Results 1 to 16 of 16

Thread: Cyber Security 101

  1. #1
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Cyber Security 101

    FFS people change the flipping passwords.
    Then install updates
    Then run some kind of firewall and secure VPNs
    And hire someone who knows about that stuff to make sure it's all tickety boo.
    Yes you. Even if you're a small company.
    And especially if you're handling defence contracts for a national government.

    Please, don't be like this chump:
    http://www.bbc.co.uk/news/world-australia-41590614
    Quote Originally Posted by BBC
    Mr Clarke told a Sydney security conference that the hacker had exploited a weakness in software being used by the government contractor. The software had not been updated for 12 months.

    The aerospace engineering firm was also using default passwords, he said.
    Last edited by ik9000; 12-10-2017 at 09:18 AM.

  2. #2
    Splash
    Guest

    Re: Cyber Security 101

    If you're an organisation handling UK government data you now need to have attained (or be significantly along the road to attaining, with no new contracts until it's attained) Cyber Essentials status. More info at https://www.ncsc.gov.uk/information/...entials-scheme

    It's a good start, at least.

  3. #3
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Cyber Security 101

    I now expect any organisation that holds data on me is eventually going to have a breach in their security, it's why i don't like the idea of the state holding details of their citizens on a database, it's such a tempting target and you have next to no choice on whether to participate in it.

  4. #4
    bios curious
    Join Date
    Mar 2013
    Location
    Lancashire
    Posts
    333
    Thanks
    206
    Thanked
    46 times in 38 posts
    • Mr_Jon's system
      • Motherboard:
      • ASRock AB350 Pro4
      • CPU:
      • Ryzen 3800x
      • Memory:
      • 48GB
      • Storage:
      • Samsung 970 EVO NVME
      • Graphics card(s):
      • 6750XT
      • PSU:
      • EVGA SuperNOVA 650 G2
      • Case:
      • Fractal Design Define XL R2
      • Operating System:
      • Windows 11 Pro
      • Monitor(s):
      • Samsung C32JG50 WQHD @ 144hz

    Re: Cyber Security 101

    Home and Away is not "horrific". Strewth.

  5. #5
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    Quote Originally Posted by Mr_Jon View Post
    Home and Away is not "horrific". Strewth.
    Aw fair dinkum mate, it isn't exactly the best advert for Oz now is it? I mean which mongrel would suggest that a decent aussie fella would use the turns of phrase of Alf Stewart? Now enough of the yacka and less of the disrespect, or these flamin pommie galahs will think that's what's normal down under, when really they just think it's all a bit daggie, y'know?

  6. Received thanks from:

    Mr_Jon (12-10-2017)

  7. #6
    Mostly Me Lucio's Avatar
    Join Date
    Mar 2007
    Location
    Tring
    Posts
    5,163
    Thanks
    443
    Thanked
    448 times in 351 posts
    • Lucio's system
      • Motherboard:
      • Gigabyte GA-970A-UD3P
      • CPU:
      • AMD FX-6350 with Cooler Master Seldon 240
      • Memory:
      • 2x4GB Corsair DDR3 Vengeance
      • Storage:
      • 128GB Toshiba, 2.5" SSD, 1TB WD Blue WD10EZEX, 500GB Seagate Baracuda 7200.11
      • Graphics card(s):
      • Sapphire R9 270X 4GB
      • PSU:
      • 600W Silverstone Strider SST-ST60F
      • Case:
      • Cooler Master HAF XB
      • Operating System:
      • Windows 8.1 64Bit
      • Monitor(s):
      • Samsung 2032BW, 1680 x 1050
      • Internet:
      • 16Mb Plusnet

    Re: Cyber Security 101

    Having nightmares here, my employer has foolishly nominated me to do GDPR compliance checks and oh boy, am I finding a mountain of pain for us ahead.

    Only small ray of sunshine, I did find we were misclassified on our PCI-DSS compliance, so cut our failures from 300 out of 468 questions to 1 out of 23

    (\___/) (\___/) (\___/) (\___/) (\___/) (\___/) (\___/)
    (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=)
    (")_(") (")_(") (")_(") (")_(") (")_(") (")_(") (")_(")


    This is bunny and friends. He is fed up waiting for everyone to help him out, and decided to help himself instead!

  8. #7
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,086 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: Cyber Security 101

    Quote Originally Posted by Lucio View Post
    Having nightmares here, my employer has foolishly nominated me to do GDPR compliance checks and oh boy, am I finding a mountain of pain for us ahead.

    Only small ray of sunshine, I did find we were misclassified on our PCI-DSS compliance, so cut our failures from 300 out of 468 questions to 1 out of 23
    I'm running the GDPR project at a district council. It's not too much of an issue from a data security point if view but things like timely deletion of data is going to be a big change, as is formal written sharing agreements between internal teams as well as 3rd parties.

  9. #8
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    Quote Originally Posted by spacein_vader View Post
    I'm running the GDPR project at a district council. It's not too much of an issue from a data security point if view but things like timely deletion of data is going to be a big change, as is formal written sharing agreements between internal teams as well as 3rd parties.
    just ask my bank to do it. They're so good at scrubbing records they deleted mine without me even wanting them to. For security you understand. My accounts before 2016. Gone. Just Like that. Poof. And this after all that pushing to "go paperless, let us have the hassle etc".

  10. #9
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    7,508
    Thanks
    336
    Thanked
    320 times in 255 posts
    • Spud1's system
      • Motherboard:
      • Gigabyte Aorus Master
      • CPU:
      • 9900k
      • Memory:
      • 16GB GSkill Trident Z
      • Storage:
      • Lots.
      • Graphics card(s):
      • RTX3090
      • PSU:
      • 750w
      • Case:
      • BeQuiet Dark Base Pro rev.2
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Asus PG35VQ
      • Internet:
      • 910/100mb Fibre

    Re: Cyber Security 101

    Quote Originally Posted by Splash View Post
    If you're an organisation handling UK government data you now need to have attained (or be significantly along the road to attaining, with no new contracts until it's attained) Cyber Essentials status. More info at https://www.ncsc.gov.uk/information/...entials-scheme

    It's a good start, at least.
    It's good in principle, but only if you genuinely follow through on it. It's very, very easy to get past a cyber essentials/CE+ or even ISO27001 audit but to actually implement nothing..and still pass the annual audits. You just have to employ the right contractor to fill in the paperwork and then keep up appearances when the auditors turn up (which is always pre-announced)....

    We genuinely follow through a real implementation of both standards, but i've worked at enough placed that didn't in the past. it's expensive to keep it going if you do it properly, and really does slow down work in an IT company which is why so many don't do it.

    Sadly though the vast majority of breaches occur due to social engineering attacks anyway, so these standards and principles often don't make much difference against serious attacks. It's much easier to walk into a company and plug in a device to a network port, or phone up and ask someone for a password than to actually bother trying to break in

  11. #10
    Splash
    Guest

    Re: Cyber Security 101

    As I said, it's a good start. Way too many companies are focussing on compliance rather than security though: you can be 100% compliant with any number of standards, yet hideously insecure at the same time.


  12. Received thanks from:

    ik9000 (16-10-2017),Zak33 (16-10-2017)

  13. #11
    HEXUS.timelord. Zak33's Avatar
    Join Date
    Jul 2003
    Location
    I'm a Jessie
    Posts
    35,176
    Thanks
    3,121
    Thanked
    3,173 times in 1,922 posts
    • Zak33's system
      • Storage:
      • Kingston HyperX SSD, Hitachi 1Tb
      • Graphics card(s):
      • Nvidia 1050
      • PSU:
      • Coolermaster 800w
      • Case:
      • Silverstone Fortress FT01
      • Operating System:
      • Win10
      • Internet:
      • Zen FTC uber speedy

    Re: Cyber Security 101

    the sheer hellish level of spam that HEXUS and bit-tech towers gets is....er......

    hellish?

    so you only need a few innocents out there in the big wide interweb world to click the links, use the username and password or similar and you can imagine the carnage after the trojan is fitted.

    and that doesnt take into account the amount of E CIG USB chargers that are loaded with data capture hardware, does it?

