Académique Documents
Professionnel Documents
Culture Documents
1
Copyright © Cyber Defense Magazine, All rights reserved worldwide
CONTENTS
Pierluigi Paganini
our-founder/
I’ve looked into honeypots for many years. I love http://www.honeynet.org because it is
the first open source concept on deception technology that made it mainstream.
However, many of us want to buy a commercial solution, just like, while it’s fun to deploy
IP Tables, none of us really want to build our own firewall from scratch.
Then, I heard about Attivo and as one of the four CDM judges on our Infosec Awards
from 2017, with them being one of our winners, receiving an overwhelming positive vote
from the judges, I wanted to dig into what they are up to a little further and look at them
within the purview of the Time-based Security model – could a solution like the Attivo
ThreatDefend™ Deception and Response Platform actually deliver a way to slow down
the breaches, because, frankly, we’re not yet going fast enough to stop them?
With over 1500 breaches reported throughout the USA in 2017 alone, one has to
wonder how attackers are able to bypass and remain undetected by security solutions
that are available from over 3000 security technology providers. One could point to
sophisticated automated and human attacks that are leveraging an evolving attack
surface to penetrate perimeter defenses. However, most security professionals have
come to accept that attackers can and will get into the network based on targeted
attacks, human error, insiders, contractors or suppliers.
Early identification and response times need to improve to a tipping point above the
exposure time (Et). When executed effectively, the attack is halted before data
exfiltration or other damage can occur.
Deception technology plays a critical role in changing the asymmetry of the attack and
is designed to provide the threat intelligence, counter intelligence, and adversary
intelligence required to decrease exposure time. The Mandiant M-Trends 2017 report
states that time to detection averages 99 days. Typical time-to-compromise continues to
be measured in minutes, while time-to-discovery remains in weeks or months. Attivo
Networks has developed an innovative deception-based solution to tackle the issue of
exposure time head on. The Attivo ThreatDefend™ Deception and Response Platform
Dynamic traps and lures essentially turn the network attack surface into a “hall of
mirrors”, altering an attacker’s reality and increasing their costs as they are forced to
decipher what is real versus fake. The solution operates differently than IDS or other
database lookup or pattern matching solutions. It isn’t reliant on known signatures nor
does it require time to learn or “get good” to add value. Endpoint deceptions also serve
to close the gap on credential based detection and ransomware attacks by planting
deception drives to misdirect the attacker to a deception server and keep them
distracted while security teams are afforded the time to respond.
Key to early detection is the authenticity and attractiveness of the deception to the
attacker. The Attivo deception decoys are built for the highest authenticity with real
operating systems, a wide variety of application and data deceptions, along with the
ability to run the same “golden image” software as production assets. The Attivo
solution is designed for the evolving attack landscape, as you never know which point of
entry an attacker will take.
The ThreatDefend™ platform has been proven at scale in global installations that
include deployments in user networks, data centers, cloud, remote office, and in
specialized environments such as POS, ICS-SCADA, IOT, SWIFT, telecommunications,
and network infrastructure devices. Deception is notably designed to work throughout
the phases of the Kill Chain and detect regardless of attack vector. Setting in-network
traps and endpoint lures work to attract and detect the attacker during reconnaissance
and lateral movement, when harvesting credentials for reuse, when conducting man-in-
the-middle attacks, or when attempting to compromise an Active Directory server. The
combination of network and endpoint deceptions detects attacks early and efficiently
throughout the entire network.
Gartner has openly recognized the efficiency of deception for APT detection,
recommended it as a 2018 initiative, and acknowledged Attivo Networks for having the
most comprehensive deception platform.
A recent SANS survey indicates that only around 50% of companies can respond to a
discovered compromise in 24 hours or less, while remediation can take months. High-
interaction deception technology plays a key role in not only detecting threats quickly,
but also in identifying potential exposed attack paths. It can also accelerate incident
response by analyzing attacker tactics, techniques, and procedures (TTP), identifying
indicators of compromise (IOC), and automating incident response through 3rd party
integrations.
As you now know, either we must go fastter in our Detection Tim and Response Time or
we must make breaches go slower. So think about this, the amount of protection you
have on your network, to keep the prying eyes and cyber criminals from stealing the
data, the best chance you won’t be robbed, just like having a strong vault at the bank.
However, a strong vault is not enough. If someone steals the keys to the vault
(keyloggers, malicious insiders, spear phishing dropping remote access trojans –
RATs), where does that leave you? Extremely vulnerable from the inside out. So we
need to increase our Protection time (how long it takes to breach us) and it must be
greater than our Detection time plus Reponse time, or we lose and the cyber criminals
win.
Pt > Dt + Rt
and if we can’t find ways to speed up our detection and response to be faster than the
cyber criminals, we’re completely exposed. That’s why I’m so excited about Honeypots
and the commercialization of Deception technology by Attivo. Expect this to be an
Deploying the Attivo deception platform will play a critical role as both a detection and
incident response security control, ultimately tipping the scale on exposure time and
putting the balance of power back into the security team’s hands.
Many organizations have deployed it and are realizing the benefits of the platform, such
as early detection of advanced threat actors, delaying and disrupting their activities, and
accelerating incident response to mitigate their activities. Attacks will continue to
happen at ever-increasing rates, and organizations seeking to avoid being the next
breach headline would do well to implement deception technologies.
From the prior article, by the Publisher of Cyber Defense Magazine, you can see how
important speeding up Detection time and Response time is to successfully mitigating
breaches. With better, faster, democratized sharing of threat intel, we may have a
chance to start winning the battle and stopping the breaches. Until systems in the
marketplace are fast enough to defeat the latest threat, we lose as seen in the graphic,
below, provided by Gary Miliefsky from his Time-based Security presentation:
However, many organizations using intelligence still hesitate to share their own
intelligence more broadly. A recent study from the Ponemon Institute found that only 50
percent of organizations currently participate in industry-centric sharing initiatives such
as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant
intelligence, a place to collaborate with peers and network with other security teams. Of
those organizations, the majority (60 percent) only receive threat intelligence through
ISACs but do not contribute intelligence.
Many organizations cite a variety of concerns and hesitations that prevent them from
actively sharing their own intelligence more broadly, but a lot of these fears are myths
that can be easily dispelled. For instance, some organizations cite privacy and liability
concerns as a key reason for not contributing to threat sharing initiatives. However, it is
possible to keep sensitive information private while still contributing to threat sharing
initiatives. In addition to protective provisions from the Cybersecurity Information
Sharing Act of 2015 (CISA), one way to avoid these concerns––and a good practice in
general––is to scrub threat data for any sensitive corporate information before sharing.
