Monday, 11 February 2019

Russia prepares to disconnect its Internet

In December 2018, Russia passed a law mandating that ISPs must be able to disconnect the Russian Internet space (Runet) from the rest of the Internet, in case of foreign aggression. They also mandated that ISPs forward traffic to the Russia's telecoms watchdog for inspection.

The apparent preparations by countries such as Russia and China for cyberwar are concerning. Russia, China, Iran and North Korea, amongst others, can easily cut themselves from the rest of the global Internet to protect themselves. Western countries, such as the US and UK, are far less able to do this.

Saturday, 26 January 2019

Vulnerable Cisco routers

A recent The Register article describes some security flaws in the Cisco RV320 WAN routers.

Recently I've been asked, by customers, about running devices in their network that are now end of life and no longer supported by the vendor. Although these RV320 routers are not obsolete and security patches are therefore available, this is the sort of vulnerability that could cause a major problem if security patches are not available. I would therefore recommend that only vendor supportable infrastructure is deployed in a network, even if the devices only appear to be basic devices, such as a switch.

Wednesday, 16 January 2019

Do SIM Swap Attacks make 2FA useless?

Interesting Wired article on SIM swaps. Allegedly, an attacker convinced AT&T to forward a cryptocurrency victim's calls to the attacker's SIM. They're now seeking over $200 million in damaged.

However, my interest in SIM swaps was due to some of the recent discussions about why 2FA using SMS messages is pointless, as a SIM swap attack allows an attacker to circumvent the control. Although this is obviously possible, it still takes considerable effort on the part of the attacker and it's therefore only likely to be used in a targeted attack. For protecting accounts from opportunistic attacks, I think this still remains a very viable option. An authentication app, like Google or Microsoft Authenticator, would obviously be much better.

Sizing a Next-Gen Firewall

Good article by Andres Herrera of Fortinet. Applies to all vendors.