Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “The Basics – Block Uncategorized Websites”, 2) “QOTD: It’s Not About the Who…It’s About the How” and 1) “The Basics – Segment Your Network”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
QOTD: It’s Not About the Who … It’s About the How: For the past few years there has been a big focus on attributing attacks. The government has always been in the game (but obviously keeping it close to the vest) and recently vendors have been getting into the action for marketing, PR, and threat intel sales purposes (thanks to Mandiant for starting that one). This trend has led to a lot of other organizations trying to attribute attacks against them as well. If I have one word of advice for most out there, it would be “STOP.” (continued here)
The Basics – Block Uncategorized Websites: The HTTP protocol has long been used by bad guys as an infection vector, command and control channel, and of course data exfiltration. The countermeasure most organizations use to mitigate this attack path is a proxy server that monitors outgoing HTTP requests and blocks calls to undesirable websites. Apparently we didn’t learn anything from the firewall debacle years ago though since many organizations usually take the blacklist approach and block categories of websites. The categories blocked of course include those known to be used by the bad guys but also others based on corporate policies. (continued here)
The Basics – Segment Your Network: Years ago I sat in my first network security class learning all about the OSI model, the operation of TCP/IP, port and protocols, and many other interesting topics. One of the main take-aways was to always segment your network for increased security. Almost 20 years later I am still surprised to find that most organizations continue to fail at this basic piece of advice. Of course the bad guys love flat networks for lateral movement purposes. They simply need to compromise one user workstation to gain direct network access to every other device in the enterprise. (continued here)
In Defense of Threat Intel Feeds: Beyond being just a great resource on where to gather your own open source intelligence, @da_667‘s recent post makes a great point at the end in defense of the so called “easy” indicators (e.g., hash values, IP addresses, and domain names) in the popular Pyramid of Pain model. (continued here)
Hope everyone had a wonderful week! Have a great weekend!