s Republic of China’s Huawei
http://www.telegeography.com/products/commsupdate/articles/2013/08/21/celcom-signs-five-year-digital-services-deal-with-huawei/?
People’s Republic of China’s Huawei Helps Polish Government Build
…the World’s First 3.6GHz~3.8GHz eLTE Broadband Access Network
Poland is the Operation Middle Kingdom target for colonization in Eastern Europe…

http://www.istockanalyst.com/business/news/6540174/huawei-helps-polish-government-build-the-world-s-first-3-6ghz-3-8ghz-elte-broadband-access-network

Soldier of Fortune –
Memories of army life from both sides of the Chinese Civil War to a reeducation camp after the Korean War
http://english.caixin.com/2013-08-09/100567733.html

Australia’s glittering investments from People’s Republic of China are not all gold
http://www.usatoday.com/story/news/world/2013/08/20/australia-elections-china-financial-boom/2574249/?
New Zealand spy bills key up controversy
Laws expected to pass this week anger surveillance-wary New Zealanders and irk China, a major trading partner.
http://www.aljazeera.com/indepth/features/2013/08/2013812113057818160.html

Russian Military Creating Cyber Warfare Branch | Defense | RIA Novosti
http://en.ria.ru/military_news/20130820/182856856/Russian-Military-Creating-Cyber-Warfare-Branch.html
Russia Preparing New Cyber Warfare Branch, Military Official Says
http://news.softpedia.com/news/Russia-Preparing-New-Cyber-Warfare-Branch-Military-Official-Says-376807.shtml
Russia’s FSB mulls ban on ‘Tor’ online anonymity network — RT Russian
http://rt.com/politics/russia-tor-anonymizer-ban-571/

Poison Ivy: Assessing Damage and Extracting Intelligence
http://www.fireeye.com/blog/technical/targeted-attack/2013/08/pivy-assessing-damage-and-extracting-intel.html
You Had Me at NIST…謝謝您.. Persistent Threat @AdvancedThreat
http://jujishou4prez.wordpress.com/2013/08/21/you-had-me-at-nist/

From Nuclear Deterrence To Cyber Deterrence – OpEd
http://www.eurasiareview.com/21082013-from-nuclear-deterrence-to-cyber-deterrence/?

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: The Cost of Anonymizing a Cybercriminal’s Internet Activities – Part Three
http://ddanchev.blogspot.nl/2013/08/the-cost-of-anonymizing-cybercriminals.html
McAfee: ‘$1 trillion global cyber crime cost was over the top’
http://www.computing.co.uk/ctg/news/2289953/mcafee-usd1-trillion-global-cyber-crime-cost-was-over-the-top

Millions stolen from US banks after ‘wire payment switch’ targeted
http://www.scmagazine.com.au/News/354155,millions-stolen-from-us-banks-after-wire-payment-switch-targeted.aspx

In ‘cyber’ Maryland, a bid for business growth
http://articles.baltimoresun.com/2013-08-16/business/bs-bz-federal-cybersecurity-industry-20130816_1_business-growth-business-group-national-cybersecurity-center

The 2013 Cybersecurity Executive Order: Potential Impacts On The Private Sector – Strategy – United States
http://www.mondaq.com/unitedstates/x/258936/technology/The+2013+Cybersecurity+Executive+Order+Potential+Impacts+on+the+Private+Sector
Resilience of the Internet Interconnection Ecosystem — ENISA
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/inter-x/interx/report

Enjoy!

Semper Fi,

謝謝
紅龍

Wednesday Cyber SA 21AUG2013 – TREMENDOUS Amount of News!

Good Wednesday Morning Fans of Cyber Mania News…

Lots of cyber related news out of the People’s Republic of China today – ENISA & NIST sound off, Islamic Republic of Iran has some noteworthy items and of course the token Russia Cyber story for the cyber fan from Leeds, UK…enjoy!

