Global Security Forum

 View Only
Expand all | Collapse all

Back-To-Security School

  • 1.  Back-To-Security School

    Posted Tue September 25, 2018 08:30 AM

    Hello members of the IBM Security Community! 

    In the spirit of summer winding down and kids being sent back to school, the IBM Security team will be sponsoring a contest over the next few weeks here in the community. The Back-To-Security School contest is open to all members of the IBM Community, and hosted here in the Global Security Forum's Discussion. 

    The rules are simple. Starting today:

    1. Publicly respond to this thread with your favorite security best practice.  It can be related to a specific IBM product, a general behavior, or even some tips and tricks you've picked up along the way that make your life easier. Don't forget that you can upload files and attachments with your post as well.
    2. Recommend the posts in the thread that you think are the bees-knees
    3. That's it!  At the end of the contest, the winner will be the author of the post that has received the most recommends to their content. 

    The contest will end and a winner will be announced on Oct 8. The lucky community member will be featured in a blog article on the site, and receive an IBM Security gift bag with some great merch! If you have any questions, don't hesitate to reach out to us by using the Contact Us link at the top of your screen.  We can't wait to see what you have to say!

    6dFHZZbzRzwcZ5s7ZFyO_MasterSkills_2.jpg

    Thank you,



    ------------------------------
    Wendy Batten
    IBM
    Cambridge MA
    ------------------------------


  • 2.  RE: Back-To-Security School

    Posted Wed September 26, 2018 03:32 AM
    Favourite Best Practice - Be very wary of any recommendation entitled Best Practice.
    By definition, such recommendations are subjective. They are typically just one opinion, provenance usually based on a single individuals view, with limited scrutiny or veracity applied, that exhorts followers to blindly accept as a matter of faith that this opinion is fact.
    Caveat; as with everything, exceptions to the above rule exist.
    Paradox; is this therefore a Best Practice and should be ignored ? Discuss.

    ------------------------------
    Paul Arnerich
    TSD (UK) Ltd
    ------------------------------

    Original Message


  • 3.  RE: Back-To-Security School

    Posted Wed September 26, 2018 01:22 PM
    Paul A. is unfortunately correct in at least most of his post.  I use the same logic when the word "expert" is used to impress a client or audience. 

    So I did think some about the general topic of after school security and the catch is that it varies so widely based on where you live (city versus country, what country, etc.),  your age (very young, young, young adult, older adult, grouchy old person, etc.), your area (rough neighborhood, kind, mixed commercial versus residential, etc.) and the list of variables could be so large that the answer becomes lost in the mess.

    I guess the best advice I could offer is to know that security is an illusion at best.  While it may make you feel better, it does not necessarily mean you are actually secure.  Anyone or anything that states they are 100% secure just hasn't been breached as of the date of the statement, or they are lying.  Good security starts with knowing that it doesn't always work.  The number of ways that people and programs are cable of bypassing security are why cognitive has such a big platform in the market place. 

    Security is a process of learning how to protect yourself or your acquisitions by learning what is prudent and what is foolish and what just isn't cost effective.

    ------------------------------
    Lloyd Cox
    ------------------------------

    Original Message


  • 4.  RE: Back-To-Security School

    Posted Thu September 27, 2018 12:14 PM
    Edited by Dale Bruemmer Fri October 05, 2018 09:19 AM
      |   view attached
    Tips Documenting Processes using PSR.EXE

    PSR.EXE is a Steps Recorder and can be found on Windows workstations, go to command line or search PSR.EXE, open and click start to begin recording and begin your task.  The Steps Recorder will capture screen shots, add notes and you can add directions as needed. I will capture a snip to show it here and add a file as an example if you are interested.  This idea was shared with me years ago and I hope it helps a few quickly document a process of their own.
    This is a snap shot of the recorder on my desktop.

