Results 1 to 16 of 16

Thread: Cyber Security 101

  1. #1
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    536 times in 416 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Cyber Security 101

    FFS people change the flipping passwords.
    Then install updates
    Then run some kind of firewall and secure VPNs
    And hire someone who knows about that stuff to make sure it's all tickety boo.
    Yes you. Even if you're a small company.
    And especially if you're handling defence contracts for a national government.

    Please, don't be like this chump:
    http://www.bbc.co.uk/news/world-australia-41590614
    Quote Originally Posted by BBC
    Mr Clarke told a Sydney security conference that the hacker had exploited a weakness in software being used by the government contractor. The software had not been updated for 12 months.

    The aerospace engineering firm was also using default passwords, he said.
    Last edited by ik9000; 12-10-2017 at 09:18 AM.

  2. #2
    Jam Is Teh Win (again)! Splash's Avatar
    Join Date
    May 2005
    Location
    York
    Posts
    7,608
    Thanks
    193
    Thanked
    683 times in 544 posts
    • Splash's system
      • Motherboard:
      • Asus P8Z68-V Pro/Gen3
      • CPU:
      • 2700K
      • Memory:
      • 32Gb Corsair Vengeance CMZ8GX3M1A1600C10
      • Storage:
      • 120Gb Corsair Force boot, 120Gb Corsair Force games, 1.5Tb Seagate storage
      • Graphics card(s):
      • XFX HD7970 Black Edition
      • PSU:
      • Corsair HX750
      • Case:
      • Lian Li PC-V1000
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Dell 2709W
      • Internet:
      • Virgin 120Mbps

    Re: Cyber Security 101

    If you're an organisation handling UK government data you now need to have attained (or be significantly along the road to attaining, with no new contracts until it's attained) Cyber Essentials status. More info at https://www.ncsc.gov.uk/information/...entials-scheme

    It's a good start, at least.
    Quote Originally Posted by OilSheikh View Post
    You do realize that when I say things like that I don't mean it literally or what can be backed by stats.

  3. #3
    Senior Member
    Join Date
    Dec 2013
    Posts
    1,750
    Thanks
    148
    Thanked
    156 times in 114 posts

    Re: Cyber Security 101

    I now expect any organisation that holds data on me is eventually going to have a breach in their security, it's why i don't like the idea of the state holding details of their citizens on a database, it's such a tempting target and you have next to no choice on whether to participate in it.

  4. #4
    Member
    Join Date
    Mar 2013
    Location
    Lancaster
    Posts
    125
    Thanks
    36
    Thanked
    5 times in 5 posts
    • Mr_Jon's system
      • Motherboard:
      • ASRock AB350M Pro4
      • CPU:
      • Ryzen 5 1600
      • Memory:
      • Ballistix Sport LT DDR4-2666, 8gb
      • Storage:
      • Samsung 840 Series SSD, 120GB
      • Graphics card(s):
      • EVGA GTX 780Ti SC
      • PSU:
      • EVGA SuperNOVA 650 G2
      • Case:
      • Fractal Design Define XL R2 Black Pearl
      • Operating System:
      • Windows 10 Pro, 64 bit
      • Monitor(s):
      • Samsung 32" C32F391 Curved @ 1080p

    Re: Cyber Security 101

    Home and Away is not "horrific". Strewth.

  5. #5
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    536 times in 416 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    Quote Originally Posted by Mr_Jon View Post
    Home and Away is not "horrific". Strewth.
    Aw fair dinkum mate, it isn't exactly the best advert for Oz now is it? I mean which mongrel would suggest that a decent aussie fella would use the turns of phrase of Alf Stewart? Now enough of the yacka and less of the disrespect, or these flamin pommie galahs will think that's what's normal down under, when really they just think it's all a bit daggie, y'know?

  6. Received thanks from:

    Mr_Jon (12-10-2017)

  7. #6
    Mostly Me Lucio's Avatar
    Join Date
    Mar 2007
    Location
    Tring
    Posts
    5,158
    Thanks
    441
    Thanked
    448 times in 351 posts
    • Lucio's system
      • Motherboard:
      • Gigabyte GA-970A-UD3P
      • CPU:
      • AMD FX-6350 with Cooler Master Seldon 240
      • Memory:
      • 2x4GB Corsair DDR3 Vengeance
      • Storage:
      • 128GB Toshiba, 2.5" SSD, 1TB WD Blue WD10EZEX, 500GB Seagate Baracuda 7200.11
      • Graphics card(s):
      • Sapphire R9 270X 4GB
      • PSU:
      • 600W Silverstone Strider SST-ST60F
      • Case:
      • Cooler Master HAF XB
      • Operating System:
      • Windows 8.1 64Bit
      • Monitor(s):
      • Samsung 2032BW, 1680 x 1050
      • Internet:
      • 16Mb Plusnet

    Re: Cyber Security 101

    Having nightmares here, my employer has foolishly nominated me to do GDPR compliance checks and oh boy, am I finding a mountain of pain for us ahead.

