New Delhi, May 9: The government approved the National Cyber
Security Policy, on Wednesday, that aims to create a secure computing
environment in the country and build capacities to strengthen the
current set up with focus on manpower training.
The Cabinet Committee on Security (CCS) approved the policy which
stresses on augmenting India's indigenous capabilities in terms of
developing the cyber security set up.
"CCS met today and approved the National Cyber Security Policy, which
sets a road map for strengthening cyber security of the country by
building capacities in the country, training manpower, etc," a source
said after the meeting.
A senior official in the Department of Information Technology said the
policy strives for a secure computing environment and seeks to build
adequate trust and confidence in electronic transactions.
"This policy caters for the whole spectrum of ICT users and providers
including small and home users, medium and large enterprises and
government and non-government entities," the official added.
It aims to create a cyber security framework that will address all
related issues over a long period.
The framework will lead to specific actions and programmes to enhance
the security posture of country's cyber space.
Besides, cyber security intelligence forms an integral component to be
able to anticipate attacks and quickly adopt counter measures.
PTI
Monday, 13 May 2013
Q&A with a hacker
There are a lot of issues to cover when talking about computer
security - and it is important to get a few terms out of the way first.
Any programme that is designed to make your computer do something you
don't want it to is malware. This can range from programmes that damage
your computer, to ones that can steal your personal data giving hackers
the ability to do things like access your credit card and bank account
details.
Adware is a form of malware floods your computer with advertising.
A botnet is a form of malware that allows a hacker to take control of
your computer to do things like repeatedly visit websites to shut them
down (Known as a DOS or denial of service attack) or send emails your
contact list in the hopes of making people who trust you click on
something less than trustworthy.
Trojans are programmes which are designed to look attractive on the
surface, like a really nice looking poker game, but actually exist to
load malware onto your computer.
Social engineering attacks are essentially where hackers turn
con-artist and instead of trying to crack your computer's security, try
to trick you into giving up information that they can then use to access
your system.
Phishing is a form of social engineering attack in that it works by
creating a website to look like an online vendor or banking website so
that you end up giving it your details without the hacker having to
actually break through any security measures you may have. This is why
you get all those emails from banks you don't actually bank with, or
claiming you have a refund from SARS.
Q: How did you get into hacking?
A: I
was always interested in hacking and the concept of 'ethical hacking'. I
actually began my career with the end goal of becoming an ethical
hacker or a 'whitehat' hacker. I educated myself around different
security and network technologies from various different vendors. I got
certifications and achieved practical working experience in all the
mayor security controls and also various operating systems for the likes
of Windows, Linux, Unix and even some others.
I wanted to know
exactly how these systems work and how administrators are defending
these systems, thus giving me the 'background' knowledge of the best way
to attack these systems. After 13 years in the IT Security industry,
from working as a Linux/Windows support engineer, firewall administrator
to a security architect, I finally became a security consultant doing
penetration testing.
Q: What exactly is ethical hacking?
A: Ethical
Hacking also known as Penetration Testing, is attacking a system on
behalf of the company that owns that system, using the same methods,
techniques and tools that are used by malicious hackers also known as
'blackhat' hackers, but in a controlled manner with a professional
services wrapper around it.
Q: Is there such a thing as perfect computer security?
A: No
such thing exists, but we need to strive to be as close to perfect as
possible, using various security controls and being as proactive as
possible.
Q: How prevalent is hacking on mobile devices in South Africa?
A: Mobile
devices are being targeted more and more by criminals. The reason for
example is credit cards are harder to clone, since the implementation of
'chip and pin' technology, so criminals are focusing on easier targets.
According to Trustwave’s Global Security Report, the most attacked
targets are web and mobile applications. The report also stated that a
400% growth of mobile malware was seen in 2012.
Q: Is South African law and law enforcement taking hacking seriously enough?
A: Yes,
I believe so. For example, more law enforcement personnel are being
deployed to monitor social media. Also there are companies that are very
serious about security that are working closely with law enforcement to
combat cybercrime.
Q: Have any mutations of Stuxnet hit mobile devices?
A: Stuxnet
was designed to target and damage a certain type of industrial
equipment used by the Iranian nuclear program. Many Stuxnet mutations
and variant are seen across the web; so it’s reasonable to say it is not
a question of will it hit mobile devices it’s when.
Q: What are the warning signs for phishing attacks?