    ------------------------------
    Dale Bruemmer
    ------------------------------

    Attachment(s)

    zip
    Problem Step Recorder.zip   1.08 MB 1 version
    Original Message


  • 5.  RE: Back-To-Security School

    Posted Wed September 26, 2018 03:05 PM

    Hello members of the IBM Security Community! 


    Although I don't remember the source, the following has proven true in my experience: "Never give users a choice! They will make the wrong one every time!! :-)

    -RJB




    Original Message


  • 6.  RE: Back-To-Security School

    Posted Thu September 27, 2018 05:36 AM
    I don't know if this can be considered a "best practice" but it's something call AviD's rule of Usability on security stack overflow forums. 
    "Security at the expense of usability, comes at the expense of security."


    ------------------------------
    FLORIN COADA
    IBM Security
    ------------------------------

    Original Message


  • 7.  RE: Back-To-Security School

    Posted Thu September 27, 2018 08:48 AM
    3 tips:

    i) Security related time saver:
    After a great summer break where your kids have been allowed all-day/night internet access, it's time to enable those rules again and filter their (MAC per mobile device) access, to limit the internet time available to them!

    ii) Security related money saver:
    Don't forget to remove your credit card details as a payment method from Epic Games account if your kids play Fortnite. If your kids haven't been asking about purchasing another battle pass for the next season,  you will be seeing an unexpected bill!

    iii) No Removable Storage Media allowed on IBM Campuses.
     Just checked The Rewards Catalogue where you can redeem BluePoints you received for all your recognition awards etc.  Items like the LED Flashdrive (IBM Logo Merchandise) or any USB Memory stick is no longer available for purchase from the store.
    Start moving your files off your laptop and put them on Box.


    ------------------------------
    Sven Sackers
    ECM Client Success Engineer
    ------------------------------

    Original Message


  • 8.  RE: Back-To-Security School

    Posted Thu September 27, 2018 10:47 AM
    Number 2 is just mean.... Without the battle pass, where's the fun?

    ------------------------------
    FLORIN COADA
    ------------------------------

    Original Message


  • 9.  RE: Back-To-Security School

    Posted Thu September 27, 2018 02:40 PM
    To be more agile in the office I use Trello and Watson Workspace (I love these applications, they are the best that have been created for the office until today). To ensure the information I see, receive or send, I make sure that I am connected to a private network, I never connect to public networks, on my mobile and PC I only use applications and programs that are verified and certified (for example, not use whatsapp +, I do not see in my work computer pages that have nothing to do with my work, much less use third-party applications connected to social networks). These tips are not new but I think it is not bad to comment that by doing this I feel productive, healthy and safe. You can also use MaaS360 for what I am telling you and still be safe but as a technical pre-sale it is not too much for me to have certain safe practices.




    ------------------------------
    Marta Hermosilla


    Technical Pre-sales
    ------------------------------

    Original Message


  • 10.  RE: Back-To-Security School

    Posted Fri September 28, 2018 03:12 AM
    ​My best advice would be to keep always in mind the "quick wins" princinciple during the process of schedule the planning of a project.

    Allow your customers to enjoy the benefic of the product that you are deploymenting as soon as possible and show them how their money will be recovered in a very short of time. Try to avoid huge projects where the earnings will not reach until the end of a heavy journey.

    Now, how you can get it: "Divide et impera".

    According to some history references..."The maxim divide et impera has been attributed to Philip II of Macedon, and together with the maxim divide ut regnes was utilised by the Roman ruler Caesar and the French emperor Napoleon." There is not doubt all of them were very imporant historical personalities and with a huge management capabilities. Let us learn from our ancestors.

    Enjoy it!!!.
    Related image

    ------------------------------
    Felipe Risalde Serrano
    ------------------------------

    Original Message


  • 11.  RE: Back-To-Security School

    Posted Fri September 28, 2018 05:41 AM
    I consider best practices to be contextual, based on the business environment. However if there ever was a catch-all, it is education. Educate your users:

    1. Inform users of ongoing projects and their implications.
    2. User security awareness training. This must include their roles during incidents and who they should contact, not just the bads and the bee's
    Thanks. 


