What if money didn’t matter…

One of my friends on facebook shared this video this morning. This is exactly how life should be lived, do what makes you happy, what you truly love. Theres no point sacrificing happiness just to get money and its even worse that we go around teaching our children to do the same.

Internet Security Tip #7: If you notice something, don’t act

Internet Security Tip #7: If you notice something, don’t act

Most people’s gut reaction to an internet security incident is to immediately restore from backup or to remove a machine that has been compromised. The only way to ensure that you handle the incident completely and achieve a successful outcome is to take an evidentiary approach. This requires significant patience, monitoring and investigation into the incident.

Any action other than recording of facts and careful planning can destroy evidence which may help you prevent disaster to your business and assist police in achieving a conviction.

So what can you do?

  • Take timestamped step by step notes in your day book of everything you do, as if you were describing them to someone who didn’t understand IT.
  • Take one of your backup storage systems offline and keep it offline, sealed and secured away from your production network for the duration of the investigation as an archived snapshot for evidence and in case of disaster. Take notes in your daybook of what you do.
  • If you have the ability and budget, replace it with a brand new (empty) storage system to ensure redundancy is maintained during the investigation. Take notes in your daybook of what you do.
  • Keep the original secondary storage online. Take notes in your daybook of what you do.
  • Make backups of the compromised machine(s), ideally without logging into the server. Take notes in your daybook of what you do.
  • Archive backups of all machines being investigated onto an offline media on a daily basis, more often if justified. Seal them and store them securely. Take notes in your daybook of what you do.
  • Investigate the backup logs for the server in question, see what has changed on it. Take notes in your daybook of what you do.
  • If you have access to the network switching equipment the server is plugged into, setup a mirrored port and take some traffic captures to see if there is any unexpected network traffic coming form or going to the server. Products like xplico are great open source forensic tools to use in this situation. Archive all traffic captures with notes of what they are, when they were taken and how you took them. Take notes in your daybook of what you do.
  • Once you’ve got a basic understanding of what is going on, pull together a war room with your operational team and assess the extent of the issue. Do you need external help to further assess the situation and to help recommend a course of action? Who has appropriate experience? Does your Operational Incident Plan cover this situation? Take notes in your daybook of what you do.
  • If possible sandbox all affected machines off such that they can not affect any unaffected machines but you can continue to collect evidence in a controlled manner. Continue recording evidence. Take notes in your daybook of what you do.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #6: Keep a day book

Internet Security Tip #6: Keep a day book

During an incident and when investigating potential incidents record EVERYTHING on paper.

Timestamp every note with the time, date and location of whatever you’re noting down. If you are talking to someone, record their name and any identification they provide. Keep note of who is present at any activity you are performing during the investigation. If you remember something during the day, diarise it in the day book. If you’re looking at traffic, record IP addresses and anything else you can in as much detail as you require to remember the details potentially 5 years down the track.

Make sure that your day book is stored in a way that is not able to be electronically manipulated or read. Remember you’re using it to record events that may wind up being used in evidence, if there is any potential for it to be tampered with by the person(s) you’re investigating, your evidence may be thrown out of court.

During an investigation of a confirmed compromise, your day book should be the only place you record notes.  All internal communication should be done without corporate email accounts and not using corporate PABX systems. Behave as if every corporate asset is potentially compromised until such time as you can prove that it isn’t.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #5: Network Monitoring

Internet Security Tip #5: Network Monitoring

If a tree falls in the woods and nobody is there to hear it, does it make a sound? If you don’t have an appropriate network and security monitoring solution operating 24 x 7 on your network, you are flying blind.

Network monitoring should monitor everything on your network, but only alert on anomalies to avoid operations teams from being overwhelmed with alarms. It is very important to not only monitor ports that you’re expecting servers to answer on, but also ports that you’re not expecting them to answer on. A server which suddenly starts answering on port 3309 that has no business doing so is more important to investigate than one which has stopped answering on an expected port, this is surely a sign of something you need to investigate.

Network monitoring should be done from more than one location. It should provide internal, external and privileged views of your network to ensure that you are completely aware of what is going on.

