& cplSiteName &
Comments
You must login to participate in this chat. Please login.

Hi @Anna.Telia thanks for tuning in to the recording!

Good examples and easy to follow, thanks for the lecture!

Poll question answer: I believe quite well.

Omg 2.3 zetabytes annual run rate of IP traffic ahead?!..

Very catchy presentation and not boring:)

Hello, listening from Sweden, sunny day here!

Excellent Ray Watson, as always

Very Nice Ray!  A good refersher! 

Great Job Ray! Very well done.

Hope to have you teaching us how to build up more awareness of the security threat again!

Thank you! Centralized Orchestration will help in security control.

I think more understanding on how to prevent threat is required.

 

Listening to the achived lecture from California.

 

thanks, the fact that these are archived for future refernece is fantastic. 

very informative and interesting

will predictive anaylitics play a role

Still Atlanta.  Beautiful.

Kanata Ottawa

nice and sunny

Thanks everyone for tuning in and a huge thanks to @Ray for the excellent lecture! I'll see you all on the chat boards on Wednesday for Big Data Analytics Meets Customer Experience Management with Juan Gorricho, Disney.

Great presentation, thanks

 

Thanks @Ray and @Kelsey for a great lecture today. It was really informative and I learned so much in such a short time. I definitely need to listen to this one again.

Thanks Ray for some of those insights! 

QQ: If IT administrators cant limit BYOD, how could they possibly limit BYOF(itBit)  ?  Answer:  therein lies the huge problem.   I dont necessarily think we have to ban thse devices, but we definitely need to know when they are on the network and what (if anything) they are doing.   Especially in PCI-DSS or HIPAA typ environments.   Remeber, Target was breached because of an air conditioner.   

@maryam "JohnGordon I would hope they have any ethical commitment if they don't understand their legal obligations as a former employee. ":

The ethical bargain between employer and employee may be considered by the dismissed employee to have been breached by the employer when the replaced employee is forced to train the cheaper imported replacement.

QQ:  Why can't the e-mail system (MS-Outlook) run these executables in a virtual machine (similar to the Java VM)? Better yet, the filtering system could disable the link. 

Answer:  That concept is called (broadbly speaking) "sandboxing".  It is one of the things that apple IOS devices do to protect their data.    Google's Chrome browser also see sandboxing which is one of the reasons it is often considered more secure than your typical Internet Explorer with outdated-flash installed.   I think Microsoft is doing much better than they used to do regarding security, but then again they had a long ways to go.    

JohnGordon I would hope they have any ethical commitment if they don't understand their legal obligations as a former employee. 

@Ray Q: 

Why can't the e-mail system (MS-Outlook) run these executables in a virtual machine (similar to the Java VM)? Better yet, the filtering system could disable the link.

don't tell the IPv6rs tho

@maryam: That is, replace employees can secretly compromise the IT systems of former employers in revenge, by selling the info about those systems.

QQ:  Is it really necessary for all sensors to have an addressable IP address?    Answer: no, it is absolutely not.   In fact, I would *prefer* if my devices wrere not addressable.   Unfortunately alot of the IoT vendors disagree with me.     Ironically, IPv6 may be a partial answer to alot of these things, but lets check back in 2050 and see if anyone is using IPv6 by then :-)

 

 

JohnGordon sad but hopefully uncommon

@[email protected] "John Gordon I hope that the security pros have a sense of ethical behavior like law enforcement so I can only hope the don't cross over to the darker side.": Can happen when IT employees get replaced by cheaper imported talent.

One of the really interesting pieces pieces about the Target breach is the vector that intruders used in the chain.  It was actually one of their HVAC (air conditioner!) vendors who had credentials thazt allwoe an entry,  and then this entry was exploited via two zero-days, and eventually the malware was planted on their Point of Sale systems.   We cannot trust anything on our network to be unmmonitored.  HVAC systems are now a threat!

 

Upskill U students leave our judgements at the door...especially when it comes to capitalization

We won't hold it against you if you capitalize Internet @Ray

John Gordon I hope that the security pros have a sense of ethical behavior like law enforcement so I can only hope the don't cross over to the darker side.

More about compass direction:    Generally speaking, "east-west" traffic refers to traffic within or between data centers -- i.e. server to server traffic. "North-south" traffic is client to server traffic, between the data center and the rest of the network (usually via the Internet*  ).

I believe the terms originated with  the way Visio network diagrams are typically drawn, with servers or access switches spread out horizontally, and external connections at the top or bottom.      

