How to Stop Ransomware: 3 Essential Strategies
Discover how to stop ransomware in its tracks with this informative episode of The Backup Wrap-up. Hosts W. Curtis Preston and Prasanna Malaiyandi look into three crucial strategies that can prevent 90% or more of ransomware attacks. Learn why patch management is your first line of defense and how to implement it effectively. Explore the world of password security and discover why a robust password management system is essential. Finally, uncover the power of multi-factor authentication in thwarting unauthorized access. Don't miss this opportunity to strengthen your cybersecurity defenses and stay one step ahead of cybercriminals.
Speaker:
W. Curtis Preston: Today I am going to tell you how to stop
Speaker:
most ransomware attacks using three simple but powerful methods.
Speaker:
Just three simple things that will stop over 90% of all ransomware attacks,
Speaker:
patch management, password management, and multi-factor authentication.
Speaker:
That's it.
Speaker:
I'll explain why I make this claim and then we'll give advice on how best
Speaker:
to implement each of those methods in environments of different sizes.
Speaker:
Let's stop ransomware in its tracks.
Speaker:
By the way, if you don't know who I am, maybe this is your first episode.
Speaker:
I'm w Curtis Preston, AKA, Mr.
Speaker:
Backup, and I've been passionate about backup and recovery disaster recovery.
Speaker:
For over 30 years, ever since I had to tell my boss that there
Speaker:
were no backups of the really important database that we just lost.
Speaker:
I don't want that to happen to me.
Speaker:
I don't want that to happen to you.
Speaker:
That's why I do this.
Speaker:
On this podcast, we turn unappreciated backup admins into Cyber Recovery Heroes.
Speaker:
This is the backup wrap up.
Speaker:
There we go.
Speaker:
Welcome to the show.
Speaker:
Hi, I'm your host, w Curtis Preston, AKA, Mr.
Speaker:
Backup, and I have with me a guy that was completely worthless during my
Speaker:
recent smart device implementation.
Speaker:
You were of no help.
Prasanna Malaiyandi:
it's not my fault that you happen to buy some random
Prasanna Malaiyandi:
smart device that was not compatible with modern wifi technologies.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, well, you know, where were you?
Prasanna Malaiyandi:
I'm just saying, I, I count on your, I count on your YouTube knowledge
Prasanna Malaiyandi:
to pull me out of such things.
Prasanna Malaiyandi:
I, I depend on you.
Prasanna Malaiyandi:
I go and I do crazy things and then I'm like, oh crap.
Prasanna Malaiyandi:
Uh, I wonder what, wonder if persona could get me out of this hole
Prasanna Malaiyandi:
So, so networking stuff is not YouTube, it's Reddit, but
Prasanna Malaiyandi:
W. Curtis Preston: oh, really?
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, so it turned out, so I bought a, I bought this,
Prasanna Malaiyandi:
this thing called a Suvi, S-U-V-I-E.
Prasanna Malaiyandi:
The, the, the full thing is I accidentally bought a previous generation,
Prasanna Malaiyandi:
thanks to, in my opinion, uh, pretty crappy advertising on their part.
Prasanna Malaiyandi:
And as a result, I had a device that when it went to connect to wifi, it was
Prasanna Malaiyandi:
unable to sense that I have a mesh and it.
Prasanna Malaiyandi:
Was identifying the two nodes in my mesh as, as two instances of the
Prasanna Malaiyandi:
wifi, and it didn't hit me at first that that's what was happening.
Prasanna Malaiyandi:
And so, um, uh, I, I had to troubleshoot all my own persona with no help from you.
Prasanna Malaiyandi:
Yeah, and then you texted me and you were like,
Prasanna Malaiyandi:
Hey, so this is what the issue was.
Prasanna Malaiyandi:
I was like, what were you even talking about?
Prasanna Malaiyandi:
Oh,
Prasanna Malaiyandi:
W. Curtis Preston: See, that's how little help you were.
Prasanna Malaiyandi:
You didn't even remember that you didn't help me.
Prasanna Malaiyandi:
well, granted, you didn't tell me that you had wifi issues,
Prasanna Malaiyandi:
W. Curtis Preston: I didn't.
Prasanna Malaiyandi:
I thought I told you
Prasanna Malaiyandi:
You.
Prasanna Malaiyandi:
Nope.
Prasanna Malaiyandi:
You just told me that you were not able to get the app to work
Prasanna Malaiyandi:
W. Curtis Preston: Right.
Prasanna Malaiyandi:
Couldn't get the app to work because of the wifi issues.
Prasanna Malaiyandi:
That was, that was the problem.
Prasanna Malaiyandi:
No.
Prasanna Malaiyandi:
That, that piece you kind of missed.
Prasanna Malaiyandi:
W. Curtis Preston: Oh, I see, I see.
Prasanna Malaiyandi:
So it's my fault that you were unable to help me.
Prasanna Malaiyandi:
because, because we all know how you don't
Prasanna Malaiyandi:
do so well multitasking, so,
Prasanna Malaiyandi:
W. Curtis Preston: I dunno what you're talking about.
Prasanna Malaiyandi:
I'm currently doing seven things right now.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Mm-Hmm.
Prasanna Malaiyandi:
But how was your meal though
Prasanna Malaiyandi:
W. Curtis Preston: Uh, the mail turned out fine.
Prasanna Malaiyandi:
Uh, but they will, we're working out exactly what's gonna happen
Prasanna Malaiyandi:
regarding the new generation.
Prasanna Malaiyandi:
Um.
Prasanna Malaiyandi:
I sent them the, the images that misled me and, and, uh, my dream is that they
Prasanna Malaiyandi:
do a price match, that I get the new generation for the old generation money.
Prasanna Malaiyandi:
But you know, between me and you, they, they'll never see this between me and you.
Prasanna Malaiyandi:
I fully expect them to charge me the difference between the two.
Prasanna Malaiyandi:
Um, and we'll, we'll swap it and, um, uh, and then we'll see how it goes.
Prasanna Malaiyandi:
But, uh, but today we are.
Prasanna Malaiyandi:
You know, we've been talking for the last few weeks about cybersecurity
Prasanna Malaiyandi:
and we've been sort of leaning up or leading up to, we've been leading
Prasanna Malaiyandi:
up to this moment where we're going to start to talk about ransomware.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, I think we had, I.
Prasanna Malaiyandi:
Three great episodes where we had the, you know, the, the red team person.
Prasanna Malaiyandi:
We had a blue team person, and then we had a red team person that turned into
Prasanna Malaiyandi:
a blue team software person, uh, des.
Prasanna Malaiyandi:
Um, and those all give such unique perspectives in terms
Prasanna Malaiyandi:
of the cybersecurity world and.
Prasanna Malaiyandi:
Um, you know, how you defend yourself just in general from cybersecurity.
Prasanna Malaiyandi:
And then we had a couple of episodes where we gave you a lay of the
Prasanna Malaiyandi:
land from a ransomware perspective.
Prasanna Malaiyandi:
And also, really importantly, I think our last, uh, episode,
Prasanna Malaiyandi:
last few episodes, we, we.
Prasanna Malaiyandi:
The, if, if nothing else, I, I want people to, to understand that their
Prasanna Malaiyandi:
backup system is 100% under attack.
