Cisco Embedded Packet Capture

Embedded Packet Capture

May 27, 2020 in Blog and News, Cybersecurity, Featured Posts, How To, Packet Capture, Press Release

Embedded Packet Capture is a Cisco proprietary feature and an immensely useful command. It allows one to capture network traffic from any point within a router. For this use case we used Vlan1. In order to use the feature you must be running specific versions of code. For IOS you must be running 12.4(20)T or greater. For IOS-XE 15.2(4)S – 3.7.0 or later.

Video: Cisco Embedded Packet Capture

Set Up a Packet Capture Buffer

First set up your packet capture buffer. This is where the traffic will be stored. Keep in mind this is merely a buffer in memory. The buffer is not associated with a file. We will show you how to move the contents of the buffer to a file later in this procedure.

The below specifies a linear buffer of 4 MB in size. A linear buffer collects traffic beginning at byte 0 and until it reaches the 4 MB limit. Once 4 MB has been collected the packet capture will stop collecting traffic.

We could also have run the command with a circular buffer. A circular buffer would have the traffic collected beginning at byte 0. Once the buffer was full and reached the 4 MB limit it would then wrap and begin collecting at Byte 0 again. Traffic would be collected in a loop. Previously recorded traffic will be overwritten. Note that we specified a max-size of 1518 bytes. This is the maximum packet size to collect.

# Cisco IOS Command 15.1(4)M5
monitor capture buffer CAPTURE_BUFFER size 4096 max-size 1518 linear

Set Up a Packet Capture Point

We need to create a capture point in the router. A capture point can be any physical or logical interface in the router. You can also collect data globally so that all traffic on all interfaces is collected. Note that we are collecting this traffic on Vlan 1 and at both the ingress and egress.

# Cisco IOS Command 15.1(4)M5
monitor capture point ip cef CAPTURE_POINT VLAN1 both

Associate the Capture Point with the Capture Buffer

In order to run a packet capture you must associate the capture point with the capture buffer.

# Cisco IOS Command 15.1(4)M5
monitor capture point associate CAPTURE_POINT CAPTURE_BUFFER

Start the Packet Capture

# Cisco IOS Command 15.1(4)M5
monitor capture point start CAPTURE_POINT

Show the Packet Capture Point

# Cisco IOS Command 15.1(4)M5
show monitor capture point CAPTURE_POINT

Show the Packet Capture Buffer

Although a generally useless command you can see the capture buffer definition.

# Cisco IOS Command 15.1(4)M5
show monitor capture buffer CAPTURE_BUFFER parameters

Looking at Buffer Packet Count

# Cisco IOS Command 15.1(4)M5
show monitor capture buffer CAPTURE_BUFFER

or

# Cisco IOS Command 15.1(4)M5
show monitor capture buffer CAPTURE_BUFFER parameters | include Packets

Dump the Contents of the Packet Capture Buffer

Using this command you can see what is contained in the capture buffer and in it’s raw format.

# Cisco IOS Command 15.1(4)M5
show monitor capture buffer CAPTURE_BUFFER dump

Stop the Packet Capture

# Cisco IOS Command 15.1(4)M5
monitor capture point stop CAPTURE_POINT

Export the Capture Buffer to Flash:

When exporting the contents of the buffer to a file be sure to use a filename that ends in the extension .pcap. This will allow Wireshark to open the file as a packet capture.

# Cisco IOS Command 15.1(4)M5
monitor capture buffer CAPTURE_BUFFER export flash:capture.pcap

View the Contents of Flash:

View the contents of Flash: and verify that the file you used as part of the export exists.

# Cisco IOS Command 15.1(4)M5
show flash:

FTP the Capture File From Flash: to FTP:

Once you’ve FTP’d the file to a workstation you can use Wireshark to open the capture file.

# Cisco IOS Command 15.1(4)M5
copy flash:capture.pcap ftp:

Further Reading from Cisco

From The Author

Hits: 96

by Robert Cluett

Featured
Facebook Account Hacked?

