ITSecurity Training

ITConundrum Security Catch22’s

Do you know the Heisenberg Principle?  Or more precisely “The Uncertainty Principle”

https://www.aip.org/history/heisenberg/p08.htm

The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa.
–Heisenberg, uncertainty paper, 1927
You can’t completely measure stuff. Does this apply to network traffic?

I am talking about measuring the characteristics of the Network using a tap on an IDS system for example.

Does the act of checking the network modify the characteristics of a potential scan or attack on the system?

 

Even if it does, the attacker is still doing the attack and checking the results.  This is  why some scanning is a black art. Some results are not obvious, whereas other results are obvious.

 

The Blue team (the network defense) needs to obfuscate the system scans attacker hackers perform.

so how to configure your network scanning defense settings?

Here is an entry for Microsoft systems.

http://blogs.technet.com/b/networking/archive/2010/12/06/disabling-network-discovery-network-resources.aspx

networkdiscovery

 

Most interesting about “Network Discovery”

{ The interaction between Network Discovery and the Windows Firewall is relatively straightforward. The Windows Firewall has default rules both inbound and outbound to block the Network Discovery protocols, but by default the outbound rule is not enabled, thus allowing this traffic.}

 

By default the outbound rule is not enabled.

enablerulesnetworkdiscovery

Consider disabling or at least blocking the ports on your internal machines that have data important to you.  Why give a hacker more information than they need.

Also other options could be to disable network resource option in the GUI.

 

It is a good idea to harden your internal machines as well as external, especially with high value data.

Even with the Heisenberg principle we give out a profile to attackers – it may not be perfect, but it is something.

On Linux systems you need to consider blocking ports or making sure that there is no info sent for the hacker, the less data they have the better defense you have.

 

 

I have a meetup meeting next Monday (August 10th) to discuss what you can do to protect your systems:

How to block Port Scanning

Monday, Aug 10, 2015, 8:00 PM

Location details are available to members only.

7 Members Went

This will be a short presentation with a lot of Q&A and general discussion about Cybersecurity

Check out this Meetup →

One thought on “ITConundrum Security Catch22’s

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.