Wireshark Quick Tip – Capturing At Both Client and Server (by Chris Greer)
Using Dumpcap for Long-term Capture (by Paul Offord)

EU’s Parliament has awakened and is taking cyber security seriously! (by The Oldcommguy®)

Creating New Laws – But will they work or hurt?

The EU Parliament is working towards a Network and Information Security Directive (NIS) which is planned to be finalized soon and turned into a Law!

The NIS will be part of and an extension of the General Data Protection Regulation (GDPR).

Both of these new directives have several sticking points but especially sticky is who will be affected and what will be mandated by these new directives/laws.

Network lawyers

Recently we got a better definition of the Parliaments direction but no conclusion on who will be included in these new laws!-

Members of the European Parliament only wanted the NIS Directive to cover critical infrastructure, but the EU Commission thought the Directive should have a wider scope, cover relevant Internet services and breach information.

The year 2015 should be remembered as the year of Cyber laws as the U.S. Government is also passing more (weak) laws and mandating more governmental departmental coverage of breaches and more fines, not helping just fining more$. Plus almost every state in the U.S. is passing new laws trying to protect the individual citizen but I am afraid that 2015 may be in the history books as one of the worst years for breaches and the number of citizens information that was affected. At the rate we are going in 2015, soon the hackers and China/Russia will have all the data on every U.S. citizen, even on every military and governmental employee and every secret project! Know thy enemy is a real threat and we seem to be helpless in stopping all these very damaging attacks!

Recently reported from the current EU president Luxembourg shows that an agreement has been reached and “digital platforms will now fall under the law’s remit”. “A cloud computing provider or any other digital firm providing a service for an infrastructure operator would be subject to the same rules applying to that operator” and “also be subject to notification requirements in cases of security breaches”. This new reporting law will include international firms like Cisco, Google…etc.

The Big question is will businesses have to report data breaches, numbers of personal data loss and will this include more fines towards businesses that do not take cyber security and data protection seriously?

Details on these directives and who they will apply to are still being finalized.There has been no date announced when the directives will be available but in September a meeting with the EU member states to discuss the demands and limits of these directives before they proceed to turn these directives into EU Law.  

The area of Cyber Law has been problematic for the EU as well as for every other free government. Even the U.S., Canada..etc have had issues staying in the frameworks of citizen freedom’s while fighting the seemingly ever growing world of Cyber Crime!

The U.S. looks to the companies and users to protect themselves while even most governments cannot even protect themselves. How do we stop the growing cyber-criminal world and maintain at the same time preserve some level of freedom. With every government agency looking at everything going on the Internet or in the air it would seem a bit easier to catch the bad guys but alas it is not happening. Reason – U.S. companies are attacked an average of ~20,000 times a year. The Defense arena is attacked many times over that every day! About 50% of Americans had their identity compromised in 2014 costing $18B in credit losses, but in 2015 with the number of breaches in Anthem, IRS, Census Bureau, Office of Personnel Management, U.S. Army, NATO, The State Dept. and even the Pentagon many more millions of Americans will face credit and monetary thief and some hacks have been associated with sucidies!

Where do you begin to recognize aberrant data behavior, or new IP addresses talking to your network from outside, outside commands..etc? Start at the beginning even back in the 1990’s we taught network managers to do network baseline on a regular basis. Just like a doctor taking our physiological baseline to help recognize aberrancies in our physiology when we are sick! The reason security and network managers do not take baselines like they should is that most of their views to their network are through SPAN or Monitor ports from switching gear. A baseline must show everything from level 2 up and your monitoring points must be checked regularly. SPAN is a best effort and groomed data view and if a network is very busy, which usually happens when it is being attacked the SPAN bus will not get enough data to you for a real investigation or forensics view. Start with a real TAP as a TAP will show you everything all the network data – Good, Bad or even Ugly. A TAP cannot be hacked like your switch, router, firewall or other network active devices.

Start with a real view of your network at its critical points through a TAP. Than when aberrant data is being passed you wil  be able to actually see the attack, gather real forensics and take informed steps to mitigate and be able to see if the attack has been really stopped. If you want data like the IP addresses toiuching  a server and you can live with a few mistakes or down time in the collection than you can use a SPAN for that but always remember that a switch’s main job is getting data to the correct user and that is its first and primary job, sending requested packets to the SPAN or MON port is secondary to its main job.

A TAP will not lie or distort the true data and will even show you bad frames, large frames, bad CRC frames and even the interframe gap along with all the data that passes through it. If you have a baseline you now have the ability to compare and recognize aberrant traffic, unusual IP addresses, TX and RX traffic comparison and many other stormy conditions.

Check out our sponsors as many focus in this Real Tap world and are the experts that will help you find the best solution for your network visibility needs. I call this access the Visibility Plane where the real truth lies about what is really going on in your network!

If you want to know more about REAL TAPs check out these and our sponosr links:

http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html

http://www.garlandtechnology.com/2014/06/16/the-test-span-vs-tap

http://www.lovemytool.com/blog/2012/11/do-you-know-who-is-in-your-home-by-tim-oneill.html

https://books.google.com/books?id=A4V45b2w27gC&pg=PA49&lpg=PA49&dq=lovemytool+tim+oneill+TAPs+versus+SPAN&source=bl&ots=SuYI9MJtZq&sig=tc7cOMV5j0d14J7IcPV_t78kpBY&hl=en&sa=X&ved=0CEkQ6AEwB2oVChMIzeb3pszExwIVTDc-Ch1tSgJd#v=onepage&q=lovemytool%20tim%20oneill%20TAPs%20versus%20SPAN&f=false

http://www.lovemytool.com/blog/2009/10/is-span-port-really-so-bad-by-chris-greer.html

http://www.profitap.com/why-your-troubleshooting-is-incomplete/

My Best to all - I wish everyone Great Success with less stress! The Oldcommguy®

Comments