Mediaboss Marketing

By now, most of the industry has realized were seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders havent realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that dont involve insider threats and user error involving stolen credentials, according to sources such as the 2022 Verizon Data Breach Investigation Report.

Compromised credentials were involved in incidents such as the 2021 Colonial national gas pipeline breach, the 2021 Oldsmar Florida water treatment plant attack, and an attack on the South Staffordshire water treatment plant in the UK in 2022, illustrating that these incidents can and have spilled over from the digital realm to the physical, impacting critical infrastructure.

Luckily, were seeing a change in the industry to pivot to a zero-trust model of cybersecurity, underpinned by an emphasis on identity and data rather than the legacy castle-and-moat approach that preceded it and led to several decades of brittle defense and massive data breaches. This pivot includes guidance from leading organizations such as the National Security Agency (NSA), which in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Recommended Best Practices for Administrations - Identity and Access Management (IAM) guide.

The guidance opens by discussing the current threat landscape along with an overview of threat mitigation techniques. The NSA points out that some of the most common techniques used by malicious actors include activities such as creating new accounts to maintain persistence, exploiting vulnerabilities to forge authentication assertions, exploiting existing users and their access, and exploiting insecure system defaults and configurations. The guides most salient sections are dedicated to identity governance, environmental hardening, identity federation and single sign-on (SSO), multifactor authentication (MFA), and auditing and monitoring, which we will discuss below.

Identity governance helps organizations centralize and orchestrate activities associated with both user- and non-person entities (NPE) such as service accounts to align with their organizational policies. These activities cover the entire lifecycle of an account or identity, such as when an individual joins, moves, or leaves an organization or a team, triggering activities associated with their credentials and associated permissions. That same concept applies to NPEs such as machine-based identities that need credentials and permissions to carry out activities within an architecture.

Determining who has access to what and the risks associated with that access and then dynamically managing the access appropriately is no easy task. Identity governance enables a centralized approach to ensure the broad application of organizational policies, as well as mitigating risks such as identity sprawl and permission creep, in which individuals accounts are properly managed but their associated permissions regularly extended beyond what they actually need for their jobs. When this occurs and those credentials are compromised or abused, it can wreak havoc on organizations.

Leveraging innovative and emerging technologies, organizations can enable this governance while also taking advantage of capabilities such as conditional-based access control and dynamic least-permissive access control rather than long-lived credentials and access. Implementing identity governance can help mitigate attacks such as phishing, insider threats, and malicious actors creating accounts to maintain persistence beyond their initially compromised account. The NSA guidance also recommends utilizing privileged access management (PAM) solutions for advanced capabilities such as just-in-time access control.

Identity governance utilizes hardware, software, and digital environments to enable its implementation, and this is where environmental hardening comes into play. The NSA guidance points out that environmental hardening activities such as patching, asset management, and networking segmentation, along with other security best practices are key to mitigating the potential for compromised credentials, as well as limiting the blast radius, should an incident occur.

It is well known that malicious actors regularly try to compromise IAM components, so ensuring the security of environments in which those components operate is a key consideration. This includes performing activities such as creating a comprehensive asset inventory, understanding the connectivity of the assets youve identified, and protecting assets appropriately based on how critical they are to a business. You dont apply the same level of resources and rigor to a publicly available, non-sensitive system as you do to your crown jewel systems, for example.

Knowing that credentials are a key target for malicious actors, utilizing techniques such as identity federation and single sign-on can mitigate the potential for identity sprawl, local accounts, and a lack of identity governance. This may involve extending SSO across internal systems and also externally to other systems and business partners.

SSO also brings the benefit of reducing the cognitive load and burden on users by allowing them to use a single set of credentials across systems in the enterprise, rather than needing to create and remember disparate credentials. Failing to implement identity federation and SSO inevitably leads to credential sprawl with disparate local credentials that generally arent maintained or governed and represent ripe targets for bad actors.

SSO is generally facilitated by protocols such as SAML or Open ID Connect (OIDC). These protocols help exchange authentication and authorization data between entities such as Identity Providers (IdP)s and service providers. It is key for organizations utilizing SSO to understand the protocols involved as well as how the service providers involved have secured the protocols and the services themselves. The guidance provides a logical depiction of an example authorization data flow.

Best practices for implementing identity federation and SSO include knowing what systems in the environment are integrated with SSO or utilizing local identities, understanding how your trusted partners may leverage local accounts, and utilizing configuration management solutions to support identifying, tracking, and reporting on local account usage in an environment while working to get more systems federated and integrated with SSO to cut down on local account usage and its associated risks.