Monitoring is not just about ICMP packets and testing for open ports, it is also about watching logs and traffic. Security information and event management tools are great weapons that provide a very deep awareness of what is going on inside your network. These tools often provide early warnings of of issues you would otherwise be completely unaware of, allowing you to act before a compromise ever happens. They are not cheap, but there are some open source options out there.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #4: Backup Logs are Your Friend

Internet Security Tip #4: Backup Logs are Your Friend

Backup logs are the canary in the coal mine. They provide an amazing level of passive situational awareness. If they stop coming in from a server, theres something wrong.  If a critical operating system file is changed, you can see exactly what was changed and you can download a copy of the altered binary before you ever have to login to the potentially compromised box.

Backup logs are one of the best tools in your ongoing operational security process, and yet they are more often than not deleted or ignored entirely. One of the best security investments you can make is to build or buy a backup log parser or security event monitor that alerts you to files which have been modified unexpectedly.

One of the biggest mistakes you can ever make is to miss out on the treasure trove of information that analysing backup logs can provide.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #3: Always Be Patching

Internet Security Tip #3: Always Be Patching

Operating system vendors release updates regularly that fix problems with their software. Those problems might be something that stops the mouse from being able to click on a button (usability issue), or they might be a security hole that allows an attacker to take control of your machine.

Keep everything religiously updated, keep records of who does upgrades and when they are done. This is thankless work, but it is critical to ensure that your network is kept secure. I can’t tell you how many machines I log into which are running 5 or more year old web browsers, these machines are sitting ducks that will do nothing for the number of hours sleep you get a night.

I am not a fan of auto patching due to the potential risks it creates, however something is better than nothing, especially on a windows network.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #2: Have Good Backups

Internet Security Tip #2: Have Good Backups

Whether you’re a small business with 300 word documents and a terabyte of your receptionists MP3’s, or a global internet security firm serving fortune 500 companies, you need to have backups.

Backups must never be stored on the same medium as your primary data. Backups must be stored in more than one place. Backups should ideally be kept on more than one medium. Backups should ideally collect everything on every machine and device in your network including the configurations of network switches, routers and SANs.

Sometimes due to the sheer number of PC’s on a network it is cost prohibitive to back up entire PC’s. In this situation compromises need to be made, perhaps only backing up core operating system files. There are quite a few backup platforms which can store identical operating system binaries very efficiently I would strongly urge you to investigate them if you are in this position.

If you have network based backups and are storing them onto a network attached storage, make sure you’ve got more than one storage subsystem and you can take one of them offline in the event of a compromise until the investigation is complete. Backup data is an invaluable source of forensic information for both you and the police in the event of a compromise, guard it with your life!

Test your backups regularly. Know how long it takes to restore 1Tb of data.  Know how many Tb of critical data there is on your network. Do you have a plan for restoring onto different hardware in the event of your hardware failing or being seized by police?

Remember – Practice makes perfect. You need to drill this stuff frequently and know what your options are when your primary course of action fails.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #1: Have a Plan

Internet Security Tip #1: Have a Plan

Have an Internet Security Incident plan that is securely documented and kept offline in multiple hard copies. Make sure the plan is regularly discussed, updated and rehearsed by your key operations team.

The plan should include everything from equipment backup and build procedures through to a customer communications and media management plan. Just the act of  creating a proper incident management plan and your staff being trained in its processes can save you thousands of dollars in downtime and confusion when an incident happens.

When you are making the plan, imagine what would happen in hollywood. Think of stuff that seems inconcevable like being in the media non stop for a fortnight and your customers being unable to contact you.

Work out how to handle these worst case scenarios in the most graceful and strategically positive way possible, document it and train your people. It often makes sense to have an external facilitator who can look at your plan from an outsiders perspective.

Now you’ve got your plan, what do you do with it? Does it sit on the shelf and gather dust? I hope not, it should become a part of your daily operations. Security is not an event, it is a culture which must be trained into your whole team.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

10 Tips on Preparing for & Responding to Internet Security Incidents

Every connected business will have an internet security incident at some stage in its life, most likely many more than one. Sadly most businesses are unaware that they have been compromised until disaster strikes or they are notified by external parties.

The good news is that if you do a few very simple things you can avoid disaster and help the police to catch those responsible.

