Recently I was writing my former blogs “Finance a Hacker” and “No 100% awareness of Cyber and Data Security within many companies worldwide”
I want to go a little deeper in to these topics and hope to make people aware of the known risks. There are still companies, security architects who think that when you place a firewall you are more then secure. Nevertheless this is a true statement, instead of being more secure you gained even more vulnerability!
Now I hear you already thinking why…
1. Firewalls are NOT secure instead they became weaker and can be accessed from outside your environment.
2. Look for example how Shell’s Approach To ICS Security is being done and understand what they are telling about Firewalls.
People should understand that there are some basics rules to follow, let me call out some of them for you:
· Raise Awareness Company wide
· Know your enemy!
· Innovation leading to more secure environment(s)
· Stealth Technology from Unisys, basically it is what you cannot see you cannot hack
- Focus on the basics right that is your foundation where upon you or your clients can build up on, if you not have these things in place than it dosed matter what technology your on because it would not work. Concentrate on the basics than look to new technologies. Apply these basics true out the total lifecycle.
Imaging that you one day discover that your data is being used by a third party and you did not even have a clue how it came there? Well now you know. You also have to be aware what kind of hardware and software you have within your infrastructure, however if you are not aware of this you could also contact us at Passport Cyber Security We can do a security check if your equipment is vulnerable, or that your cloud provider is secure or insecure? We can also check your data center and create a full report about all vulnerabilities.
Firewalls and their real security, Tyler Williams Shell Global, speaking about this during his presentation Industrial Cyber Security Risks
A fraise from Tyler Williams about “Shiny objects” are pretty they sound great, blinking lights but does not mean that something good is happen or worse? You only thinking that the device is busy and doing his job.
Your vision about security could be clear to you as an architect at the time you designed it and they should be clear. Know the current security standards and be critical to your vision when you look back after the implementation. Looking back, make sure to add value to the business its not just another typical exercise for an IT implementation.
It’s very good to have a document and concept concerning your security environment, but if you stick this in a drawer and never use this than it is useless for your security.
I was reading a blog from Valery Marchuk CEO at Cybersecurity Help s.r.o.
This is also related to my former blogs “Finance a Hacker” and “No 100% awareness of Cyber and Data Security within many companies worldwide”
Secret services are after vulnerabilities in hardware
The recent hack of the Equation Group (closely connected with NSA) made publicly available information about exploits against networking equipment, manufactured by the biggest US vendors: Cisco, Juniper and Fortinet.
Only today we have issued several security bulletin describing two zero day vulnerabilities in CISCOASA Appliances (CVE-2016-6366, CVE-2016-6367), remote code execution in FortiOS (SB2016081801) and a very inconvenient issue with default public ssh-key in VMware Photon OS (CVE-2016-5332).
Cisco confirmed EXTRABACON and EPICBANANA exploits, however there is no information from other vendors. Fortinet did not make any official statement, just released an advisory describing remote code execution vulnerability in FortiOS. It is unknown, if this issue is connected with the leak.
Clearly, such interest in vulnerabilities within networking equipment is due to lack of implemented protection mechanisms. While workstations and servers are updated frequently and equipped with firewalls and antivirus software, devices intended to provide basic perimeter protection fail. Firmware update process for majority of networking equipment is complicated and often requires additional efforts from IT stuff or can cause outage.
The situation with vulnerabilities in hardware is very disturbing. Devices, which are supposed to provide at least the most basic level of protection for your network assets can be as easily compromised, as any other host. It is no longer safe to rely just on one device from one vendor. And even if you have a dozen firewalls, it does not mean they do not have faulty implementation of some networking protocol.
Anyways, we can suggest at least limiting access to services, which are facing the Internet directly. You can use our free online vulnerability scanner to check publicly open ports and presence of vulnerable software on your systems.
Source: Cybersecurity Help
Another severe example of a threat:
Published: 14 August 2016 – 3:12 a.m. By: Indrajit Sen
Iran probing if oil accidents were cyber attack
After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyber-attacks as a possible cause.
“Special teams will be sent to the afflicted sites to study the possibility of cyber systems having a role in the recent fires,” Abolhasan Firoozabadi, secretary of the council according to local media said last week, the Time magazine reported.
The first of the fires, which started on July 6, in the Bouali petrochemical plant on the Gulf coast, took three days to put out and threatened to send toxic clouds of smoke into the nearby city of Mahshahr, with a population of 300,000.
Damages from the accidents are estimated to be tens of millions of dollars and insurers say it could be the biggest compensation claim in Iran’s history.
Less than 48 hours after the Bouali fire was put out a worker was killed in the Marun Oil and Gas Production Company when a liquefied gas pipeline exploded. This was followed by a fire in the Bisotoon petrochemical plant in the western Iranian city of Kermanshah on July 29, which took two days to put out.
The Iranian Petroleum Ministry, in charge of all of the affected sites denied the plants were sabotaged and the Iranian Oil Minister Bijan Namdar Zanganeh said the fires and explosions were due to technical faults and human error.
However when an explosion in a gas pipeline near Gonaveh, which killed a worker, and another fire in the Imam Khomeini petrochemical plant, occurred within hours of each other on August 6, the ministry refused to comment until after investigations.
If the cyberspace council does rule that cyber attacks were behind these fires and explosions it wouldn’t be the first time that Iran’s petroleum industry was the victim of such an attack.
In April 2012 a virus forced the ministry to disconnect its main oil terminals and facilities from the Internet to protect them from damage. Officials later claimed that they had traced the service providers used by the attackers back to the US.
In 2010 Iran’s nuclear sites were the victims of the Stuxnet worm. Officials said the worm was designed and used by the US and Israel to hinder Iran’s nuclear Programme.
Iran has never quantified the damage done by Stuxnet but nuclear experts believe the damage was extensive.
After the Stuxnet attack, Iran decided to create a nation-wide intranet to prevent further attacks on sensitive infrastructures but the ‘National Internet’, has yet to be launched.
Have the awareness that security attacks can also happen to your company! It would be a clever move to contact us at Passport Cyber Security. We can do a security check if your equipment is vulnerable, or if your cloud provider is secure or insecure? We can also check your data center and create a full report about all vulnerabilities.
Read also my former blogs on LinkedIn. Will keep you posted on all related Data and Cyber Security topics.
Have a wonderful secure day.