Category Archives: cybersecurityasaservice

TCP STEALTH, additional security for the internet

41870204

 

 

Internet-Draft TCP Stealth January 2015.

 

Since the complete integrity of the internet infrastructure cannot be assumed, it follows that adversaries may be able to observe all traffic of an Internet host and perform man-in-the-middle attacks on traffic originating from specific clients. Furthermore, on the server side, an adversary looking for exploitable systems should be expected to have the ability to perform extensive port scans for TCP servers. To help address this problem, we propose to standardize TCP Stealth, a stealthy port-knocking variant where an authenticator is embedded in the TCP SQN number.

 

 

TCP Stealth enables authorized clients to perform a standard TCP handshake with the server, while obscuring the existence of the server from port scanners. The basic idea is to transmit an authorization token derived from a shared secret instead of a random value for the initial TCP SQN number in the TCP SYN packet. The token demonstrates to the server that the client is authorized and may furthermore protect the integrity of the beginning of the TCP payload to prevent man-in-the-middle attacks. If the token is incorrect, the operating system pretends that the port is closed. Thus, the TCP server is hidden from port scanners and the TCP traffic has no anomalies compared to a normal TCP handshake.

 

 

The TCP MD5 Signature Option defined in RFC 2385 defines a similar mechanism, except that RFC 2385 does not work in the presence of NATs (RFC 1631) and visibly changes the TCP wire protocol, and can thus be easily detected. While TCP Stealth does not change the TCP wire protocol, the specific method for calculating the authorization token must be consistent across Internet hosts and their TCP/IP implementations to ensure interoperability. By embedding the port knocking logic into the TCP/ IP implementation of an operating system, we minimize the possibility of detecting hidden services via timing attacks, and avoid the pitfalls of applications trying to re-implement TCP in user-space. Implementors MUST make sure that the response to a connection request with wrong ISN value does not differ in any way from the response to a connection request to a closed port. read further : http://www.ietf.org/id/draft-kirsch-ietf-tcp-stealth-01.txt

Remo Hardeman
CEO Omerta Information Security

So whats up for 2015?

Omerta information Security –  Rotterdam,The Netherlands

41870204

This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony.

Nobody was safe in 2014. In addition to large retailers, media companies and financial institutions, technology companies like eBay and Snapchat were hacked, too, and so were government organizations and healthcare institutions. Also this year, massive Internet infrastructure vulnerabilities were discovered, including Shellshock, Heartbleed and POODLE.

Of course, these publicized events are only a fraction of the overall exposure to losses emanating from cyber incidents, which in 2014 we estimate to be well into the hundreds of billions of dollars. Hence, many firms have dramatically increased their cybersecurity budgets for 2015, and we project that these budget allocations will continue to rise.

Here are five of the most prominent cybersecurity market trends that we believe will define the sector next year:

The Rise of Automated Incident Response

Today, enterprises must not only detect and prevent potential threats; they must also be prepared to react quickly when breaches occur. Enterprises like Target are successfully being sued by banks for failing to act on security alerts. Incident Response solutions counter the aftermath of a breach, allowing businesses to limit damages and reduce recovery time.

Intrusion Detection/Prevention Systems (“IDS/IPS”) strengthen the organization’s security posture, however highly targeted attacks do penetrate eventually. Determined hackers find their way into the network, despite the various IDS/IPS systems that generate an increasing number of alerts for the security operations team to handle. It is now only a matter of time – how long before a breach is reacted upon and remediated?

One of the clear lessons from Target’s attack is that the traditional Incident Response process, which is mostly based on manual processes, is broken. Reducing the time from detection to remediation could dramatically minimize an attack’s damage.

That’s where Automated Incident Response solutions come in – they don’t leave alerts unhandled, and can react instantly (much faster than humans) when bad scenarios unfold. Enterprises, with their limited human resources, face escalating liabilities for failing to adequately respond to detected threats. Expect chief information security officers (“CISOs”) to turn to Automated Incident Response solutions in 2015.

Cloud Security Becomes a Shared Responsibility

Enterprise IT departments are generally behind in keeping the cloud secure, heavily relying on security features provided by cloud vendors. Most of the SaaS vendors in particular don’t have security as first priority, and so they fail to provide sufficient data governance, control and compliance. In 2014, many CIOs and CISOs have realized that maintaining enterprise-grade security in cloud application usage is a shared responsibility, and we expect that in 2015 they will act on that.

A new crop of startups provides deeper visibility into cloud usage, unique threat analysis and proactive enforcement of cloud application security policies. These startups enable employees to enjoy all of the cloud’s advantages securely. There are so many great cloud applications out there, and CIOs desire to be business enablers rather than blockers. That’s what makes this sector so exciting. Expect CIOs and CISOs to allocate meaningful budgets to it in 2015.

Advanced Persistent Threats Surge

In 2015, cybersecurity departments should be particularly careful about advanced persistent threats (APTs). These attacks are stealthy as they target a specific entity and secretly penetrate the network over weeks or months, waiting for the right moment to make their move and exfiltrate valuable data from the enterprise. Credit card numbers will still be valuable to hackers throughout 2015 because the deadline for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards is not until October 2015, and we foresee this deadline being extended.

