Results 1 to 16 of 16

Thread: Cyber Security 101

  1. #1
    bored of Vienetta now
    Join Date
    Nov 2009
    Posts
    4,668
    Thanks
    1,105
    Thanked
    661 times in 499 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Cyber Security 101

    FFS people change the flipping passwords.
    Then install updates
    Then run some kind of firewall and secure VPNs
    And hire someone who knows about that stuff to make sure it's all tickety boo.
    Yes you. Even if you're a small company.
    And especially if you're handling defence contracts for a national government.

    Please, don't be like this chump:
    http://www.bbc.co.uk/news/world-australia-41590614
    Quote Originally Posted by BBC
    Mr Clarke told a Sydney security conference that the hacker had exploited a weakness in software being used by the government contractor. The software had not been updated for 12 months.

    The aerospace engineering firm was also using default passwords, he said.
    Last edited by ik9000; 12-10-2017 at 09:18 AM.

  2. #2
    Jam Is Teh Win (again)! Splash's Avatar
    Join Date
    May 2005
    Location
    York
    Posts
    7,625
    Thanks
    194
    Thanked
    686 times in 547 posts
    • Splash's system
      • Motherboard:
      • Asus P8Z68-V Pro/Gen3
      • CPU:
      • 2700K
      • Memory:
      • 32Gb Corsair Vengeance CMZ8GX3M1A1600C10
      • Storage:
      • 120Gb Corsair Force boot, 120Gb Corsair Force games, 1.5Tb Seagate storage
      • Graphics card(s):
      • XFX HD7970 Black Edition
      • PSU:
      • Corsair HX750
      • Case:
      • Lian Li PC-V1000
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Dell 2709W
      • Internet:
      • Virgin 120Mbps

    Re: Cyber Security 101

    If you're an organisation handling UK government data you now need to have attained (or be significantly along the road to attaining, with no new contracts until it's attained) Cyber Essentials status. More info at https://www.ncsc.gov.uk/information/...entials-scheme

    It's a good start, at least.
    Quote Originally Posted by OilSheikh View Post
    You do realize that when I say things like that I don't mean it literally or what can be backed by stats.

  3. #3
    Senior Member
    Join Date
    Dec 2013
    Posts
    2,192
    Thanks
    241
    Thanked
    244 times in 174 posts

    Re: Cyber Security 101

    I now expect any organisation that holds data on me is eventually going to have a breach in their security, it's why i don't like the idea of the state holding details of their citizens on a database, it's such a tempting target and you have next to no choice on whether to participate in it.

  4. #4
    Member
    Join Date
    Mar 2013
    Location
    Lancaster
    Posts
    185
    Thanks
    70
    Thanked
    17 times in 13 posts
    • Mr_Jon's system
      • Motherboard:
      • ASRock AB350M Pro4
      • CPU:
      • Ryzen 5 1600
      • Memory:
      • Ballistix Sport LT DDR4-2666, 24gb
      • Storage:
      • Samsung 840 Series SSD, 120GB
      • Graphics card(s):
      • EVGA GTX 780Ti SC
      • PSU:
      • EVGA SuperNOVA 650 G2
      • Case:
      • Fractal Design Define XL R2 Black Pearl
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Samsung 32" C32F391 Curved

    Re: Cyber Security 101

    Home and Away is not "horrific". Strewth.

  5. #5
    bored of Vienetta now
    Join Date
    Nov 2009
    Posts
    4,668
    Thanks
    1,105
    Thanked
    661 times in 499 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    Quote Originally Posted by Mr_Jon View Post
    Home and Away is not "horrific". Strewth.
    Aw fair dinkum mate, it isn't exactly the best advert for Oz now is it? I mean which mongrel would suggest that a decent aussie fella would use the turns of phrase of Alf Stewart? Now enough of the yacka and less of the disrespect, or these flamin pommie galahs will think that's what's normal down under, when really they just think it's all a bit daggie, y'know?

  6. Received thanks from:

    Mr_Jon (12-10-2017)

  7. #6
    Mostly Me Lucio's Avatar
    Join Date
    Mar 2007
    Location
    Tring
    Posts
    5,159
    Thanks
    441
    Thanked
    448 times in 351 posts
    • Lucio's system
      • Motherboard:
      • Gigabyte GA-970A-UD3P
      • CPU:
      • AMD FX-6350 with Cooler Master Seldon 240
      • Memory:
      • 2x4GB Corsair DDR3 Vengeance
      • Storage:
      • 128GB Toshiba, 2.5" SSD, 1TB WD Blue WD10EZEX, 500GB Seagate Baracuda 7200.11
      • Graphics card(s):
      • Sapphire R9 270X 4GB
      • PSU:
      • 600W Silverstone Strider SST-ST60F
      • Case:
      • Cooler Master HAF XB
      • Operating System:
      • Windows 8.1 64Bit
      • Monitor(s):
      • Samsung 2032BW, 1680 x 1050
      • Internet:
      • 16Mb Plusnet

    Re: Cyber Security 101

    Having nightmares here, my employer has foolishly nominated me to do GDPR compliance checks and oh boy, am I finding a mountain of pain for us ahead.

    Only small ray of sunshine, I did find we were misclassified on our PCI-DSS compliance, so cut our failures from 300 out of 468 questions to 1 out of 23

    (\___/) (\___/) (\___/) (\___/) (\___/) (\___/) (\___/)
    (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=) (='.'=)
    (")_(") (")_(") (")_(") (")_(") (")_(") (")_(") (")_(")


    This is bunny and friends. He is fed up waiting for everyone to help him out, and decided to help himself instead!

  8. #7
    Senior Member spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    684
    Thanks
    42
    Thanked
    121 times in 93 posts
    • spacein_vader's system
      • Motherboard:
      • Asus B85M-G
      • CPU:
      • i5 4460 3.2GHz
      • Memory:
      • 4x4GB Crucial DDR3 1600
      • Storage:
      • 128GB SSD, 256GB SSD
      • Graphics card(s):
      • Asus RX-480 Dual OC 4GB
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Antec Mini P180
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Origin Fibre Max

    Re: Cyber Security 101

    Quote Originally Posted by Lucio View Post
    Having nightmares here, my employer has foolishly nominated me to do GDPR compliance checks and oh boy, am I finding a mountain of pain for us ahead.

    Only small ray of sunshine, I did find we were misclassified on our PCI-DSS compliance, so cut our failures from 300 out of 468 questions to 1 out of 23
    I'm running the GDPR project at a district council. It's not too much of an issue from a data security point if view but things like timely deletion of data is going to be a big change, as is formal written sharing agreements between internal teams as well as 3rd parties.

  9. #8
    bored of Vienetta now
    Join Date
    Nov 2009
    Posts
    4,668
    Thanks
    1,105
    Thanked
    661 times in 499 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    Quote Originally Posted by spacein_vader View Post
    I'm running the GDPR project at a district council. It's not too much of an issue from a data security point if view but things like timely deletion of data is going to be a big change, as is formal written sharing agreements between internal teams as well as 3rd parties.
    just ask my bank to do it. They're so good at scrubbing records they deleted mine without me even wanting them to. For security you understand. My accounts before 2016. Gone. Just Like that. Poof. And this after all that pushing to "go paperless, let us have the hassle etc".

  10. #9
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    6,705
    Thanks
    215
    Thanked
    209 times in 162 posts
    • Spud1's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2x 2.8ghz Quad Core Xeons (octo-core)
      • Memory:
      • 4gb DDR2 FB-Dimm
      • Storage:
      • 1x1TB, 1x320gb, 2x500gb, 1x250gb, 120GB SSD
      • Graphics card(s):
      • Nvidia Geforce 560Ti
      • PSU:
      • Mac pro PSU
      • Case:
      • Mac Pro Case
      • Operating System:
      • Windows 8
      • Monitor(s):
      • 1x22" LG 3D TFT 1x 19" ViewSonic
      • Internet:
      • 80mb BT Infinity

    Re: Cyber Security 101

    Quote Originally Posted by Splash View Post
    If you're an organisation handling UK government data you now need to have attained (or be significantly along the road to attaining, with no new contracts until it's attained) Cyber Essentials status. More info at https://www.ncsc.gov.uk/information/...entials-scheme

    It's a good start, at least.
    It's good in principle, but only if you genuinely follow through on it. It's very, very easy to get past a cyber essentials/CE+ or even ISO27001 audit but to actually implement nothing..and still pass the annual audits. You just have to employ the right contractor to fill in the paperwork and then keep up appearances when the auditors turn up (which is always pre-announced)....

    We genuinely follow through a real implementation of both standards, but i've worked at enough placed that didn't in the past. it's expensive to keep it going if you do it properly, and really does slow down work in an IT company which is why so many don't do it.

    Sadly though the vast majority of breaches occur due to social engineering attacks anyway, so these standards and principles often don't make much difference against serious attacks. It's much easier to walk into a company and plug in a device to a network port, or phone up and ask someone for a password than to actually bother trying to break in

  11. #10
    Jam Is Teh Win (again)! Splash's Avatar
    Join Date
    May 2005
    Location
    York
    Posts
    7,625
    Thanks
    194
    Thanked
    686 times in 547 posts
    • Splash's system
      • Motherboard:
      • Asus P8Z68-V Pro/Gen3
      • CPU:
      • 2700K
      • Memory:
      • 32Gb Corsair Vengeance CMZ8GX3M1A1600C10
      • Storage:
      • 120Gb Corsair Force boot, 120Gb Corsair Force games, 1.5Tb Seagate storage
      • Graphics card(s):
      • XFX HD7970 Black Edition
      • PSU:
      • Corsair HX750
      • Case:
      • Lian Li PC-V1000
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Dell 2709W
      • Internet:
      • Virgin 120Mbps

    Re: Cyber Security 101

    As I said, it's a good start. Way too many companies are focussing on compliance rather than security though: you can be 100% compliant with any number of standards, yet hideously insecure at the same time.

    Quote Originally Posted by OilSheikh View Post
    You do realize that when I say things like that I don't mean it literally or what can be backed by stats.

  12. Received thanks from:

    ik9000 (16-10-2017),Zak33 (16-10-2017)

  13. #11
    HEXUS.timelord. Zak33's Avatar
    Join Date
    Jul 2003
    Location
    I'm a Jessie
    Posts
    33,260
    Thanks
    2,272
    Thanked
    2,461 times in 1,534 posts
    • Zak33's system
      • Storage:
      • Kingston HyperX SSD, Hitachi 1Tb
      • Graphics card(s):
      • AMD R9 290 4gig
      • PSU:
      • Coolermaster 800w
      • Case:
      • Silverstone Fortress FT01
      • Operating System:
      • Win10
      • Monitor(s):
      • Dual Benq 22" 1680x1050
      • Internet:
      • Zen FTC uber speedy

    Re: Cyber Security 101

    the sheer hellish level of spam that HEXUS and bit-tech towers gets is....er......

    hellish?

    so you only need a few innocents out there in the big wide interweb world to click the links, use the username and password or similar and you can imagine the carnage after the trojan is fitted.

    and that doesnt take into account the amount of E CIG USB chargers that are loaded with data capture hardware, does it?

    Or the Wireless keyboard and mouse combo's beiing monitored throughout offices across the globe.....

    Quote Originally Posted by Advice Trinity by Knoxville
    "The second you aren't paying attention to the tool you're using, it will take your fingers from you. It does not know sympathy." |
    "If you don't gaffer it, it will gaffer you" | "Belt and braces"

  14. #12
    bored of Vienetta now
    Join Date
    Nov 2009
    Posts
    4,668
    Thanks
    1,105
    Thanked
    661 times in 499 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Cyber Security 101

    nor the flaw in WPA2 on most people's wifi kit... http://www.bbc.co.uk/news/technology-41635516

  15. Received thanks from:

    MLyons (16-10-2017)

  16. #13
    HEXUS.staff MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    375
    Thanks
    226
    Thanked
    100 times in 65 posts
    • MLyons's system
      • Motherboard:
      • Gigabyte G1.Sniper Z87
      • CPU:
      • 4770k
      • Memory:
      • 4GB/8GB/16GB corsair vengeance LP Depends on how my PC is feeling at the time
      • Storage:
      • 256GB 840 evo 2TB samsung HDD 500GB HDD
      • Graphics card(s):
      • Sapphire 290
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: Cyber Security 101

    Quote Originally Posted by Zak33 View Post
    the sheer hellish level of spam that HEXUS and bit-tech towers gets is....er......

    hellish?

    so you only need a few innocents out there in the big wide interweb world to click the links, use the username and password or similar and you can imagine the carnage after the trojan is fitted.

    and that doesnt take into account the amount of E CIG USB chargers that are loaded with data capture hardware, does it?

    Or the Wireless keyboard and mouse combo's beiing monitored throughout offices across the globe.....
    That ECIG thing was targeted if i remember correctly instead of sweeping.
    Half dev, Half doge. Some say DevDoge

    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯

  17. #14
    Registered+
    Join Date
    Dec 2012
    Posts
    42
    Thanks
    0
    Thanked
    1 time in 1 post
    • Aftermath's system
      • Motherboard:
      • Gigabyte Z77X-D3H
      • CPU:
      • Intel i5 3570K
      • Memory:
      • Corsair Vengeance LP
      • Storage:
      • 2 x Samsung 840, 2 x Seagate Barracuda
      • Graphics card(s):
      • EVGA GTX 780
      • PSU:
      • Corsair AX750
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 8
      • Monitor(s):
      • Asus PB278Q 27" 2560x1440p + BenQ 2420HD 1920x1080
      • Internet:
      • Virgin Media

    Re: Cyber Security 101

    It's easy to say small companies should be doing these things, but when they hire one person to do everything, you can't expect much. Lack of awareness/skills is a huge problem.

  18. #15
    Admin Saracen's Avatar
    Join Date
    Jul 2003
    Posts
    18,037
    Thanks
    940
    Thanked
    3,113 times in 2,211 posts

    Re: Cyber Security 101

    Quote Originally Posted by ik9000 View Post
    FFS people change the flipping passwords.
    Then install updates
    Then run some kind of firewall and secure VPNs
    And hire someone who knows about that stuff to make sure it's all tickety boo.
    Yes you. Even if you're a small company.
    And especially if you're handling defence contracts for a national government.

    Please, don't be like this chump:
    http://www.bbc.co.uk/news/world-australia-41590614

    Or alternatively, for machines that don't need to be net-connected, don't connect them. I have several machines air-gapped. Data is encrypted, backed up 6 ways from Christmas, and probably more secure than the average bank. Needless to say, I'm not discussing all security precautions, but the biggest one is needing to be physically present to have ANY chance of access. And while my data is very valuable to me, it wouldn't mean much to anyone else.
    Noli nothis permittere te terere.


  19. #16
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,980
    Thanks
    2,438
    Thanked
    2,974 times in 2,377 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Cyber Security 101

    Quote Originally Posted by ik9000 View Post
    nor the flaw in WPA2 on most people's wifi kit... http://www.bbc.co.uk/news/technology-41635516
    But that article itself was grossly misleading. The flaw is in the way the standard defines the way the client software connects, not in the server software itself /unless the router is itself is acting as a client (for example, in a wireless bridge).

    There is a good explanation here http://www.draytek.co.uk/information...-vulnerability
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •