@securiTay – Taylor has better security than some banks transferring millions using SWIFT
Recently there has been what is likely the beginning of a wave of break-ins and financial exfiltrations via the SWIFT Alliance. Reports vary a bit, but between vendor/operator mistakes, weak security controls, lack of integrated forensics, and some not-so-best practices we have ended up witnessing the theft of over $80 million dollars. (It could have been over $950 million dollars but for the successful identification of typos by some astute bank operators.)
I spent some time going through the SWIFT Alliance’s publication ‘Security Guidance for Alliance’ published on 18 March 2016 (current version is 29 April 2016) to understand what their baseline security recommendations and architecture are and then thought about how I would re-implement them to protect against some of the more malicious threats we are seeing today.
TLDR; the document is a fairly comprehensive approach to securing SWIFT against the types of attacks that were prevalent a decade ago. Times have changed, their model does not seem to have adapted to the threat landscape we are facing today. If you operate a SWIFT infrastructure or just find armchair quarterbacking and 20/20 hindsight to be fun to read – please continue! I’ll do my best to make this entertaining and hopefully informative.
Continue Reading →
July 14, 1789. If you’re a history buff, you recognize the date. In France, the Storming of the Bastille. In our industry, July 14, 2015 was just as historic; it marked the official end of support by Microsoft for Windows 2003. The date was called out well in advance by the trade press with multiple recommendations for remediation, as the threatening negative security consequences for running critical apps on W2003 were communicated globally.
So how serious was the problem, how much of it has been solved nearly one year later, and what opportunities still exist for Skyport Channel Partners? Some quick facts:Continue Reading →
Four happy servers graze on the range before their long march to economic results.
Odd title for a tech blog, no? Well a few years ago I heard a great analogy from my friend Josh McKenty. He said, we should not treat servers as pets, but instead cattle. The basic thesis being that a sick puppy takes a family of three to care for it while a sick cow in the herd gets shot in the head by the rancher and the herd moves on – three ranchers can handle a thousand plus head of cattle. Applied to servers and IT infrastructure this model is a core premise of cloud architectures: we should never get so attached to an individual device that we stop receiving the rewards of economies of scale.
Let us continue with Josh’s analogy. You have your herd of cattle, you are driving them from Texas to Sedalia, Missouri – the closest railhead at the time that ran to Chicago – and one of them gets sick. But this time it is something virulent and unfortunately deadly like BSE (mad cow disease) which is infectious and causes the cattle to lose the ability to stand, thus ineffective on the drive. Your cow has a folded protein, a virus, malware, something in it that should not be there. You hopefully catch it before it spreads, but if you do not you can lose the entire herd. Rapid quarantining may not be enough, euthanization may not be enough depending if the infection vector precedes the onset of identifiable symptoms. Economic disaster.
The problem is that security killed the cow.
Continue Reading →