Create an account

Welcome, Guest
You have to register before you can post on our site.



Search Forums

(Advanced Search)

Forum Statistics
» Members: 14
» Latest member: jacksoner
» Forum threads: 192
» Forum posts: 207

Full Statistics

Online Users
There are currently 3 online users.
» 0 Member(s) | 2 Guest(s)

  Cisco Creates Architecture To Improve Security And Sell You New Switches
Posted by: MarioMaiato - 04-18-2024, 11:15 PM - Forum: Switches and VLANS - No Replies

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

Cisco has developed a product called Hypershield that it thinks represents a new way to do network security.

The core element of Cisco's plan is the deployment of "enforcement points" – essentially teensy firewalls that can run on a server, or in data processing units (DPUs, aka SmartNICs) installed in servers or networking hardware.

Enforcement points are made aware of the applications they observe and known good behaviors of that software. They're also kept up to date with info about new vulnerabilities or attacks – thanks to the work of Cisco's security intelligence teams, which distil oodles of signals gathered online using AI.

Armed with info about what an app should be doing, and attacks that could change its behavior, enforcement points check for anomalous behavior. When the software finds it, it can do a couple of things.

One is inform admins about which apps need patching.

The other is to implement a "compensating control" that protects the app – essentially by creating new network segments that don't allow dangerous traffic.

Tom Gillis, senior veep and general manager of Cisco's security business, suggested those controls could be actions like blocking access to a known dangerous URL identified to be part of a cyber attack. Compensating controls can be set running wherever they're needed on a network, reconfiguring it on the fly to harden against a live attack.

Gillis revealed that enforcement points run two data paths. One is the equivalent of a production system that has been tested and found to work without issues.

The enforcement point also runs a "shadow path" – basically a beta of its most recent update. The shadow path runs on live data and uses AI to test whether the update is working as expected.

If those automated tests check out, the enforcement point manages its own lifecycle by making the shadow path the production path, and installing the next upgrade to test in the shadow path.

That automation, Gillis told The Register, should be welcomed by beleaguered security and net admins. He thinks it will also be welcomed in industries like healthcare that can't easily update devices with security vulnerabilities – because they just don't mess with hardware that keeps people alive. Self-updating networks and mitigations that keep those machines safe is Cisco's alternative.

Kernel games and DPU delights
When running on a server, enforcement points use the eBPF tech Cisco acquired along with Isovalent. The extended Berkeley Packet Filter (eBPF) allows developers to run code in sandboxed programs that run in a privileged context – such as the operating system kernel – and allows the addition of capabilities to an OS.

The eBPF implementation Cisco used for Hypershield is lightweight, but still uses one or two percent of a CPU's capacity.

Which is why Cisco can also run enforcement points on DPUs/SmartNICs – an arrangement that isolates them further and relieves the burden on server CPUs.

Cisco will also build switches to run DPUs, making it possible to apply enforcement points on each port in a switch.

Gillis explained that Cisco chose this approach after working with hyperscalers who run DPUs, but tired of having to attach them to every server in a rack. Shifting DPUs into a top of rack switch delivers the same benefits, he said, but shrinks DPU fleets and therefore also the cost of acquiring and operating the cards.

Cisco is happy for Hypershield to use DPUs from any vendor, running in servers from any manufacturer.

But only Cisco networking hardware can run DPUs and Hypershield – and that hardware doesn't exist yet.

Once it debuts, Cisco will pitch its DPU-enabled switches as a fine upgrade to both your network and your security.

"Every time a customer refreshes hardware, it becomes a new enforcement point," Gillis enthused.

There is an element of evil genius here, because switching is commodified so devices seldom need to be replaced – except when networks expand and/or new bandwidth-intensive apps come along. For those not yet dabbling with demanding workloads like AI, Hypershield may be the best reason in years to consider new networking hardware purchases.

Hypershield will be licensed per "workload" – a Cisco metric based on core count and other factors. A cloudy app will serve as the management console.

Gillis was at pains to describe Hypershield as a security architecture expressed in software – not just software appliances replacing networking boxes. "This is not a VM of an existing firewall," he stressed. "It is a new architecture from the ground up."

Hypershield will debut in August with its eBPF incarnation. Other elements will follow over time.

And before you ask: "Hypershield" – Cisco really went there for the name?

