Cybersecurity
-
How to Get Into Cybersecurity with No Experience [Video]
I came across a great YouTube video titled, “How to Get Into Cybersecurity with No Experience” by Gerald “Gerry” Auger (Twitter, LinkedIn) of Simply Cyber. With Cybersecurity being in the headlines more and more, especially as companies and individuals grapple with the new Covid-economy, the demand for well-trained information security professionals continues to grow, exponentially. It is consistently listed in career/job outlook forecasts as one of the top sectors to watch in the coming years. So it comes as no surprise that the interest in this sector is growing and many are looking for ways to break into the field. Cybersecurity is especially interesting in that there seems to be…
-
Amazon’s “Sidewalk” Mesh Network Goes Live; All Devices Are Opted-In Automatically By Default
Amazon’s neighborhood mesh network dubbed “Sidewalk” has gone live. Via the New York Times: On June 8, Amazon is set to flip the switch on its new free service called Sidewalk, which will automatically be enabled on many of Amazon’s Echo smart speakers and smart displays, as well as some Ring devices (for more details, see the complete list of compatible devices). Once Sidewalk goes live, compatible devices such as speakers, light bulbs, locks, and sensors will be able to connect anonymously to other Sidewalk devices to borrow a little slice of internet connectivity. That should enable some interesting features down the line as more compatible devices appear. It’s also creating a fair amount of…
-
What Is a CSIRT vs. CERT vs. CIRT???
CSIRT—Computer Security Incident Response Team is a concrete organizational entity (i.e., one or more staff) that is assigned the responsibility for coordinating and supporting the response to a computer security event or incident. CERT—Computer Emergency Response (Readiness) Team CERT should not be generically used as an acronym because it’s a registered trademark in the United States Patent and Trademark Office, as well as other jurisdictions around the world. Alternative names fur such groups include computer emergency readiness team and computer security incident response team (CSIRT). The name “Computer Emergency Response Team” was fist used in 1988 at Carnegie Mellon University (CMU). CERT is registered as a trademark by Carnegie Mellon…
-
How Was Colonial Pipeline Hacked/Breached? Because of One Single Employee’s Compromised Password?
That’s all it takes, and usually what it comes down to. Passwords. As the founding contemporary lyrical wordsmith members of Wu-Tang would say, “Protect ya neck!“. Because without it, you’ll lose your head. Same with passwords! Protect ya passwords!!! All a malicious actor would need is a password to an account, and just like that (*finger snap!*), you’ve invited them in, like welcoming Count Dracula through your front door for Sunday dinner. So, Colonial, right…here’s the latest. After an analysis of the cyberattack on Colonial Pipeline, investigators suspect that hackers obtained the password from the dark web (think a marketplace for illicit activity) where such info is available for the…
-
‘Welcome To The Edge!!!’–What Is Edge Computing???
[Note: This is an evolving, continuously updating post for my research purposes to learn more about SASE, or Secure Access Service Edge. First, I’m laying the groundwork for what ‘edge computing’ is.] Edge Computing The term ‘edge’ is all the rage these days. From a infrastructure-centric point of view, “Edge computing is at it’s essence cloud principles applied at the network edge close to the user“[3]. It can include: Virtualization (Compute virtualization, Storage virtualization, Networking virtualization) Resources On Demand API Driven Approach Automated LCM Life-Cycle management Use of Commodity hardware [3] These are some of the powerful core cloud basic principles that make the network edge highly flexible and programmable.…
-
What is a ‘NOC’? What is a ‘SOC’? The Battle of ‘NOCs’ vs. ‘SOCs’…
Noc’ing the Soc’s Off You!! First of all, I want to preface this by stating and asking, “Why aren’t NOCs and SOCs the same thing???” Just initially hearing what the acronyms stand for alone, and going based off of that, I would think we would want “Network” and “Security” intertwined and treated with a holistic approach. Similar to how security should be “baked in” to software. NOC–Network Operations Center A NOC is a Network Operations Center (NOC, pronounced like the work ‘knock’), which can also be referred to as a “network management center”. It can be one or more locations from which network monitoring and control (i.e. network management) is…
-
What is a “False Positive”?
A true positive is an outcome where the model correctly predicts the positive case. Ex: Downloaded file is malware, and the A.V. detected it as malware. A true negative is an outcome where the model correctly predicts the negative case. Ex: Downloaded file is NOT malware, and the A.V. did NOT detect it as malware. A false positive is an outcome where the model incorrectly predicts the positive case. Ex: Downloaded file is NOT malware, but the A.V. detected it as malware. A false negative is an outcome where the model incorrectly predicts the negative case. Ex: Downloaded file is a malware, AV did NOT detect it as malware. True…
-
What is Attack Surface?
Attack surface. First thing I start thinking is the surface area, or the exposed area that is susceptible to a cyber onslaught by threat actors, or bad people with malicious intent. According to Wikipedia: “The attack surface of a software environment is the sum of the different points (for “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.” via Wikipedia “KEEPING THE ATTACK SURFACE AS SMALL AS POSSIBLE IS A BASIC SECURITY MEASURE.” **clap, clap** Does that last line stick out to anyone else?? It should.…
-
What is Traffic Light Protocol (TLP)?
Traffic Light Protocol (TLP) is a system for classifying sensitive information created in the early 2000s in order to facilitate greater sharing of information. “TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. It employs four colors to indicate expected sharing boundaries to be applied by the recipient(s).”[1] TLP is “optimized for ease of adoption, human readability and person-to-person sharing”.[1] It is to be noted that TLP is distinct from the Chatham House Rule, BUT may be used in conjunction, if deemed appropriate by the information exchange participants. Chatham House Rule— “when a meeting, or part thereof, is held under the…
-
What is Remote Code Execution?
What is Remote code execution (RCE)? A simple web search brings up a Wikipedia page on Arbitrary code execution (ACE). According to Wikipedia: In computer security, arbitrary code execution (ACE) is an attacker’s ability to execute arbitrary commands or code on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution…