Cyber Security: CTU Threat Intelligence Services

Intelligence
Cyber Security: CTU Threat Intelligence Services

The Dell SecureWorks Counter Threat UnitSM (CTUSM) research team is a distinguished group of security researchers and experts who analyze data from across thousands of global networks, comb the cyber underground for intelligence and leverage relationships throughout the security community to identify emerging threats, develop countermeasures against new malware and exploits, and protect our customers.

Research

For Dell SecureWorks, research represents the nucleus of our company and operations. Research is breaking down and reverse engineering malware to understand what makes it tick. Research is seeing how disparate events are connected. Research is determining how an exploit is communicating with its Command and Control. Research is identifying who is behind the threat. Research is infused into our managed security services and security consulting practices.

20140517-222407.jpg

This is why we hire only the best and brightest security researchers from private industry, military and intelligence communities – Researchers with proven track records and first-hand technical experience dealing with cyber threats and protecting some of the most sensitive public and private systems and data resources in the world.

The Dell SecureWorks Counter Threat Unit research team’s work underpins the success of our Managed Security Services and Security Operations Centers, and is shared widely with our security consulting teams. In addition, our researchers share pertinent information with our customers and the public at large. Their primary role is understanding the nature of threats our customers face, and creating strategies and countermeasures to address those threats and protect our customers.

Retail Breaches Bolster Interest In NIST Cyber Security Advice

Retail Breaches Bolster Interest In NIST Cyber Security Advice

Target data breach highlighted risks in corporate supply chains, and companies are looking to government guidelines for ways to shore up cyber defense, says White House.

Last year’s massive Target data breach, in which hackers infiltrated the retailer’s point-of-sale system by exploiting a vendor’s IT system, has prompted corporate executives to take a deeper look at the security posture of companies in their supply chains. It’s also brought greater attention to recommendations released in February by the Obama administration, outlining voluntary national cyber security practices, a White House aide said this week.

The recommendations are part of a cyber security framework developed by the National Institute of Standards and Technology, together with private industry. The framework was originally aimed at critical infrastructure owners in 16 industries, including banks, utilities, and communications. But the document has caught the attention of executives in many fields, because it provides, for the first time, a common template for assessing corporate security practices across entire industries.

“One of the areas that we’ve seen companies… start to use the [cyber security] framework is in vendor management,” as a tool for assessing cyber security risks in their supply chains, said Ari Schwartz, a cyber security advisor on the White House National Security Council.

[NIST wants your comments on cradle-to-grave IT development recommendations. Find out more: NIST Proposes Guidelines For More Secure IT Systems.]

Finding the weak security links in corporate supply chains has taken on greater urgency for top executives after investigators reported that hackers had gained access to Target’s network using credentials obtained from a heating, ventilation, and air-conditioning (HVAC) vendor. The attackers ultimately made off with as many as 40 million credit and debit card numbers and personal information on 70 million customers. The breach also resulted in the March resignation of Target CIO Beth Jacobs and the departure of Target CEO Gregg Steinhafel earlier this month.

“The key to the cyber security framework is it allows a baseline across different sectors,” said Schwartz. It allows banks, for instance, which have their own set of security practices, a way to better gauge the security practices of their suppliers and discuss that information with their boards of directors.

The framework has already fostered a new market for products that incorporate the cyber security standards outlined in the NIST framework, according to Schwartz.

PwC, for instance, offers a four-step process to implement the cyber security framework that emphasizes collaborative intelligence sharing, according to David Burg, PwC’s global cyber security leader, who pointed to a PwC survey, which found that 82% of companies with high-performing security practices collaborate with others to achieve those goals.

“We feel federal agencies can use these [practices] as well,” Schwartz said. He added that the administration’s “goal is to take the language of the cyber security framework and make it the language of FISMA and the continuous diagnostics and mitigation process,” referring to the federal law guiding agency security practices and to plans for protecting government IT systems.

The cyber security framework was a response to one of five primary areas of cyber security concerns at the White House, Schwartz said at a forum Tuesday at FOSE, a government technology tradeshow.