    Or the Wireless keyboard and mouse combo's beiing monitored throughout offices across the globe.....

    Quote Originally Posted by Advice Trinity by Knoxville
    "The second you aren't paying attention to the tool you're using, it will take your fingers from you. It does not know sympathy." |
    "If you don't gaffer it, it will gaffer you" | "Belt and braces"

  14. #12
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,701
    Thanks
    1,839
    Thanked
    1,434 times in 1,057 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    nor the flaw in WPA2 on most people's wifi kit... http://www.bbc.co.uk/news/technology-41635516

  15. Received thanks from:

    MLyons (16-10-2017)

  16. #13
    Administrator MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    473
    Thanks
    310
    Thanked
    156 times in 92 posts
    • MLyons's system
      • Motherboard:
      • ASUS PRIME X470-PRO
      • CPU:
      • 2700x
      • Memory:
      • 16GB DDR4 Corsair RGB
      • Storage:
      • 500GB MX500 500GB HDD 2TB SSD
      • Graphics card(s):
      • EVGA SC2 1080Ti
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: Cyber Security 101

    Quote Originally Posted by Zak33 View Post
    the sheer hellish level of spam that HEXUS and bit-tech towers gets is....er......

    hellish?

    so you only need a few innocents out there in the big wide interweb world to click the links, use the username and password or similar and you can imagine the carnage after the trojan is fitted.

    and that doesnt take into account the amount of E CIG USB chargers that are loaded with data capture hardware, does it?

    Or the Wireless keyboard and mouse combo's beiing monitored throughout offices across the globe.....
    That ECIG thing was targeted if i remember correctly instead of sweeping.
    Half dev, Half doge. Some say DevDoge

    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯

  17. #14
    Registered+
    Join Date
    Dec 2012
    Posts
    42
    Thanks
    0
    Thanked
    1 time in 1 post
    • Aftermath's system
      • Motherboard:
      • Gigabyte Z77X-D3H
      • CPU:
      • Intel i5 3570K
      • Memory:
      • Corsair Vengeance LP
      • Storage:
      • 2 x Samsung 840, 2 x Seagate Barracuda
      • Graphics card(s):
      • EVGA GTX 780
      • PSU:
      • Corsair AX750
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 8
      • Monitor(s):
      • Asus PB278Q 27" 2560x1440p + BenQ 2420HD 1920x1080
      • Internet:
      • Virgin Media

    Re: Cyber Security 101

    It's easy to say small companies should be doing these things, but when they hire one person to do everything, you can't expect much. Lack of awareness/skills is a huge problem.

  18. #15
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Cyber Security 101

    Quote Originally Posted by ik9000 View Post
    FFS people change the flipping passwords.
    Then install updates
    Then run some kind of firewall and secure VPNs
    And hire someone who knows about that stuff to make sure it's all tickety boo.
    Yes you. Even if you're a small company.
    And especially if you're handling defence contracts for a national government.

    Please, don't be like this chump:
    http://www.bbc.co.uk/news/world-australia-41590614

    Or alternatively, for machines that don't need to be net-connected, don't connect them. I have several machines air-gapped. Data is encrypted, backed up 6 ways from Christmas, and probably more secure than the average bank. Needless to say, I'm not discussing all security precautions, but the biggest one is needing to be physically present to have ANY chance of access. And while my data is very valuable to me, it wouldn't mean much to anyone else.

  19. #16
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Cyber Security 101

    Quote Originally Posted by ik9000 View Post
    nor the flaw in WPA2 on most people's wifi kit... http://www.bbc.co.uk/news/technology-41635516
    But that article itself was grossly misleading. The flaw is in the way the standard defines the way the client software connects, not in the server software itself /unless the router is itself is acting as a client (for example, in a wireless bridge).

    There is a good explanation here http://www.draytek.co.uk/information...-vulnerability
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •