Sushobhan Mukherjee


Leave a comment

“Infosec Global 2017”, International Infosec Summit in Kolkata

Preface

Winter in Kolkata has different charming flairs and “InfoSec Global” added a new feather in her cap through a mega InfoSec Summit since last year.

This year “InfoSec Global 2017”, the international InfoSec summit took place at The Park, Kolkata on 3rd November, 2017

Even though there is a lot of buzz around Cyber Security, there are many gaps as well. The areas of concerns touch everyone, our ignorance, over confidence and complacency. We keep on complaining that things are not happening the way we think it should be. However, there are many things happening as well. We need to open our minds and have a convergent thinking. It’s time to complement instead of complaining.

Govt is devising many strategies for the benefit of citizens on cyber. Law enforcement authorities are doing their work at the ground level. Enterprises taking lot of initiatives to implement tools, technologies, processes.

The challenge is how to bind these all-together, how to aggregate efforts, consolidate and converge in order to make it meaningful for the society and civilization? InfoSec Foundation is trying to drive this across the globe.

InfoSec Foundation intends to work as voice of citizen where we bring in all stakeholders together to create a more aware and responsive ecosystem. Connect and extend initiatives that have not reached the targeted audiences, find gaps and demand raise the silent voice so that it reaches the ears of policy makers and functionaries.

Summits, CIO Roundtables, Print Journals, Cyber Security Help lines, Cyber Security Curriculum for next generation – these are few envisaged areas we have already started working in India, Bangladesh, UK and Africa.

InfoSec Global 2017 is the outcome of same vision driven by Infosec Foundation.

Infosec Global 2017, Kolkata

Ignite cyber security!! That’s the mantra. And to enkindle it, Infosec Foundation had taken the important responsibility through the Iinternational InfoSec Summit. The first summit took place last year 18th November, 2016 and the same is followed by this year on 3rd November, 2017 in Kolkata. The event was important for the eastern eco system to leverage the opportunity to meet the best CYBER SECURITY EXPERTS from all across the subcontinent and gather some of the most tenacious knowledge regarding cyber security.

Theme of the Event

‘International Security in Digital India-Threat, Challenges and Opportunities’ was the theme for the 2nd International Infosec Summit in Kolkata this year. The program was designed for the leaders from the field of IT Infrastructure, Data Security, and Information Security.

Major topics were discussed in the event are cyber security issues in Bangladesh, Digital Forensics, creating new generation cyber militants, Cyber Economics, and much more.

The event was conceptualized exclusively for creating a mutual platform for all the stakeholders who are engaged in Information Security.

Speakers and Topics

The event had witnesses array of speakers across industry. Dr.Sanjay Bahl, Director General, Indian Computer Emergency Response Team (ICERT) was the Chief Guest of the program. Mr.Shyamal Datta (IPS – Retd., Former Director – IB, Former Governor of Nagaland) , Mr. Debasish Sen (Additional Chief Secretary-IT, Govt of Bengal), Mr. Vineet Goel, IPS (Addl CP I, CISO-Govt. of Bengal) and  Mr. Hari Kusumakar, IPS (Addl CP IV) joined him alongwish the Infosec Foundation Chairman in the gracious inaugural ceremony.

   

Other eminent personalities like Mr. Bratya Basu (Honourable MIC-IT, West Bengal), Ms.Rama Vedashree (DSCI-NASSCOM); Dr. B. M. Mehtre (IDRBT); Col Inderjeet Singh (Smartcity Expert, Ex-Director – Military Intelligence at Ministry of Defense); Mr. Vivek Srivastava (ReBIT – Reserve Bank); Mr. Deepak Kumar (Digital Forensic Expert), Mr. B.M.Zahid-Ul Haque (CISO-Brac Bank Bangladesh), Mr. Harish Agarwal (Partner, Ernst & Young), Mr.Somak Shome (Director, PWC) had enriched the audience with their deep insight in the domain.

   

Cyber Security Domain experts like Mr.Shrikant Shitole (FireEye), Mr.Nitin Varma (Palo Alto Networks), Mr. Sudeep Das (IBM), Mr. Manuj Kumar (Symantec), Mr.Kapil Awasthi (Checkpoint), Mr. Rishikesh Kamat (Netmgic), Mr. Subramanian Udaiyappan (Cisco Systems) Mr. Akshay Verma (Global Insurance), Mr.ParthaSarathi Das (Tata tele Services) had also added substantial valued to the content of the conference.

     

There was interesting topics like “Cyber Security Readiness for Digital India”, “Cyber Economics”, “Creating Next Generation Cyber Warriors”, “ The Cyber Security Architecture of the Future”, “Building a robust Cyber Security Architecture with Integrated Cyber Defense Platform”, “Machine Learning for Cyber Security”, “Cyber Security Challenges in West Bengal”, “Digital Forensics”, “Opportunities in Cyber Security space”, “Next Generation Cyber Security Trends”, “Cyber Thereats on Internet of Things”, “Threat intelligence strategy to strengthen cybersecurity posture for the financial sector”, “Cloud security”etc.

Audience

There were 250+ people attended the event with delegations from all leading corporates, enterprises, academia, government, law enforcement agencies, manufacturers, providers etc.

