Cybersecurity Team Model - Company Wide Cybersecurity

January 18, 2021

Episode 12 - Disconnects and Redundancies

This week, the guys discuss a disconnect between employees working remotely and their corporate IT departments hindering productivity for both parties, along with how the debate between IT providers leaning towards a self-service model for IT help. The newest cybersecurity team models are discussed along with tips for company-wide cybersecurity.

In addition, the guys discuss the recent shutdown of Parler and the issue of companies relying on a cloud-based server, instead of relying on its own hardware.

Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com.
Be sure to rate the podcast, leave us a review, and subscribe!

welcome to the cyber rants podcast where we're all about sharing the forbidden secrets and slightly

embellished truths about corporate cyber security programs we're ranting we're raving and we're

telling you the stuff that nobody talks about on their fancy website and trade show giveaways

all to protect you from cyber security criminals and now here's your hosts mike rotondo

zach fuller and lauro chavez hello and welcome to the cyber rants podcast this is your co-host zach

fuller joined by mike rotondo and lauro chavez we have a excellent show today as usual planned

ready to go be interesting to see where this conversation goes but before we start mike why

don't you kick us off with the news the news of the day good day and welcome to podcast 2 of 2021

um hey the ranchmore gangs are scavenging for sensitive data by targeting top executives

yes your least technical people with the most information are now targets again keep that in

mind when you're going through your training your execs may need a little extra training

google titan security keys hacked by french researchers yep the google security is now

hackable malicious software infrastructure easier to get to unemployed than ever now it is no longer

a command line it's now point-and-click even younger script kitties or script kids with even

less skills can now hack you i guess it's progress team tnt.net now steals docker api and aws

credentials lock that aws down make sure that you are uh double checking your security but there are

there's bad stuff out there guys android malware claims to give hackers full control of your

smartphone as if the android hasn't been hacked enough there is now a rat out there called rogue

that can basically give people complete control of your smartphone security research is claiming

downloading 70 terabytes of sensitive parlor data we're going to touch more about this later but

uh parlor if you haven't heard was shot down and now the data apparently has been hacked intel adds

hardware enabled ransomware detects to 11 gen v pro chips that's kind of interesting actually

i think that's something that is positive that they if they can actually make that work that's

that's a great advancement another interesting headline massive i t employee disconnect hindering

remote productivity this is a discussion about how itc's working remote and how people working remote

see working remote from a technical perspective so we will touch on that later in the podcast as well

office january security updates fix remote code execution bugs yep there's more microsoft bugs

it's 2021 the 15th and we've got multiple critical patches already cisco addresses high severity flaw

in cmx software we have cisco releasing 67 addressing 67 high severity vulnerabilities

patch up your cisco cyber criminals are bypassing multi factor authentication to

access organizations cloud services that's scary mfa which was for a long time considered to be

almost bulletproof is now becoming vulnerable look into your scissor cisa has some warnings out there

as well as some potential ways to deal with that but it is becoming an epidemic and the last story

it's finally over we can now all uninstall adobe flash player it's dead that's the headlines lauro

sayonara i had a lot of good times with flash it's been a long road adobe thank you i was i was just

about to ask you mike if that if you have any good news for us and uh you ended on a good note there

yeah that's uh you know at least something good's

all happening so you know typically this is the moment where i go into vulnerabilities

like that's not ever going to be new vulnerabilities out there so i thought

i'd take conversation um where it might be more valuable to the listeners and start talking about

available exploits that are working against said vulnerabilities that we talked about previously

on the show and that might be out right now so instead of just telling you to patch your

systems i'm going to tell you why you should pass your systems because of the available exploits

they're going to be available for download in tools like madison display and um some modules

will be also capable to be parsed into cobalt strike so of those things let's talk about paper

stream ip if you're running paper stream there is a local privilege escalation that's been validated

to work that exploit will work okay getting a remote code execution is there stone to type nexus

if you've been installed there is a remote code execution that gives you authenticated privileges

that has been validated by multiple researchers this month this is all very current things from

the beginning of the month so wordpress for wp discuss and auto optimize both of those

authenticated arbitrary file uploads have been validated those are php files and go right up to

one of the wordpress plugins running uh seven or two seven uh for those the custom global variables

for wordpress also another validated exploit this month so again make sure that your wordpress

plugins are updated very very important and then of course the big one for today is the netsia

server it's an authentication bypass and adds a root user and the module is available from meta

display it's been validated by 15 researchers at this point so if you've gotten that csb um 16 make

sure that you're you're looking at that in in in a very serious way that's enough that's enough today

zach i like it thank you thank you lauro interesting to see what's happening out there and

i've actually had people tell me that oh wordpress is extremely secure and you can't go wrong and all

that like well great platform but introduce these plug-ins and problems will certainly occur so

i've seen it happen we have a little bit different approach today so we've been talking about general

topics in the books and improving your cyber security programs and such but there's some really

interesting things that have happened and some interesting articles that have come out recently

so we'll talk about two of those today let's dive right into the first one this is an article from

help net security if you haven't seen their site helpnetsecurity.com and this article came out

this week january 13th and it is titled massive i.t employee disconnect hindering

remote productivity the article is all about the disconnect between employees and

the it departments with it teams believed to be true in terms of connectivity satisfaction

visibility all those things and it turns out employees serve employees that are surveyed

think much much differently so i think it's time to get on the the same page with

the with the uh the rest of staff now i i'm curious to see what you guys think but to me

this has always been a problem right i don't think any an employee or has ever said i love

my work machine i love showing up to work and getting on my windows desktop there in my cube and

it just is wonderful and works all the time and i can always print and email always works i don't

think that's ever happened in history i could be wrong but i think there's always been a disconnect

it's interesting to see that now that there's not a there's not butts and seats in an office

so to speak and everybody's working remote from home it's causing even more issues well

i mean coming from an i.t perspective i can tell you the end users are wrong right was

it the problem i always liked my uh my company provided laptop after i rooted it with admin

access and installed the apps i needed and got the printer drivers to work i mean then it worked fine

i'm sure that's the problem right you know the configuration changes i think that are necessary

to be made to secure those remote endpoints when they're in various locations people's

homes maybe a coffee shop do have problems right i mean and a lot of this there wasn't a lot of

time to test these things people had to be remote immediately so all the testing now is being done

you know pretty much in parallel with with real world ops well i think there's also a

disconnect between you know i t without it having regular interaction with their user

base i think what's happening is that the roadmap for it and what's being done is not necessarily

done for the usability of the end user right now where they're focused on security which

they should be but may hinder usability and i think that's one of the complaints in the article

is that they they're just not they're not taking the employee into account so they're almost being

pushed aside from a security perspective that being said it's kind of a two-edged sword that

um you know you have to choose security versus usability and that's something we face all the

time um you know and if you have on non-responsive uh remote users or you have um critical patches

they need to be done um and that may interrupt employee productivity from time to time

whereas if you have the machines in the office you have more control over them so i mean that's

it's a tough it's a tough road to hoe i think too you got to wonder because if we go back to the

the the user errors right the the old picnic error the problem in chair not in computer

or the idt id10t errors well how how many times do you think we're thinking about

a lot of employees are going to have very little training or not very

be very skilled in their use of their machines and so how often before were they able to

talk to the person sitting at the desk next to them or say hey how do i do this how do i do that

whereas now working remotely they don't have that option right so they either have to

figure it out themselves which probably creates more frustration or reach out to the help desk

remotely they're not going to have that that handle necessarily totally it's it's always been

trying to accomplish self-service right and they've always wanted some form of a checkout

cart where the user could go and say i need this software installed and check it out in a cart and

then it gets applied later in an update right and so i you know again i think what's happening is

you know not just neglect for the user but i think in a manner in which to pervade the the

importance of these changes to the user because one of the problems that we face is we'll have an

organization and you know we'll run them through a you know a cmmc gap assessment or pci or something

similar and they'll come back that they have you know they're missing multi-factor authentication

for you know majority of the workforce as a best practice and that might be a work stream that

that is stalled for two plus years just because the body of the employees don't want to do it

they don't want to have to use a one-time pin right as an additional part of a login

and they'll fight that change and management will sort of listen to the people and because they want

productivity and you know they want everybody to be happy but at the same time you're like you

said it's a double-edged sword my you're negating that security to to you know basically cater to

the needs of the people um and what will happen is that somebody eventually will make a mistake

use a weak password or a log and get brute forced and and that that easy change with multi-factor

while is it one more thing to do sure but look at the the next level of security layers it provides

over traditional single login one of the one of the the mentions in the article it actually states

100 of surveyed it managers believe end users are satisfied with the service desk experience

and that that statement that result of the survey just blew me away that's pretty confident i mean

if if i was running a it help desk or it services right i would i don't know that i would be able

to say yeah a hundred percent everybody is everybody is satisfied you know people are

people are satisfied with work i would i would say that um yeah they're you know satisfied for

the most part or at a certain level but not with certainty that yep up everybody's good

because then it goes on to say that yet only 44 of the remote employees are completely satisfied

so kind of a interesting thing goes back to what you mentioned mike about not really uh not really

caring so much kind of thinking oh well it's just the it's just the

employee's problem but you take that uh disconnect and then compound it with

those security issues like you're mentioning lauro trying to add additional steps it's gonna

it's gonna cause ongoing problems but in fact the matter is we gotta figure this out in the world

of technology because it has to happen especially with remote work working is here to stay so this

is going to be a big thing i think there's going to be a lot of a lot more companies spinning up

new technologies um new consulting firms just to tackle this problem yeah i mean it's something

that's going to have to be addressed and it's you know something that's really never going to be

100 it's a scary number i don't know 100 of people that would agree on 100 of anything right

it's just bizarre and my guess is you know that's maybe the old cynic in me but just about the time

all the vaccines are distributed we'll figure it out so well they'll probably either decide

to you know bring people back house right or um you know you know you said i think the remote

workforce is here to stay for the majority of companies um but i think that there will

be some that go back to that traditional um you know want that you know human in a seat paradigm

well yeah and we have now some clients that have talked about that i mean they were in the

process of doing giant uh renovations of their buildings and their working spaces and they've

invested serious amounts of capital and say oh no you guys just work from home i mean obviously

they're not necessarily going to do that right so well to wrap up this article it says that

53 of it managers claim they spend most of their time working on securing their remote workforce

but on the other hand security is not within the top three priorities that employees listed

for it organizations rather the top employee concerns included preventing i.t issues altogether

and the speed in which issues are resolved so it just goes to show that still of course security

for for the the standard user security takes a back seat to convenience right of course they have

to have to be able to have uh easy access to their technologies and i i think that's going to be a

take a long time to change there's a missed educational opportunity too because i mean

i think there needs to be and maybe that's what's missing is an education

this is why we're doing these security things right i mean the dark web the cyber criminals

have declared war on remote access and yeah we we need to inconvenient inconvenience you

with some additional security measures yeah it needs to be communicated not just implemented

yeah absolutely they forget to see the big picture you know it's like well would i rather go through

this extra step and keep my job or would i rather go through a major breach and have the company lay

off a bunch of people right i mean to me that's pretty easy easy choice but i'm biased for being

in the business right but interesting stuff i don't think it's going to get solved overnight

but at least people are thinking about it and the and covid has certainly changed the way we look at

the use of i.t and staffing for organizations in general so the next article is is from

hackread.com so just check out their website good good source of information and it is about parlor

you probably heard people probably heard on the news about parlor but um the title of the article

from january 11th is security researchers claims downloading 70 terabytes of sensitive parlor data

lauro you and i we were talking about parlor and and you gave a real good overview the other day do

you want to do kind of a recap for those people who haven't followed it yeah absolutely so um

you know what i want to try to keep so this you know this is a kind of a sensitive conversation

for a lot of a lot of people and this you know certainly does raise a question about

you know our republic right and and what powers corporations have but essentially

parlor for those who do not know was a place of let's just call it um internet freedom

you could post things there and it was not moderated um sites that are moderated that will

um censor your content or places like facebook instagram youtube sources like that twitter right

you're gonna if you post something they're gonna they have teams and they have ai they're gonna

censor what you say so um parlor was one of those locations that was still very free speech very you

know digital freedom so there was a lot of content getting posted there right and again i'm trying

to say politics out of it doesn't i try to want to leave that out of it but people were posting their

opinions um on you know freedom of speech opinions on this site and um in any case what had happened

is that because of the notoriety with um with this with this app and and with the policing that was

