Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why Enterprise Security Needs a New Focus
Newest First  |  Oldest First  |  Threaded View
macker490
macker490,
User Rank: Ninja
7/2/2017 | 11:32:14 AM
Re: Kick Microsoft off your network
"Kick MSFT Out"

 

that's not a workable response:   much software that is essential to its users depends on the MSFT API

 

still, it's important to think about this problem:

What has happened:   a non-secure o/s has been placed into massive use in a network environment in which messages are generally not authenticated and message formats that carry macros and scripts have been incorporated into general use in this non-secure environment

if you wanted to design a system to facilitate hacking you could not do a better job.

the response cannot be immediate termination of the offending components; rather the offending components need to be re-configured into a protected environment such that attack messages cannot get at them

this means moving all vulnerable o/s and apps into protected intranets that do not have open-net access.   this will create some additional difficulty as it will block essential communication.   to correct this it will be necessary to build and deploy some heavy-duty filters that can require PGP signatures on all inbound messages.

this would be a start

it will need refinement;    most likely quarantine of messages of a questionable nature.
RetiredUser
RetiredUser,
User Rank: Ninja
6/30/2017 | 4:59:57 PM
Re: Kick Microsoft off your network
True, Anthem got hit big in $$.  I suspect their compromise points more to not conforming to "Security 101" best practices, however, than it does their end-user architecture.  Again, no lover of Windows here, but I know how these big Corps love to hold on to the familiar.  Looking deeper, however, Anthem uses *NIX on the backend (Red Hat Enterprise Linux, AIX and Solaris, I believe) and are also utilizing IBM cloud.  They have a lot of Java-based code so they could well arm developers with Ubuntu systems using Eclipse for development.  One could argue Anthem could well move off Windows for their end-users since I find it hard to believe their Windows-based web servers couldn't be migrated to *NIX unless they are stuck on some ISS/.NET dependent apps (which I've see ported to NET Core).

Anyway, yeah, with hits that huge you could definitely start putting together presentations to future clients that highlight how detrimental using Windows in your environment could really be :-)  But let's also not forget the "Security 101" best practices, too.  I mean, if I keep throwing you a gun with no safety, I have to expect you to shoot yourself in the foot at least once...  
SchemaCzar
SchemaCzar,
User Rank: Strategist
6/30/2017 | 4:45:04 PM
Re: Kick Microsoft off your network
Well, Anthem spent nearly a half billion dollars because someone clicked a phishing email.
RetiredUser
RetiredUser,
User Rank: Ninja
6/30/2017 | 4:42:19 PM
Re: Kick Microsoft off your network
As a *NIX nerd, you're not going to hear an argument here.  But if you're planning out IT at a new company, you'll have to be prepared to show data that demonstrates savings using FOSS in place of a Windows-based desktop ecosystem.  That is, weigh the cost of assumed eventual exploits on company Windows computers (cost being security staff, RCA effort and change implementation) against the cost of FOSS internal support, training end users, etc.  I could flesh out a FOSS-based IT solution for most companies, but then I'd need to assure the stakeholders that we have interoperability with vendors, etc. as well as a platform (Ubuntu, for instance) that is easy to use and can supply all the needs of the company.  I think that's the major hurdle right there.
SchemaCzar
SchemaCzar,
User Rank: Strategist
6/30/2017 | 3:04:42 PM
Kick Microsoft off your network
The fundamental "new focus" needed by enterprise security is to recognize the perimeter is failing because of Windows problems.  The fact is that we have seen for months (and more) that Windows is attacked more often and more successsfully.  The terrible attacks of recent weeks show this.  And what's more, a compromised Windows computer is an attack vector for the rest of your network.

Windows has a permission configuration that makes a successful phishing attack much more dangerous than it is on other platforms. Under Windows, many pieces of malware of more types can more aggressively attack within your firewall than you would find on other systems.

There are very few applications left that actually need Windows.  Are they worth the information security risk?
RetiredUser
RetiredUser,
User Rank: Ninja
6/30/2017 | 10:34:45 AM
Re: Band-aids and Whac-a-Mole
Totally agree.  PGP and encryption in general should be a requirement in every workplace and yet only us developers and InfoSec pros seem to use it by default.  When you encrypt/decrypt, sign and md5sum (oops, dated myself) all day long you begin to wonder what everyone else is complaining about.  Viruses?  Worms?  Really?  Why aren't you encrypting, signing and verifying?  What do you mean "What is PGP?"

I try to educate as much as I can but we do need to see what we have taken for granted for decades in the *NIX environment and as FOSS developers brought to everyone in a digestible way.  The way average users fire up Windows and Word without thinking is how integrated encryption should be accessed as well.  No need to think about, still reaping the benefits; ease-of-use. 
macker490
macker490,
User Rank: Ninja
6/30/2017 | 7:38:30 AM
Band-aids and Whac-a-Mole
it's no use to keep putting band-aids on this mess.    it's like playing Whac-a-Mole: it goes on-and-on and you can't win.

a lot of critical software today runs on a very insecure o/s.     on a short term/immediate basis these vulnerable o/s systems should be positioned in protected intranets such that they do not have open-net access.

some heavy-duty filter systems will need to be developed to control data that is passed from one intranet to another.

it would be best to prohibit executable documents.

any document that contains scripts or macros should be regarded as an executable program -- just as dangerous as a binary .exe file

AUTHENTICATE

Computer Hackers leverage a general lack of authentication in order to impersonate legitimate traffic.   This, combined with the use of insecure operating software -- is a recipie for disaster -- and -- you have an on-going disaster on your hands.

the means of stopping this has been available since Zimmerman released PGP back in the 90s

Authentication should be incorporated into the filterboxes for all message traffic.

fussing over biometics, 2FA, A/V, and bad passwords ain't gonna get you noplace.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-45036
PUBLISHED: 2022-11-28
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
CVE-2022-44399
PUBLISHED: 2022-11-28
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.
CVE-2022-31877
PUBLISHED: 2022-11-28
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.
CVE-2022-41912
PUBLISHED: 2022-11-28
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.
CVE-2022-41921
PUBLISHED: 2022-11-28
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9.0.beta13, where a limit has been introduced....