Global Risks Report by World Economic Forum

Posted on 21 April 2015 by Admin

The latest Global Risks Report 2015 by World Economic Forum is available . The report is based on an annual Global Risks Perception Survey. This is in interesting report and can be usefull when comparing different risks and when trying to form a bigger overall picture of future risks.

Figure 1 presents a impact-likehood chart with various risks, which have been categorized into:

  • Economic
  • Environmental
  • Geopolitical
  • Societal
  • Technological

GlobalRisks2015

The following Technological risks are included:

  • Breakdown of critical information infrastructure and networks
    • Systemic failures of critical information infrastructure (e.g. Internet, satellites, etc.) and networks negatively impact industrial production, public services and communications
  • Large-scale cyber attacks
    • State-sponsored, state-affiliated, criminal or terrorist large-scale cyber attacks cause an infrastructure breakdown and/or loss of trust in the Internet
  • Massive incident of data fraud/theft
    • Criminal or state-sponsored wrongful exploitation of private or official data takes place on an unprecedented scale
  • Massive and widespread misuse of technologies (e.g. 3D printing, artificial intelligence, geo-engineering, synthetic biology, etc.)
    • Massive and widespread misuse of technologies, such as 3D printing, artificial intelligence, geo-engineering and synthetic biology, causing human, environmental and economic damage

In part 2, there are more discussion on emerging technologies like synthetic biology and artificial intelligence.

Links

Posted in ICT Leadership and Management, Risk Management, Security Management, Security Threats | Comments Off on Global Risks Report by World Economic Forum

Raspberry Pi as security device, first look on IPFire

Posted on 26 February 2015 by Admin

Raspberry Pi is an interesting candidate for a low cost, low power, small and open source based security device to be used at small office or at home office (SOHO), or for protecting your home automation… However, some preconcerns were caused by the fact that the ethernet connection in Raspberry is via USB, as mentioned at wikipedia site.

IPFire-screenshot002

I chose IPFire for this first test mainly because of the wide toolset that they have:

  • firewall
  • web proxy (squid) with
    • bandwidth management
    • URL filter (SquidGuard)
    • virus scanner (SquidClamAV)
  • OpenVPN
  • IDS Intrusion Dection System (snort) with
    • IPS possibility (Guardian)
  • Wireless Access Point
  • Dynamic DNS updater
  • several addons

For other security usage, please see the links chapter.

Installation instructions

The installation instructions are quite good. In the pre-requisities section, they list the supported ARM architectures. Note, all Raspberry Pi versions are not supported. I used the latest distribution image for ARM, and decided to give it a try.

These and these instructions has good additional information.

Writing image to microSD

The IPFire image can be written to the microSD via Win32 Disk Imager (portable version works). (On windows 7, I had to close all explorer windows, otherwise there was an error.)

As a result, the microSD card will have 2 partitions: the first one is visible in Windows and is the boot partition, and the second one is in ext4 format. (The files in ext4 can be viewed with a tool like Ext2Read).

Setup

I was aiming for setup, where the RED network is for internet, and GREEN network is for LAN. As IPFire requires at minimum 2 networks, and I added one USB-LAN connector for the second network.

In my case, I do not have HDMI screen, and therefore I needed to modify the config before booting. Luckily the file is accessable on the boot partition.

Optionally one can send the configuration parameters to fireinfo, see figure below for the setup used in this first test.

IPFire-screenshot003

Installation

Installation went smoothly, and when IPFire booted up, it proceeded for configuration settings.

For remote access to OS (from GREEN network), first one need to login to GUI (e.g. https://192.168.1.1:444 from GREEN network), and enable the ssh access and configure parameters.

Results

I was able to start and test that various features did not crash the system. Snort, however, did not work and caused a crash. It seems like a SW revisioning issue. However, this might be solved in future releases.

The other tweaking were related to stopping and starting networking, and also for the first time to give following command as root “/etc/init.d/collectd start” in order to get statistics working. The snort problem also happened at reboots, and it was solved by removing one network cable (GREEN) before starting up. And then temporarily disabling (preventing) snort to come up, so that after booting one could turn snort off in the GUI. After doing this, one could leave the cable connected…

All in all, there might be some use cases for using Raspberry Pi, especially with hobbies and testing. Definitely Raspberry Pi is a low cost platform to get a hands on and learn by doing. And it is very easy and fast to swap the microSD card, and do something else; another project.

However, for office or for anything more serious (availability), a more stable platform would be better for IPFire, like fanless PC or thin client. But again, depending on the use case…

Links

Posted in Anvanced Tools, DIY, Gadgets, Network Monitoring, Protection, Raspberry Pi, Recommended Free Tools, Security Products and Solutions, Tests, Tips | Comments Off on Raspberry Pi as security device, first look on IPFire

Synergy, tool for sharing keyboard and mouse over network

Posted on 23 February 2015 by Admin

Synergy is an open source tool for using one keyboard and mouse for 2 (or more) computers over the network. Usage is simple, just move mouse from one screen into another. Clipboard is supported.

Synenergy2

In the figure above, desktop with mouse and keyboard is configured as server. Laptop is configured as client.

The screenshot below shows the GUI on the desktop (server). This screenshot was “copy-pasted” into laptop (see clipboard lines in the log).

Synenergy-server2

Download options

In the main site of Synergy , a donation is asked for the latest binaries (1.6.2). However, at the bottom of the main page, there is a link “Free download” which leads to page where binaries for 1.4.18 are available. Source code is at github.

In the sourceforge site, the latest binaries are 1.3.1. In the sourceforge, there is also SynergyKM, which has binaries freely available.

Then there are freeware hosting sites, which have binaries for 1.6.2.

Posted in Anvanced Tools, Recommended Free Tools, Tools | Comments Off on Synergy, tool for sharing keyboard and mouse over network

Is IP address personal data? (from criminal law point of view)

Posted on 22 February 2015 by Admin

CoE (Council of Europe) Cybercrime has pubslihed a report called “Rules on obtaining subscriber information“, where questionnaire responses from different countries has been published.

Some of the questions are:

  • Question 1: Is the term “IP address” defined for criminal law purposes?
  • Question 2: Is an IP address considered to be personal data?
  • Questions 3: What categories of data are considered subscriber information?
  • Question 6: What categories of data are considered traffic data?

One of the conclusions are:

  • “IP addresses may be considered subscriber information – as opposed to traffic data–
    if the purpose is to identify a subscriber in relation to an IP address.”

Definitions varies from country to country. For more information and details, see the report.

Posted in ICT Regulation, Security Management | Comments Off on Is IP address personal data? (from criminal law point of view)

gImageReader, OCR tool for capturing text from scanned images

Posted on 20 February 2015 by Admin

gImageReader can recognize text from scanned documents or books. The OCR (Optical character recognition) used is based on tesseract-ocr engine. It is free and open source. There also exist a portable version for PortableApps.

Wikipedia: Optical character recognition (OCR) is the mechanical or electronic conversion of images of typewritten or printed text into machine-encoded text.

Example 1: A3-scan in pdf format

gImageReader-01

The extracted text is

2.12 RECOVERY TIME OBJECTIVES

The information security manager must understand recovery
time objectives (RTOs) and how they apply to the organization’s
information resources as part of the overall evaluation of risk.
The organization’s business needs will dictate the RTO, which is
usually de?ned as the amount of time to recover an acceptable
level of nonnal operations. The information resource’s ?mctional
criticality, recovery priorities, and interdependencies offset by
costs are variables that will determine the RTO.

Example 2: A4-scan in png format

gImageReader-02

Posted in Basic Tools, Recommended Free Tools, Tools | Comments Off on gImageReader, OCR tool for capturing text from scanned images

Recommended Book: Cybersecurity for executives

Posted on 27 January 2015 by Admin

A new book from 2014 “Cybersecurity for Executives: A Practical Guide” is a great book, and definitely worth for reading for persons working on the security management, or as the title says, for executives.

Cybersecurityforexecutives

  • Title: Cybersecurity for executives
  • Author : Gregory J. Touhill, C. Joseph Touhill
  • Publisher: Wiley
  • Date: 2014
  • Number of pages: 416
  • Overview
    • Book has a practical approach with many examples, very good reading for security managers
  • Purpose
    • Provide a practical approach for executives on how to address cybersecurity
  • Background information
    • The intended target group is executives but this is great material for security managers as well
    • In the book executive is defined as “an executive is someone who has administrative and managerial responsibility for a shareholder-owned business, or a publicly-owned organization committed to the protection and promotion of the health, welfare, and safety of its constituents”
  • Evaluation
    • The value of the book is in it’s practical approach. It aims to explain to an executive what the cybersecurity is, and what it means for the business. It teaches to ask the right questions, and by examples guide the executive into a mature mindset. The statement “Cybersecurity is about risk management ” with reasoning is introduced in the preface and introduction chapters, and for me one should read chapters 1 and 2 before going into other chapters.
    • Authors mention that the chapters are independent modules that could be read in any order. Alltogether there are many pages to read, but if you can find the time, then I would recommend to read the book in the written order.
  • Summary
    • A generalistic management approach on cybersecurity without going into too many technical details, and without limiting into a certain set of best practises or standards, but talking about things as they are, what it can mean for the business, and what one can do about it.

Content

  1. Introduction
  2. Why be concerned?
  3. Managing risk
  4. Build your strategy
  5. Plan for success
  6. Change management
  7. Personnel management
  8. Performance measures
  9. What to do when you get hacked
  10. Boardroom interactions
Posted in ICT Books, ICT Leadership and Management, Security Management | Comments Off on Recommended Book: Cybersecurity for executives

Ditto, tool for pasting unformatted text

Posted on 27 January 2015 by Admin

MS Windows does not have a keyboard shortcut for copy pasting text only. In the long run it can be very tedious copy-pasting process when creating presentations or writing documents.

Ditto (open source) is a good alternative for this. It is a clipboard manager, but in the simple form, it can be used for creating a global shortcut like ctrl-g and use it for pasting unformatted text. This is configured in the Ditto options tab “Keyboard Shortcuts”, see “text only paste”.

Posted in Basic Tools, Recommended Free Tools, Tips, Tools | Comments Off on Ditto, tool for pasting unformatted text