Prasanna Malaiyandi:
And, um, you know, if you just wanna listen to the, the Red Team episode,
Prasanna Malaiyandi:
just the last third of it, if that's all you listen to, listen to Dwayne
Prasanna Malaiyandi:
talking about how much he loves when there's a backup system, and how much
Prasanna Malaiyandi:
from a, from a red team perspective, he loves to have access to that and,
Prasanna Malaiyandi:
and how, uh, you know, just why it's such a, a, a wonderful thing to attack.
Prasanna Malaiyandi:
So, I don't know if you read today's news, though.
Prasanna Malaiyandi:
So Veeam just recently had their conference beam on, and so they
Prasanna Malaiyandi:
just announced, uh, that they are offering a cloud vaulting solution
Prasanna Malaiyandi:
managed by Veeam that provides immutable storage for backups
Prasanna Malaiyandi:
W. Curtis Preston: Interesting.
Prasanna Malaiyandi:
So
Prasanna Malaiyandi:
a as offering.
Prasanna Malaiyandi:
W. Curtis Preston: as an offering.
Prasanna Malaiyandi:
Yep.
Prasanna Malaiyandi:
So you pay per month based on your terabytes.
Prasanna Malaiyandi:
I think it was like 60 or $80 per terabyte per month.
Prasanna Malaiyandi:
And you can vault your backups into Veeam's Vault and it'll be immutable.
Prasanna Malaiyandi:
It'll be stored there.
Prasanna Malaiyandi:
They'll protect it, all the rest.
Prasanna Malaiyandi:
So I think it's relevant to what we had been talking about
Prasanna Malaiyandi:
in the last
Prasanna Malaiyandi:
couple episodes.
Prasanna Malaiyandi:
W. Curtis Preston: it's absolutely relevant.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
The, um, that's interesting.
Prasanna Malaiyandi:
I, I think, you know, this is a big step for Veeam because
Prasanna Malaiyandi:
for a long time they have not.
Prasanna Malaiyandi:
Really gone down the service line.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Uh, but I think this is definitely a good step for them.
Prasanna Malaiyandi:
Um, the, um, but, but that's, you know, that's the big thing, right?
Prasanna Malaiyandi:
Is that, is that we just want people to understand the degree to which
Prasanna Malaiyandi:
their backup servers are under attack.
Prasanna Malaiyandi:
And then I, so I, the, the title that I put up for this one was how to Stop.
Prasanna Malaiyandi:
Basically 90% of all ransomware attacks or, or how to stop
Prasanna Malaiyandi:
ransomware the easy way.
Prasanna Malaiyandi:
Right, because, and, and you just sent me a graphic, which, um, you
Prasanna Malaiyandi:
know, and why don't, why don't you talk about that graphic or,
Prasanna Malaiyandi:
or the lesson from that graphic.
Prasanna Malaiyandi:
Yeah, so it was by, uh, on X or Twitter, formerly known
Prasanna Malaiyandi:
as Twitter, uh, by Daniel Card, uh, who goes by the Twitter handle, Mr.
Prasanna Malaiyandi:
Reboot.
Prasanna Malaiyandi:
And it basically talks about how expensive things get to, uh.
Prasanna Malaiyandi:
Detect or prevent ransomware or an attack and where it happens.
Prasanna Malaiyandi:
So for instance, if you were trying to look at the cost of the attack,
Prasanna Malaiyandi:
when you are at the recovery stage, it's at the highest because you
Prasanna Malaiyandi:
now have a bunch of infrastructure.
Prasanna Malaiyandi:
You're trying to recover everything.
Prasanna Malaiyandi:
It's super expensive.
Prasanna Malaiyandi:
But then if you go to sort of.
Prasanna Malaiyandi:
Less costly.
Prasanna Malaiyandi:
From there, it's like responding, so you don't need to recover, but
Prasanna Malaiyandi:
you're responding, but it still has a significant cost associated with it.
Prasanna Malaiyandi:
Next was around the detect side, which isn't as expensive, and then
Prasanna Malaiyandi:
protect, which is the cheapest of all.
Prasanna Malaiyandi:
So it's basically significantly cheaper to break a kill chain at the
Prasanna Malaiyandi:
protect stage than at the recover stage.
Prasanna Malaiyandi:
So how do you prevent ransomware from even coming in?
Prasanna Malaiyandi:
Because it gets significantly more expensive if you've already been hit.
Prasanna Malaiyandi:
W. Curtis Preston: And the thing is, if, if we look at the typical,
Prasanna Malaiyandi:
uh, attack process, right?
Prasanna Malaiyandi:
All you have to do is stop one.
Prasanna Malaiyandi:
You know, you have to stop the kill chain somewhere along the way.
Prasanna Malaiyandi:
All you have to do is stop one of those.
Prasanna Malaiyandi:
So if you know, if you have good password management, you know
Prasanna Malaiyandi:
you can stop them from getting the password in the first place.
Prasanna Malaiyandi:
But if you've got a good MFA system, you can stop them from using a
Prasanna Malaiyandi:
password that they're stolen.
Prasanna Malaiyandi:
So that's kind of what I wanted to talk about is when you look
Prasanna Malaiyandi:
at all of the stories, all of the ransomware attacks, the ones that
Prasanna Malaiyandi:
go into how the attack happened in detail almost always come down to.
Prasanna Malaiyandi:
Uh, you know, when I read it, I say, well, gee, if the customer had
Prasanna Malaiyandi:
just done A, B or C, they would've stopped this ransomware attack.
Prasanna Malaiyandi:
So this is what I'm saying.
Prasanna Malaiyandi:
If you wanna stop ransomware attacks the easy way.
Prasanna Malaiyandi:
If you wanna stop 90 plus percent of ransomware attacks, stop all of the stupid
Prasanna Malaiyandi:
ones and then spend your time, effort, and money on stopping the harder ones.
Prasanna Malaiyandi:
Hard ones.
Prasanna Malaiyandi:
W. Curtis Preston: There was this great moment.
Prasanna Malaiyandi:
During Dwayne's, um, recording where he talked about, he had this
Prasanna Malaiyandi:
analogy and he said it's, it's as if we're in this field and there's
Prasanna Malaiyandi:
this door in the middle of the field.
Prasanna Malaiyandi:
And I go, gee, I can't go through this door.
Prasanna Malaiyandi:
Um.
Prasanna Malaiyandi:
You know, I guess I can't do anything.
Prasanna Malaiyandi:
And he's like, or I could just go around the door.
Prasanna Malaiyandi:
Um, the, the, um, what, what I'm saying is that if you don't do these three
Prasanna Malaiyandi:
things that we're going to talk about, honestly there's no point because
Prasanna Malaiyandi:
it's essentially you have, you have, it's like you have this open field.
Prasanna Malaiyandi:
You're spending your time trying to figure out how to lock this door.
Prasanna Malaiyandi:
Meanwhile, you have this wide open field.
Prasanna Malaiyandi:
There's just literally no point in in doing that.
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
Or another thing I would think about similarly is like in a house, right?
Prasanna Malaiyandi:
You're not going to go spend all this time on cameras and alarms and
Prasanna Malaiyandi:
everything else when you leave the front door unlocked every day, or you don't
Prasanna Malaiyandi:
even have a lock on your front door.
Prasanna Malaiyandi:
W. Curtis Preston: Exactly, exactly.
Prasanna Malaiyandi:
You know, thi this article that just got sent to me this morning, uh, it, it,
Prasanna Malaiyandi:
it's an interesting story and I don't want to go too much into the full story.