In addition to protecting the nation’s critical infrastructure, Schwartz said the administration is also concentrating on securing federal networks, developing clearer thresholds for responding to cyberthreats, and working with allies and non-allies on international rules of engagement in dealing with cyber attacks.

Officials are also looking at research and development initiatives to try to get “ahead of the threats,” and in particular, are looking for better identity management and credentialing systems. The user name and password system “is broken, and has been for many years,” he said.

Getting agencies to identify and fix common vulnerabilities, using continuous diagnostics and monitoring (CDM) techniques, is a chief priority for the administration and US deputy CIO Lisa Schlosser.

“Ninety percent of cyber attacks are using common vulnerabilities,” such as phishing and failing to keep patches up to date, and “96% of breaches can be avoided by employing basic controls and hygiene on networks,” she said at the forum.

The White House Office of Management and Budget, the National Security Council, and the Department of Homeland Security have begun a three-phase effort to adopt CDM practices, Schlosser said. Administration officials just completed a government-wide contracting vehicle to help agencies purchase diagnostics hardware and software. Phase 2 will focus on understanding “who’s on the network, where, and why,” and Phase 3 will attempt to provide “real-time visibility, to see what threats are affecting one agency” and use that information to guard against attacks on other agencies, said Schlosser.

NIST’s cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.

############
Wyatt Kash is Editor of InformationWeek Government. He has been covering government IT and technology trends since 2004. He served as Editor-in-Chief of Government Computer News and Defense Systems (owned by The Washington Post Co. and subsequently 1105 Media), where he directed editorial strategy and content operations. He also was part of a startup venture at AOL, where he helped launch AOL Government and led its content and social media operations. His editorial teams have earned numerous national journalism awards. He is the 2011 recipient of the G.D. Crain Award, bestowed annually on one individual nationally for outstanding career contributions to editorial excellence in American business media.

Who Is On My Wi-Fi?

http://www.whoisonmywifi.comimage

http://lifehacker.com/who-is-on-my-wi-fi-shows-you-who-else-is-using-your-net-1504773036?utm_campaign=socialflow_lifehacker_facebook&utm_source=lifehacker_facebook&utm_medium=socialflow

Appears to be a very useful tool, both at home and travel.  Article is worthy of a moment of attention.

Subnetting

ip-classes-5

Part 4:

DETERMINING THE VALID NUMBER OF HOSTS

These are examples of a “number of valid hosts” question:

“How many valid hosts exist on the 150.10.0.0 /20 subnet?”

“How many valid hosts exist on the 150.10.0.0 255.255.240.0 subnet ?”

A /20 mask indicates that the first 20 bits are set to “1”, which in expressed in dotted decimal as 255.255.240.0.  The way to determine the number of valid hosts is much like the previous section in determining the number of valid subnets, in that you must first determine how many subnet bits are present. The difference is that when determining the number of valid hosts, it is the number of host bits you’re concerned with, rather than the number of subnet bits.

Once the number of host bits is determined, use this formula to arrive at the number of valid hosts:

The number of valid hosts = (2 raised to the power of the number of host bits) – 2

In the example question, there is a Class B network, with a default mask of /16. The subnet mask is /20, indicating there are four subnet bits. Here’s where the difference comes in. There are 16 network bits and 4 subnet bits. That’s 20 out of 32 bits, meaning that there are 12 host bits. 2 to the 12th power is 4096; subtract 2 from that, and there are 4094 valid host addresses.

Illustrating the masks in binary illustrates where the host bits lie:

Default Network Mask           1st Octet          2nd Octet          3rd Octet          4th Octet

255.255.0.0                             11111111        11111111        00000000        00000000

Subnet Mask

255.255.240.0                         11111111        11111111       11110000        00000000

Remember, previously mentioned, that the bits that are set to “0” in the default mask and “1” in the subnet mask are the subnet bits?  The bits that are set to “0” in both masks are the host bits. That’s the value you need to have for the formula to determine the number of valid hosts.  Note that in both the formula for determining the number of valid hosts and valid subnets, 2 is subtracted at the end. What two hosts are being subtracted? The “all-zeroes” and “all-ones” host addresses, which are considered unusable.