A: Phishing
attacks can be emails, text messages or phone calls from unknown
sources, claiming to be a legitimate source, for example a bank or
well-known company. They usually ask you to provide or verify your
password or account details. Warning signs to look out for:
- Warning! Your account will be deleted if you don’t reply within 10 days
- Dear Bank Account Holder – a general, rather than specific, greeting
- A greeting packed full of errors is also a big warning sign – Accountt holder needing pdate of Pasword!
- There is no contact information or a signature
Q: Recently the game Natural Selection 2 had
to deactivate a lot of Steam keys, costing the developers about $30
000, due to unethical vendors. Is this something that is going to become
more of a risk on mobile devices in future?
A: This
is definitely possible, as all the mobile applications stores are not
controlled and governed in the same manner or with the same
attentiveness. It is a lot easier for unethical vendors to sell
compromised or fraudulent applications on a mobile application store
with lesser security controls.
Q: A lot of malware comes in the form of Trojans, what warning signs should consumers look out for to avoid them?
A: Treat
all unsolicited emails, especially from unknown senders, with caution
and never click any links in these emails. Be careful when downloading
executable or zip files from the Internet or via email. Many browsers
and anti-virus products will warn you when you attempt to visit a
website that my be harmful, avoid visiting these websites.
Q: Does adware actually make the advertisers any money?
A: There are accusations that many advertisers work directly with adware companies, even if they claim to be unaware of this.
Q: A lot of hacking is done through social engineering, where
hackers use publicly available information in order to get access to
computers (such as using information available on Facebook in order to
work out the answer to the user’s security question) – what would you
suggest users do to reduce the risk?
A: Use
a strong password; make sure your password is complicated. Choose a
password you have not used before. Use 'a pass phrase' rather than just
passwords, and make sure it contains a mixture of numbers, letters and
special characters. Enable security notifications that will send you an
email every time you login or when there are any changes to your
account. As for security questions, make sure they can’t be easily
guessed or researched.
Q: In the same vein, a lot of corporate hacking works through
social engineering attacks where hackers get information through simply
asking workers, how can companies train their workers better to avoid
falling for this?
A: Security awareness
training is essential for employees, as it is a fact that they are often
seen as the company’s weakest link. This security awareness training
should cover things like for example not to give your corporate password
out to anyone. Makes sure your employee’s understand that their
username and password is their own confidential information, and that no
one at the company will ask for their password either via a phone call
or an email.
Q: What tools would you suggest for users who have been infected with malware who want to get rid of it?
A: There
are various tools that can be used to firstly detect, and then try to
remove malware from an infected PC. Particular tools is difficult to
recommend, as they can differ depending on the operating system the PC
is running and type of malware that the PC is infected with. What I can
recommend is to make sure that all the infections have actually been
removed, that is no easy task. This can be accomplished using your
anti-virus software, or get support from you company’s IT department or
computer supplier.
Q: Botnets often turn computers into zombie slaves in order
to launch DOS and spam attacks on third parties – at what point does one
figure stuff it and use the universal zombie repellent (AKA a shotgun
to the hard drive)?
A: LOL, I like your
zombie analogy. If your defences are in place, and all you security
controls in affect, then you are on the right track. Your security
posture can further more be tested and improved with proactive security
test, also known as Penetration Testing. Even though it almost seems
like the aged old battle of good vs. evil, we have to keep fighting the
good fight.
Backdoor targeting Apache servers spreads to nginx, Lighttpd
Last week's revelation
of the existence of Linux/Cdorked.A, a highly advanced and stealthy
Apache backdoor used to drive traffic from legitimate compromised sites
to malicious websites carrying Blackhole exploit packs, was only the
beginning - Eset's continuing investigation has now revealed that the
backdoor also infects sites running the nginx and Lighttpd webservers.
And while Apache is definitely the most widely used of the three, nginx'
has also cornered a considerable portion of the market (around 15
percent).
The AV company's researchers have, so far, detected more than 400
webservers infected with the backdoor, and 50 of them are among the
world's most popular and visited websites.
They also discovered that while visitors who use Internet Explorer or
Firefox on Microsoft Windows XP, Vista or 7 are the only ones who get
redirected to sites hosting Blackhole, iOS users are also in danger as
they get redirected to adult content sites that might be hosting
malware.
"The Linux/Cdorked.A threat is even more stealthy than we first thought:
By analyzing how the attackers are configuring the backdoor, we found
it will not deliver malicious content if the victim’s IP address is in a
very long list of blacklisted IP ranges, nor if the victim’s internet
browser’s language is set to Japanese, Finnish, Russian and Ukrainian,
Kazakh or Belarusian," the researchers pointed out.
