THIS POST IS CONTINUED FROM PART 19, BELOW--
https://ajitvadakayil.blogspot.com/2020/05/what-artificial-intelligence-cannot-do.html
Nicolas C.D September 16, 2020 at 1:16 AM
This is insane, imagine 10 years from now.
https://ajitvadakayil.blogspot.com/2020/09/punishment-for-making-deep-fake-porn.html
Capt. Ajit Vadakayil September 16, 2020 at 4:40 AM
DEEP FAKES HAVE THE CAPABILITY TO START WORLD WARS..
THE FRENCH QUEEN WAS BEHEADED BY HER OWN PEOPLE BECAUSE JEW ROTHSCHILD WROTE IN HIS NEWSPAPER THAT SHE SAID " IF PEOPLE DONT GAVE BREAD THEN THEY CAN EAT CAKE"
THE QUEEN NEVER SAID THAT.. SHE WAS A KIND LADY..
http://ajitvadakayil.blogspot.com/2015/11/the-french-revolution-conceived-and.html
IN THE SHRADDHA KAPOOR DEEP FAKE , THE ONLY WAY I COULD MAKE OUT THAT THE VIDEO IS A DEEP FAKE IS --
-- BECAUSE THE WASTED FAKE WHITE WOMAN DID NOT HAVE A SVELTE TONED FIGURE LIKE SHRADDHA KAPOOR .. SHE WOULD NOT EVEN KNOW WHAT A GYM LOOKS LIKE..
capt ajit vadakayil
..
CAPT AJIT VADAKAYIL SAYS AI MUST MEAN “INTELLIGENCE AUGUMENTATION “ IN FUTURE ..
Let this be IA
Let this be IA
OBJECTIVE AI CANNOT HAVE A VISION,
IT CANNOT PRIORITIZE,
IT CANT GLEAN CONTEXT,
IT CANT TELL THE MORAL OF A STORY ,
IT CANT RECOGNIZE A JOKE, OR BE A JUDGE IN A JOKE CONTEST
IT CANT DRIVE CHANGE,
IT CANNOT INNOVATE,
IT CANNOT DO ROOT CAUSE ANALYSIS ,
IT CANNOT MULTI-TASK,
IT CANNOT DETECT SARCASM,
IT CANNOT DECIPHER TONE ( I KILLED THE CLERK !? --OF MY COUSIN VINNY )
IT CANNOT DECIPHER TONE ( I KILLED THE CLERK !? --OF MY COUSIN VINNY )
IT CANNOT DO DYNAMIC RISK ASSESSMENT ,
IT IS UNABLE TO REFINE OWN KNOWLEDGE TO WISDOM,
IT IS BLIND TO SUBJECTIVITY,
IT CANNOT EVALUATE POTENTIAL,
IT CANNOT SELF IMPROVE WITH EXPERIENCE,
IT CANNOT UNLEARN
IT IS PRONE TO CATASTROPHIC FORGETTING
IT DOES NOT UNDERSTAND BASICS OF CAUSE AND EFFECT,
IT CANNOT JUDGE SUBJECTIVELY TO VETO/ ABORT,
IT CANNOT FOSTER TEAMWORK DUE TO RESTRICTED SCOPE,
IT CANNOT MENTOR,
IT CANNOT BE CREATIVE,
IT CANNOT THINK FOR ITSELF,
IT CANNOT TEACH OR ANSWER STUDENTs QUESTIONS,
IT CANNOT PATENT AN INVENTION,
IT CANNOT SEE THE BIG PICTURE ,
IT CANNOT FIGURE OUT WHAT IS MORALLY WRONG,
IT CANNOT PROVIDE NATURAL JUSTICE,
IT CANNOT FORMULATE LAWS
IT CANNOT FIGURE OUT WHAT GOES AGAINST HUMAN DIGNITY
IT CAN BE FOOLED EASILY USING DECOYS WHICH CANT FOOL A CHILD,
IT CANNOT BE A SELF STARTER,
IT CANNOT UNDERSTAND APT TIMING,
IT CANNOT FEEL
IT CANNOT GET INSPIRED
IT CANNOT USE PAIN AS FEEDBACK,
IT CANNOT GET EXCITED BY ANYTHING
IT HAS NO SPONTANEITY TO MAKE THE BEST OUT OF SITUATION
IT CAN BE CONFOUNDED BY NEW SITUATIONS
IT CANNOT FIGURE OUT GREY AREAS,
IT CANNOT GLEAN WORTH OR VALUE
IT CANNOT UNDERSTAND TEAMWORK DYNAMICS
IT HAS NO INTENTION
IT HAS NO INTUITION,
IT HAS NO FREE WILL
IT HAS NO DESIRE
IT CANNOT SET A GOAL
IT CANNOT BE SUBJECTED TO THE LAWS OF KARMA
ON THE CONTRARY IT CAN SPAWN FOUL AND RUTHLESS GLOBAL FRAUD ( CLIMATE CHANGE DUE TO CO2 ) WITH DELIBERATE BLACK BOX ALGORITHMS, JUST FEW AMONG MORE THAN 60 CRITICAL INHERENT DEFICIENCIES.
HUMANS HAVE THINGS A COMPUTER CAN NEVER HAVE.. A SUBCONSCIOUS BRAIN LOBE, REM SLEEP WHICH BACKS UP BETWEEN RIGHT/ LEFT BRAIN LOBES AND FROM AAKASHA BANK, A GUT WHICH INTUITS, 30 TRILLION BODY CELLS WHICH HOLD MEMORY, A VAGUS NERVE , AN AMYGDALA , 73% WATER IN BRAIN FOR MEMORY, 10 BILLION MILES ORGANIC DNA MOBIUS WIRING ETC.
SINGULARITY , MY ASS !
- CONTINUED FROM 1--
DATA ENCRYPTION HELPS PROTECT SENSITIVE INFORMATION BY TRANSLATING IT INTO A CODE THAT ONLY PEOPLE WITHIN YOUR COMPANY CAN ACCESS THROUGH A SECRET KEY OR PASSWORD. EVEN IF SCAMMERS INTERCEPT YOUR DATA, THEY WON'T BE ABLE TO INTERPRET IT PROPERLY. THIS GOES FOR ANY MESSAGES OR INFORMATION YOU SEND, RECEIVE OR STORE ON YOUR DEVICES.
