From Paul's Security Weekly
Recorded on February 12, 2019 at G-Unit Studios in Rhode Island!
- RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
- Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
- Registration is now open for the first Security Weekly webcast of 2019! You can register for our "Rise Above Complex Workflows: Practical Ways To Accelerate Incident Response" webcast now by going to securityweekly.com/webcasts.
Topic: SDL, PKI, VPN, Oh My!
- Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain.
[These are all things that were open on my desk when I wrote this]
- SOC -- Security Operations Center -- this is a physical or virtual environment where we basically monitor the status of a network. So, you put sensors in the network that sniff packets and agents on equipment which monitors the status and all this information is passed into the SOC. Some person or lots of people may be involved in the monitoring of different features that are selected to be the critical events that would indicate some sort of compromise or vulnerability.
- SIEM -- Security Information and Event Management. As opposed to the Sims or some other simulation product, this sim is a key part of any SOC. Basically, the siem is a tool that is used to create rules and correlation of those rules to determine the relationships between occuring events. These are often expensive and complex tools but they don't have to be. In fact, modern SIEMS can be simply a SNORT/SNORBY or something like that. However, they can also be gigantic and complex. Modern ones can have UEBA (user and entity behavior analytics)as well as SOARS (Security orchestration and automated response).
- PCI -- Payment Card Industry -- This is a term that is often confused with PKI (in a minute). These are standards that were developed to manage credit cards and other forms of online (and I guess offline) payments. This set of standards was developed by the big players (AMEX, MC, Discover, et. al). Don't confuse this with PCI either, that's a PC bus standard for cards that plug into motherboards.
- PKI -- Public Key INfrastructure. This is a set of standards for cryptography which are used any time you want to send most anything electronically. Really simply, this is how do you secure electronic transfer of information. So PCI could certainly use PKI to implement secure data transfers. There is a whole set of standards developed around this.
- NIST -- The national institute of standards and technology. This government entity does everything from decide how much a pound weighs to publishing hashes of files so you can ensure that your windows files are legit. They also write standards like PKI and Cybersecurity. They publish draft stanards frequently, develop standards guidelines. NIST, if you are not familiar with it is a huge resource for anyone in Cyber.
- NSA -- The National Security Administration is a government organization that is responsible for all crypto, signals intelligence, privacy, defense, you name it. There is a lot of criticism in the community but a lot of respect too. Anytime you have a shadowy government agency, people are going to worry about it but some great people got their start there too.
- ISAKMP -- Internet Security Association and Key Management Protocol -- this is defined by RFC (request for comment, see below) 2408 and is the basis for key exchange between two points. Basically, it is a component that uses all sorts of protocols (like IKE (Internet Key Exchange)) to allow for encryption of data streams.
- IPSEC -- Internet Protocol Security -- encrypts packets of data sent over an internet protocol.
- RFC -- Request for Comment -- this is a formal document from the IETF (Internet Engineering Task Force) that is developed by a committee and put up for review by pretty much anyone. A great many protocols, standards, and everything else we use today was probably at some point an RFC. For instance, RFC 894 was the original RFC which described the use of IP datagrams being sent over the ethernet standard.
- BSD -- Berkely Software Distribution -- An ancient grandfather that ran on PDP-11 systems. It is often called Berkely Unix and was a derivative of the common ancestor from Bell labs UNIX. This stuff came out of the 1970s and ends up being the ancestor of linux and all the modern operating systems. Pretty much everyone stole ideas from BSD.
- VPN -- Virtual Private Network -- This is a method which uses ISAKMP and IPSEC as one set of options to encrypt packets and encapsulate them for sending over IEEE 802 type networks. Very commonly used to both validate the source and destination of traffic when employees want to access internal resources from remote locations.
- VM -- virtual machine -- If you watched the show last time, we explained vms.
- Zero Day Exploit -- A new, previously unknown exploit which you have just found. No one knows how to stop it, when will the madness end.