  • 12.  RE: Back-To-Security School

    Posted Mon October 01, 2018 05:28 PM
    Here are a few security practices we follow for mobile application development.
    I can expand on these if needed.
    • Dont name sensitive classes and methods with obvious names like, AuthenticatioService, getPassword etc.. This makes reverse engineering easy and in some cases users can set up run time hooks to bypass those methods
    • All cryptography code needs to be abstracted within the codebase. One of the common requirement which is asked by security auditors or customers is about cryptopgraphy algorithms used in application. Typically operating system provides several algorithms and developers can end up using different variations and sometimes using low strength algorithms. It is always better to expose a crypto utils in code where type of algorithms are pre-defined and make sure everyone uses the same api.
    • Be aware of keychain and file protection options, not all options are secure
    • Most of the security audits or pen testing of application are done with a reference to owasp practices. so being aware of them and educating team of all the practices is necessary for secure coding.
    • Any javascript code or html code executed needs to be validated and escaped if necessary.
    • Use parameterized functions in all sql's
    • Make sure apps are not using deprecated crypto algorithms like AES ECB, SHA-1, MD5 etc..
    • Make sure all the key lengths are as expected for example if you are planning to use 32 byte encryption key length has to be 32 byte. Sometimes crypto api's work even if key length is less than 32 bytes they try to pad 0 to make it compatible. These api can be very unsafe and may fail whenever o.s vendor changes implementation of key padding
    • Keep a list of all n/w calls made by the code, make sure all servers use proper ssl protocol version for communication.
    • Keep a list of all open source libraries used within code and monitor for security vulnerabilities by the vendors.
    • If n/w calls transmit sensitive data, it is better to implement certificate pinning to prevent data loss on transit


    ------------------------------
    Naresh Srungarakavi
    ------------------------------

    Original Message


  • 13.  RE: Back-To-Security School

    Posted Thu October 04, 2018 01:41 PM

    Educate all employees. ...

    Employees often do many functions and develops several rols at the company, making it essential that all employees accessing the network be trained on the security policies.

    Since the policies are evolving as cybercriminals become savvier, it's essential to have regular updates on new protocols. To hold employees accountable, it's necessary that each employee sign a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security policies.

    It is also vitally important that all personnel know the risks derived from the neglect and non-observance of the basic recommendations reported in the corporate safety memos.



    ------------------------------
    José Antonio Asensio
    Continuity and Security Manager
    DID (GRUPO DIUSFRAMI)
    Sabadell
    646594936
    ------------------------------

    Original Message


  • 14.  RE: Back-To-Security School

    Posted Mon October 08, 2018 11:35 AM

    For my daughters Back to security school, I encourage her to create a strong password for her laptop and phone, using multi-factor to secure her email and Yubikey as well. Limiting use of Public Wi-Fi.  Nightly backups of her devices.  Also caution her again sharing her credentials with anyone, always update all her software on all her devices and use the VPN installed whenever possible. And to always be aware of links that are sent to her and to read the URL and pay attention to the headers.

     

    As well as I limit the sharing of her private information, what is posted online about her and what I allow to be posted about her online via her school and after school activities.  To be mindful of what she says on anything that she posts and to always remember how words can be taken out of context, so to choose them carefully.

    She is a 6th grader currently and 11years old and in travel league soccer and varsity basketball!  Teaching her Kali Linux as well.
    Aiva!

    And here is her Blackhat/Defcon hacking pose (for fun photo!)  :)
    Aiva hacker!



    ------------------------------
    CHRIS SANCHEZ
    Principal Security Engineer/Architect
    IBM
    Washinton DC VA
    720-395-1998
    ------------------------------

    Original Message


  • 15.  RE: Back-To-Security School

    Posted Tue October 09, 2018 10:24 AM

    Good Morning Security Community,

    I want to first thank all of you for your participation in the contest that we've had over the past couple of weeks, and say your tips are fantastic! It's wonderful to see the community come together and share ideas with other like-minded security professionals. With that being said, the votes have been tallied, and we would like to extend a congratulations to @Bobby Joe for his best practice.

