Thursday, March 27, 2014

Advanced Persistent Threats - Cloud Security Alliance - Notes

Zscaler presentation -

Advanced Persistent Threats - an attacker who is persistently, repeatedly, stealthily trying to break into your system until they succeed.

No single solution solves this problem.

Look at outbound traffic to figure out what is escaping.

Plan for failure.

APTs will get into the system in ways you never thought possible.

Attackers seek error pages that reveal system information useful in attack.

Leakage = systems returning information in error messages and failures.

Examples:

SQL injection - many steps to get database structure piece by piece until finally able to create a query to steal all credit cards.

Using view source on web pages to find information not visible on the pages.

Applications need to have security built in up front.

Phishing is number one way APTs are getting into systems.

Look at traffic going in both directions.

Attacks are sending data encrypted. Need to look at SSL traffic.

Inspect mobile devices - laptops, phones.

Log everything

Correlate logs (use SIEM)

Forensics is only as good as the data provided.

The better the interactive reporting, the faster you can respond.

Protect everything, always, everywhere.

All users - especially executives.

All devices (especially mobile)

All content - especially encrypted

- block or inspect - Downloads/ executables
- Data Loss Prevention

If all else's fails - disconnect the Internet (ha.ha.)






Sunday, March 16, 2014

Pfizer - Spam

Today I have 5,634 spam messages (since my last post).

No wait, 5,636.

Just in case you'd like to see the frequency is one about every 30 seconds.

Pretty much all of them are coming from American Pfizer. Supposedly. But as my last post shows the mails are coming from all over the world.



 Oh wait - make that 5,639.

Hmm. Interesting.