Cyber Reading Room

With technology moving at the pace of light "change is the only constant". As organizations and government agencies struggle to keep pace of the advances it is essential to examine the critical infrastructure that forms the bedrock of your connection to the digital world.


Click or tap to read an article   

  •   Security Advisory | Sunburst Backdoor  

    Digital Deli Security Advisory: 12/14/2020, updated 12/15, 16, 19
    Wide Spread Compromise / Sunburst Backdoor
    Network Supply Chain / SolarWinds Orion
    US-CERT / CISA Alert AA20-352A
    DHS Emergency Directive 21-01

    Cyber Threat Alert Level: ELEVATED (12/16/2020)

    Action Required:
    Digital Deli Gen-3 Cloud digital services do not use the affected systems so no action is required.

    Notice:
    Some of your customers may report difficulty sending email to your Gen-3 Cloud domain and not realize their own network is being updated, partially offline or undergoing configuration changes.

    Overview:
    Enterprise network management software hacked used by: US Treasury, State Dept, Homeland Security, Justice, Military/DOD, Intelligence, DOE, CDC, Utilities, Defense Contractors and most of the Fortune 500.

    Emergency alerts triggered across government, critical infrastructure and the private sector. Outages across major infrastructure have been reported as Orion SolarWinds network management systems are isolated and taken offline.

    Forged tokens bypassed Microsoft 365 Outlook authentication using a secret key. It is likely additional methods of compromise remain cloaked (undiscovered).

    The cyber security firm FireEye initially reported this 12/8 to DHS/FBI after detecting a breach of their intellectual property and followed up with deep forensic analysis.

    The SolarWinds software has been compromised since at least March 2020. US-DHS issued an all agency emergency directive to immediately disconnect SolarWinds Orion products 12/13. On 12/14 a command and control server at Godaddy used by hackers was seized. Some countermeasures are available.

    Key personnel involved in remediation are advised to use alternate out-of-band communications employing secure authenticated encrypted end-to-end communications. Total loss of privileged American data to foreign adversaries is unknown as of 12/19. Global impact probability is high across all sectors.

    Dark Halo's state sponsored attack vector was simple. Compromise the network vendor software used by nearly everyone and let them infect themselves. Then target the juiciest fruit from a large basket of malware at will. There will likely be more fallout than has been reported.

    The backdoor called Sunburst was inserted as a valid digitally signed software component. An old trick of tradecraft decades old but still used today.

    RISK:
    Government:
    Large and medium government entities: HIGH
    Small government entities: HIGH

    Businesses:
    Large and medium business entities: HIGH
    Small business entities: HIGH

    Home Users: LOW

    DHS Emergency Directive 21-01
      Opens in new windowhttps://cyber.dhs.gov/ed/21-01/

    National Cyber Awareness System / AA20-352A
      Opens in new windowhttps://us-cert.cisa.gov/ncas/alerts/aa20-352a

    Technical Disclosure
      Opens in new windowFireEye UNC2452

    Media Reports
      Opens in new windowDefense One
      Opens in new windowDark Reading
      Opens in new windowKrebs On Security
      Opens in new windowNY Times

    Digital Deli
    Cyber Intelligence
    Network Operation Control
    https://DigitalDeli.RED
    https://DigitalDeli.US

  •   Data Protection & Privacy | GDPR  

    Complying with the European Union
    General Data Protection Regulation (GDPR)

    A special report from the Digital Deli by John R. Grala, April 2, 2018


    The European Union (EU) has implemented a formal regulation called General Data Protection Regulation (GDPR).

      Listen to Complying with the European Union General Data Protection Regulation (GDPR)

      Read report Complying with the European Union General Data Protection Regulation (GDPR)

      Learn about Sponsorship Opportunities

      External Document Reference Links

      Content Creator Author Info

      A few Acknowledgements

      Note for Programmers, Business Process & Data Analysts

      Proudly sponsored by Opens in new windowDigital Deli Archive. A digital on ramp for Creatives where you may purchase rare, unique and authentic fine art photography.

  •   Network Advisory | Spectre and Meltdown  

    Spectre

    Security Advisory
    Network Operations Control
    Meltdown and Spectre Vulnerability
    January 27, 2018

    Meltdown

    The Digital Deli Gen-3 Cloud service places security and performance at the top of our list of priorities.

    Hacking tools of an unprecedented nature allowed bad actors to penetrate many high profile systems undetected during 2017.

    Due to critical unpatched vulnerabilities in Q4-2017 all Gen-3 Cloud domain services (web, email) were placed on enhanced L3 (level 3) real time monitoring on December 1, 2017.

    Information assurance best practices drove our decision to provide enhanced threat vector analysis monitoring while operating system and server application providers analyzed and tested mitigation for the latest crop of vulnerabilities.


      Meltdown and Spectre Vulnerability

    The following pertains to the recent Meltdown and Spectre vulnerabilities and what action is being taken to protect your domain and email service on Gen-3 Cloud.

    On January 3, 2018 the Meltdown and Spectre vulnerabilities were publicly disclosed. This affects modern CPU's from Intel, AMD, ARM and goes back as far as 1995.

    A BIOS update by itself can not correct the CPU hardware vulnerability. This exploit applies to almost every CPU in use today.

    Since it would be impossible to replace every CPU on every (server, PC, mobile device, router, etc) device the responsibility of shouldering the CPU hardware problem has fallen onto operating system and server application providers, researchers, technologists and customers.

    Based on advisories from CERT1 and NIST2, industry partners (Ubuntu, Google, Microsoft, Apple, Amazon, Cisco, Intel, AMD, ARM, ...) have collaborated to find a solution.

    The effect of applying software patches to correct hardware CPU vulnerabilities will require greater system resources.

    This is a new class of vulnerability that requires a new level of vigilance, now and in the future.

    (1) US-CERT: Computer Emergency Readiness Team
    (2) NIST: National Institute of Standards and Technology


      Meltdown and Spectre Mitigation

    On 01/27/2018 Digital Deli Network Operations Control began a series of systematic steps to mitigate the vulnerability from Meltdown and Spectre on Gen-3 Cloud.

    Effective 01/31/2018:
    (1) All Domain Ecosystems (web, database, mail, etc) will need upgraded system memory and/or CPU resources to operate with security patches associated with Meltdown and Spectre.

    (2) Legacy unmanaged hosting is no longer supported and has been superseded by Tier 1 service plans providing the Platform, Managed Infrastructure and Operations Management, Incident Support and preapproved mitigation.

    (3) Customers requiring PCI-DSS, HIPAA/HiTech, CJIS-SP, and GDPR may choose a Tier and Level of Cyber AI and iAuth+ service for a baseline managed secure server platform.

    (4) Upgrade service by 1/31/2018 to ensure uninterrupted operation of web and email systems.


      What to Expect During Upgrades

    From Jan 27th – Feb 5, 2018 (tentative)
    (a) customer systems will be monitored and when idle they will be briefly taken offline, backed up, updated and brought back online. Systems are staged for a series of upgrades and will typically be offline for between 10-20 minutes (avg 15m).

    (b) during upgrades a user may be unable to reach your site or send your domain email. Inbound mail systems should automatically retry sending and not present a problem.

      keep in mind, more updates are likely in the coming weeks.

      Contact Network Operations Control if you need support associated with this advisory.

      rollout window for this advisory is 1/27/2018 - 02/05/2018.


      External Links on Meltdown and Spectre

      Opens in new windowCERT CVE-2017-5753
      Opens in new windowNIST CVE-2017-5753
      Opens in new windowNIST CVE-2017-5754
      Opens in new windowMeltdown and Spectre
      Opens in new windowWired - Triple Meltdown
      Opens in new windowWired - Meltdown and Spectre Patching


      Secure, Reliable, Future Ready Infrastructure

    The Digital Deli takes security, performance and reliability into the next generation with Internet 4.0 Digital Ecosystems.

    Tier 1 plans for Information Resource, Business and E-Commerce provide baseline configurations to form the nucleus of your digital ecosystem.

    Internet 4.0 Digital Ecosystems can scale from a small global infrastructure to a multi data center powerhouse for a clear pathway into the future.


  •   Data Protection & Privacy | PCI  

    Payment Card Industry Data Security Standard (PCI-DSS)


    Payment Card Industry Data Security Standard (PCI-DSS) was developed to encourage and enhance card holder data security and facilitate the broad adoption of consistent data security measures globally.

    The PCI Data Security Standard applies to all businesses that store, process, and/or transmit card holder data. It covers technical and operational practices for system components included in or connected to environments with card holder data. If you accept or process payment cards, PCI DSS applies to you.


    Document Reference

    Learn more about PCI-DSS at  Opens in new windowPCI Security Standards Council.

    Access the PCI Security Standards Council  Opens in new windowDocument Library where you will find source documents and updates.

  •   Data Protection & Privacy | CJIS   

    Criminal Justice Information Services (CJIS) Security Policy

    Version 5.6, Dated: 06/05/2017 ID:CJISD-ITS-DOC-08140-5.6

    The CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NCJA) with a minimum set of security requirements for access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI). This minimum standard of security requirements ensures continuity of information protection. The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect CJI, from creation through dissemination; whether at rest or in transit.

    The CJIS Security Policy integrates presidential directives, federal laws, FBI directives, the criminal justice community’s Advisory Policy Board (APB) decisions along with nationally recognized guidance from the National Institute of Standards and Technology (NIST) and the National Crime Prevention and Privacy Compact Council (Compact Council).


    Document Reference

    Access the  Opens in new windowCJIS Security Policy Resource Center for documentation from the U.S. Department of Justice and Federal Bureau of Investigation.

  •   Securing Email | iAuth+   

    DMARC, SPF and DKIM for
    Authenticated Domain Encrypted Email Communications


    Email is an essential business tool today. Unfortunately mail servers are frequently misconfigured so they can be compromised. Spoofed email accounts for a large number of attacks. Securing Mail Transport Agent (MTA) server configurations, while essential, will only take you so far. To help email reach it's ultimate destination with a high degree of trust DMARC, SPF and DKIM can be deployed on the MTA. Various configurations allow higher degrees of trust vs. what might be offered generically by a service provider. Learn more about a few methods we use at the Digital Deli for Authenticated Domain Encrypted Email Communications.


    Domain-based Message Authentication, Reporting & Conformance (DMARC):

    A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

    An overview and  Opens in new windowBackground on DMARC.

    Frequently Asked Questions and  Opens in new windowWhy DMARC is Important.


    Sender Policy Framework (SPF):

    The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. Today, nearly all abusive e-mail messages carry fake sender addresses.

    Learn more about the  Opens in new windowSender Policy Framework (SPF).


    Domain Keys Identified Mail (DKIM):

    DKIM is a method to validate the authenticity of email messages. When each email is sent, it is signed using a private key and then validated on the receiving mail server (or ISP) using a public key that is in DNS. This process verifies that the message was not altered during transit.

    Learn more about  Opens in new windowDKIM.

    Learn about iAuth+ Business Class Email.