Visualisation of time based attacks on DMZ (videos)

Justin   |   No Comments » Posted on August 24, 2014

Visualisation of two weeks of IPS data

Critical and high significant IPS events detected on a public facing Palto Alto device, visualised using Microsoft Excel Power Map for a period in November and December 2013.

The data is taken from daily detection summaries so although it covers a nearly two-week period has 24 hour time resolutions.

The attacks are differentiated between Spyware and Vulnerability.

Note the fairly constant levels of vulnerability attacks from China, Turkey & Indonesia.

The practical application of such a visualisation in detecting or preventing attacks is limited, however, it provides an effective mechanism to explain the level of attack (directed and random) against the organisation on a pretty much constant basis.

 

 

Visualisation of 24 hours of IPS data

Critical and high significant IPS events detected on a public facing Palto Alto device, visualised using Microsoft Excel Power Map for a 24 hour period on the 10th and 11th December 2013.

The source data is per event detected over that 24 hour period.

The attacks are differentiated between Spyware and Vulnerability.

The video shows two types of visualisation, first a “phased decay” where the attack is plotted and then fades away if not detected. This shows the attacks coming and going across the globe with the exception of China which is fairly constant source of attack.

The second segment shows a continuous growth in the sizes of the attack bubbles over the period. This illustrates the overall relative number of attacks from the various sources.

Note the main sources of vulnerability attacks being China, Turkey, Argentina & Indonesia.

The practical application of such a visualisation in detecting or preventing attacks is limited, however, it provides an effective mechanism to explain the level of attack (directed and random) against the organisation on a pretty much constant basis.

 

Written by Justin Research, Security   |   Tags: , , , , , , ,

Guest lecture to UKZN 2014 MBA Class : Security & Ethics

Justin   |   No Comments » Posted on August 24, 2014

In this past week I once again had the pleasure of speaking with the UKZN MBA Class. It is always a pleasure to speak to a large group of some of the brightest minds in KZN. Unlike other presentations, these sessions are normally quite interactive and the class willing to share their ideas, experiences and questions.

What stands out for me in this set of discussions were three key diversions.

1. Bank fraud, and the divergence in opinions between the bank representatives and victims (customers)

There is always a lot of interest in, and debate over on-line frauds as they affect individuals. We all know someone, if not ourselves, who has been hit through some kind of bank fraud. In the class were a number of (un-named) employees of various (nameless) banks. They were adamant that the banks do their utmost to refund their customers in the event of frauds. The victims, however, had a polar opposite view and experience. They contended that the banks make it difficult to get your money back, denying, obstructing and delaying in the process while the victim suffers through no having access to the affected funds. For a bank dealing with hundreds of thousands of affected customers and millions in losses, a month may be a short period to resolve such an incident. For a victim needing access to their funds, a month is a payday away and that money could mean the difference between being able to pay your bills or defaulting.

2. Online identities (and password management)

Online identities are increasingly becoming integrated with your professional life. When being hired more and more organisations scan these to see whether they wish to employ you. Whether this is done as part of the background checks (for which prospective employees normally sign permission) or through other means varies. However, needing to take control of and responsibility for your on-line identity is important. Also don’t forget about your children. They may not yet comprehend the gravity of the situation, and could be creating a fun-filled but wholly undesirable persona that they come to regret later in life when they join the job market and are unable to control or erase their past sharings.

Related to this discussion was the age old one of passwords and password re-use. The dangers of password re-use were discussed in detail with some schemes for password protection. The example of people using the same password across all on-line services, and then having the local camera club hacked, with usernames and passwords being revealed and then those same passwords being used to log into gmail, a facebook “I lost my password” event resulting in the password being mailed to gmail, and very quickly the entire on-line identity can be stolen.

Some tips :  Use different passwords on-line, and at very least don’t use your primary mail account password anywhere else. It is better to use a password manager on your mobile (LastPass, Blackberry password keeper etc) then to re-use passwords. Also don’t use your phone address book to store passwords or bank pins and account numbers. If you use an iPhone or Android phone then this information is generally synchronised to the cloud, so when that Gmail account is hacked they also have all of your phone book without you ever knowing.

3. Return to old school

There was a comment / view put forward that with all of the information security breaches and discoveries of organisations and nation states lying to citizens about what is happening in this space that it would be better to return to the (golden) “olden days” . While that may appear to be the case, memory can be a strange thing. We often remember the good and forget the bad. Not so many years ago when cheques were still in common use cheque fraud was rife. The banks didnt like to disclose information on fraud (and still don’t) but some of the stats I remember seeing flashed up at fraud conferences indicate that the fraud we are seeing now is just a fraction of what was experienced at the peak of cheque fraud. Social media and the online information era just increase the level and speed of information sharing. The fewer incidents that happen now are just more widely reported and shared then ever before. Instances of misrepresentation and abuse by companies(and countries) are now more widely shared and reported, what is not clear is whether the actual occurrences are on the rise or just more visible.