Internet Security: YOUR Responsibility

Lets address a line that businesses and IT managers use when talking about internet security:

“I don’t have anything of value on my network, I don’t need to be worried”

Even a small business with 3 PC’s, no server and 3 mobile phones is valuable to someone looking for spare CPU cycles and connectivity for their botnet. If your data is boring and useless to anyone but you, think about the value that the equipment and network your boring data is stored on could bring to someone else with 99,999 other boring networks like yours in their control.

The other side to that coin is responsibility. If your network is compromised, you may well be providing a gateway for other corporate networks with much more exciting data (like your bank or credit card provider), leaving you responsible for someone else’s pain and anguish.

Put simply, we are all responsible for security on the internet. Doing anything other than the right thing can leave you personally responsible for the outcomes, you DO need to be worried.

Internet Security: Be Prepared

Over the next 10 weeks I am going to be writing a series of 10 tips to help you prepare for & respond to internet security incidents.

Here are my top 10 tips for Internet Security Incident Readiness:

  1. Have a Plan
  2. Have Good Backups
  3. Always be Patching
  4. Backup Logs are Your Friend
  5. Network Monitoring
  6. Keep a Day Book
  7. If you notice something, don’t act
  8. Call for Help
  9. Protect Yourself
  10. Front Foot

Follow me on Twitter, Facebook or Linked-in to receive my internet security tip series every Monday for the rest of the year.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Word Gravity

Gravity - It's the Law

Word Gravity
Newton’s law of universal gravitation states: “Every point mass in the universe attracts every other point mass with a force that is directly proportional to the product of their masses and inversely proportional to the square of the distance between them.” In short things of great mass attract other things more and more the heavier they get or the closer they get.

Words are no different. They control our whole lives and they have a gravity to them as well. The words you use and the way you use them attract or repel people and opportunities in exactly the same way that Newton describes gravity. If you talk about how hard life is, how everyone around you is trying to rip you off and how things never get better, I’m willing to bet that your life does exactly what you say. The same goes for the opposite, if you talk about how many awesome opportunities are coming your way, how great the people around you are and how much you’re looking forward to tomorrow, guess what is going to happen…

Steering Destiny
One of the first things you get taught when you’re learning to snowboard is that you go where you look. If you look at a tree, you hit a tree. If you look at a cute girl, you’re going to run her down. The police are trained to watch where someones eyes are looking when they are driving or in a hostile situation because that is the best possible way to tell what is going on in someones mind.

Attracting People
My mum used to tell me that you become like those that you hang around. She will be ecstatic to hear me telling you that she was right. People LOVE to be around other people who agree with them, how many people have you heard running around with an idea that they are looking to push, eventually landing in a group of people who agree with them regardless of how right or wrong that idea was? This is an excellent example of words attracting an outcome. If you have it in your head that you are going to be the hottest up and coming DJ in town, you’re going to talk like it and you’re going to wind up with a group of people who agree with you. If your words are saying that your life is hard and nobody understands you, you’re going to wind up surrounded by people who make your life hard and who agree that nobody understands you.

Social Media
Social media is where word gravity is especially powerful. Social media is an amplifier of peoples words, we share levels of detail about our lives that we have never been able to before, we literally have the whole world as our audience.

If you are a small business person, this is one of the greatest opportunities or dangers that has ever existed. You can literally build or destroy your business just by the words you choose. I have seen businesses which have built a loyal cult following of willing buyers before they even opened their doors, Shoes of Prey and Posse here in Sydney are a great examples of this (22michaels.com and @rebekahposse), they have chosen to use their struggles and learnings as a very powerful marketing and educational resource that has not only helped them make money, but has helped young entrepreneurs bypass the hurdles to their own success.

Challenge for this quarter

  1. Pick something you want to achieve that will make a big difference in your life.
  2. Have a look at what you’re saying about it. If you don’t have a good understanding of what you’ve been saying, ask someone close to you or look at your social media feeds.
  3. Write down your goal and share it (Important!!).
  4. Start to do whatever is required to make that change happen.
  5. Deliberately choose to talk positively about it for the next 3 months regardless of the setbacks.

My Goals
My goal for the next quarter is to get my back strong enough that I don’t have to keep my Osteopath rich. I’m excited about this because I have a bunch of friends who are going to help me and I know an awesome personal trainer.

So whats going on in your mind?
What do the words you broadcast to the world say about your future and the kind of opportunities you have coming to you?

You are what you say you are, tell me what you are!