Even if this limits the amount you’re able to contribute, a little bit can go a long way in
helping other organizations spot attackers.
Many small organizations believe their cybersecurity programs are too little or their
budget is too limited for them to share anything that would be of value to other
organizations––but this is never the case. Even for big corporations that are frequently
targeted by attackers, there are additional details that can be missed. For example, no
organization sees every possible variant of phishing emails that comes through their
business. Sharing whatever you can, even if it seems insignificant, can add critical
context and visibility that complements other shared intelligence.
For organizations that are hesitant to share intelligence but are looking for simple ways
to contribute, there are a wide variety of options. A simple first step is identifying tools
and communities you can leverage. ISACs are easy to get involved in and typically have
mechanisms in place to ease threat sharing. You can also establish partnerships
beyond your vertical through localized entities such as Fusion Centers or use standards
like STIX and TAXII to streamline the process of sharing. There are a number of free
tools available that can help you to both contribute to and receive from common threat
feeds.
https://www.linkedin.com/in/travisfarral/
With the holiday shopping season fast approaching, e-commerce companies are once
again planning for and preparing to profit from the increasing numbers of shoppers who
purchase their gifts online. While etailers anticipate heavenly profits, they’re also wary of
the earthly reality of CNP fraud. Does the increased opportunity of the holiday season
also contain an equally increased risk of fraudulent orders and costly chargebacks?
While this fear might seem logical, the reality is the Grinch of fraudulent orders is
unlikely to steal the yuletide bounty. This is because e-commerce fraud rates actually
significantly decrease during the holiday shopping season - not because fraudsters are
taking a break, but because of the huge influx of legit shoppers during this time. This is
especially true for the three kings of Cyber Monday, Black Friday, and New Year’s Eve.
Since the percentage of all orders which are fraudulent drop during this time, online
merchants face a higher risk of turning down legit orders unless they adjust their fraud
prevention systems. Declined legit orders mean lost revenue, not only for that particular
order, but also any future online orders which will now be diverted to your competitors
because your crude fraud filter seriously dampened that shopper’s holiday spirits by
mis-labeling them as a criminal. This is precisely why many etailers are switching to
more advanced e-commerce fraud protection solutions, like the machine learning-based
service offered by Riskified.
Not only is there a danger in overreacting to the actual fraud risk, e-commerce
companies can also make costly mistakes when it comes to manual review of
suspicious orders. The huge surge of shoppers during this time results in a large
volume of orders which need to be manually reviewed by analysts who then accept or
decline the order. This in turn forces online merchants to add seasonal hires to their
fraud review team as well as increase the workload on permanent staff, both of which
can result in inaccurate, rushed decisions (especially if the seasonal hires are new to
fraud prevention).
Help bring joy to the world: don’t falsely decline international orders
Rushed decisions and fear of chargebacks often result in more false declines and thus
lost revenue. What compounds this problem of false declines during the holiday
shopping season is not only the already discussed quantity of orders, but also their
quality, because perfectly legitimate holiday e-commerce shopping can have one or
more indications of a fraudulent order.
One of these is a mismatch between the billing address of the card used and the
shipping address of the gift, which can indicate a fraudulent order. It can also indicate,
however, a consumer shopping for friends or family and choosing to have the
Another example is an international shopper using their non-US card (with an overseas
billing address) for payment, but requesting a US shipping address. This could be a
fraudulent order from a criminal in a foreign country using a reshipping service to
conceal their location.
The computer network is a group of devices being connected to the internet and forming
a big web entity out of them. It’s quite good to mention that the computer or device
network – in case of the Internet of Things (IoT) – would deal with the devices getting
assigned different IP addresses and each machine in that group would have so unique
IP address. This is quite helpful to know to better understand how such a network works
and how its traffic goes. Dealing with the organization’s network means – getting a
chance to configure so many computers being supported with the network’s gadgets
such as modems, routers, hubs and switches.
There are several network’s configurations being applied in the practice and at this
stage – let’s say – that’s the task to network administrators and engineers to decide how
they could define their networks. So many organizations would use wireless internet
and some of them would rely on a broadband connection requiring a lot of wires and
cables. From the network’s administration point of view – there are some advantages
and disadvantages in applying some of those solutions. For instance, the wireless
Cyber Defense eMagazine – December 2017 Edition
30
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
internet is more cost-effective as it would not use so many cables and wires as wired
web would consume, but – on the other hand – it would deal with some drawbacks such
as the electromagnetic field interference that could slow down the information
exchange.
The experience would suggest that many people would use the combination of these
two solutions and they would be satisfied with the outcomes getting from such a
configuration. Also, we would want to mention that the point of this review would be on
the network’s security and for such a reason – we would talk about tactics and
approaches you could apply to make your network experience being more suitable.
It’s quite well known that devices being connected in the computer’s network would
communicate with each other as well as with the external web. In order to avoid the
cyber-attacks – you should know that if one computer in the network gets infected with
the viruses, worms, spyware or ransomware – there is the quite huge risk that within the
very short period of time the entire network could get infected as well and in such a
case – you should try to apply the well-known disaster recovery and business continuity
procedures. Sometimes it’s not that easy to repair your computers from some sort of
hacker’s attacks and in the practice – it would require lots of skills and experience. In
other words, you should always get aware that the cyber diversion may occur and for
such a purpose – you should create the role within your enterprise that would be
responsible for IT security.
As your business is getting bigger and bigger – you would need more IT security
professionals that would maintain the risk within your organization’s network at the
lowest possible level. In the practice, many big organizations would deal with the
security operation centers (SOCs) and at such a place – you would find so many IT
security professionals, analysts and cyber geeks that would watch after your critical
asset. The current situation would indicate that we need more experts in the area of
cyber defense – especially in the private sector which would pull the entire economy of
any country. Many developed societies in coordination with their governments would
create so useful documents suggesting how the good practice should appear in a
reality. Intentionally, we would not say the best practice as many people would call
Cyber Defense eMagazine – December 2017 Edition
31
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
those procedures and policies because they should always be improved and that’s way
we would believe they got the quite good and not the best ones.
One more suggestion we could make regarding the secure network’s traffic is that we
should try to get the difference between public and private IP address. The private IP
address is the IP address that would belong to your physical device, while the public IP
In conclusion, putting the group of devices in the network is the task that would look for
so many skills. On the other hand, making such a network being secure is the real
challenge. In other words, you need to manage the feasible risk every single day and
even if you are fully concentrated on that task – you could get the victim of cyber
breach. The purpose of this review is to suggest some of the examples of the good
practice and not to provide the silver bullet to all existing concerns. In this case, the
silver bullet would not exist and the only thing we can rely on is the hard work.