Print this item

  SpaceX Preps For Global Tests Of Cellular Starlink System
Posted by: MarioMaiato - 04-12-2024, 01:55 PM - Forum: Smart Phones. Android, iPhone - No Replies

The company asks the FCC for clearance to test the cellular Starlink technology in several other markets, including Australia, Canada, Japan, and New Zealand.

SpaceX is asking for regulatory clearance to expand testing for its cellular Starlink system outside the US, including Canada, Australia, and Japan.

The company has requested the special temporary authority from the FCC, according to a new regulatory filing. The goal is to test the cellular Starlink technology outside the US for 180 days starting on May 1.

During the tests, SpaceX will beam the internet connectivity from the company’s “Direct to Cell” satellites to unmodified phones on the ground. In the US, SpaceX plans on delivering the broadband through AT&T. But elsewhere, the company has struck partnerships with local carriers, with the aim of using their licensed radio spectrum to send the internet data to customers' phones.

SpaceX has already reached deals with seven carriers, including Rogers in Canada, Optus in Australia, and KDDI in Japan. The company’s FCC filing also notes it could expand the cellular Starlink testing to four other markets, including New Zealand, Chile, Peru, and Switzerland. In each country, though, it’ll also need to secure authorization “from the relevant local administrations" before testing can start, the company said.

“Testing will likely continue until SpaceX has received commercial authority to deliver supplemental coverage from space from the commission and the relevant local administration,” SpaceX added in the FCC filing.

Print this item

Information Starting December 1st Google Will Start Deleting Old Accounts
Posted by: MarioMaiato - 04-01-2024, 10:56 PM - Forum: General Support - No Replies

Google is about to go on a purge for security purposes — save your old account by signing in by December 1.

t’s the last call to keep any Gmail accounts you haven’t used recently.

Beginning December 1, Google will start deleting accounts that have been inactive for two years, including all associated photos, Drive documents, contacts, emails, and calendar entries. The tech giant first announced this change in their inactivity policy in May.

Google confirmed to Computerworld that it’s proceeding with the deletion plan. “We plan to roll this out slowly and in phases, not all at once,” spokesperson Christa Muldoon said. “We'll be starting with accounts that were created and never used.”

Separate Gmail accounts held by the same user under different names are also subject to deletion, Muldoon said.

In a blog post, Google said they're removing accounts that haven't been used in a while because these accounts can be less secure. The old accounts might have previously used passwords or no extra security steps like two-factor authentication. The first accounts to go will be ones that someone created but never used again.

If you don't want your Google account deleted, log in and use something like Google Drive, Google Photos, Gmail, or Google Play. You can do simple things like send an email, download an app, search on Google, or watch a YouTube video to show you're still using the account. Your account won't be deleted if you have a Google One subscription or other active app subscriptions.

Google will warn people several times before they delete their accounts. This notice allows you to save your stuff using Google's Takeout service or other places to save files like Dropbox or Microsoft OneDrive. Google’s Inactive Account Manager allows users to choose what happens to their account and data if it becomes inactive for up to 18 months. When signing up, users can opt to send specific files to chosen trusted contacts, set up an autoresponder in Gmail, or decide to delete their account altogether.

If you have an old Google account and can't recall the details, there's a way to recover it. Forgot your password? Use Google's password recovery tool. You'll have to answer a few questions to confirm you own the account. Can't remember the email address? Google's account recovery tool can help. You'll need the phone number or a recovery email linked to the account. Tips and links to account recovery resources can be found on the Google Account Help web page.

Google's recent changes to its inactivity policy will affect only personal account holders, not users with school or business accounts.

Print this item

  Working With WIreShark
Posted by: MarioMaiato - 03-29-2024, 10:50 PM - Forum: IT Security - No Replies

I would not claim to be a WireShark expert. I actually find it a little overwhelming. There is so much detailed information to process & understand.
But that being said, I think it is a great tool for looking at raw network data, especially when unusual network activity seems to be occurring. 

One thing I think helps is to have an internal DNS server or proxy DNS.  This way you can look at hostnames rather than IP addresses in the live streams. If DNS records do not exist for the devices involved, create static records for the devices not resolving.  Go to Edit, Preferences, Name Resolution, add your DNS server.  
With local DNS resolution configured and working, reading the data stream becomes much easier. Understanding the packet info is the key to getting the most out of WireShark.

Print this item

  New 'Loop DoS' Attack Impacts Hundreds Of Thousands Of Systems
Posted by: MarioMaiato - 03-26-2024, 08:37 PM - Forum: IT Security - No Replies

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk.

Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for Information Security said.

UDP, by design, is a connectionless protocol that does not validate source IP addresses, making it susceptible to IP spoofing.

Thus, when attackers forge several UDP packets to include a victim IP address, the destination server responds to the victim (as opposed to the threat actor), creating a reflected denial-of-service (DoS) attack.
The latest study found that certain implementations of the UDP protocol, such as DNS, NTP, TFTP, Active Users, Daytime, Echo, Chargen, QOTD, and Time, can be weaponized to create a self-perpetuating attack loop.

"It pairs two network services in such a way that they keep responding to one another's messages indefinitely," the researchers said. "In doing so, they create large volumes of traffic that result in a denial-of-service for involved systems or networks. Once a trigger is injected and the loop set in motion, even the attackers are unable to stop the attack."

Put simply, given two application servers running a vulnerable version of the protocol, a threat actor can initiate communication with the first server by spoofing the address of the second server, causing the first server to respond to the victim (i.e., the second server) with an error message.

The victim, in turn, will also exhibit similar behavior, sending back another error message to the first server, effectively exhausting each other's resources and making either of the services unresponsive.

"If an error as input creates an error as output, and a second system behaves the same, these two systems will keep sending error messages back and forth indefinitely," Yepeng Pan and Christian Rossow explained.

CISPA said an estimated 300,000 hosts and their networks can be abused to carry out Loop DoS attacks.

While there is currently no evidence that the attack has been weaponized in the wild, the researchers warned that exploitation is trivial and that multiple products from Broadcom, Cisco, Honeywell, Microsoft, MikroTik, and Zyxel are affected.

"Attackers need a single spoofing-capable host to trigger loops," the researchers noted. "As such, it is important to keep up initiatives to filter spoofed traffic, such as BCP38."

Print this item

  Key Lesson From Microsoft's Password Spray Hack: Secure Every Account
Posted by: MarioMaiato - 03-26-2024, 08:29 PM - Forum: IT Security - No Replies

In January 2024, Microsoft discovered they'd been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn't a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of an old, inactive account. This serves as a stark reminder of the importance of password security and why organizations need to protect every user account.
Password spraying: A simple yet effective attack
The hackers gained entry by using a password spray attack in November 2023, Password spraying is a relatively simple brute force technique that involves trying the same password against multiple accounts. By bombarding user accounts with known weak and compromised passwords, the attackers were able to gain access to a legacy non-production test account within the Microsoft system which provided them with an initial foothold in the environment. This account either had unusual privileges or the hackers escalated them.

The attack lasted for as long as seven weeks, during which the hackers exfiltrated emails and attached documents. This data compromised a 'very small percentage' of corporate email accounts, including those belonging to senior leadership and employees in the Cybersecurity and Legal teams. Microsoft's Security team detected the hack on January 12th and took immediate action to disrupt the hackers' activities and deny them further access.

However, the fact that the hackers were able to access such sensitive internal information highlights the potential damage that can be caused by compromising even seemingly insignificant accounts. All attackers need is an initial foothold within your organization.

The importance of protecting all accounts

While organizations often prioritize the protection of privileged accounts, the attack on Microsoft demonstrates that every user account is a potential entry point for attackers. Privilege escalation means that attackers can achieve their goals without necessarily needing a highly privileged admin account as an entry point.

Protecting an inactive low-privileged account is just as crucial as safeguarding a high-privileged admin account for several reasons. First, attackers often target these overlooked accounts as potential entry points into a network. Inactive accounts are more likely to have weak or outdated passwords, making them easier targets for brute force attacks. Once compromised, attackers can use these accounts to move laterally within the network, escalating their privileges and accessing sensitive information.

Second, inactive accounts are often neglected in terms of security measures, making them attractive targets for hackers. Organizations may overlook implementing strong password policies or multi-factor authentication for these accounts, leaving them vulnerable to exploitation. From an attacker's perspective, even low-privileged accounts can provide valuable access to certain systems or data within an organization.

Defend against password spray attacks

The Microsoft hack serves as a wake-up call for organizations to prioritize the security of every user account. It highlights the critical need for robust password protection measures across all accounts, regardless of their perceived significance. By implementing strong password policies, enabling multi-factor authentication, conducting regular Active Directory audits, and continuously scanning for compromised passwords, organizations can significantly reduce the risk of being caught out in the same way.