By now, most CISOs should be familiar with MFA. But for those who arent, at a high level, MFA requires users to utilize multiple factors as part of their authentication activities. Think of a username and password plus an SMS text or code sent to an authentication app on your phone. As shown in the NSA guidance, these factors typically take the form of using something you have, know, or are (such as biometrics) as validation tools.

We know that malicious actors are after credentials to carry out their activities and the use of MFA significantly decreases the risk of compromised credentials, particularly high-assurance approaches such as phishing-resistant MFA.

MFA helps mitigate situations in which passwords have been exposed through external system compromises or by unauthorized users who convince victims to share their passwords. The use of strong MFA form factors ensures that the exposure of a username and password alone wont leave an account compromised. The NSA guidance ranks MFA types, from weakest to strongest as SMS or voice, app-based MFA, and phishing-resistant MFA such as PKI-based systems and fast-identity hardware tokens (FIDO).

It is often said that many organizations are already compromised they just dont know it yet. This is where activities such as identity access management auditing and monitoring come into play, with value beyond compliance purposes: it helps identify anomalous or malicious activity present in an environment.

IAM auditing can provide insight into how systems are being used or abused, detect problems earlier in their lifecycle, aid in gathering forensic evidence which may be needed later as well as ensure privileged users know their activities are being monitored.

To prepare to implement successful and effective IAM auditing and monitoring, organizations need to first understand what normal behavior is, be familiar with organizationally defined policies and processes, as well as identify users with access to critical assets so they know what users and activities are the most critical to audit and monitor.

Organizations also need to ensure they have sufficient tooling and analytical capabilities in place to make use of the collected data and telemetry, as well as ensuring they have tooling in place to gather and consolidate it, to begin with. Organizations will also want to ensure they are not collecting noise and irrelevant data that simply distract from signals that are of real concern and pose risks to the organization.

Organizations looking to implement NSA-recommended identity and access management (IAM) protocols, the agency provides an appendix in the guidance that provides a detailed checklist for each of the areas discussed throughout this article. This provides a quick punch list approach to allow organizations to tackle the most pressing and key activities when it comes to securing their IAM processes and systems.

See the original post:
Embracing zero-trust: a look at the NSAs recommended IAM best practices for administrators - CSO Online

New Delhi: Iran on Monday, May 1, called for greater use of national currency in trade, even as India reportedly conveyed that the recent reconciliation between Tehran and Riyadh would have a profound impact in changing regional equations at the international level.

This was allegedly discussed during the delegation-level meeting of Irans Secretary of the Supreme National Security Council (SNSC) Ali Shamkhani with visiting National Security Advisor Ajit Doval in Tehran on Monday, Iranian state media IRNA reported. The Indian NSA also called on Iranian President Ebrahim Raisi and Foreign Minister Hossein Amirabdollahian. There is no public readout of the meetings from the Indian side.

According to Indian government data, bilateral trade between India and Iran grew by 48% to reach $2.5 billion in 2022. This increase was largely due to an increase in Iranian petroleum exports to India. Western sanctions have largely impeded trade ties due to restrictions over financial transactions.

This year, bilateral trade dropped by 13% in the first two months. However, Irans exports grew by 91% to India in the two months compared to the same period in 2022.

The Iranian national security advisor told his Indian counterpart it would be helpful to activate the rial-rupee mechanism, as per Tasnim news agency.

Advertisement

Advertisement

He emphasized that the launch of the financial transaction system using the currencies of Iran and India would be a major step towards the fulfilment of the common purposes in the economic field, said the Iranian news agency report.

Doval also reportedly asserted that Chabahar port in Iran, which is being supported by Indian firms, is the gateway for increased cooperation between the two countries.

According to Irna and Tasnim, Doval hailed the recent agreement between Iran and Saudi Arabia that restored diplomatic relations. The agreement, brokered by China, marked the end of seven years of diplomatic estrangement.

Indias public response to the deal had been a cautious statement that New Delhi had always favoured dialogue and diplomacy. Irna indicated that Doval was more expansive and noted that the Iran-Saudi agreement would have profound regional effects on changing relations in the international system.

The senior Indian official also spoke about the deep influence of Iranian culture in India as an indication of close ties between the two nations.

Not surprisingly, Afghanistan was on the agenda, with Doval batting for cooperation between Tehran and New Delhi to boost stability in Afghanistan. The Indian NSA also said, as per IRNA, that the two countries should work together to eradicate Takfiri terrorism in Afghanistan, a label used by Iran and the Taliban against IslamicState-Khorasan Province (IS-KP).

Iran has cultivated close ties with the Taliban, even before the insurgency had taken over Kabul in August 2021. While officially Tehran does not recognise the Taliban government, it allowed a Taliban-appointed official to take over the Afghan embassy to Iran.

See original here:
At NSA Talks, Iran Raises Rial-Rupee Trade, India Says Deal With Saudi Will Have 'Profound' Impact - The Wire

The National Sheep Association (NSA) has said that its 2023 NSA Welsh Sheep event next month will showcase the very best of commercial farming in Wales.

The event will welcome visitors to Red House Farm, Aberharesp, Powys, on Tuesday, May 16, 2023.

The on-farm event aims to be a technical and informative one that the NSA says is not to be missed by sheep producers far and wide.

This year, the association said, there will be a new emphasis on reaching out to tell the public of the positive story that is Welsh sheep farming.

The NSA said the event will feature a seminar tent that will have discussions on the role of lamb and mutton in the human diet.

As well as this, conversations will be held surrounding the sustainability of sheep farming and the importance of looking after the next sheep farming generation.

The seminars will be chaired by John Yeomans, NSA Cymru committee member; Phil Stocker, NSA chief executive; and Catherine Smith, chair of Hybu Cig Cymru Meat Promotion Wales (HCC).

Yeomans will chair the discussion on lamb and muttons role in the diet, and he will be joined by speakers Dr Eleri Thomas from HCC, Robbie Davison from Can Cook-Well Fed and Bob Kennard of British Heritage Sheep.

The NSA Welsh Sheep team said the discussion will focus on the criticism red meat has faced and how research needs to be used to challenge this.

This seminar will explore how our predominantly grass-fed lamb and mutton can fit with healthy eating messages, giving you some facts that can be used to dispel some of the myths around eating meat, it said.

NSA chief executive Stocker will chair the seminar on sheep sector sustainability, with guest speakers including Rachel Madeley Davies of HCC, Dr Janet Roden of Innovis, Prysor Williams of Bangor University and Nicky Naylor of Harper Adams University.

Stockers discussion will focus on how the Welsh sheep sector aims to produce high quality food sustainably, and fit in other interests around land management including the increasing demands relating to carbon sequestration.

Questions will be asked in relation to what can be done to reduce emissions in the sector, the potential for grasslands to outperform mass forestry in terms of its delivery of public goods, and how pastures and farm infrastructure may need to be managed differently to deliver more.

The events final seminar, on the next generation of sheep farmers chaired by Smith, will feature the following speakers:

The discussion will be centered on making the next generation of sheep farming enthusiastic and well-educated on the industry.

NSA Welsh Sheep said the young farmers need security and support as well as the potential for viable and rewarding businesses and careers.

This seminar will consider what it will take to further grow a positive recognition of sheep farmers and what we can do to ensure a satisfying and fulfilling future, it said.

Continue reading here:
NSA event to showcase 'very best' of Welsh sheep farming - Agriland.co.uk

The Supreme Court on Friday granted more time to Tamil Nadu to respond to the plea of Bihar-based Youtuber Manish Kashyap against invoking stringent National Security Act (NSA) for circulating fake videos of migrant workers being attacked in Tamil Nadu.

On Friday, Manish's Kashyap's plea came up for hearing before a bench of Chief Justice D Y Chandrachud and Justice P S Narasimha. The bench, as per PTI, took note of the request by lawyer Amit Anand Tiwari, appearing for the state government, for time to respond to the petition.

Senior advocate Maninder Singh, representing Kashyap, sought clubbing of all the FIRs lodged against the YouTuber in West Bengal and their transfer to Bihar in the interest of justice.

He alleged the state government invoked NSA against Kashyap, who is in jail for over a month now, during the pendency of his petition in the top court and this led him to amend the plea, as per PTI.

Following this, the Court gave time for Tiwari to file a fresh response to the amended plea.

The court then fixed the next date of hearing for the case on May 8.

Currently, Manish Kashyap is in Madurai prison for over a month now.

Earlier, the Apex Court issued a notice to Tamil Nadu and Bihar governments on Kashyap's plea challenging his detention under the National Security Act. "Apart from the relief sought under Article 32, the petitioner seeks to challenge the detention order under National Security Act (NSA). The petitioner is allowed to amend the plea. Issue notice on amended prayers," the bench had said before posting the matter on Friday (April 28).

"We direct that the petitioner be not moved from the Central Prison Madurai," the bench added.

ALSO READ:Why Hasn't PM Met Them Yet, Priyanka Gandhi Asks After Meeting Protesting Wrestlers In Delhi

Read more from the original source:
SC Grants Time To Tamil Nadu To Respond To Manish Kashyap's Amended Plea Against Invoking NSA - ABP Live

Last week, the House Judiciary Subcommittee on Crime and Federal Government Surveillance held a hearing on Fixing FISA: How a Law Designed to Protect Americans Has Been Weaponized Against Them, ahead of the December 2023 expiration of the Section 702 surveillance authority. The three witnesses,Michael E. Horowitz (Inspector General, U.S. Department of Justice), Sharon Bradford Franklin (Chair, U.S. Privacy and Civil Liberties Oversight Board), and Beth A. Williams (Board Member, U.S. Privacy and Civil Liberties Oversight Board) all sketched out their visions for the good, the bad, and the ugly about the invasive surveillance power.