I recently invited security expert Andy Malone to join me and co-host Ami Casto for an
episode of the Enterprise Endpoint Experts (E3) podcast. Andy is a Microsoft MCT and
MVP, popular security author, consultant, and speaker. He’s also a sci-fi author, which
you can learn more about by listening to the podcast at
www.adaptiva.com/blog/2017/enterprise-endpoint-security-windows-10-andy-malone. In
this blog, I pick out 10 of the important security configuration management best
practices he shared with us.
The most important thing for any company to do to stay secure is to apply OS updates
to all systems as quickly as possible. Andy puts it this way, “Patch, patch, patch. And
when you finish patching, patch some more.”
While some companies force users to update, some give them more leeway. Microsoft
used to make this a lot easier, with less frequent updates on Patch Tuesdays. Now, it’s
more of a drip, drip, drip. Part of the issue is that updates can require a reboot, which
Delivering updates to all users quickly also challenges businesses. In a recent survey of
IT pros by Adaptiva, over half of respondents indicated it can take a month or more for
IT teams to execute Windows OS updates. That ultimately leaves systems vulnerable,
and companies should work to patch much more quickly.
This seems like a no-brainer, but a number of companies don’t fully lock this down. Do
you know which services your company is allowing and disallowing? Are you monitoring
endpoints for rogue services and cracking down on it? If not, you should be.
Open ports are a red carpet welcome for a variety of cyberattacks. Every company
knows this. Yet many companies still don’t lock ports carefully. Or they do it once and
then don’t verify compliance on an ongoing basis. Every Windows endpoint should be
port-restricted to use only what’s needed—at all times.
Andy says it’s amazing how many people do their physical systems and overlook the
VMs when it comes to applying updates and other security configuration management
policies. Your virtual machines are just as vulnerable a target as physical computers.
Cyberattackers don’t discriminate.
In the cybersecurity industry, the focus has moved away from attacking operating
systems. It’s shifted to applications and mobile as well. So, application updates are no
longer about functionality, they’re also about security. Antivirus is critical, but it’s just
one of many third-party applications.
With tools like Configuration Manager or Intune, you can actually download the updates
from the vendors and then push them out to your users. However, both products are
limited to specific software vendors in different ways. That means administrators have to
do a lot of heavy lifting or find some other solution to keep third-party patching current.
You can learn more about the challenges in the E 3 third-party patching podcast with
Duncan McAlynn at soundcloud.com/adaptiva/e3-podcast-duncan-mcalynn.
In a corporate environment, companies really are paying more attention to how they
lock down Office 365. They need to make sure data isn’t leaked and that business units
aren’t sharing data to other business units. Microsoft data loss prevention can help, but
it’s just another tool to configure. The question is: are your systems configured
correctly?
To this end, Microsoft has a piece of software called Secure Score. It analyzes the
security of Office 365 across your entire organization. The solution analyzes things like
users’ regular activities and security settings. Then it gives you a sort of “credit score for
security.”
You as an administrator can run Secure Score on your Office 365 portal. The higher the
score, the more secure you are. Microsoft gives you all of the security tools but doesn’t
necessarily configure them for you. You might go in and find that you have a horrible
score. At least you’ll know what to do to fix it!
Make sure you’ve got a good security policy for dealing with access to your common
desktop. Is the user allowed to do anything they like? Or is it cut down? Do you have a
VPN access policy, and what is it? What is your policy for identity and authentication?
There’s a whole world of things that you could do—far too many to mention here.
However, if you don’t document the policy as a starting point, you will almost certainly
have vulnerabilities.
Definitely consider multi-factor authentication (MFA). MFA is very practical now, with
fingerprints, facial scans, etc. Biometrics really has changed the game, though other
forms of secondary authentication are fine. The main thing is don’t rely exclusively on
usernames and passwords anymore.
Your company should have a set of procedures in place for the “what if” scenario. This
way, you are prepared if you get hit with malware, if there’s a disaster, or if there’s some
kind of data breach. If you have a plan already, “you don’t run around like a headless
chicken,” as Andy puts it. You need to flip over to “Okay, right, there’s a procedure for
that; let’s deal with it.”
Remember that you might need to restore data. When talking about security, we often
talk about computer security. For a company, however, the topic of information security
looms large. A company needs to be prepared to bring back data if and when an
incident occurs.
Learn more!
The podcast goes into more detail about MDM, the cloud, and other security topics.
Plus, Andy answers the question, “Would you rather be able to see 10 minutes into your
own future or 10 minutes into the future of everybody else?” You can also follow Andy at
andymalone.org and on Twitter @andymalone.
If you’d like to learn more about automating verification of security policy and all the
items we’ve mentioned here, visit www.adaptiva.com/client-health.
From Bitcoin to Blockchain from Ethereum to Wallet software and from Online Trading
sites to Litecoins, we’re covering it all here. Right now at CDM, we are VERY
CONCERNED with many people jumping into the Crypto-currency world and getting
ripped off, like in the early days of the Forex, which sparked the Office of Comptroller of
Currency (OCC.gov) and others to get involved and regulate the Forex trading
exchanges due to so much rampant fraud.
▪ Computers and mobile devices are infected with zero-day key-loggers from cyber
criminals and nation states;
▪ Few online trading sites and platforms will be 100% trustworthy and none will be
100% secure. Expect online trading fraud, theft of online cryptocurrency accounts
and online hacking to run rampant in this space.
Stay tuned for our upcoming articles that will shine a light on this dark area of
commerce. When regulators jump in due to fraud it can be a good thing but for a
crypto-currency it will most likely cause the bubble to burst and we’ll see the Internal
Revenue Service (IRS.gov) push for it to be treated as a form of currency when, for
now, they and the US Treasury (treasury.gov) call it an ‘asset’ like a book or your
house. It won’t take much for the growth of crypto-currency tied to the attraction of a
soft-underbelly hacking target to make this a reality. Bookmark this page and keep an
eye on it: http://www.cyberdefensemagazine.com/bitcoin-blockchain-and-breaches/
INSIGHTS
Cybersecurity: Fighting a Threat That Causes $450B of Damage Each Year
With recent high profile hacks of companies such as Uber, Equifax, and HBO, it’s safe
to say that cybersecurity is already top of mind for many of the world’s biggest
companies.