happening with twitter and facebook and instagram and youtube um individuals were abandoning those

apps for what we refer to as alt tech okay which which is what parlor was it was part of all tech

so if you're not familiar with bit shoot or library or gab for example right these are all

all tech sites that give you an opportunity to go someplace that's more digitally free and it's not

censored so when this had this mass exodus from from mainstream tech to alt tech especially to

parlor um google was the first organization to come forth and say hey we we don't we don't like

the way you're operating your business you're not policing your content and so we're going to

move remove your app from the app store so once you remove google play you know from the google

play store now all the droid phones that are part google can't get it and so apple followed

suit apple also removed the app parlor from their app store just allowing anybody that had an iphone

um or an apple product from being able to um install that application which that's okay you

can still go to the website you can still read it there at which point amazon um aws services

uh put force that they were going to terminate the parlor services so they had all their

data and everything stored there in aws right they were using aws elastic and so

um that got terminated at midnight according to what amazon said they kept their word and they

terminated the site okay so during this time right i think things are getting turned down

um the parlor technical team's probably running around trying to figure out backups okay well

unfortunately there was a insecure direct object vulnerability with the site okay and

a hacker named donkey basically was able to exploit that and pull down every post

that had ever been sent to parlor in in order because she could guess the um

the string right the quarry string for the for the the reference object so because of that she she

you know the the individual knew everything where it was going to be and could pull it all down

and it had location data it had times dates it had the original content from every post

so anybody who ever posted anything to parlor through the app or through the website was

pulled down in this in this particular um you know data data siphon and so that data is going

to include user names it's going to include location data because parlor didn't scrub

that right they weren't scrubbing any of this type of metadata from those posts so i'll pause

there that's that's probably en enough zach i think that that kind of hopefully gives a

good background to everybody on what exactly happened so here we are parlor's been basically

put into the dirt in the course of about a week um from the disbandment of all of the cop of all the

supporting technologies to the turning off of the actual um operating systems and instances in the

amazon cloud leaving the organization essentially not having anything to do and nowhere for those

people to get their data back or anything that they saved or accounts or anything so eradicated

eviscerated it it's pretty interesting stuff going on i the bigger picture there's there's clearly a

war going on to you know for control of of the media of people of americans really thoughts

opinions ideas trying to shape culture trying to shape uh shape the outcomes of all kinds of

different things you know and and um i mean it's been going on a long time and advertising and such

um tracking user activities and all that but these big tech companies have more and more power and it

it makes you wonder you know there's been this big rush to the the cloud and and using all cloud

services and and which there's a lot of benefits to that of course but it makes you wonder well

are are issues like that going to make people start uh bringing bringing it back out of the

cloud start going to their own hardware they're building their own data centers again be more

focused on control of be more like hillary clinton i i hope though right no i certainly hope so

and you know mike has heard me call the cloud of fad for a really long time i'm a big believer that

it's just somebody else's computer it is someone else's computer and that all sounds great because

now you think you don't have to manage you don't have to own it there's this shift of risk that you

don't have to now worry about from your business but look at parlor um to know that you know your

your services are there the hand of another of another party and then that that party can decide

your fate at any given time based on something that maybe content that's not even

you know you're providing a platform one of your users may have posted something

right that wasn't agreed with the community again so here's this whole freedom of speech thing but

yeah absolutely if you had if parlor had their own hardware rented in a data center space in a couple

places in the united states maybe overseas i think they would still be fine um i think the pirate bay

ceo said it best they have no excuse it's it's it's infantile that they can't stay in business

pirate pay is still running and they get hunted down every day and they've just been

rolling servers from location to relocation right swinging dns over and over and over again to keep

things rolling right it's literally like having a chop shop on a train or on a bus or a rider

truck rolling around the cities so just you know i mean to take you know just parlor out of it i mean

going back to you know i've worked for several large companies i'm sure laurel you have too

that have their own cloud that's one thing but i mean when you work with a major bank and they

don't trust the cloud with their data why would you right why wouldn't you have you can offload

some service yeah the elastic is great but early ability is great but the fact is you got to have

a backup right you have to have your own steel you got to have your own uh bare metal that you

can control your content and you can control certain parts of your aspect in your business

and i think what's happened is that financial decisions have over overtaken sound technical

