tag:blogger.com,1999:blog-87467848929505743052024-03-08T07:16:09.442-08:00PacketNut; Confessions of an Enterprise Information Security ArchitectA blog for Security Architects, CISOs and anyone else responsible for protecting their organisation's information assetsTony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.comBlogger55125tag:blogger.com,1999:blog-8746784892950574305.post-36015437980743684112020-05-08T09:24:00.001-07:002020-05-08T09:24:58.492-07:00NIST Zero Trust Architecture<a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft2.pdf">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft2.pdf</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-82968105088312721412020-05-08T08:27:00.000-07:002020-05-08T08:27:02.245-07:00Identity Defined Security Alliance<a href="https://www.idsalliance.org/">https://www.idsalliance.org</a><div>
<br /></div>
<div>
<br /><br /></div>
Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-49471616159321343022019-12-26T07:39:00.001-08:002019-12-26T07:39:14.446-08:0012 Threat Modelling Techniques<a href="https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html">https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com2tag:blogger.com,1999:blog-8746784892950574305.post-60631231736837443592019-12-20T06:19:00.002-08:002019-12-20T06:19:37.532-08:00Zero Trust <a href="https://www.ncsc.gov.uk/blog-post/zero-trust-architecture-design-principles">https://www.ncsc.gov.uk/blog-post/zero-trust-architecture-design-principles</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-34950977081254188282019-11-24T22:27:00.002-08:002019-11-24T22:27:58.548-08:00We the Sales EngineersInteresting website / podcast etc. aimed specifically at sales engineers.<br />
<br />
<a href="https://wethesalesengineers.com/">https://wethesalesengineers.com</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-2782210475226778962019-11-03T01:28:00.001-08:002019-11-03T01:28:30.260-08:00OWASP Cyber Defence Matrix<a href="https://www.owasp.org/index.php/OWASP_Cyber_Defense_Matrix">https://www.owasp.org/index.php/OWASP_Cyber_Defense_Matrix</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-6235129775807346352019-10-14T14:02:00.002-07:002019-10-14T14:02:17.844-07:00Open Source SOC Tools <a href="https://information.rapid7.com/rs/411-NAK-970/images/building-powerful-security-arsenal.pdf">https://information.rapid7.com/rs/411-NAK-970/images/building-powerful-security-arsenal.pdf</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com3tag:blogger.com,1999:blog-8746784892950574305.post-76201538017882229332019-10-11T05:11:00.000-07:002019-10-11T05:11:03.463-07:00Tools to Implement SANS Top 20A few years out of date, but very cool paper.<br />
<br />
<a href="https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-1/">https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-1/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-7788924042496551022019-10-09T07:15:00.000-07:002019-10-10T07:38:58.278-07:00NIST standards800-30 - Guide for Conducing Risk Assessments<br />
<a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf">https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf</a><br />
<br />
800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy<br />
<a href="https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final">https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final</a><br />
<br />
<br />
800-39 - Managing Information Security Risk: Organization, Mission, and Information System View<br />
<a href="https://csrc.nist.gov/publications/detail/sp/800-39/final">https://csrc.nist.gov/publications/detail/sp/800-39/final</a><br />
<br />
800-53 - Security and Privacy Controls for Information Systems and Organizations<br />
<a href="https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft">https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft</a><br />
<br />
<br />
800-154 - Guide to Data-Centric System Threat Modeling<br />
<br />
<a href="https://csrc.nist.gov/publications/detail/sp/800-154/draft">https://csrc.nist.gov/publications/detail/sp/800-154/draft</a><br />
<br />