We cannot go back in time, we need to move with the times. That said a dose of healthy skepticism in all we are doing can only be a good thing. Ask questions until your are satisfied with the answers. You may choose to trust, but trust and verify, don’t trust blindly.

Finally

Embedded below is a link to download the slides. Thanks for attending the sessions and for participating.  Feel free to drop me any questions you may have (or leave them here).

Information Security and Ethics 2014 August 2014

 

Thanks Andrew for the invitation and facilitating the discussion.

 

Written by Justin Durban, Privacy, Security   |   Tags: , , , , , ,

The Heartbleed bug : a short presentation given at the Kzn ISACA Chapter Meeting

Justin   |   No Comments » Posted on June 03, 2014

I was honoured to be asked to make a (short) presentation at the May 2014 KZN ISACA Chapter meeting. The meeting went down well with probably around 25 people attending.

Attached is the PDF of the presentation.

I hope that some of the members present found it useful and that you, my readers, do too.

Feedback as always most welcome.

The Heartbleed Bug ISACA presentation v3

 

Written by Justin Durban, Events, ISACA, Research, Security   |   Tags: , , , ,

Visualising Security Data : SCCM patching traffic flows

Justin   |   3 Comments » Posted on March 03, 2014

I have been experimenting a little recently with visualisation of security data.

We have had some challenges with SCCM and needing to understand which clients were connecting to which servers, where and why. This data seemed very hard to come by and after some discussions with some helpful Microsoft South Africa folk the service provider pulled the IIS logs from most of our SCCM Primary Servers and the Distribution Points.

I then added in a Destination column (being the server from which the log was pulled) and combined the logs from all of the servers (6 Primary and 6 Distribution). In MS Access I then summarised the data by source and destination pairs, providing 13952 connections. This was exported as a CSV and headings added in using Notepad (Gephi wouldn’t read the data file without headings named to its liking).

The data was then loaded into Gephi as edge data. I then searched for each of the 12 servers in the node table, added in a Label, changed the colour and size (Red 30 for Primary Blue 20 for secondary), selected the Force Atlas option and let it plot my data. The 13 546 nodes and 113952 were then plotted providing the graph below (when exported as PDF).

The graph was somewhat unexpected in that I did not foresee so many of the workstations being served from Primary servers nor so many devices receiving data from multiple servers. A few of the DP’s (top and bottom of screen) clearly are not serving the numbers of workstations we would expect and need deeper investigation.

While Excel cross tabs and more detailed access queries provide more detailed insight into what is going on this visualisation very quickly demonstrates a very different picture to which the service provider running the SCCM infrastructure had been describing.

Have you done anything similar? Please do share.

 

Map of SCCM links using Gephi

Map of SCCM links using Gephi

 

Download the PDF version here :  map of sccm v2

 

Written by Justin Data Analytics, Security   |   Tags: , , , ,

UKZN MBA presentation 8th August 2013 : Information Security & Ethics

Justin   |   No Comments » Posted on August 11, 2013

On Thursday the 8th August 2013 I was once again privileged to be the guest lecturer for the UKZN MBA programme. Despite Friday being a holiday and the start of the long weekend there was a great turnout. Thanks to all the students for all your questions and contributing to making it an entertaining session.

Below is the link to the slides. Please feel free to contact me if you have an questions or would like to discuss the subject further.

security and ethics UKZN MBA August 2013

Written by Justin Durban, Security   |   Tags: , , , , ,

UKZN MBA 2013 Presentation : Security & Ethics

Justin   |   No Comments » Posted on March 02, 2013

On Thursday afternoon I was privileged to speak to the UKZN 2013 MBA class on information security and ethics. Below is a copy of the presentation. Lots of detail in here which we didn’t get to cover in the two hours together, and lots to remind you of the things we shared. I hope you all enjoyed the time as much as I did.

Feel free to mail me or post any questions here.

Justin

Download PDF presentation : security and ethics 2013 UKZN MBA Feb 2013

 

Written by Justin Durban, Research, Security   |   Tags: , , ,

Security considerations for Cloud Computing (ISACA publication)

Justin   |   1 Comment » Posted on October 13, 2012

ISACA has released their latest book on cloud computing : Security Considerations for Cloud Computing, earlier in the week I received notification that my personal copy is with FedEx on it’s way to South Africa for me, one of the perks of being an expert reviewer on the panel for the publication.