    Only small ray of sunshine, I did find we were misclassified on our PCI-DSS compliance, so cut our failures from 300 out of 468 questions to 1 out of 23

    (\___/) (\___/) (\___/) (\___/) (\___/) (\___/) (\___/)
    (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=)
    (")_(") (")_(") (")_(") (")_(") (")_(") (")_(") (")_(")


    This is bunny and friends. He is fed up waiting for everyone to help him out, and decided to help himself instead!

  8. #7
    Senior Member
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    400
    Thanks
    39
    Thanked
    67 times in 53 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: Cyber Security 101

    Quote Originally Posted by Lucio View Post
    Having nightmares here, my employer has foolishly nominated me to do GDPR compliance checks and oh boy, am I finding a mountain of pain for us ahead.

    Only small ray of sunshine, I did find we were misclassified on our PCI-DSS compliance, so cut our failures from 300 out of 468 questions to 1 out of 23
    I'm running the GDPR project at a district council. It's not too much of an issue from a data security point if view but things like timely deletion of data is going to be a big change, as is formal written sharing agreements between internal teams as well as 3rd parties.

  9. #8
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    536 times in 416 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    Quote Originally Posted by spacein_vader View Post
    I'm running the GDPR project at a district council. It's not too much of an issue from a data security point if view but things like timely deletion of data is going to be a big change, as is formal written sharing agreements between internal teams as well as 3rd parties.
    just ask my bank to do it. They're so good at scrubbing records they deleted mine without me even wanting them to. For security you understand. My accounts before 2016. Gone. Just Like that. Poof. And this after all that pushing to "go paperless, let us have the hassle etc".

  10. #9
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    6,628
    Thanks
    208
    Thanked
    203 times in 158 posts
    • Spud1's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2x 2.8ghz Quad Core Xeons (octo-core)
      • Memory:
      • 4gb DDR2 FB-Dimm
      • Storage:
      • 1x1TB, 1x320gb, 2x500gb, 1x250gb, 120GB SSD
      • Graphics card(s):
      • Nvidia Geforce 560Ti
      • PSU:
      • Mac pro PSU
      • Case:
      • Mac Pro Case
      • Operating System:
      • Windows 8
      • Monitor(s):
      • 1x22" LG 3D TFT 1x 19" ViewSonic
      • Internet:
      • 80mb BT Infinity

    Re: Cyber Security 101

    Quote Originally Posted by Splash View Post
    If you're an organisation handling UK government data you now need to have attained (or be significantly along the road to attaining, with no new contracts until it's attained) Cyber Essentials status. More info at https://www.ncsc.gov.uk/information/...entials-scheme

    It's a good start, at least.
    It's good in principle, but only if you genuinely follow through on it. It's very, very easy to get past a cyber essentials/CE+ or even ISO27001 audit but to actually implement nothing..and still pass the annual audits. You just have to employ the right contractor to fill in the paperwork and then keep up appearances when the auditors turn up (which is always pre-announced)....

    We genuinely follow through a real implementation of both standards, but i've worked at enough placed that didn't in the past. it's expensive to keep it going if you do it properly, and really does slow down work in an IT company which is why so many don't do it.

    Sadly though the vast majority of breaches occur due to social engineering attacks anyway, so these standards and principles often don't make much difference against serious attacks. It's much easier to walk into a company and plug in a device to a network port, or phone up and ask someone for a password than to actually bother trying to break in

  11. #10
    Jam Is Teh Win (again)! Splash's Avatar
    Join Date
    May 2005
    Location
    York
    Posts
    7,608
    Thanks
    193
    Thanked
    683 times in 544 posts
    • Splash's system
      • Motherboard:
      • Asus P8Z68-V Pro/Gen3
      • CPU:
      • 2700K
      • Memory:
      • 32Gb Corsair Vengeance CMZ8GX3M1A1600C10
      • Storage:
      • 120Gb Corsair Force boot, 120Gb Corsair Force games, 1.5Tb Seagate storage
      • Graphics card(s):
      • XFX HD7970 Black Edition
      • PSU:
      • Corsair HX750
      • Case:
      • Lian Li PC-V1000
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Dell 2709W
      • Internet:
      • Virgin 120Mbps

    Re: Cyber Security 101

    As I said, it's a good start. Way too many companies are focussing on compliance rather than security though: you can be 100% compliant with any number of standards, yet hideously insecure at the same time.

    Quote Originally Posted by OilSheikh View Post
    You do realize that when I say things like that I don't mean it literally or what can be backed by stats.

