Tuesday, October 6, 2015

Few of the things a successful manager does...

Being successful as a leader can be hard. As demands on leaders increase, there is less time to focus on making the changes you need to make to do the job successfully. It’s a significant challenge to overcome because as more is expected of you, you find you have less time for development, and yet, improving your leadership skills is more important than ever.

You have to learn on the job, make the most of your surroundings, and ask those around you for help. You have to enlist their support as you do your best to develop yourself, your people, and your teams. And, this is why I call leadership a “contact sport”.

Leadership Is a Contact Sport is a leadership development model that has worked for hundreds of thousands of people. The original study, published in 2004, included 86,000 people. We now have research from 250,000 people who confirm that this model works. It helps them become highly successful leaders.

How does it work? The Leadership Is a Contact Sport model is just eight steps: Ask, Listen, Think, Thank, Respond, Involve, Change, Follow Up. Following is a short description of each step.
  1. Ask:  Ask people "How can I be a better _______ (manager, partner, team member, etc.)?
  2. Listen:  Listen to their answers.
  3. Think:  Think about their input.  What does it mean?
  4. Thank:  Thank people for sharing this valuable feedback with you.
  5. Respond:  Respond positively when receiving input.
  6. Involve:  Involve the people to support your change efforts.
  7. Change:  Change isn't an academic exercise.  Act on what you learn. 
  8. Follow-up: Follow up regularly and stakeholders will notice the positive actions you’re taking based their input.

Saturday, August 15, 2015

Endian Firewall - How to limit access to "Peer to Peer networks"

Below method was built and tested for EFW Community 3.0. For the latest version refer to the Endian Firewall page.

Being a contributor to the Endian Firewall Community, EFW has always been more applicable for my projects compared to other distro's such as IPcop, or Pfsense etc. 

Though it has been rather easy to block sites and services like Flash videos (e.g. youtube), it's been a huge pain for us security admins to block the p2p traffic. In the early days it was quite easy to block such software being installed on client machines, but with the idea od BYOD and cosmopolitan domains there's no more a persistive uniform that can be enforced via Windows Server domain/client policies. 

So the matter is taken into the hands of network and IT security crowd, one more time. P2P or Peer to peer networking is a painful topic as you are already aware, though by default it uses UDP 6881, it has been made very easy to change it randomly or statically on a client software including port 80/8080. So, what is the solution ? To make a list of ports being used on your network and making a whitelist while dropping any other ? Perhaps that's possible on small networks, but what would be the case in larger networks such as 3000+ users ? Blocking every frikkin UDP port one by one / or even by ranges? I guess it would have longer time that trying to stop users one by one !

Good news is that some solutions are already built in into your Endian Firewall system (including the community version starting from 3.0). By default the functionality has been disabled, which you will need to enable it manually so that connections requests will be dropped by default DansGuardian and Squid can only handle the accessing of P2p sites and stop users from downloading .torrent files but it is still problematic with magnetlinks ; I will mention all below). But the bad news is there's no easy way of doing this. The last good news is, it Eureka! it works !

The fight against Peer-to-peer networking (eg. commonly known as torrenting) isn't an easy one as it has no specific IP address nor port. The information is updated constantly both on the friend and foe sides. So, the IT Security admins  constantly have to review and update their security measures accordingly.

In my lectures to companies and other audiences such alike, I persistently quote that bulletproof information security can be only achieved by a good and applicable information security policy that must be enforced upon the users in conjuction with the HR department and of course managers.

Network blocking is a merely a measure that will work until someone finds an alternative way of bypassing the walls and it's usually a matter of "time".


Let's get back to our topic:
  1. Firstly, referring to my previous blog HERE add the .torrent file extension to the blacklist of the Dansguardian. If you have not setup the Dansguardian content filtering please follow the steps on the page. Magnetlinks are managed differently, continue reading below
  2. While you are at it, it is a good idea to disable TOR network access as it's accounted for it's mischievous purposes.

    Here is how: Relating to blocking Tor using Squid, simply by disallowing access to numerical IP addresses.

    acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
    http_access deny CONNECT numeric_IPs all

    Also remember to add the tor server IP addresses to the banned networks in your EFW interface, the update list can be found from HERE.

