Cyber Reading Room
With technology moving at the pace of light "change is the only constant". As organizations and government agencies struggle to keep pace of the advances it is essential to examine the critical infrastructure that forms the bedrock of your connection to the digital world.
Click or tap to read an article
Data Protection & Privacy | GDPR
Complying with the European Union
General Data Protection Regulation (GDPR)
A special report from the Digital Deli by John R. Grala, April 2, 2018
The European Union (EU) has implemented a formal regulation called General Data Protection Regulation (GDPR).
Learn about Sponsorship Opportunities
External Document Reference Links
Content Creator Author Info
A few Acknowledgements
Proudly sponsored by Opens in new windowDigital Deli Archive. A digital on ramp for Creatives where you may purchase rare, unique and authentic fine art photography.
Network Advisory | Spectre and Meltdown
Network Operations Control
Meltdown and Spectre Vulnerability
January 27, 2018
The Digital Deli Gen-3 Cloud service places security and performance at the top of our list of priorities.
Hacking tools of an unprecedented nature allowed bad actors to penetrate many high profile systems undetected during 2017.
Due to critical unpatched vulnerabilities in Q4-2017 all Gen-3 Cloud domain services (web, email) were placed on enhanced L3 (level 3) real time monitoring on December 1, 2017.
Information assurance best practices drove our decision to provide enhanced threat vector analysis monitoring while operating system and server application providers analyzed and tested mitigation for the latest crop of vulnerabilities.
Meltdown and Spectre Vulnerability
The following pertains to the recent Meltdown and Spectre vulnerabilities and what action is being taken to protect your domain and email service on Gen-3 Cloud.
On January 3, 2018 the Meltdown and Spectre vulnerabilities were publicly disclosed. This affects modern CPU's from Intel, AMD, ARM and goes back as far as 1995.
A BIOS update by itself can not correct the CPU hardware vulnerability. This exploit applies to almost every CPU in use today.
Since it would be impossible to replace every CPU on every (server, PC, mobile device, router, etc) device the responsibility of shouldering the CPU hardware problem has fallen onto operating system and server application providers, researchers, technologists and customers.
Based on advisories from CERT1 and NIST2, industry partners (Ubuntu, Google, Microsoft, Apple, Amazon, Cisco, Intel, AMD, ARM, ...) have collaborated to find a solution.
The effect of applying software patches to correct hardware CPU vulnerabilities will require greater system resources.
This is a new class of vulnerability that requires a new level of vigilance, now and in the future.
(1) US-CERT: Computer Emergency Readiness Team
(2) NIST: National Institute of Standards and Technology
Meltdown and Spectre Mitigation
On 01/27/2018 Digital Deli Network Operations Control began a series of systematic steps to mitigate the vulnerability from Meltdown and Spectre on Gen-3 Cloud.
(1) All Domain Ecosystems (web, database, mail, etc) will need upgraded system memory and/or CPU resources to operate with security patches associated with Meltdown and Spectre.
(2) Legacy unmanaged hosting is no longer supported and has been superseded by Tier 1 service plans providing the Platform, Managed Infrastructure and Operations Management, Incident Support and preapproved mitigation.
(3) Customers requiring PCI-DSS, HIPAA/HiTech, CJIS-SP, and GDPR may choose a Tier and Level of Cyber AI and iAuth+ service for a baseline managed secure server platform.
(4) Upgrade service by 1/31/2018 to ensure uninterrupted operation of web and email systems.
What to Expect During Upgrades
From Jan 27th – Feb 5, 2018 (tentative)
(a) customer systems will be monitored and when idle they will be briefly taken offline, backed up, updated and brought back online. Systems are staged for a series of upgrades and will typically be offline for between 10-20 minutes (avg 15m).
(b) during upgrades a user may be unable to reach your site or send your domain email. Inbound mail systems should automatically retry sending and not present a problem.
keep in mind, more updates are likely in the coming weeks.
Contact Network Operations Control if you need support associated with this advisory.
rollout window for this advisory is 1/27/2018 - 02/05/2018.
External Links on Meltdown and Spectre
Opens in new windowCERT CVE-2017-5753
Opens in new windowNIST CVE-2017-5753
Opens in new windowNIST CVE-2017-5754
Opens in new windowMeltdown and Spectre
Opens in new windowWired - Triple Meltdown
Opens in new windowWired - Meltdown and Spectre Patching
Secure, Reliable, Future Ready Infrastructure
The Digital Deli takes security, performance and reliability into the next generation with Internet 4.0 Digital Ecosystems.
Tier 1 plans for Information Resource, Business and E-Commerce provide baseline configurations to form the nucleus of your digital ecosystem.
Internet 4.0 Digital Ecosystems can scale from a small global infrastructure to a multi data center powerhouse for a clear pathway into the future.
Data Protection & Privacy | PCI
Payment Card Industry Data Security Standard (PCI-DSS)
Payment Card Industry Data Security Standard (PCI-DSS) was developed to encourage and enhance card holder data security and facilitate the broad adoption of consistent data security measures globally.
The PCI Data Security Standard applies to all businesses that store, process, and/or transmit card holder data. It covers technical and operational practices for system components included in or connected to environments with card holder data. If you accept or process payment cards, PCI DSS applies to you.
Learn more about PCI-DSS at Opens in new windowPCI Security Standards Council.
Access the PCI Security Standards Council Opens in new windowDocument Library where you will find source documents and updates.
Data Protection & Privacy | CJIS
Criminal Justice Information Services (CJIS) Security Policy
Version 5.6, Dated: 06/05/2017 ID:CJISD-ITS-DOC-08140-5.6
The CJIS Security Policy provides Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NCJA) with a minimum set of security requirements for access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information (CJI). This minimum standard of security requirements ensures continuity of information protection. The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect CJI, from creation through dissemination; whether at rest or in transit.
The CJIS Security Policy integrates presidential directives, federal laws, FBI directives, the criminal justice community’s Advisory Policy Board (APB) decisions along with nationally recognized guidance from the National Institute of Standards and Technology (NIST) and the National Crime Prevention and Privacy Compact Council (Compact Council).
Access the Opens in new windowCJIS Security Policy Resource Center for documentation from the U.S. Department of Justice and Federal Bureau of Investigation.
Securing Email | iAuth+
DMARC, SPF and DKIM for
Authenticated Domain Encrypted Email Communications
Email is an essential business tool today. Unfortunately mail servers are frequently misconfigured so they can be compromised. Spoofed email accounts for a large number of attacks. Securing Mail Transport Agent (MTA) server configurations, while essential, will only take you so far. To help email reach it's ultimate destination with a high degree of trust DMARC, SPF and DKIM can be deployed on the MTA. Various configurations allow higher degrees of trust vs. what might be offered generically by a service provider. Learn more about a few methods we use at the Digital Deli for Authenticated Domain Encrypted Email Communications.
Domain-based Message Authentication, Reporting & Conformance (DMARC):
A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
An overview and Opens in new windowBackground on DMARC.
Frequently Asked Questions and Opens in new windowWhy DMARC is Important.
Sender Policy Framework (SPF):
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. Today, nearly all abusive e-mail messages carry fake sender addresses.
Learn more about the Opens in new windowSender Policy Framework (SPF).
Domain Keys Identified Mail (DKIM):
DKIM is a method to validate the authenticity of email messages. When each email is sent, it is signed using a private key and then validated on the receiving mail server (or ISP) using a public key that is in DNS. This process verifies that the message was not altered during transit.
Learn more about Opens in new windowDKIM.
Learn about iAuth+ Business Class Email.