TAKING THE FOLLOWING PRECAUTIONS TO LIMIT SECURITY RISKS WHILE EMPLOYEES WORK FROM HOME.
REQUIRE THAT EMPLOYEES USE A NON-STORED PASSWORD TO CONNECT TO THE NETWORK, ESPECIALLY FOR VPN ACCESS.
ENFORCE REASONABLE SESSION TIMEOUTS FOR SENSITIVE PROGRAMS OR APPS. A USER SHOULD NOT HAVE TO RECONNECT AFTER WALKING TO THE KITCHEN TO POUR A CUP OF COFFEE, BUT AT THE SAME TIME, YOU CANNOT TRUST THAT EVERY EMPLOYEE WILL ALWAYS LOG OUT WHEN THEY ARE DONE FOR THE DAY.
LIMIT PROGRAM/FILE ACCESS TO ONLY THOSE AREAS THAT ARE ABSOLUTELY NEEDED BY THAT EMPLOYEE.
RESERVE THE RIGHT TO TERMINATE EMPLOYEE ACCESS AT ANY MOMENT.
PROVIDE SERVICES FOR REMOTE FILE STORAGE AND OTHER TASKS; DON'T RELY ON INDIVIDUALS TO USE THEIR PERSONAL PROGRAMS AND ACCOUNTS TO STORE YOUR COMPANY'S DATA.
ADVANCED ANALYTICS CAN BRING IT ALL TOGETHER. TAKE THE OVERWHELMING FLOOD OF INFORMATION AND CONSOLIDATE IT INTO ONE PLACE, THEN RUN IT THROUGH A MACHINE LEARNING ENGINE TO IDENTIFY THE ANOMALIES AND OUTLIERS.
THIS ENABLES AN ORGANIZATION’S SECURITY OPERATIONS TEAM TO IDENTIFY ISSUES THEY COULD NOT HAVE SEEN BEFORE, AND A SINGLE CONSOLIDATED AND CORRELATED RISK SCORE MAKES IT MUCH EASIER TO RESPOND TO THREATS. WITH THIS NEW PERSPECTIVE, ANALYSTS CAN UNCOVER SOME OF THOSE PREVIOUSLY UNKNOWN THREATS.
Capt ajit vadakayil
..
- https://ajitvadakayil.blogspot.com/2020/05/what-artificial-intelligence-cannot-do.html
IN ADDITION TO M SEVERAL WARNINGS TO PMO ABOUT ZOOM THAT IT LACKS THE FULL TYPE OF END-TO-END ENCRYPTION ..
ZOOM COMPANY GOT SHIT ON FACE OVER SECURITY AND PRIVACY-RELATED ISSUES EVER SINCE THE REPORTS OF ZOOMBOMBING CAME TO LIGHT.
ZOOMBOMBING OR ZOOM RAIDING IS THE UNWANTED INTRUSION INTO A VIDEO CONFERENCE CALL BY AN INDIVIDUAL, CAUSING DISRUPTION. THE TERM BECAME POPULARIZED IN 2020, AFTER THE COVID-19 PANDEMIC FORCED MANY PEOPLE TO STAY AT HOME AND VIDEOCONFERENCING IS USED ON A LARGE SCALE BY BUSINESSES, SCHOOLS, AND SOCIAL GROUPS.
FBI SAID THAT THEY HAVE RECEIVED OVER 240 REPORTS OF “ZOOM-BOMBING” IN WHICH HIJACKERS BROADCASTED MATERIAL DEPICTING CHILD SEXUAL ABUSE TO UNSUSPECTING USERS.
ENCRYPTION IS USED TO PROTECT THE IDENTITY OF USERS, CALL DATA BETWEEN ZOOM CLIENTS AND ZOOM'S INFRASTRUCTURE, AND MEETING CONTENTS.
WHEN A ZOOM CLIENT IS AUTHORIZED TO JOIN A MEETING, THAT CLIENT IS GIVEN A 256-BIT SECURITY KEY FROM ZOOM'S SERVER.
BUT THE ZOOM SERVER RETAINS THE SECURITY KEY PROVIDED TO MEETING PARTICIPANTS, THEREBY LACKING TRUE END-TO-END KEY MANAGEMENT AND ENCRYPTION.
THE LACK OF FULL END-TO-END ENCRYPTION MEANS THAT AN ATTACKER WHO CAN MONITOR ZOOM'S SERVER INFRASTRUCTURE AND GAIN ACCESS TO THE MEMORY OF THE RELEVANT ZOOM SERVERS COULD DEFEAT THE ENCRYPTION FOR A SPECIFIC MEETING.
AS SUCH, THAT PERSON COULD THEN VIEW THE SHARED MEETING KEY, DERIVE SESSION KEYS, AND DECRYPT ALL MEETING DATA.
https://support.zoom.us/hc/en-us/articles/201361943-New-updates-for-iOS
NEW DOCUMENT FROM ZOOM ILLUSTRATES HOW THE COMPANY HOPES TO CHICKEN UP—NAY-- BEEF UP THE SECURITY AND PRIVACY OF ITS VIRTUAL MEETING PLATFORM.
ALL ZOOM ROOMS WILL HAVE ENHANCED ENCRYPTION BETWEEN ZOOM ROOMS CONTROLLER AND ZOOM ROOMS ENABLED STARTING JUNE 30, 2020..
TO FIX SOME OF ITS SECURITY HOLES, ZOOM OUTLINED THE GOALS OF ITS PROPOSAL AS FOLLOWS: 1) ONLY AUTHORIZED MEETING PARTICIPANTS SHOULD HAVE ACCESS TO THEIR MEETING'S DATA; 2) ANYONE EXCLUDED FROM A MEETING SHOULD NOT HAVE THE ABILITY TO CORRUPT THE CONTENT OF THAT MEETING; 3) IF A MEETING PARTICIPANT ENGAGES IN ABUSIVE BEHAVIOR, THERE SHOULD BE AN EFFECTIVE WAY TO REPORT THAT PERSON TO PREVENT FURTHER ABUSE.
https://www.youtube.com/watch?v=-dgW6_n8XsQ
WITH ZOOM 5.0 UPDATE, SUPPORT FOR AES 256 BIT GCM ENCRYPTION WAS ADDED 256-BIT ENCRYPTION IS MUCH STRONGER THAN 128 BIT AS A BIGGER KEY SIZE HAS A HIGHER CHANCE OF REMAINING SECURE. THIS MEANS THAT IF SOMEONE WERE TO ATTEMPT TO HACK ENCRYPTED DATA, 256-BIT ENCRYPTED DATA WOULD TAKE SIGNIFICANTLY LONGER TO CRACK.