Active Directory auditing: Conducting regular audits of Active Directory can provide visibility into unused and inactive accounts, as well as other password-related vulnerabilities. Audits provide a valuable snapshot of your Active Directory but should always be complemented by ongoing risk mitigation efforts. If you're lacking visibility into your organization's inactive and stale user accounts, consider running a read-only audit with our free auditing tool that gives an interactive exportable report: Specops Password Auditor.
Robust password policies: Organizations should enforce strong password policies that block weak passwords, such as common terms or keyboard walks like 'qwerty' or '123456.' Implementing long, unique passwords or passphrases is a strong defense against brute-force attacks. Custom dictionaries that block terms related to the organization and industry should also be included.
Multi-factor authentication (MFA): Enabling MFA adds an authentication roadblock for hackers to overcome. MFA serves as an important layer of defense, although it's worth remembering that MFA isn't foolproof. It needs to be combined with strong password security.
Compromised password scans: Even strong passwords can become compromised if end users reuse them on personal devices, sites, or applications with weak security. Implementing tools to continuously scan your Active Directory for compromised passwords can help identify and mitigate potential risks.

Continuously shut down attack routes for hackers

The Microsoft hack underscores the need for organizations to implement robust password protection measures across all accounts. A secure password policy is essential, ensuring that all accounts, including legacy, non-production, and testing accounts, aren't overlooked. Additionally, blocking known compromised credentials adds an extra layer of protection against active attacks.

Specops Password Policy with Breached Password Protection offers automated, ongoing protection for your Active Directory. It protects your end users against the use of more than 4 billion unique known compromised passwords, including data from both known leaks as well as our own honeypot system that collects passwords being used in real password spray attacks.

The daily update of the Breached Password Protection API, paired with continuous scans for the use of those passwords in your network, equals a much more comprehensive defense against the threat of password attack and the risk of password reuse. Speak to expert today to find out how Specops Password Policy could fit in with your organization.

Print this item

Information Need A 100% Free Document Signing Solution?
Posted by: MarioMaiato - 03-20-2024, 02:33 AM - Forum: IT Security - No Replies

As per usual you need a utility and expect to run it for free & its not. Digisign also charges for frequent use. I was able to launch the URL bellow and sign over 20 documents. I never signed up, or signed in. 

I believe if you create an account you are then limited when choosing the free option. The limitation seems to be 3 documents per month.
Don't sign up or sign in, just sign and download documents galore for free.

Print this item

  OSI Gen2 Alarm System Installation Problems
Posted by: MarioMaiato - 03-08-2024, 01:02 AM - Forum: General Support - Replies (3)

I'm moving to a house with no prewired alarm system. In fact there is no alarm at all. I decided to purchase the OSI GEN2 Alarm system from Amazon for $300. 
When it arrived it seemed to have very easy to follow setup  instructions. I followed the instructions and added Smart Life application to my Android phone. Then with the OSI Alarm in WIFI discovery mode I tried to add the alarm to the Smart Life app. It would discover the alarm but fail to add it to the application. 

I tried resetting the alarm, I tried adding the alarm to the application manually and neither worked. I tried opening all ports and protocols on my firewalls for the IP Subnet of the WIFI. I set my Authentication to WEP2/Personal, I made sure there was no connection from the 2.4Ghz WIFI to Wifi5 or WIFI 6 & the 2.4Ghz WIFI SSID was clearly identified. None of this worked.

Then I assed a friend to use us phone, I created a hotspot with his phone and connected my phone to his hotspot. I was immediately able to add the OSI Alarm to Smart Life using the hot spot. When I disconnected from the hotspot I was still connected to the OSI Alarm and was able to arm and disarm the alarm system, get notifications on my smart phone about the alarm, control settings on the alarm from the Smart Life app.

Since disconnecting from the hot spot and using my own WIFI I was not able to rename accessories like sensors and motion detectors. Renaming these accessories is done on the smart life app and when saved appear in the OSI Alarm screen.  Is this a big problem? I would say no. Default names, custom names, they are just labels therefor in my opinion not important.

Regardless I would like the system to function 100%, so I have asked OSI support for assistance with this issue. Lets see what they come back with.

What you can take from this post is that the hotspot option is a good way to connect to the OSI Alarm when it does not work on your own WIFI network.  In my case I use two hardware firewalls and have enabled dozens of protections and limitations, 

As far as I know so far, the alarm system uses WIFI for its connectivity. I don't see why the internet has anything to do with it. Unless the Smart Life app and the OSI Alarm connect to internet resources. In this case there must be ports and hostnames or IP addresses that it connects to and transmits data, I allow most standard known ports outbound, it must be using non-standard/custom ports.

