Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 26

Welcome to the Tenable Network Security Podcast - Episode 26

Announcements

Interview - Ron Gula - CCDC Recap

2010_CCDC.png

Ron Gula and I discuss our experiences at the 2010 Collegiate Cyber Defense Exercise held this past weekend in Columbia, MD.


Stories

  • Six Steps To "Cloud" Security - Nothing New - A researcher published a paper in the International Journal of Services and Standards titled "A 'cloud-free' security model for cloud computing". In it she outlines six security considerations for cloud computing, which to me represent nothing really new. The first, resource sharing on "cloud" providers could lead to your data being accessed. This is similar to VLANs on switches, which are essentially software, which means you need to carefully design your network to be certain your most critical assets are not on the same switch as something less critical. This is a risk decision, and should be constantly evaluated, whether you are using a "cloud" provider or designing VLANs on a switch. Second, she points out that since data is held off-site, ownership may have become compromised. This is another issue which I have dealt with when I worked for an ISP/hosting provider. Physically being separate from your data means that you need to make yet even more risk-based decisions. If the data you are hosting off-site is public anyway, then there is little need for concern. However, if the data is sensitive or confidential, you may want to take extra pre-cautions to safeguard it at remote sites (encryption, physical security, etc...). How is this different than using a remote storage facility for your backup tapes? There are more, and my advice is to look at the "cloud" security information and relate it to similar security and risk decisions in your organization and I believe you will find that you are well equipped to handle securing your organization, whether its cloudy or sunny.
  • Security Policy Gone Wrong - This story centers around the following quote from a client: "Ok, how about this: We take an image of your hard drive when you enter the building. When you leave in the evening, we take another image and see what data changed. This way, we know if any sensitive data leaves the company." I like coming up with creative solutions, but this one just doesn't stick!
  • Network Analysis Of A Logitech Mouse Server - While this may not sound particularly concerning, the protocol that allows you to control the keyboard and mouse of a system running this software does not authenticate the commands. This means a packet crafting tool, such as scapy, can be used to send keystrokes to the device. Most users find this type of technology convenient, but fail to realize the security risks. In your environment you have to control the installation of this type of software.

(Note: Please ignore the opening when I incorrectly refer to this as episode 25, whoops!)

Download Tenable Podcast Episode 26