ES Episode54

From Paul's Security Weekly
Jump to: navigation, search

Episode Audio

Recorded on July 19, 2017 at G-Unit Studios in Rhode Island!


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Enterprise News

    1. illusive networks launches its External Incident Application Program Interface
    2. RSA NetWitness SIEM Suite Updated to Improve Security Operations
    3. GuardiCore Labs To Disclose Vulnerability In VMware vSphere At Black Hat USA 2017: From vSphere User To Guest Remote Code Execution
    4. Malwarebytes AdwCleaner 7.0 heralds complete rewrite of adware removal tool
    5. EdgeWave Announces New ThreatCheck Service Advancing Phishing Detection and Security Awareness for Customers satPRnews
    6. CrowdStrike and Dragos Inc. Partner to Drive Unmatched Cybersecurity Capabilities for Industrial Control Systems satPRnews
    7. ProtectWise and Ixia Announce Integration Partnership
    8. New EdgeWave Email Security and Archiving Offering Brings Much Needed Advanced Protection and Back Up for Office 365 Users MarTechSeries
    9. Google OAuth Application Whitelisting
    10. Minerva Advances Anti-Evasion Security to Protect Against Ransomware
    11. StackRox Emerges from Stealth with Container Security Platform

    Interview: Thomas Fischer, Digital Guardian

    As Global Security Advocate at Digital Guardian, Thomas plays a lead role in advising customers on their data protection activities against malicious parties. Thomas' background includes varying roles from incident responder to security architect at fortune 500 company, vendors and consulting organizations. Thomas is also an active participant in the infosec community not only as a member but also as director of Security BSides London and ISSA UK chapter board member.

    Tech Segment: Monitoring Infrastructure With Nagios

    Some items to consider:

    1. Every tutorial I read has you building Nagios from source. I realized our own instance was built from source, and sorely outdated. Not good.
    2. Where do the lines blur between monitoring, configuration and vulnerability management?
      1. I want a list of processes running that didn't come from a package repository
      2. I want to know about new users, password changes, not password changes and permissions (sudoers)
      3. I want to know about processes that generate spikes (in traffic, CPU, memory or disk)
    3. Securely managing systems involves a lot of decisions:
      1. Will you create a user on every system?
      2. Does this user have a password or some other authentication?
      3. How does a commercial PIM help? (A lot in this case as we are talking about machine to machine trusts)
      4. How much can you monitor on your own? (E.g. the monitoring system should be able to connect to all of my systems with some credentials, what if those are used from some other system? Or at a difference frequency?)
      5. Do you automatically reboot the system? (Scary, but if not, patches may not get applied) Taking action based on monitoring events is scary!