![\"cyber-security-and-impact-on-national-security-3-1-638\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/cyber-security-and-impact-on-national-security-3-1-638.jpeg\")
<\/p>\n<\/p>\n
Recently I was writing my former blogs \u201cFinance a Hacker<\/a>\u201d and \u201cNo 100% awareness of Cyber and Data Security within many companies worldwide<\/a>\u201d<\/p>\n I want to go a little deeper in to these topics and hope to make people aware of the known risks. There are still companies, security architects who think that when you place a firewall you are more then secure. Nevertheless this is a true statement, instead of being more secure you gained even more vulnerability!<\/p>\n Now I hear you already thinking why\u2026<\/strong><\/p>\n 1.\u00a0\u00a0\u00a0\u00a0 Firewalls<\/a> are NOT<\/span> secure instead they became weaker and can be accessed from outside your environment.<\/p>\n 2.\u00a0\u00a0\u00a0\u00a0 Look for example how Shell’s Approach To ICS Security<\/a> is being done and understand what they are telling about Firewalls.<\/p>\n People should understand that there are some basics rules to follow, let me call out some of them for you:<\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Raise Awareness Company wide<\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Know your enemy!<\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Innovation leading to more secure environment(s)<\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Stealth Technology<\/a> from Unisys, basically it is what you cannot see you cannot hack<\/p>\n Imaging that you one day discover that your data is being used by a third party and you did not even have a clue how it came there? Well now you know. You also have to be aware what kind of hardware and software you have within your infrastructure, however if you are not aware of this you could also contact us at Passport Cyber Security<\/a> We can do a security check if your equipment is vulnerable, or that your cloud provider is secure or insecure? We can also check your data center and create a full report about all vulnerabilities.<\/p>\n Firewalls and their real security, Tyler Williams Shell Global, speaking about this during his presentation Industrial Cyber Security Risks<\/a><\/p>\n A fraise from Tyler Williams<\/a> about \u201cShiny objects\u201d are pretty they sound great, blinking lights but does not mean that something good is happen or worse? You only thinking that the device is busy\u00a0and\u00a0doing his job.<\/p>\n Your vision about security could be clear to you as an architect at the time you designed it and they should be clear. Know the current security standards and be critical to your vision when you look back after the implementation. Looking back, make sure to add value to the business its not just another typical exercise for an IT implementation.<\/p>\n It\u2019s very good to have a document and concept concerning your security environment, but if you stick this in a drawer and never use this than it is useless for your security.<\/p>\n I was reading a blog from Valery Marchuk<\/a> CEO at Cybersecurity Help s.r.o.<\/p>\n This is also related to my former blogs \u201cFinance a Hacker<\/a>\u201d and \u201cNo 100% awareness of Cyber and Data Security within many companies worldwide<\/a>\u201d<\/p>\n Secret services are after vulnerabilities in hardware<\/strong><\/p>\n The recent\u00a0hack<\/a>\u00a0of the\u00a0Equation Group<\/a>\u00a0(closely connected with NSA) made publicly available information about exploits against\u00a0networking<\/a>\u00a0equipment, manufactured by the biggest US\u00a0vendors<\/a>: Cisco,\u00a0Juniper<\/a> and Fortinet.<\/p>\n \n Only today we have issued several security bulletin describing two\u00a0zero day<\/a>\u00a0vulnerabilities<\/a>\u00a0in\u00a0CISCO<\/a>ASA<\/a>\u00a0Appliances (CVE-2016-6366<\/a>,\u00a0CVE-2016-6367<\/a>),\u00a0remote code execution<\/a>\u00a0in FortiOS (SB2016081801<\/a>) and a very inconvenient issue with default public ssh-key in\u00a0VMware<\/a>\u00a0Photon OS (CVE-2016-5332<\/a>).<\/p>\n Cisco\u00a0confirmed<\/a>\u00a0EXTRABACON and EPICBANANA exploits, however there is no information from other vendors.\u00a0Fortinet<\/a>\u00a0did not make any official statement, just released an advisory describing remote code execution\u00a0vulnerability\u00a0in FortiOS. It is unknown, if this issue is connected with the leak.<\/p>\n Earlier this year Juniper had to deal with\u00a0backdoor<\/a>\u00a0in\u00a0ScreenOS<\/a>\u00a0source code<\/a>, which was present in security solutions at least since 2009.<\/p>\n Clearly, such interest in vulnerabilities within networking equipment is due to lack of implemented protection<\/a>\u00a0mechanisms. While workstations and servers are updated frequently and equipped with firewalls<\/a>\u00a0and\u00a0antivirus<\/a>\u00a0software,\u00a0devices<\/a>\u00a0intended to provide basic perimeter protection fail.\u00a0Firmware<\/a> update process for majority of networking equipment is complicated and often requires additional efforts from IT stuff or can cause outage.<\/p>\n The situation with vulnerabilities in\u00a0hardware<\/a>\u00a0is very disturbing. Devices, which are supposed to provide at least the most basic level of protection for your\u00a0network<\/a>\u00a0assets can be as easily compromised, as any other host. It is no longer safe to rely just on one device from one vendor. And even if you have a dozen firewalls, it does not mean they do not have faulty implementation of some networking protocol.