"We believe the operators behind this malware campaign are making
significant efforts to keep their operation under the radar and to
hinder monitoring efforts as much as possible. For them, not being
detected seems to be a priority over infecting as many victims as
possible."
Another way with which they are trying to keep a low profile is that the
backdoor Cdorked uses compromised DNS servers to resolve the IP
addresses of redirected sites.
The Blackhole exploit kit is currently delivering a variant of the
Glupteba Trojan to the unsuspecting victims. The malware employs
blackhat SEO methods to push clickjacking contextual advertising onto
users.
"We still don’t know for sure how this malicious software was deployed on the web servers," the researchers admit.
"We believe the infection vector is not unique. It cannot be attributed
solely to installations of cPanel because only a fraction of the
infected servers are using this management software. One thing is clear,
this malware does not propagate by itself and it does not exploit a
vulnerability in a specific software."
To help system administrators spot the existence of the backdoor on their webservers, Eset has released a script that detects a specific modified httpd binary on the hard drive that's a definitive sign of infection.
The Big Security Data Challenge
Big Data is not only a challenge for customer-facing organizations—but for security teams as well. Over the past decade, the demand for stronger security has driven the collection and analysis of increasingly larger amounts of event and security contextual data. Security Information and Event Management (SIEM) has long been the core tool that security teams have depended on to manage and process this information. However, as security data volume has grown, relational and time-indexed databases that support SIEM are struggling under the event and analytics load. Legacy SIEM systems have raised doubts about the potential success of SIEM implementations due
to their slow performance, inability to manage data effectively, and the extremely high
costs associated with scaling. This paper addresses the Big Security Data challenge
and highlights the key criteria organizations need to consider for processing security
information in light of today’s dynamic threat landscape.
Big Security Data
Why security data has become a Big Data problem is obvious for anyone who has tried to manage
a legacy SIEM, particularly when you look at the definition of Big Data. Big Data consists of data sets
that grow so large that they become awkward to work with using existing database management tools.
Challenges include capture, storage, search, sharing, analytics, and visualization.
With this in mind, it’s easy to see that IT and IT security have repeatedly wrestled with Big Data challenges. In fact, SIEM itself was invented to address a fundamental lack of data processing capabilities. In the early 2000s, the amount of security information and the level of accuracy of this security data exceeded the capability of existing technologies, and the lack of centralized visibility developed a strong need for automated data analysis.
Enter the early SIEM tools, which were designed to handle firewall, vulnerability assessment, and
intrusion detection systems (IDS) data with the primary purpose of reducing false positives from IDS plus
the ability to investigate logs. These early SIEM vendors leveraged existing database management tools
and provided specialized analytics on top of event data to enable organizations to eliminate a large number
of IDS false positives.
While SIEM initially was adopted by security-conscious industries—such as large financial services and
government—broad adoption did not take off as a viable market until the mid-2000s, when Sarbanes Oxley
audit became a reality. Overnight, event management was a core component of the “control framework” in
Sarbanes Oxley section 404, and internal and external auditors were requiring it. Sarbanes Oxley was quickly followed by PCI DSS for retail organizations and card processors, another major regulation that required log review to pass audit and the automation that SIEM promised to provide. And then the regulatory explosion began. The SIEM market exploded along with it—into a billion dollar market.
Compliance not only increased SIEM adoption but also led to a flood of additional security instrumentation
and increased logging levels. This simultaneously increased the flood of data SIEM now had
to manage and further stretched analytic capabilities. Legacy SIEM systems had always struggled to
manage any increases in volume and correlation of security data. This dramatic growth in data and
correlation requirements further revealed the inherent scale and analytic limitations that these SIEM
solutions faced.
Fast forward to 2012. The demands on SIEM systems continue to intensify. Devastating data breaches
at organizations that had passed purportedly stringent compliance-based security audits have pushed
IT security to move from “check-the-box” compliance to comprehensive security programs that include
perimeter, insider, data, and system security. In response to these increased security controls, innovative
and persistent attackers have evolved the sophistication level of their attack methods—creating a need
for SIEM to detect low-and-slow attacks, rapidly detect anomalies in event flow, and gain contextual
information about data, applications, and databases.
Subscribe to:
Posts (Atom)
Subscribe To
Posts
All Comments