Facebook Account Hacked?

May 26, 2020 in Blog and News, Cyber-attack, Cybercriminals, Cybersecurity, Featured Posts, Hacking, How To, Law, Passwords, Press Release

Some will fall victim to a hacked Facebook account. We’ve fallen victim before. It’s not too uncommon. Matters are made worse if you no longer have access to your page. It becomes increasingly worse when you no longer have access to the email associated with the account. So how is one best to proceed?

Begin with Your Local Police Department

Your focus should be on protecting yourself as much as it should be about stopping the cyber-criminal. It’s important to get the incident on file with your local law enforcement agency. Do this immediately. Any actions that this individual takes while having control of your account will be associated directly with you.

While the laws protecting individuals from hacking are scarce there are harassment laws that may help to protect you. Often times, it takes three or more incidents for local law enforcement to begin an investigation.

Having the incident on file will spare you from having to explain anything this actor does with your account. Be sure to convey that you no longer have control or access to the account. If you no longer have access to the email address associated with the account be sure to include that information too.

What you want to have happen here is to have a simple Police Report generated. It does not need to be a lengthy report. It merely should explain the incident and your limited ability to resolve it on your own. Local law enforcement agencies typically have limited resources. They may not go any further than having generated the Police Report. If you were threatened as part of the incident then that is a different story.

Contacting 911

If you were threatened and feel that you might be in immediate danger call 911.

Gaining Back Control of a Hacked Facebook Account

One may recover their account by contacting Facebook directly. You will be asked to provide photo identification in order to gain back control of the account. Start the process from here.

Facebook Account Hacked,

This is the only way for you to gain back control of a hacked Facebook Account. What we typically advise our customers is to provide the photo identification that Facebook is asking for. Some are hesitant because the account is currently in the hands of a bad actor or personal communications exist in the account.

Once you have your account back change the associated email address and then change the password. This is akin to changing the locks on your doors after a break-in. Be sure to do it in the specified order. You may rest easy as you now have things back under your control and have stopped the cyber-criminal from any further misuse.

Reputational Harm

If any reputational harm had come from the hack you may choose to notify your friends of the hack through a post to your news feed. We recommend that you keep your focus on what comes of any digital forensics. If the posts did not cause any reputational harm there’s no need to tell your friends. Keep the incident private as you work towards resolution.

Close the Hacked Facebook Account

Lastly, download all of your Facebook content as you prepare to close the account. Why close the account? You just provided photo identification and have associated that ID with your account. You want to close the account to prevent further fall-out and misuse.

When creating a new account consider turning on Multi-factor authentication. This will help protect you going forward.

Hire a Digital Investigative Team

Obtaining the IP address will require you to have gained back control of the account. Consider that the actor may be using the Tor network in an effort to gain anonymity while carrying out the attack. The Tor network is a set of proxies that are used to hide one’s true IP address. It is the IP of the last proxy that will appear as the user’s IP if using the anonymity network. We, at Cyber Defense Contractors, can perform the investigative work on your behalf. You want to gather as much information as you can.

Once you’ve gained back control of the account review your “Security and Login” settings. There you will be able to hover over the entries under “Where You’re Logged In” to reveal the IP address of the login. To access choose “Settings” from the drop down. Then click “Security and Login“.

Facebook Account Hacked, Where You're Logged In
Facebook Access Log

You may be most familiar with an IPv4 address. Consider that it may be an IPv6 address and is of a different format.

Contacting the FBI

If contracted to assist you in resolving a hacked Facebook account we would act on your behalf. Given your approval we may report the incident to the FBI at the Internet Crime Complaint Center (IC3).

You may want to handle the matter on your own. You can file the complaint yourself. If they consider that your situation warrants the effort they will be looking for the IP address of the actor.

Again, the IP address of the individual who accessed your account can be found in the logs of your Facebook account. If you no longer have access to the account you will not be able to get this information until you gain back control. If you are able to get the actors IP address have this information readily available prior to contacting the FBI.

Further Reading

Facebook Help Center

Facebook Community

Interesting Articles

Hits: 129

Cyber Threat Report for May 22nd, 2020

Cybersecurity Threat Report for May 22nd, 2020

May 22, 2020 in Blog and News, Cyber-attack, Cybersecurity, Daily Threat Report, Featured Posts, Press Release, Remote Code Execution

U.S. Center for Internet Security Alert Level

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.

Center for Internet Security (CIS) Alert Level Guarded
Current US Center for Internet Security Alert Level

From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

CVE-2020-3280 Cisco RCE Flaw in Call Center Solution

Briefing

Zeljka Zorz of Help Net Security is reporting that, “Cisco has patched a critical RCE vulnerability in Cisco’s Unified Contact Center Express.”  RCE is an acronym for Remote Code Execution.  She goes on to state that, “Threat Hunter, Brenden Meeder of Booz Allen Hamilton, discovered the vulnerability in the Java user interface (UI) of the Cisco UCCX solution.”

The vulnerability takes place when deserialization of user supplied data occurs.  What is deserialization?  Often, data is serialized as it’s passed between functions, objects, or exposed to other programming interfaces.  Part of that process is to package that data into a single variable by concatenating the data together as a single string.  It’s then passed to the receiving function, object, or programming interface.  Once received it is deserialized.  The contents of the string is parsed and then used at the receiving end.  It’s sounds as if data sanitation was not taking place when the data was received and deserialized. Data sanitation is the process of inspecting and reformatting data such that it contains no inject-able code.  Hence, the ability to perform Remote Code Execution (RCE).  The Code Execution takes place as root so the code runs without restriction and on the targeted system.

Cisco is recommending an upgrade to 12.01ES03 or a variant of the 12.5 code base.

The flaw was privately disclosed and subsequently fixed prior to the vulnerability’s announcement.  Cisco has released SNORT rules that identify and protect against the vulnerability.

In Related News

Cisco has also patched other high risk and critical vulnerabilities.  One impacts Cisco’s MDS 9000 Series Multilayer Switch and another the Cisco Prime appliance.

Sources

Further Reading

Signal Geo-location Vulnerability

Briefing

Zeljka Zorz of Help Net Security is also reporting that, “Signal has fixed a vulnerability affecting its secure and encrypted communications application.  Actors were able to discover and track a user’s location.”

In the opinion of Cyber Defense Contractors, “This is big news as the app is designed for private communications without the expectation that a user’s location would be revealed.”

The vulnerability was discovered by David Wells of TenableTenable, a leader in vulnerability risk management, is renowned for it’s vulnerability scanner known as Nessus.

It appears that Signal uses a fork of the WebRTC protocol for their voice and video communications. While the call is being set up a DNS server is being queried. Depending on the DNS server used this can reveal a user’s location down to the city the user is in. This exposure takes place whether a party chooses to take the call or not. Again, it’s happening during the initial call set up.

Signal has already pushed out a patch.  For Android upgrade to v4.59.11 and for iOS v3.8.4.

Sources

Further Reading

Hits: 145

Cyber Threat Report for May 21st, 2020

Cybersecurity Threat Report for May 21st, 2020

May 21, 2020 in Blog and News, Cybersecurity, Daily Threat Report, DDoS, DNS, Featured Posts, Packet Amplification, Press Release, Vulnerability

U.S. Center for Internet Security Alert Level

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.

Center for Internet Security (CIS) Alert Level Guarded
Current US Center for Internet Security Alert Level

From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

NXNSAttack Packet Amplification Recursive DNS Server Vulnerabilities

Briefing

Catilan Cimpanu of Zero Day reports that a vulnerability exists in DNS based software and may be used to launch a Distributed Denial of Service (DDoS) attack.  The vulnerability was discovered by Israeli researchers.  What appears to be happening is that a simple DNS query is responded to by a malicious DNS server as part of the recursive DNS chain.  A response that typically contains 2 packets contains over 1,600. The spike can crash a victim’s server.  This is the gist of the stated DDoS attack.  This is commonly referred to as Packet Amplification (PAF).  It sounds as if work has been under way for quite some time to patch DNS servers world-wide.  It’s not uncommon to have efforts to mitigate a vulnerability done before any announcement is made.

