"Cyber" warfare

CmdKeen

Lantern Swinger
#2
Surprising that even at briefings for staff "at the sharp end" of the cyber threat it is email and drive by downloads used as the delivery mechanisms for attacks. I know that in a corporate environment Outlook and its associated executable attachment issues, and the IE/Windows combination is all pervasive but was rather hoping that in the defence and defence industry world that such obvious and oft exploited vectors were avoided.

But nice to see an article that is pretty technically detailed and sensible - rather than "omg nuclear power stations"
 

wave_dodger

MIA
Book Reviewer
#3
As we've all gotten better at protecting ourselves and installing A/V software and setting up (even personal) firewalls the biggest attack vector has become targetted/spear fishing, getting that one person to click the inocuous looking email.....

The next risks are from USB/DVD/CD where users bring stuff in from outside of the system.

The real risk as always though is from within, hence how the whole Wikileaks debacle was able to be started.
 
#4
I can't believe that you have adopted the word "gotten", WD!

There I was, enjoying a lovely pre-prandial drink and now there's G and T all over the place .........

:lol:

Honestly!

:wink:
 

CmdKeen

Lantern Swinger
#5
But the internal threat doesn't allow you to justify "god boards" and shiny, shiny equipment...

The old hand out free USB keys outside an office building is still such an effective tactic. Even the GCHQ boys and girls are happy to take freebies at careers fairs.

There is so much room for mitigation, email software that just doesn't let you execute code from within an email (exploits aside - but even then the risk can be much reduced). That an operating system that is being used in an office / sensitive area needs to have autorun enabled for removable media, or allowing non-encrypted removable media at all is surprising.

Then of course I've worked in recent months with organisations in the financial sector who still email you the latest version of their software as an exe attachment with no particular information as to what has changed. Or a major name in the sector who write contracts for their data feeds such that they bypass standard edge of the network security and act surprised when a virus spreads via their systems.

Far too many places run the equivalent of a Fort Knox facade whilst round the back the barbed wire fence has massive holes cut in, a decrepit "warning minefield" sign and Private Godfrey facing in the wrong direction.
 

wave_dodger

MIA
Book Reviewer
#6
soleil said:
I can't believe that you have adopted the word "gotten", WD!

There I was, enjoying a lovely pre-prandial drink and now there's G and T all over the place .........

:lol:

Honestly!

:wink:
Head hung in shame.......One of the few things I normally aspire to do well and I blow it publically. :oops:

New Years Resolution #2: Make more effort with grammar.
 

wave_dodger

MIA
Book Reviewer
#7
CmdKeen said:
The old hand out free USB keys outside an office building is still such an effective tactic. Even the GCHQ boys and girls are happy to take freebies at careers fairs.

There is so much room for mitigation, email software that just doesn't let you execute code from within an email (exploits aside - but even then the risk can be much reduced). That an operating system that is being used in an office / sensitive area needs to have autorun enabled for removable media, or allowing non-encrypted removable media at all is surprising.

Then of course I've worked in recent months with organisations in the financial sector who still email you the latest version of their software as an exe attachment with no particular information as to what has changed. Or a major name in the sector who write contracts for their data feeds such that they bypass standard edge of the network security and act surprised when a virus spreads via their systems.

Far too many places run the equivalent of a Fort Knox facade whilst round the back the barbed wire fence has massive holes cut in, a decrepit "warning minefield" sign and Private Godfrey facing in the wrong direction.
All true but to implement the best measures you have to define exactly what you want, especially in these days of managed service contracts e.g. DII and the RN external web (and the lack of Sy that sank that). Defining an adaptive and agile security service is expensive.
CmdKeen said:
But the internal threat doesn't allow you to justify "god boards" and shiny, shiny equipment...
I'd argue this is actually your best reason.
 
Thread starter Similar threads Forum Replies Date
trelawney126 Current Affairs 0
trelawney126 Current Affairs 39
_Tim_ The Internet - Best and Worst 0

Similar threads

Latest Threads

Top