Blog index > Archives > Cybersecurity
avatar

Cyber Security

Thursday, May 25th, 2017

Cyber Security, is the protection of computer systems; from theft or damage to their hardware, software or information, from annonymous attackers. The UK suffers with many cyber attacks every year, having eight in ten of the biggest companies in the UK attacked, costing the economy billions of pounds. One of the biggest problems  of cyber-security is the quick and constant evolving nature of security risks.

The approach has been to focus most resources on the most important system components and protect against the biggest known threats, which meant leaving some less important system components undefended and some less dangerous risks un-protected. Such an approach is insufficient in the current environment.

All companies can face two types of cyber attack:

They will either be deliberately attacked because they have a high profile and appear to have valuable data that is visible, or they will be attacked because an automated scan detects the existence of exploitable information. Nearly every Internet-facing company will have exploitable information unless it has tested and secured.

There are 3 main types of Cyber risks that companies are vunerable to:

Cyber crime – this is conducted by individual people or in groups, they primarily focus on money, data and causing disruption within a company.

Cyber war – where a nation state conducting sabotage and espionage against another nation in order to cause disruption or to extract data

Cyber terror – an organisation, working independently of a nation state, conducting terrorist activities through the medium of cyberspace.

Computer security is neccessary in almost any industry which uses computers. At the moment, most electronic devices such as computers, laptops and phones come with built in firewall security software, but despite this, computers are not 100% secure and may not be able to protect our data.

How do attackers operate?

Cyber criminals operate remotely, using numerous types of attack that are also known as ‘malware’. These include:

Worms – these expose weaknesses in operating systems to damage networks and allow full control of the infected security, is one of the biggest topics within information technology, which is why many organizations have been created to meet the demand for it.

Spyware/adware – this takes contro of your device and collect personal information without you knowing

Trojans – these create an escape on your device by which information can be stolen and damage can be caused to your device

Fast Lane offer a variety of Cyber security training, both in-classroom and e-learning programmes, ranging from beginner to expert classes.

Cisco

Gigamon

Crossvender

For more information surrounding all training offers from various venders, please follow this url: http://www.flane.co.uk/security

Should you require any information on training from Fast Lane, please contact us on:

Phone: 0845 470 1000

Fax: 0845 470 1001

icons

 

No Comments
avatar

Palo Alto Networks New PAN-OS 8.0

Wednesday, May 3rd, 2017

Not only did Palo Alto release the latest OS version earlier this year but they also took the opportunity to revamp their course offerings which I’d like to talk about in this blog.

With the release of OS 8.0 Palo Alto have chosen to combine the old ‘Install, Configure, and Manage’ (EDU-201) and the ‘Configure Extended Features’ (EDU-205) and ‘Manage Cyberthreats’ (EDU-231) into one 5 day course ‘’ (EDU-210). The EDU-210 course is not just a aggregation of all the slides form the previous 3 classes but a complete rewrite and revamp of the old courses, and obviously also includes many of the new features of the new OS-8.0, allowing students attending the class to not only learn about the power of the Palo Alto firewall but also get hands on lab access to familiarise themselves with the new OS 8.0.

I’ve been in the security field as both a consultant and systems instructor for over 17 years now, working with multiple vendors and from the ground up this is not your average firewall, as it is the first real true application firewall, In saying that any firewall engineer with previous, other vendor experience, other vendor experience will really need to get a good understanding of how the Palo Alto firewall functions in order to get the full benefits out of this remarkable firewall. So many times I’ve seen firewall engineers migrate from another vendor to Palo Alto and simply get it wrong, as they still trying to configure an old fashioned layer 3-4 firewall which this is not.

Education of this product is therefore valuable to any corporation who has decided to invest in the product, and wants to get the full potential out of the firewall. The new EDU-8.0 course will be well worth the investment, providing the systems engineers with the relevant knowledge and hands on experience to go back to work with not only knowledge and understanding of the firewall, but also confidence in converting the companies security requirements into the firewalls configuration, and the ability to use the many reporting and logging features to gain unprecedented visibility into exactly what is happening in the company.

Accompanying the new EDU-210  class, Palo Alto have also now released the ‘Accredited Configuration Engineer’ (ACE) Exam, which is a no cost self-paced exam online, providing students with not only an entry level certification at no cost, but also provides great preparation for the industry’s recognised premier Palo Alto certification the PCNSE ‘Palo Alto Networks Certified Network Security Engineer’.