800-115 - Penetration Testing<br />
<br />
800-60: Volume 1: Guide for Mapping Types of Information and Information Systems to Security Categories<br />
<br />
<a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf">https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf</a><br />
<br />
<div style="font-family: serif; font-size: 20px; left: 180px; top: 305.78px; transform: scaleX(0.999749);">
NIST SP 800-53A,Guide for Assessing the Security </div>
<div style="font-family: serif; font-size: 20px; left: 602.9px; top: 305.78px; transform: scaleX(1.01647);">
Controls in Federal Information Systems</div>
Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-83913112680067666022019-10-08T00:32:00.001-07:002019-10-08T00:32:27.121-07:00MITRE ATT&CK FrameworkGood overview by Varonis:<br />
<a href="https://www.varonis.com/blog/mitre-attck-framework-complete-guide/">https://www.varonis.com/blog/mitre-attck-framework-complete-guide/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-83350318579006131872019-10-07T14:07:00.002-07:002019-10-07T14:07:44.429-07:00Information Commissioner's Office (ICO) Guide to GDPR<a href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/">https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-70835047850077779422019-10-06T08:14:00.002-07:002019-10-06T08:14:49.054-07:00NIST Cyber Threat Modelling<a href="https://www.mitre.org/sites/default/files/publications/pr_18-1174-ngci-cyber-threat-modeling.pdf">https://www.mitre.org/sites/default/files/publications/pr_18-1174-ngci-cyber-threat-modeling.pdf</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-39446916545967085492019-09-22T09:40:00.002-07:002019-09-22T09:40:39.578-07:00ISACA State of Cybersecurity 2019 report<a href="https://www.isaca.org/info/state-of-cybersecurity-2019/index.html">https://www.isaca.org/info/state-of-cybersecurity-2019/index.html</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-2434124465324458172019-09-22T07:10:00.001-07:002019-09-22T07:10:23.098-07:00Microsoft STRIDEThis is a useful blog post for threat modelling.<br />
<br />
<a href="https://www.microsoft.com/security/blog/2007/09/11/stride-chart/">https://www.microsoft.com/security/blog/2007/09/11/stride-chart/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-66939604315025824692019-09-08T02:42:00.001-07:002019-09-08T02:42:06.662-07:00IBM Buyer's Guide to MSSP<a href="https://www.ibm.com/downloads/cas/KPEG6J8Q?cm_mc_uid=25953344701415679350681&cm_mc_sid_50200000=46230891567935068106">https://www.ibm.com/downloads/cas/KPEG6J8Q?cm_mc_uid=25953344701415679350681&cm_mc_sid_50200000=46230891567935068106</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-77056541030768034382019-09-06T00:46:00.003-07:002019-09-06T00:46:46.024-07:00NIST 800-82 Industrial Control Systems<br />
NIST 800-82:<div>
<br /></div>
<div>
<a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf</a></div>
<div>
<br /></div>
Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-78065827652656656412019-09-06T00:46:00.000-07:002019-09-06T00:49:33.541-07:00NIST Cyber Security FrameworkGood 2019 paper on the NIST CSF:<br />
<br />
<a href="https://www.oas.org/en/sms/cicte/docs/OAS-AWS-NIST-Cybersecurity-Framework(CSF)-ENG.pdf">https://www.oas.org/en/sms/cicte/docs/OAS-AWS-NIST-Cybersecurity-Framework(CSF)-ENG.pdf</a><br />
<br />
<div class="page" title="Page 6">
<div class="section">
<div class="section">
<div class="layoutArea">
<div class="column">
<div class="page" title="Page 6">
<div class="section">
<div class="layoutArea">
<div class="column">
<span style="color: #1a1a1a; font-family: FuturaStd; font-size: 11pt;">The US identified 16 critical infrastructure sectors: Chemical; Commercial </span><span style="color: #1a1a1a; font-family: FuturaStd; font-size: 11pt;">Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials, and Waste; Transportation Systems; and Water and Wastewater Systems.</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-29402849315949796912019-08-13T23:35:00.000-07:002019-08-13T23:35:04.151-07:00MITRE ATT&CKHigh level overview of the MITRE ATT&CK model by Exabeam.<br />
