So it is time to say goodbye to the weekly Heuristic Security Internet Weather Report. With the holidays coming up, and other projects pending in the queue, the pressures of time have caused me to put this effort on the shelf.
I hope that these weekly reports have shown you how constant are attacks coming from the internet, and how diverse are the sources that they come from, with the US, Russia, and China being the big three. Also, the link between the breaches in the news and the ports we have seen being probed should demonstrate that what is a major vulnerability today will be the cause of a major breach in your company tomorrow. Patch your systems!
If there are any universal recommendations to come from this effort, they are:
- Use commercial firewalls and keep them patched
- Configure your firewalls properly (Egress filtering and no UPNP)
- Don’t open ports unless absolutely, positively necessary and make sure that what these ports lead to is regularly scanned, patched and secured
- Monitor your firewall’s logs. As these weather reports have shown, there is a wealth of threat intelligence that they can provide if you bother to look. If anyone is interested in the Splunk configuration and queries I used to generate these reports, please feel free to drop me a note
If you are interested, prior reports are still posted on heuristicsecurity.com for your reading pleasure.
About this Report
These reports did not attempt to discuss the state of attacks and attackers across the entire internet, rather they discussed what I saw on my company’s firewalls from my vantage in Colorado and what I believed were general trends, and recommended preventative measures based on this information.
Since so many of the attacks today are driven by automated bots scanning the internet for open ports (what I call an attack), I think that the trends I observed locally could be broadly extrapolated to consumer and small business networks across the US. However, as always, the best indication of what is impacting your company’s systems are the results you get by monitoring your own networks. To the extent that you see significantly different results for your network, that may be indicative of a targeted attack on your business.
I am an expert in addressing the information security and privacy challenges of complex and fast-paced organizations as both a CISO and adviser to management and the board, in roles ranging from security architect, to risk management, to virtual or permanent CISO. Contact me to discuss how I can help you and your organization achieve your security, risk and privacy objectives.