People’s Republic of China denies role in cyber-attacks on United States; Claim themselves victim of hacking – The Economic Times
http://economictimes.indiatimes.com/tech/internet/china-denies-role-in-cyber-attacks-on-united-states-claim-themselves-victim-of-hacking/articleshow/21931101.cms
Beijing’s Rising Hacker Stars…How Does Mother China React?
http://fmso.leavenworth.army.mil/documents/Beijings-rising-hackers.pdf

People’s Republic of China monitors online chatter as users threaten state hold on the internet
http://www.theguardian.com/world/2013/aug/20/china-internet-listening-citizens-views
Chinese lawyers targeted as Xi Jinping tightens control – Telegraph
http://www.telegraph.co.uk/news/worldnews/asia/china/10254632/Chinese-lawyers-targeted-as-Xi-Jinping-tightens-control.html
Xue Manzi: How Chinese social media can be a force for good
http://www.danwei.com/xue-manzi-how-chinese-social-media-can-be-a-force-for-good/

Chinese Man Who Offered To Install “Hacker” software is arrested 男子给网吧提供“黑客”软件 获刑三年罚金十万-资讯-黑基安全网
http://www.hackbase.com/news/2013-08-20/116340.html

Conflict Breeds Cyber Attacks | Analysis Intelligence
http://analysisintelligence.com/cyber-defense/conflict-breeds-cyber-attacks/?
Mapped: The 7 Governments the U.S. Has Overthrown – By J. Dana Stuster
http://www.foreignpolicy.com/articles/2013/08/19/map_7_confirmed_cia_backed_coups?page=full

PLA (中國人民解放軍)advancing laser weapons program|
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130820000102&cid=1101
中國人民解放軍 (PLA) Lanzhou MAC organizes confrontation training – People’s Daily Online
http://english.people.com.cn/90786/8370233.html
More college students applying for entry into the military, Zhao Shengnan reports in Beijing.
http://english.peopledaily.com.cn/90786/8368846.html
Hagel, Chinese Defense Minister Commit To Cooperation But Tensions Clear
http://breakingdefense.com/2013/08/19/hagel-pla-leader-commit-to-cooperation-but-tensions-clear/?
People’s Republic of China, U.S. agree on new steps to enhance military cooperation – People’s Daily Online
http://english.peopledaily.com.cn/90786/8370788.html
US, People’s Republic of China (中華人民共和國) agree on new ways to enhance military cooperation|
http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130820000123&cid=1101
Advance toward new type of China-U.S. mil-to-mil relations – People’s Daily Online
http://english.peopledaily.com.cn/90786/8370960.html
Chinese professor warns of “democracy trap” – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-08/20/c_132646879.htm

People’s Republic of China, U.S. Ink Deal to Counter Illicit Atomic Trafficking | GSN | NTI
http://www.nti.org/gsn/article/us-inks-multiple-deals-counter-illicit-atomic-trafficking/
Chinese shipbuilder reveals breakthrough technology – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-08/20/c_132646180.htm
CNOOC Gas undertakes China’s first floating LNG project – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-08/15/c_132633910.htm
People’s Republic of China’s Huawei And Security: The Bigger Picture
http://www.crn.com/news/networking/240160101/huawei-and-security-the-bigger-picture.htm?
People’s Republic of China’s Huawei Exec: We Need To Be A Better Communicator
http://www.crn.com/news/networking/240160097/huawei-exec-we-need-to-be-a-better-communicator.htm?

3 reasons Baidu is aiming high in Indonesia
http://www.techinasia.com/3-reasons-why-baidu-expanding-indonesia/?