AES 256-BIT GCM ENCRYPTION WILL BE ENABLED SYSTEM-WIDE FROM MAY 30 IN ZOOM AND USERS WILL NEED TO HAVE UPDATED CLIENTS AND APP TO JOIN MEETINGS. THE SECURITY ICON IN THE MEETING WILL LET THE HOST EASILY LOCK/UNLOCK MEETINGS, ENABLE/DISABLE WAITING ROOMS, ENABLE/DISABLE IN-MEETING CHAT, ENABLE/DISABLE PARTICIPANT RENAMING, ENABLE/DISABLE SCREEN SHARING, REMOVE A PARTICIPANT, AND REPORT A PARTICIPANT..
ON JUNE 30, ENHANCED ENCRYPTION BETWEEN ZOOM ROOMS CONTROLLER AND ZOOM ROOMS WILL BE ENABLED. ZOOM ROOMS CONTROLLERS THAT DO NOT HAVE THE RECOMMENDED VERSION 5.0 OR HIGHER WILL STOP FUNCTIONING.
ZOOM 5.0 INCLUDES SECURITY ENHANCEMENTS AND A STRONGER ENCRYPTION STANDARD, TO FURTHER ENSURE THAT ZOOM CONFERENCES CANNOT BE INTERCEPTED BY UNINVITED PEOPLE.
AFTER THE MEETING STARTS, ALL PARTICIPANTS WILL SEE A MEETING SECURITY CODE THEY CAN USE TO VERIFY THAT NO ONE'S CONNECTION TO THE MEETING WAS INTERCEPTED. THE HOST CAN READ THIS CODE OUT LOUD, AND ALL PARTICIPANTS CAN CHECK THAT THEIR CLIENTS DISPLAY THE SAME CODE.
IF THE HOST LEAVES, THEY CAN NOW EASILY SELECT A NEW HOST AND HAVE THE CONFIDENCE THAT THE RIGHT PERSON IS LEFT WITH HOST PRIVILEGES..
CM OR GALOIS / COUNTER MODE ENCRYPTION IS AN ALGORITHM FOR AUTHENTICATED ENCRYPTION OF DATA THAT PROVIDES ASSURANCE OF AUTHENTICITY OF THE CONFIDENTIAL DATA.
CONTINUED TO 2--- CONTINUED FROM 1--
IT IS A MODE OF OPERATION OF THE ADVANCED ENCRYPTION STANDARD (AES) ALGORITHM CONSTRUCTED FROM A BLOCK SIZE OF 128-BITS. ESSENTIALLY, GCM ENCRYPTION PROVIDES A LAYER OF PROTECTION FOR YOUR DATA AND RESISTANCE TO TAMPERING.
AFTER MAY 30, THE SHIELD WILL BE GREEN FOR ALL USERS, DENOTING ENHANCED GCM ENCRYPTION.
ZOOM ROOMS CONTROLLERS (INCLUDING ZOOM ROOMS SCHEDULING DISPLAYS) WILL NOT FUNCTION IF THEY ARE NOT RUNNING THE MINIMUM VERSIONS.
CLICKING THE ICON TAKES THE USER TO THE STATISTICS PAGE FOR ADDITIONAL ENCRYPTION DETAILS. ADDITIONALLY, MEETING HOSTS CAN NOW SELECT DATA CENTER REGIONS AT THE SCHEDULING LEVEL FOR MEETINGS AND WEBINARS.
ZOOM 5.0 MAKES PASSWORDS FOR MEETINGS ACTIVE BY DEFAULT, IN ORDER TO REDUCE S ZOOM-BOMBINGS - THE INTRUSION OF UNINVITED INDIVIDUALS IN OTHERS' VIDEO CONFERENCES.
INITIALLY BY DEFAULT, A ZOOM MEETING DELIBERATELY DID NOT REQUIRE A PASSWORD. THAT MEANS IT IS ALL TOO EASY FOR NEW WORK-AT-HOME MEETING ORGANIZERS TO LEAVE THEIR FRIENDS' GET-TOGETHERS, PROGRESS MEETINGS, OR VIRTUAL CLASSROOMS OPEN TO SNOOPS OR ABUSERS.
BOTTOM LINE WARNING;; THIS LOLLIPOP STILL ISN’T THE FULL-PROOF END-TO-END ENCRYPTION ONE WOULD IDEALLY WANT FROM THE SERVICE
capt ajit vadakayil
..
https://www.youtube.com/watch?v=qatcinfrz_e
LARGE ORGANIZATIONS FACE THE CHALLENGE OF HOW TO DISTINGUISH 'AUTHORIZED' ACCESS FROM ONE THAT IS NOT FOR A LEGITIMATE WORK-RELATED PURPOSE, DURING THIS COVID-19 PANDEMIC WHERE WORK AT HOME REMOTE ACCESS CANOT BE AVOIDED
ORGANIZATIONS MUST BUILD A FOOL-PROOF AND EFFECTIVE FOUNDATION FOR A REMOTE WORKPLACE.
THIS INCLUDES TAKING STOCK OF COMPANY ASSETS, METHODICALLY ENCRYPTING ON-PREMISES, MOBILE DEVICES AND APPLICATIONS, PLUS PROVIDING ACCESS TO CORPORATE DATA AND COLLABORATION CHANNELS, SUCH AS THROUGH A SECURE VIRTUAL PRIVATE NETWORK (VPN).
WITH THE INCREASING NUMBER OF PEOPLE BRINGING THEIR DEVICES TO WORK AND THE CONSTANT APPEARANCE OF NEW SOFTWARE SOLUTIONS AND CLOUD SERVICES, EMPLOYEES ARE USING MORE AND MORE TECHNOLOGIES WITHOUT NOTIFYING THE CORPORATE IT TEAM ABOUT THEM
MULTI-FACTOR AUTHENTICATION / MFA REQUIRES AN EXTRA LAYER OF AUTHENTICATION, SUCH AS ENTERING A ONE-TIME PIN NUMBER OR FACIAL RECOGNITION IN ADDITION TO CREDENTIALS. THIS PROCESS ENSURES THE PERSON ACCESSING YOUR NETWORK IS WHO THEY SAY THEY ARE.
