Ads 468x60px

22 February 2021

Cybersecurity Services

I came across an RFP last week about Cybersecurity Services for a spanish public administration which, I think, is really interesting because the RFP addresses the main cybersecurity services to protect data and services of citizens. However, these cybersecurity services can also be applied to protect data and services of any company. What’s really interesting is the well-written of the RFP where there are only cybersecurity services and not other kind of services. Therefore, cybersecurity companies can applied easily to this RFP.

First of all, the National Security Scheme, or ENS in spanish, has to be implemented as well as the General Data Protection Regulation (GDPR). As a result, ENS requires to write the adaptation plan, security policy, risk analysis, incident response plan, security awareness, etc. On the other hand, GDPR requires data protection impact assessments, record of processing activities, etc. In addition, GDPR requires a Data Protection Officer (DPO). All of these tasks are mandatory and are really important before taking the plunge to technical tasks.

The IT Security Audit should be the next step to know the security status of the organization. This is the best way to have the security measures which have to be implemented. What kind of security audit is required? A pentesting is mandatory as well as a networking audit to know the vulnerabilities of all assets connected to the network. In addition, they require IDS/IPS, NAC and VPN appliances to control all devices which are going to be connected to the network.

There is a big chapter about monitorization and protection where there are network firewalls and web application firewalls (WAF) as well as web monitorization to know availability of web applications. What’s more, there is a DNS Security service to block access to malicious websites at the DNS layer. In addition, all of these appliances and services will protect users and services from malicious attackers.

Finally, the RFP requires an Incident Response Service, Security Assessment and Training. I think these services are important to be up to date in cybersecuirty subjects because they are going to be able to ask advice of any security matter as well as they are going to have an incident response team to investigate network intrusions and mitigate data loss. Moreover, this chapter includes a SIEM appliance to get all security logs and improve security visibility.

To sum up, you can see here an overview of an RFP. You can see all services and appliances you can require. It’s up to you to require all of these services, or even include more security services or devices, but it’s highly recommended to ask only security things instead of requiring other kind of services which are not security things, because if you mix security with something else, most cybersecurity companies will not able to apply to your RFP.

Have a nice day my friends! Drop me a line with the first thing you are thinking!

15 February 2021

UK’s National Cyber Force (NFC)

I didn’t know what to write this week in the blog but I wanted to write. I’ve been reading about the new European Cybersecurity Policy, which is still a draft policy. I’ve been also reading about FortiNAC, F5 BIG-IP, Kubernetes & Nginx but I didn’t feel like writing about it. Finally, I’ve come across a news, I saved weeks ago, about the new National Cyber Force (NCF) announced by the UK government. Therefore, I’m going to write about this new taskforce and what are the principal objectives of the NCF.

At the end of the last year, the UK Primer Minister announced a new partnership: the National Cyber Force (NFC). This new partnership is the result of cooperation of four organizations: MoD, GCHQ, MI6 and DSTL. In fact, these four organizations are going to collaborate under one unified command for the first time. It seems there is no other organization like this in the world, to date. This specialist cyber unit is going to multiply tenfold the number of government employees in offensive cyber and cyber-crime roles over the next ten years, which are to be drawn from security services, the military and industry.

What’s amazing is that this specialist cyber unit has the objective to degrade, disrupt and even destroy communications systems of those that pose a security threat. Therefore, they can use whatever they want, such as hacking tools, intelligence information or deception tools, to attack to somebody, company or country who is a security threat for them. It’s also interesting the NFC will use behavioural science tactics to communicate with attackers to undermine their morale and dissuade them. All of these tactics are in contrast to the actual NCSC body which main function is to help the public sector, businesses and the public to respond to, and recover from, cyber incidents.

The change from defensive to offensive is the result of a comprehensive government review into security and defence policies. In fact, the defence spending will raise to 2,2% of GDP where there is also a budget for a new agency dedicated to Artificial Intelligence and a new "Space Command". This change, from defensive to offensive, is due to the fact that China and US are also changed to offensive operations in 2019. Moreover, Brexit and COVID-19 have increased the threats of hybrid warfare influencing the creation of NFC.

I would like to have more information about the Force’s activities but most of them will be secret and clandestine. In fact, the secrecy will be crucial for the success of operations. However, all operations will have to be approved by the government. We’ll see! As offensive operations will have to be coordinated with defensive operations, maybe, we’ll see a little bit weird defensive operations.

Have a nice day my friends! Did you know this Force?