However, as billions of more devices get connected to the internet every year –
including many that are not properly secured – this cybercrime threat is evolving quickly,
and the stakes are rising as well. Experts estimate that cybercrime caused $450 billion
of damage to the economy in 2016, and that number is expected to increase to $6
trillion by 2021.
Today’s infographic, which comes to us from Evolve ETFs, covers the growing threat of
cybercrime along with the associated boom in global cybersecurity spending.
The potential impact of a large-scale cyber attack is bigger than ever, and today
cybersecurity is a number one concern for businesses, governments, and individuals.
Since 2013, over nine billion records have been lost or stolen globally, and nearly two
billion of those were breached in the first half of 2017 alone.
With 80% of the value of Fortune 500 firms stemming from intellectual property (IP) and
other intangibles, this means that the digitization of assets comes with massive risks.
According to a joint report by Lloyd’s and Cyence, a single large-scale attack could
The potential firepower behind today’s cyber threats are enough even to catch the
attention of top defense officials. In a survey of 352 national security leaders, the
greatest threat facing the United States is not terrorism (26.3%) – it’s actually
cyberwarfare (45.1%).
FIGHTING CYBERCRIME
Businesses are more focused than ever on protecting themselves and their data from
increasingly advanced and complex threats.
In a recent survey by Marsh LLC and Microsoft, of the many global companies that are
subject to new privacy rules in Europe, 78% of senior executives are planning to
increase spending on cyber risk management in the next 12 months.
Reducing the cost of security breaches by only 10% can save global enterprises $17
billion annually.
– MORGAN STANLEY
As a result, the cybersecurity sector continues to be one that is on the rise. Spending is
increasing particularly in four key areas: security analytics (SIEM), threat intelligence,
mobile security, and cloud security – and global cybersecurity spending is expected to
grow at a 9.5% CAGR to hit $182 billion in 2021.
Interested in finding out more? Have INSIGHTS that you wish to share? We’re building
up an entirely fresh and new content area at CDM to help the infosec industry gain new
INSIGHTS. Please email chrish@cyberdefensemediagroup.com for more information.
First, let’s get the basics on GDPR and then we’ll go through a really well done
infographic to cover the changes in the GDPR.
The General Data Protection Regulation (GDPR) is a legal framework that sets
guidelines for the collection and processing of personal information of individuals within
the European Union (EU). The GDPR sets out the principles for data management and
the rights of the individual, while also imposing fines that can be revenue based.
The General Data Protection Regulation covers all companies that deal with the data of
EU citizens, so it is a critical regulation for corporate compliance officers at banks,
insurers, and other financial companies. GDPR will come into effect across the EU on
May 25, 2018.
The GDPR adds to the EU’s general policy of protecting citizen’s data. In addition to the
notifications of collection and legal ramifications for misuse, there is also a requirement
to obtain explicit consent, notify in cases of a hack or breach, appoint dedicated data
protection officers and much more. For financial institutions, the new rules will require
significant investments in compliance to ensure continuing access to the EU market.
The new rules are also pushing firms to pseudonymize personally identifiable
information (PII) prior to processing it, meaning that the data can’t be attributed back to
a particular person. The pseudonymization of data allows firms to do some larger data
analysis - such as assessing average debt ratios of its customers in a particular region -
The GDPR has effects beyond lending, insurance and other firms where sensitive
personal data is collected and processed as a matter of course. The rules apply to the
human resources record of employees and even the IP addresses of people using
online services. The GDPR builds upon data rights that the EU has been pushing for,
such as the right of an individual to be forgotten and the right to data portability.
As such, it is expected that the GDPR will lead to data minimization where companies
willingly prune down the amount of information they collect to the functional essentials
needed to complete a transaction. This could be a reversal of one of the big data trends
where companies seek to collect and analyze as much data on their customers as
possible in order to gain new insights.
This analysis can still take place after appropriate pseudonymization, but other data
rights prevent those insights from being used to profile customers in a way that could be
discriminatory or put them at a financial disadvantage. As the GDPR is a new
regulation, there will no doubt be a period of adjustment where gaps and thorny issues
like profiling are addressed.
Thanks to our friends at ExigentNetworks for the great infographic that follows….
Prior to joining Kenna Security, I worked with many nonprofits around the world. Each
focused on providing shelter, education, health services, and food to children in need.
The mission was clear and critical.
Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our
goal was to save children, the strategy to drive the mission forward was to focus on
donations, extending our reach, and improving services at the lowest possible cost. We
hardly considered IT security as an issue because, well, we were focused on helping
kids, not fighting hackers. We not only ignored the danger, we were oblivious to it.
I recently joined the Kenna Security Team. Since joining, I quickly realized that the
nonprofits (and kids that benefited from it) were actually placed in very real danger. One
successful data breach could have brought down the organizations and ended their
missions, which in return risks the lives of millions of children and their families around
the world.
In a revealing study The Global Cybersecurity Index (GCI) 2017 Report published
alarming statistics that unveiled that severe vulnerabilities are prevalent in the nonprofit
technology infrastructure. While virtually every large nonprofit “has” security, a recent
survey by CohenReznick, showed that more than 70% of nonprofits have not run even
one vulnerability assessment to evaluate their potential risk exposure. Even more, 69%
do not even have a cybersecurity response plan in place. These stats are particularly
frightening when you consider that nonprofits are more than likely to use free open
source solutions with well known vulnerabilities and weaponized exploits hackers will
use to efficiently effect a breach.
There are “good” reasons for this rather dangerous situation. Limited budgets, staff and
expertise are several. Single minded focus on the mission may be another. Whatever
This is alarming given that most nonprofits run on donations transacted using
particularly sensitive and valuable information. Accepting money and providing receipts
alone requires (legally) sensitive credit card numbers and tax IDs. Even more,
anonymous donors to, for example, nonprofit political organizations, will consider their
names and other typically “non sensitive” information extremely sensitive, adding even
more value to the data. Hackers like high value information.
Worse still, few consider that the personally identifiable information of the affected
population is valuable to hackers as well. Sometimes, the same information is used in
micro-grants or to fund SIM cards that provide access to basic needs, which can easily
be diverted. Other times, hackers are interested in selling the locations of aid workers
for distributing malicious reasons.
So with the lack of resources and funds, what should nonprofits do? Corporate forprofits
typically focus on detecting and responding quickly to attacks. These measures often
need to be in place for compliance reasons. For all of the reasons outlined above,
nonprofits can’t afford to react to a breach. Of course defenses should be in place, but
first they need to predict and prevent successful attacks before they happen.
