Tag Archives: security

What is a DDOS? Explaining it to your grandmother

Posted on by
Reply

After Friday’s internet attack, I had to explain what a DDOS (Distributed Denial of Service) attack was to my mother. She’s not so good with computers which is why her computer is a Chromebook. Here’s what I came up with:

Imagine I ring your doorbell and then run around the corner. You answer the door, but nobody is there. I do this every hour for six hours. Annoying right? Now imagine I recruit 100 people to do the same thing. Now your doorbell is ringing every 30 seconds. Eek! That’s a DDOS.

What do you think? Good analogy?

FIRST robotics 2017 background check and social security number

Posted on by
Reply

This year, when you register to volunteer with FIRST Robotics in VIMS, you get prompted to register in Verified Volunteers so they can do a background check. In particular to determine you don’t have a criminal history and aren’t a sex offender.  For the most part, this is straightforward. You give some minimal information about yourself. And FIRST pays the cost of the background check.US FIRST - V2

 

Wait? They want my Social Security Number?

The only thing in the background check that could be considered sensitive is your Social Security Number. FIRST doesn’t get this information if you choose to provide it. But Verified Volunteers does.

I have a “real” background check for my job. So I don’t have a problem with the concept of a background check. I’m not a big fan of providing unnecessary information though. Especially given the number of data breaches lately. Luckily, FIRST says you don’t have to provide it in their volunteer screening guide:

first-ssn

 

Wait, does this work?

Yes. I chose to check the “No SSN” button. I was screened within 48 hours.

How much does it cost?

As a volunteer, it costs nothing. It costs FIRST money though. $8 for the national screening. And since I am in New York State, they also paid $65 for a state one. This adds up fast. Which means FIRST is spending many thousands of dollars on background checks.

There is a thread on chief delphi about this. It’s hard to find the relevant info without reading the whole thread so putting up this blog post for easy reference.

the bad things happen when you’re not looking – ryan huber – qcon

Posted on by
Reply

See the live blog table of contents. Gist is posted at https://goo.gl/ZAxCnH (github login required)

Ryan was the first security employee at Slack. He is doing an experiment where red slides means don’t take pictures or tweet about the slide. I really like that idea. It makes speaker intent clear.

How find out about a problem

  • Don’t want to find out from Brian Krebs that you’ve been breached
  • Don’t want hackers to tell you something strange is going on. They are done at that point and are showing off
  • Even worse – don’t notice

General Notes

  • Time to detect is important metric
  • Credential theft is biggest/one of the biggest
  • Goal – watch as many things as possible, but don’t be a dashboard. Want as little as possible on the dashboard. If it is mostly empty, things will get noticed when they are there.
  • Bad model – NetCool – train people to acknowledge all alerts and they miss things because bad habit
  • The defender’s advantage – if the attackers don’t know what you are looking for/trip wire, they dont know what to avoid
  • “Zero days are not invisibility cloaks” – other boxes can pick up on it
  • The hypothetcial malicious insider – a former security team member has a lot of knowledge. And an insider with credentials has access
  • Don’t overwhelm users. Confirm bulk actions in bulk not one at a time.
  • Canaries – need to validate monitoring, recording, etc.
  • Do table top red team exercises if not doing real ones.

Slack Security

  • Setup reliable logging platform
    • RELP (reliable event logging protocol)
    • steamstash/logstash -> Elastic search (Splunk is superior but costs more)
    • Two weeks of data is about 2 terrabytes of logged data. Almost never sits on disk
  • auditd – part of Linux. Run auditctl commands and kernel looks for matching events.
  • audisp – works with auditd to transform data
  • osquery – Facebook project for system monitoring using SQL
  • ElastAlert – yelp project to pick up on ElasticSearch events. Does queries on a timer against Elastic Search.
  • AlertCenter – have SecurityBot looking at alerts. Security bot posts to Slack asking user to type “acknowledge” on phone to confirm action. That way, know have phone and not just Slack account. If no reply in X hours, goes to Pagerduty. Automated triage to avoid flood of data. Instead of security team looking at all alerts, whole company is helping. This means the security team responds to less than 5 alerts a day.

Rules

  • Listeners – specific events
  • Time awake – nobody is awake for 24 hours. Trigger an alert when this happens
  • GeoIP – Doesn’t work perfectly. T-Mobile has feature that can travel abroad without paying roaming. This works by routing some traffic through Texas so your location keeps jumping between Texas and aboard
  • IPs – less unique IPs than you’d think. Worth looking at when user comes from new IP.