rosendal-hansen.dk – Fascinating and Scary IT

During my summer project of investigating IT security and AI, I am having a hard time picking a topic to dive into. Especially when it comes to IT security, that is insanely big. From now on, I may question people with the title of IT security experts. Ask them which part of IT security, they are experts in, as they can’t possibly be export on it all.

I decided to do a brainstorm of all the cyber security related topics, I could come up with. It led to the list below. 56 items, and some of them are huge just by themselves. Take least privi-lege access principle of users only having access to what they need and nothing more. The scary thing about this is imaging what it would require implementing and enforcing the whole list.

I guess what is important and often overlooked is to prioritize and be clear about what is left out of scope. It is a difficult exercise. Having to tell the management, steering committee, or other decision makers that it is necessary to descope 8 security measures to avoid killing the project. I believe they will steal the focus from the 37 other security measures, the project managed to include.

I will be interesting to see, if we change that approach next year, where the NIS2 EU directive is entered into force. By then a wide list of companies that deliver services related to critical in-frastructure must comply with security measures within 10 specified categories. I checked out the directive. The categories are broad, and covers my entire brainstorm list, and additional policies and reporting procedures. Failing to comply with NIS2 can lead to large fines, and leaders can be held personal responsible. That is scary cyber security stuff.

At least I have a checklist now, and I believe that I will add more items, when they come across my mind. Separating them into categories may also help me define which security measures are relevant for which projects. Let me know what my list is missing.

1. Backup on-prem
2. Backup cloud/SaaS
3. Restore test
4. 3-2-1 backup method
5. Ransomware protection
6. Redundancy
7. DDos protection
8. Single point of failure
9. Network segregation
10. Endpoint security
11. Firewall/gateway protection
12. Break glass policies/solutions
13. IoT security
14. Segregartion of duties
15. DevSecOps
16. Secrets management
17. Sql injection protection
18. Cross site scripting
19. Brute force prevention
20. Patch management
21. Identity access management
22. Privileged access principels
23. Network Monitoring Tools (Siem)
24. Intrusion Detection Systems
25. Cloud access security broker
26. DNS filter/URL filtering.
27. Honeypot
28. Penetration testing
29. Physical access security
30. VPN when working outsite the organization’s network
31. Avoid non-company IT services
32. No non-standard software installed on personal PC’s
33. Sandboxes for testing/investigating
34. E-mail security
35. Awareness training
36. USB port policies
37. Work phone policies
38. Data categorization
39. No clear text passwords
40. Encryption in transit
41. Encryption at rest
42. Encryption key management
43. E-mail encryption
44. Disk encryption
45. Backup encryption
46. Data loss prevention solution
47. Zero-trust principle
48. Least privilege principle
49. Privileged account policies
50. Secrets management
51. RBAC
52. AD security
53. Service accounts security policies
54. Multi-factor authentication
55. Antivirus software
56. Incident response

Yes, over the last weeks, I did what we have all been trained not to do. I clicked on all spam links I could get my hands on. Well, I did not sacrifice my own PC, but made my very own spam testing machine somewhere in the cloud. I couldn’t wait to see which pages I would enter. How they were made and if my new spam tester machine would be infected by malware.

I clicked the first link, then the next and the third, and must admit I was a bit disappointed. Most links wanted to sell me products like books or access to questionable dating sites. Around half of the sites were Russian, and a lot of them showed me nothing but a 404 – page not found. A part of me expected to see my spam tester machine in flames, forced to its knees by aggressive malware. But that seems to be fine.

Releasing this blog showed me how scary yet fascinating the internet can be. I must admit that I got a little excited when someone reached out to me on the day my new blog went live. That excitement quickly faded once I discovered who had actually contacted me.

To build the blog, I purchased and implemented a template that included a contact form. Not only did a bot enter my site, but it also clicked on the contact page, filled out the contact form, and hit reply. The message contained a combination of Russian and Danish text, along with a link. I suspect the “masterminds” behind it want me to click that link.

I guess lesson number one in my summer project is this: if something is exposed to the internet, zombie servers (bots) will sneak up on it and knock on its door… Not just once, but every day.

In my next post, I will create a secure environment and attempt to click the links in the scam messages. I hope to gain more insights into what the scammers want and how clever their tricks truly are.

Note: I implemented a CAPTCHA, a feature that always annoys me. Let’s see if that keeps the bots from knocking again.

ABOUT ME

I am a Senior IT architect at Falck, a respected Danish company providing fire, ambulance services, and private healthcare. My primary focus revolves around managing and overseeing large-scale IT implementations, which span over a year from idea to execution. I find immense fascination in projects of this magnitude and thoroughly enjoy my role within the company.

In addition to my professional pursuits, there is a more creative side of me that yearns to offer my own products on a smaller scale. This allows me to merge my work at Falck with freelance services, enabling me to explore new opportunities, particularly in the field of IT security, an area that has captivated me since my master's thesis.

While IT is central to my professional life, I also value the importance of completely disconnecting in my spare time. I seek solace in a diverse range of hobbies and interests. Traveling is one of my passions, as it provides me with new experiences and broadens my horizons. I also find joy in my garden, nurturing and cultivating plants. The soothing sound of the piano fills my leisure hours, allowing melodies to bring tranquility to my mind. Lastly, I embrace the art of mixology, shaking up delicious cocktails and relishing in the results.

By striking a balance between my professional and personal pursuits, I approach each day with renewed vigor and enthusiasm, allowing me to thrive both within and outside of my work at Falck.

- ChatGPT on behalf of René Rosendal

CONTACT

Methods:	Agile methodologies, Archimate notation standard, data methods – source to target mapping, data governance, data modelling.
Technologies:	Azure DevOps, Horizzon/Bizzdesign, Visio, Sharepoint, Azure

Methods:	Agile methodologies, C4 notation for solution architecture, data methods – source to target mapping, data governance, data modelling.
Technologies:	Azure DevOps, Tag Manager, Visio, PowerBI, Customer Data Platform

Methods:	Agile Methodologies, Kimball Data Modelling, source to target mapping
Technologies:	Microsoft business intelligence tools – SSIS, SSAS, Power BI, Visio, Boost.ai chatbot tool.

Methods:	Conceptual modelling, Kimball data modelling, source to target mapping, agile methodologies, wireframing and prototyping.
Technologies:	SQL, SSIS, SSAS, Tableau, PowerBI - and other good old stuff running on-premise

IT Architect

Never Ending Cyber Security

I Clicked All The Spam Links

They Come Knocking

ABOUT ME

CONTACT

– ever thought about this?

Too much security

Failover fail

Big Words From a Bot

About Me

Resume

Senior IT Architect

IT Architect

Consultant

BI Consultant

CONTACT ME

Let's Talk