Anandabazar Patrika (ABP), Accenture, Allahabad Bank, Bandhan Bank, UCO Bank, United Bank of India(UBI), BRAC Bank-Bangladesh, Balmer Lawrie, Bridge & Roof, BSI, Capgemini, CESC, West Bengal State Electricity Transmission Company (WBSETCL), Criminal Investigation Department (CID) – West Bengal, Bidhannagar Cyber PS, Kolkata Police,  Exide, Genius, ICRA, ISACA, Jadavpur University, Jayashree Textiles, Linde Global, M.N. Dastur, MCKV Institute, Meghbela  Broadband, Meghnad Saha Institute of Technology, NASSCOM, National insurance, Neotia Group, NIA, CBI, NIC, NSHM, Onprocess Technology, Protiviti, PWC, Ernst & Young, Sahaj E-Village, Sillycon, Simplex Infra, Spencers, SREI Infrastructure Finance, Srijan Bhumi, TCG Digital, Techno India, TATA Pigments, Tractors India, TUV, Vedant Fashions, Vikram Solar, VISA Steel, Webel, ITC were few names of the key attendee organizations.

 

The audience were mainly from senior management, decision makers in the stature of MD, CEO, CIO, CFO, COO, GM etc.

There were 30+ Media Houses from print, television, radio and web platforms who were keen to spread the buzz to the mass audience.

Takeaways

The event had great deliberations in exchanging thoughts, knowledge, ideas, and case studies on cyber security among the speakers, audience, attendees, participating stakeholders. The same had not only generated great enthusiasm over networking, but also generated direct business opportunity.

The event has raised several voices, concerns from the community, extended government / policy makers’ roadmap, articulated steps on synchronization between stakeholders and surely created platform for enriched knowledge in order to have better wisdom. It was indeed a great platform for students, cyber aspirants to learn, engage and contribute.

4th Edition of InfoQuest (the dedicated print journal of Information security) got unveiled during the summit. The print journal is working as a great tool as the mouthpiece of the industry in cyber security domain.

The event strengthened the thoughts driven by Infosec Foundation with the overwhelming support from all corners and laid the foundation for more positive vibes towards upcoming Infovision(CIO Roundtable), InfoQuest (Print Journal), Infoconnect (Cyber Security helpline) and well as next years International Infosec Summit.

It was amazing to see people had joined in the breakfast (before the day event for mixing sessions with the speakers) and continued to stay with the initive till late evening (cocktail dinner with the speakers and partners).

Infosec foundation had recognized several individuals for their significant contribution in the domain and the same was was followed by instrumental music.

   

Stay tuned for many interesting things ahead. Do join the movement, contribute, engage, explore and be the part of historic movement generated from Kolkata, the city of joy.

Detailed Analysis can be fetched from the link below:

Infosec Global 2017 Report

Advertisements


Leave a comment

Data Leakage using Social Fun App

“What was the old age?”

“Who is your favorite friend?”

“How many lovers you have?”

“Which celebrity looks alike you?”

“Who will kill you?”

Do you feel you have heard these questions several times in recent past? Yes you are right. This are the questions and answers generate by a Fun App Named “Testony” (https://en.testony.com/ ). There are few more similar fun Apps like Nametest (https://en.nametests.com/), http://en.quizzstar.com/, https://sharmin.me/ , http://meawquiz.com/ and so on. Out of these Testony seems to be more popular as facebook got flooded with the output results.

How do these Apps work? They want to get some access permissions mainly Facebook (or similar social applications) and in return they get useful datas like email, message, contacts, profile, about, date of birth etc. In some cases, you have to log in to Facebook and have to apply the application to an approved application, so your information can be seen by all those applications, so it is not impossible to know the password with backend scripts.

Did you ever think how collection or leakage of data has become a cakewalk with this revolutionary marketing intelligence. This is a Honey Trap where using social media, using funny Apps, unknowingly all information and information about the persons are getting collected with user’s consent. These kind of Apps are nothing but an algorithmic Data Collection Software with various sample sizes, segments, across the globe.

Mostly everyone have been trapped by this for only getting fun. Unintentionally, all your online information, content, email lists, phonebooks, surfing patterns, browsing history are being collected by an unknown third party and being retained in their repository. Do they have any accountability? What do we know about the millions of information that they are getting used to? There is no guarantee of spamming or hacking using this information?

It is clearly defined in “Testony” site that they can use your information in business. You might get newsletters, mails, SMS as a part of Targeted advertisement for several products. This is applicable for the countries of America and Europe though nothing explicitly defined for India and other countries.

We are laughing with the friends about it, but how we are putting ourselves to the danger zone by revealing all personal data to the hacker.

Hacking/Phishing from these informations may be a child’s play for a hacker.

Immediate Resolution

To keep yourself on a safe side follow these steps to secure yourself :

  1. Hide all the testony app posts from your timeline.
  2. If you already have used this app then you must have to change your password immediately. If your Facebook email and passwords are interrelated with any email or etc then you must change that as well.
  3. Now go to applications settings tab on your Facebook account and remove that app from your list.

  1. But as you will be able to see a note there: Testony.com may still have the data you shared with them. For details about removing this data, please contact testony.com or visit the testony.com privacy policy.

 

Way Forward

We all see daydream. Everyone would love to be compared with a Super Hero, A Politician, A sportsman, A historic character. And then you feel proud or overwhelmed while getting likes/comments in social media with emotions.

We are being flooded to enough Internet data, but we need to learn to use it, rather to avoid misuse of it.

Time has come to be careful and do not share your valuable and secret information to any third party in this manner.


Leave a comment

Resolution for WannaCry ransomware

What has happened?

UK hospitals, Telefonica, FedEx, and other businesses were hit by a massive ransomware attack on last Friday (12-05-2017). Around 75,000 computers in 99 countries were affected by malware known as “WannaCry”, which encrypts a computer and demands a $300 ransom before unlocking it. The malware was able to spread thanks to flaws in old versions of Windows that were originally used by the NSA to hack into PCs before being made public by the Shadow Brokers group last month.

Among those infected were more than a dozen hospitals in England, a telecom in Spain, FedEx’s offices in the United Kingdom, and apparently, the Russian Interior Ministry. Within half a day, there were instances detected on six continents.

Several firms in Europe were the first to report having their mission-critical Windows systems locked, showing a ransom note. This quickly developed into one of the most widespread ransomware outbreaks currently affecting a large number of organizations around the world. Some affected organizations had to take their IT infrastructure offline, with victims in the healthcare industry experiencing delayed operations and forced to turn away patients until processes could be re-established.

Brief on WannaCry ransomware

WannaCry/Wcry ransomware is a relatively new ransomware variant which has been popped up using the file hosting service Dropbox. This comes on the heels of a Torrent Locker variant that was using abused Dropbox accounts to spread its payload.

Wcry initially spreads via an email, a malicious website, or dropped by another malware. Once the malware gains access to a user’s system, it drops its prerequisite files and components, after which it prompts the user to download files from Dropbox URLs (Dropbox has already been notified of these links, which have since been removed). These files include the TOR Browser Bundle and the executable file “!WannaDecryptor!.exe”. If the user clicks on the executable file, Wcry will display the ransom note shown below:

Who are affected?

This variant of the WannaCry ransomware attacks older Windows-based systems, and is leaving a trail of significant damage in its wake. Europe has the highest detections for the WannaCry ransomware. The Middle East, Japan, and several countries in the Asia Pacific (APAC) region showing substantial infection rates as well.

WannaCry’s infections were seen affecting various enterprises, including those in healthcare, manufacturing, energy (oil and gas), technology, food and beverage, education, media and communications, and government. Due to the widespread nature of this campaign, it does not appear to be targeting specific victims or industries.

What does WannaCry ransomware do?

WannaCry ransomware targets and encrypts 176 file types. Some of the file types WannaCry targets are database, multimedia and archive files, as well as Office documents. In its ransom note, which supports 27 languages, it initially demands US$300 worth of Bitcoins from its victims—an amount that increases incrementally after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic.

WannaCry leverages CVE-2017-0144, a vulnerability in Server Message Block, to infect systems. The security flaw is attacked using an exploit leaked by the Shadow Brokers group—the “EternalBlue” exploit, in particular. Microsoft’s Security Response Center (MSRC) Team addressed the vulnerability via MS17-010 released March, 2017.

What makes WannaCry’s impact pervasive is its capability to propagate. Its worm-like behavior allows WannaCry to spread across networks, infecting connected systems without user interaction. All it takes is for one user on a network to be infected to put the whole network at risk. WannaCry’s propagation capability is reminiscent of ransomware families like SAMSAM, HDDCryptor, and several variants of Cerber—all of which can infect systems and servers connected to the network.

Observations

The malware is using the MS17-010 exploit to distribute itself. This is a SMB vulnerability with remote code execution options – details: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.

With MS17-010, the attacker can use just one exploit to get remote access with system privileges to copy payload to and transfer control to it later.

By remotely gaining control over victim PC with system privileges without any user action, the attacker can spray this malware in local network by having control over one system inside this network (get control over all system which is not fixed and affected by this vulnerability) and that one system will spread the ransomware in this case all over the Windows systems vulnerable and not patched to MS17-010.

Behavior:

By using command-line commands, the Volume Shadow copies and backups are removed:

Cmd /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

File-size of the ransomware is 3.4 MB (3514368 bytes)

Authors called the ransomware “WANNACRY” – string hardcoded in samples.

Ransomware is writing itself into a random character folder in the ‘ProgramData folder with the file name of “tasksche.exe’ or in C:\Windows\ folder with the file-name ‘mssecsvc.exe’ and ‘tasksche.exe’.

Examples:

C:\ProgramData\lygekvkj256\tasksche.exe

C:\ProgramData\pepauehfflzjjtl340\tasksche.exe

C:/ProgramData/utehtftufqpkr106/tasksche.exe

c:\programdata\yeznwdibwunjq522\tasksche.exe

C:/ProgramData/uvlozcijuhd698/tasksche.exe

C:/ProgramData/pjnkzipwuf715/tasksche.exe

C:/ProgramData/qjrtialad472/tasksche.exe

c:\programdata\cpmliyxlejnh908\tasksche.exe

Ransomware is granting full access to all files by using the command:

Icacls . /grant Everyone:F /T /C /Q

Using a batch script for operations: 176641494574290.bat 

What can we do?

WannaCry highlights the real-life impact of ransomware: crippled systems, disrupted operations, marred reputations, and the financial losses resulting from being unable to perform normal business functions—not to mention the cost of incident response and clean up.

Here are some of the solutions and best practices that organizations can adopt and implement to safeguard their systems from threats like WannaCry:

Patching

  • The ransomware exploits a vulnerability in SMB server. Patching is critical for defending against attacks that exploit security flaws. A patch for this issue is available for Windows systems, including those no longer supported by Microsoft. Here is the patch details from Microsoft.
  • Additional patches for older OS’es not already included in main MS17-010 bulletin above (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598)
  • Upgrade from obsolete Windows versions to the latest one. In case there is a concern about commercials, you may easily migrate to linux environment.
  • In case there is old hardwares (which does not support latest windows version), then better to go for desktop virtualization (thin client/zero client) so that next operation/management strategies will be better.
  • The WannaCry ransomware appears to only attack unpatched computers running Windows 10. But this doesn’t mean those whose computers run on Apple or Linux code should feel smug. They, too, should regularly update with software patches as they’re issued.

Endpoint and Gateway Security

  • Ensure Desktop/Laptop/Mobile devices are protected with antivirus, personal firewall, antimalware etc. If possible, it is better to go for total protection from an OEM, which are already internationally bench-marked.
  • Deploying firewalls and intrusion detection / prevention systems can help reduce the spread of this threat. WannaCry reportedly also uses spam as entry point. Identifying red flags on socially engineered spam emails that contain system exploits helps. IT and system administrators should deploy security mechanisms that can protect endpoints from email-based malware
  • A security system and practice must be deployed for continuous monitoring and management for proactively action on potential attacks in the network.
  • WannaCry drops several malicious components in the system to conduct its encryption routine. Application control based on a whitelist can prevent unwanted and unknown applications from executing. Behavior monitoring can block unusual modifications to the system. Ransomware uses a number of techniques to infect a system; defenders should do the same to protect their systems

Regular Backup

  • Ransomware will target the files and software in your system. So it is best to keep them backed up regularly. The best way to protect them offline using external harddisk somewhere away from the reach of the internet.
  • Incase backup is taken on cloud; the backup mechanism should run on intervals. It should not be always connected.
  • Ransomware infects at the system level. Hence complete backup of your Windows OS will also be helpful

Connectivity

  • Ransomware attacks are all through the internet. Hence it is essential to have a control on the path between your computer and the Internet.
  • WannaCry encrypts files stored on local systems and network shares. Implementing data categorization helps mitigate any damage incurred from a breach or attack by protecting critical data in case they are exposed
  • Network segmentation can also help prevent the spread of this threat internally. Good network design can help contain the spread of this infection and reduce its impact on organizations.
  • Whenever connectivity is not needed, the path should be closed or connectivity should be disconnected.
  • When you’re using public WiFi networks, make sure you tell your system that you’re on a public network (many will ask if it’s a public or home computer.) That tells your operating system that it’s functioning in a potentially threat-filled environment and it will close off some of its more vulnerable software ports to the outside.

Proactive Measures instead of Reactive

This is not end of it. Rather more destructive versions will be popping up soon. Hence remediation of present threat will not give us a resolution. Security is a journey, not a resolutions. Hence below measures should give us some breathing space:

  1. Network and Application Audit on regular intervals (vulnerability Assessment and penetration testing)
  2. 3rd Party Risk Assessment and Business Continuity Planning
  3. Information Security Process Adherence as per international bench-marking , certification, compliance and regular governance.
  4. Remediation as per GAP Analysis continuous basis
  5. Deployment of tools and technologies for proactive measures.
  6. Close harmony between people-process and tools.


Leave a comment

INFOCON 2016 – Mega Infosec Summit in Kolkata

Winter in Kolkata has different flairs like charming weather, sweets prepared from “Nolen Gur”, Circus, Picnic, Hopping between Zoo-Museum-Science City-Nicco Park, Different Fairs-Exhibitions-Summits. With the emerging problems of Global Warming, Kolkata is not far behind to experience diminishing winter along with other fading glories.

The charms of life, spirits of soulmates, passion of humanities are still stands ahead with any of the advanced city across the globe.

This November 18, 2016, Kolkata proved it once again. The winter in Kolkata adds a new feather in her cap through a mega Infosec Summit called “Infocon Kolkata 2016” at CII-Suresh Neotia Centre of Excellence, Saltlake.

15037351_1276608482360564_4208566999011637013_n 

Infocon Global is essentially an idea which has manifested itself through deliberations, practice, my running day to day business operation as CEO of Prime Infoserv LLP and interactions with clients, competition, colleagues and peers.

The more we converge towards an increasingly connected world, information keeps on flooding between anything to everything and then of course information security becomes a point of concern. People start panicking and common sense takes back-seat. But there is a solution to every problem and counter measures to defend, protect and launch offensive attack do exist as well. But the mechanism, process and knowledge are in silos and in effect are not meaningfully available as a whole. Different and piece-meal, adhoc and fragmented measures are being projected as solutions resulting in people becoming more anxious, confused and decision making culminates into dilemma.

“Infocon Global” is being envisioned as a platform to address the burning concerns in the community. The idea is to engage different stake holders including partners, customers, manufacturers, policy makers, academicians, regulators, end-users to cross pollinate and create unbiased and true wisdom through awareness and sharing of best practices. Infocon2016 today is a continuation of this search for collaborative wisdom. Prior to that, two similar events were organized on this theme by us – one in Bangladesh and the other in the United Kingdom, again in a collaborative model.

13094176_1119602198061194_3615704183204259374_n 13043398_1119607848060629_6421677602274232411_n 13015215_1119633218058092_9009829898258885427_n

“Infocon Kolkata 2016” is more like a milestone in a relay race because the issue is truly global and will affect not only us but our next generation. In an information intensive society, all the components of the society will be impacted by any cyber-attack or security breach. In order to have as much harmony and totality, we have brought experts and organizations related to Technology, Process and People Consulting, Law Enforcement, Financial institution, Policy Making, Data Handling, Cyber Law, Policing and so on. What is interesting to observe is that all these diverse fields of society find mutual overlap just like Internet is going to overlap all the areas of our lives and we call this Internet of things.

The event was inaugurated by the Chief Guest, Shri H K Kusumakar Additional CP IV, Kolkata Police alongwith Swami Vedatitananda, Ramakrishna Mission Shilpamandira, Belur Math; Mr.Nirupam Chaudhari, Regional Head – Nasscom , Mr. Manjit Nayek, Additional Director – STPI Kolkata Centre., Mr Hemant Chhabria, Member of COMPASS, Founder of justvideos.

_dsc0065 _dsc0068 _dsc0075

The first session after inauguration was by Mr Sukhminder Singh Sidana, National Manager- Government & Public Sector Business, Sonicwall on “How to Protect Your Organization from Ransomware”, a burning topic in today’s world.

_dsc0155

The number of successful cyber-attacks continues to increase, threatening financial and personal security worldwide and cyber forensics is undergoing a paradigm shift. Mr. Jayanta Parial, Principal Engineer, CDAC. Conducted the next session on “Cyber Forensic needs and current Scenarios”.

_dsc0164

Next session was covered by Mr. Joydeep Bhattacharya, Chief Operating Officer at TCG Digital Solutions Private Limited. The audience was stunned with the relevance and depth of the topic “Creating Real World Simulation for Training and Network Resiliency”.

_dsc0190

Further deliberation was for Data Centre Securities through a panel discussion. The panel was led by Mr. Shyamal Bhattacharya, CEO of Technoplace Consultants.  The eminent panellists were   Mr. Siddhartha Chakraborty, Officer-in-Charge, Cyber Police Station, Kolkata Police;  Mr. Suketu Vichhivora, Vice President – Sales and Solution, Nxtra Data, Mr.Saibal Sarkar, NIC and  Mr. Vivek Gupta, DGM and CISO in Allahabad Bank.

_dsc0219

The last session before the lunch was from Mr Kanchan Mallick, Regional Manager at Trend Micro for Eastern India, Bangladesh, Bhutan & Nepal. His insights on targeted attacks were major takeaways for the audience.

_dsc0269

The lunch was designed with authentic Bengali touch of winter season. The peas kochuri, chana dal,  diamond fish fry, cauliflower roast, dhoka curry, Dahi Fish, Mutton, Chatni, Gulab Jamun, Ras malai , Ice-cream all were bundled with personal touch and traditional bengal’s aroma and taste.

Post lunch, the summit had witnessed the launch of our journal and mouthpiece on Information security named Infoquest. Infoquest is a journal with broad-spectrum treatment of the theme of Information security with interdisciplinary stakeholders. Infoquest captures in the lens of words the kaleidoscopic perspective on the theme with contributions from a wide group of authors in India and abroad. Infoquest was formally launched by Sri Syed Waquar Raza, IPS, SS(Spl), CID, West Bengal alongwith  Editor-in-Chief, Mr Pritam Bhattacharya, Mr. Kamal Agarwal, Chairman, Eastern  Regional Product Council-Nasscom and me as chairman of Infocon Global. We were overwhelmed by the contributions we received when we launched our Call for Papers. Infoquest is planned to be a quarterly journal and we hope it shall continue to receive your patronage and co-operation.

_dsc0289

Our next session was a workshop on “Real Time Information Security Issues Handling as per Best Practices Worldwide”. It was conducted by Mr.Pritam Bhattacharyya, Founder and Chief Wordsmith, Wordsmith Communication and Mr.Kaushik Bhattacharyya, Business Strategy Consultant. The workshop was designed to derive solutions of real life problems with the audience inputs and expert panel validation. This was clear cut distinctive differentiation of other conferences in order to have audience engagement in a better way.

_dsc0364 _dsc0361

Mr. Koushik Nath, VP Systems Engineering India- & SAARC, Cisco Systems, had conducted the next session on “Advanced Security Threat Analysis”. Mr.Nath was instrumental with his audio-visual presentations and unmatched style to hypnotize the audience.

_dsc0366 _dsc0368

Next session was meant for the Ground Reality in Cyber Crime by the people who handles those in their professional life every day, This was presented by CID – Cyber Crime Technical Expert Team.

_dsc0375

The session further was orchestrated by Mr. Ravindra NR, Sr. General Manager, IT & ITES, BSI. The topic “Cloud Security” was relevantly new for the audience, but was truly an eye opener in present emerging trends.