So if your company has just purchased, or plans to migrate across to the Palo Alto firewall education should be part of the budget as this once again is not your average firewall.

gabriel-bryson

ATC_logo

 

Gabriel Bryson
Fast Lane Lead Security Expert

No Comments
avatar

Securing your data beyond the physical realms using Storage Encryption

Tuesday, September 20th, 2016

For most organisations having Raid protected storage is a given but what if your need complete piece of mind that your data is protected and “SECURE”

For some organisations Storage Encryption is not considered, and this can be for several reasons. It could simply be that there is a perception that the Encryption process will have an unwanted overhead, which may be deemed counterintuitive. It could be that there is just a lack of understanding as to what storage Encryption is and what it can give you.

So let’s take a look at what NetApp® offers.dsc_0122

NetApp® Storage Encryption (NSE) provides full-disk encryption and what’s more they do it without compromising storage efficiency or performance using self-encrypting drives supplied from some of the leading drive producers. NSE has the beauty of being a non-disruptive process that gives a comprehensive, cost effective, hardware-based level of security that has a very simplistic approach in its operation and usage. Although it is a simple solution to use it does not detract from its compliance with government and industry regulations. There is also no compromise on storage efficiency.

NetApp® uses full disk encryption (FDE) capable disks.  Data is not encrypted external to the disk drive itself – this is truly data at rest only.  Once in the controller or on the network, data is not encrypted. What makes this so good is that the encryption engine is built into the disk so all encryption takes place at close to line speed and therefore it does not give a performance penalty so whether your system uses encryption or not the performance will be the same. It is fair to say that encryption disks cost more then it will be a price point as to whether the cost is justified.

FDE disks have a requirement for a key to be generated and pushed down to the disk to enable encryption of data. FDE capable disks are available in a varying sizes from 600GB -1.2TB performance, 800GB and up SSDs, but there is the added advantage that if someone steals one drive or a complete set of drives without the key it is impossible to read the data.

So what exactly does NSE offer:

NSE supports the entire suite of storage efficiency technologies from NetApp. This includes array-based AntiVirus scanning, Deduplication, inline and post process compression. It also supports the SafeNet KeySecure encryption-key appliance, which strengthens and simplifies long-term key management. NSE complies with the OASIS KMIP standard and helps you comply with FISMA, HIPAA, PCI, Basel II, SB 1386 and E.U. Data protection Directive 95/46/EC regulations using FIPS 140-2 validated hardware

 

peter-green
Pete Green
Fast Lane Lead NetApp Expert

No Comments
avatar

Cisco ISE 2.1 Easy Connect

Tuesday, September 13th, 2016

One of the more complex configuration component of a Cisco ISE deployment, which possibly was a stumbling block in deciding to deploy this in a corporate network, was the configuration of 802.1x. 802.1x required client side supplicants (native or Cisco provided) to be configured, specialised switch configuration, an in-depth understanding of RADIUS protocol, all which added much complexity and time to the deployment.

With ISE 2.1 release Cisco introduced Easy Connect which enables you to easily connect users from a wired endpoint to a network in a secure manner by authenticating them through an Active Directory Domain Controller and not by Cisco ISE. Easy Connect supports wired connections using MAB, which is much easier to configure than 802.1X.

Easy Connect supports two modes, Enforcement-mode which actively downloads the authorization policy to the network device for enforcement based on the user credentials, and a Visibility-mode which ISE publishes session merge and accounting information received from the NAD device sensor in order to send that information to pxGrid.

So Easy Connect Enforcement mode process is as follows:CUFjgXYWwAAt9KH

1. The user connects to the NAD from a wired endpoint (running windows).

2. The NAD (which is configured for MAB) sends an access request to ISE. ISE responds with access, based on user configuration, allowing the user to access AD. Configuration must allow at least access to DNS, DHCP and AD. (this will be part of the pre-auth ACL)

3. The user logs in to the domain and a security audit event is sent to ISE.

4. ISE collects the MAC address from RADIUS and the IP address and domain name, as well as accounting information (login information) about the user, from the security audit event, using WMI.

5. Once all data is collected and merged in the ISE session directory, ISE issues a CoA to the NAD (based on the appropriate policy), and the user is provided access by the NAD to the network based on that policy.

Easy Connect Restrictions include:

MAC Authentication Bypass (MAB) supports Easy Connect. Both MAB and 802.1X can be configured on the same port, but you must have a different ISE policy for each service.

Only MAB connections are currently supported. You so not need a unique authentication policy for connections, because the connection is authorized and permissions are granted by an Easy Connect condition defined in the authorization policy.

Only Cisco Network Access Devices (NADs) are supported.

IPv6 is not supported.

Wireless connections are not currently supported.

This is a great feature added to ISE and one that will give corporates more confidence in deployment as the workload and complexity of ISE has now become a little less.

For further information have a look at the following link: ISE Admin guide

 

gabriel-bryson

Gabriel Bryson

Lead Security Instructor for Fast Lane UK

No Comments