Skip to main content


Showing posts from February, 2012

Interview Series - Mourad Ben Lakhoua SecTechno Founder

The next instalment of the Infosec Professional interview series, see us talking to Mourad Ben Lakhoua, Security Researcher, SecTechno founder,  and contributing editor of The Cloud Security Rules.

Ed: Hi Mourad, and thanks for taking the time to answer this weeks questions.
How has information security changed in the last 3 years?
Mourad:  Over the last few years, there has been a big change in the global technology of information security as it's become an important part of today’s innovation.  In the past we had no social networks, VoIP communication or cloud computing.  We are now detecting more new malware that is targeting these newer forms of technology, providing a new income stream to the cyber-criminal.

DDoS attacks are also on the rise, with new automated applications that give criminals a way to shut down a website from a single host.  But the question that we should always ask is 'are prepared for such kinds of attackes?'

Previous incidents have shown that few o…

The Password is Dead (Long Live the Password)

User and password combinations for authentication have been around for decades, arguably since the mid-60's when MIT's time sharing computer CTSS had a password based authentication system.  But does simple longevity make it a good approach?
Every day, on a Twitter or Google search, you will find several recent stories referring to password cracks, hacks, break-ins, losses and the like.  Password complexity policies are standard on nearly every COTS software product within the directory service, database and ERP spaces.  Password complexity simply refers to a password of at least 8 alpha and numeric characters and a special character too.  So if you apply that approach, you're safe right?  Certainly safer yes.  But how safe?
A recent report on enterprise 'worst' practices still shows the most common passwords being things like 'password', '123456', '654321' and so on.  Not exactly imaginative [1].  The report also identified 30% of users cho…

Cloud - Check Your Keys to The Castle First

The 'cloud'.  It's all around us.  Many organisations are utilising cloud based services as part of their overall IT strategy.  This could be in the form of large scale infrastructure such as servers and storage from the likes of Amazon, right through to smaller components such as particular business processes like identity management.  Many Managed Service Security Providers (MSSP) provide a totally outsourced security model with many software components available on-line and on-demand via subscription pricing and the like.

Cloud security is a big concern and quite rightly so.  There should be great emphasis on the necessary agreements that both the client and provider sign up to.  SLA's for example should be well understand as well as provision demarcation points for things like server and hosting platforms.  This helps to avoid the 'no it's on the OS it's your problem', 'well no, you told me to patch it...' issues.

Many issues have been rais…

Interview Series - Barry Hodge CEO SecurLinx Corporation

For the next entry in the Infosec Professional Interview Series, we chat with Barry Hodge CEO of SecurLinx Corporation on biometric authentication and the current trends in information security.

Ed: Hi Barry and thanks for spending the time with Infosec Professional.
How has information security changed in the last 3 years?

Barry:  As more companies expand their core operations to include web or cloud based services, the potential for compromised information flow and financial losses has grown exponentially. Identity management is extremely difficult in the virtual world and even the most routine interactions can have severe consequences. Most business leaders feel the pressure to have a presence on social media without a clear understanding of the risk/reward ratio of doing business in the “Wild West”. In my prior experience in corporate America most losses of intellectual property or business information were inside jobs. Now the losses can occur without the management team even being…

SIEM - 1m Lines of Noise to 1 Line of Music

Security Information and Event Management (or Monitoring) has been a round for a while and was seen as the saviour for compliance initiatives regarding intrusion, abnormal usage, insider threat, Denial of Service attacks and more.

Nearly every computational device will store a record of internal transactions that can be used for monitoring, troubleshooting or forensic analysis.  I recently heard of a murder case using the program history of a washing machine to prove the accused had in fact used the washer, the night of the murder to cleanse away any evidence.  That is probably an extreme example, but any device, script or piece of code worth it's salt will give a verbose view of what is happening either to the console or to a file.

The format of the log file has long been under discussion with several different 'standards' vying to be the standard such as the Common Event Format.  Basically, the transaction history that gets written to the file output should contain the …

Interview Series - Javvad Malik CISSP GIAC GWAPT

For the next entry in the Infosec Professional interview series we are lucky enough to get the views of Javvad Malik, an independent consultant with a deep specialism in risk management and security transformation programmes.

Ed: Hi Javvad.  Thanks for agreeing to the interview.  How has information security changed over the last 3 years from a perception, threats and protection aspect?
Javvad: I see a lot of people talk about how much information security has changed in recent times. But the reality is that information security itself hasn’t changed. The fundamentals are all still the same. We’re still protecting the same types of data, in roughly the same environments against more or less the same threats. 

What has changed are the company business models. You have companies, who 3 years ago previously had a big high street presence, are now shutting down their shops and moving totally online. This has led to their online site getting a much higher priority in terms of business value …

Identity Provisioning to Identity Intelligence

Identity provisioning has evolved significantly over the last 8-10 years, with suite and point products providing an advanced array of system connectivity, workflow, audit, compliance and role life-cycle features to help manage user identities.  Why is this important?

The user identity and associated system accounts is a key area of information security control that many compliance initiatives, such as ISO 27001 clause 11 or SoX 404 focus on.  With the rise of insider threat, a complete and effective user life cycle management process is key.

Provisioning normally includes the following basic use cases:

CRUD (create, read, update, delete) actions for multiple system accounts centrallyPolicy based associations and approvalsRole Based Access Control for entitlement associationCertification, audit and reporting for previous access control associationsIntegration with an authoritative source of user identities
As provisioning has matured and become a standard requirement for many large org…