8 February 2021

EU Cybersecurity Strategy (III)

This is the third week writing about EU Cybersecurity Strategy. I’ve already read the whole strategy. The first chapter is mainly for building European cyber security technology. The second chapter is mainly for building operational capacity to prevent, deter and respond. However, this third chapter tell us about how the EU is going to work with international partners such as third countries, international organizations and the multi-stakeholder community. In addition, this third chapter tell us how the EU wants to lead on standards, norms and frameworks in cyberspace.

The EU wants to step up its engagement in, and leadership on international standardisation processes, and enhance its representation in international and European standardisation bodies. The Commission would also like to develop an EU position on the application of international law in cyberspace as well as the EU wants to continue the leadership on the protection and promotion of human rights and fundamental freedoms. Furthermore, the EU will continue to support third countries that wish to accede to the Council of Europe Budapest Convention on Cybercrime.

There is one really interesting sentence in this third chapter, which says “No single entity, government, or international organisation should seek to control the Internet”. Therefore, the EU will strongly support and promote the multi-stakeholder model for Internet governance. This means the Commission will reinforce regular and structured exchanges with stakeholders, including the private sector, academia and civil society. What’s more, I think it’s really interesting how the Commission wants to promote the EU vision of cyberspace, and exchange information, with an informal EU Cyber Diplomacy Network.

Finally, the EU Cybersecurity Strategy would like to develop an EU External Cyber Capacity Building Agenda to steer efforts in line with the External Cyber Capacity Building Guidelines and the Agenda 2030 for Sustainable Development. In addition, I think it’s really useful that the EU continue to assist countries in tackling the growing challenge of malicious cyber activities that harm the development of societies and the integrity and security of democratic systems. Actually, it’s not only useful but also needed.

To sum up, I think this third chapter has lots of interesting initiatives. I really like the informal EU Cyber Diplomacy Network to exchange information and expand EU cyber dialogue with third countries, regional and international organisations and I also like the Commission takes into account the integrity and security of democratic systems. Obviously, the application of human rights and fundamental freedoms in cyberspace is really important. Therefore, it’s mandatory to be in the strategy.

Have a nice day my friends!

1 February 2021

EU Cybersecurity Strategy (II)

I wrote about EU Cybersecurity Strategy last week and I’m going to keep writing about it this week. I’ll write about building operational capacity to prevent, deter and respond. I’ll write about how Member State authorities are going to build a systematic and comprehensive information sharing and they are going to cooperate for a common response. This is the second chapter of the strategy where all EU institutions, bodies and agencies have to agree each other how they are going to cooperate against cyber threat.

The first step for cooperation will be a Joint Cyber Unit which will be a virtual and physical platform with a focus on operational and technical coordination against major cross border cyber incidents and threats. This Unit will have a “need-to-share” mind-set and will harness the progress achieved within the NIS Cooperation Group and the CyCLONe Network. The Unit would fulfil three main objetives: preparedness, awareness, and response.

Most people use technology and most of us have a dependence on online tools. As a result, the attack surface has increased exponentially. There are lots of types of crime with a digital component which require identification and prosecution of offenders. Therefore, tackling cybercrime effectively is another key factor in the EU Cybersecurity Strategy. The Commission wants to improve the capacity of law enforcement to investigate cybercrime, fully respecting fundamental rights and pursuing the required balance between various rights and interests.

The EU Cybersecurity Strategy also highlights the cyber diplomacy toolbox, which is a range of measures, including sanctions, for a diplomatic response to malicious cyber activities. According to the strategy, there will be a Member States’ EU cyber intelligence working group residing within the EU Intelligence and Situation Center (INTCER) to advance strategic intelligence cooperation on cyber threats and activities.

Finally, boosting cyber defense capabilities is another strategic iniciative to prevent, discourage, deter and respond to malicious cyber activities. Review the Cyber Defense Policy Framework (CDPF) and facilitate the development of an EU “Military Vision and Strategy on Cyberspace as a Domain of Operations” for CSDP military missions and operations are objetives for cyber defense capabilities, as well as, support synergies between civil, defense and space industries; and reinforce cybersecurity of critical space infrastructures under the Space Programme.

To sum up, this second chapter of the EU Cybersecurity Strategy is mainly focused on cyber defense with a new Unit, new laws and new diplomacy tools to prevent cyber threat.

Have a nice day! I encourage you to read this kind of strategies to learn deeply about Cybersecurity!

25 January 2021

EU Cybersecurity Strategy (I)

I like reading Cybersecurity Strategies to know what are the next steps about Cybersecurity in the world. I’ve read lots of them since I wrote about “Spain is sold in 2013. I’ve read about Security Directives for the European Union, DoD Cyber Strategy of the U.S. of America, National Cyber Strategy of the U.S. of America, Revue Stratégique Cyberdéfense de France and National Cybersecurity Strategy of Spain. I’m going to write today about the new EU Cybersecurity Strategy which has been released recently.