<a href="https://www.exabeam.com/information-security/what-is-mitre-attck-an-explainer/">https://www.exabeam.com/information-security/what-is-mitre-attck-an-explainer/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-8387751178218659892019-06-09T02:11:00.001-07:002019-06-09T02:11:57.658-07:00SSL InspectionThe following gives a very good overview of the pros and cons of SSL inspection. Some I hadn't thought about.<br />
<br />
<a href="https://www.helpnetsecurity.com/2017/03/08/https-interception-di">https://www.helpnetsecurity.com/2017/03/08/https-interception-di</a>lemma/<br />
<br />
<br />
Good document from Symantec describing certificate pinning:<br />
<br />
<a href="https://www.symantec.com/content/dam/symantec/docs/white-papers/certificate-pinning-en.pdf">https://www.symantec.com/content/dam/symantec/docs/white-papers/certificate-pinning-en.pdf</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-52460971193803831012019-02-28T23:58:00.002-08:002019-02-28T23:58:47.577-08:00Colbalt Strike Vulnerability used against the Hackers<a href="https://hackercombat.com/vulnerability-helps-researchers-expose-malware-cc-servers/">https://hackercombat.com/vulnerability-helps-researchers-expose-malware-cc-servers/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-84370727200878961002019-02-26T00:04:00.003-08:002019-02-26T00:05:06.558-08:00Malware impersonates Google reCAPTCHA and undermines SMS 2FA<br />
<a href="https://hackercombat.com/malicious-recaptcha-pretending-to-be-from-google-creates-chaos/">https://hackercombat.com/malicious-recaptcha-pretending-to-be-from-google-creates-chaos/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-89435077416801499312019-02-16T01:51:00.003-08:002019-02-16T01:51:29.187-08:00About Azure ADBrief overview of Azure AD by JumpCloud:<br />
<br />
<a href="https://jumpcloud.com/blog/breakdown-azure-ad/">https://jumpcloud.com/blog/breakdown-azure-ad/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-43509668166433543022019-02-11T01:06:00.003-08:002019-02-11T01:06:53.371-08:00Russia prepares to disconnect its InternetIn December 2018, Russia passed a law mandating that ISPs must be able to disconnect the Russian Internet space (Runet) from the rest of the Internet, in case of foreign aggression. They also mandated that ISPs forward traffic to the Russia's telecoms watchdog for inspection.<div>
<br /></div>
<div>
The apparent preparations by countries such as Russia and China for cyberwar are concerning. Russia, China, Iran and North Korea, amongst others, can easily cut themselves from the rest of the global Internet to protect themselves. Western countries, such as the US and UK, are far less able to do this.</div>
<div>
<div>
<br /></div>
<div>
<a href="https://www.zdnet.com/article/russia-to-disconnect-from-the-internet-as-part-of-a-planned-test/">https://www.zdnet.com/article/russia-to-disconnect-from-the-internet-as-part-of-a-planned-test/</a></div>
<div>
<br /></div>
</div>
Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-36602903544478415692019-01-27T08:23:00.002-08:002019-01-27T08:23:49.641-08:00Compromising DNS to perform man-in-the-middle attack<a href="https://securityboulevard.com/2019/01/cyber-hijacking-campaign-sets-off-global-government-alarm-bells/">https://securityboulevard.com/2019/01/cyber-hijacking-campaign-sets-off-global-government-alarm-bells/</a><br />
<br />Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0tag:blogger.com,1999:blog-8746784892950574305.post-16653826117537411922019-01-27T08:21:00.002-08:002019-01-27T08:21:25.219-08:00Japan passes law to hack citizen's IoT devicesAn interesting development, Japan has passed a law so government employees can attempt to hack citizen's IoT devices, with a view to preventing attacks prior to the 2020 olympics.<div>
<br /></div>
<div>
<a href="https://www.zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices">https://www.zdnet.com/article/japanese-government-plans-to-hack-into-citizens-iot-devices</a></div>
<div>
<br /></div>
Tony Brownhttp://www.blogger.com/profile/02786414071265479739noreply@blogger.com0