APT or APA and can APDs counter their attacks?

APT. Oh, how I love this term. It became the fashion among security vendors so much that they started including it in every single page of their marketing materials. Every single vendor out there will come to a sales meeting saying their appliance magically defends against “APTs”. Do they even know what that means? I […]

External Network Monitoring Services

Sometimes you cannot trust your own defenses, especially if you properly assume that your network has been compromised. All IDS/IPS appliances have the same weakness: they rely on what is known and rarely on some basic behavior analysis. But when an attacker uses a new technique (which happens quite often) it will pass as a […]

Removing perimeter security is safe for a cyber fortress

In December 2014, Google published a paper titled “BeyondCorp: A New Approach to Enterprise Security.” This paper puts into words what the community has been saying for years – namely, that perimeter security is obsolete. Endpoints should not depend on an external entity for their protection – nor should enterprise applications and services. They should […]

Deploying a secure browser in the enterprise

While we are on the topic of WWW, let’s talk about a very important topic – the browser your employees are using to access the Web (and your own Intranet). It is a sad fact that many organizations are still using IE (some even avoid updating to the newer versions of it for ‘compatibility reasons’). […]

Sandboxed Browsers / Alternatives for the enterprise

Sandboxing is a term coming from the times when guns were tested by firing shots in a box filled with sand – effectively making the practice safe for the shooter. In the same way if you protect the browsers of your users and isolate them in a sandbox (treating the browser and the exploits which […]

How to properly harden your operating systems

This chapter is the core of this blog, the essence of building a cyber fortress. It will probably be the most tedious work you will have to do – the most boring, labor-intensive, and frustrating – but if you follow this chapter correctly, the security posture of your company is going to get to the […]

Raise the cost of malicious code execution in your environment

The economics of malicious software is separated into multiple facets:: mass malware distribution and targeted malware. Mass malware distribution depends on a network of services – groups delivering hacked websites and compromised hosts for file storage, groups bearing compromised advertising networks, and groups providing services to make the malware undetectable. For the criminals, having compromised […]

Choosing secure networking components

Hardware-level encryption between nodes via built-in encryption in the network cards / other networking equipment is desirable, but not necessary – the same can be achieved via software in budget-oriented organizations. Network outlets should be properly secured (in an ideal world, with a physical lock of the cable to the network outlet, making it impossible […]

Firewall alternatives

Commercial firewalls have a disadvantage – that is, it is never known if the vendor has introduced (willingly or unwillingly) a backdoor or intentional security weakness to allow access for unknown parties. It is generally a good rule of thumb to remember that if a vendor is known to have used a backdoor once, they […]

Network Segregation / Isolation

Way too many organizations do not use any form of network isolation / segregation. For example, they do not control which workstations can access specific servers directly. Does the administrative assistant of the CEO (or any other user) have a legitimate business need to be able to access the Domain Controller via RDP? Do they […]