Make cybersecurity a top priority and security awareness part of the organization’s
culture, for example all employees should attend cyber security trainings. There are six
ways that the majority of cyber criminals enter a nonprofit’s database.
• Absence of Password Policy – Always make sure that every team member has
two-factor authentication on. As well as, enforce a comprehensive password policy,
which includes how long passwords need to be and how often passwords need to be
changed.
• Unsecured software – Never skimp on software. Still to today there are nonprofits
using out of date software and sometimes so old that it’s no longer supported by
Microsoft. Make sure your computers and network operating system is always updated.
The older the system is the more susceptible to data breaches.
• Open-source software – Saving money by using open source software is asking
to be attacked since they tend to be extremely vulnerable.
• Online payment processors – Invest in a reputable online payment processor.
• Not using cloud-based platforms – Cloud-based products are usually free or low
cost to nonprofits. By using the cloud, it allows nonprofits to outsource a big part of their
security needs to leaders in the market, which then leverages technologies from those
who have the budgets and resources to combat evolving threats.
• Your employees (or former employees) – Make sure that when an employee
leaves, there are measures to make sure that all devices are wiped clean and access is
denied, along with changing passwords and placing a two-factor authentication as well.
For current employees, they should be educated on not clicking on unfamiliar emails or
attachments since 70-80% of cyberattacks are carried out through email.
Should a cyber attack occur, having a plan ready to go will ensure that all appropriate
members are noted and react instantly to be able to work together faster and more
strategic. When dealing with an attack, it is important to note that timing is critical to
whether hackers can cover their tracks or steal more data from your systems.
By utilizing the above three preventive measures, it should assist with creating policies.
Cyber threats are increasing and evolving, such as Wannacry, BadRabbit, and
NotPetya. By being proactive, nonprofits will be better equipped for the upcoming
security threats should it face a cyber attack. In return, nonprofits can continue doing
the incredible work that they do and increase their services by fulfilling their impactful
mission.
A week before, the Federal Communications Commission (FCC) gathered and voted to
eliminate net neutrality, though Americans are overwhelmingly against the idea. The
most immediate consequence is the increasing prices, let’s see how the flow of
accurate information would affect devastatingly.
Can you recall the old days of dial-up, when a video used to load online in hours? Well,
you may experience that again, as this is going to be the reality because net neutrality
regulations are abolished in US. For the novice, net neutrality is making a web just like a
public utility, means internet traffic created equally for all the surfers and surfing is as
quickly as possible; no restrictions and no delays while surfing internet. Net neutrality is
another word for freedom of expression that enables users to share their ideas, rally
together around, and speak truth to power to evade conventional media gatekeepers;
ISPs would be more potent than other stakeholders.
Absence of net neutrality would bring multiple challenges for Americans, the most
immediate ones are;
The war between fake and accurate information started back when internet replaced the
traditional media; as per the report, only 17% of Americans consider news media, very
accurate. Lack of net neutrality would worsen this fight, ISPs like Comcast and AT&T
would utilize their power and limit the dissenting opinions using paywalls and throttling
speeds. The paradigms of sharing information would be transformed when 77% of
Americans with a smartphone would be unrestricted to access the internet freely.
Internet providers are always in need to make money and unfortunately abolishing net
neutrality is the long-run lobby created by giant internet providers. With no net neutrality,
Internet providers can easily squeeze websites, charge for faster and/or exclusive
services. Video on demand services like Netflix and Amazon would also be forced to cut
down their exclusive deals with internet providers and charge from customers of
competing service providers more.
Which internet service provider hold up for money, is not arguable, it’s all going to fall
back on customers, who will have to pay to get the content accessibility. Without net
neutrality, ISPs would rule the granting or denying accessibilities, and slow down the
speed of sites that can’t afford to pay. Netflix raised voice to take a step against net
neutrality abolishment and it looks like it’s becoming imminent that Netizens should start
using a Netflix VPN to bypass speed throttling as long as the VPNs itself gets banned.
The technological evolution has made two-way communication model possible, where
not only large organizations can share information, but individuals also practiced their
freedom to share their knowledge. Whether it’s a #OscarSowhite or #MeToo campaign,
two-way communication model enabled multicultural millennials to play their part in all
such online movements.
If you remember, so many pressing issues were ignored by the major media outlets but
highlighted by the silence breakers; individuals. Lack of net neutrality would possibly
allow ISPs to truncate or obstruct this model by restricting accessibilities.
This restriction compounded by de facto that few of the most significant ISPs have
financial ties with their news outlets; this would restrict unconventional news and
sources to access quickly. Media literacy encourages multiple sources to be used to
check the authenticity; sadly it’s quite tricky in a post-net neutrality era.
Well, the real repercussions would be observed once ISPs start implementing the
clauses they come up with and revised packages they’ll offer from now on. The ball is
solely in their court now. Massive online and offline movements have already started
against this menacing Net Neutrality law and many influencers and personalities have
joined the movement, but the current situation doesn’t look very favorable.
WHAT IS TESTED
PREPARATION
A pentester has two options how to prepare for a CEH examination: official training and
self-study.
The EC-Council offers instructor-led and online training sessions. The instructor-led
training is conducted in accredited training centers, and the online version is based on
iClass platform. The five-day course includes 18 modules covering 270 attack scenarios
and costs either $850 (for US citizens) or $885 (for international students). After the
course, an applicant continues self-education with the access to EC-Council
laboratories. The overall preparation for CEH certification lasts for one year since the
enrollment.
To take CEH examination without attending a dedicated training session, the candidate
should have 2+ years of information security-related experience and a relevant
educational background. In addition, such candidates are required to pay a non-
refundable application fee of $100.
The CEH penetration testing certification exam lasts for four hours, during which
candidates answer 125 multiple-choice questions. They have to demonstrate a wide
range of skills, which include not only different types of web application and network
penetration testing, but also social engineering, cryptography, malware threats, cloud
computing, mobile platforms hacking, and more.
RESULTS
The pass mark for the exam is 70%. Successful candidates are issued a CEH
credential, and receive a CEH welcome kit within 4-8 weeks after the exam completion
date. The kit includes a hard copy of an EC-Council certificate and a welcome letter
from EC-Council. Digital versions are available on the Aspen portal.
VALIDITY
The CEH credential is valid for three years. However, in order to keep the certificate
updated and have the ability to renew it later, a certificate holder has to achieve 120
credits per certification within the three-year period. Credits can be gained by attending
conferences, writing research papers, reading materials on related subjects and
attending webinars.
