NSA TAO Chief Rob Joyce on network defense

The above video is from the USENIX Enigma conference, in which Rob Joyce, Chief, Tailored access Operations, of the National Security Agency spoke. He spoke from the attackers perspective and gave some best practice advice and recommendations. Those that have been in the information security perspective for any extended period of time won't be surprised, but it's worth repeating.

I would recommend watching the video. It's only about 35 minutes long. If you don't have the time here are some notes I took on the talk.

BEST PRACTICES

  • Perform a third-party penetration test

  • Fix the items in the penetration test report

  • "You have to be continually defending and improving"

  • Understand the normal baseline for the traffic on the network

  • Monitor the network

  • Least privelege

  • Network segmentation

  • Enable and audit logs

  • Application white-listing (at the very least do high risk assets)

  • Anti-virus - reputation services

  • Incident response plan

 

RECOMMENDATIONS

This post first appeared on Exploring Information Security.

Protecting your computer from unwanted guests: EMET

One of the awesome under-publicized tools that does an awesome job of hardening a computer is Microsoft's Enhanced Mitigation Experience Toolkit or EMET for short. This tool helps vulnerabilities in software from being exploited. It's not foolproof and researches have found ways around it, but it is effective. I've seen it be effective first hand. The tool is easy to install and manage, but will require some action on your part.

Download EMET and run the install. As part of the installation select 'Use Recommended Settings' then click 'Finish' and 'Close.' Once installed, right click on the EMET icon in the bottom right corner of the screen or the box thingy that pops up by click on the triangle on the task bar. Ensure that Data Execution Prevention (DEP) is set to 'Always On,' Structured Exception Handler Overwrite Protection (SEHOP) is set to 'Application Opt In,' Address Space Layout Randomization (ASLR) is set to 'Application Opt In,' and Certificate Trust (Pinning) is set to 'Enabled.' And that is pretty much it. EMET is now running on your computer kicking ass.

Unfortunately, EMET also steps in and kicks the ass of a legitimate like its cousins Internet Explorer and Microsoft Office applications or some other program. To fix this look at the alert and look at what the program is being blocked for. Then click on the 'Apps' button in the configuration section and uncheck the box of the blocking action for that application.

For more information on the tool you can download the user guide with the EMET installation. Also, Windows Update will not keep EMET up-to-date and will require a manual download and installation of any new version releases.

This post first appeared on Exploring Information Security.

Protecting your computer from unwanted guests

My brother and I in Holland, in a big ass clog, keeping out feet protected from bad...things.

My brother and I in Holland, in a big ass clog, keeping out feet protected from bad...things.

My brother recently contacted me about an incident involving a tech support scam. Luckily, the scam was caught before anything serious happened and one good thing came out of the episode, which leads me to this post and the next few posts. I will be going over some of the tools that can be used to keep unwanted guests out of a computer. All the tools I will be talking about are free, but will require some configuration and thinking.

Tools

Here are the four tools I recommend for avoiding those nasty Internet Transmittal  Diseases (ITD):

  • Microsoft Security Essentials - Anti-virus

  • Secunia Personal Software Inspector (PSI) - Software patching

  • Microsoft Enhance Mitigation Experience Toolkit (EMET) - Computer hardening

  • Mozilla Firefox with NoScript plugin - Safe browsing

  • BONUS: Turn on click-to-play in browsers

I want go in-depth on Microsoft Security Essentials and turning on click-to-play in browsers. For Security Essentials, go to the download page, download, and install. Simple as that. There aren't many settings for the anti-virus program and that's a good thing. Anti-virus is largely mocked within the infosec community, because it's easy to circumvent, and that includes the $40-60 big name anti-virus companies of the world. Still, it has saved my bacon a time or two and worth installing, especially if it's free like Security Essentials.

I covered click-to-play in my last post and provided a link to a pretty good article that goes through how to turn on click-to-play in all the browsers. No need to reinvent the wheel, so here's the link again. Click-to-play is easy to turn on and easy to get used to and helps with computer performance.

If any of the posts are unclear are you have a questions, please leave a comment or contact me directly.

This post first appeared on Exploring Information Security.

InfoSec links August 6, 2014

The NSA's Cyber-King Goes Corporate - Shane Harris - Foreign Policy

Join Army -> Rise to four-star general ->Become head of NSA -> Setup surveillance state -> Retire -> Create new security software to detect “cyber-intruders” -> profit

Why the Security of USB Is Fundamentally Broken - Andy Greenberg - WIRED

Welcome to my paranoia. USB drives are a wonderful thing. They really are. Unfortunately, they can be configured or programmed to be an awful thing and that is a scary thing. Never plug an untrusted, or unknown, USB anything into your computer. Ever!

Announcing EMET 5 - Security Research and Defense Blog - Microsoft

EMET is a fantastic tool and one of the easiest, quickest and cheapest ways to improve the security on your computers. I would highly recommend downloading it and giving it a try at home and at work.

This post first appeared on Exploring Information Security.