  12. Received thanks from:

    ik9000 (16-10-2017),Zak33 (16-10-2017)

  13. #11
    HEXUS.timelord. Zak33's Avatar
    Join Date
    Jul 2003
    Location
    I'm a Jessie
    Posts
    32,545
    Thanks
    2,080
    Thanked
    2,267 times in 1,409 posts
    • Zak33's system
      • Storage:
      • Kingston HyperX SSD, Hitachi 1Tb
      • Graphics card(s):
      • AMD R9 290 4gig
      • PSU:
      • Coolermaster 800w
      • Case:
      • Silverstone Fortress FT01
      • Operating System:
      • Win10
      • Monitor(s):
      • Dual Benq 22" 1680x1050
      • Internet:
      • Zen FTC uber speedy

    Re: Cyber Security 101

    the sheer hellish level of spam that HEXUS and bit-tech towers gets is....er......

    hellish?

    so you only need a few innocents out there in the big wide interweb world to click the links, use the username and password or similar and you can imagine the carnage after the trojan is fitted.

    and that doesnt take into account the amount of E CIG USB chargers that are loaded with data capture hardware, does it?

    Or the Wireless keyboard and mouse combo's beiing monitored throughout offices across the globe.....

    Quote Originally Posted by Advice Trinity by Knoxville
    "The second you aren't paying attention to the tool you're using, it will take your fingers from you. It does not know sympathy." |
    "If you don't gaffer it, it will gaffer you" | "Belt and braces"

  14. #12
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    536 times in 416 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    nor the flaw in WPA2 on most people's wifi kit... http://www.bbc.co.uk/news/technology-41635516

  15. Received thanks from:

    MLyons (16-10-2017)

  16. #13
    HEXUS.staff MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    240
    Thanks
    117
    Thanked
    42 times in 32 posts
    • MLyons's system
      • Motherboard:
      • Gigabyte G1.Sniper Z87
      • CPU:
      • 4770k
      • Memory:
      • 4GB/8GB/16GB corsair vengeance LP Depends on how my PC is feeling at the time
      • Storage:
      • 256GB 840 evo 2TB samsung HDD 500GB HDD
      • Graphics card(s):
      • Sapphire 290
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: Cyber Security 101

    Quote Originally Posted by Zak33 View Post
    the sheer hellish level of spam that HEXUS and bit-tech towers gets is....er......

    hellish?

    so you only need a few innocents out there in the big wide interweb world to click the links, use the username and password or similar and you can imagine the carnage after the trojan is fitted.

    and that doesnt take into account the amount of E CIG USB chargers that are loaded with data capture hardware, does it?

    Or the Wireless keyboard and mouse combo's beiing monitored throughout offices across the globe.....
    That ECIG thing was targeted if i remember correctly instead of sweeping.
    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯


    ̿̿ ̿̿ ̿̿ ̿'̿'\̵͇̿̿\з= ( ▀ ͜͞ʖ▀) =ε/̵͇̿̿/’̿’̿ ̿ ̿̿ ̿̿ ̿̿

  17. #14
    Registered+
    Join Date
    Dec 2012
    Posts
    42
    Thanks
    0
    Thanked
    1 time in 1 post
    • Aftermath's system
      • Motherboard:
      • Gigabyte Z77X-D3H
      • CPU:
      • Intel i5 3570K
      • Memory:
      • Corsair Vengeance LP
      • Storage:
      • 2 x Samsung 840, 2 x Seagate Barracuda
      • Graphics card(s):
      • EVGA GTX 780
      • PSU:
      • Corsair AX750
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 8
      • Monitor(s):
      • Asus PB278Q 27" 2560x1440p + BenQ 2420HD 1920x1080
      • Internet:
      • Virgin Media

    Re: Cyber Security 101

    It's easy to say small companies should be doing these things, but when they hire one person to do everything, you can't expect much. Lack of awareness/skills is a huge problem.

  18. #15
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    17,503
    Thanks
    835
    Thanked
    3,005 times in 2,127 posts

    Re: Cyber Security 101

    Quote Originally Posted by ik9000 View Post
    FFS people change the flipping passwords.
    Then install updates
    Then run some kind of firewall and secure VPNs
    And hire someone who knows about that stuff to make sure it's all tickety boo.
    Yes you. Even if you're a small company.
    And especially if you're handling defence contracts for a national government.

    Please, don't be like this chump:
    http://www.bbc.co.uk/news/world-australia-41590614

    Or alternatively, for machines that don't need to be net-connected, don't connect them. I have several machines air-gapped. Data is encrypted, backed up 6 ways from Christmas, and probably more secure than the average bank. Needless to say, I'm not discussing all security precautions, but the biggest one is needing to be physically present to have ANY chance of access. And while my data is very valuable to me, it wouldn't mean much to anyone else.
    Noli nothis permittere te terere.


  19. #16
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,103
    Thanks
    2,183
    Thanked
    2,757 times in 2,208 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Cyber Security 101

    Quote Originally Posted by ik9000 View Post
    nor the flaw in WPA2 on most people's wifi kit... http://www.bbc.co.uk/news/technology-41635516
    But that article itself was grossly misleading. The flaw is in the way the standard defines the way the client software connects, not in the server software itself /unless the router is itself is acting as a client (for example, in a wireless bridge).

    There is a good explanation here http://www.draytek.co.uk/information...-vulnerability
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •