DNS, DNS what is your name?

- A little poem of DNS visiting DNS-OARC 27 in San Jose, CA

As I sitting quietly on the metal chairs, a tap on my shoulder 
asking “DNS, DNS what is your name?”
I quickly responded “I am not playing your game?”
Don’t you really know I am cybersecurity, 

Data analysis - Clustering using euclidean distance

Recently our ability to gather large amounts of complex data has far outstripped our ability to analyze them.  Although our human brains can process data in complex ways but it does not scale when it comes to large volumes of data. Clustering is one way to distill data to some groups and understand relationships within the dataset.  Clustering is used in many scientific research fields such as natural science, genetics, politics and of course in sales and marketing.  I recently published a blog on analysis performed using euclid distance and clustering at my work SEI for cybersecurity- link here.  Here I am going to simply explore the mechanics of using Euclid distance for clustering using some simple Python code and examples.  Don't worry, it is simple Math hopefully once you walk through this sample.

The phishing game new tactics

I recently came across a very well formatted phishing email with a valid SSL certificate and close enough domain name to PayPal - paysnal.com that caught my attention.  The techniques are age old as in the real world of fishing - the lure, the distraction and the impersonation.  Like in the real world of fishing - what a fish considers a day-to-day normal business (like fish eating worms), can be a successful trap (death for the fish).  Let me explore this to show how the story unfolded

Information Security Strategy

In the few encounter I have with C-level executives, I find that most of information security investments (both engineering and its operations) are done with very little strategy.  My attempt here is to target C-level executives with a model and a set of standards with nomenclature to enable strategic decision making.  It is important to note that this strategy will require some fine tuning by project managers, solutions architects and others for each organization.  The focus here is to ensure The CEO, CIO, CISO and CTO can have the right toolkits and an abstract model to drive the information security needed for a mid to large enterprise.

"Strategy a deliberate, conscious set of guidelines that determines decisions into the future".

- adopted from "Patterns in Strategy Formation" Henry Mintzberg 

Uncovering a code injection attempt via user-agent

After a long time, I took some time to analyze results of monitoring I put in place for my website. The data is collected from an apache module to track user agent string that were scanning for "Wordpress" looking URL's in my webserver..   I just pulled some recent ones to see if code injection is still being attempted! Let's see

So you want to disable SSLv3?

Recent vulnerability released by Google called Poodle - puts security administrators to scramble keeping up with "heartbleed", "retiring of SHA-1" and "removal of SSLv3"  As I come from the solutions and enterprise architecture background, I get pinged by these questions about the real risk and impact of implementing these security enforcement's.

Integrating Google's BigQuery into your Security Operations Center (SOC).

In your security operations it is not uncommon for you to require access to some large datasets and analyze them.  The obvious answer is to store them in a bigdata solution.  If you are in the business of building your own bigdata solution, you find many technical details as distractions to running your core service - security analysis in this case.

Overcoming your CDN provider in web logs

As I consult with clients on security incidents in large organizations, they always puzzled by an incident that shows all their web attacks as originating from either Akamai or Amazon.  This is typically due to some reconfiguration of application services to be distributed using a CDN (Content Delivery Network).  It is not surprising for organizations like Target after a large breach incident to sift through millions of logs only to find attacks appear to have come either through a trusted service provider (like Akamai) or through a partner.

DNSSEC maintenance tools

DNSSEC has a reasonable effort for one time setup but even more pain comes in managing the keys, expiry and updating your keys and then adding DS (Delegation Signer) keys with your provider or DLV (DNSSEC Look-aside Validation) to the less ideal DLV. system.

Inconvenience != Security

Many people have suggested idea for how they can better secure their users from doing stupid mistakes and ask for my opinion.  Most of these ideas (IMO) seems to add just inconvenience to the user without improving security.  So, my quote for this has been

"While security is not convenient, just inconvenience is not security either!"