CVE-2020-8616, CVE-2020-12662, CVE-2020-10995, and CVE-2020-12667

Scope

The vulnerability effects most DNS servers world-wide.

Application

Impacted software includes

  • ISC BIND (CVE-2020-8616);
  • NLnet labs Unbound (CVE-2020-12662);
  • PowerDNS (CVE-2020-10995);
  • CZ.NIC Knot Resolver (CVE-2020-12667).

Impact

The potential for a Distributed Denial of Service (DDoS) attack.

Impact Type

Incident rather than a breach.

Threat Actions

Attack Vector

Packet Amplification

Mitigation Efforts

Underway

Customer Notification

No customer notification is not necessary as this is not a breach.

Further Reading

Hits: 148

The State of Broadband 2020

The State of Broadband 2020

May 21, 2020 in 5G, Blog and News, Broadband, Featured Posts, Press Release

As of this writing, if you’re micro enterprise, you really don’t need much more than 10 Mbps downstream.  Typically, you’ll get 5 Mbps upstream with your internet plan.  Both will meet the demands of most of what you want to do. In the US, broadband is considered at least 25 Mbps downstream and 3 Mbps upstream per the FCC.  What’s of significance to Cyber Defense Contractors is the upstream figure of 3 Mbps.  We feel it’s an often-overlooked value.  Bravo to the FCC.  The US had not been keeping pace with other countries. They now are.  ISP’s had no need to adopt higher speeds because nothing was pushing them.  Not even the coming adoption of OTT video was a driver.  Upping speeds means infrastructure changes. It would have impacted their bottom line.  Business is business.

How Much Bandwidth is Enough?

The number of users is NOT the sole benchmark that should be used to judge how much bandwidth you need.  Unless you foresee five or so users watching high definition video simultaneously on separate devices you don’t need more than the 10 Mbps downstream I mentioned. Right now, a single video stream is typically going to require 1.5 Mbps to 3 Mbps. 

The number of clients is often used by ISP’s when guiding customers on what plan to purchase. In most cases, one can forgo that guideline because there’s much more to the equation.  I’ve heard statements such as, “for 10 users you need 300 Mbps downstream”.  Early in my career, I had 300 users running off a T1 at 1.45 Mbps. Were they streaming video? No.  But everyone was surfing the internet and complaints were few and far between.  The likes of 300 Mbps is a lot of bandwidth.  It’s well positioned for the introduction of 8K video streaming but still may very well prove to be more than what is needed.  It’s too much to pay a premium for now. Unless you’re providing an internet service that requires the associated upstream bit-rate.  ISP’s do not have a la carte plans when it comes to downstream and upstream for consumer grade or micro enterprise grade plans.  You may need the bandwidth on the upstream side if you’re sending your data back-ups or surveillance video to the cloud. Still, you probably do not need more than the 5 Mbps they give you on the lower priced plans.  Video at the egress is going to stream at the typical 1.5 Mbps – 3 Mbps bit-rate.  Your data back-ups at the egress are probably “differential” so it would be a reach for you to need more than 5 Mbps.

For the micro enterprise to small business it all depends on what they’re doing with their technology and their use of the internet or private network.  If you are networked with business partners, it becomes a different story. Your bandwidth requirements should then be assessed by a professional.  Most ISP plans come with contracts these days.  Don’t get locked into something that is too much especially if you’re on a budget.

What About the Home User?

