Thursday, April 28, 2016

You Never Know When...

An old article gets new life. #TBT

Back in 2012 I wrote an article titled Bait Phone. It was about cops dropping mobile phones with a tracking device and following the stealing culprit for an arrest. Like Bait Car but with a smartphone.

Over the weekend, I noticed that the article was blowing up but couldn’t figure out why:

I even tweeted out on Monday:

At the time, I didn't realize something else was at play.

Then I decided to do a twitter search:

And found that a video with the same name as my blog post was trending: Bait Phone 2 - basically a stun gun with a remote. Over 2.2 million YouTube views in less than a week. It’s a prank video where they have a remote zapper to sting the culprits when they grab & walk away with the phone. One guy - who had it in his pocket - denied taking it until he was personally shocked.

When I did a Google search over the weekend, my article was still at the top but now the article is like #13 listed (maybe even lower) and the video has taken the top spot.

But you never know when an old article might pop due to some other circumstances. At least folks are reading it and not totally bailing!

Fun stuff.


ps 

Tuesday, April 26, 2016

The Dangerous Game of DNS

The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup, loading complex sites necessitates hundreds of DNS queries.

And because of that, DNS is a precious target and only lags behind http as the most targeted protocol.
DDoS-ing DNS is an effective way to make the service unavailable. As the flood of malicious DNS requests hit the infrastructure, the service can become unresponsive if there is not enough capacity. Organizations can add more servers or turn to their cloud-based security provider for help. One of the strategies cloud-based security providers use to shield DNS is DNS redirection. Cloud providers will divert incoming traffic to their own infrastructure, which is resilient enough to detect and absorb these attacks. The success of this strategy however depends on how well the website's original IP address can be shielded. If the bad guy can find that IP address, then they can get around the protection.

So is DNS redirection effective? Researchers decided to find out.

Scientists from KU Leuven in Belgium built a tool called CLOUDPIERCER, which automatically tries to retrieve websites' original IP address, including the use of unprotected subdomains. Almost 18,000 websites, protected by five different providers, were part to the team's DNS redirection vulnerability tests. In more than 70% of the cases, CLOUDPIERCER was able to retrieve the website's original IP address - the precise info needed to launch a successful attack.

Researchers did share their findings with those cloud-based providers and have made CLOUDPIERCER freely available for organizations to test their own DNS infrastructure.

In another DNS scam, a new version of the NewPosThings PoS (point of sale, not…) malware is using DNS rather than http/https/ftp to extract data from infected PoS terminals. This is an interesting twist since most security solutions monitor http/https traffic for suspicious activity. Anti-virus doesn’t necessarily watch DNS and admins cannot simply turn off DNS since they need it to resolve hostnames and domains. Seems like a clear shot.

The newest version of NewPoSThings is nicknamed MULTIGRAIN and it only targets (and infects) one specific type of PoS platform: The multi.exe process, specific to a popular electronic draft capture software package. If the multi.exe process is not found the malware moves on. Once inside, the malware waits for the Track 2 credit card data and once it has the data, it encrypts and encodes it before sending to the bad guy via a DNS query.

The use of DNS for data exfiltration on PoS devices is not new and shows not only how attackers can adjust to different environments but also, that organizations need to be more aware of their DNS traffic for potential anomalies.

BIG-IP could also help in both instances.

For the redirection issue, BIG-IP or our Silverline Managed Service offers Proxy mode with DNS redirection. With Routed Mode, we offer BGP to Silverline then Generic Routing Encapsulation (GRE) tunnels or L2VPN back to the customer to mask the original IP address.

For the PoS malware, BIG-IP can utilize a DNS response policy zone (RPZ) as a firewall or outbound domain filtering mechanism. An RPZ is a zone that contains a list of known malicious Internet domains. The list includes a resource record set (RRset) for each malicious domain and each RRset includes the names of the malicious domain and any subdomains of the domain.


When the BIG-IP system receives a DNS query for a domain that is on the malicious domain list of the RPZ, the system responds in one of two ways based on your configuration. You can configure the system to return an NXDOMAIN record that indicates that the domain does not exist or return a response that directs the user to a walled garden.

BIG-IP returns NXDOMAIN response to DNS query for malicious domain

BIG-IP forwards DNS query for malicious domain to walled garden

DNS is one of those technologies that is so crucial for a functioning internet, especially for human interaction. Yet is often overlooked or seems to only get attention when things are broken. Maybe take a gander today to make sure your DNS infrastructure is secure, scalable and ready to answer each and every query. Ignoring DNS can have grave consequences.

ps

Related:

Wednesday, April 20, 2016

You’re Getting Under My (e)-Skin

Imagine if the temporary tattoos that come in a box of Cracker Jack (if you’re lucky) had an electronic display logo that lights up when you put it on. Or a fitness tracker that you tape to yourself rather than wearing it around your wrist. Or a watch so thin that it lights the time while blending into your skin. Or even, a sensor that can be applied directly to an organ to determine health.

