The Pace of US Cyber-Preparedness is Accelerating
Three recent moves by the Pentagon, State Department and White House indicate that the pace of preparation for engaging in offensive cyber attacks is increasing. The first was the speech given by Leon Panetta, Secretary of Defense on October 12 where he used the term cyber Pearl Harbor. Of course to anyone who follows these developments the term is not … Read more
Posted in Network Security
Tagged cyber defense, Cyberwar, National Security, Network Security
1 Comment
Security Intelligence Enters the Mainstream
If you spend any time with the top banks and defense contractors you will have noticed a dramatic change in their approach to defending their networks from intrusions. Traditional security operations of vulnerability management, configuration management, and policy exceptions are being beefed up dramatically. New teams are being formed to counter the onslaught of highly targeted and sophisticated attacks. My … Read more
Posted in Network Security
Tagged intrusion detection, malware, Network Security, security intelligence
Leave a comment
First Line of Defense: Clean Up That Network Traffic
Here at IT-Harvest Global Headquarters we have installed a new technology: reverse osmosis water filtering. Our water may have lost some of its tang but it is clean. Even our ice-cubes are clearer now. Reverse-osmosis is an apt metaphor for Corero’s new positioning. Long known for their Denial of Service Defense and Intrusion Prevention products, Corero has learned much about … Read more
Posted in Network Security
Tagged Corero Network Security, First Line of Defense, Network Security
Leave a comment
There is no need for a cybersecurity executive order
Since the collapse of the Congressional attempt to pass the Cybersecurity Act of 2012 there has been mounting pressure for the Obama Administration to “do something”, that something being the imposition of a regulatory regime to protect critical infrastructure. But the Cybersecurity Act of 2012 failed because it was fatally flawed. On Friday, Federal News Radio reported that they had … Read more
Arms dealing in cyberspace: Questions we need to answer
Alex Sanchez, Research Fellow at the Council on Hemispheric Affairs, and participant in the International Cybersecurity Dialogue, introduces the issues surrounding cyber arms dealing, especially as they relate to Latin America in today’s Cyber Domain blog on Forbes.com At the last meeting of the ICD Alex introduced the question of cyber arms dealing from the perspective of Latin America, but … Read more
Skillz are more important than your degree in security
Two words: “Learn tools.” It’s graduation season and time to address careers in IT security. I can’t help thinking back to May 1982, the month 30 years ago when I graduated from the University of Michigan as an aerospace engineer. I had done the rounds of campus interviews but was not excited about going to work for aerospace giants, none … Read more
It’s time to stop coddling DNS Changer Trojan victims;
let them learn the hard way
The last thing we need is the FBI acting as our cyber nanny. Last November, a massive botnet for the DNS Changer Trojan had been taken down thanks to the FBI and law enforcement in Estonia. Six men were arrested for using the botnet of more than 500,000 infected machines, many of them within the U.S. government, to redirect web … Read more
If you feel you need big data for security,
you are doing something wrong
I have been fighting the same battle for 12 years. It all started with IDS, a passive system for comparing network traffic to a set of signatures and generating alerts every time a match occurred. Because IDS was never put in-line, there was no cost to performance or risk from false positives, so signatures blossomed. Open-source communities scrambled to get … Read more
The first thing we do, is hack all the lawyers
It was 1994 and I was presenting at a conference on security and privacy on that new fangled Internet thing. As founder of an ISP (Rust.net) in the Midwest, I did a lot of such events. One of the other speakers was an attorney from the US Justice Department. He fielded a question from the audience regarding email security. His … Read more
Posted in Data Protection, Security Threats
Tagged Frank Wuterich, law firm security practices, Puckett Faraj
1 Comment
VeriSign breach revelation raises questions of SSL cert, DNS compromise
Joseph Menn of Reuters reported Thursday on an attack on VeriSign in 2010. He had picked up on a brief notice in VeriSign’s 10-Q SEC quarterly report. On page 33 of this 43 page document we find: “In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion … Read more