<\/p>\n Anyways, we can suggest at least limiting access to\u00a0services<\/a>, which are facing the\u00a0Internet<\/a>\u00a0directly. You can use our\u00a0free online vulnerability scanner<\/a>\u00a0to check publicly open\u00a0ports<\/a>\u00a0and presence of vulnerable software on your systems.<\/p>\n Source:\u00a0Cybersecurity Help<\/a><\/p>\n Another severe example of a threat:<\/strong><\/p>\n Source: www.arabianindustry.com<\/a><\/p>\n Published: 14 August 2016 – 3:12 a.m. By: Indrajit Sen<\/p>\n After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran\u2019s Supreme National Cyberspace Council has said that it is looking into cyber-attacks as a possible cause.<\/p>\n \u201cSpecial teams will be sent to the afflicted sites to study the possibility of cyber systems having a role in the recent fires,\u201d Abolhasan Firoozabadi, secretary of the council according to local media said last week, the\u00a0Time<\/em>\u00a0magazine reported.<\/p>\n The first of the fires, which started on July 6, in the Bouali petrochemical plant on the Gulf coast, took three days to put out and threatened to send toxic clouds of smoke into the nearby city of Mahshahr, with a population of 300,000.<\/p>\n Damages from the accidents are estimated to be tens of millions of dollars and insurers say it could be the biggest compensation claim in Iran\u2019s history.<\/p>\n Less than 48 hours after the Bouali fire was put out a worker was killed in the Marun Oil and Gas Production Company when a liquefied gas pipeline exploded. This was followed by a fire in the Bisotoon petrochemical plant in the western Iranian city of Kermanshah on July 29, which took two days to put out.<\/p>\n The Iranian Petroleum Ministry, in charge of all of the affected sites denied the plants were sabotaged and the Iranian Oil Minister Bijan Namdar Zanganeh said the fires and explosions were due to technical faults and human error.<\/p>\n However when an explosion in a gas pipeline near Gonaveh, which killed a worker, and another fire in the Imam Khomeini petrochemical plant, occurred within hours of each other on August 6, the ministry refused to comment until after investigations.<\/p>\n If the cyberspace council does rule that cyber attacks were behind these fires and explosions it wouldn\u2019t be the first time that Iran\u2019s petroleum industry was the victim of such an attack.<\/p>\n In April 2012 a virus forced the ministry to disconnect its main oil terminals and facilities from the Internet to protect them from damage. Officials later claimed that they had traced the service providers used by the attackers back to the US.<\/p>\n In 2010 Iran\u2019s nuclear sites were the victims of the Stuxnet worm. Officials said the worm was designed and used by the US and Israel to hinder Iran\u2019s nuclear Programme.<\/p>\n Iran has never quantified the damage done by Stuxnet but nuclear experts believe the damage was extensive.<\/p>\n After the Stuxnet attack, Iran decided to create a nation-wide intranet to prevent further attacks on sensitive infrastructures but the \u2018National Internet\u2019, has yet to be launched.<\/p>\n Have the awareness that security attacks can also happen to your company! It would be a clever move to contact us at Passport Cyber Security<\/a>. We can do a security check if your equipment is vulnerable, or if your cloud provider is secure or insecure? We can also check your data center and create a full report about all vulnerabilities.<\/p>\n Read also my former blogs<\/a> on LinkedIn. Will keep you posted on all related Data and Cyber Security topics.<\/p>\n Have a wonderful secure day.<\/p>\n Prof. Dr. Ir. Henk Jan Jansen<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Recently I was writing my former blogs \u201cFinance a Hacker\u201d and \u201cNo 100% awareness of Cyber and Data Security within many companies worldwide\u201d I want to go a little deeper in to these topics and hope to make people aware of the known risks. There are still companies, security architects who think that when you … Read moreInnovations, Awareness and anticipating on Security threat\u2019s<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1757,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[20],"tags":[],"class_list":["post-63","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gdpr"],"_links":{"self":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/63","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/comments?post=63"}],"version-history":[{"count":0,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/63\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/media?parent=63"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/categories?post=63"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/tags?post=63"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
![\"Encryption-938x465\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/encryption-938x465-1.jpg\")
<\/p>\nAwareness<\/strong><\/h2>\n
![\"vuln-just-ahead_yp95oc\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/vuln-just-ahead_yp95oc.jpg\")
<\/p>\nIran probing if oil accidents were cyber attack<\/strong><\/h2>\n