This is the future for electronic skin. Yup, I said it: E-Skin.

Researchers in Japan have developed an ultra-thin and ultra-stretchy material that can mimic the flexibility of human skin. Ultraflexible organic photonic skin is an organic polymer with light-emitting diodes (PLEDs) or small sheets of energy-efficient lights that are laminated right on the skin. These are intended to equip the human body with electronic components for health-monitoring and information technologies. These are transparent but when powered with electrical pulses, it’ll emit a colored light, number or letter depending on the implementation. The arrangement of PLEDs can also display more complex information. They also report that this PLED film produced less heat and consumed less power than previous e-skin samples.

The interesting thing here is that they used organic materials, added an extra layer of film to protect it from oxygen and water, so it lasted several days. Past organic efforts lasted less than a day due to air exposure. Today, non-organic materials used to make super-thin tattoo-like monitoring devices can last weeks or longer.
These advancements will only fuel the health care wearable market which is growing exponentially.

Research firm Tractica released findings from its report ‘Wearable Devices for Healthcare Markets’ that show worldwide shipments of healthcare wearables will increase from 2.5 million in 2016 to 97.6 million in 2021…or $17.8 Billion in yearly revenue. The general wearable device market will increase from 85 million units in 2015 to 559.6 million units by 2021 - a compound annual growth rate of about 37%.

If you thought the influx of data center and cloud traffic from mobile was big, just wait until all our body vitals start hitting the wire. Add that to all the other IoT initiates, like home/automotive, big data suddenly turns into ginormous data.

While we may instantly think about the fitness trackers and smartwatches that garner our bodies, the health care industry is also looking at the treatment of chronic diseases, wellness programs, remote patient monitoring and physician use. And there are other devices like posture monitors, connected wearable patches and pain management wearables that are gaining ground.

I can already hear the posture sensor barking, 'Stop Slouching!' and a pain patch that actually works instead of those menthol smelling globs – great idea!

ps

Related

Wednesday, April 13, 2016

Let the Training Begin!

A few weeks ago I mentioned that I was on a journey to getting properly trained and reacquainted with the more technical nuances of F5 solutions with the goal of achieving F5 Professional Certification sometime this year. In fact, most of F5’s DevCentral team is also shooting for certification and we’ve set up our study path.

As a refresher, F5 has a number of educational programs to help you get acquainted, get fully trained or become a Certified Professional with F5 gear. From free online courses to instructor led classroom seminars to challenging your knowledge with a certification, F5 can help you, as it is helping me, understand the inner workings of BIG-IP. I began at F5 University with the Getting Started series and was able to get through a number of modules at my own pace.

This week, the DC team is in Seattle at the Mother Ship and we decided to kick off our study prep while we’re together. This is for the initial 101-Application Delivery Fundamentals exam and we’re using Eric Mitchell’s excellent Study Guide as our guide. There is also an Exam Blueprint available that goes through the objectives of each section and gives examples of the types of questions asked. Um, what's the purpose and functionality of MTU and MSS again?

The 101-Application Delivery Fundamentals test is the first exam required to achieve F5 Certified BIG-IP Administrator status. All candidates must take this exam to move forward in the program. Successful completion of the 101 exam acknowledges the skills and understanding necessary for day-to-day management of Application Delivery Networks (ADNs). The 101 exam is not so much, how do you do this on a BIG-IP but more about the basics of the OSI model, networking, protocols, common traffic management/load balancing concepts, cryptographic services and application delivery platforms in general. The essential knowledge needed to deploy any application delivery controller.

We’ve decided to each take and prepare a section of the study guide and present to the team. We’ve set up weekly meetings and each week is an exam section. This week is the OSI model and (theoretically) in 5 weeks, we should be ready to take the exam. If you are prepping or planning to get certified at our Agility event in Chicago this summer, you and your team may want to consider that approach. All the learning benefits, with slightly less stress.

So that’s our most recent update as we continue on the certification path. If you’d like a step-by-step guide, including how to register and schedule your exam, check out Austin Geraci’s article Becoming F5 Certified - BIG-IP Administrator Certification - 101 & 201 Exams and/or join the F5 Certified! Professionals group on LinkedIn. Good stuff.


