W6-3/3 Personal Research for Internship (8/1)

    During my internship I researched cyber security by reading “Network Security Through Data Analysis, Building situational Awareness” by Michael Collins and “Ghost in the Wires: My Adventures as the World's Most Wanted Hacker” by Kevin Mitnick. I recommend both books, especially Mitnick’s autobiography since it is a good read for the pure story alone (even to those who have little to no interest in computer science, also his book is really good for anybody with interests in criminal justice or law).  Collins’ book really helped me gain a better general understanding of cyber security, tactical awareness, and security incident trend analysis as well overall data analysis for that can be applied to actionable reports. It has some good information on applications of relevant softwares commonly used within the industry today and what to watch out for, especially in regard to network traffic (e.g. traffic on obsolete and unsecure FTP ports). I think the biggest take away I got from this book was the balancing acts of cyber security, those included between redundancy & vantage and coverage & efficiency. There is an economy when it comes to these matters and things like false positives (false alarms to sensors) and redundant defenses can have extremely negative consequences for the security of a network. I think Collin's book will give anyone a good basis for both network security and the application of data analysis (which is given by the straightforward title). I think what is especially helpful with giving pointers for a starting point or protocol of how to do things. Almost every chapter follows through on how you could apply the skills in way that would be particularly helpful for a process and notes on how to be nuanced in these approaches (e.g. vertical scans to be extra sure that your software is being reliable, basically checking if the data from your computer and your software is matching and in most cases if not then the software is at fault, and the characteristics of what makes up a good log message, being descriptive, relatable to other data, and complete). 

     Mitnick’s book was good for giving me a good look into the mind of a hacker, the concept of ethical hacking, the history of hacking (pre-internet and early internet), the evolution of cyber security laws and pen testing as a service (to a small extent), dispelling misconceptions of how hacking works, social engineering (which when successful can undermine nearly any defenses), and helped to pique my interest in cyber security in general. I think Mitnick's strong suit when it came to hacking was his memory (which I can't expand on much and I don't think it is as big of an asset for modern day hackers- since phone freaking isn't really as common and it seems as if now technology is made in such a way that we try to avoid remembering more "trivial" things like phone numbers) and his ability at social engineering. This book shows a lot of accounts of social engineering which could be good for one's future intuition. From these accounts you can see just how important accountability and reliability are to cyber security employees. If the hackers cannot manipulate the systems, then they will try to manipulate the system's admins and architects. The good will and camaraderie of people can be manipulated at times so skepticism can be a good thing for management to implement and promote. Perhaps familiarity between employees at various levels and greater requirements for communication (e.g. video calls). A lot of times Kevin would impersonate employees of a company and would have little trouble since the employees were not familiar with the person whom he was impersonating. I think having a better means of identifying who is who would certainly mitigate the risk of this happening to an establishment. I am certainly going to read more about cyber security in the future, in fact I already have some books in mind: Spam Nation by Brian Krebs and The Dragon’s Quantum Leap by Timothy L. Thomas. Not to mention Mitnick’s other works (which I found out on my own time have easily accessible PDFs with a simple google search).”


PS- At my current understanding of cyber security the most critical matters are prioritization and prevention regarding the efficiency in use and economy of defensive resources. With proper prioritization and prevention, a cyber security team can reach its very highest efficiency. Preventive measures will manifest in the firewall and alarms implemented within the system and most passive means of defense. The issue here of course is false positives (false alarms) and false negatives (undetected breaches). Your firewall needs to hinder invaders not the denizens of the network. Thus, one should watch ports that invaders commonly used to undermine firewalls (e.g. 53/udp DNS). These are usually more critical or obsolete ports (e.g. 23/tcp Telnet). Then protective measures that are more redundant and less useful should be avoided. While overlapping protection may seem more "robust" they can be far less efficient and can complicate the configuration of your defenses (i.e. how they interact and affect each other's use). When created it is not bad to consider staggering alarms, so a user is not overwhelmed by a sudden influx of alarms (especially in the case of a brute force attack or something spam-related where the matter of threat will most likely be coming in at a high quantity). Prioritization affects the active defenses. To work the most efficiently, one most work smart and hard. Proper prioritization is a big part of working smart. A means of determining and ranking possible threats is vital. There is nothing to be gained in making unnecessary reactions and using up your precious resources and time in vain. If there is nothing you can do about it (worst case), no damage that it can cause, or no chance that it can occur than there is nothing to be gained in pursuing this and only loss to be had. With this in mind it is best for one to try and develop an equation that will rank these threats well. Characteristics like chance of occurrence, potential damage, and how well the system is protected against this threat should be considered when creating this equation and other equations may determine this characteristic. This will determine what you react to and what you react to first. CIRT protocols (NIST-800 61 & NIST-800 137) are important because they determine how one will react and accordingly how one should react. This gives an orderly process to respond to events. Which will lead to more consistent results. It is also easy to follow along with where they are within the process which improves communication between departments. If one's methods of prioritization and prevention are appropriate and effective than their employees/coworkers can perform at their very best. 

Comments

Popular posts from this blog

W7-2/3 On Being Prepared & Further Recommendations (8/11)

W2-2/3 Network Mapping (7/5)

W1-2/3 Prioritization (6/27)