{"id":2593,"date":"2020-07-28T10:44:58","date_gmt":"2020-07-28T14:44:58","guid":{"rendered":"https:\/\/zzzptm.com\/wordpress\/?p=2593"},"modified":"2020-07-28T10:44:58","modified_gmt":"2020-07-28T14:44:58","slug":"security-policy-ripped-from-todays-headlines","status":"publish","type":"post","link":"https:\/\/zzzptm.com\/wordpress\/?p=2593","title":{"rendered":"Security Policy RIPPED FROM TODAY&#8217;S HEADLINES!!!"},"content":{"rendered":"\n<p>I had a very sad friend. His company bought all kinds of really cool stuff for security&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/monitoring\">monitoring<\/a>, detection, and response and told him to point it all at the firm&#8217;s offices in the Russian Federation. Because&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/russia\">Russia<\/a>&nbsp;is loaded with&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/hackers\">hackers<\/a>, right? That&#8217;s where they are, right?<\/p>\n\n\n\n<p>Well, he&#8217;d been running the pilot for a week and had nothing to show for it. He knows that the&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/tools\">tools<\/a>&nbsp;have a value, and that his firm would benefit greatly from their widespread&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/deployment\">deployment<\/a>, but he&#8217;s worried that, because he didn&#8217;t find no hackers nowhere in the Hackerland Federation, his executives are going to think that these tools are useless and they won&#8217;t purchase them.<\/p>\n\n\n\n<p>So I asked him, &#8220;Do you have any guidance from above on what to look for?&#8221;<\/p>\n\n\n\n<p>&#8220;Hackers. They want me to look for hackers.&#8221;<\/p>\n\n\n\n<p>&#8220;Right. But did they give you a software&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/whitelist\">whitelist<\/a>, so that if a process was running that wasn&#8217;t on the list, you could&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/report\">report<\/a>&nbsp;on it?&#8221;<\/p>\n\n\n\n<p>&#8220;No. No whitelist.&#8221;<\/p>\n\n\n\n<p>&#8220;What about a blacklist? Forbidden software? It won&#8217;t have everything on it, but it&#8217;s at least a start.&#8221;<\/p>\n\n\n\n<p>&#8220;Yes, I have a blacklist.&#8221;<\/p>\n\n\n\n<p>&#8220;Great! What&#8217;s on it?&#8221;<\/p>\n\n\n\n<p>&#8220;Hacker tools.&#8221;<\/p>\n\n\n\n<p>&#8220;OK, and what are listed as&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/hacker\">hacker<\/a>&nbsp;tools?&#8221;<\/p>\n\n\n\n<p>My friend sighed the sigh of a thousand years of angst. &#8220;That&#8217;s all it says. Hacker tools. I asked for clarification and they said I was the security guy, make a list.&#8221;<\/p>\n\n\n\n<p>&#8220;Well, what&#8217;s on your list?&#8221;<\/p>\n\n\n\n<p>&#8220;I went to&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/wikipedia\">Wikipedia<\/a>&nbsp;and found some names of programs there. So I put them on the list.&#8221;<\/p>\n\n\n\n<p>&#8220;And did you find any?&#8221;<\/p>\n\n\n\n<p>&#8220;Some guys are running the Opera&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/browser\">browser<\/a>, which has a native torrenting client. I figured that was hacker enough.&#8221;<\/p>\n\n\n\n<p>Well, security fans, that&#8217;s something. We got us a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/proof-of-concept-1\">proof of concept<\/a>: we can find active processes. I described this to my friend, and hoped that he could see the sun peeking around the clouds. But it was of no help.<\/p>\n\n\n\n<p>&#8220;They&#8217;re not going to spend millions on products that will tell them we&#8217;re running Opera on a handful of boxes!&#8221;<\/p>\n\n\n\n<p>He had a point, there. Who cares about Opera? That&#8217;s not a hacker&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/tool\">tool<\/a>&nbsp;as featured on the hit teevee show with hackers on it. And, to be honest, the Russian offices were pretty much sales&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/staff\">staff<\/a>&nbsp;and a minor production site. The big stashes of&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/intellectual-property\">intellectual property<\/a>&nbsp;and major production sites were in the home office, in Metropolis, USA.<\/p>\n\n\n\n<p>So I asked, &#8220;Any chance you could point all that stuff at the head office?&#8221;<\/p>\n\n\n\n<p>&#8220;What do you mean?&#8221;<\/p>\n\n\n\n<p>&#8220;Well, it&#8217;s the Willie Sutton principle.&#8221;<\/p>\n\n\n\n<p>&#8220;Who was Willie Sutton?&#8221;<\/p>\n\n\n\n<p>I smiled. &#8220;Willie Sutton was a famous bank robber. His principle was to always rob&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/banks\">banks<\/a>, because that&#8217;s where the money was. Still is, for the most part. Russia in your firm is kind of like an&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/atm\">ATM<\/a>&nbsp;at a convenience store. There&#8217;s some cash in it, but the big haul is at the main office. Point your gear where the money is &#8211; or&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/intellectual\">intellectual<\/a>&nbsp;property &#8211; and see if you don&#8217;t get a lot more flashing lights.&#8221;<\/p>\n\n\n\n<p>My friend liked that. He also liked the idea of getting a software whitelist so he&#8217;d know what was good and be able to flag the rest as suspect. He liked the idea of asking the execs if they had any guidance on what information was most valuable, so that he could really take a hard look at how that was accessed &#8211; and who was accessing it.<\/p>\n\n\n\n<p>And maybe there were tons of hackers in Russia, but they weren&#8217;t&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/hacking\">hacking<\/a>&nbsp;anything actually in Russia. And maybe said hackers weren&#8217;t doing anything that was hacking-as-seen-on-television. Maybe they were copying files that they had legitimate&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/access\">access<\/a>&nbsp;to&#8230; just&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/logging\">logging<\/a>&nbsp;on, opening spreadsheets, and then doing &#8220;Save As&#8230;&#8221; to a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/usb\">USB<\/a>&nbsp;drive. Or sending it to a gmail account. Or loading it to a&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/cloud\">cloud<\/a>&nbsp;share&#8230;<\/p>\n\n\n\n<p>The moral of the story is: If your&nbsp;<a href=\"https:\/\/www.peerlyst.com\/tags\/security-policy\">security policy<\/a>&nbsp;is driven by the popular media, you don&#8217;t have a security policy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I had a very sad friend. His company bought all kinds of really cool stuff for security&nbsp;monitoring, detection, and response and told him to point it all at the firm&#8217;s offices in the Russian Federation. Because&nbsp;Russia&nbsp;is loaded with&nbsp;hackers, right? That&#8217;s where they are, right? Well, he&#8217;d been running the pilot for a week and had [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,12],"tags":[],"class_list":["post-2593","post","type-post","status-publish","format-standard","hentry","category-complete-fiction","category-security"],"_links":{"self":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2593"}],"version-history":[{"count":1,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2593\/revisions"}],"predecessor-version":[{"id":2594,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2593\/revisions\/2594"}],"wp:attachment":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}