The new EU Cybersecurity Strategy addresses three areas of action – (1) resilience, technological sovereignty and leadership, (2) building operational capacity to prevent, deter and respond, and (3) advancing a global and open cyberspace. I’m going to write today about the first one which is the largest area of action.

First of all, the Commission proposes to reform the Security Directives for the European Union. The reformed NIS Directive will provide the basis for more specific rules for strategically important sectors such as energy, transport and health. In addition, the Cybersecurity Strategy proposes to build a European Cyber Shield with Security Operation Centres across the EU. In fact, the goal would be to connect as many centres as possible across the EU to create collective knowledge and share best practices.

An ultra-secure communication infrastructure is also required by the European Union to transmit confidential information using an ultra-secure form of encryption to shield against cyberattacks. What’s more, it will be built with European Technology. In addition, it will have two main components: terrestrial fibre communication networks and space satellites covering the whole EU. Moreover, securing the next generation of broadband mobile communications such as 5G and future generations of networks are of great interest in this Cybersecurity Strategy because we should avoid dependencies and to foster a sustainable and diverse supply chain.

As the Internet of Things proliferates, the Commission also wants to prepare European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity for IoT products, IoT services and IoT processes in the Union. In addition to an Internet of Secure Things, the Commision intends to develop a contingency plan for dealing with extreme scenarios affecting the integrity and availability of the global DNS root system. Right now, there are thirteen DNS root servers, two of them in the EU, which should be protected against cyberattacks.

List of Root DNS Servers

Finally, the Cybersecurity Strategy intends to reinforce the presence on the technology supply chain and develop, attract and retain the best cybersecurity talent. The first one put special focus through dedicated activities under the Digital Innovation Hubs in the Digital Europe Programme. The second one pays attention to develop, attract and retain more diverse talent as well as encourage women’s participation in science, technology, engineering, and mathematics education through relevant EU actors such as the ENISA, the EDA and the European Security and Defense College (ESDC).

That’s all! I encourage you to read this interesting Cybersecurity Strategy! See you soon!

18 January 2021

F5 BIG-IQ – Real-Time Application Visibility

There are lots of companies that don’t know why their applications are working slowly. Applications usually work well but when they get slow, lots of companies don’t know where they can look at. However, there are lots of tools really useful which can help us to monitor applications as well as the network. It’s really easy to install a network monitoring tool where we can import and add switches and servers to know bandwidth consumption, throughput, packets transmitted and received, etc. This kind of tools should be mandatory in most companies for monitoring services.

I’ve already written about F5 BIG-IQ and I told you where installing these devices are recommended. Most of all it’s recommended where there are lots of BIG-IP devices with lots of virtual servers, pools and nodes. However, I would also like to highlight an interesting feature for monitoring application services which is really useful for real-time application and network visibility. F5 BIG-IQ help us to know what’s happening thanks to Application Visibility and Analysis in Real Time feature.

First of all, F5 BIG-IQ can monitor HTTP Application Services. In fact, it can monitor all of the HTTP virtual servers which pass through the BIG-IP devices. Therefore, it’s easy to get Application Response Time, Request Errors, which are the response code 4XX, Server Errors, which are the response code 5XX, Transactions Per Seconds (TPS), Incomplete Transactions, etc. All of them are needed to know how applications are going on. All of them are needed to have application visibility. However, there are many other interesting metrics such as E2E Time, Page Load Time, etc. Lots of companies would like to have this kind of metrics when their web applications are getting slow.

Monitoring HTTP traffic data

F5 BIG-IQ can also monitor TCP Application Services. There are lots of useful metrics for troubleshooting. In addition, these metrics can be used along with HTTP Application metrics to improve the troubleshooting process. For instance, we can know the Server Side RTT (in ms) and the Client Side RTT (in ms). We can also know the Throughput (in Mbps) and the Goodput (in Mpbs). This last metric is important because Goodput is the rate at which useful data traverse a link. Therefore, assuming an uncongested path between endpoints, goodput and throughput will be as close as they are theoretically able to be. However, there are many other interesting TCP metrics such as Packets Lost, Connections or Delay States (3WHS, RWND, CWND, etc). 