If you’re a home user, you can stream Hulu or Netflix over 10 Mbps. Really? Yes. Some of you may have done it with your mobile hotspots.  However, you probably quickly learned that mobile providers don’t have hotspot plans that fit this scenario well.  With 30 Gbps and 50 Gbps data caps you’re going to run out of data quickly.  The introduction of 5G service isn’t going to prove any better considering what we’re seeing from T-Mobile.  Their 5G plans are still capped at 50 Gbps although their bandwidth is more than 10-fold what 4G can provide.  Boost Mobile offers a 4G service such that if you hit your cap you can “re-up” by paying for your monthly plan early and get another bandwidth allotment.  Your recurring monthly payment date is then adjusted. This seems like a prudent business strategy and if not already adopted by the other providers it may be adopted in the near term.  What is it that they know? They know you’ll oversubscribe your plan.  T-Mobile is inching closer to blanketing the US with 5G but with caps like that it doesn’t have the shine we had hoped for.  As an aside, Boost Mobile is a subsidiary of Sprint so technically would become part of the new T-Mobile. We will eventually see 5G caps move upward as the mobile providers begin targeting the home user, micro enterprises, and small businesses.  Mobile providers such as Verizon, AT&T and the new T-Mobile will be competing directly with Cable providers like Comcast, and Cox.  Still, 100 Gbps and 200 Gbps caps are possible and don’t sit well with us.  Either way there will be caps so don’t cut the cord just yet.

It’s also worth considering that with 4G and 5G communication we’re dealing with radio’s rather than wired connections.  This is wireless after all.  Packets transmitted over radio’s have their own negative characteristics, so it won’t necessarily be a primary solution for latency sensitive applications. I could be proven wrong on that.  Additionally, the perspective of Cyber Defense Contractors has always been that wireless communications should be avoided if possible.  It creates a large attack surface without walls as barriers.  Think about that.

The 1 Gbps plans that the Cable DOCSIS 3.1 standard is providing is going to provide the bandwidth necessary for at least a decade.  Companies like Comcast are locked in.  However, in the event that the micro enterprise or small to mid-market enterprises start requiring greater than 1 Gbps, which I do not foresee happening in my lifetime, it appears DOCSIS 3.1 and DOCSIS 4.0 are ready.  They can provide 10 Gbps downstream data rates with 1-2 Gbps upstream and 10 Gbps upstream respectively. Fiber providers, like Verizon FIOS, and Google Fiber will be able to provide that bandwidth too. 

The bandwidth available is superseding the need at this stage. Unless you’re talking about the data center, cloud services, and the large enterprise you don’t need much. Consider that some mid-market and all large enterprises are more likely to purchase discrete lines or Ethernet services (MPLS, DMVPN, etc…). To the home consumer, the micro entperise, or small business, and most mid-market businesses they don’t need that kind of bandwidth.

Hits: 81

Cyber Threat Report for May 20th, 2020

Cybersecurity Threat Report for May 20th, 2020

May 20, 2020 in Blog and News, Cyber-attack, Cybersecurity, Daily Threat Report, Data Breach

Briefing

More information has surfaced about the Data Breach that has impacted the UK based air-line, EasyJet. According to Thomas Brewster of Forbes magazine, “The airline has seen no evidence that the information has been misused.” To date the following agencies have been notified.

  • The Information Commissioners Office
  • The National Cybersecurity Centre

Thomas goes on to state, “EasyJet confirmed that the attacker was accessing customer data between October 17th, 2020 and March 4th, 2020. The actor was inside the airline’s systems for more than four months. EasyJet became aware of the unusual activity in January 2020 and launched an immediate investigation with the support of forensic investigators.”

HelpNetSecuritys Zeljka Zorz has learned that EasyJet feels the actors were after intellectual property.

We warn our readers that Intellectual property has a broad meaning. We consider this merely a companies data no matter the level of confidentiality that is associated with it.

The VTN News Networks is reporting that customers are frustrated by the lack of the companies response.

Scope

9 million customers

Application

Unknown

Impact

The exfiltration of the emails and travel records of 9 million customers.  As stated, an additional 2,200 credit cards were also lifted in the attack.

Attack Vector

Unknown

Mitigation Efforts

Remains unknown as of this press release.

Customer Notification

Notification will take place on or before May 26th.