Prasanna Malaiyandi:
Why don't, why don't you give a, a, a brief summary of where we
Prasanna Malaiyandi:
got to this point with this story.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So we.
Prasanna Malaiyandi:
Somehow, so this all initially started with a Ticketmaster Live Nation breach
Prasanna Malaiyandi:
and all their users' data was stolen and they kind of pointed the finger
Prasanna Malaiyandi:
saying Snowflake was the one that was attacked and breached and lost the data.
Prasanna Malaiyandi:
Snowflake came back and said, Hey, it's not us.
Prasanna Malaiyandi:
There's other, someone's sort of gotten the customer credentials
Prasanna Malaiyandi:
and are now using that to then.
Prasanna Malaiyandi:
Pilfer data from their Snowflake instance.
Prasanna Malaiyandi:
And so it's not the Snowflake side.
Prasanna Malaiyandi:
And so they're warning their other customers, Hey, by the way, uh,
Prasanna Malaiyandi:
make sure that you're looking after things so you don't lose your data.
Prasanna Malaiyandi:
In fact, uh, just as we're recording this, advanced Auto Supply, which is an
Prasanna Malaiyandi:
auto parts store, also had their data breach from their Snowflake instance.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, so I, I do feel like there's a
Prasanna Malaiyandi:
piece to that puzzle missing.
Prasanna Malaiyandi:
Like if it, it, it would, it would.
Prasanna Malaiyandi:
I, I'm inferring from what I'm reading, that maybe somewhere there is a
Prasanna Malaiyandi:
list of, of Snowflake accounts and passwords, um, which would suggest some,
Prasanna Malaiyandi:
uh, fault on the part of Snowflake.
Prasanna Malaiyandi:
But what they are saying is that Snowflake is definitely saying that
Prasanna Malaiyandi:
they're seeing a, uh, a surge of attacks on customers of its cloud platform.
Prasanna Malaiyandi:
But my point of that whole story is that.
Prasanna Malaiyandi:
All of these attacks would be stopped by one of the three things
Prasanna Malaiyandi:
that we're gonna talk about today.
Prasanna Malaiyandi:
They did say that Snowflake was attacked and employees
Prasanna Malaiyandi:
credentials were used, but it was only used to access a demo account, which
Prasanna Malaiyandi:
of course did not have one of the three things we're about to talk about.
Prasanna Malaiyandi:
W. Curtis Preston: Gotcha, gotcha.
Prasanna Malaiyandi:
it wasn't production customer data, it was just a demo account.
Prasanna Malaiyandi:
W. Curtis Preston: Hey, you got robbed, but uh, they only took your empty wallet.
Prasanna Malaiyandi:
Um, you know, something like that.
Prasanna Malaiyandi:
But, um, all right, so how do we stop basically ransomware the easy way?
Prasanna Malaiyandi:
How do we stop 90% of ransomware attacks?
Prasanna Malaiyandi:
And I.
Prasanna Malaiyandi:
The thing is, frequent listeners to this podcast are going to know immediately
Prasanna Malaiyandi:
where I'm going, and I apologize for repeating myself, but sometimes you gotta
Prasanna Malaiyandi:
say things over and over and over again, and the very first thing that I'm gonna
Prasanna Malaiyandi:
talk about is patch management, right?
Prasanna Malaiyandi:
Um, when, when we think back on the list of cloud hacks.
Prasanna Malaiyandi:
We covered a few, uh, weeks ago.
Prasanna Malaiyandi:
I remember at least one of them.
Prasanna Malaiyandi:
The Rackspace one was based on a, a patch.
Prasanna Malaiyandi:
Can you think were, were any of the other ones?
Prasanna Malaiyandi:
I think that was the only one that I
Prasanna Malaiyandi:
W. Curtis Preston: Okay.
Prasanna Malaiyandi:
Um, but just in those 10 stories that we had, one of them and a
Prasanna Malaiyandi:
really big one that basically took out an entire business line.
Prasanna Malaiyandi:
Um, what if they had simply followed standard patch management procedures
Prasanna Malaiyandi:
and put in their patches at a, you know, especially critical
Prasanna Malaiyandi:
patches.
Prasanna Malaiyandi:
So I think, I think if you just follow the CVE system and what it suggests, then
Prasanna Malaiyandi:
I think you'd be in a much better place.
Prasanna Malaiyandi:
Why don't you talk about what that is?
Prasanna Malaiyandi:
Yeah, so the CVE is critical vulnerabilities and
Prasanna Malaiyandi:
exposure, and it's a public database, if you will, where you have vendors
Prasanna Malaiyandi:
with known issues that then get cataloged and then it can be tracked
Prasanna Malaiyandi:
and they assign a severity to these.
Prasanna Malaiyandi:
So if you look at the levels.
Prasanna Malaiyandi:
There is part of the common vulnerability scoring system that they look at.
Prasanna Malaiyandi:
So it's how critical is it?
Prasanna Malaiyandi:
Um, how likely is it, how many people get impacted and all the rest, and it
Prasanna Malaiyandi:
goes everywhere from low all the way up at the highest level is critical.
Prasanna Malaiyandi:
And critical is like a nine and a 10 on their scale of zero through 10.
Prasanna Malaiyandi:
W. Curtis Preston: Right.
Prasanna Malaiyandi:
And so those ones that are either actively exploited
Prasanna Malaiyandi:
or very common to access, um, those are the ones that usually get like
Prasanna Malaiyandi:
a higher critical severity, which pretty much means as a vendor or a
Prasanna Malaiyandi:
customer using that piece of software.
Prasanna Malaiyandi:
You wanna fix that pretty quickly.
Prasanna Malaiyandi:
Like if there was a VMware ESXI bug.
Prasanna Malaiyandi:
Takeover of the system.
Prasanna Malaiyandi:
That's probably something you want to patch pretty rapidly.
Prasanna Malaiyandi:
W. Curtis Preston: Right, right.
Prasanna Malaiyandi:
Which is what happened with the exchange vulnerability that there wa
Prasanna Malaiyandi:
there, it, it's a little complicated.
Prasanna Malaiyandi:
If you want the full story, go listen to that episode about Rackspace.
Prasanna Malaiyandi:
But there, there were two different vulnerabilities.
Prasanna Malaiyandi:
There was one that they had made a workaround for that.
Prasanna Malaiyandi:
Um, which is why I think if I'm guessing what the Rackspace
Prasanna Malaiyandi:
had done, the workaround.
Prasanna Malaiyandi:
Um, and because they had done the workaround, maybe they
Prasanna Malaiyandi:
didn't feel the need to put the patch in as they didn't feel.
Prasanna Malaiyandi:
Um, you know, it, it, it, it lowered its criticality, but because they
Prasanna Malaiyandi:
didn't patch the previous, um, vulnerability there turned out to be a
Prasanna Malaiyandi:
new vulnerability that that patch would've fixed, but they didn't fix it, right?
Prasanna Malaiyandi:
So I'm just, it's like if you just put in the patches when they become
Prasanna Malaiyandi:
available, and, um, and of course being a show that we, we are,
Prasanna Malaiyandi:
what, what do I often say about.
Prasanna Malaiyandi:
Putting in patches,
Prasanna Malaiyandi:
. Prasanna Malaiyandi: Don't forget about your backup system for patch management,
Prasanna Malaiyandi:
because everyone always thinks about production or end user devices, but
Prasanna Malaiyandi:
they always forget about backup systems.