I will follow up when the accessories name change issue is resolved,

Print this item

  Google Chrome Testing A Feature That Hides Your IP Address From Websites
Posted by: MarioMaiato - 02-25-2024, 02:32 AM - Forum: IT Security - No Replies

IP Protection is now being tested in the Canary version of the browser.
Google is testing a new security feature that hides your IP address in the beta version of the Chrome browser, MSPowerUser reports. The feature is simply called “IP Protection” and will basically do what the name suggests, protect your IP address.

The new feature will hide your IP address when you’re logged into Google Chrome, limit what data suspected trackers can see about your online habits, and redirect some content requests through privacy servers instead of sending them directly to websites. It’s shouldn’t be anywhere near as effective as using a VPN, but IP Protection could be a very welcome feature for privacy enthusiasts indeed.

The IP Protection feature is so far only available on the early Canary preview version of Google Chrome. When it will be launched on the regular version of the browser is not yet clear.

Print this item

  The .INTERNAL Domain Could Be The New Name For Your Home Network
Posted by: MarioMaiato - 01-31-2024, 04:14 PM - Forum: DNS & DNS Hosting - No Replies

The lords of the Internet propose doing away with an old, confusing IP identifier.

Anyone who’s set up a router probably understands that the IP address “192.168.x.x” signifies your local IP address. Anyone who hasn’t…doesn’t. And the global nonprofit which oversees the Internet’s address space wants to remove the confusion with a new domain: .INTERNAL.

So what, you might be saying. Most routers handle this thing behind the scenes! But just as routers have begun taking this over, a new crop of AI apps have begun using local IPs as a server interface, making it relevant once again.

On January 24, the Internet Corporation for Assigned Names and Numbers proposed the .INTERNAL domain (noted by The Register) as a solution to the local IP issue.

“There are certain circumstances where private network operators may wish to use their own domain naming scheme that is not intended to be used or accessible by the broader Domain Name System, such as within closed corporate or home networks, ICANN wrote. “IANA currently has demarcated special blocks of private-use IP addresses for such applications, but there is no comparable designated private-use namespace in the DNS. This has resulted in operational practices including informal use of top-level domains that have the potential to conflict with the root zone, or other designated purposes.”

The Internet Assigned Numbers Authority (IANA) is a department of ICANN which assigns global IP addresses and zone management in the Domain Name System (DNS).

ICANN came down to two strings: .PRIVATE and .INTERNAL. It dropped the first because it felt that the term implied a higher degree of privacy, which isn’t true. ICANN will allow time for public comment, after which the board will vote on the adoption.

Again, it’s relatively rare for the average consumer to run into the local IP block in their daily activities. Some of the newer AI apps — variants of Stable Diffusion being one example — do, however. In those cases, installing the files creates a local “server” that you access via a Web GUI. While it’s still pretty clear that you’re pinging your own PC (virtually no one accesses a site via its numerical IP address) it’s not always clear to the average user that they’re not contacting a different server. The new .INTERNAL domain will try and make that crystal clear.

Print this item

Latest Threads
Cisco Creates Architectur...
Last Post: MarioMaiato
04-18-2024, 11:15 PM
SpaceX Preps For Global T...
Last Post: MarioMaiato
04-12-2024, 01:55 PM
Starting December 1st Goo...
Last Post: MarioMaiato
04-01-2024, 10:56 PM
Working With WIreShark
Last Post: MarioMaiato
03-29-2024, 10:50 PM
New 'Loop DoS' Attack Imp...
Last Post: MarioMaiato
03-26-2024, 08:37 PM
Key Lesson From Microsoft...
Last Post: MarioMaiato
03-26-2024, 08:29 PM
Need A 100% Free Document...
Last Post: MarioMaiato
03-20-2024, 02:33 AM
OSI Gen2 Alarm System Ins...
Last Post: MarioMaiato
03-15-2024, 06:41 PM
Google Chrome Testing A ...
Last Post: MarioMaiato
02-25-2024, 02:32 AM
The .INTERNAL Domain Coul...
Last Post: MarioMaiato
01-31-2024, 04:14 PM

Forum software by © MyBB Theme © iAndrew 2016