"Cyber" warfare

Discussion in 'Bloody Computers' started by wave_dodger, Dec 28, 2010.

Welcome to the Navy Net aka Rum Ration

The UK's largest and busiest UNofficial RN website.

The heart of the site is the forum area, including:

  1. wave_dodger

    wave_dodger War Hero Book Reviewer

    Mail article

    Broadly interesting reading. For some it may be interesting to know where they are based (Segensworth/M27), potential employment source.
  2. Surprising that even at briefings for staff "at the sharp end" of the cyber threat it is email and drive by downloads used as the delivery mechanisms for attacks. I know that in a corporate environment Outlook and its associated executable attachment issues, and the IE/Windows combination is all pervasive but was rather hoping that in the defence and defence industry world that such obvious and oft exploited vectors were avoided.

    But nice to see an article that is pretty technically detailed and sensible - rather than "omg nuclear power stations"
  3. wave_dodger

    wave_dodger War Hero Book Reviewer

    As we've all gotten better at protecting ourselves and installing A/V software and setting up (even personal) firewalls the biggest attack vector has become targetted/spear fishing, getting that one person to click the inocuous looking email.....

    The next risks are from USB/DVD/CD where users bring stuff in from outside of the system.

    The real risk as always though is from within, hence how the whole Wikileaks debacle was able to be started.
  4. I can't believe that you have adopted the word "gotten", WD!

    There I was, enjoying a lovely pre-prandial drink and now there's G and T all over the place .........



  5. But the internal threat doesn't allow you to justify "god boards" and shiny, shiny equipment...

    The old hand out free USB keys outside an office building is still such an effective tactic. Even the GCHQ boys and girls are happy to take freebies at careers fairs.

    There is so much room for mitigation, email software that just doesn't let you execute code from within an email (exploits aside - but even then the risk can be much reduced). That an operating system that is being used in an office / sensitive area needs to have autorun enabled for removable media, or allowing non-encrypted removable media at all is surprising.

    Then of course I've worked in recent months with organisations in the financial sector who still email you the latest version of their software as an exe attachment with no particular information as to what has changed. Or a major name in the sector who write contracts for their data feeds such that they bypass standard edge of the network security and act surprised when a virus spreads via their systems.

    Far too many places run the equivalent of a Fort Knox facade whilst round the back the barbed wire fence has massive holes cut in, a decrepit "warning minefield" sign and Private Godfrey facing in the wrong direction.
  6. wave_dodger

    wave_dodger War Hero Book Reviewer

    Head hung in shame.......One of the few things I normally aspire to do well and I blow it publically. :oops:

    New Years Resolution #2: Make more effort with grammar.
  7. wave_dodger

    wave_dodger War Hero Book Reviewer

    All true but to implement the best measures you have to define exactly what you want, especially in these days of managed service contracts e.g. DII and the RN external web (and the lack of Sy that sank that). Defining an adaptive and agile security service is expensive.
    I'd argue this is actually your best reason.

Share This Page