Prasanna Malaiyandi:
I.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, I, I would actually put that even stronger.
Prasanna Malaiyandi:
I would put the backup system at the front of the line, um, maybe, um.
Prasanna Malaiyandi:
Well, you know, it, it, it depends, right?
Prasanna Malaiyandi:
It depends on the kind of patch, right?
Prasanna Malaiyandi:
Obviously, if it's a, if it's an exchange vulnerability patch, the, uh,
Prasanna Malaiyandi:
backup system is gonna be last in line.
Prasanna Malaiyandi:
But, uh, if, uh, or even not even in the line, but if it's a remote code
Prasanna Malaiyandi:
execution against windows, um, or, you know, something like that, then
Prasanna Malaiyandi:
I, I would think that your last line of defense should be your first line
Prasanna Malaiyandi:
of, of where pat patches should go.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
The one thing I do want to talk about Curtis, that I don't think
Prasanna Malaiyandi:
we've normally talked about is patch management only works if you know
Prasanna Malaiyandi:
what's running in your environment.
Prasanna Malaiyandi:
So make sure you have a good inventory of software packages that are used at
Prasanna Malaiyandi:
your company, including all the random ones that people might install, and
Prasanna Malaiyandi:
maybe you do have an application process as part of it approved applications,
Prasanna Malaiyandi:
because that's the only way you're gonna be able to tell what's actually in my
Prasanna Malaiyandi:
environment and do I have everything patched and updated as needed.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
And there are tools that can help you do that, right?
Prasanna Malaiyandi:
Um, software, inventory tools, um, for, you know, for a fee, they will go out
Prasanna Malaiyandi:
and figure out if you, if you have a complete, you know, I was gonna say
Prasanna Malaiyandi:
Greenfield, but that's not the right,
Prasanna Malaiyandi:
I complete Wild, wild West.
Prasanna Malaiyandi:
I remember.
Prasanna Malaiyandi:
I remember.
Prasanna Malaiyandi:
Um.
Prasanna Malaiyandi:
You know, a friend of the pod that, um, he hasn't been on the pod, but
Prasanna Malaiyandi:
he is definitely a friend of the pod that the first thing I did with
Prasanna Malaiyandi:
him, we, we were trying to, uh, he was a client and the first thing I
Prasanna Malaiyandi:
did with him, I was like, well, what do you have in your environment?
Prasanna Malaiyandi:
He is like, I don't know.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And uh, here's the crazy part is that I don't know if I've had
Prasanna Malaiyandi:
this conversation with you before.
Prasanna Malaiyandi:
What Microsoft.
Prasanna Malaiyandi:
Tool did I install to inventory this guy's environment in terms of tell me how many
Prasanna Malaiyandi:
different boxes, what the network topology was, um, you know, the IP addresses
Prasanna Malaiyandi:
and the switches and all this stuff.
Prasanna Malaiyandi:
What Microsoft tool did I install to do this discovery?
Prasanna Malaiyandi:
And by the way, the tool was very expensive at the time.
Prasanna Malaiyandi:
It was like, it was like $10,000
Prasanna Malaiyandi:
you did tell me.
Prasanna Malaiyandi:
W. Curtis Preston: mm-Hmm.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
And um,
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: and the thing is it more than paid for itself?
Prasanna Malaiyandi:
People that use Vizio now are, they're like, what?
Prasanna Malaiyandi:
Vizio was a network discovery tool.
Prasanna Malaiyandi:
Yes, that's exactly what it was.
Prasanna Malaiyandi:
And the fact that they just.
Prasanna Malaiyandi:
I don't know, they just put that part to bed.
Prasanna Malaiyandi:
Maybe it was just too hard to maintain or something.
Prasanna Malaiyandi:
But we gave that customer their first networked apology map using Vizio.
Prasanna Malaiyandi:
Um, was a be, it was a beautiful thing.
Prasanna Malaiyandi:
So you're right, uh, you've got to have the system inventory, you've got to
Prasanna Malaiyandi:
have the OS inventory, the application inventory so that you know, and then
Prasanna Malaiyandi:
there are patch management systems.
Prasanna Malaiyandi:
That can help you, uh,
Prasanna Malaiyandi:
navigate this, this
Prasanna Malaiyandi:
can I, can I go one more step beyond that too?
Prasanna Malaiyandi:
W. Curtis Preston: Sure.
Prasanna Malaiyandi:
Uh, in addition to applications, I think you should
Prasanna Malaiyandi:
also consider things that you are using in your code development.
Prasanna Malaiyandi:
For instance, what libraries are you pulling from?
Prasanna Malaiyandi:
What open source packages are you pulling from?
Prasanna Malaiyandi:
Because even though you may not consider that part of your application,
Prasanna Malaiyandi:
developers are building and testing.
Prasanna Malaiyandi:
I don't know if you heard about this issue that, um, someone had done a.
Prasanna Malaiyandi:
Long con operation on an open source package.
Prasanna Malaiyandi:
I dunno if you heard about this.
Prasanna Malaiyandi:
And they basically took over maintaining a very popular compression library that
Prasanna Malaiyandi:
a ton of software packages use a lot of Linux open distribution software.
Prasanna Malaiyandi:
And they had put a back door into it because they realized
Prasanna Malaiyandi:
that library is also used by SSH.
Prasanna Malaiyandi:
A random developer who works at Microsoft, noticed that the latency had
Prasanna Malaiyandi:
increased by like 600 millisecond, like milliseconds, and he had traced it back
Prasanna Malaiyandi:
and found out that someone had backdoored this common open source software.
Prasanna Malaiyandi:
I will, I think we should attach a link.
Prasanna Malaiyandi:
I I, there's a podcast that goes over this, which is.
Prasanna Malaiyandi:
Amazing.
Prasanna Malaiyandi:
So we will put a link to that, but yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
So all, all software, all tools, all libraries, um, and tools that you're
Prasanna Malaiyandi:
using to make that software right.
Prasanna Malaiyandi:
Um, yeah, that would become quite an inventory over time.
Prasanna Malaiyandi:
But that's your job.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
Um, and, uh, all it, you know, you know, they talk a lot like, like in terrorism.
Prasanna Malaiyandi:
The, you know, if you're, if you're trying to prevent terrorism, you have to
Prasanna Malaiyandi:
be right a hundred percent of the time.
Prasanna Malaiyandi:
They only have to be right once, right?
Prasanna Malaiyandi:
They only have to get into one of these tools.
Prasanna Malaiyandi:
And they are well equipped.
Prasanna Malaiyandi:
You know, we can talk about the dark web.
Prasanna Malaiyandi:
They're well equipped.
Prasanna Malaiyandi:
They're well connected.
Prasanna Malaiyandi:
They're, well, you know, they, they know what they're doing.
Prasanna Malaiyandi:
Uh, and they share, uh, they share tools.
Prasanna Malaiyandi:
So you need to do the same thing.
Prasanna Malaiyandi:
So the first thing is patch management, and the first thing is patch management.
Prasanna Malaiyandi:
What is going to be the second thing?
Prasanna Malaiyandi:
Persona?
Prasanna Malaiyandi:
So it's your favorite topic, Curtis, which is around passwords.
Prasanna Malaiyandi:
And I know we talked about credential stuffing just recently with the Salesforce
Prasanna Malaiyandi:
attack, but yeah, passwords are.
Prasanna Malaiyandi:
It's critical because every system uses a different password.
Prasanna Malaiyandi:
Even if you use single sign-on and all the rest, right?
Prasanna Malaiyandi:
You still have a password and it gets worse with single sign-on,
Prasanna Malaiyandi:
because once you're into one system, you can get into everything else.
Prasanna Malaiyandi:
So having strong passwords and also using a password manager so
Prasanna Malaiyandi:
you're not just doing variations of the same password depending on
Prasanna Malaiyandi:
the system you're logging into.
Prasanna Malaiyandi:
So password management.
Prasanna Malaiyandi:
Password management is key.
Prasanna Malaiyandi:
Making sure that you have a system, and I'm kind of
Prasanna Malaiyandi:
indifferent if it's a cloud-based system or a local based system.
Prasanna Malaiyandi:
I know Curtis, you like Cloud-based password managers.
Prasanna Malaiyandi:
I would say every corporation can decide what makes sense for their environment.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, I mean, I, I, I'm not, I, I think I'm
Prasanna Malaiyandi:
similar to you in that I, uh.
Prasanna Malaiyandi:
I'm not hard, fast one or the other.
Prasanna Malaiyandi:
For me, it's cloud-based, because for me, I don't want to maintain
Prasanna Malaiyandi:
the, the keys to my kingdom.
Prasanna Malaiyandi:
I don't wanna maintain the system that is, you know, to
Prasanna Malaiyandi:
you it's the other way around.
Prasanna Malaiyandi:
You're like, oh, I want maintain the keys to my, yeah, it's
Prasanna Malaiyandi:
a personal preference thing.
Prasanna Malaiyandi:
I don't think there's, um, again, as long as you do your
Prasanna Malaiyandi:
due diligence and you don't use.
Prasanna Malaiyandi:
A password service that has been hacked multiple times.
Prasanna Malaiyandi:
As long as you don't do that.
Prasanna Malaiyandi:
Um, and you look at, you look at the design of the password, you look at
Prasanna Malaiyandi:
how they're storing the passwords.
Prasanna Malaiyandi:
Are passwords ever stored in clear text?
Prasanna Malaiyandi:
You know, where are the passwords encrypted?
Prasanna Malaiyandi:
Where are they decrypted?
Prasanna Malaiyandi:
Uh, you look at all those things.
Prasanna Malaiyandi:
And it's not just the password, it's even URLs.
Prasanna Malaiyandi:
W. Curtis Preston: Right, right.
Prasanna Malaiyandi:
Are they storing?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
'cause that was, um, that was something that came out in one
Prasanna Malaiyandi:
of the recent hacks, right?
Prasanna Malaiyandi:
That, that one of the things that they were able to
Prasanna Malaiyandi:
Which they fixed now.
Prasanna Malaiyandi:
W. Curtis Preston: which they have fixed.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yep.
Prasanna Malaiyandi:
W. Curtis Preston: I'm still not gonna use them.
Prasanna Malaiyandi:
Um, but,
Prasanna Malaiyandi:
But, but, but, but,
Prasanna Malaiyandi:
W. Curtis Preston: go ahead.
Prasanna Malaiyandi:
but I think when you are using a password manager,
Prasanna Malaiyandi:
and I know we've talked about this also on the podcast with Sue, um, is
Prasanna Malaiyandi:
make sure you have a backup of your password manager as well, right?
Prasanna Malaiyandi:
Going back and talking about the inventory, right?
Prasanna Malaiyandi:
Your password manager is your keys to your kingdom.
Prasanna Malaiyandi:
If you don't have access to your password manager, you're a little screwed.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
You need, yeah, there, there's a great episode.
Prasanna Malaiyandi:
Like how do you, how do you.
Prasanna Malaiyandi:
Um, w what happens when you lose everything, right, when you lose
Prasanna Malaiyandi:
all the keys to the kingdom?
Prasanna Malaiyandi:
Uh, and, and by the way, uh, the one that I happen to use, which is
Prasanna Malaiyandi:
Dashlane, they recently, uh, created a, an additional like doomsday key.
Prasanna Malaiyandi:
That you can use in addition to all of the others.
Prasanna Malaiyandi:
And the, the doomsday key, my problem, same, same as her problem, my problem
Prasanna Malaiyandi:
has always been okay, if I create the doomsday key, where do I put that?
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
Um, and, you know, this is where friends and family, I think come into play.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, but I, I was really happy to see when we had, um, you know what, what
Prasanna Malaiyandi:
now?
Prasanna Malaiyandi:
I was thinking friends and family who can make
Prasanna Malaiyandi:
sure they know they can keep that safely and know where it exists.
Prasanna Malaiyandi:
W. Curtis Preston: Yes.
Prasanna Malaiyandi:
Yes.
Prasanna Malaiyandi:
Uh, agreed.
Prasanna Malaiyandi:
Um, yeah.
Prasanna Malaiyandi:
Um, choose, choose Wisely.
Prasanna Malaiyandi:
The, you know, the other part about Dwayne's interview that I really liked
Prasanna Malaiyandi:
was when we got to the part about password management, and he was Oh, yeah, yeah.
Prasanna Malaiyandi:
He's like, yes, I'm, I'm a hundred percent on.
Prasanna Malaiyandi:
I was really worried that he'd be like.
Prasanna Malaiyandi:
Okay.
Prasanna Malaiyandi:
No people that know what they're doing, don't wanna use password management.
Prasanna Malaiyandi:
I was really ready for that.
Prasanna Malaiyandi:
But no,
Prasanna Malaiyandi:
Dwayne was on board.
Prasanna Malaiyandi:
but I think there are two things that you should be careful of
Prasanna Malaiyandi:
though, even with the password manager.
Prasanna Malaiyandi:
W. Curtis Preston: Talk to me.
Prasanna Malaiyandi:
so.
Prasanna Malaiyandi:
The first is if you are storing it in like a web browser or other
Prasanna Malaiyandi:
things that auto fills your password,
Prasanna Malaiyandi:
W. Curtis Preston: Mm-Hmm.
Prasanna Malaiyandi:
be a little careful of that because if someone compromises
Prasanna Malaiyandi:
your device and they have access to your web browser, it could now automatically
Prasanna Malaiyandi:
start filling in your passwords to things like your backup system
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
active directory and other things like that.
Prasanna Malaiyandi:
So be careful.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, which is, and thanks for bringing it up, which
Prasanna Malaiyandi:
is why, you know, good, better, best.
Prasanna Malaiyandi:
A browser-based password manager is better than no password manager,
Prasanna Malaiyandi:
but I am not a fan of browser based.
Prasanna Malaiyandi:
Um, meaning the, the password manager built into Chrome or.
Prasanna Malaiyandi:
Firefox or, um, you know, what's the other one?
Prasanna Malaiyandi:
What's the,
Prasanna Malaiyandi:
Safari.
Prasanna Malaiyandi:
W. Curtis Preston: no, no, no.
Prasanna Malaiyandi:
Well, there's Safari, but what's the Microsoft one?
Prasanna Malaiyandi:
edge.
Prasanna Malaiyandi:
W. Curtis Preston: Edge?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Literally, by the way, edge just passed some milestone of where
Prasanna Malaiyandi:
like it's now 15% or something.
Prasanna Malaiyandi:
I dunno.
Prasanna Malaiyandi:
They're very excited about that.