Sources

Hits: 187

Cyber Threat Report for May 19th, 2020

Cybersecurity Threat Report for May 19th, 2020

May 19, 2020 in Blog and News, Cyber-attack, Cybersecurity, Daily Threat Report, Data Breach, Featured Posts

Data Breach of UK Airline EasyJet

Briefing

Information is scarce but it is being reported that 9 million customers were impacted by the breach.  ZDNet reports that the data breach was said to be “Highly Sophisticated”.  Without any details of the attack vector or the payload we cannot assume the relative complexity of the attack. It appears that the 9 million breached accounts were limited to emails and travel details.  However, an additional 2,200 credit cards were said to be lifted as part of the breach.  Newsweek and Flight Global who also reported the breach had no further details.

Scope

9 million customers

Application

Unknown

Impact

The exfiltration of the emails and travel records of 9 million customers.  As stated, an additional 2,200 credit cards were also lifted in the attack.

Attack Vector

Unknown

Mitigation Efforts

Also, Unknown

Customer Notification

Notification will take place on or before May 26th.

Hits: 131

Cyber Threat Report for May 18th, 2020

Cybersecurity Threat Report for May 18th, 2020

May 18, 2020 in Blog and News, Cybersecurity, Daily Threat Report, Featured Posts

U.S. Center for Internet Security Alert Level

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.

Center for Internet Security (CIS) Alert Level Guarded
Current US Center for Internet Security Alert Level

From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

The New Normal: Teleworking

Briefing

Most individuals who can do so are working from home or telecommute. Amidst the COVID19 Pandemic this has become the new norm.  With the shifting of the work force to remote access comes increased security concerns. The NIST reports some statistics prior to the COVID19 outbreak.

  1. More than 26 million Americans work remotely;
  2. 43% of Americans work from home at least occasionally;
  3. 82% of American workers want to work from home at least 1 day per week;
  4. 8 million Americans worked completely from home in 2017;
  5. 42% of Americans with an advanced degree perform some work from home;
  6. 57% of American workers want to work from home at least 3 days per week;
  7. There has been a 115% increase in the remote workforce between 2005 and 2015;

NIST Teleworking Recommendations

  • Avoid using Wi-Fi;
  • If you use Wi-Fi at home, use “WPA2” or the new and more secure “WPA3”.  If you are not running WPA3 talk to a cybersecurity engineer about implementing the new and more secure technology.
  • Make sure your password is hard to guess; Use at least 4 – 5 phonetic segments.
  • Small business owners should consider using their own VPN;
  • If you are using your own computer or mobile device (something not issued by your organization) for telework, make sure you’ve enabled basic security features.
    • Enable the password or PIN
    • Enable Fingerprint scanning
    • Enable the facial ID feature
  • Keep your computers and mobile devices patched and updated.
  • If you are seeing unusual or suspicious activity on any device you are using to telework (computer, mobile device, or home network) contact your Cybersecurity team or hire a Cybersecurity company to assist.
  • Use multi-factor authentication when possible.
  • Ensure that your Written Information Security Programs have a telework policy.

NIST Conference Call Recommendations

  • Limit the reuse of access codes;
  • Use one-time PINs or meeting identifier codes;
  • Consider using multi-factor authentication;
  • Use a “green room” “or waiting room” and don’t allow the meeting to begin until the host joins;
  • Enable notifications when attendees join;
  • Use a dashboard to monitor attendees and be sure to identify each attendee;
  • Do not record the meeting unless it is necessary;
  • If it is a web meeting with video:
    • Disable features you do not need including chat, file sharing, or screen sharing;
    • Consider using a PIN to prevent someone from crashing the meeting;
    • Limit who can share their screen to avoid any unwanted or unexpected images.

Sources

From the National Institute of Standards and Technology (NIST)

From the Cybersecurity and Infrastructure Agency (CISA)

From the Federal Communications Commission (FCC)

5G Rollout in the U.S.