    His focus was on education, which seems like a no-brainer, but it's something that many companies and individuals can forget about. Bobby Joe is going to be receiving an IBM Security power bank and will be featured in a new community blog.

    Even though the contest has ended, that doesn't mean this thread isn't a great place to continue posting your best practices for Security. It's one of those topics that always benefits from a fresh perspective; and if your idea doesn't fit into this thread, don't be afraid to start your own!

    Thank you,



    ------------------------------
    Wendy Batten
    IBM
    Cambridge MA
    ------------------------------

    Original Message


  • 16.  RE: Back-To-Security School

    Posted Tue October 09, 2018 03:29 PM
    Edited by Bobby Joe Tue October 09, 2018 03:35 PM
    Hi community,
    I am greatly honoured. Let's continue the discussion and learn from each other. Thank you for your votes which is an indication that we believe that educating ourselves, our leaders and our partners is a great foundation. Looking forward to reading more posts. I believe there is more out there. Now let's engage. Thanks again.

    ------------------------------
    Bobby Joe
    ------------------------------

    Original Message


  • 17.  RE: Back-To-Security School

    Posted Fri December 28, 2018 12:27 AM
    I guess the best advice I could offer is to know that security is an illusion at best. While it may make you feel better, it does not necessarily mean you are actually secure.
    Thanks
    Web Security Advisor.
    WP Hacked Help

    ------------------------------
    J Homes
    ------------------------------

    Original Message


  • 18.  RE: Back-To-Security School

    Posted Mon November 18, 2024 09:30 AM

    Security Best Practice: "Least Privilege Access: The Key to a Safer Environment"

    One of the best security practices I've learned over the years is implementing the **Principle of Least Privilege (PoLP)**. Whether it's managing access in IBM products like QRadar or general IT infrastructure, adhering to this principle reduces attack surfaces and minimizes damage in the event of a breach. Here's how to make it practical:  

    ---

    Key Steps for Applying PoLP:
    1. Role-Based Access Control (RBAC):
       - Assign permissions based on roles rather than individuals. Tools like IBM Security Guardium make it easier to apply RBAC effectively.
       
    2. Periodic Access Reviews:
       - Regularly audit who has access to sensitive resources and revoke unnecessary permissions. Automation solutions in IBM Security Identity Governance can streamline this process.

    3. Granular Access Controls:
       - Use layered access rules to ensure users can only interact with the data and resources they truly need.

    4. Temporary Privilege Elevation:
       - For admin tasks, use time-bound elevated privileges rather than granting permanent superuser rights.

    5. Log and Monitor Access:
       - Enable logging and monitoring for all access activities. IBM QRadar's SIEM capabilities provide excellent insights into anomalous behavior and unauthorized access attempts.

    ---

    Why This Practice Stands Out:
    By enforcing least privilege, organizations can effectively:  
    - Limit insider threats.  
    - Contain the blast radius of external attacks.  
    - Meet compliance and regulatory standards.

    ---

    Bonus Tip: Share the Knowledge!
    Use tools like IBM Security Learning Academy to teach teams about least privilege and other security practices to ensure widespread understanding.  

    Vote for PoLP-because in security, less truly is more! 😊  

    *Good luck to all participants, and thank you, Wendy, for this engaging initiative!*



    ------------------------------
    Premium Solutions
    ------------------------------

    Original Message


  • 19.  RE: Back-To-Security School

    Posted Tue November 19, 2024 07:33 AM
    Hiiii I need to participate for this project!!!! 
    God Bless you



    Original Message


  • 20.  RE: Back-To-Security School

    Posted Fri November 22, 2024 05:47 PM
    Ideias com meu colega de trabalho



    Original Message


  • 21.  RE: Back-To-Security School

    Posted Fri November 29, 2024 08:40 PM



    Original Message