CEH penetration testing certification requires an $80 annual membership fee. This
makes the certificate holders eligible to the following benefits:
The terms penetration testing and ethical hacking are often interchangeable; however,
there is a difference. The former is a more narrow term for the process of finding
vulnerabilities in a target IT system. Penetration testers should be skilled in a specific
area (for example, network penetration testing) and are not required to possess any
formal proficiency credentials. Ethical hacking, in its turn, can be called advanced
penetration testing. It encompasses application and network penetration testing,
together with DDoS testing and social engineering. Ethical hackers should possess
CEH certification, while penetration testers are not required to have any certificates.
• To get better salary. According to the InfoSec Institute, the average payout to a
Certified Ethical Hacker in US is $71,331 per year (non-certified pentesters are
paid $50,000 a year on average) and reaches $132,322.
• To be highly valued on the professional market. Customers consider CEH
certification among the key factors in their hiring decisions.
• To discover more career opportunities. A certified ethical hacker is not limited
to penetration testing and may take on the roles of a security engineer,
application security manager, IT security administrator, information security
consultant, security compliance engineer and network security analyst.
For the past seven years, the U.S. Office of Management and Budget has been pushing
Federal agencies to move much of their computing workloads to the cloud. And yet,
progress has been slow, with only about $2 billion of the Federal government’s $80
billion in annual IT spending going to cloud services as of 2016.
Years after OMB began its cloud push, Federal agencies still face significant challenges
to adoption, with security identified as one of the main issues holding back cloud
adoption. In fact, the number one concern of Federal IT managers is how to expand
their security measures and policies to cover the cloud, according to a recent survey by
MeriTalk.
In the meantime, pressure on agencies to move to the cloud isn’t going away. The U.S.
Department of Homeland Security’s new Continuous Diagnostics and
Mitigation cybersecurity program is pushing small agencies to use cloud-based security
tools. Cloud security doesn’t get the highest marks from the Federal IT managers who
responded to the MeriTalk survey, sponsored by Fortinet. A minority of them rate their
security as excellent in cloud environments; only 35 percent for the private cloud; 21
percent for the public cloud; and 27 percent when moving between physical and virtual
environments in a hybrid cloud arrangement.
Even so, many of the survey respondents see a mix of physical infrastructure and cloud
computing in their future. The ideal mix, they said, includes 39 percent physical servers
and 61 percent cloud.
But even as Federal IT managers seek to deploy the hybrid cloud, they feel unprepared,
with security. Control and compliance are again coming to the forefront. A big part of
the cloud adoption woes is the complexity of Federal IT environments. Eighty-five
percent of the surveyed Federal IT managers described their current infrastructure as
This complexity and lack of visibility puts agencies at a significant risk of a security
breach, the survey respondents said. More than half agreed that the complexity adds to
the risk, and nearly the same percentage said the same thing about the lack of visibility.
Still, many Federal IT managers see value in a move to the cloud, including a significant
security benefit. Seven out of ten said they believe a successful hybrid cloud adoption
will reduce their agencies’ security spending, and 69 percent said they believe it will
improve their overall security posture.
Even with the challenges of complexity and a lack of visibility, there is a path forward to
the cloud.
Take it slow: While there’s mounting pressure for agencies to move IT workloads to the
cloud, that doesn’t mean it needs to be an all-or-nothing transition. Agencies can – and
probably should – make a slow transition to the cloud by running a few select workloads
in a cloud service. By moving slow, agencies can test the applications on a cloud
service, while ensuring the proper security is in place.
Some security products are now designed to enable a strategic migration to the cloud.
Careful planning and use of security tools that enforce security rules across hybrid cloud
environments allow agencies to avoid taking an all-at-once or an all-or-nothing
approach to migrations.
Increase the visibility first: Before moving to the cloud, agencies should get their IT
houses in order. With major concerns about visibility voiced by survey respondents, one
of the first steps should be to increase the visibility into their applications, using a
security information and event management (SIEM) or similar product.
If agencies have the visibility they need, they can keep a close eye on their workloads
as they move to the cloud. And if the cloud transition is done right, agencies can
increase visibility into their IT infrastructure through new tools available in the cloud.
Federal agencies can move into hybrid cloud environments with broad visibility and
granular controls that weren’t available with traditionally isolated security resources.
Use a trusted partner: As more companies move workloads to the cloud, third-party
consultants and technology vendors can assist with the transition. Cloud providers have
certified partners, including security vendors, that specialize in assisting with the
transition.
It’s important for agencies to contract the right folks to get the job done.
Security is an important element of this transition, and a trusted security partner can
help agencies establish effective security integration between their physical and virtual
environments.
To assist the government in its efforts, the Obama Administration established the
Vulnerabilities Equities Process (VEP), a set of rules used for determining whether the
U.S. Government should disclose a zero-day security vulnerability. The VEP has long
been criticized for its lack of transparency and oversight. Last month, the Trump
administration released the charter to the public.
It’s worth repeating that the VEP isn’t new. The policies of the Trump administration with
regards to vulnerability disclosure are no different from the previous administration. VEP
is just a rehash of previous policies and councils that were in place to appease public
perception on government-curated vulnerabilities—it does nothing to strengthen
cybersecurity.
The fact of the matter is, the White House’s move to release the VEP validates what the
industry has been concerned about all along. There are a number of loop holes and a
lack of industry oversight, both of which are troublesome. Let’s start with the lack of
industry oversight. In its press release, the White House claims that the VEP represents
the interests of “commercial equities; and international partnership equities.” However,
Under the VEP, vulnerabilities are reviewed by the Equities Review Board. The Board is
comprised of folks from the Departments of Homeland Security, Energy, State,
Treasury, Justice, Defense, and Commerce. The CIA and FBI are also on the Board,
and the National Security Agency serves as the Board’s executive secretariat.
Commercial and international entities are noticeably missing from this list.
This is an obvious exclusion for national security purposes. However, it also closes the
door on external oversight of decisions deemed in the interest of national security.
Commercial and international entities should have a place on the council if vulnerability
disclosure decisions are being made on their behalf.
The loopholes are also cause for concern. The VEP charter limits the scope of
vulnerabilities addressed by the council to certain classes, thus allowing reporting
entities to report as they see fit any vulnerabilities that fall outside the scope of the VEP.
In addition, the VEP does not address vulnerabilities that are discovered and shared by
international partners. Granted, this so-called non-disclosure agreement (NDA) loophole
is necessary for the U.S. government to continue operations with its allies. Without it,
our allies would fear that sharing vulnerability information with us could compromise
their own national security operations. However, like the previous loophole, this could
allow participating entities to bypass the controls of the VEP and report a vulnerability
as they see fit.