To carry out APTs, custom malicious code gets installed on one or multiple hosts to perform specific tasks while remaining undetected for the longest possible time. Sometimes these attacks are financially driven; in other cases, government or corporate-sponsored hackers are after intellectual property. In the long run, APTs can sever national security and economic stability of nations.

According to the Ponemon Institute, the average cost of a data breach in 2014 was .5 million, while Target optimistically projected more than 8 million in damages. Accurate detection is the necessary first step toward threat remediation. There are various methods to detect an ongoing cyber attack, and we feel that the ones that are focused on the late stages of the cyber kill chain, post-infection, will be the most interesting in the near future.

“Cloud-first” detection solutions that leverage multiple sources of threat intelligence (for example: botnet interception + log analysis + sandboxing) and are easy for enterprises to deploy will be the most successful in 2015.

Cybersecurity Vendors Become Frenemies

The constant formation of new cyber-threat categories results in the nonstop introduction of startups that are working on new solutions. Managing multiple point solutions is nontrivial for CISOs. For example, there are various vendors that detect malware in the enterprise network, in the data center, on employees’ PCs and mobile devices. Some of these are signature-based, others use machine-learning algorithms, and some use big-data analytics. Buyers find themselves perplexed with the plethora of offerings.

Rather than manage all of these processes separately, CISOs prefer to deploy comprehensive solutions that integrate well with one other, and create a synergetic security posture. This past year we noticed increasing security vendor collaboration. For example, Fortinet, McAfee, Palo Alto Networks, and Symantec founded the Cyber Threat Alliance. Check Point created an alliance with several threat intelligence vendors to merge their feeds. Increased collaboration among cybersecurity vendors is key to helping CISOs fight cybercrime more effectively, and this trend will accelerate in 2015.

Mergers & Acquisitions on the Rise

Now more than ever, most cybersecurity innovation is carried out by small teams working within startups. The large vendors are always on the lookout to acquire new products to complement their existing portfolios, fully realizing that customers seek comprehensive (rather than point) solutions.

Two of the most notable acquisitions in 2014 were FireEye’s purchase of Mandiant and Palo Alto Networks acquiring Cyvera. Generally this past year, large security vendors acquired companies with capabilities outside of their core business, with intention to expand their offerings and gain competitive advantage. Thus, now FireEye offers professional services powered by Mandiant, complementing its core detection products, and Palo Alto Networks released TRAPS, an endpoint protection product powered by Cyvera, complementing its Next-Generation Firewall.

We project an active M&A scene in cybersecurity in 2015. Expect to see large vendors acquiring more high-tech startups to strengthen their core competencies and rapidly expand their offering.

The Venture Capitalist’s Perspective

In 2014, most mid-to-large enterprises experienced a sharp increase in cyber-attacks, both in breadth and sophistication. Awareness for potential damages is high at boards of directors and management teams of the Fortune 1000. Gartner estimates that the global cybersecurity market will grow from billion in 2013 to billion in 2017.

According to CB Insights, in 2013 venture capital firms invested an all-time record of .4 billion in 239 cybersecurity companies. During just the first six months of 2014, cybersecurity investments already totaled 4 million. We expect this upward trend to continue in 2015, as demand for innovation in this category stays high.

We are ever more enthusiastic about the cybersecurity sector. Enterprises require advanced solutions to combat ever-more-sophisticated adversaries. Incumbent security vendors need new bleeding-edge technology. The venture capital industry is eager to back the entrepreneurs that can deliver outstanding solutions in 2015 and beyond.

 

Remo hardeman

CEO Omerta Information Security

HAPPY CYBER SECURTIY AS A SERVICE 2015!

Omerta Information Security – Rotterdam, The Netherlands

41870204

So, 2015 will be the year of cybersecurity! IT will get a prominent place in the budgets of many companies. Yep thats a good thing, data, privacy and hacking stuff wil get a lot of attention and prevention measurements.

There is only one BIG BUT(T)…………….

Screen Shot 2015-01-03 at 19.48.26

 

Although Cyber Security is all about IT, Cyber security has nothing to do with the day to day recurrences of an IT department.

What your it department does:

1. Make the network work

2. Make sure all systems are up

3. Patching

4. Security levels within the network. granting appropiate access

5. Backups

6. Procedures

7. All kinds of communications

8. Make printers work

9.Reinstallations and all other local software issues

10. License management etc. etc.

 

What Omerta Information Security does:

 

organize while starting / make your internet enviroment ( on premise, cloud and workforce ) visible

iso 27001 certification  traject within the subscription

vulnerability management

monitoring management

BYOD management

encryptie, mail and data on the move

document security management

Intelligence and monitoring

Blueprint monitoring events alerting

 

Point-of-difference

 

So  the differences are quit obvious, Cyber security is a complete new ballgame even though there are plenty of simularities.

You simply cannot expect to ask Michael Jordan to sprint the 110 Meters hurdles in a record time because he was a super athlete and could jump that high and far?, isn’t IT?

Omerta Information Security is the right partner for your daily cyber security questions.

If you have any? Please contact us at +31 10 7600 333 and ask for Reza Rafati or Remo Hardeman