This guide is Another publication in the Cloud Computing Vision Series, Security Considerations for Cloud Computing presents practical guidance to facilitate the decision process for IT and business professionals concerning the decision to move to the cloud. It helps enable effective analysis and measurement of risk through use of decision trees and checklists outlining the security factors to be considered when evaluating the cloud as a potential solution.

There are five essential characteristics, three types of service models and four major deployment models taken into account relative to cloud computing. To ensure a common understanding of these models, this publication describes the characteristics of each characteristic and model.

This guide is meant for all current and potential cloud users who need to ensure protection of information assets moving to the cloud.

If you are making any significant use of Cloud Computing I would recommend you get your hands on the publication. It’s free for members to download, otherwise $35 for a hard copy, $70 for non-members.

20121013-222714.jpg

Written by Justin Privacy, Research, Security, Uncategorized   |   Tags: , , ,

I’m looking for staff : Security, Governance, Risk and Compliance

Justin   |   No Comments » Posted on September 01, 2012

Six more positions are available in the Enterprise Information Security Management team at Transnet, within the IT Security, Governance, Risk and Compliance competency areas.

We have a lot of challenging but interesting work ahead of us. If you want to learn a lot, apply what you have learned, be part of a hard working and performing team, then please apply :)

  • ICT Continuity Compliance Manager
  • IT Risk and Compliance Manager
  • Information Security Subject Matter Expert
  • Information Security Analyst (SME) x 2
  • Senior Security Analyst (inc Forensic & Incident)

These positions are all based in the Johannesburg CBD (Carlton Centre) and are manager or senior consultant level positions.

External applicants must apply by submitting CVs electronically to recruitment@transnet.net by 16h00 on 07 September 2012. Any questions regarding the positions should be sent to linneth.mpete@transnet.net.

Further details for each of the positions can be found here :http://lnkd.in/gyy9FR  (Google Plus)

We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at Transnet. Call the hotline toll free number: 0800 003 056 or email Transnet@tip-offs.com

Written by Justin IT Governance, Jobs, Johannesburg, Security   |   Tags: , , , ,

Security and Ethics presentation UKZN MBA Class 2012

Justin   |   3 Comments » Posted on August 19, 2012

Friday night (17 August 2012) I had the privilege presenting to the University of KwaZulu Natal 2012 MBA Class on information security. Given it was a Friday night the attendance was relatively small but it was good to see that the majority of the class stayed for the 2 hours we had together. Some interesting and insightful questions was raised and discussed. It is good to see people “get it”.

The presentation is attached for those who are interested. Get it here: security and ethics 2012 UKZN MBA Aug 2012 (updated)

Update 2012/09/12 : Apologies, the previous PDF was corrupted somehow. It has been re-uploaded and checked.  

Written by Justin Durban, Security   |   Tags: , , , , ,

Cyber Defence and Network Security Africa : Cloud-based Scanning

Justin   |   No Comments » Posted on July 16, 2012

I am speaking tomorrow (17 July 2012) at the Cyber-Defence and Network Security Africa conference (www.cyberdefenceafrica.com) at the Crowne Plaza in Rosebank.

Time : 12:15 Cloud-based scanning: A case study from Transnet

  • The need for a supplemental, cloud-based scanning solutions
  • Cloud based scanning: how it works, the benefits, and limitations
  • Implementation challenges and lessons learnt at Transnet

Download a copy of the presentation here : Cloud scanning

Then later in the day I will be participating in a panel discussion with the esteemed Barry Irwin and Kabuthia Riunge. Details of this listed below, should be an interesting 45m.

16:00 Panel discussion: Cyber threats over the horizon and the future of information security

  • The current threats, and how these are likely to evolve over the medium term
  • State and non-state actors and the threats each poses
  • Preparing for cyberwar—what can (and what should) the private sector do
  • The future of cybercrime

Panellists:

  • Barry Irwin, Senior Lecturer, Rhodes University
  • Justin Williams, Principal Specialist: Information Security, Transnet
  • Kabuthia Riunge, Senior Information Security Officer, Central Bank of Kenya
Written by Justin Events, Johannesburg, Research, Security   |   Tags: , , , , ,

Security Summit 2012 presentations now available

Justin   |   No Comments » Posted on May 24, 2012

The IT Web Security Summit is the premier security event on the South Africa security conference calendar. IT Web has kindly made the presentations and recordings of the presentations available on their website. If you missed out or are simply looking for a re-cap of the great material, take a wander over to the ITWeb site and catch up.

