Security Scene: November Edition

Estimated reading time: 3 minutes

By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer

We continue to slog forward through 2020. Good news, it’s now November! Time off is approaching, leaves are falling (achoo!), and the nights are getting chillier.

Let’s begin things with a recap of last month’s survey. I got SEVEN responses! Yay! Unfortunately, there was no clear consensus about whether “internet” should be capitalized, and a plurality agreed with me that it’s capitalized in some contexts but not in others. Only one person felt really strongly about their choice. Several of you had security audits at least once a year, and several had them less frequently. A recurring theme in answers was the different scopes and regulations of the individual audit. There were mixed results on whether you’ve scanned your networks for PDUs and other IOT devices for the Ripple20 vulnerability — some of you are, some of you aren’t.

Bruce Carter had shared a story with NetGurus about cybersecurity professionals’ concerns regarding firewalls. Most of the complaints were about flexibility, be it in securing new apps or in access control. Disappointment at firewalls’ ability to work within a zero-trust environment was mentioned several times, but I’m not certain how common zero-trust environments are in higher education. I’ve added a question to this month’s survey about it.

On that note, I also really enjoyed an article from Forbes. This article works with a matrix structure to classify data access as in or out, depending on where your resources and users happen to be located and suggests ways to secure each matrix category. Their recommendations are brief, but I thought the article also includes a lot of fun things I wasn’t aware of, like Remote Browser Isolation! I have a question on the survey regarding the acronyms in this article — have you heard of all of them?

Recently, Microsoft worked with partners including FS-ISAC, ESET, Lumen, NTT, and Symantec to disable parts of the Trickbot botnet. There was also a previous effort by a group in the NSA to combat Trickbot. Probably the best-known use of this botnet was the distribution of the Ryuk ransomware, which has previously affected cities, DoD contractors, and multiple hospitals, and was possibly going to be used for attacking the US election. However, as is typical for the cat-and-mouse nature of security, the botnet appears to be recovering and threatens to attack as many as 400+ hospitals in the US. This has the potential to be a big problem for those of you with university-affiliated hospitals, or some of the 1900 hospitals participating in the Community Anchor Program!

Be sure to participate in this month’s survey! As always, no identifying details need to be shared in your responses, I’m just trying to encourage your participation.

Related articles and blogs:c

• Security Scene: October Edition
• Security Scene: December Edition
• InCommon and GÉANT Set Identity Management Sessions in November