Prasanna Malaiyandi:
Anyway, I'm not a fan of password managers built into the thing because
Prasanna Malaiyandi:
of exactly what you talked about.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, it's really easy, for example, to, if I've got physical access to
Prasanna Malaiyandi:
your device, it's really easy for me to hack into it and to, to eventually
Prasanna Malaiyandi:
get to log in as you, and now I can open up your browser and then poof.
Prasanna Malaiyandi:
I'm, I'm everywhere.
Prasanna Malaiyandi:
Yeah, which is why your password manager should
Prasanna Malaiyandi:
either require biometric authentication or a password, a master password
Prasanna Malaiyandi:
in order to open it to use it.
Prasanna Malaiyandi:
W. Curtis Preston: Exactly.
Prasanna Malaiyandi:
By the way, when we say password management, we mean, I.
Prasanna Malaiyandi:
The overall system of, of, of making sure that passwords have a sufficient
Prasanna Malaiyandi:
length, making sure that you separate, we, we believe strongly in separating
Prasanna Malaiyandi:
the backup system, passwords, usernames, and passwords from the
Prasanna Malaiyandi:
production, usernames and passwords.
Prasanna Malaiyandi:
We do not believe in separate or, or sharing this with
Prasanna Malaiyandi:
something like active directory.
Prasanna Malaiyandi:
Um, you know, or, or even Okta, right?
Prasanna Malaiyandi:
Between, uh, the two systems.
Prasanna Malaiyandi:
I believe that they should be 100% separate and, uh, that there should be a
Prasanna Malaiyandi:
separate sort of doomsday based password management system for the backup system.
Prasanna Malaiyandi:
I.
Prasanna Malaiyandi:
Because of exactly what we're talking about, right?
Prasanna Malaiyandi:
If your active directory or Okta or whatever you're using is compromised,
Prasanna Malaiyandi:
you are locked out of your backup system.
Prasanna Malaiyandi:
And more importantly, they have access to your backup system.
Prasanna Malaiyandi:
So, uh, that's why I think it should be a separate system.
Prasanna Malaiyandi:
Any final thoughts on password management before we move on to the
Prasanna Malaiyandi:
one that, I don't know why everybody doesn't have it on everything, but
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
No, I'm ready.
Prasanna Malaiyandi:
What's the next one, Curtis?
Prasanna Malaiyandi:
W. Curtis Preston: Multifactor authentication.
Prasanna Malaiyandi:
How do d does not everybody have multifactor authentication on everything,
Prasanna Malaiyandi:
including Ticketmaster, right?
Prasanna Malaiyandi:
The Live Nation thing that we, the, the story that we talked about in
Prasanna Malaiyandi:
the beginning, if you read that full story, you get down to the
Prasanna Malaiyandi:
part where basically Snowflake says, Hey, we're seeing a significant
Prasanna Malaiyandi:
increase in attacks on our accounts.
Prasanna Malaiyandi:
Please enable multifactor authentication to which I want to say what.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Uh, you know, I a I asked two questions and, and we're gonna, we
Prasanna Malaiyandi:
gotta define it and everything, right?
Prasanna Malaiyandi:
But.
Prasanna Malaiyandi:
Question number one, a company like LiveNation, how do they not already
Prasanna Malaiyandi:
have MFA turned on on anything that matters, number one and number two.
Prasanna Malaiyandi:
How service providers don't enforce MFAI, you're see, you are seeing this, right?
Prasanna Malaiyandi:
Can you think of a, of.
Prasanna Malaiyandi:
Of a servers that you've used where they've come on and
Prasanna Malaiyandi:
they say You have to use MFA.
Prasanna Malaiyandi:
Well, I think the one I could think of is, and I don't
Prasanna Malaiyandi:
know if it's a systems configurations, but typically if you use an SSO,
Prasanna Malaiyandi:
single sign-on provider, right?
Prasanna Malaiyandi:
Normally they do require, uh, MFA.
Prasanna Malaiyandi:
W. Curtis Preston: Right in that same line, uh, the first thing that came to
Prasanna Malaiyandi:
my mind was my password manager, right?
Prasanna Malaiyandi:
You, you, any decent password manager is going to require MFA, right?
Prasanna Malaiyandi:
Um, I'm pretty sure actually Gmail logging into Google now requires MFA.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, and
Prasanna Malaiyandi:
so.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yeah, I think it does now.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, and, and I like the way theirs is.
Prasanna Malaiyandi:
It's, it's very emphasis on the m right?
Prasanna Malaiyandi:
It's like we know that you're logged into YouTube on.
Prasanna Malaiyandi:
Your phone.
Prasanna Malaiyandi:
So we're gonna send you a, you know, a, this like thing that you have to
Prasanna Malaiyandi:
respond to in the YouTube app, right?
Prasanna Malaiyandi:
Or sometimes they'll do it through Gmail, right?
Prasanna Malaiyandi:
They, they emphasis on the multi.
Prasanna Malaiyandi:
So we, we've been talking about multifactor authentication
Prasanna Malaiyandi:
now for a couple minutes just in case there's somebody that
Prasanna Malaiyandi:
doesn't actually know what it is.
Prasanna Malaiyandi:
Do you, do you wanna like, give an overview?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So multifactor authentication is basically saying that in order for you to gain
Prasanna Malaiyandi:
access to an account or to log in, it's not just good enough to have a single
Prasanna Malaiyandi:
factor, which is usually your password.
Prasanna Malaiyandi:
You need to have multiple factors.
Prasanna Malaiyandi:
Usually that other factor could.
Prasanna Malaiyandi:
Vary depending on company.
Prasanna Malaiyandi:
Sometimes it could be I receive a text message and I now need
Prasanna Malaiyandi:
to enter a code into the system.
Prasanna Malaiyandi:
It could be I need to enter a code that is part of an authentication
Prasanna Malaiyandi:
app that generates one time codes.
Prasanna Malaiyandi:
It could be I need to use my face and my biometrics as a sort
Prasanna Malaiyandi:
of second way to authenticate.
Prasanna Malaiyandi:
Um.
Prasanna Malaiyandi:
I guess technically you could receive postal mail with a code, which I
Prasanna Malaiyandi:
W. Curtis Preston: IRS does MFA with postal.
Prasanna Malaiyandi:
If you've never set up the, the way you get set up, the first
Prasanna Malaiyandi:
time, they use the mail system as a, as you say, it's a little slow.
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
Sometimes you might get a voice call, right?
Prasanna Malaiyandi:
Where they're like, Hey, here's your code.
Prasanna Malaiyandi:
W. Curtis Preston: Right, right.
Prasanna Malaiyandi:
I think those are the main ways.
Prasanna Malaiyandi:
Oh, the other way is sometimes you might get a code texted
Prasanna Malaiyandi:
to like a recovery account
Prasanna Malaiyandi:
W. Curtis Preston: Yeah,
Prasanna Malaiyandi:
there's
Prasanna Malaiyandi:
that.
Prasanna Malaiyandi:
have to use.
Prasanna Malaiyandi:
W. Curtis Preston: Also there are, I don't think, did you mention tokens?
Prasanna Malaiyandi:
Like physical tokens?
Prasanna Malaiyandi:
Oh no, I didn't mention the physical tokens.
Prasanna Malaiyandi:
W. Curtis Preston: So there are also physical devices that are available.
Prasanna Malaiyandi:
Um, you know, they're much more affordable than they used to be, right?
Prasanna Malaiyandi:
And basically they are one time password generated.
