Comments Off on What are red and blue teams anyway?
Inside baseball (metaphor) : It usually refers to a detail-oriented approach to the minutiae of a subject, which in turn requires such a specific knowledge about what is being discussed that the nuances are not understood or appreciated by outsiders.
Security professionals are a detail-oriented bunch. It goes with the territory, but as the person making the financial decisions, it’s important to know the high-level concepts when they are making a case for why you should spend more money on security.
This brings us to Red Teams and Blue Teams.
It’s pretty simple. These are the basics. There are nuances and not every strategy follows these concepts exactly.
An external team that tries to infiltrate, Phish, and tests your security program. Sometimes referred to as penetration testing, but that’s a more specific set of tasks. The red team may use social engineering, network attacks, vulnerability attacks and the like to defeat your security. It’s important to note that this isn’t just merely testing how strong the wall is you’ve built. Often your security is weakest inside that wall you’ve spent so much time building.
The (often) internal security team that defends against the Red Team. But also the real attackers. Depending on the organization, this may be a separate team from your regular security team or made up of some of those members. The primary goal of this is to assume you’re ALWAYS being attacked and defend against this by refining security processes.
Remember that security doesn’t mean just building a bigger wall. Security is a process that needs constant attention and starts from the inside out.
Comments Off on What’s the first thing a hacker will do?
Step one to breaking into any system and causing havoc is reconnaissance. An attacker will gather as much information about your environment as possible. They’ll look for security software, and make extensive lists of anything that your systems will tell them about themselves.
Then they’ll start to look at your users. Social engineering is one of the most common ways to get into a secure network. Why break in when you can get someone to let you in? This is why training and vigilance are so necessary.
Not too far into a targeted attack, they start to access your Active Directory system. Why? Because Active Directory knows where everything is. It’s precisely what it’s designed to do.
Once they get this information, looking for places that are good to attack becomes easy. As they gain access to more systems, this process snowballs.
You are owned.
Those are words that you do not want to hear.
Now stealing information and documents becomes easy.
What are you doing to protect your active directory? Are you monitoring your Active Directory and actively securing it?
As longtime security leaders and innovators, we can say categorically that while you can learn concepts in school, that’s never enough to actually perform real-world security tasks.
We’re into our second year of the intern program at Assurance Data “University”. Every Friday our Chief Strategy Officer Chuck Sirois leads an intensive training program online to a select group of up and coming security experts.
This month we’re covering topics like:
Keeping up with the daily changes in security threats
How to mitigate security problems.
Interested in becoming the next security leader? Email us at email@example.com.
Comments Off on Tips and Tricks Tuesday: Two tips for keeping yourself secure
Security depends very much on your actions as an end user. The more secure you are personally, the more secure you organization can be.
Let’s start with a simple things you can do right now to make yourself more secure.This week we’ll focus on passwords and authentication.
Use a password manager AND a different password for EVERY account
Data breaches happen. But it’s easy to mitigate the damage if you use completely different passwords for EVERY login. Managing this is easy with apps like Lastpass and 1Password (there are many others). You remember one login, and the app helps you generate secure passwords you don’t even have to know for every service.
Surely you can see how “!D4sL@nN1pJRbG” is a better password than your kids birthday right?
Turn on 2 factor everywhere it’s available
Most major services, from Facebook to Flickr offer a free way to get a text or use an authentication app like Lastpass authenticator to give you a second layer of password protection. This isn’t perfect, especially if you use text messages for this, but it’s better than your password alone. Check with your help section in the app on how to enable this and do it for EVERYTHING.
These two simple things can help make you dramatically more secure in your day to day internet interactions. Need a solution for enterprise password management or authentication? Let us know.
Comments Off on AssuranceData Meltdown/Spectre Security Alert
Spectre and Meltdown Overview and Mitigation Details
Overview: As of January 3rd, 2018, multiple vendors started publicly releasing patches for CRITICAL security flaws related to modern CPU architecture vulnerabilities “Spectre” and “Meltdown”.
Spectre: Exploits speculative (predictive) execution to allow user process to see Kernel memory
Meltdown: Exploits a Kernel process flaw that runs rogue data (out of order execution) when a process is faulted from a user process
Windows has updates [MANUALLY DEPLOYED] in some cases.
The patches can conflict with certain Antivirus products and cause a blue screen. o To get the patches, a registry key must be set
Some AV vendors are setting the registry key automatically
Other hardware firmware updates are often required