PRIVILEGED USERS, SUCH AS DATA ADMINISTRATORS, TYPICALLY HAVE COMPLETE ACCESS TO THEIR ORGANIZATION'S DATA, AND WHEN A WORK FROM HOME SITUATION IS MANDATED, THESE PERSONNEL WILL HAVE TO FACE THE ADDITIONAL CHALLENGE OF PROVIDING GRANULAR ACCESS TO CORPORATE RESOURCES.
THERE IS OFTEN A LACK OF CONTEXTUAL INFORMATION ABOUT USERS AND REQUESTERS OF DATA, WHICH IS A SIGNIFICANT FACTOR TO CONSIDER BEFORE GRANTING DATA PRIVILEGES.
THIS IS WHERE A PRIVILEGED ACCESS MANAGEMENT (PAM) STRATEGY PLAYS AN ESSENTIAL ROLE IN MAINTAINING DATA INTEGRITY. IMPLEMENTING AUTHENTICATION PROTOCOLS, AUTOMATED PASSWORD ENCRYPTION, AND REGULAR AUDITING AND REPORTING CAN ALL HELP ENTERPRISES MAINTAIN DATA SECURITY.
PRIVILEGE PROVIDES THE AUTHORIZATION TO OVERRIDE, OR BYPASS, CERTAIN SECURITY RESTRAINTS, AND MAY INCLUDE PERMISSIONS TO PERFORM SUCH ACTIONS AS SHUTTING DOWN SYSTEMS, LOADING DEVICE DRIVERS, CONFIGURING NETWORKS OR SYSTEMS, PROVISIONING AND CONFIGURING ACCOUNTS AND CLOUD INSTANCES, ETC.
BY DIALING IN THE APPROPRIATE LEVEL OF PRIVILEGED ACCESS CONTROLS, PAM HELPS ORGANIZATIONS CONDENSE THEIR ORGANIZATION’S ATTACK SURFACE, AND PREVENT, OR AT LEAST MITIGATE, THE DAMAGE ARISING FROM EXTERNAL ATTACKS AS WELL AS FROM INSIDER MALFEASANCE OR NEGLIGENCE.
A CENTRAL GOAL IS THE ENFORCEMENT OF LEAST PRIVILEGE, DEFINED AS THE RESTRICTION OF ACCESS RIGHTS AND PERMISSIONS FOR USERS, ACCOUNTS, APPLICATIONS, SYSTEMS, DEVICES (SUCH AS IOT) AND COMPUTING PROCESSES TO THE ABSOLUTE MINIMUM NECESSARY TO PERFORM ROUTINE, AUTHORIZED ACTIVITIES.
SHADOW IT DESCRIBES THOSE APPLICATIONS AND DEVICES EMPLOYEES USE FOR WORK BUT ARE NOT MANAGED BY THE IT ORGANIZATION
LACK OF SECURITY – LACK OF VISIBILITY AND CONTROL OVER NETWORK ELEMENTS ARE THE MAIN CYBERSECURITY RISKS OF USING SHADOW IT. THEY CREATE NUMEROUS WEAK SPOTS THAT HACKERS MAY USE FOR COMPROMISING A SYSTEM AND COLLECTING OR STEALING SENSITIVE BUSINESS INFORMATION
https://www.youtube.com/watch?v=vnz3txfrhtc
EXAMPLES OF SOME FREE OR FREEMIUM SHADOW IT SERVICES ARE GOOGLE DOCS, DROPBOX AND ZOOM. SHADOW IT HAS BECOME MORE PERVASIVE AS A RESULT OF THE WORK-FROM-HOME SHIFT. THE RISK LIES IN SHARING OR STORING BUSINESS FILES WITHIN THESE SHADOW IT APPS AND DEVICES. WHEN THIS HAPPENS, THE ORGANIZATION LOSES CONTROL OF DATA AND EXPOSES ITSELF TO A BREACH.
MOST EMPLOYEES USE SHADOW IT WITH THE GOOD INTENTION OF GETTING THEIR WORK DONE. HOWEVER, ORGANIZATIONS NEED POLICIES THAT SET CLEAR EXPECTATIONS AROUND USING OFFICE TECHNOLOGIES AND DATA. SUCH POLICIES CAN SIGNIFICANTLY REDUCE THE RISKS BROUGHT ON BY SHADOW IT.
CONTINUED TO 2--
LARGE ORGANIZATIONS FACE THE CHALLENGE OF HOW TO DISTINGUISH 'AUTHORIZED' ACCESS FROM ONE THAT IS NOT FOR A LEGITIMATE WORK-RELATED PURPOSE, DURING THIS COVID-19 PANDEMIC WHERE WORK AT HOME REMOTE ACCESS CANOT BE AVOIDED
ORGANIZATIONS MUST BUILD A FOOL-PROOF AND EFFECTIVE FOUNDATION FOR A REMOTE WORKPLACE.
THIS INCLUDES TAKING STOCK OF COMPANY ASSETS, METHODICALLY ENCRYPTING ON-PREMISES, MOBILE DEVICES AND APPLICATIONS, PLUS PROVIDING ACCESS TO CORPORATE DATA AND COLLABORATION CHANNELS, SUCH AS THROUGH A SECURE VIRTUAL PRIVATE NETWORK (VPN).
WITH THE INCREASING NUMBER OF PEOPLE BRINGING THEIR DEVICES TO WORK AND THE CONSTANT APPEARANCE OF NEW SOFTWARE SOLUTIONS AND CLOUD SERVICES, EMPLOYEES ARE USING MORE AND MORE TECHNOLOGIES WITHOUT NOTIFYING THE CORPORATE IT TEAM ABOUT THEM
MULTI-FACTOR AUTHENTICATION / MFA REQUIRES AN EXTRA LAYER OF AUTHENTICATION, SUCH AS ENTERING A ONE-TIME PIN NUMBER OR FACIAL RECOGNITION IN ADDITION TO CREDENTIALS. THIS PROCESS ENSURES THE PERSON ACCESSING YOUR NETWORK IS WHO THEY SAY THEY ARE.
