Page 3 - cdm-2014
P. 3
May is here. Spring Cleaning done. Time to System Harden.
By now, I hope you’ve taken my advice to begin spring cleaning from our
last month edition of Cyber Defense Magazine. You’ve tried some new
antivirus tools, like Emsisoft, Malware Bytes and other favorites who find
things that are just too difficult for the traditional antivirus vendors – you’ve
cleaned up the mess, right? We’ll I sure hope so. Here’s why – you are
under constant attack. You need to start with a fresh, clean slate – maybe
even a new image for your servers, desktops, laptops, tablets, netbooks,
notebooks and smartphones. With that done, you can begin the more
challenging yet so important process this month of System Hardening.
Take time to review the latest state of Common Vulnerabilities and Exposures by visiting
http://NVD.nist.gov which is the National Vulnerability Database. Grab an http://OVAL.mitre.org scanner
like the free one from this location provided by MITRE or others out there in the infosec community such
as Secutor Prime Free Edition (worth getting http://www.threatguard.com/downloads as its sister product
is over $2,000USD). Scan for your holes and remove them.
By System Hardening – not only removing your vulnerabilities but considering new User Passwords –
refresh them all if you can do so – as well as new layers of encryption, you can turn an easily attacked
and infected PC into a battleship hardened bulletproof computer. Exploitation always requires a mix – it
can be social engineering – or it can to leverage a known vulnerability discovered using a simple network
discovery and probing tool. When it happens, and it will, wouldn’t you like the access to be to your
http://www.honeynet.org honeypot or to an encrypted file system that seems nearly impossible for the
hackers to decrypt? Meanwhile, we see what I predicted – governments attacking governments – hiring
employees to write malware and launch mini ‘dirty’ malware bombs on each other, with us stuck in the
middle as unbeknownst victims.
The only way to regain productivity and smoother network operations is to realize that everyone needs to
be battleship hardened for the very hard road ahead, whereby citizen privacy means nothing anymore
and online safety and security is a farse. Our use of the internet for ecommerce and information
exchange is a powerful tool but with this power comes responsibility. If you can’t get your government to
respect the negative effects of spying, eavesdropping and launching zero day malware, the least you
could do is make it bounce right off your networks so you can sleep well at night.
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
P.S. Congrats Ken (USA) – this month’s contest winner!
! " $ !
! # ! "