* Yes, I still captialize the word "Internet."  I know we aren't supposed to anymore, but I will continue to do so until you take away my shift key.  

 

Thanks for tuning in @Joe and for the great IoT question!

Thanks for this great show, Ray & Kelsey.

@Ray: 

Is it really necessary for all sensors to have an addressable IP address?

@Ray: Q: 

slide 3: what is "delivery chain" as an attack vector?

@Ray Q: 

Compass stuff is new to me and I would appreciate Ray revisiting North/South East/West threats a little bit more.

I wonder how many IT security employees join the other side (the hackers) because of corporate policies towards employees? I'll bet that's a huge hole in security.

Have a great weekend everyone --see you on the boards soon!

QQ: How do employment and compensation practices in IT affect vulnerability of corporate systems?    Anser:  This one is a bit nuanced.  Most companies consider their salary and compensation information to be some of the most valuable they have.   But then when you ask them, point blank, are those files being stored unencrpyted anywhere, they do not know.  The other complication to the HR question is about maintaining and protecting levels of access.  As Snowden taught us oh too well, have "super administrators" can be dangerous.  SO I don't really have a direct answer abot this except to say <1> please protect your HR data with encrpyion <b> please monitor and protect employee levels of access.  

 

looks like security world should also look more and more on the medical field, how some of the communicable diseases have been addressed!

Thanks for tuning in @maryam! 

Thanks to everyone on the Board and Kelsey for the great exchanges.

@Ray another question: How do employment and compensation practices in IT affect vulnerability of corporate systems?

Thank you, Kasey and Ray, all audience for sharing

Enjoyed this topic and well presented

It has been an excellent session, thanks Ray

Looking forward to hearing more from Ray on the chat board!

@Ray Q: 

will the hackers also be using sophisticated analytics to plan the next punching threat vector?

thank you, this was a good one

great session , thank you

 

Thank you very much Ray! Very engaging presetation today. I hope to see you back here again in the future.

Thanks for all your insight Ray you did an awesome job of explaining the issues!

Thanks Upskill, for selecting such a great topic

Thanks for the copious information, Ray W.

Hi Ray, how does an IT administrator legislate for what fitbit you can and can't bring into the office. Very difficult, surely?

If I could modify my last post, I'd ask, "Could "normal behavior" disguise a threat?" 

I get calls from not even Microsoft but Windows!!!! Come on at least do your research

Good question @georgiacougar....I was wondering that too. PS good to see you here on Upskill u!

Ray is part of the issue that there is still a skill shortage in security and level of experience?

poor grandmas, they get a bad rap but I totally know what he's talking about!

I get those calls from "Microsoft" all the time!

How did the nursing indestry attempt to solve the alarm fatuge problem

Security skills will be big requirement for future networks

 

@Maryam I need to look up smart pillows. I'm intriqued now.

Does SDN/NFV make networks more secure or less secure ?

 

What is an example of "normal behavior"? And, is it possible that a "normal behavior" could still be a threat? Is that when something like signature-based solutions could help?   

TeleWRTRLiz my pillow is decidedly not smart no tech in my pillow. what does it do?

 

kudos to the chat board today! You guys are really rockin' this class!

Are you suggesting - enterprises need to have this capability in-house or subscribe to a service? Secondly, should there be some standardization of the type of data that needs to be provided?

will the hackers also be using sophisticated analytics to plan the next punching threat vector?

Combination of both for me.

Coming up on Q&A...get your questions for Ray in!

Bayesian statistics (use past results to fine tune the results)

Alarm fatigue - so common across industries

Alarm overload, analytics for the analytics...

@Michelle human error will always be that tricky problem to solve!

Michelle the issue is that smart tvs are often used to avoid the charges from cable companies. Without connectivity you are married to the cable company.

@ANOTHER QUESTION FOR RAY: So in terms of these hypervisor security issues, what's your take on hypervisor and container alternatives, like unikernels, SR-IOV, INtel's DPDK, etc.?  Are we seeing an evolution -- or even extinction -- of the traditional vSwitch?

Poll response: Combination

combination of both, more so the latter 

Re-skilling workforce for sure - technology is catching up, people still make silly mistakes

Combination of both (threats are coming at us so fast)

combination of both

 

@michelle that's scary. I had no idea

 

@anon-yes linux and ios vulnerabilities are definitely top dollar now

Smart TVs are often left unpatched once newer models are available in market. I don't even connect mine to the network anymore because it's no longer getting security updates from the vendor. So sad.

I have not seen anyone marketing any security products for the unique issue of smart tvs

@Joe aww - sad story. Poor kid :(

larman so true no security at all for smart tv!

Hi Ray. If IT administrators realized they couldn't prevent Bring your Own Device (BYOD) why should they be any better able to stand in the way of Bring Your Own Fitibit?

(And worse, it was one of those with all the pop ups that made it difficult to get out of.)

and now new problem-smart tv

@Michelle: True story: Many years ago, a relative of mine -- young kid -- was interested in old video games (Atari, NES, etc.) and finding online emulated versions of them.  So this innocent 12-year-old, instead of using a search engine, just typed in "oldgames.com."  It was an adult website.  :/

Is it really necessary for all sensors have to have an addressable IP address?

and having control over us-users?

Us, but maybe not all of us in this chat room.

Joe I agree companies need to educate their users about security on their porducts how many people still don't have security on thier phones?

Billions of attack vectors ready for plucking

QUESTION:  Ray mentioned Linux vulnerabilities.  I have not been as concerned about security on Mac and Linux machines.  Should I start to become more concerned?

Thanks for addressing my question, Ray!  (And, as you can see, it's "Light Sabre.)  ;)

I have wondered about these systems - thanks for helping me realize my fears were warranted.

It is clear that security cannot be left upto the users (history is a good teacher) so it is the "responsibilty" of the service/hardware/software provider to burn in the security.

slide 3: what is "delivery chain" as a attack vector?

Speaking of "these devices shipping in an unsecure way," at a cybersecurity panel at a recent conference I attended, attacks on the supply chain to infiltrate IoT devices were discussed in depth.  And then the discussion becomes about (1) securing the physical supply chain and (2) training people at all points in the supply chain/transaction to be able to detect if something looks wrong.

If Network Connectivity (wireless, wired)is the medium through accessing the Central Cloud Systems, should that not be the portion that requires the best security ?

QUESTION:  Compass stuff is new to me and I would appreciate Ray revisiting North/South East/West threats a little bit more.

light beer? what kind of name is it??  vodka sounds better

@joe-good points on iot.my preferred method are defense in depth and making sure all your systems are patched across the board.

@klogan: Indeed, I don't like to get too specific in these chats about the details of my security.  ;)

(It could also be industrial IoT...) :)

ONLY BUY THE DUMB THINGS, yeah?

I think very well, but they would not admit if every Tom, Dick, and Harry out there were looking through our files....

not sure, but moderately to very well

We have locks on our front door?

 

Not very well. (Not at all)

SURVEY QUESTION ANSWER: Moderately well.

We're headed into the abyss

Ray what type of internal monitoring have you seen work?

As a parent who has cleaned viruses out of her kids computers, I can attest to the amount of viruses deliverd along with gaming stuff.

CORRECTION: How do employment and compensation practices in IT affect vulnerability of corporate systems?

good point prosecution is key but it would involve worldwide cooperation.

Wow!!!! That sort of ROI is what Wall Street chases.

QUESTION: How does employment and compensation practices in IT affect vulnerability of corporate systems?

Game apps are especially an issue for kids when they download updates...still get through some security software.

@owner71552 ... ironic isn't it...only one computer.

and that's only half of the world.....what will networks look like 20 years from now? 

Good to see you here @sawad !

all it takes is one big computer to wrech havok on our systems

I use outlook and I still get many phisihng atempts and attempts to get me to open files. The issue is still rampant unfortunately. Even my mobile devices sometimes get attempted attacks with good software protection software....

Wow 4.1 Billion Internet users!

@larman sometimes the quality of your broadband connection can impact the audio

Start thinking about what questions you want to ask Ray...coming up on time for our first listener question

@John agreed!! If only the brain power were used for good.

double sound and echo during presentation

When I see the skills deployed in hacks, it makes me wonder how there could be a skills-shortage in IT.

@Joe pretty much yes, but spelling and domain extensions differ. 

@Michelle yes agreed. My kids schools regularly teach kids about cyber security now.

@Michelle: There is, pretty much, isn't there?  ;)

@Kelsey Ziser,   It will be really hot this afternoon here in San Antonio,

(In fact, modern ransomware is typically programmed to detect virtualized environments -- and refuse to install if it so detects that it is on a virtualized instance, lest it be quarantined and safely reverse engineered.)

Teaching kids how to use search and avoiding this kind of attack is so important. Kids tend to think there is a website for everything they might want to learn about...

@gnean: Great point.  Virtualization tools like sandboxes are terrific ways for protecting against ransomware and other malware.

