Professor Pax
- Company
- https://fifonetworks.com
- Personal Blog
- https://paxterrarum.com/blog
Remote tech support for small biz/residential. Licensed and insured. Ten percent of all revenue from CoSo clients will be donated to CounterSocial.
Joined May 2018
When A Loved One Dies – Data and Account Recovery
“My brother died. I’m calling you to get into his computer for me. He had a lot of money invested in the stock market, and we can’t find his will. We’re hoping there are clues on the computer.”
https://fifonetworks.com/when-a-loved-one-dies-data-and-account-recovery/
Things that make me happy: today I received a purchase order from a large client in a heavily regulated industry. It’s eight pages long. No, that’s not the part that makes me happy. The part that makes me happy is that an entire half page of the PO is for cybersecurity requirements. It’s nice to see companies take cybersecurity seriously enough that they’re monitoring their vendors for compliance.
#cybersecurity
Before installing a mobile app, do you ever take a moment to read the disclosure statement about the types of data collected? Here's one.
Notice that your biometric data is being collected. And no, you still can't change your fingerprint.
If your only security camera recordings are stored in the cloud, you need a new cybersecurity consultant.
And...
If your security camera system doesn't provide a way to keep a real-time local copy of everything the cameras record, you need a new security camera system.
Google's new Chromebook ad: "There has never been a ransomware attack on a Chromebook." Okayyyy, that's...
true...
BUT BUT BUT BUT BUT BUT .....
There is so much context missing from that ad.
#Google #cybersecurity #ransomware
I finished reading Sun Tzu's Art of War (again). It's popular in the cybersecurity community because there are some good analogies to be made relating to our war on cybercriminals. Be that as it may, I can't help but observe that Sun Tzu was a ruthless son of a bitch and I don't want to be like him.
#SunTzu #artofwar #cybersecurity
Yes, obscurity, camouflage, and hidden-ness really are respectable security tools.
Ask any spy.
Ask any cybercriminal.
Ask Sun Tsu.
Not a single open network in this apartment complex. A few years ago Wi-Fi routers shipped with an open network configured by default. I remember visiting my son in his apartment and being able to connect to any one of three open networks with good signal strength in his living room. Today, all Wi-Fi routers and APs are pre-configured with an authentication key.
Patch all the things.
"The breach occurred when a cybercriminal managed to exploit a known vulnerability in HPMB’s Microsoft Exchange email server. Although Microsoft had issued patches for this specific vulnerability months earlier, HPMB did not apply them in a timely manner."
I've been working on SonicWall firewalls for about 14 years now, and I still look up the SonicWall Knowledge Base article to follow the steps for whatever it is I'm doing.
I don't work on them every day. It's not like I have a national retail network with hundreds of firewalls (did that with Meraki, and didn't touch them every day, either). Because I don't work on them every day, I wish the SonicWall configuration was a little more intuitive.
I just registered for the Seattle Bsides Security Conference on May 20 at the Microsoft Campus in Redmond, Building 92. If you're going to be there, let me know, and we can connect IRL.
https://www.bsidesseattle.com/
Less than 3 minutes, and there were 60 attempts blocked by the firewall. This goes on 24/7. Here’s the edited report and explanation.
One of my clients wanted me to block IP addresses from all but five countries.
The firewall is passive. In other words, it logs the event, but it returns no response to the IP address in the other country. A response would trigger additional activity.
If you make occasional online purchases from a retailer (as opposed to scheduled monthly recurring payments), don't check the box to allow them to save your credit card information. It's less convenient, but more secure, to enter your CC information for every single purchase.
Note to large companies: after you do the credit check, there's almost never a reason to keep the customer's Social Security number.
Delete them. Delete them all. Do it now.
Your password, no matter how complex, is never safe from a brute force attack.
Assume a password chart that says a password with your complexity criteria will take 30 days to crack. That means half of all passwords with your complexity criteria will be cracked in the first 15 days.
3.33% will be cracked on Day One.
And some passwords with your complexity criteria will be cracked in under 10 seconds.
SOLUTION
Use 2FA as well as a complex password.
The #Cybercriminal's #Thanksgiving List:
Unpatched #servers
Older operating systems
Companies with no commitment to #Cybersecurity Awareness Training
Companies that haven't implemented #2FA
Users that don't activate 2FA
Users that over share personal details on social media
Weak #password policies
Single Sign-On for lateral movement
#Centralized data storage
Saved #RDP credentials
#CEOs who say no to the #CISO's budget requests
Understaffed security departments
It's important that you understand the difference between a VPN and an IP address obfuscator ("anonymizer").
They are not the same thing. Unfortunately, the people who offer free or inexpensive VPNs to consumers won't explain it to you.
In fact, they profit from the confusion.
I’m getting more spam email from domains ending in .co.uk that from gmail.com. There are several compromised domains, it’s not just one.
Defense: I created a rule in Outlook that sends all email with .co.uk in the header to a separate folder. I can look through that folder rapidly for any legitimate email, and then delete everything else. Sorry, UK friends!
I am now getting replies and retweets about #ItalianNetworkDesign on the bird site.
Most recent post: "At the highest implementation of the #ItalianNetworkDesign model, workers have no access to the data, only data results. Example: call center employee can’t look at your SSN, but they can enter your SSN and the system will confirm, 'Yes, that’s correct.'”
I'm having the pleasure of teaching new skills to some of the I&C team at the Southern Power Training Center this week.
The rain stopped long enough for me to get my picture taken. It is RAINING here!
#scada #networks #ics #cybersecurity #training
Professor Pax
- Company
- https://fifonetworks.com
- Personal Blog
- https://paxterrarum.com/blog
Remote tech support for small biz/residential. Licensed and insured. Ten percent of all revenue from CoSo clients will be donated to CounterSocial.
Joined May 2018