Briefing

As is being reported by Sacha Segan of PCMag, “US Mobile carriers continue to roll out 5G.” It’s been said that 5G speeds will range anywhere from 50 Mbps to over 2 Gbps. AT&T was able to reach 1.8 Gbps in the lab using their high-band frequency.  It appears that T-Mobile is the actual front runner as they continue to deploy their 5G service across the U.S.  They claim to have coverage that spans more than 200 million people.  T-Mobile is averaging downstream speeds of approximately 80 Mbps. 

AT&T is a close second with coverage that spans approximately 120 million people.  Their average downstream speed is a bit higher than T-Mobiles at 145 Mbps.

These deployments appear to be in the low-band and mid-band range.

Verizon is averaging a downstream data rate of over 800 Mbps.  Coverage, though, is lacking.  Verizon’s deployment is a high-band millimeter wave deployment.  Radio coverage stretches about 800 feet from a cell site and does not penetrate walls.  Sacha is estimating that Verizon has deployed their 5G service to about 10 million people.  At present, Verizon has the performance but doesn’t have the coverage.

Sprint’s mid-band speeds are reaching approximately 200 Mbps.  The sweet spot looks to be in the mid-band range for both coverage and speed.

Sacha also claims that 5G prices are coming down.  Verizon is the only one who has announced what is the availability of 5G to the home.  Albeit sparse and covering only five cities.  5G phones, however, are readily available and are being scoffed up by those who are upgrading or purchasing new phones.  The Samsung Galaxy S20+ is the only 5G phone that operates on all carriers frequencies.

The merger between T-mobile and Sprint has been finalized.  The U.S. is now a three carrier country.  The combined coverage of T-mobile and Sprint is compelling.  Sacha points out that T-mobiles 5G network maintains speeds that are slower than that of the three major Canadian carriers 4G service.

Latency continues to be an issue for 5G service and it’s been reported that the “ait latency” is adding between 8 and 12 ms.  5G is said to have applications in IoT, enterprise networking, and critical communications.  We feel the latency issue needs to be resolved first and before looking that far ahead.

In the U.S. Atlanta, Dallas, Houston, Los Angeles, New York, Newark, and Washington D.C each have coverage by all four telco’s.

Globally more than 35 countries are deploying or experimenting with 5G service.

On the cybersecurity front some researches have security concerns suggesting that it broadens the attack surface because it moves larger amounts of data in a shorter amount of time.  Some U.S.  security companies are suggesting that the mixed security deployment open the technology up for DDoS attacks.  They’ve also cited cryptojacking and other cyber-attacks

Sources

Wi-Fi WPA3

Briefing

More than two years ago, The Wi-Fi Alliance announced WPA3, the Wi-Fi security standard that is to replace WPA2. WPA3 has increased the difficulty to hack your Wi-Fi network.  WPA is an acronym for Wi-Fi Protected Access.  It is a protocol used between a Wireless client and a Wireless Access Point that encrypts your data communications. WPA2 uses secure AES encryption. This obfuscates the traffic and prevents anyone from seeing it in clear text. Much like WPA2, WPA3 is a certification that manufacturers must apply for.

There are several new features to WPA3.

  • Encryption by default on “open” networks.
  • A new passphrase handshake protects against brute-force attacks.
  • Better interoperability with IoT devices.  This is called Wi-Fi Easy Connect and uses QR codes.
  • An option for stronger 192-bit encryption aligned with the Commercial National Security Algorithm (CNSA).  This is the Enterprise version of WPA3.
  • Improved interoperability with centralized authentication services.
  • Security safeguards with misconfigured devices.
  • Supports and implements forward secrecy.

Sources

FCC Cybersecurity Guidance for Small Businesses

Briefing

  1. Train employees in security principles;
  2. Protect information, computers, and networks from cyber attacks;
  3. Provide firewall security for your Internet connection;
  4. Create a mobile device action plan;
  5. Make encrypted backup copies of important business data and information
  6. either offsite or in the cloud;
  7. Control physical access to your computers and create user accounts for each employee;
  8. Secure your Wi-Fi networks;
  9. Employ best practices on payment cards;
  10. Limit employee access to data and information, and limit authority to install software;
  11. Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication.