Macros are still a common vector? Surprising.

Why can't the e-mail system (MS-Outlook) run these executables in a virtual machine (similar to the Java VM)? Better yet, the filtering system could disable the link.

Fun with exploit naming

Kanata Ottawa Good noon, clear and nice

The audio is cutting out periodically

Greetings....hot and cloudy in Guayaquil, Ecuador...

No hacker here! Just warm sunshine in NJ

QUESTION FOR RAY: As a lot of our sessions here at UU have focused on IoT, what do you recommend/prefer/etc. in terms of threat-modeling techniques/threat-rating systems where IoT-enabling networks are concerned?

Was rainy in Orlando, clearing up a bit. But, looks like it could rain later on.

We need defense in depth

@pcorona bet it's hot in San Antonio!

any hackers on the chat board??? we need your company today :)

 

There are sooo many data breaches happening right.this.minute (probably).

Listening from San Antonio, TX.

 

Greetings All ... from lin in The O.C.

On slide 5, it says no system is invulnerable. For enough money, I think you could get near-invulnerability.

The portcullis on the second slide looks ominous.

whew! glad there is no death by powerpoint!

Hot and muggy in North Carolina too!

Listening from Boston, as usual.

A beautiful day in Northern Virginia after big t-storms last night.

Jellico KY.  Hot and muggy

@TeleWRTRLiz: I'm out of beer. (Just as well.)

Dallas is hot and getting hotter!

 

greay day in Piscataway

 

Listening in from the Northwest Pacific (British Columbia, Canada) where it is 59F and sunny.

Tlalnepantla, Estado de México, warm

Ottawa, Canada. Sunny :-)

beautiful day in Chicago!

weather nice in NJ

 

 

 

Southern CA,  sunny and warm today

Test Question Answer: Poconos, Pennsylvania, overcast, threatening to rain.

Minneapolis,  Sunny and warm.

São Paulo, Brasil

Sunny, warm

@John it's....bring your own beer!

joining from Bangalore! seems todays talk will unravel many a security hole :)

hi. me too why light me likes the heavy stout

We're getting beer? (LOL)

@owner tagline depends on how often you comment

Not sure why my tag line says light beer?

Oh, Now i see it.  Its right above the commet box.

See - Presentation: Big Data...above the chat

I do not see the link for the slides.

Good to see you on the chat @gaarmet and @owner!

Good afternoon everybody, nice to e-be here again and ready to learn

Hey everyone! Go ahead and download the slides from the link under "Special Educational Materials."

Good to see you here @larman!

We can absolutely discuss preventative analysis, gneangodav8v .  You are 100% correct, prevention is much better than reaction.  

 

@Ashu in just a few minutes at 1pm!

Great to be here with all of you!  I hope I learn lots today.

Are we ready to go live?

It looks like the analytics that will be discussed today is "what happened" and not what might happen. I think in the case of network security what is needed is predictive analytics. It is too late to find out that the network has been compromised.

@kelsey: turkey sandwich with mustard and a slice of pickle plus potato chips

 

What are you having @TeleWRTRLiz? I had a veggie medley :)

A happy Friday to to everyone.

Hi All! Just getting my lunch for the lunch & learn today. 

Welcome, @Ray, we're looking forward to your presentation at 1pm!

Hello all!!   Hope everyone is enjoying their Friday !  

 

Hi @Bryan, @dfperson and @mjackson! We'll be going live in just under 50 minutes!

Slides downloaded. Looking forward to the presentation.

Hi @kurieal and @mng! Glad to see you'll be joining us this afternoon!

Greetings and salutations all!

Good to see so many of you on the chat boards already! We'll get started in just a few hours...it's sure to be a great course with Ray, I'm looking forward to it!

Hi @wendy and @owner! Glad you'll be tuning in tomorrow!

@gaarmet, @ashu, @bbobo, @mng, @georgia welcome, it's good to see you all on the chat! Looking forward to a great course tomorrow...start thinking about what questions you have for Ray. 

Greetings and salutations all!

Big Data Analysis has a massive role to play in network Security and especially the Distributed Architecture Space now.

We are unable to measure& monitor the extent of the real level of Damage these attacks can affect our systems effectively enough!

I´m sorry Kelsey with "s". I have learned a lot all the time and I´d like all of us could collaborate for the next gen network arising

Hi! Kelcey, I am ready again for tomorrow´s class. Best greetings

I'm looking forward to tomorrow's session!

Looking forward to hearing from Ray about how analytics can strengthen security measures.



Featured Video
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events