    And now users will not able connect to tor network (can't create sockets). Still, I as I stated before you have to keep an eye on the updated lists as they change randomly.

    To disable .torrent sites and other filesharing sites:
  3. Goto your EFW web interface to the Proxy > Webfilter, then select the desired profile and click on the "Filter pages known to have content of the following categories (URL Filter)" link to reveal the list of known sites categories to allow/disallow.
  4. Then in the shown list select category Hacking & Wares by clicking on the green sign next to it (it will turn red).
  5. Also it's a good idea to select Webproxies & Tunnels category as well. (If you have users using authorized vpn connections to outside, you will have to add their IP's to the safelist/whitelist) -dont forget to press Change / APPLY button to commit changes.

  6. It's also a good idea to add the TOR gateway list to the blacklist column under "Custom black- and whitelists" and press Change button.



    Impotant Note: As the EFW pages are not so interactive, when you press change it will only save one column at a time. So if you dont want your changes to be lost, do step5 and press Change, so on...
  7. Go to Services>Intrusion Prevention. Here enable the Intrusion Prevention System and Update the rules.
  8. Next go to Rules and on the rule set auto/emerging-p2p.rules click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. Press APPLY to save your action. This means that the system will now drop P2P traffic.
  9. Lastly, go to Firewall and enable the Outgoing and Incoming Firewall Traffic Services. (and press APPLY)

Now you are able to drop p2p packet data through the firewall.


Thursday, January 29, 2015

5 things to do to reduce the exposure risk to insider threats

Sony…the list of major data breaches that have occurred over the last year or two is extensive. While most—if not all—of those attacks were a function of external hackers penetrating the network, authorized users inside the network still pose a more substantial threat.

The fact is that where the rubber meets the road so to speak, most attacks are “insider attacks”. In many of the data breaches cited above, an external hacker was responsible but the attack succeeded because the hacker was able to obtain or compromise valid network credentials. In other words, from the perspective of the company or the network, they were essentially insider attacks.

CoSoSys, a provider of endpoint security solutions, recently surveyed its clients (all with an average of 500 computers) and found that 40 percent of potential customers would not do business with a company that suffered a recent data breach.

A data breach has serious consequences both directly and indirectly. Lost revenue, and a tarnished brand reputation both inflict harm long after the actual incident is resolved and the breach has been cleaned up. Still, many organizations don’t take necessary steps to protect themselves from a potentially detrimental breach.

CoSoSys compiled a list of five things companies should do to minimize the risk from insider threats—or external hackers who successfully infiltrate the network by impersonating an authorized insider:

1. Check what documents employees have access to: Six out of 10 employees are not aware which files are confidential and which are not. It’s important to limit permissions so employees only have access to the data necessary to get their jobs done. You should also take steps to ensure users with access to sensitive or confidential data are trained to recognize which files require stricter protection.

2. See what tools employees are using to share files: 45 percent of insiders admit copying work files to personal computers or remotely connecting to the company network from home to continue working. It’s important for you to know where company data is being stored, and to ensure that the tools and services employees use to access data and network resources are secure.

3. Create a short quiz to find out employee's knowledge regarding data security: 35 percent of employees believe it’s not their responsibility to protect data. While the burden ultimately falls on IT management, it’s up to every individual to be aware of security risks and do his or her part to protect data from leaks or compromise.

4. Determine if your current security tools can detect a breach caused by insiders in case it happens: Whether it’s intentional or inadvertent, would you even know if someone inside your network compromised or leaked sensitive data? Over half of employees indicate they’ve accidentally sent emails to the wrong person.

5. Do your research to understand the potential impact of data breaches: The average cost of a data breach.

Does your company have a spare $3.5 million lying around that it wouldn’t mind parting with? If so, you might consider spending a small fraction of that to guard against insider threats and prevent data breaches rather than suffering the consequences of failing to do so. If not, you definitely need to invest in appropriate security measures to make sure your company doesn’t become the next data breach headline.