The witnesses managed to use the hearing to sketch out a vision for what a minimally sufficient bill to reform Section 702 would look like. However, they were not nearly as skeptical as we are ofthe necessity of domestic law enforcements use of these powersespecially when the information collected under 702 could be obtained by law enforcement with a warrant through more traditional avenues.

Section 702 allows the government to conduct surveillance inside the United States by vacuuming up digital communications so long as the surveillance is directed at foreigners currently located outside the United States. It also prohibits intentionally targeting Americans. Nevertheless, the NSA routinely (incidentally) acquires innocent Americans' communications without a probable cause warrant. Once collected, the FBI can search through this massive database of information by querying the communications of specific individuals.

Previously the FBI alone reported conducting up to 3.4 million warrantless searches of Section 702 data in 2021 using Americans identifiers. Congress and the FISA Court haveimposed modest limitations on these backdoor searches,but according to several recent FISA Court opinions, the FBI has engaged in widespread violations of even these minimal privacy protections.

A just-published transparency report from the Office of the Director of National Intelligence (ODNI) includes a recalculation of these statistics, reporting instead just under 3 million searches for 2021, and around 120,000 and 800,000 for 2022 and 2020 respectively. The report says that a single cybersecurity investigation in 2021 involving attempts to compromise critical infrastructure led to approximately 1.9 million queries related to potential victimsincluding U.S. persons[and] accounted for the vast majority of the increase in U.S. person queries conducted by FBI over the prior year.

But we should be far from reassured by these revised estimates of warrantless, backdoor searches of the 702 databases. First, even the lowest reported figurenearly 120,000 searches in 2022is still a whole lot of warrantless searches of Americans private communications. Second, the methodology used in this new report requires additional scrutiny. For example, it says that the FBIs new counting method includes deduplication, where instances in which the same query term was run multiple times, whether by the same user or by different users are apparently treated as only one search. Theres no reason to consider that the right way to count, though. If police conducted separate warrantless searches of a persons house on Monday, Wednesday, and Friday, a court would likely treat that as three separate violations of the persons Fourth Amendment rights.

Regardless of the exact numbers, the disturbing history of overreach is why its so urgent that civil society, concerned people, and lawmakers act to pass legislation that radically reforms Section 702 before were stuck with another 4 years of warrantless backdoor searches of U.S. data.

Chair of the PCLOB Sharon Bradford Franklin had three vital recommendations for the committee to consider before voting on legislation to renew Section 702.

These three suggestions are a good starting point, but much more work needs to be done to address the over-classification and government secrecy that hinders accountability, enables abuse, and prevents people fromsuing to address harms done by government surveillance.

Government representatives are always quick to testify to the legitimacy and utility of these programs by vaguely referencing classified events or attacks that intelligence agencies thwarted thanks to this program. Part of the problems of over-classification and extreme secrecy is that were expected to take their word for it rather than be brought into the process of understanding whether and when these programs actually provide some utility and are notlike Section 215 of the USA FREEDOM Acttouted as absolutely necessary until their authorities expire with little to no pushback from the national security apparatus.

PLCOB member Beth Williams also suggested that Section 702 was not a bulk collection program because it required specific targeting of individuals for surveillancea claim that EFF contests as being an absolute myth.

Even worse, Williams suggested Section 702 and its invasive surveillance capabilitiesvacuuming up and reviewing communications, presumably with people overseas, should be used as a tool for vetting hopeful immigrants to the United States as well as being people vetted for government jobs. Thismight give immigration services the ability to audit entire communication histories before deciding whether an immigrant can enter the country. This is a particularly problematic situation that could cost someone entrance to the United States based on, for instance, their own ora friends political opinionsas happened to a Palestinian Harvard student when his social media account was reviewed when coming to the U.S. to start his semester.

In addition to ending warrantless backdoor searchers, Section 702 also needs new measures of transparency to enable future audits and accountability of these secretive programs. FISA has long contained procedures for private parties to sue over surveillance that violates their rights, including a mechanism for considering classified evidence while preserving national security. But, in lawsuit after lawsuit, the executive branch has sought to avoid these procedures, and the judiciary, including the Supreme Court, has adopted cramped readings of the law that create a de facto national security exception to the Constitution. We need real accountability, and that includes the opportunity to contest surveillance in court.

Original post:
At Congressional Hearing, PCLOB Members Suggest Bare ... - EFF