_dsc0390

Next was a panel discussion on the topic – Latest Cyber Security Threats and Mitigation Strategies. The panel was moderated by Mr. Arun Agarwal, Chairman and Managing Director, Ebizindia Consulting with eminent panellists Mr. Sandeep Sengupta, MD – ISOAH; Mr. Rajarshi Banerjee,Technical Lead, Cyber Crime, CID; Mr. Angsuman Pal, STF, Kolkata Police and Mr.Biraj Karmakar, Mozilla Reps and Mentor . The session revealed key take aways on today’s always connected generation.

_dsc0401

The final session of the day was on Large Enterprise Strategy of Information Security Handling, presented by Mr.Abhijit Chatterjee, CIO, Karam Chand Thapar Group. It was like hearing from horse’s mouth to understand the real strategies taken in real life situation.

_dsc0432

Further we had moved from Information Security to some soul-warming music through the musical performance by a Bengali folk band – Surma Dohar, led by Joyshankar.

_dsc0439 _dsc0441

In between the music, we had recognized significant contribution in different spheres like best three articles in our journal, ICT Promotion, Cyber Law, Cyber Crime, IT strategy and consulting, Data Science and Analytics, video as new media, cloud communication, Business Intelligent Architecture and Bengali folk music. We further acknowledged the contribution of our core team and volunteers. Without them such a mega summit could not be seamlessly organized.

_dsc0451 _dsc0452 _dsc0453  _dsc0489

_dsc0505 _dsc0463 _dsc0506 _dsc0511

Information security industry really has no frontiers. The current and emerging problems not only need global collaboration but it will need a huge workforce with a certain identifiable skill set. In its objective to build awareness, disseminating ideas and training younger generation, Infoconglobal has already become a pioneer in a global theme from Bengal.

Infocon Kolkata 2016 is just a beginning. We hope to see all of you once again on 24th November 2017 at Kolkata where we shall walk again with Kolkata and you.

Photo albums are visible in two sources : Source 1 and Source 2


1 Comment

Cyber Attack Prevention Strategy

Entire India is into turbulence with the latest banking fraud. All print media, news channels, internet are discussing on the same topic and some kind of panic situations are spreading across. Security breaches are very common; but this time something ‘Worst’ has happened. Yes, this biggest financial data breach has affected 32 lakh debit cards. As a result of this, banks have blocked their ATM cards, without any advance notice. But these kind of attacks are not new or unusual.  With the increasing trend of Internet connectivity, online shopping (e-commerce), mobile wallet usage, IoT (Internet of Things), these kind of threats are bound to increase due to casual approach to the situations. We tend to be highly technical, keep on spending money on high end appliances, softwares and intent to forget basics without applying common sense.

The approach to the situations are always reactive. The moment some attack place, the entire echo system works towards protection of the same forgetting in the near future the hacker will come back with a new strategy instead of repeating the same method. The success of the story lies in continuation, blending between people-process-tools (technology), synchronized approach of different hardware/softwares instead of running in silos. The core problems lies in outsourcing in multiple layers and several layers who always declines to own responsibility. In the whole chain the accountability, ownership completely missing. Think of Indian banking threats, Bangladesh cyber-attacks where the incidents were suppressed by the authorities for months so that the ripples in the community floats lesser. Imagine if the compromise of data, the impact of the loss could be known to the common man beforehand, they could have more cautious and more impacts could be avoided.

First and foremost important factor is framing policy, law and enforcement of the same by government so that Banks (their downstream providers), BFSI organizations,  3rd party payment gateways,  money wallets are to be bound strictly by compliance, governance and penalty clauses in case of defaulters. The debit card or credit card protections strategies are already internationally benchmarked by PCI-DSS framework with below subsets:

  • Security Information and Event Management (SIEM)
  • Vulnerability Assessment
  • Data Leakage Protection (DLP)
  • File Integrity Monitoring (FIP)
  • Host Intrusion Prevention (HIPS)
  • Web Content Filtering
  • End point Encryption
  • Web Application Firewall (WAF)
  • Endpoint Security
  • Penetration Testing (PT)
  • Privilege Account Management (PAM)
  • Identity Management (IDM)

Information Security is covered under ISO 27001:2013, IT Service is covered under ISO 20000, Business Continuity under ISO 22301:2012, Risk management by ISO 31000, Software industries are covered by CMMI compliances. Hence following the standards and enforcements by the authorities will enhance the situations.

Moreover periodic monitoring of infrastructure, security infra, co-relation and reporting, vulnerability assessment, penetration testing, proactive measures before a threat occurrence will minimize the chances of failures.

