Thursday, December 17, 2015

The phishing game new tactics

I recently came across a very well formatted phishing email with a valid SSL certificate and close enough domain name to PayPal - paysnal.com that caught my attention.  The techniques are age old as in the real world of fishing - the lure, the distraction and the impersonation.  Like in the real world of fishing - what a fish considers a day-to-day normal business (like fish eating worms), can be a successful trap (death for the fish).  Let me explore this to show how the story unfolded

Tuesday, November 10, 2015

Information Security Strategy


In the few encounter I have with C-level executives, I find that most of information security investments (both engineering and its operations) are done with very little strategy.  My attempt here is to target C-level executives with a model and a set of standards with nomenclature to enable strategic decision making.  It is important to note that this strategy will require some fine tuning by project managers, solutions architects and others for each organization.  The focus here is to ensure The CEO, CIO, CISO and CTO can have the right toolkits and an abstract model to drive the information security needed for a mid to large enterprise.

"Strategy a deliberate, conscious set of guidelines that determines decisions into the future".

- adopted from "Patterns in Strategy Formation" Henry Mintzberg 

Saturday, November 7, 2015

Uncovering a code injection attempt via user-agent

After a long time, I took some time to analyze results of monitoring I put in place for my website. The data is collected from an apache module to track user agent string that were scanning for "Wordpress" looking URL's in my webserver..   I just pulled some recent ones to see if code injection is still being attempted! Let's see

Friday, October 30, 2015

IPv6 geolocation in database

IPv6 popularity is grown to the extent that I have about 15% of my visitors to my website and tools download to be using dual stack.  It is time for me to get a handle on these IPv6 using some geolocation to identify the users.

Thursday, October 15, 2015

Why choose an Enterprise Architect?

As one who has come from electrical and computer engineering with experience building infrastructure from instrumentation to Information Technology, I find it hard to explina to people what I actually do as an Enterprise Architect.  As you can guess there are major misunderstandings when people hear the word "Architect" or "Architecture."

Saturday, September 19, 2015

SilkWeb - Netflow via Webservices

 "Your  security operations or network operations tools cannot run in isolation anymore. True SOC operations is about cohesion of data." 

The common need I get from many Network & Security Operations Centers (NOC & SOC) analysts is their wish to integrate data from their various feeds into UI frameworks and dashboards.  How about NetFlow data itself, NetFlow basically is (at a minimum) a 5-tuple summary of network traffic that crosses your perimeter (firewall or router).  If your NetFlow data goes into a database there are a few tools to translate your database queries to JSON/XML and make these available over webservices.   In this blog I am introducing a project that will help expose SiLK NetFlow data over webservices JSON/XML/CSV to able to integrate SiLK data into your NOC/SOC dashboard with some basic examples. The project is in GitHub called silkweb.

Wednesday, May 13, 2015

IP address tools in Javascript

In my earlier blog I put a set of tools together for IPv4 address manipulation for sqlite,oracle and even Excel. How can I forget the simple tools needed in Javascript.  Changing IP address to long integer, subnet mask to IP address range, have all become a necessity to daily security operations people.  So here is what I have cooked up.