Category Archives: security

TCP STEALTH, additional security for the internet




Internet-Draft TCP Stealth January 2015.


Since the complete integrity of the internet infrastructure cannot be assumed, it follows that adversaries may be able to observe all traffic of an Internet host and perform man-in-the-middle attacks on traffic originating from specific clients. Furthermore, on the server side, an adversary looking for exploitable systems should be expected to have the ability to perform extensive port scans for TCP servers. To help address this problem, we propose to standardize TCP Stealth, a stealthy port-knocking variant where an authenticator is embedded in the TCP SQN number.



TCP Stealth enables authorized clients to perform a standard TCP handshake with the server, while obscuring the existence of the server from port scanners. The basic idea is to transmit an authorization token derived from a shared secret instead of a random value for the initial TCP SQN number in the TCP SYN packet. The token demonstrates to the server that the client is authorized and may furthermore protect the integrity of the beginning of the TCP payload to prevent man-in-the-middle attacks. If the token is incorrect, the operating system pretends that the port is closed. Thus, the TCP server is hidden from port scanners and the TCP traffic has no anomalies compared to a normal TCP handshake.



The TCP MD5 Signature Option defined in RFC 2385 defines a similar mechanism, except that RFC 2385 does not work in the presence of NATs (RFC 1631) and visibly changes the TCP wire protocol, and can thus be easily detected. While TCP Stealth does not change the TCP wire protocol, the specific method for calculating the authorization token must be consistent across Internet hosts and their TCP/IP implementations to ensure interoperability. By embedding the port knocking logic into the TCP/ IP implementation of an operating system, we minimize the possibility of detecting hidden services via timing attacks, and avoid the pitfalls of applications trying to re-implement TCP in user-space. Implementors MUST make sure that the response to a connection request with wrong ISN value does not differ in any way from the response to a connection request to a closed port. read further :

Remo Hardeman
CEO Omerta Information Security


Omerta Information Security – Rotterdam, The Netherlands


So, 2015 will be the year of cybersecurity! IT will get a prominent place in the budgets of many companies. Yep thats a good thing, data, privacy and hacking stuff wil get a lot of attention and prevention measurements.

There is only one BIG BUT(T)…………….

Screen Shot 2015-01-03 at 19.48.26


Although Cyber Security is all about IT, Cyber security has nothing to do with the day to day recurrences of an IT department.

What your it department does:

1. Make the network work

2. Make sure all systems are up

3. Patching

4. Security levels within the network. granting appropiate access

5. Backups

6. Procedures

7. All kinds of communications

8. Make printers work

9.Reinstallations and all other local software issues

10. License management etc. etc.


What Omerta Information Security does:


organize while starting / make your internet enviroment ( on premise, cloud and workforce ) visible

iso 27001 certification  traject within the subscription

vulnerability management

monitoring management

BYOD management

encryptie, mail and data on the move

document security management

Intelligence and monitoring

Blueprint monitoring events alerting




So  the differences are quit obvious, Cyber security is a complete new ballgame even though there are plenty of simularities.

You simply cannot expect to ask Michael Jordan to sprint the 110 Meters hurdles in a record time because he was a super athlete and could jump that high and far?, isn’t IT?

Omerta Information Security is the right partner for your daily cyber security questions.

If you have any? Please contact us at +31 10 7600 333 and ask for Reza Rafati or Remo Hardeman








Wij kwamen een enorm goede blog tegen van Arnoud Engelfriet. Over responsible disclosure en waarom het hebben van een tergend slechte beveiliging eigenlijk niet strafbaar is. Het stuk is al van 12 April 2013 maar nog steeds relevant!
In onze ogen het vermelden meer dan waard. Het is Neerland mogelijk dat je in gebreke wordt gesteld omdat je geen voldoende maatregelen hebt genomen om “vernieling” tegen te gaan dan kan je dus in overtreding zijn, heel normaal in het Nederlands recht, er zijn talloze voorbeelden van in de Jurisprudentie.





Juristen noemen dit een culpose variant: “Hij aan wiens schuld te wijten is dat” er gegevens worden vernield, oftewel hij die nalatig was in het voorkomen van vernieling is ook strafbaar.

Lees hier het originele stuk van Arnoud Engelfriet



Cyber security specialisten hebben bekendgemaakt dat de 2012 Olympische Spelen in Londen zouden zijn aangevallen door cybercriminelen.

De dreiging was dat de lichten uit konden worden gedaan tijdens de ceremonie van de Olympische Spelen. Hoewel de dreiging niet heeft plaatsgevonden als gevolg van uitgebreide voorzorgsmaatregelen, zou het wel een groot probleem zijn geweest.

De reactie op de dreiging kwam van de Olympische Cyber ​​Coördinatie Team (OCCT), zij verbleven in het MI5 hoofdkantoor Thames House.

In de middag voor de ceremonie melden de cyber security specialisten dat ze vol vertrouwen hadden in het kunnen omgaan met de dreiging als deze zich voordoet na hun ontmoeting.

“Er was een suggestie dat er een geloofwaardige aanval op de elektriciteits-infrastructuur die de Spelen van elektriciteit voorziet,” Vertelde Olympic cyber security hoofd Oliver Hoare.

Hoare vertelde ook dat het, indien het licht toch uit ging  het binnen 30 seconden weer verholpen zou worden, maar 30 seconden duurt alsnog te lang als je praat over de Olympische Spelen.