Now what can be simple strategies by poor common man? Here are few very simple, but powerful strategies driven by common senses:

  • Change ATM/Debit/Credit card pins in regular intervals.
  • Link cards with mobile number, email address if not already done.
  • Immediately go for chip based card, grid card and enable with two factor authentication (OTP sms/mail etc.).
  • That’s not all. Avoid creating pin/password with names, surnames, date of births, anniversaries (yours/parents/spouse/children) combinations as these can be predicted very easily through your social spread. Try implementing alfa numeric passwords stitched with special character.
  • Using benchmarked standard antivirus (better Total Protection) in both desktop/laptop/mobile/tablet are essential. Free or cracked software is to be avoided. Saving INR 2000 yearly may lead to some major problem.
  • Any banking/ecommerce site should be used through secure site (ssl) i.e instead of “http://”, it should reflect “https://” .
  • Saving online banking, ecommerce site, mail password etc to be avoided for convenience.
  • Password is not be kept anywhere is writing in any form (not word, excel, cloud, printed paper, handwritten paper)
  • Any non-standard games / application are to be avoided as lot of applications are being framed to sniff data.
  • Latest smartphone/tablets are having application control mechanism. Please block unwanted access of all application (like contacts, sms, camera etc whichever is not relevant for that application).
  • Any information related to password, pin are not to be floated through mail, WhatsApp etc. so that there are chances to have repository.
  • International transactions which does to imply two factor authentication (i.e only CVV applies), we should avoid transacting there except renowned players (here government should also force Master/VISA to relook at policies and enforce two factors as well).

These are not all. There are lot more in these arena. I was discussing on this subject in few television channels last few days and thought of writing few basic tips for common man as lot of people requested me.

high-tv2 img_20161023_192136

We will be discussing and brainstorming in depth in our upcoming Conference Infocon and we will be coming a Printed Magazine on same context as one of it’s first kind.

We will be discussing for technology oriented knowledge sharing on targeted attacks like ransomware, APT (advance persistent attack), cyber forensics etc.

Stay tuned for more excitement on 18th November, 2016 at CII Suresh Neotia Centre of Excellence, Saltlake.


Leave a comment

Time to rethink on Infrastructure

Wish you all the greetings of “Subha Bijoya”. Trust you have enjoyed the days with your friends, family and loved once during Durgapuja holidays.

So far in my blog I had generally not written anything on Technology, Process etc. which are the core competency of my organizations. Few of my friends insisted me to write them as well. Here is the first one in the series.

OND (October, November, and December) quarter is always dull in terms of business in India, especially in Bengal. The season starts with Durgapuja, followed by Lakshmi Puja, Kalipuja, Diwali and followed by Christmas and off course Winter Vacation (since year ends at December, there are pressures to liquidate casual leaves). In effect generally business /investment happens little lesser compared to other quarters. But this is the time look back at investments done so far or review upcoming plans.

An enterprise typically is having heterogeneous environment where business is in need of different elements like Internet Bandwidth,  Router,  Switches, Firewall /UTM, Load Balancer, Servers, Storage, Backup, Desktop, Operating Systems, Database, Applications, Virtualizations, End Points, Wifi, CCTV/IP Camera Based Surveillance, Biometric Attendance, RF ID based Access Control and so on. In addition to this there is a huge Non-IT infrastructure needs to support these IT infra like UPS, DG Set, Building Management System, Cooling Systems (PAC, CAC), Civil, Interior etc.

One sample architecture is attached below to make all of you understand how critical it can be.

test1

But how an Enterprise / Organization invest on these aspects? Is it possible for the IT administrator/Systems Incharge to handle such a wide spectrum of systems with his own domain knowledge, evaluate, finalize and implement as per organization objective?

Answer is “No”.

Then how it happens? It happens by “Assumptions” and OEM/SI “Influence”.

There are wide variety of OEMs in almost all variants. Few of the examples are as follows:

  • Internet Bandwidth: TATA, Reliance, Airtel, Sify and so on,
  • Computing: HP, Dell, IBM, Fujitsu, Lenovo, Acer, ASUS and so on,
  • Routing/ Switching: Cisco, HP, Juniper, Brocade, Avaya, Allied Telesis, Dlink, Extreme, Digisol, Netgear and so on,
  • Security: Fortinet, Cisco, Juniper, Cyberoam, Dell Sonicwall, Symantec, Kaspersky, Trend Micro, Palo Alto and so on,
  • Virtualization: VMware, Citrix, Microsoft, Ncomputing, VXL, Enjay and so on,
  • Wireless: Ruckus, Motorola, Cisco, Aruba, Ubiquity, Engenius, Digisol, Ubiquiti, Netgear, Dlink, Alcon and so on.
  • Gateway: 24 Online, Nomadix, Ucopia, Peplink, Radware, Bluecoat, Allot, F5, Citrix and so on
  • Surveillance: Sony Ipela, Samsung, LG, Tyco, Bosch, Honeywell, Pelco, Zicom, Alcon, CP Plus, Sparsh, Hikvision, Digisol and so on.
  • Video Conferencing: Polycom, Huawei, Cisco, VU, Avaya and so on.
  • Networking: Schneider Electric, Tyco, R&M, Systimax, Siemon, Molex, DAX, Dlink and so on.
  • Software: Microsoft, Redhat, Novell, CA, IBM, HP and so on.
  • UPS : Eton, APC, Emerson, Delta etc
  • PAC : Emerson
  • DG : Kirlosker, Jakson etc

Now it is literally impossible for an individual to avoid influence from almost all the above. Everyone pitches it’s superiority compared to the other and intends to prove the other one does not suit the customer requirement.