Hits: 171

Using Linguistic Phonetics for Secure Passwords

Using Linguistic Phonetics for Secure Passwords

May 18, 2020 in Blog and News, Credentials, Cybersecurity, Data Breach, Featured Posts, How To, Passwords

Video: Using Linguistic Phonetics for Secure Passwords

Secure Passwords and Linguistic Phonetics

Armed with knowledge of linguistic phonetics you’ll be able to create lengthy and secure passwords. These secure passwords qualify for any of the cybersecurity frameworks. It will also allow you to easily remember the password without having to write it down.

The Human Condition

We first took a look at the “human condition”. We wanted to know what, how, and how many phonetic segments a human could recall. It turned out that the number was seven. However, the methodology described in the video above makes use of five phonetic segments. Five allows us to have a password length ranging from anywhere between 20 and 25 characters. That’s a big win!

Human Memory

Short term memory lasts for seconds to hours. Long term memory lasts for up to years. Working memory allows us to keep something in our minds by repeating it over again and again.

In this use case we want our passwords to enter what is called, our non-declarative or implicit memory. Here we will be able to recall something without much of a thought. This is akin to muscle memory.

Some Password Requirements Make Matters Worse

The NIST has noted that the random algorithmic complexity of passwords is making matters worse. How so? Users who are required to apply a mix of characters, case, numbers and symbols are merely replacing letters with their alternative and comparative counterparts. An example would be replacing the letter “E” with the number “3” or replacing the letter “I” with the number “1”.

Also making matters worse, are the requirements to change the password reset intervals. The 90 day interval is a typical requirement. This is forcing users to create simple and insecure passwords. They create these passwords with the idea that they will have to change it in a relatively short amount of time.

The NIST has thrown out these two requirements.

Screening Passwords

The NIST recommends screening your passwords. However, we need to express a level of caution here. A website that allows you to screen a password against a list of known breached accounts may, very well, be collecting the password you are attempting to screen. If you do screen a password it should be done merely to check if a password you once used was part of a breach.

Use Phonetic Segments to Create Secure Passwords

Rather than to rely on a screening website, generate a password using phonetic segments. You may assume that your password is unique given the level of complexity that’s inherent in the use of phonetic segments. No dictionary attack will defeat your password.

What is an example of a password generated with phonetic segments? We’ve created one below. Take a look and take note of the segments.

Secure Passwords
A Secure Password Using Phonetic Segments
  • 5 phonetic segments;
  • 24 characters!;
  • No dictionary words;
  • No comparative character to number replacements;

A Secure Password Strategy

  • Use password screening technology against a deprecated password. Cyber-criminals maintain dictionaries of known passwords.  Verify that your old password has not been exposed in a breach;
  • Implement password expiration’s yearly. Do not force the 90 day reset interval;
  • Do not use dictionary passwords;
  • Your password should be unique for each platform, service, or account;
  • Use a secure and encrypted open-source password manager to keep track of your passwords;
  • Never accept when your browser(s) offer to remember your password;
  • Target implementing a password with at least 20 characters;
    • Achieving lengthy passwords can be done by using linguistic phonetics. Always consider incorporating phonetic segments and non-comparative alternative characters, such as numbers or symbols, to generate a lengthy, complex, and secure password;
    • A human can easily remember 5 phonetic segments. This will result in 20 characters or more.
    • 7 phonetic segments is typically the maximum a human can remember.
  • Allow for 10 attempts before lock out an account and/or force a password reset;
  • Requesting password hints or questions should not be used.  They are typically too easy to guess;
  • One-time passwords sent over SMS is not recommended.  Use an authenticator application.

Sources

Interesting Articles

Hits: 124

tcpdump For Newbies

tcpdump For Newbies

May 17, 2020 in Blog and News, Featured Posts, Tools

Hits: 78

  • Sign Up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.