When hackers get hacked: Secretive spy software team falls victim to attack
An informative article by Laura Hautala at c|net titled “When hackers get hacked: Secretive spy software team falls victim to attack”:
It seems no one is safe on the Internet.
The latest example: hackers claimed to breach the files of Italian spy software company Hacking Team and then used the company’s own Twitter account to broadcast the information publicly Sunday.
The 400GB of files released on the Internet — the equivalent of nearly 70 copies of the movie “Independence Day” in HD — purported to reveal client lists and closely guarded software code, information that raised eyebrows in the world of cybersecurity and privacy.
Hacking Team, which sells software that can secretly take over a target’s computer, has drawn criticism from privacy activists in the past. Various reports from activists and journalists accused the company of selling its product to governments that spied on dissidents.
The hack shows just how vulnerable we all are to data breaches. If anyone should have been able to prevent an intruder from compromising their files, you’d think it would be the people who sell spy software that steals other people’s files. Apparently they weren’t prepared, though. Of course, the company’s fraught status in the hacking world might have made them more of a target to attackers than a regular person would be.
to read more click here:
Cloud & The Security Skills Gap
An informative video on cloud and the security skill gap from Darkreading.com
F5 Network security evangelist David Holmes offers concrete advice about how cloud outsourcing can help companies with a talent shortfall solve three enterprise security problems: application security, penetration testing, and bug bounties.
To look at the video click here:
Hillary Clinton: China hacks ‘everything that doesn’t move’ in the US
An informative article by Lee Munson at nakedsecurity.com titled “Hillary Clinton: China hacks ‘everything that doesn’t move’ in the US”
US presidential hopeful Hillary Clinton has accused China of state-sponsored hacking designed to steal both trade secrets and government information.
Speaking at a Fourth of July campaign rally in New Hampshire on Saturday, the former US Secretary of State said the rise of China was the story of the 21st century and how the US responded to that would determine the future of the entire world.
She added that she hoped to see China prosper in a peaceful way but also warned that vigilance was required.
The US has to be aware, she said, that China’s military strength is increasing quickly as the nation continues to establish new military installations in contested territories – such as the Philippines – and other countries the US has treaties with.
To read the rest click here
Enterprise Log Management: An Overview (Part 2)
In part 1 of my guest post series for the FOSE Insights Blog, I talked about the importance of enterprise log management and the questions one should ask before implementing a log management solution. In this post, I’ll be covering the different types of log management solutions to help you determine the best one for your organization.
When implementing a log management solution, there are various types of solutions, architectures and definitions. Here are a few you should be familiar with:
- Sinkhole – Traditional single “syslog” server that “receives” remote logs from one or more sources
- Hierarchy – Multi-Tiered sinkhole’s divided by department, network (vlan), or other logical fashion such as accounting, marketing and engineering to collect log data.
- Aggregator – Usually located at the top of a hierarchy, where major functionality such as alerting, reporting, searching and correlations occur.
- Distributed – Independent log repositories, may be searchable/accessible from a central location.
- Store and Forward – logs are written to a local disk or network disk to be spooled and sent later.
- Streaming – Real-time distribution of log data to a remote logging server as they are being generated.
- Agent Based – Operating systems that do not support remote logging often require assistance from software to send log data. Even those operating systems that are capable of sending log data may use agents to send out specific data in a secure manner to a logging server.
- Agent Less – Systems do not send log data directly to the log server, the logger itself obtains the data via secure file copy (store & grab) or WMI (Windows Management Interface)
- Combo – Most mature log management infrastructures use part or all the above in some way or fashion.
There are a number of useful tools in both the open-source and commercial space that can assist in the creation of a log management solution or the upgrade of an existing solution. In the open-source area, the following solutions are:
- Syslog-ng – Unix based tool. Swiss army knife of log management. Can read any file and “tail” it to the network. Commercial versions available (sinkhole/ forwarding agent)
- Rsyslog – Like syslog-ng , with enhanced filtering, encryption, buffering
- OSSEC – Host Based or Server Based SIM/IDS (Aggregator/Agent)
- –SEC.pl – Simple Event Correlator (Aggregator)
- –PHP-Syslog, MySQL – PHP interface to logs in a database
- –Lasso – Agent-less collection agent for Windows (WMI based)
While in the commercial realm, there are many formidable solutions available, but are just a here are a few notable ones:
Splunk – In the “Pro” column, Splunk provides relevant search information very fast due to its use of data indexing. It has a wide support for various operating systems such as Windows, Mac OS X and Linux-based systems and it is extremely easy to use. One can also have use the software at no cost up to 500MB of log data. In the “Con” column, Splunk seem to have quick development cycles that requires numerous software updates and the advanced features, such as “app” development has a bit of a steep learning curve.