Monitoring TCP statistics

Finally, F5 BIG-IQ can also notify us about Web Exploits and L7 DDoS Attacks. However, WAF should be deployed in BIG-IP devices to get Security Alerts. For instance, we can see Bad Traffic Trends which will be useful to investigate transactions and fine tune the security policy for new threats. We can also see Potentially Harmful Attacks which will be used to change the security policy to blocking mode. Of course, we will be able to see the Blocked Attacks to know the security policy is working properly.

Do you have a Real Time Application Visibility? How do you get these metrics? Have a nice day!

11 January 2021

La vie devant soi

J’ai lu le roman “La vie devant soi” de Romain Gary ces vacances de Noël. Je pense que c'est un roman où on peut voir comment vivent les enfants et les personnes âgées dans les quartiers plus pauvres. C’est un roman où il n’y a pas seulement des problèmes économiques mais aussi des problèmes moraux parce que les personnes âgées sont vues comme un obstacle.

Le roman s’agit principalement d’un enfant arabe qui s’appelle Momo. Il a dix ans et il habite à Paris avec Madame Rosa qui est une vieille femme juive. Elle faisait de la prostitution mais comme elle est déjà vieille, elle s’occupe des enfants de prostituées. Cependant, il y a plus de personnages. Par exemple, Madame Lola qui est un transsexuel sénégalais et Monsieur Waloumba qui est camerounais. Il y a beaucoup de cultures et de religions.

C’est un roman où on peut voir l’humanité et la fraternité parce que Madame Rosa est malade et tous les voisins l’aident à profiter les derniers jours de sa vie. Alors Momo tombe amoureux d’elle, ensuite il s’occupe d’elle et il reste avec elle jusqu’au dernier jour de sa vie.

Ces vacances de Noël ont été très différentes où un bon roman m’a aidé à rester à la maison!!

4 January 2021

HTTP/3

We are at the beginning of 2021 and it seems this year will bring new protocol adoptions. I wrote about HTTP/2 in 2015 and I think it’s getting old because I wrote about Moving the Web from TCP to UDP a year later and this will be the new standard for the next years. There are still lots of websites with HTTP/1.1 and nearly 50% of websites run with HTTP/2. However, the third version is already an Internet Draft and has multiple improvements and new features. HTTP/3 is already supported by some browsers, appliances and web servers.

Percentages of websites using various site elements

HTTP/3 run over QUIC, which is a new transport protocol developed by Google. This new protocol can address some of the known shortcomings of doing HTTP/2 over TCP and TLS. For instance, one of the shortcomings is the TCP head of line blocking because HTTP/2 is done over TCP and typical browsers do tens or hundreds of parallel transfers over a single TCP connection, as a result, if a single packet is lost or dropped in the network, the entire TCP connection is brought to a halt while the lost packet is re-transmitted. HTTP/3 can avoid the block with independent streams using QUIC over UDP.

High-level overview of HTTP transport stacks

QUIC is on top of UDP and it also then uses UDP port numbers to identify specific network services. However, all known QUIC implementations are currently in user-space instead of kernel-space because it allows more rapid evolution. Therefore, QUIC uses UDP ports above 1024. In addition, parallel streams can transfer data simultaneously over a single connection without affecting the other streams. Actually, there are lots of more features such as fast handshakes or TLS 1.3, which are really important.

Fast handshakes

The QUIC transport protocol works really simple. Firstly, QUIC set up a connection which is a single conversation between two QUIC endpoints. Connection ID are used to identify the connection, which can thus migrate between IP addresses and network interfaces in ways TCP never could. Secondly, connections start a secure layer with TLS 1.3, which is mandatory. There is no way to avoid using TLS. Finally, QUIC uses streams to send data over the connection. 

HTTP Request over QUIC (with 0-RTT)

HTTP/3 is the first protocol to transport over QUIC. It’s like HTTP/1.1 and HTTP/2 because it has requests, responses, headers, body, cookies, etc. However, there are also changes. For instances, the alternate service (Alt-svc:) header is used to tell clients that web server supports and wants to start connections using HTTP/3. There are a lot of changes. Another interesting change is HTTP/3 has much faster handshakes, thanks to QUIC, than HTTP/1.1 or even HTTP/2 with TCP + TLS.

Alternate service header

To sum up, HTTP/3 is still an Internet Draft and HTTP/2 is increasingly deployed in lots of web services. HTTP/3 is on top of QUIC, which has lots of new features and improvements. I think, we will see HTTP/3 running in main web servers soon such as Facebook, Amazon, Netflix and Google. In fact, they are already thinking in the new version QUICv2.

Have you already deployed HTTP/2? Are you thinking in the new version HTTP/3? Bye my friends!

Related Posts Plugin for WordPress, Blogger...

Entradas populares