PRIVILEGED USERS, SUCH AS DATA ADMINISTRATORS, TYPICALLY HAVE COMPLETE ACCESS TO THEIR ORGANIZATION'S DATA, AND WHEN A WORK FROM HOME SITUATION IS MANDATED, THESE PERSONNEL WILL HAVE TO FACE THE ADDITIONAL CHALLENGE OF PROVIDING GRANULAR ACCESS TO CORPORATE RESOURCES.
THERE IS OFTEN A LACK OF CONTEXTUAL INFORMATION ABOUT USERS AND REQUESTERS OF DATA, WHICH IS A SIGNIFICANT FACTOR TO CONSIDER BEFORE GRANTING DATA PRIVILEGES.
THIS IS WHERE A PRIVILEGED ACCESS MANAGEMENT (PAM) STRATEGY PLAYS AN ESSENTIAL ROLE IN MAINTAINING DATA INTEGRITY. IMPLEMENTING AUTHENTICATION PROTOCOLS, AUTOMATED PASSWORD ENCRYPTION, AND REGULAR AUDITING AND REPORTING CAN ALL HELP ENTERPRISES MAINTAIN DATA SECURITY.
PRIVILEGE PROVIDES THE AUTHORIZATION TO OVERRIDE, OR BYPASS, CERTAIN SECURITY RESTRAINTS, AND MAY INCLUDE PERMISSIONS TO PERFORM SUCH ACTIONS AS SHUTTING DOWN SYSTEMS, LOADING DEVICE DRIVERS, CONFIGURING NETWORKS OR SYSTEMS, PROVISIONING AND CONFIGURING ACCOUNTS AND CLOUD INSTANCES, ETC.
BY DIALING IN THE APPROPRIATE LEVEL OF PRIVILEGED ACCESS CONTROLS, PAM HELPS ORGANIZATIONS CONDENSE THEIR ORGANIZATION’S ATTACK SURFACE, AND PREVENT, OR AT LEAST MITIGATE, THE DAMAGE ARISING FROM EXTERNAL ATTACKS AS WELL AS FROM INSIDER MALFEASANCE OR NEGLIGENCE.
A CENTRAL GOAL IS THE ENFORCEMENT OF LEAST PRIVILEGE, DEFINED AS THE RESTRICTION OF ACCESS RIGHTS AND PERMISSIONS FOR USERS, ACCOUNTS, APPLICATIONS, SYSTEMS, DEVICES (SUCH AS IOT) AND COMPUTING PROCESSES TO THE ABSOLUTE MINIMUM NECESSARY TO PERFORM ROUTINE, AUTHORIZED ACTIVITIES.
SHADOW IT DESCRIBES THOSE APPLICATIONS AND DEVICES EMPLOYEES USE FOR WORK BUT ARE NOT MANAGED BY THE IT ORGANIZATION
LACK OF SECURITY – LACK OF VISIBILITY AND CONTROL OVER NETWORK ELEMENTS ARE THE MAIN CYBERSECURITY RISKS OF USING SHADOW IT. THEY CREATE NUMEROUS WEAK SPOTS THAT HACKERS MAY USE FOR COMPROMISING A SYSTEM AND COLLECTING OR STEALING SENSITIVE BUSINESS INFORMATION
https://www.youtube.com/watch?v=vnz3txfrhtc
EXAMPLES OF SOME FREE OR FREEMIUM SHADOW IT SERVICES ARE GOOGLE DOCS, DROPBOX AND ZOOM. SHADOW IT HAS BECOME MORE PERVASIVE AS A RESULT OF THE WORK-FROM-HOME SHIFT. THE RISK LIES IN SHARING OR STORING BUSINESS FILES WITHIN THESE SHADOW IT APPS AND DEVICES. WHEN THIS HAPPENS, THE ORGANIZATION LOSES CONTROL OF DATA AND EXPOSES ITSELF TO A BREACH.
MOST EMPLOYEES USE SHADOW IT WITH THE GOOD INTENTION OF GETTING THEIR WORK DONE. HOWEVER, ORGANIZATIONS NEED POLICIES THAT SET CLEAR EXPECTATIONS AROUND USING OFFICE TECHNOLOGIES AND DATA. SUCH POLICIES CAN SIGNIFICANTLY REDUCE THE RISKS BROUGHT ON BY SHADOW IT.
CONTINUED TO 2--
- CONTINUED FROM 1--
EMPLOYEES’ BEHAVIORAL CHANGES CAN INDICATE THAT THE COMPANY IS ABOUT TO BE COMPROMISED. IF AN EMPLOYEE IS ACCESSING SYSTEMS OR FILES AT UNUSUAL HOURS (GIVEN THEIR WORK HISTORY), IF THEY SUDDENLY START WORKING REMOTELY/START WORKING REMOTELY FREQUENTLY WITHOUT EXPLANATION, IF LOGON ATTEMPTS APPEAR TO BE ORIGINATING FROM UNEXPECTED LOCATIONS, IF AN EMPLOYEE IS ACCESSING UNUSUALLY LARGE AMOUNTS OF DATA OR IS ABUSING PERMISSIONS TO ACCESS NEVER-BEFORE-ACCESSED DATA, OR IF TECH TEAMS SEE UNAUTHORIZED ATTEMPTS TO ACCESS SERVERS AND DATA, THERE MIGHT BE AN INSIDER THREAT TO INVESTIGATE.
BEHAVIOR CHANGES ARE EASY TO DETECT WITH SECURITY TOOLS LIKE DATA LOSS PREVENTION (DLP), INTRUSION DETECTION SYSTEMS (IDS), AND ENDPOINT AND MOBILE SECURITY, BUT TRADITIONAL TOOLING IS REACTIVE, WHICH MEANS THAT SOMETHING BAD HAS TO HAPPEN BEFORE IT CAN BE STOPPED AND (HOPEFULLY) MITIGATED BEFORE TOO MUCH DAMAGE IS DONE.