Prasanna Malaiyandi:
They just constantly generating a, a, a little, you know,
Prasanna Malaiyandi:
six or eight digit number.
Prasanna Malaiyandi:
I think the popular one is are called
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
UBK is a, is a very popular one.
Prasanna Malaiyandi:
There is definitely the good, better, best.
Prasanna Malaiyandi:
Um, what, what I'm saying is please, please, for anything that matters, I'm not
Prasanna Malaiyandi:
gonna push you to do it for everything.
Prasanna Malaiyandi:
Um, you know, like if someone.
Prasanna Malaiyandi:
Hacks my Spotify account.
Prasanna Malaiyandi:
I, I, I don't know what damage they could possibly do, right?
Prasanna Malaiyandi:
But if someone hacks my, um, my Verizon account, they could buy
Prasanna Malaiyandi:
new phones on my behalf, right?
Prasanna Malaiyandi:
They, you know, a bank account, um, you know, an email account, you know,
Prasanna Malaiyandi:
especially email account, because email accounts are often used as
Prasanna Malaiyandi:
a multifactor for other accounts.
Prasanna Malaiyandi:
I don't like that, but.
Prasanna Malaiyandi:
Convenient.
Prasanna Malaiyandi:
W. Curtis Preston: only way that's offered by some accounts, um,
Prasanna Malaiyandi:
please enable MFA on anything that matters in your organization.
Prasanna Malaiyandi:
Think about your, and the thing is, it's just, we've gone
Prasanna Malaiyandi:
so long without this, right?
Prasanna Malaiyandi:
We've gone so long where all you need is the password to log into SSH.
Prasanna Malaiyandi:
You can enable.
Prasanna Malaiyandi:
Uh, both on Windows and on Linux or or other Unix platforms, you can enable
Prasanna Malaiyandi:
MFA to be able to log into the system.
Prasanna Malaiyandi:
And all I'm saying is please do that and go through, go through that, that,
Prasanna Malaiyandi:
that inventory that you talked about.
Prasanna Malaiyandi:
Look at.
Prasanna Malaiyandi:
The criticality look at the amount of damage.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, you know, like, uh, if, if I, if I, you know, looking at,
Prasanna Malaiyandi:
at, you know, at a house, right?
Prasanna Malaiyandi:
I don't have a password for my refrigerator, but I do for my gun locker.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
You know, look at the things that you have in your environment where
Prasanna Malaiyandi:
they could do the most damage.
Prasanna Malaiyandi:
Uh, a backup system, a a file system, an email system.
Prasanna Malaiyandi:
An email system, really right.
Prasanna Malaiyandi:
If you know, are there, are there people that are using Exchange?
Prasanna Malaiyandi:
Microsoft 365?
Prasanna Malaiyandi:
I I think you're in, I think you're required to do it with, with Gmail.
Prasanna Malaiyandi:
Um,
Prasanna Malaiyandi:
but maybe
Prasanna Malaiyandi:
W. Curtis Preston: does Microsoft 365 require it?
Prasanna Malaiyandi:
I don't know.
Prasanna Malaiyandi:
am not sure.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: I don't know.
Prasanna Malaiyandi:
Um, may maybe.
Prasanna Malaiyandi:
Maybe they do,
Prasanna Malaiyandi:
maybe they
Prasanna Malaiyandi:
don't.
Prasanna Malaiyandi:
or if it is, maybe it's just sending a
Prasanna Malaiyandi:
code to the same email account.
Prasanna Malaiyandi:
So if you've compromised the email account,
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, I
Prasanna Malaiyandi:
dunno.
Prasanna Malaiyandi:
itself, then
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
Um, so
Prasanna Malaiyandi:
The one thing,
Prasanna Malaiyandi:
W. Curtis Preston: go.
Prasanna Malaiyandi:
so I totally agree MFA is important, but
Prasanna Malaiyandi:
you should also think about the situations you could end up with.
Prasanna Malaiyandi:
If you lose the device or the ability to generate the second factor.
Prasanna Malaiyandi:
So I know Curtis, you had that issue with your phone when you upgraded.
Prasanna Malaiyandi:
W. Curtis Preston: I did, I did.
Prasanna Malaiyandi:
And, um, all of the cloud accounts that I had were able to help me.
Prasanna Malaiyandi:
Um, it was definitely painful to, to reboot, but a little
Prasanna Malaiyandi:
bit, not painful enough for, for something in terms of regenerating.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, the, I was a little worried, uh, and luckily it, it wasn't that bad, but the.
Prasanna Malaiyandi:
Um, yeah, definitely make sure that when you're implementing
Prasanna Malaiyandi:
this for your organization, make sure you have a failback, right?
Prasanna Malaiyandi:
Uh, make sure you have a system by which if somebody does lose their, their key
Prasanna Malaiyandi:
fob, if they lose their, the app, if they, if they can no longer log into their app,
Prasanna Malaiyandi:
you've got a way to, to get around that.
Prasanna Malaiyandi:
But that's something that needs to be done by an administrator.
Prasanna Malaiyandi:
Well, do you have a way to get around that?
Prasanna Malaiyandi:
And you also have a way to verify that the person who's asking to go around
Prasanna Malaiyandi:
it is a person who says they're.
Prasanna Malaiyandi:
W. Curtis Preston: and, and that is getting harder and harder these days.
Prasanna Malaiyandi:
A simple voice verification isn't enough anymore, unfortunately.
Prasanna Malaiyandi:
Um, uh, that that's, you know, we're starting to get to the
Prasanna Malaiyandi:
edge of my, of, of my knowledge.
Prasanna Malaiyandi:
I mean, when I look at that, I would say that you would want to have a very
Prasanna Malaiyandi:
unnatural conversation with a person.
Prasanna Malaiyandi:
You would have a, you would wanna be asking questions that would not
Prasanna Malaiyandi:
be possible for an AI to answer.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, and, um, I mean unfortunately we get back to sort of the, possibly
Prasanna Malaiyandi:
the, uh, the shared, shared secrets, which is always a vulnerability in
Prasanna Malaiyandi:
any, um, uh, sort of crypto system.
Prasanna Malaiyandi:
But, you know, you, you've got to do something right, um, to ensure
Prasanna Malaiyandi:
that the person that you're.
Prasanna Malaiyandi:
Resetting the, the MFA four is indeed the person, right?
Prasanna Malaiyandi:
Because we have had that story as well.
Prasanna Malaiyandi:
I believe that was, which story was that?
Prasanna Malaiyandi:
Where they.
Prasanna Malaiyandi:
I think it was the Okta thing where they, where basically they were able to get 'em
Prasanna Malaiyandi:
to reset the MFA, which is just wrong.
Prasanna Malaiyandi:
So yeah, you need a system for resetting the MFA, but you need a system to
Prasanna Malaiyandi:
make sure that you're only doing that for the, for the authorized people.
Prasanna Malaiyandi:
But I, I, I.
Prasanna Malaiyandi:
Uh, just number one thing again, good, better, best.
Prasanna Malaiyandi:
Make sure you've got a system.
Prasanna Malaiyandi:
And then as you have a system, make sure you implement or you,
Prasanna Malaiyandi:
you, you, um, enhance that system to deal with the, um, an advanced
Prasanna Malaiyandi:
persistent threat where they're, uh, going and, um, and attacking you.
Prasanna Malaiyandi:
The, um, in terms of.
Prasanna Malaiyandi:
MA system, by the way, it used to be called two FA two-factor authentication.