Log Logic – Log Logic is an appliance-based solution that is also fast and has a wide operating system support based. As for the “Cons”, the cost is a bit high due to its appliance only option and it lacks user specific customization.
LogRhythm – LogRhythm has the ability to collect any type of log data regardless of source and the ability to collect log data with or without installing an agent on the log source device. As for the “Cons”, its use of a database backend may cause insertion delay if the events per second are too high for the setup. This may lead to a delay to access information.
Conclusion
The difference between a log management solution and other types of monitoring tools is that the data is already available on your devices and applications; it is just a matter of setting it up, collecting and using it. In addition, log management is considered an industry and security best practice regardless if your organization has to meet regulatory compliance or not.
One should budget accordingly for the tools selected, even free tools have a cost when factoring hardware and storage components. Some vendors of commercially available tools publish their cost, while others may not, but there is a value on obtaining their professional services for initial deployment at an added cost. It allows for better long-term planning and it is helpful for the initial setup and deployment phases.
Enterprise Log Management: An Overview (Part 1)
Log management is the collection of self-generated data from IT hardware devices and software applications. The collection of this data can contain useful information about business processes such as the number of errors on a website or even a security issue that displays the number of failed attempts to access a perimeter router.
Many organizations conduct log management practices to meet regulatory compliance in their respected industries. For instance, the Graham-Leach-Bliley (GLB) Act provides compliance guidelines to those organizations in the financial industry, while the Healthcare Insurance Portability and Accountability Act (HIPAA) has a direct affect on the health care industry. In addition, the Sarbanes-Oxley (SOX) Act offers protection guidelines to publicly traded companies’ financial systems and the Federal Information Security Management Act (FISMA) aids in the protection of the federal government’s information systems.
However, the use of log management practices serves more than just a vehicle to satisfy compliance requirements, it can also be used to assist in the fault management process to aid in troubleshooting at the tier 1 level. In addition to fault management, performance analysis is another useful area for log data to obtain information about server CPU, memory, disk and even network throughput. Lastly, log data can conduct trend analysis to view peak usage stats such as the “top”10s as well as aid in the detection of security incidents and violations.
The management of log data may represent an organizations’ needs to report and alert on events occurring on a day-to-day operational basis or simply for the storing of the data for forensic purposes in case of an adverse security incident in the future.
Before implementing or upgrading a log management solution, here are some questions that should be asked.
- What is the goal? Is it for the automation of service tickets, data analysis, incident response or all of the above?
- Determine what the event sources are, such as Firewalls, Hosts, Applications, and Network Devices.
- How are the logs going to get from the source devices to its destinations?
- Will the logs operate in a store & forward or streaming for distribution?
- What are the volume requirements? Will you need to support a 100MB/GB/TB per day or per hour or per week?
- What types of events require monitoring? For example, login/logout, port up/ port down, HTTP errors, SMTP failures, Anonymous FTP
- Do you need log for non-repudiation, compartmentalization or with encryption? If so, at what level?
- What are your storage requirements? How long will you need to store your log data?
As you work through the requirements, it may lead to new or additional requirements that may suggest partitioning the architecture into more manageable pieces such as a distributed approach to log management.
In part 2, I’ll discuss log management solutions to consider to help you determine the best one for your organization.
The Internet of Things Comes to the DoD–With Disastrous Consequences
(PRLEAP.COM) June 22, 2015 – Richard Stiennon, author of Surviving Cyberwar (Government Institutes, 2010) and UP and to the RIGHT: Strategy and Tactics of Analyst Influence (IT-Harvest Press, 2012) has written a new book. There Will Be Cyberwar chronicles the move on the part of the US Military to a network-centric war fighting capability. NCW is the use of networked sensors, Command&Control, and precision weapons systems.
“When I wrote Surviving Cyberwar I realized that I could benefit from going back to school to study war,” said Stiennon. “There Will Be Cyberwar is derived from my Masters dissertation at King’s College, London.”
There Will Be Cyberwar provides a concise definition of cyberwar: the use of computer and network attacks to further the goals of a military operation. It goes on to demonstrate that the US Military in particular has done little to defend the components of NCW from cyber attack.
Paperback and Kindle editions of There Will Be Cyberwar are available from Amazon and participating bookstores and libraries.
Stiennon bio: Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the booming IT security industry. He is the author of Surviving Cyberwar (Government Institutes, 2010). He is a member of the advisory board at the Information Governance Initiative and Senior Fellow at the International Cybersecurity Dialogue. He was Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. Stiennon writes the Cyber Domain column for Forbes.com and has presented on the topics of cyber threats and defenses in 28 countries on six continents. He has a B.S. in Aerospace Engineering and his MA in War in the Modern World from King’s College, London.
Press and speaking inquiries: Kristin Haggar 605-310-5594 kristin@kristinhaggar.com
