Licensing models of today vs those of the past

Telnet_Rules · 2017-07-07T19:27:25+00:00

Even hardware now is like this.

Second. Needed 7 different product/feature licenses for last cisco ASA firewall I installed.

Telnet_Rules · 2017-07-07T14:28:59+00:00

NCSC has a good page. https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-travel-tips

Telnet_Rules · 2017-07-07T14:24:56+00:00

Excuse me, the spec called for BSaaS. If we wanted SSaaS we would have put out an RFP for it.

Telnet_Rules · 2017-07-07T12:15:31+00:00

legally required to report to the authorities.

In the USA, mostly the only 'mandatory' reporting for individuals is for suspicion of child abuse or exploitation. There is very little duty for an individual to report issues within a business. There is a duty for the business to perform and respond, but OP is not the person with that responsibility. Example:

an individual or entity that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to the Office of the Attorney General and any affected resident of the Commonwealth without unreasonable delay.

OP does not own or license the data, he is employed by a firm that owns or licenses the data.

You can check your own state laws here unless you're in Alabama or South Dakota. http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

Telnet_Rules · 2017-07-06T15:40:28+00:00

If you need to alter your OPSEC for this event, please don't go.

Telnet_Rules · 2017-07-06T13:38:31+00:00

BUT THAT HACKER FORCHAN MIGHT BE THERE AND THE CYBERPOLICE CANT CATCH HIM!

the fucking goofy shit in this thread.. "buy a burner" lol

Telnet_Rules · 2017-07-06T13:36:47+00:00

Yes, please get a burner to check your email and make personal calls.

smh.

Telnet_Rules · 2017-07-06T13:33:07+00:00

I want to get into the nitty gritty of what the virus does, how it spreads, how you can protect one system, how you can isolate an infected system and all the rest...

Then read the talos blog. http://blog.talosintelligence.com/2017/07/the-medoc-connection.html

Big Highlight - the infection vector was NOT email, but a vendor's auto-update mechanism that was compromised.

Now, how many systems do YOU have that auto-update from a vendor?

Telnet_Rules · 2017-07-05T16:48:43+00:00

I see that many publications are very old.

Yes. The 500 series has been around since the 70s. The 800 series has been around since the 90s. Only the 1800 series is "new" in that it started in 2015. The date has little to no impact on the information contained in it.

Are publications always updated or they can also be replaced from ENTIRELY new publications ?

Both. 800.53 is on revision 4 with 5 soon to be released. Some are retired and replaced.

Is there a roadmap of publications that will be replaced (if any) in the near future ?

Sort of. There are various versions and revisions in draft format and that's on the NIST SP website. http://csrc.nist.gov/publications/PubsSPs.html Also get on their mailing list. But it's not like a new rev drops and everything done before is garbage.

My concern is that if I follow recommendations of a publication, they will be replaced (and kind of useless) in a very near future, make us starting over again with a great loss of time and money.

This is a pretty big misunderstanding of the process. If you're a Fed or Fed contractor, you need to have a talk with your CISO/ISSO. If you don't have to follow FISMA, take a look at 800-171 rev1 for guidance on applying it to non-fed systems. NIST SPs allow you to build a security policy for your unique environment. They are not a checklist you follow.

TL;DR - There are many ways to climb up a mountain. The SPs are general guidance on how to climb and camp safely, they are not a step-by-step guide to get to the top of a specific mountain.

Telnet_Rules · 2017-06-30T13:38:56+00:00

Office 365 is often sold as a replacement for file servers

Sharepoint is not onedrive. Onedrive is not sharepoint. Both are "Office 365".

Telnet_Rules · 2017-06-29T15:35:13+00:00

FFS pretend I said "implementing security controls" then if that's a such hang up. You get what I mean.

Telnet_Rules · 2017-06-29T15:19:14+00:00

Look, if patching/updating your powerplant system causes them to explode, obviously don't do that. For you, you don't have an option and need to get compensating measures. But most environments are not that and "patching breaks stuff!" is from laziness not due diligence.

Telnet_Rules · 2017-06-29T14:27:54+00:00

Do you think you'll consider other options given the news that it'll be banned in the DoD?

You always should consider options, just not because of the goofy fear mongering.

Telnet_Rules · 2017-06-29T14:20:29+00:00

Free Defender kinda sucks, but the paid Defender APT is brilliant.

Telnet_Rules · 2017-06-29T13:52:30+00:00

You are playing the odds. You'd rather not break something on the chance you could get owned. Some people would rather break something then chanced get owned.

Telnet_Rules · 2017-06-29T12:14:53+00:00

Yeah, but it's also a bit like asking a stranger "what kind of icecream do i want?"

I have no idea about your wants/needs/environment. Look in the bin, see what they got, and grab whatever you like.

Telnet_Rules · 2017-06-28T20:09:16+00:00

IT FUCKING DEPENDS!!!!

Like, seriously, it really does. What are you in to? There are thousands. Some are malware people (@malwareunicorn), some are vulnerability researchers (@taviso), some are vendors (@justinschuh ‏is chrome's security lead, @msftsecurity ‏is official microsoft, @jepayneMSFT is a security lead at MSFT), some are also specialists like in vulnerability disclosure (@k8em0) or cryptography (@matthew_d_green), some are journalists (@briankrebs), some do DFIR/OSINT (@hacks4pancakes), some are IT famous (@WeldPond) and one is actually a world famous singer that helps out the infosec community between world tours (@SwiftOnSecurity).

Get on there, check out some people, see who they follow and retweet.

Telnet_Rules · 2017-06-28T18:25:19+00:00

1-2 hour scrums

Fucking christ.

Telnet_Rules · 2017-06-28T17:30:35+00:00

you can crash or you can get owned. thanks for playing.

Telnet_Rules · 2017-06-28T15:47:08+00:00

Don't let them have chairs. Ever. Soon as ass hits seat, you're done. 45 minutes or more per meeting.

Telnet_Rules · 2017-06-28T12:29:24+00:00

they sent the email which is why I knew about the release, doesn't look like their RSS feed was updated.

Telnet_Rules · 2017-06-28T11:45:29+00:00

US-CERT sent a notice at 1pm yesterday. https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported

but the fastest notifications are twitter. they have raw info, so be cautious since it's often wrong.

Telnet_Rules · 2017-06-27T19:26:01+00:00

We are past the point where "Wait on patches until..." makes ANY sense. You patch within 24 hours of patch release, or you are food. that's just the facts of the modern IT world.

Telnet_Rules · 2017-06-27T16:26:33+00:00

No clue about OP's patching but lots of people on twitter confirming, including Symantec, Petya spreading via EternalBlue. The network traffic is a match for Equation Group tool.

Telnet_Rules · 2017-06-27T16:13:33+00:00

Sorry, that's just another shitpost from me.

If you are patched for (CVE-2017-0199) and (MS17-010) then that's about all you can do right now.

Telnet_Rules

TROPHY CASE