UK: What is the GCSx Code of Connection (CoCo)?

A code of connection (CoCo) is a mutually agreed set of rules used by two parties to allow the Exchange of information between their systems. The UK government has pursued several initiatives in recent years to connect all government organisations into the secure networks of the central government intranet.

GCSx stands for Government Connect Secure Extranet. This is the network which will specifically connect Local Authorities (LAs) to the central government intranet (GSI – Government Secure Intranet). GCSx relates only to LAs in England and Wales. Scottish LAs will connect through GSX (Government Secure Extranet). Local Authorities must achieve CoCo compliance in order to be access access to the Government Secure networks. Confused yet? Being driven CoCo.Nuts?

Here’s a diagram to help see how it all fits together:

There are jut under 100 controls and measures that a Local Authority needs to put in […]

Phone Hacking, Corporate Responsibility and Employee Accountability

The UK has been awash with scandal upon scandal in recent months. Individuals and organisations who we are supposed to trust have abuse their positions and the circumstances available to them. Is this to be the century of corruption? The politicians led the way with the expenses scandal, immediately followed by questionable banking practices which brought the world to the brink of bankruptcy. Now in our latest installment of the “people doing what they really shouldn’t” saga, we have once reputable press organisations hacking into the phones of, well, pretty much everyone.

The world needs a double dose of the medicine that is corporate responsibility and employee accountability. Whether or not the chiefs at the head of these corporate tribes were aware of the activities of their employees, ultimately they have a duty of care to take reasonable measures to prevent this kind of unacceptable behaviour occurring. Failure […]

Theory of Gravitational Information Security – Making Security Policy Implementation A Reality

This article draws on elements of gravity theory to help visualise information security concepts and to describe how to practically implement security policy objectives. It describes a metaphorical model where gravitational forces are analogous to the level of security controls we apply to an organisation’s information. Be warned, this will quite possibly be the nerdiest article I have written, but will be simple enough.. no degree in particle physics required to grasp it.

What is Gravity?

Gravity is a force which attracts and pulls physical objects towards each other. All objects are known to be affected by gravity, from the smallest atom to the largest star in the night sky. A general rule for gravity is, that the greater the mass of an object, the more gravitational force it will exert on the other objects around it. The sun, for instance, pulls the earth towards it in the same way that […]

Whitepaper: Command Email – A New Military Message

It’s been a few months since my last blog. As always work commitments come first and it’s been a bumper couple of months. I’ve been studying the military messaging environment and how it is evolving and summarized my findings in this whitepaper. The main thrust is that organisations should be considering moving away from traditional Military Message Handling Systems (MMHS) approaches in favour of lighter, simpler, COTS based, modular and more cost-effective solutions.

“ The secret of war lies in the communications”

Napoleon Bonaparte

  The ability to communicate effectively and without ambiguity has been, and continues to be, instrumental to the success of military organisations across the world. Throughout history military organisations have pushed the boundaries of communication. Military messaging has evolved from smoke signals, to written letters, to telegraphs, to radio, to email and to unified communications today. Sending messages between organisations, units, roles and individuals is paramount to […]

Web 2.0 – Why the internet got better, why security got worse.

Web 2.0 was recently crowned the one millionth word of the English language. This is perhaps just one indicator of the impact that Web 2.0 has had on our everyday lives. Why? In this blog, I’m going to go into what Web 2.0 actually is, some of the underlying technologies and what challenges these bring for security.

[…]

A Short History of Hacking

Found this on Online MBA.com. Thought it worth sharing.. and I never knew that the term hacking came from the guy who Russell Crowe plays in the film, A Beautiful Mind:

Data Loss Prevention – Content Awareness: Human vs Computer Classification

Data Loss Prevention (DLP) is a newer area of information security and assurance which has arrived in recent years. There are a host of software products, controls and solutions which have found there way onto the market to help facilitate DLP, whether those losses be malicious or inadvertent. This market seems fledgling but is maturing as time goes on. People are just starting to understand the effects of losing data, most of which is lost by mistake. Around 77% of data loss is “inadvertent” and unintended. Basically, people make mistakes. A much lower percentage of data loss is malicious. Compliance seems to be a major driver for the implementation of the solutions and many key security players are positioning DLP as a core element of ongoing strategy. The question I have is, at this stage is are we ready to effectively apply AI(Artificial Intelligence) based systems, where the intended objective is for those […]

Google Sniff-View Cars?

Probably one of the more interesting news stories this month is the revelation of Google admitting that it packet sniffed on unsecured public Wi-fi networks. Read news here.

It appears that Google Street View cars were driving around taking pictures of various locations, but were also kitted out with network sniffers that could connect to unsecured public wi-fi access points, monitor and record data transmissions across those networks. Naughty stuff Google. This went on for a total of 3 years and accordingly to Google the activity was a “simple mistake”. This continues to re-affirm beliefs that public Wi-fi networks are serious security risks for both individuals and companies. If one of the world’s largest IT monopolies can do this by accident, cough, what could a determined plan of attack achieve.

So how did they do it? The answer is, without rocket science. It’s easy enough to connect a laptop […]

How secure is my wireless network? Four Tips to bump up security.

Do you think your wireless network is secure?

If the answer is yes. The BackTrack (BackTrack 4 – www.backtrack-linux.org) pentration testing OS would beg to differ.

BackTrack 4 manifests itself in an entirely customised distribution of Linux. The underlying Linux distro is Ubuntu, but has been specifically enhanced, configured and packaged for the purposes of penetration testing. Within the package you receive a wide variety of wireless cracking, network scanning and password breaking tools.

There are several options you can select for running BackTrack to start your activities. You can install it as an OS on your harddrive, you can install it and run it from a USB stick and you can even run the entire OS from CD. The latter option requires no installation at all. You simply select a machine, boot from the CD and then remove the CD when finished. I chose the latter option for […]

Information Security Drivers

Is it possible to acheive total and complete information security? The answer today is no.

On occassion, it is easy to become complacent and make an assumption of security. Implementing effective counter measures to possible breaches of security can give an over confidence in our perception of the level of security in our systems. The reality is that our applications and systems become increasingly more complex. The primary challenge of any development of technology is making something that works, making something that works but also has perfect security is a pipe dream. Modern operations systems can contain upwards of 50 million lines of code. There are always holes in applications and operationg systems. If you doubt this, check the amount of security patches released by any OS vendor you know.

With this is mind effective security becomes about understanding that it’s not possible to fill every hole and block every gap […]