SETTING UP THE RIGHT LEVELS OF ACCESS FOR EVERY EMPLOYEE AND SYSTEM, MAINTAINING APPROPRIATE PERMISSIONS OVER TIME, AND UNDERSTANDING THE SENSITIVITY OF DATA TO WHICH BOTH EMPLOYEES AND SYSTEMS HAVE ACCESS (FOR STARTERS) IS A MASSIVE RESPONSIBILITY. THIS IS WHY EXCESSIVE ACCESS PRIVILEGES, GROWING AMOUNTS OF DATA AND NETWORKED PARTNER ECOSYSTEMS, SHADOW IT, IOT, AND EXPLODING MOBILE AND CLOUD USAGE PLAGUE NEARLY EVERY ORGANIZATION.
OVERLY PERMISSIVE ACCESS CONTROLS ARE A KEY FACILITATOR OF INSIDER THREAT. THE PRINCIPLE OF LEAST PRIVILEGE LIMITS THE ACCESS THAT USERS, SYSTEMS, AND PROCESSES HAVE TO NETWORKED RESOURCES BASED ON ROLES AND RESPONSIBILITIES. ELIMINATING UNNECESSARY OR OVERLY PERMISSIVE ACCESS REDUCES THE NETWORK ATTACK SURFACE AND HELPS MITIGATE THE PROBABILITY OF ATTACKERS ESCALATING PRIVILEGES AND ACCOMPLISHING A BREACH.
HISTORICALLY, NETWORK ACCESS WORKED MUCH LIKE A LOCK ON A FRONT DOOR; ANYONE WITH THE RIGHT KEY WAS ABLE TO GET INSIDE. ONCE INSIDE THE BUILDING, THAT PERSON WAS FREE TO GO WHEREVER THEY PLEASED. OVER TIME, NETWORK AND SECURITY ADMINS REALIZED THAT A ONE-TIME SECURITY AUTHENTICATION AT THE “FRONT DOOR” (I.E., PERIMETER) WASN’T ENOUGH AND SET UP ADDITIONAL PERIMETERS THROUGH WHICH USERS AND PROCESSES HAD TO AUTHENTICATE BEFORE BEING ALLOWED TO ACCESS CRITICAL DATA, APPLICATIONS, OR SERVICES.
HOWEVER, THE IDEA OF TRUST REMAINED. CREDENTIALS CHECKED ONE TIME AT EACH JUNCTURE PERMITTED THE USER/PROCESS EASY ACCESS TO ANYTHING INSIDE.
ZERO TRUST ABANDONS THE IDEA OF A TRUSTED USER OR PROCESS AND REQUIRES A CHECK ON AUTHORIZATION AND AUTHENTICATION EVERY TIME ACCESS IS REQUESTED; PREVIOUS ACCESS DOESN’T DETERMINE FUTURE ACCESS (BECAUSE ATTACKERS CAN INTERCEPT COMMUNICATIONS). TO PREVENT AN ATTACKER FROM PIGGYBACKING ON AUTHORIZED USERS OR PROCESSES, A ZERO TRUST NETWORK CREATES ACCESS PERMISSIONS THAT ARE DYNAMIC AND BASED ON A WIDE COLLECTION OF ATTRIBUTES — AS OPPOSED TO A USERNAME+PASSWORD COMBINATION, LOCATION-BASED PROTOCOLS, OR OTHER STATIC INFORMATION.
THIS COMBINATION OF ATTRIBUTES FORMS AN IDENTITY FOR EVERY USER AND PROCESS, AND IF THE IDENTITY IS ALTERED, ACCESS IS DENIED. IF THE USER/PROCESS IS ACTING IN AN UNEXPECTED WAY (E.G., SENDING EXCESSIVE AMOUNTS OF DATA), THE ACTION IS BLOCKED. CONTINUOUS AUTHENTICATION AND AUTHORIZATION PREVENTS “BAD” FROM HAPPENING BECAUSE EVERY ACTION IS CHECKED.
IN A ZERO TRUST NETWORK, ASSETS/RESOURCES ARE ASSIGNED AN IDENTITY (JUST LIKE USERS), BUT EACH IDENTITY IS BASED ON A COLLECTION OF ATTRIBUTES TAKEN FROM SOURCE DATA (RATHER THAN NETWORK-BASED INFORMATION OR A PASSWORD+USERNAME COMBO).
THIS PROCESS PROVIDES THE CONTEXTUAL INFORMATION WHICH ALLOWS THE SYSTEM TO DETERMINE THE TRUE AUTHENTICITY OF NETWORK COMMUNICATION REQUESTS, ONLY WITHOUT REQUIRING A USER OR ADMINISTRATOR TO TAKE FURTHER ACTION. MULTI-FACTOR AUTHENTICATION IN USERLAND IS OFTEN RESISTED BECAUSE IT MEANS THE USER MUST SUPPLY ADDITIONAL INFORMATION BEFORE RECEIVING PERMISSION TO ACCESS THE REQUESTED RESOURCE.
CONTINUED TO 3-- - CONTINUED FROM 2--
BUT MULTI-FACTOR AUTHENTICATION IN A ZERO TRUST NETWORK CAN HAPPEN AUTOMATICALLY AND SEAMLESSLY BECAUSE IDENTITIES ARE COLLECTIONS OF MULTIPLE FACTORS WHICH, IN AGGREGATE, CANNOT BE CHANGED BY AN ATTACKER — BE THAT PERSON AN EMPLOYEE OR AN EXTERNAL THREAT ACTOR.
COMPANIES, HAVE IMPLEMENTED VARYING SEGMENTATION METHODS OVER THE YEARS TO KEEP SENSITIVE DATA SEGREGATED FROM OTHER PARTS OF THE NETWORK. FIREWALLS ARE THE MOST COMMON TOOL IN THE SECURITY PRACTITIONER’S TOOLBOX, BUT FIREWALLS ONLY WORK INSOMUCH AS NETWORK CONSTRUCTS AND LOCATION DATA ARE ACCURATE.
A MODERN, ZERO TRUST SEGMENTATION STRATEGY SHIFTS FOCUS AWAY FROM THE NETWORK TO WHAT IS COMMUNICATING ON THE NETWORK — HOSTS, SERVERS, APPLICATIONS, ETC. RATHER THAN CREATING PERIMETERS AROUND THE WHOLE NETWORK OR MICRO-PERIMETERS AROUND SECTIONS OF THE NETWORK, ZERO TRUST SEGMENTATION A) USES IDENTITY AS THE BASIS FOR PERIMETERIZATION, B) CONTINUOUSLY AUTHORIZES AND AUTHENTICATES COMMUNICATING ASSETS, AND C) ENFORCES CONTROL BASED ON COMMUNICATING ASSETS.
THIS LAST POINT IS ESPECIALLY CRITICAL WHEN TRYING TO PREVENT ATTACKS. IF THE SECURITY/NETWORKING TEAM CAN SEGMENT THE NETWORK BASED ON ASSETS RATHER THAN NETWORK CONSTRUCTS, THE HASSLE OF TRADITIONAL SEGMENTATION IS ELIMINATED AND SECURITY POLICIES REMAIN IN PLACE EVEN IF THE NETWORK CHANGES.
THE VAST MAJORITY OF INSIDER ATTACKS HAPPEN BECAUSE AN EMPLOYEE WANTS TO STEAL OR DESTROY COMPANY-PROPRIETARY DATA. THEREFORE, WHEN LOOKING AT SECURITY STRATEGIES TO PREVENT INSIDER THREAT, IT MAKES SENSE TO PUT SECURITY CONTROL AS CLOSE AS POSSIBLE TO THE THING ATTACKERS WANT: THE DATA. TRADITIONAL SECURITY TOOLING FOCUSES ON PROTECTING THE NETWORK IN WHICH THE DATA LIVES, OR DETECTING ABNORMAL OR UNAUTHORIZED ACTIVITY BY A USER. BUT A ZERO TRUST NETWORK PLACES THE STRONGEST PROTECTION AROUND THE MOST SOUGHT-AFTER ASSET INSTEAD OF THE ENVIRONMENT IN WHICH THE ASSET IS COMMUNICATING.
SECURE MOBILITY AND CLIENT-BASED VPN WITH ENFORCED, RISK-AWARE, AND ADAPTIVE ACCESS POLICIES
SECURE ALL LOCAL NETWORK ACCESS THROUGH CLOUD-BASED DNS SECURE INTERNET GATEWAY FOR WEB AND APP-BASED PROXY CONTROL
DEPLOY CLOUD-BASED ADAPTIVE MULTIFACTOR AUTHENTICATION (MFA) TO ENSURE THE TRUSTWORTHINESS OF USERS AND DEVICES
PROTECT END-POINTS WITH EDR (END-POINT DETECTION AND RESPONSE) AND DATA LEAK PREVENTION
TIGHTEN SECURITY OPERATIONS (SECOPS) MANAGEMENT FOR ENHANCED THREAT DETECTION AND PREVENTION
ESTABLISH A CLEAR POLICY AS TO WHICH DEVICES, SYSTEMS AND SOFTWARE EMPLOYEES CAN USE. THEN COMMUNICATE THAT POLICY TO ALL EMPLOYEES — NOT JUST ONCE, BUT OFTEN. ESTABLISH A CLEAR POLICY AS TO WHICH DEVICES, SYSTEMS AND SOFTWARE EMPLOYEES CAN USE. THEN COMMUNICATE THAT POLICY TO ALL EMPLOYEES — NOT JUST ONCE, BUT OFTEN. A CLOUD ACCESS SECURITY BROKER (CASB), ENSURES REAL-TIME DATA PROTECTION. RUN STRATEGIC ANALYSIS OF USAGE PATTERNS. RECOGNIZE THAT THE ORGANIZATION NEEDS A FULL RANGE OF TOOLS AND SERVICES IN ORDER TO FUNCTION PROPERLY..
EMPLOYEES ARE CONSTANTLY TRYING TO DO THEIR JOBS AS EFFICIENTLY AS POSSIBLE, PARTICULARLY WHEN THEY ARE WORKING OUT OF THE OFFICE. IT’S UP TO IT TO PROVIDE EMPLOYEES WITH SYSTEMS THAT MAKE THEIR JOBS EASIER, WHILE ENSURING SECURITY.
Capt ajit vadakayil
..
SOMEBODY CALLED ME UP AND CRIED
CAPTAIN
YOU HAVE WRITTEN THAT BLUE OCEAN LEADERSHIP IS A LOT LIKE SOCCER TEAM DYNAMICS..
http://ajitvadakayil.blogspot.com/2010/12/team-work-team-dynamics-capt-ajit.html
http://ajitvadakayil.blogspot.com/2010/11/blue-ocean-leadership-capt-ajit.html
INDEED
IN THIRTY YEARS OF COMMAND CAPT AJIT VADAKAYILs SHIP NEVER FAILED AN INSPECTION AND ALWAYS OVER PERFORMED.
YOU CAN CALL THIS LUCK, BUT BELIEVE ME , THERE IS A METHOD TO THE MADNESS..
I PUSHED MY TEAM HAAAARD .. BUT NEVER ALLOWED MY TEAM TO BURN OUT..
I HAD A FINGER ON THEIR PULSE.
http://ajitvadakayil.blogspot.com/2010/11/old-sea-dog-capt-ajit-vadakayil.html
MY NEXT POST WILL BE ON THIS SUBJECT..
EVER HEARD OF "BIELSA BURNOUT "?
TO UNDERSTAND WHAT I WRITE
BINGE WATCH THE TV SERIAL ON AMAZON PRIME-- "TAKE US HOME , LEEDS UNITED"..
https://www.youtube.com/watch?v=iGJRWuJMpVo
CARLOS TEVEZ CALLS " EL LOCO " ( MAD MAN ) MARCELO BIELSA THE BEST COACH ON THE PLANET..
http://ajitvadakayil.blogspot.com/2011/09/tevez-mancini-fight-advise-to-soccer.html
BIELSA SPOTTED THE TALENT OF CARLOS TEVEZ EARLY..
GOLDEN BOOT WINNER TEVEZ, GAVE BIELSA AND ARGENTINA THE 2004 OLYMPICS SOCCER CUP.
WATCH THIS SPACE..
capt ajit vadakayil
..
TO BE CONTINUED
CAPT AJIT VADAKAYIL
..
WHEN YOU ARE IN THE OFFICE, WHETHER IT'S AN ACTUAL THING HAPPENING OR NOT, YOU FEEL LIKE PEOPLE ARE WATCHING. WHEN YOU ARE AT HOME, YOU DON'T FEEL THAT, SO PEOPLE DO FEEL A LITTLE BIT MORE ENTITLED TO PULL INFORMATION ( STEAL INTELLECTUAL RIGHTS ) OFF THEIR WORK MACHINE, OR SHARE THINGS IN A CERTAIN WAY.