ps


Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, April 5, 2016

Plugging Data Leaks

Whether intentional or accidental, data leaks are a huge concern for organizations. And it has been for years. Going back to a 2004 survey from an IT security forum hosted by Qualys, found that 67% of security executives do not have controls in place to prevent data leakage, A December 2006 survey, Boston-based researchers Simon Management Group noted that some 78% of respondents said they were "very concerned" about data exposure. A 2010 article published by Trustwave on CSOonline.comsaid that 65% of leakage occurs due to the following combined methods: Microsoft SMB sharing, Remote Access Applications, and Native FTP clients.
And a recent informal survey conducted by the Avast Mobile Enterprise team at two healthcare technology events indicates that Data Leakage (69%) was the greatest security concern of Healthcare CISOs. Insider threats (34%) and Malware (28%) got silver and bronze.
Information seems to be the gold standard in today’s digital society and it comes in many forms. It can be personally identifiable information (PII) of customers or employees; it can be corporate or financial info; it can be litigation related; it can also be health care related and really, any data that should be kept secret…except from those who are authorized to view it.
According to Cisco, some risky behavior by employees can aggravate the situation. Areas included:
  • Unauthorized application use: 70% of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies' data loss incidents.
  • Misuse of corporate computers: 44% of employees share work devices with others without supervision.
  • Unauthorized physical and network access: 39% of IT professionals said they have dealt with an employee accessing unauthorized parts of a company's network or facility.
  • Remote worker security: 46% of employees admitted to transferring files between work and personal computers when working from home.
  • Misuse of passwords: 18% of employees share passwords with co-workers. That rate jumps to 25 percent in China, India, and Italy.
How can you reduce and mitigate some data leakage risks? BIG-IP can help shore up some areas.
The overall category of Data Loss Prevention (DLP) is a multi-faceted area of security that encompasses securing data storage, data transmission, and data in-use. Specifically, BIG-IP ASM focuses on the protection of data in-flight. For instance, ASM’s DataGuard is a method of protecting against SSN or CC# information from leaking out of back-end databases but ASM’s benefits in a DLP strategy extend well beyond that. DLP is concerned with unauthorized access to any private data, whether confidential personal or corporate information. ASM provides comprehensive protection against unauthorized back-end database access, by preventing the exploit of well-known vulnerabilities such as XSS, SQL-injection, cookie poisoning, etc. If you can’t even reach the info, less likelihood of it leaking.
No single product is going to provide a comprehensive, all inclusive DLP solution. HIPAA, PCI, and other regulatory standards are focused almost entirely on DLP. BIG-IP ASM, as a WAF, provides a vital part of any overall DLP solution in today’s security-conscious environment.
ps
Related:

Friday, April 1, 2016

The Land of the Partially Connected

Greetings from Ottertail County
Last week my family visited some relatives in Minnesota. Fergus Falls and Clitherall to be exact. Both are situated in Ottertail County – about half way up the state toward the Fargo, North Dakota side. While Fergus has a population of around 13,000, Clitherall claims 112 people and much of the area is farms, lakes, woods, nature and many of the locals are hunters, ice-fishers, farmers and people who love the great outdoors...even during the long, demanding winters. In the summer it is a quaint little resort town. There is a dirt road to get to my wife’s dad’s house and we even saw a couple eagles engaged in a talon lock while we were there. We always enjoy our stays. 
A decade ago, cell phone coverage was spotty but it has gotten better, albeit 2/3G in some areas, and most have access to the internet either by cable or satellite. But the internet, for some folks, is not as important or critical like it is for many of us ‘connected’ beings. Poppa Maggie’s house on Mallard Bay can get internet access but he doesn't want it. I’m sure many of you have experienced remote areas of the country where the grid is available but people choose not participate or simply use their mobile device for the few things that they need.
At one of the family gatherings - on a farm in a log cabin - our cousins were wide-eyed about all the ‘technology’ stuff we knew. While I asked about the family history and why they originally settled in that location, soon the discussion turned to wearables, data breaches, encryption and even the Fed’s iPhone situation. I remember Cousin Patty saying, ‘I’m just a simple farm girl and really don’t know anything about the internet or technology.’
I was a little jealous.
Granted, many of the large farms in America do use technology to track the herdmeasure moisture/water schedulescheck soil conditionsmaneuver tractorscheck grain silos and so forth. But these were small family farmers and didn’t have large contracts with nationwide distributors. Often, their crop is to simply feed the family and stock for the year and/or sell at local markets.
I told Patty that I was a bit envious of her situation and knowing all the ins and outs of technology can sometimes be stressful, anxiety filled and a burden. Always worried about being a target; insight on how cyber-crime works; knowing that nothing is totally secure until you unplug or disconnect it. I felt safer surrounded by trees, lakes, deer, bear, geese, and ducks…and with no computer connection. Add to that, they got me beat hands down for survival skills. They are craftsman, cooks, hunters, builders, agriculturalists, environmentalists, conservationists and hard working, good people.
BREAKING NEWS: It was tranquil and relaxing.
Like many of you, technology is part of my life, how I make a living and I’m not looking to hang up my RJ-45s any time soon. I have a great interest in how it is shaping our society and love exploring and explaining how a lot of it works. However, it is also important, to unplug every once in a while and experience some technology-free time. It clears the mind, slows you down and you might get to see the flirtatious free fall (or epic battle) of a truly majestic creature.
ps