decisions and i think what's happening is they're looking at accounting and going well it costs us x

number of dollars to be in the cloud it costs us two times that to have our own hardware

we're just going to go cloud and i think people are putting themselves in risk

i think businesses are putting themselves at risk by being 100 percent cloud dependent

and not having anything on prem i think there's a risk to being 100 office 365 i mean exchange

servers aren't really that hard to manage um you know your own active directory isn't

that hard to manage and i think you know yeah for growth for a small company uh you know that that

that is valuable but you know as you mature and grow as a company you should be having your own

infrastructure your own backbone um and you know going back to parlor yeah i don't get it i mean

forgive me for being a cynic here and being the old guy in the room but the guys you know the ceo

is an under 30 you know tech integrator or tech guy who you know probably never grew up without

a cloud right and didn't do things the way we did back in the early 2000s where we had massive data

centers a massive co-location and we had massive teams that manage the servers and you know would

never have thought of offloading you know to somebody else so i mean the there is no excuse

in pirate bay the ceo of pirate bay is right i mean there is no excuse um so what you're saying

is money's defied logically really right yeah back i mean back then you had copies of all your punch

cards right i mean hold on hold on he's up there uh he's up there chip oh we're not that old okay

look at your posture your whipper snapper well yeah and that that's the thing it but since since

when has redundancy the requirement for redundant systems gone by the wayside and that's the thing

is that yeah you may you may have amazon azure all these platforms are great but uh still have

redundancy right because you just you don't have control over those third parties and even though

they're massive conglomerates they're still third parties right and so i think it's the old saying

two is one one is none right if you have one of something when it goes down you have nothing

and so the the focus on on redundant systems backups all that i think has has been

maybe maybe as a society we've been a little too trustworthy um just because they're they're big

names and everybody else does it that way you just said you just said one is zero you're gonna make a

bunch of mathematicians mad now well let me you know go back to i mean i remember the days of

taking the backups to iron mountain the tapes to iron mountain every week oh i got one better than

that i remember when the shredded truck pulled up and i had to stand there and chunk my stuff into

the massive shredder like metal teeth and then i had to watch it be destroyed i had to sign a paper

well yeah but my point on that is a tape in iron iron mountain or whatever the camera iron vault

or whatever the name of the company was isn't going to get corrupted right i mean it may be

corrupted over time but your backups aren't being hacked right i mean how many times have we seen

well we got online backup and all that by the way that's been corrupted because

that's what the hackers went after first right so you can't have you don't have a

restore point you don't have a restore point because your store points been destroyed

your tapes in a mountain somewhere underground you restore everything from tape

it's it's you know it's done you've eliminated part of the ransomware thing and i think you know

by i've said this many times i says people do you do business on their phone it's like everything

that makes it easier for you to use makes it easier for us to break into oh totally well

you remember that uh that no name the firm that lost all that bitcoin right from the phone right

right well so i worked for one of the large power companies at one point right and they

still had a big data center underground with the big silos running tapes you know the robotic arms

they had like six or seven of those silos i mean they weren't betting anything but

long-term data storage right and again i think every security practitioner out there probably

feels like we do they're like we've we've seen a problem with this cloud situation the whole time

um but again that that money savings over reason is is the reason the reason we're here in the

first place it's like pay a little more and then have the the ability to always control

your your your hardware and the data that's on it always right you can oh you just go in there

put your hands on it and you're not gonna go to a google data center you're not getting into amazon

i'm not going to see the whatever you know bread box they've got running your stuff on you're never

going to see that right well well i'm pretty upset they did away with the zip drive you know those

were great backup devices but your reality has been cloud cloud is is is has created a lot of

benefits for a lot of organizations but again back to redundancy redundant systems people are

i think are becoming a little too trustworthy and uh very much favoring convenience and cost over

the uh long-term uh benefits and long-term security so

we could certainly rant about the these topics i think all day long but we're we are

a bit over time here so thank you everyone for listening share your comments be sure to uh rate

the show on your favorite podcast platform and let us know if there are any topics you want us to

rant about and we will schedule it for future episodes thanks a lot and have a great day

Episode 12 - Disconnects and Redundancies

Send Us Your Questions & Rants!

Categories

Archives

Transcript