71% OF BREACHES OVER THE PAST YEAR HAVE BEEN TIED TO INSIDE JOBS.
THE ABILITY TO WORK FROM HOME IS A PRIZED EMPLOYEE PERK THAT OFFERS WORKERS THE CHANCE TO FREE THEMSELVES FROM THE DAILY COMMUTE AND COMPLETE THEIR TASKS.
BEFORE THE PANDEMIC A LOT OF COMPANIES WERE AT MAYBE 25% OF THE SEATS AVAILABLE FOR WORK-FROM-HOME, AND NOW IN THIS NEW ENVIRONMENT YOU ARE CLOSE TO 98-100% WORK-FROM-HOME—OR COMPANIES LOSE BIG MONEY AND CANNOT SURVIVE.
EVEN IF YOUR COMPANY PROVIDES VIRTUAL PRIVATE NETWORK (VPN) ACCESS, YOUR COMPUTER (AND THE DATA IT STORES) – COULD BE COMPROMISED IF SOMEONE HACKS INTO YOUR HOME WI-FI NETWORK.
HENCE FORTH EMPLOYEE CONTRACTS, AND EMPLOYMENT AGREEMENTS… NEED TO MAKE IT VERY CLEAR THAT “THOU SHALT NOT STEAL OUR IP ”.
YOU HAVE TO LAY OUT CLEAR ACCESS PRIVILEGES, ACCESS RIGHTS
YOU NEED TO BE ABLE TO SHOW THAT SOMEONE EXCEEDED THEIR AUTHORIZED ACCESS TO A PROTECTED COMPUTER SYSTEM… WHICH BOILS DOWN TO, 'DID THEY DO SOMETHING THEY KNEW THEY SHOULDN’T HAVE?'"
SOME COMPANIES ARE ALLOWING LOCAL PRINTING; THAT IS SOMETHING WHICH MUST BE DISABLED. USB PORTS THAT ARE OPEN SHOULD BE LOCKED DOWN . CAREFULLY MONITOR THOSE GIVING NOTICE OR BEING LET GO OR EVEN WHO GOT A BAD REVIEW / YEARLY RAISE ; THAT'S A POINT WHERE PEOPLE MAY TAKE DATA THEY SHOULD NOT BE TAKING..
MOST COMPANIES HAVE EVERYTHING LOGGED, BUT ACTIVE MONITORING NEEDS TO BE IN PLACE. AT LEAST YOU HAVE THE DETECTIVE CONTROL IF YOU CAN'T PREVENT IT
BRAINSTORMING NEEDS TO BE DONE-- HOW WE CAN ADAPT OUR IT SECURITY PORTFOLIO TO AN ENVIRONMENT WHERE EVERYONE IS WORKING FROM HOME, BUT STILL NEEDS ACCESS TO ALL THE TOOLS AND RESOURCES THEY HAD BEFORE?
HOW HAVE OUR POLICIES, AND SYSTEMS HELD UP TO THE UPSWING IN VPN USE, DISTRIBUTED WORKERS, SHIFTING MEETINGS ON-LINE, AND EVERYTHING ELSE THAT WE’VE HAD TO CHANGE TO ADAPT TO THIS “NEW NORMAL?”
THERE ARE SOME COMMON THREADS – FOR EXAMPLE, THE ADAGE ABOUT “UNKNOWN UNKNOWNS.”.. MAKING SURE THAT SENSITIVE DOCUMENTS AND FILES REMAIN CONFIDENTIAL IS DEFINITELY AN ISSUE REMOTE EMPLOYEES NEED TO TACKLE
IN COMPLICATED TIMES – LIKE THE NOVEL CORONAVIRUS PANDEMIC – PHISHERS ARE HOPING TO TAKE ADVANTAGE OF TRUSTING VICTIMS. THEY'LL OFTEN PRETEND THEY'RE SOMEONE WITHIN THE COMPANY, LIKE THE CEO OR A MANAGER, TO ESTABLISH FALSE TRUST. REMOTE WORKERS ARE EASY TARGETS BECAUSE THEY'RE NOT IN THE OFFICE AND, THEREFORE, HACKERS ARE HOPING THEY WON'T CHECK TO SEE IF THE EMAIL IS LEGITIMATE.
MANY REMOTE EMPLOYEES ARE USING THEIR PRIVATE HOME NETWORK, WHICH CAN INCREASE THE RISK OF LEAKED DATA. THIRD PARTIES MIGHT BE ABLE TO INTERCEPT AND ACCESS SENSITIVE EMAILS, PASSWORDS AND MESSAGES. THERE IS ALSO THE RISK THAT OTHERS WHO LIVE THE EMPLOYEE'S HOME (WHO USE THE SAME INTERNET CONNECTION) MAY SEE VALUABLE COMPANY DATA.
MORE THAN 50% OF EMPLOYEES REPORT TRANSFERRING FILES BETWEEN THEIR WORK AND PERSONAL COMPUTERS. IF EMPLOYEES OBTAIN SENSITIVE DATA AND STORE IT ON THEIR PERSONAL DEVICES, THAT PUTS MANY COMPANIES AT RISK – ESPECIALLY IF SAID DISGRUNTLED EMPLOYEE ENDS LEAVES THE COMPANY.
ANOTHER SOURCE OF VULNERABILITY IS THAT IF YOU, AS A REMOTE EMPLOYEE, ARE USING YOUR PERSONAL COMPUTER AND ARE NOT DOWNLOADING THE LATEST UPDATES, YOU COULD BE MORE VULNERABLE TO CYBERATTACKS.
MULTIFACTOR AUTHENTICATION GRANTS ACCESS TO THE DEVICE AND ALL SOFTWARE AFTER THE EMPLOYEE PROVIDES MORE THAN ONE FORM OF IDENTIFICATION.
ANYONE CAN MEMORIZE A PASSWORD OR STEAL A PHYSICAL DEVICE AND UNLOCK A COMPUTER. MULTIFACTOR AUTHENTICATION CAN PREVENT HACKERS FROM PHYSICALLY ACCESSING YOUR COMPANY DEVICE.
CONTINUED TO 2--