Steve's Security Blog | @northvein

Introduction To date, I've facilitated senior level reporting on the performance of security driven activity in almost every position I've held. For the best part, this has been a green-field requirement which has meant that I've been able to set out and make a case for reporting that drives improvement in the real-world security posture (RWSP) of my charge from the get-go. I believe, no matter what else is going on, that if you can inform the changes and behaviours that lead to your organisation protecting itself, you've had a good day. Secondly to driving improvement, KPIs and metrics provide your leadership team with the insight and visibility into the efforts and valuable work of your security team which might otherwise be hidden from them.  There is no shortage of materials and musings about the importance of security KPIs however, despite this, many organisations struggle in a number of ways to define and/or employ them. I thought then I'd share some

On July 27th, 2017 the OIS (Open Information Security Foundation) & the Suricata project team issued a major update release to the Suricata IDS/IPS engine.  The summary of improvements includes: Improved Detection - based on feedback from the rule writing teams at Emerging Threats & Positive Technologies the project added improved inspection for HTTP, SSH & other protocols Improved TLS detection & logging, & the addition of NFS support.  Improved EVE JSON logging functionality including inner/outer ip logging for encapsulated traffic & extended HTTP request/response logging RUST support  Major TCP stream engine update  Full details of the release can be found here .      I've been a big fan & user of Suricata for just over a year now & I've previously written about deploying Suricata on Centos (or RHEL)  here . The project still maintains some of the best documentation for an open project I've come across & you ca

My home lab is (probably) typical of most security professionals: a beefy workstation running VMWare workstation, a beefy-ish workstation running ESXi and a bunch of laptops, switches and other devices.  I utilise a couple of VPS providers for hosting and exposing VMs to the cloud. My VPS provider of choice has been DigitalOcean for the last couple of years (going by my billing history) and to date, they've been excellent. They recently introduced and advertised a new service feature called 'Cloud Firewalls' and I had chance to have a play with them today. Essentially, they've incorporated a network level firewall service to their VPS offering which can be used as an alternative or in addition to host-based firewalls like iptables, firewalld, etc.  Initial Impressions - Pros, Cons and Limitations Pros No Cost (free!!) - Cloud Firewalls are available at no additional cost. Availability - Cloud Firewalls are available in ever region DigitalOcean operate.

There are a couple of reasons why you might want to install Kali linux on an inexpensive hardware platform that you can deploy, abandon or hide somewhere. An obvious use might be to serve as an 'Evil AP' in support of wireless assessments. Kali linux is officially supported on a number of low-cost  ARM based  devices, with Offensive Security maintaining minimal, streamlined pre-built images which can be copied across to an SD card, installed and then configured with the packages you need for the task you have in mind.  Installing Kali Linux on a Raspberry Pi  Offensive Security maintain good documentation  here . For the our needs: Download and verify the image from  here . $ shasum -a 256 /Volumes/SANDISK/kali-2017.01- rpi2.img.xz DD the image over the SD cards $ sudo dd if=kali-2017.01-rpi2.img of=/dev/disk2 bs=1m Insert the SD cards after the dd has completed and boot the rpi. I had a DHCP reservation set on my router so I knew what IP it would get. I al

A well known high street supermarket received a fine from the Information Commissioner's office (ICO) yesterday. I had a look at the details and you can too.  It's not a vast sum but it should be cause for embarrassment. It should also be cause for concern for anyone working there who has anything to do with data protection given the approaching changes to the ICO's powers coming next year with GDPR .  There are still a lot of people who think GDPR will be the next Y2K - I've literally heard two separate groups of people say this. I think a lot of people think that the ICO is a paper tiger and if you pushed them for an example of their actions they'd at best recount TalkTalk's record £400,000 fine. I thought then it might be interesting to review all of the monetary penalties the ICO has issued since the start of this year up to yesterday. All enforcement notices can be viewed online  here .  ICO Monetary penalties - 01/Jan/17 to 17/Jun/17, Introdu

The media coverage of the recent major systems outage at British Airways is some of the worst I can recall reading. Essentially a national institution working in an industry synonymous with resilience, safety and preparation is making a drama out of a crisis and many technical practitioners are still trying to understand what happened.  In the most recent reports, it sounds like a contractor accidentally switched off the power in their datacenter and with it, toppled the first domino in a series which lead to 750,000 passengers being unable to fly and an as yet to be calculated compensation bill.  "It was not an IT issue, it was a power issue" -  British Airways  Nothing in the information they’ve released so far really explains how this course of events came to transpire nor does it provide any confidence or assurance around BA’s approach to business continuity planning (BCP) or disaster recovery (DR). Essentially, someone was able to gain access to and then p