Category Archives: English

Improve and speed up your Firewall Change Requests management for free

Should you be working for a small or a very large organisation, you probably have one or many firewall to manage. If you have half a decent security governance, you probably have someone reviewing and approving any request to update rules on the firewall(s).

If you have a lot of requests to process and a complex network architecture, you might be lucky to use an automated system like Fireflow to process these change requests. if you don’t, you might struggle a bit with this process and with the enforcement of somewhat complex network security rules related to data flows between different subnets.

So, if you don’t have much money to spend in a quite expensive solution, today is your lucky day as we give you one for free (at least if you already have a Microsoft Office license).

These last months, we have developped a set of Visual Basic functions for Microsoft Excel in order to help our customers deal with the management of IP networks, FQDN, URLs, DNS and so on.

Recently, we have used these functions to create an excell sheet meant to be a form to request Firewall Change Requests (FCR) and to provide automaticaly a compliance advice with some rules of data flows exchange between subnet and some IP ports uses.

This form and the VBA functions (or the Excel function library) are available on our public GitHub repository: https://github.com/Apalala-sprl/Excel-Functions

It is quite simple to use, the only thing you need to do is to fill the two sheet with the list of your subnet and the related Network addresses (in CIDR format) and to fill the access matrix defining what is allowed from one subnet to another (see picture below). Once it is done, you can hide these sheets and give the form to any person in your organisation wanting to change or add a firewall rule.

flow-matrix
When the requestor will encode its request in the form by giving the source and destination IP addresses, the field will automatically detrmine to which subnets the addresses belongs. Also, it will provide you the default treatment of such workflow. As the requestor will see the result as he types the request in, he will be rapidly notfied if his request is somewhat unusual or against the rules. it might reduce your workload and speed up the processing of the remaining requests.

If you have some trouble using it, don’t hesitate to contact us. If you improved it in any way, feel free to share your work with us and the rest of the community.

Ooops, they did it again! Was my password compromised, again?

Your probably read that 68 648 009 dropbox accounts have been recently compromised. In the past years, companies like Linkedin, Adobe, Tumblr, Fling or MySpace were hacked and it is likely that your credentials were stolen by hackers if you had an account on one of these sites. It’s even possible that your credentials (Name, email and passwords) have been published on the web.

If you don’t remember if you were one of the victims of any of these breach, there is a very useful website that allows you to check if your email address can be found in one of these leaked list of credentials: haveibeenpwned.com.

You just need to enter your email address and press enter. Then, you’ll know.

But, as you don’t always use the same password on all the sites you use and as you change them quite often, you’re probably safe!

Red team exercises are like vaccination against attacks?

Yesterday, I have been asked what exactly RTEs are and why are they useful?

As I believe a good analogy worth a thousand words, I tried to find one than can be understood by any layman. The vaccine principle stroked me as the perfect one.

Baby was receiving his scheduled vaccine injection in his right

Red Team Exercises principle is to launch an attack against your organisation like a vaccine will do to your body. The mechanisms used by the vaccine are exactly the same as the real virus except it doesn’t destroy or weakened your body. Instead it allows your body to learn how to fight it in order to be better prepared when he will face the real deal.

That’s exactly what RTEs are about: boosting your company’s immune system by allowing your white cells (your security personnel) to learn how to fight the intruder.

How often did we hear that a risk assessment was extravagant because the system administrators thought the system was not so sensitive for the company business? How many times have we been told that a kind of attack was difficult to carry or that we had view too many James Bond like movies? Rarely does that happen after an RTE as vague threats become concrete and evidenced. It allows your operational teams to better understand that the reality of this “war” against criminals is not about isolated risks but systemic risks. It is about preventing viruses to enter your body. Any breathing, any wound, any contact with an external source can be start of a chain of events that will lead to your infection. And sometimes, infection means death if you don’t threat it well on time.

As there is as many vaccines as there are viruses, there are as many RTE scenarios as possible attacks and threats: Cyber-attacks, credit-card fraud, identity fraud, espionage, theft, industrial espionage and so on.

So, what disease are you the most afraid of?