SysRisk

Simply Cybersecurity

Read this first

HTTraP

This scripting and programming project started about seven years ago when we started thinking about web defense. The concept turned much larger because we came to realize that all services offered over the internet - DNS, FTP, SSH - are all naturally defensive. The service is sitting there running with a port open and attackers can just apply scripted attacks or manual techniques (rare these days) to penetrate the host system.

The idea behind HTTraP was similar to a honey pot in that it tried to analyze the activity, but only for a couple tries before it stored the activity in a database, then blocked the IP. The idea was a web presence that would give the user strict usage rules and once 404 or 50x errors are thrown, then IP, geo-location, error number, and reason (url injected) would be stored and analyzed, but the user/ip address would be blocked after a couple offenses. There is no...

Continue reading →


SOCinaBox

While the name nor the idea are original, we have yet to see the actual solution to the issue. The issue I refer to is the fact that small and medium-sized businesses are out in the cold when it comes to cyber security monitoring and hardening.
Every security operations center (SOC) or security as a service (SaaS - the other one) offering starts at a price point that alienates businesses that operate on a smaller scale. This is where enterprise security forgets that we are only as strong as our weakest link, so they implement a warmed over review of contractor and sub-contractor security, which are usually smaller businesses. These smaller companies suffer in the face of questions related to periodic penetration tests, firewalls and intrusion detection on internet connections, internet connection monitoring, or even ISMS certification.
The knee-jerk reaction for most businesses is to...

Continue reading →