Introduction In 2014, in response to an Executive Order from President Obama, the National Institute of Standards completed “Framework for Improving Critical Infrastructure Cybersecurity“, also known as “The Cybersecurity Framework“. The framework looks like a “Bow Tie”, from NISTIR 8170: The Framework’s five functional components are: ID: Identify PR: Protect DE: Detect RS: Respond RC: Recover […]
General
Demystifying President Trump’s CyberSecurity Executive Order
It didn’t take President Trump long to weigh-in on Federal Government CyberSecurity. And it took even less time for all kinds of company “Talking Heads” to issue their own self-serving versions of the Executive Order. There isn’t much there. No move to the “cloud”. No massive consolidation of resources into a massive Government data silo. No […]
Centralization, Decentralization, and AI
A couple of months ago, Bruce Schneier wrote a great post entitled “Security Orchestration and Incident Response”. The discussion ultimately morphed into AI and Machine learning, but put forth two Universal Truths regarding computer networks: When things are uncertain, you want your systems to be decentralized. When things are certain, it is more important to […]
Windows Patch Tuesday: 5/9/2017
This weeks Patch Tuesday update from Microsoft contain more critical fixes for the Graphics Device Interface (GDI) within Windows systems. This will require a reboot. Affected software: All supported releases of Microsoft Windows Affected editions of Microsoft Office 2007 and Microsoft Office 2010 Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft […]
BOLO: Intel Chip Zero-Day Vulnerability
Be advised that computers with Intel chip sets ship with a management tool called Active Management Technology (Intel AMT). This service runs on TCP/IP Ports 16992 and 16993. Attackers can gain complete control over the PC through a password authentication flaw. Interestingly, some peripherals, such as the Mouse and Keyboard, can be controlled even when […]
Jared’s WordPress Downloads
I put up a new Download Center. The first files uploaded to it are both related to WordPress: WPSCAN and SHA512-PASS WPSCAN is a Unix command-line scanner that can be useful in identifying Hacked Pages and Backdoors within a WordPress site/directory structure. The next file is a PHP WordPress plugin called SHA512-PASS. It stores user […]
BOLO: Apple’s Big Mac Attacks!
For those people with Macs, there are dark clouds overhead. According to McAfee Labs, malware attacks designed for Mac computers rose 744 percent in 2016. It started with the discovery of the Osx.Dok Trojan on Friday, 4/28/2017:
HIPAA, MPLS, and Encryption
Recently, I was asked a question. “If I use MPLS, do I need to do encryption to be HIPAA compliant?” Multi-Protocol Label Switching (MPLS) is different things to different people, depending upon the networks involved. In this context, it was a Metropolitan Ethernet (Metro-E) network being provided by a local cable company. So, the answer […]
Email Security: Trim Those Distribution Lists
It is very important these days to keep a small attack surface, both personally and professionally. When you get a “User unknown” message back, delete that person from your Email distribution lists. Too many companies keep names in their lists forever. That is a really bad idea. When a domain name expires, it is very […]
Spectrum Networks: Regulate as a Carrier?
Recently, I replied to a LinkedIn fellow’s post regarding SD-WAN (Software Defined Wide Area Network) versus MPLS (Multi-Protocol Label Switching). In cable transmission parlance, MPLS is sometimes referred to as “Metropolitan Ethernet” or “Metro-E”. This is defined in the DOCSIS 3.0 (Data Over Cable Service Interface Specification) standard. I replied with the comic up […]