This was one of the first security events that I have seen dedicate a presentation track to ERP/SAP Security. Check out the presentations by :

  • Juan Pablo Perez Etchegoyen Cyber-Attacks on SAP & ERP systems: Is Our Business-Critical Infrastructure
  • Chris John Riley SAP (in)security: Scrubbing SAP clean with SOAP
  • Ian de Villiers Systems Applications Proxy Pwnage
  • Marinus Van Aswegen Securing SAP

Link to IT Web Security Summit Downloads

Written by Justin Events, Research, Security   |   Tags: , , , , , , ,

Bring your own device (BYOD) : workplace mobility presentation

Justin   |   No Comments » Posted on May 24, 2012

I was privileged to speak at this month’s ISACA KZN Chapter meeting held last Monday at KPMG’s offices in Durban. Thanks to Terence (the local chapter leader) for the invite.

My topic was around workplace mobility, focusing on implementation challenges and leanings experienced  within the workplace. For this presentation I tried something a little different, using Keynote on the iPad to develop and present the talk. This resulted in a slide deck that looks a bit different from my normal style, with far fewer words, more pictures and I hope a smoother flowing more natural presentation. At the same time, it’s probably a bit more difficult for somebody who wasn’t at the presentation to get a lot of value out of the slide deck. If you download it and have questions, please go ahead and ask. It is presented below as a PDF since so few have Keynote.

Presentation here : BYOD workplace mobility v2 (download the PDF)

Written by Justin Durban, Events, ISACA, Mobile   |   Tags: , , , , , , ,

Security and Ethics presentation at UKZN MBA Class 2011

Justin   |   No Comments » Posted on August 24, 2011

I presented to the 2011 MBA class last week on Information Security and Ethics. A copy of the presentation is uploaded for those who are interested.

Drop me a mail or tweet if you have questions on anything or need more info.

Download here : security and ethics 2011 UKZN mba Aug 2011.pdf

Written by Justin Research, Security   |   Tags: , , ,

ISACA Annual Conference 2010

Justin   |   3 Comments » Posted on August 30, 2010

Dates:   13 to 15 September 2010
Venue: Indaba Conference Centre, Fourways/Johannesburg

Over the last few years the ISACA SA Conference (#isaca2010) has drawn between 230 – 260 delegates. High profile local and international speakers provide delegates with insight into the latest developments in the IT, security and governance.  The 2010 conference has 3 streams of presentations and focuses on the latest strategies to address business, managerial, operational, auditing and security challenges associated with information technology and information systems. The conference topics are applicable to a wide range of attendees from CEO’s and CIO’s through security, audit, risk and IT professionals.

Follow @isacaza on twitter for #isaca2010 conference news and updates

Attendance
Should you be interested in attending the conference use the online booking facility at the ISACA website or contact Nadine on admin@isaca.org.za.

See you there for another great conference.

Written by Justin Events, ISACA, Johannesburg, Security   |   Tags: , , , ,

Upcoming ISACA chapter meetings in East London and Jhb #in

Justin   |   1 Comment » Posted on August 13, 2010

There are two chapter meetings coming up in East London and Johannesburg in the next few days. Hope to see lots of people there. I personally hope to attend the Jhb meeting, travel plans allowing.

East London

Date: 18 August 2010 at 2:30 pm
Venue: PricewaterhouseCoopers , Palm Square office park , Acacia House , Bonza Bay Rd , Beacon Bay

1) Andrew William Mpofu will be presenting: “Information Security as a strategic business asset”
2) Chris Knox will be presenting: “Information Security Risk Assessment methodologies”
3) Networking & Refreshments

Johannesburg

Date : 24 August 2010  5pm Registration with the event starting at 5:30pm

Venue : PriceWaterhouseCoopers offices in Sunninghill, Johannesburg

1) Jason Gottschalk will be presenting on “Access Governance – The precursor to Identity and Access Management”.

2) Gerhard Hechter, PKF will be presenting on “Taking risks cleverly / Business intelligence”

Attendance

To confirm attendance to either of these meetings please contact Nadine on 011-8030803 or admin@isaca.org.za

Congratulations

Lastly, congratulations to all those who wrote and passed CISA, CISM and CISSP. I believe results for all 3 were released today.

Written by Justin East London, Events, ISACA, Johannesburg, Security   |   Tags: , , , , , , ,

Paying the rent

Close block

Paying that rent

Close block

Post history

Close block
July 2015
S M T W T F S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: