Skip to content

What If the Hacker Is In Your Network?


johnstewartbloomberg   Bloomberg screenshot this morning.

The news reports are out - a Stuxnet malware was installed in your firmware thus infecting your hard drives and you cant do anything about it.

the news reports are everywhere:

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

As usual The Storm Center has the detailed information:

https://isc.sans.edu/forums/diary/A+Different+Kind+of+Equation/19345/

This is the money quote:

"You can find the original blog post here: http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

 

This is also the true detail: http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf"

 

But my point will be I dont care if the NSA has " listening device" on my hard drive. You can shut down the NSA completely by running an IPS system as I discussed in my blog post at oversitesentry.com

http://oversitesentry.com/2-steps-stops-all-cyberattacks/

commandandcontrol

Check that communication out the client (your computer) running the malware(NSA or other) always wants to talk to C^2 or Command&Control.

 

You can stop C&C communications!

All you have to do is install an IPS (Intrusion Prevention System) and configure it correctly. It will reset the network connection and thus drop the connection.

 

The IPS can be built into the firewall (they are now called NGFW or Next Generation Firewalls) to save on the amount of problems and

The problem that this disclosure created is the idea in the criminal mindset to create a stuxnet clone. So it is going to be even more important for all businesses to install a firewall

with IPS capabilities.

 

Contact Me for more...

TonyZ

 

 

 

Leave a Reply