Home
Friday, 01 December 2017
Due to the increased security awareness in the business world, some things have changed for the better. Today,
businesses have at least a subset of the technology and methods available, once reserved for nation-sate actors like
the police, intelligence agencies and the military. Some will therefore be discussed in this article.
Organizations worldwide feel the ever increasing pressure to adapt and thus tighten their IT security. Especially within the world of finance rapid progress took place in terms of cyber security posture improvements. Intelligence gathering today is often based on SIEM (Security Information and Event Management) solutions and adjacent technologies, such as traditional logging and monitoring systems. However, taking the whole spectrum of security technology into account, a sole focus on network and perimeter-centric solutions is misplaced. Monitoring and endpoint protection are not the ultimate solution to all problems. Also, though combined efforts to establish persistence across the technology landscape, efforts are often hindered due to time constraints, tight budgets and staff shortage. Fortunately, there is a wide array of security technology, including often neglected ones, such as MAC (Mandatory Access Control), system based on the Bell-LaPadula model.
Organizations worldwide feel the ever increasing pressure to adapt and thus tighten their IT security. Especially within the world of finance rapid progress took place in terms of cyber security posture improvements. Intelligence gathering today is often based on SIEM (Security Information and Event Management) solutions and adjacent technologies, such as traditional logging and monitoring systems. However, taking the whole spectrum of security technology into account, a sole focus on network and perimeter-centric solutions is misplaced. Monitoring and endpoint protection are not the ultimate solution to all problems. Also, though combined efforts to establish persistence across the technology landscape, efforts are often hindered due to time constraints, tight budgets and staff shortage. Fortunately, there is a wide array of security technology, including often neglected ones, such as MAC (Mandatory Access Control), system based on the Bell-LaPadula model.
Last Updated (Monday, 15 January 2018)
Wednesday, 15 June 2016
A previous version of this article initially appeared on »House of Hackers« in June 2008, posted by seconded
agent A. Denton of directorate I: intelligence (ICT).
In 2008 ED Denton used to work as an apprentice in the field of web engineering and security, when she was asked to assist GD Hollstein in an NGO web portal security audit. A subsequent report, which included a CoA along with a security and QA statement, had to be composed in due time. Step 1: System Lookup+Scans: The team first gathered target information, i.e. ISP and location, DNS records, OS and web/app server details. After that everything about the ISP's infra- structure itself was ascertained.
In 2008 ED Denton used to work as an apprentice in the field of web engineering and security, when she was asked to assist GD Hollstein in an NGO web portal security audit. A subsequent report, which included a CoA along with a security and QA statement, had to be composed in due time. Step 1: System Lookup+Scans: The team first gathered target information, i.e. ISP and location, DNS records, OS and web/app server details. After that everything about the ISP's infra- structure itself was ascertained.
Last Updated (Wednesday, 15 March 2017)
Friday, 01 May 2015
The QUANTUM project was one of the most top-secret ventures of the NSA. During the last months several news
agencies re- ported on that specific technology.
As Bruce Schneier wrote in his book »Data and Goliath«, the clandestine QUANTUM project was meant to be kept as secret as possible. In the meantime though various reports indicated that this project was not the only one of its kind, but that the Chinese government is in possession of a compar- ably very capable »Great Firewall of China«, for a longer period of time already. Quite often authors confused that one with the »Great Cannon of China« which is a different system indeed.
As Bruce Schneier wrote in his book »Data and Goliath«, the clandestine QUANTUM project was meant to be kept as secret as possible. In the meantime though various reports indicated that this project was not the only one of its kind, but that the Chinese government is in possession of a compar- ably very capable »Great Firewall of China«, for a longer period of time already. Quite often authors confused that one with the »Great Cannon of China« which is a different system indeed.
Last Updated (Friday, 01 May 2015)