While the push for transparency is great, we shouldn’t hold our breath waiting for
change. Legislation like the Protecting Our Ability to Counter Hacking Act of 2017
(PATCH Act) and, now, the VEP charter are intended to appease the public rather than
cause change. And, to some extent, it has done just that.
It is worth noting that vulnerabilities such as those used in WannaCry never would’ve
been released through VEP due to their usefulness in providing access to remote
systems for collection purposes. And we all know how that turned out.
Willis McDonald, is Threat Research Manager and Senior Threat Researcher at Core
Security, a leader in Vulnerability, Access Risk Management and Network Detection
and Response.
The 2017 is at its end and we are easily approaching the 2018. Many people would
happily wait for a New Year, but is that the case with a cybersecurity? What would be
new in that area with the coming period of time and are there any concerns we should
get scared of?
In our opinion, the cyber defense marketplace would keep growing and there would
appear so many new solutions, advancements and improvements. We also believe
there would be many novel stuffs that would promise the better security as the previous
year gave to us an opportunity to learn from the existing threats. Also, we believe as the
positive things would continue developing – there would be the space for the rise of
malware, spyware and ransomware. So, what’s important to mention here is that we
need to make a good balance between our consumer’s needs and security
Cyber Defense eMagazine – December 2017 Edition
70
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
requirements. In other words, if we are developing the new solution – we should always
think how to protect our users from the malicious consequences. For instance, it’s well
known that the Internet of Things (IoT) marketplace is so fast growing one and so soon
it would worth trillions of dollars. The quite good field for investments, you would agree
with? The main question here would be how secure those solutions are. From a today’s
perspective, it would seem that the security would become the ultimate imperative for
the coming year. It’s quite undifficult to connect so many devices on the internet and
make the quite robust IoT network out of them, but could anyone promise to you that
you would remain physically and cyber safe? The security got the supreme demand
being one of the biggest challenges for tomorrow and we are not quite sure that 2018
would bring anything revolutionary regarding so. By so many sources, the 2018 would
stay about the same as the previous period of time. Well, let’s discuss all the questions
that could get open for the next year.
The huge concern with a today’s world is that it’s not equally developed everywhere. As
the consequences to that we have somehow present terrorism, organized crime and
human trafficking in some parts of the world. As it’s known – the crime would not
recognize the borders and so many malicious
actors would circulate around the globe looking
for a new target of their harmful action. Doing
so – those folks would rely on cyber
technologies and so frequently they would
succeed in their missions for a reason the good
practice would still deal with the quite weak
security countermeasures. As we said – it’s all
about the balance. In the ancient China, the
people would say it’s all about the harmony
between the Yin and Yang – the force of defense and the force of attack.
Unluckily to all of us, there are still a lot of open questions that would require the
accurate answers from us. For example, many experts would get concerned about the
security of IoT technologies, cloud’s systems or production of new malware and creation
of the more serious phishing attacks. We are quite feared that the coming 2018 would
not offer such a sufficient amount of time to resolve all those worries. The encouraging
thing here would be if we could find some sort of the right approach that would support
us in tackling such an issue.
We do not want to sound somehow pessimistic, but if we review the current situation
realistically – we would notice that today’s cybersecurity is dealing with lots of
challenges that would need time and effort to get handled appropriately. In our opinion,
the one year is not enough to get all these concerns being tackled, but let’s say it could
be a good starting point for making better decisions and defining the new tracks for
research and development. Every single mistake in this world could cost us a lot and
our opponents would know how to take advantage over our weaknesses, so we should
get ready to respond to such a situation.
Finally, the 2018 could be a good year to re-think everything and try to make new
strategies that would lead us to new directions. We are aware of that the world is so fast
changing marketplace and every single day being lost in such a competition could cost
Cyber Defense eMagazine – December 2017 Edition
72
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
your business greatly and significantly. Our point would be that the defense including
the cybersecurity would need more deep thinkers who would see things
comprehensively and applying some sort of strategical approach tries to indicate which
course we should take. The main rationale to this suggestion would be that many cyber
industry professionals would repeat same and same routine on a daily basis and those
guys would not notice that they are not changing anything essentially. On the other
hand, the change could be from a great significance to the progress and if we do not
empower our capacities – we cannot expect that we would make any step forward. In
other words, if we are not progressing with anything – we would not come to such a
wanted balance that would harmonize our world and bring so desired peace to all.
The point of this review is to indicate to some ideas that we could get thinking about
more balanced and secured environment. No one got immune to today’s threats and we
are quite concerned that those security challenges could take full advantage over
modern cyber technologies. The tendency would suggest that every single day those
advancements would get cheaper and cheaper and more accessible to everyone. At the
end, if we do not make a deep think about the current situation, we could face on the
quite unpleasant impacts.
There was a lot more ransomware activity in November compared to the previous
month. The infamous ACCDFISA Trojan literally rose from the ashes after years of hiatus.
A destructive specimen called Ordinypt was wreaking havoc in Germany with attacks
leading to irreversible loss of data. Another city suffered the consequences of a defiant
crypto onslaught. The highlights below will give you a better idea of how things went on
Nov. 30, 2017. A ransomware strain called ACCDFISA v2.0 is spreading on a large
scale in Brazil. Its legendary prototype emerged at the dawn of the cyber extortion
plague back in 2012. It was a screen locker and file encoder pretending to emanate from
Anti Cyber Crime Department of Federal Internet Security Agency that doesn’t even
exist. Present-day crooks have reanimated the culprit in this new campaign.
Nov. 23, 2017. A blackmail virus called Scarab is being heavily distributed via a
malspam wave originating from Necurs, one of the world’s most powerful botnets. For
the record, this particular botnet gained notoriety for pushing the notorious Locky
Nov. 22, 2017. The new qkG ransomware, or qkG Filecoder, exhibits a few quite
Normat.dot (Microsoft Word global template) so that every Word document opened by
the victim gets encrypted.
Nov. 20, 2017. The CrySiS ransomware lineage spawns one more variant as part of its
authors’ dynamic update strategy. The newcomer concatenates the .java extension to
ransomed data entries and drops a combo of ransom notes named info.hta and ‘Files
encrypted!!.txt’. Unlike some of the older versions, there is no free decryption tool
supporting this particular edition.
another update. The latest variant adds the .0000 extension to hostage files and replaces
filenames with strings consisting of 32 hexadecimal characters. This way, a victim is
unable to work out which encoded entry corresponds to a specific file. The ransom
notification file is named _HELP_INSTRUCTION.txt.