Business Insider’s Reporting on the (中華人民共和國) People’s Republic of China
http://blog.hiddenharmonies.org/2013/08/business-insiders-reporting-on-china/
JPMorgan Chase Hit With China Bribery Probe
http://www.thenewamerican.com/economy/sectors/item/16360-jpmorgan-chase-hit-with-china-bribery-probe

Apple iPad market share plummets in China as domestic vendors grow
http://www.computerworld.com/s/article/9241731/Apple_iPad_market_share_plummets_in_China_as_domestic_vendors_grow?
Apple said to be close to 4G deal with China Mobile|
http://www.wantchinatimes.com/news-subclass-cnt.aspx?cid=1204&MainCatID=12&id=20130816000097
Commentary: Well-behaved int’l firms welcomed in the People’s Republic of China – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-08/19/c_132643309.htm
Xinhua Insight: Police reveal details of GSK China’s alleged violations – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-07/26/c_132574386.htm

Why is China so Afraid of a Small Protest?
http://thediplomat.com/china-power/why-is-china-so-afraid-of-a-small-protest/?
With Bo Xilai on Trial, China Adopts Chongqing Model
http://thediplomat.com/china-power/with-bo-xilai-on-trial-china-adopts-chongqing-model/?

Russia Setting up Cyber Warfare Unit Under Military
http://www.ibtimes.co.uk/articles/500220/20130820/russia-cyber-war-hack-moscow-military-snowden.htm#!

Iran Trains Students to Target Drones |
http://defensetech.org/2013/08/19/iran-trains-students-to-target-drones/
Three Major Al-Qaida Forums Disrupted by DDOS Attack
http://news.softpedia.com/news/Three-Major-Al-Qaida-Forums-Disrupted-by-DDOS-Attack-376443.shtml

Digital Dao: The Cyber Kill Chain: Trademarked by Lockheed Martin?
Lockheed Martin is just angry they did not receive a $ SIX BEEELIION Cyber Contract from Uncle Sam…C’mon guys your background check would have caught the traitor Booz Allen Hamilton gave the world 🙂

http://jeffreycarr.blogspot.com/2013/08/the-cyber-kill-chain-trademarked-by.html

Infosecurity… Major Media Organizations Still Vulnerable Despite High Profile Hacks |
http://www.infosecurity-us.com/view/34043/infosecurity-exclusive-major-media-organizations-still-vulnerable-despite-high-profile-hacks/
Countering Advanced Persistent Threats with Comprehensive Network Security
http://www.infosecisland.com/blogview/23351-Countering-Advanced-Persistent-Threats-with-Comprehensive-Network-Security-.html
Total Defense | Blog | The cyber-attacks transformation
http://www.totaldefense.com/blogs/2013/08/19/the-cyber-attacks-transformation.aspx?
Angry Kitten…Electronic Warfare Development Targets Fully Adaptive Threat Response Technology
http://www.gatech.edu/newsroom/release.html?nid=228881

Thinking Differently: Unlocking the Human Domain in Support of the 21st Century Intelligence Mission | Small Wars Journal
http://smallwarsjournal.com/jrnl/art/thinking-differently-unlocking-the-human-domain-in-support-of-the-21st-century-intelligence

NIST Updates Patching and Malware Avoidance Guides
http://www.infosecurity-us.com/view/34070/nist-updates-patching-and-malware-avoidance-guides/
Thousands affected in US Energy agency breach
http://www.scmagazine.com.au/News/354011,thousands-affected-in-us-energy-agency-breach.aspx?utm_source=feedly
ENISA Report Outlines Incidents Causing Major Outages at Telcos | SecurityWeek.Com
http://www.securityweek.com/enisa-report-outlines-incidents-causing-major-outages-telcos?

Enjoy!

Semper Fi,

謝謝
紅龍

August Touchdown Task: Change Management Audit

This month’s touchdown task is to take a quick audit of your organization’s change management process. Give it a quick walkthrough.

  • Make sure that you are tracking when admins make changes to machine configurations or network device configs
  • Are proper peer review and approval processes being followed?
  • Check to make sure that the proper folks are in the loop for various kinds of communication, error handling and reporting
  • Review risk acceptance for changes and make sure it meets your expected processes
  • Examine a couple of changes and walk them through the entire process to see if things are falling through the cracks
  • Update any change management documentation to reflect new processes or technologies that may be in place now

Give this a quick review this month and you can rest assured for a while that change management is working strongly. With the coming fall and holiday rush ahead, you’ll know you have this base covered and can depend on it as a good foundation for the rest of your security initiatives. 

Until next time, as always, thanks for reading and stay safe out there!