How many valid host addresses exist in the 220.11.10.0 /26 subnet?

This is a Class C network, with a default mask of /24. The subnet mask is /26, indicating that there are 2 subnet bits. With 24 network bits and 2 subnet bits, that leaves 6 host bits:

Default Network Mask           1st Octet          2nd Octet          3rd Octet          4th Octet

255.255.0.0                             11111111        11111111        00000000        00000000

Subnet Mask

255.255.240.0                         11111111        11111111       11110000        00000000

(Boldfaced 11 bits are representative of the Host bits.)  2 to the 11th (211 ) power equals 2048; subtract 2 from that and 2046 valid host addresses remain.

 

See also:  Part 1, Part 2, Part 3, Part 4

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

 

 

Browsing Privacy

In this day and age, everyone wants a little privacy, the idealistic genre has the mind “if you don’t have anything to hide, then…” kind of attitude, and as you get older you come to have a great appreciation for privacy.  There are some steps you can take to help your own privacy along.  I was reading Rob Lightner’s article for CNET, “Five Smart Ways to Keep Your Browsing Private”

 

 

  1. One of you biggest concerns is to get rid of all tracking cookies on your computer.  There is a free software that does this called CCleaner.  It is very good, I have tried it.
  2. Opting out of tracking by use of third-party software such as PrivacyChoice, which offers several tools to aid in this endeavor (I have never used it).
  3. Another thing you can do is to prevent the depositing of those tracking cookies and you can do this by making changes to you web-browser.  This is something I do and quite simple to set up.  Just search for you specific browser the way to browse privately.
  4. Anonymous browsing.  According to the article he uses a TOR set up, which I have never used but may toy with sometime.  Apparently TOR protects you via encrypted pathways, thereby protecting the anonymity of your IP address.
  5. Anonymous browsing using proxies.  This is similar to StartPage’s (www.startpage.com) Proxy setting where you use StartPage’s resources to search for something without yielding your IP address.

Of course, there is always the use of a thumb drive being set up with another operating system and setting it in such a way that you save nothing, to be totally private.  I tried this with an old version of Linux when I was in college, but my computer kept locking up.  Just couldn’t figure out what was going on.  Apparently the thumb drive itself was not very compatible with Linux, so I changed the drive and it worked great.

Hope this is useful to you!

Resource: http://howto.cnet.com/8301-11310_39-57363219-285/five-smart-ways-to-keep-your-browsing-private/

 

Cyber Threats 2012

As time passes by us the technology around use increases in power, strength, and capabilities.  And as this happens there are those who create those problems that either make our lives a living hell, or give us those cherished opportunities, to show what we are made of…hmmm!

A new technology come available as does a new threat.  The US Air Force Space Command has tasked the 624th Operations Center with the determining and protection from cyber threats.  They recently released their January 9th issue of the “Cyber Threat Bulletin”, which is information based on McAfee that lists the top ten cyber threats.  These threats are:

  1. Attacking Mobile Devices
  2. Embedded Hardware
  3. “Legalized” Spam
  4. Industrial Attacks
  5. Hacktivism
  6. Virtual Currency
  7. Rogue Certificates
  8. Cyber War
  9. Domain Name System Security Extensions
  10. Advances in Operating Systems

The number one problem is the threat of attacking mobile devices, with which I agree, as there are so many people bringing their mobile devices to work for the purposes of work and if not properly secured they are the potential single point of failure for the business.  I am rather surprised that the hacktivism is lower on the list as we hear so much of it happening these days.  Embedded hardware, within the last two years there was a very well known company that had embedded code into one of their manufactured product lines and they were caught with their hands in the cookie jar.  Major lawsuit for invasion of privacy, hmmmm.

As I have said before, being aware is only half the battle…the other half is both being vigilant and taking action!

Cyber Threat Bulletin