Cyber Defense eMagazine – December 2017 Edition
75
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
Nov. 15, 2017. Students of J. Sterling Morton school district, Illinois, become targets in
phishing emails. Although this piece of malicious code doesn’t go with a working crypto
module thus far, it demonstrates how successful this type of infection vector can get.
Nov. 14, 2017. Security services provider Dr.Web comes up with a cure for a relatively
new ransom Trojan that uses the .kill or .blind extension to speckle hostage files. The
vendor’s tool called Dr.Web Rescue Pack is reportedly capable of decrypting these files
so that victims don’t have to cough up the ransom. In order to use this software’s
recovery feature, though, it’s necessary to pay a subscription fee.
Nov. 13, 2017. The authors of CryptoMix, one of the most prolific ransomware samples
around, continue their prosaic filename tweaking routine. The most recent version of
this baddie smears encrypted data items with the .XZZX extension token. This iteration
Nov. 10, 2017. The evolution of the LockCrypt ransomware illustrates how dynamic this
cybercriminal ecosystem is. It was originally spotted in June as part of a RaaS
The crooks behind LockCrypt apparently chose to depart from this scheme. They appear
to have written their own code from the ground up and no longer use the Satan RaaS
for proliferation. The culprit is infecting computers via brute-forced RDP services.
Nov. 9, 2017. A new ransomware specimen dubbed Ordinypt raises a red flag as it is
more dangerous than the average crypto infection. This one zeroes in on German users
and organizations. The bad news for all the victims is that Ordinypt completely cripples
Nov. 7, 2017. Another ransom Trojan is discovered that exploits Microsoft Word macros
to contaminate computers. It’s called Sigma. The payload arrives with a booby-trapped
email attachment. Sigma appends every encrypted file with a random extension
composed of four alphanumeric characters and drops a rescue note named ReadMe.txt.
Nov. 4, 2017. Security experts unearth some details about a new high-profile
ransomware species called GIBON. It turns out to have been circulating in the
cybercriminal underground since May this year. It’s not until early November, though,
that the pest started making the rounds via massive spam campaigns. It provides data
Nov. 3, 2017. It’s amazing how a single email attachment can get a whole city’s
payment infrastructure paralyzed. That’s what happened to Spring Hill, Tennessee. One
of the employees opened a toxic file received via spam, thus unknowingly allowing a
ransomware contagion to take root. The perpetrating code badly affected Spring Hill’s
computer servers, effectively knocking down the online payment processing systems.
The adversaries demand $250,000 worth of Bitcoin for data decryption.
Nov. 2, 2017. Magniber, a ransomware sample spreading via the Magnitude exploit
kit, hit the headlines in mid-October as it resembled the abominable Cerber infection in
many ways. Based on clues in its code, security analysts concluded it was a new variant
of this year’s most widespread ransomware program mentioned above. Several weeks
In summary, the ransomware epidemic is still around and it’s getting nastier.
Unfortunately, there is no vaccine for this cyber menace, so data backups continue to be
the best thing since sliced bread when it comes to preventing the worst-case scenario.
So back it all up and stay safe. Keep up with a year in review of Ransomware, here:
http://www.cyberdefensemagazine.com/ransomware-news/
and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a
strong malware troubleshooting background, with the recent focus on ransomware
countermeasures.
There are so many projects at sourceforge it’s hard to keep up with them. However, that’s not where we are going
to find our growing list of the top twenty infosec open sources. Some of them have been around for a long time
and continue to evolve, others are fairly new. These are the Editor favorites that you can use at work and some at
home to increase your security posture, reduce your risk and harden your systems. While there are many great
free tools out there, these are open sources which means they comply with a GPL license of some sort that you
should read and feel comfortable with before deploying. For example, typically, if you improve the code in any of
these open sources, you are required to share your tweaks with the entire community – nothing proprietary here.
1. TrueCrypt.org – The Best Open Encryption Suite Available (Version 6 & earlier)
2. OpenSSL.org – The Industry Standard for Web Encryption
3. OpenVAS.org – The Most Advance Open Source Vulnerability Scanner
4. NMAP.org – The World’s Most Powerful Network Fingerprint Engine
5. WireShark.org – The World’s Foremost Network Protocol Analyser
6. Metasploit.org – The Best Suite for Penetration Testing and Exploitation
7. OpenCA.org – The Leading Open Source Certificate and PKI Management -
8. Stunnel.org – The First Open Source SSL VPN Tunneling Project
9. NetFilter.org – The First Open Source Firewall Based Upon IPTables
10. ClamAV – The Industry Standard Open Source Antivirus Scanner
11. PFSense.org – The Very Powerful Open Source Firewall and Router
12. OSSIM – Open Source Security Information Event Management (SIEM)
13. OpenSwan.org – The Open Source IPSEC VPN for Linux
14. DansGuardian.org – The Award Winning Open Source Content Filter
15. OSSTMM.org – Open Source Security Test Methodology
16. CVE.MITRE.org – The World’s Most Open Vulnerability Definitions
17. OVAL.MITRE.org – The World’s Standard for Host-based Vulnerabilities
18. WiKiD Community Edition – The Best Open Two Factor Authentication
19. Suricata – Next Generation Open Source IDS/IPS Technology
20. CryptoCat – The Open Source Encrypted Instant Messaging Platform
Please do enjoy and share your comments with us – if you know of others you think should make our list of the
Top Twenty Open Sources for Information Security, do let us know at marketing@cyberdefensemagazine.com.
JOB OPPORTUNITIES
Send us your list and we’ll post it in the magazine for free, subject to editorial approval
and layout. Email us at marketing@cyberdefensemagazine.com
This magazine is by and for ethical information security professionals with a twist on
innovative consumer products and privacy issues on top of best practices for IT security
and Regulatory Compliance. Our mission is to share cutting edge knowledge, real
world stories and independent lab reviews on the best ideas, products and services in
the information technology industry. Our monthly Cyber Defense e-Magazines will also
keep you up to speed on what’s happening in the cyber crime and cyber warfare arena
plus we’ll inform you as next generation and innovative technology vendors have news
worthy of sharing with you – so enjoy. You get all of this for FREE, always, for our
electronic editions. Click here to signup today and within moments, you’ll receive your
first email from us with an archive of our newsletters along with this month’s newsletter.
Our New Office Addresses coming soon: NEW YORK (US HQ), LONDON, HONG KONG