There was a situation of a customer where they had best of the bread products in almost all layers, but still they had application access issues (SAP with Oracle Database) through its blade server. They used to restart the gateway UTM, remove cables from the server etc. kind of short term break fixes instead of identifying the real root cause. The moment they spelled out to their existing service providers, all different stake holders were prone to sell their products. Internet service provider wanted to upgrade the bandwidth since the issue was due to over utilization of the bandwidth as per them. The UTM supplier and OEM wanted to sell the higher Box through Buyback since it apparently got over utilized as per their observations. Similarly LAN vendor wanted to change the entire cabling from Cat 5 to Cat 6 to improve performance. And off course customer was literally confused. Finally the troubleshooting revealed the configuration issues of their existing resources. On configuration of VLAN and deployment of the core switch in L3 mode with inter VLAN routing sorted out the problem. The problem was the generation of malicious traffic from the LAN machines which were part of same broadcast domain with the servers. Moreover, it has also been found the kind of resources they had in terms of the infra was surplus and would suffice their future needs at least for three years.

This is not uncommon in nature. Generally this is the pattern where market is inclined to sell more and more products/ services of theirs instead of doing due diligence to actual needs.

Let me give you one more example. One of the leading hospitality customer was having wifi implemented in the property from one of the leading renowned brand. The property had 67 no.s of access points installed in total 7 floors. The product was leader in the segment. But still customer was having lot of Wifi related issues with specifically apple devices. The moment they approached the provider, they suggested to have 20 more access points! Adding more and more devices can never solve the problem (moreover only problem in Apple devices cannot be a wifi coverage issue, it is bound to be a configuration issue). Wifi deployment needs proper survey and deployment plan as per needs not just deploying devices here and there. Additionally they bought the devices for some extraordinary features (which are true), but none of those were being used by them (as was not required for them). Later on they procured low cost devices (one fifth of the cost of existing devices) and their purpose was served with satisfaction.

Hence the idea should be to have a stock of the existing infra, understand it’s utilization, configuration and organization objective in order to select a product / solution. It is not only about selection of a product as per need, but also it is important to configure/customize as per organization business need in order to synchronize with the objective and have fruitful result.

With the blessings of Goddess Durga, it is high time for all of us to go back, understand the situation of our existing infrastructure before we invest further in products. Also let us enlighten ourselves to choose a right product, evaluate as per needs, not just by name.

Evaluation of existing infrastructure (which is already built and running) is not possible manually in case proper process are not in place. This is done by deployment of some automated tools which generate several logs and consultants manually correlate the logs and assist organizations with report on GAP Analysis and Remediation Plans.

Any queries from the interested readers, I will be happy to address.

 

 


Leave a comment

Data Trends 2015

Happy New Year Friends!

Year 2014 was flooded to datas. We were floating among datas and the trends were evolving and breaking all of it’s past benchmarking.

Few of the data patterns of 2014 are listed below as I read in different channels:

  • Facebook users shared more than 17 million ice bucket challenge videos to support ALS research, reaching 440 million people, who racked upto 10 billion views
  • The final match of the 2014 Fifa World Cup spurred a record worth 618725 tweets/minute and 280 facebook interactions
  • University of Sao Paolo in Brazil deployed first and largest private cloud in Latin America. They consolidated 150 datacentres to 6 datacentres (reducing storage requirements by 90% despite 30% growth in Data)
  • Based on Data from NASA’s Kepler Mission identified an unprecedented batch of 715 new planets, bringing the total known planets to nearly 1700.
  • The Winter Olympic Games in Sochi generated a record of 102000 hours of TV and digital broadcasting (4.1 billion viewers)
  • Chinese e-commerce giant Alibaba manages n average of 11.3 billion orders every year (231 million active buyers). In September, it enjoyed the largest IPO in US history, raising $21.8 billion.
  • Elien DeGeneres’ celebrity-filled selfie at the 86th Academy Awards racked up more than 2 million retweets before the end of the telecast, breaking Twitter records.
  • In February, the simple mobile game Flappy Bird reached 50million downloads over 100 countries.
  • Within an hour of U2 offering their single “invisible” for free in a Super Bowl XLVIII ad, the song racked up more than a million iTunes downloads.

Data moments will evolve and exceed last year’s pattern as well this year. Let us keep our eyes open and watch how the hype of Big Data becomes actionable this year.

Ideally this year should converge, automate and integrate the Big Data.

With the growth of unstructured data new types of distributed, scale out storage might be in need keeping data analytics in mind. The adoption of hybrid clouds (the combination of private and public cloud) should be gaining momentum in this year.

Data centres are expected to be infinite where Racks will get denser, performance per kilowatt will increase and smaller data centers will be able to handle more. The change will emphasize logical growth without physical growth.

With personal clouds and shrinking data centres the mobility will become easier to meet the needs of consumers.

In 2015 we are expected see a shift towards data-driven cultures in case we truly want to reap all the benefits of Big Data Strategy. Analytics will become deeply, but invisibly embedded everywhere.

Data storage has become so cheap these days, that organizations can almost store any data they want, whether they will immediately use it or not. Having a data lake, gives users instant and easy access to all that data and you don’t need to design a data model beforehand. Data lakes are relatively new, but in 2015 we will see more organizations experiment with data lakes.

Let us ride the Data Wave, evolve , sync with the trend and get ourselves aligned with time and get the utmost benefits.

images (1)