Prasanna Malaiyandi:
We now call it MFA, multi-factor.
Prasanna Malaiyandi:
Authentication.
Prasanna Malaiyandi:
In terms of the, in order of good, better, best, would we say email.
Prasanna Malaiyandi:
Then SMS, then OTB.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
All right.
Prasanna Malaiyandi:
So and then sort of physical token.
Prasanna Malaiyandi:
Why are email and SMS on the lowest of the good, better, best list?
Prasanna Malaiyandi:
Well, if you think about SMS right now, there's a lot
Prasanna Malaiyandi:
of sim hijacking that goes on, right?
Prasanna Malaiyandi:
You've, I've heard countless cases about people going to a cell phone
Prasanna Malaiyandi:
provider sim hijacking and stealing someone's phone number and then
Prasanna Malaiyandi:
draining their crypto wallet.
Prasanna Malaiyandi:
That's the way that they had used for the multifactor authentication.
Prasanna Malaiyandi:
W. Curtis Preston: So we would, would we actually put SMS under
Prasanna Malaiyandi:
email then, or is email less or
Prasanna Malaiyandi:
I think they're about the, I
Prasanna Malaiyandi:
W. Curtis Preston: about
Prasanna Malaiyandi:
the same.
Prasanna Malaiyandi:
Yeah, yeah, you're probably right.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So email, SMS and, and the problem is this is what's used by probably the
Prasanna Malaiyandi:
majority of people that are doing, uh, in the consumer world, because
Prasanna Malaiyandi:
the next requires a significant change for the typical consumer.
Prasanna Malaiyandi:
But when we're talking about corporate world, we've got sort of, um, free OTP.
Prasanna Malaiyandi:
And that OTP just stands for one-Time password.
Prasanna Malaiyandi:
We got free OTP implementations like Google Authenticator,
Prasanna Malaiyandi:
um, and uh, I use Authe.
Prasanna Malaiyandi:
There are others.
Prasanna Malaiyandi:
Um, and then you have software based OTP, such as Symantec, the VIP program.
Prasanna Malaiyandi:
The big difference between these two.
Prasanna Malaiyandi:
An RSA.
Prasanna Malaiyandi:
Right, thank you.
Prasanna Malaiyandi:
The, the big difference between those two categories generally in, in my experience,
Prasanna Malaiyandi:
the, um, the free OTPs, they're doing it based on an atomic clock, and so it,
Prasanna Malaiyandi:
it just resets at the top of the minute.
Prasanna Malaiyandi:
So you just, if, if you get to the end of the 60 seconds, you just
Prasanna Malaiyandi:
have to like try the next password.
Prasanna Malaiyandi:
Whereas with the, the commercial ones, the, the 60 seconds or 30 seconds starts
Prasanna Malaiyandi:
with the moment that you open the app.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, and I'm sure there's probably additional security
Prasanna Malaiyandi:
provided by them as well.
Prasanna Malaiyandi:
But that's the big, uh, from a usability perspective, that's a
Prasanna Malaiyandi:
big difference between those two.
Prasanna Malaiyandi:
And then we've
Prasanna Malaiyandi:
got the, the key fob.
Prasanna Malaiyandi:
Go ahead.
Prasanna Malaiyandi:
Oh, and also between the free and the commercial.
Prasanna Malaiyandi:
The other thing is probably from an admin management perspective, the commercial
Prasanna Malaiyandi:
ones are probably easier to manage a large number of users than free Solutions
Prasanna Malaiyandi:
W. Curtis Preston: exactly.
Prasanna Malaiyandi:
Um, the, um, and then we have the, the, the key fob, right?
Prasanna Malaiyandi:
The, the, the physical ones, which are also offered by
Prasanna Malaiyandi:
UB Key and also also by RSA.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
They also offer the physical
Prasanna Malaiyandi:
key fob.
Prasanna Malaiyandi:
The one that we didn't talk about that we
Prasanna Malaiyandi:
probably should include, and it's kind of lumped under the hardware.
Prasanna Malaiyandi:
One, is also like key cards.
Prasanna Malaiyandi:
So if you work in the government, your ID has a certain key on it.
Prasanna Malaiyandi:
And for instance, even if you enter your password, it won't unlock without
Prasanna Malaiyandi:
actually having the card as well.
Prasanna Malaiyandi:
W. Curtis Preston: So you'll need somewhere to basically tap that card.
Prasanna Malaiyandi:
Well, it did laptops.
Prasanna Malaiyandi:
As an example, you insert, there's a slot in laptops
Prasanna Malaiyandi:
that are
Prasanna Malaiyandi:
W. Curtis Preston: So yeah, so that's another, that's a physical, uh, thing.
Prasanna Malaiyandi:
And by the way, the most of the stuff is available as an app on the
Prasanna Malaiyandi:
computer or an app on your smartphone.
Prasanna Malaiyandi:
The, the, the software solutions that we were talking about.
Prasanna Malaiyandi:
Um, I do prefer authe over Google Authenticator mainly because of the
Prasanna Malaiyandi:
problem that I, the fact that I could back up my, my, uh, password system.
Prasanna Malaiyandi:
Um, and then there, you know, do you want to talk a little bit about
Prasanna Malaiyandi:
the, sort of the, the ultimate, which is biometric detection?
Prasanna Malaiyandi:
So the last one is really biometrics.
Prasanna Malaiyandi:
So I'm sure everyone on your phone these days, you use a face ID or your
Prasanna Malaiyandi:
thumbprint to unlock your phone, right?
Prasanna Malaiyandi:
Um, and so a lot of apps that are installed on your phone can also
Prasanna Malaiyandi:
say, Hey, enter your password and now give me a biometric as well
Prasanna Malaiyandi:
to make sure it's really you.
Prasanna Malaiyandi:
W. Curtis Preston: Right, right.
Prasanna Malaiyandi:
Um, and there's also like built into laptops.
Prasanna Malaiyandi:
You have, uh, fingerprint detection on your laptops.
Prasanna Malaiyandi:
Um, and there's face detection built into, you know, a lot of apps.
Prasanna Malaiyandi:
I guess what I'm just saying is username and password is not enough anymore,
Prasanna Malaiyandi:
and it just continues to amaze me that.
Prasanna Malaiyandi:
Uh, when I read a story like the one that I read this morning that it's like,
Prasanna Malaiyandi:
here it is a major corporation that was attacked simply because they didn't have
Prasanna Malaiyandi:
MFA enabled on an app that allows MFA.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: I, I, I just don't understand that.
Prasanna Malaiyandi:
So if that's you, please Now, like immediately, especially again,
Prasanna Malaiyandi:
you're, you're a backup person.
Prasanna Malaiyandi:
If you're listening to me, you're a backup person.
Prasanna Malaiyandi:
Go to your backup system.
Prasanna Malaiyandi:
Have I enabled MFA on net backup?
Prasanna Malaiyandi:
Have I enabled MFA on, you know, uh, Veeam Druva, uh, Rubrik, Cohesity?
Prasanna Malaiyandi:
Have I enabled that?
Prasanna Malaiyandi:
Did they force me to enable, I, I, I wish they would, if they
Prasanna Malaiyandi:
haven't forced you to enable it.
Prasanna Malaiyandi:
Do it now.
Prasanna Malaiyandi:
Do it now before you finish this podcast.
Prasanna Malaiyandi:
Now I would say.
Prasanna Malaiyandi:
That for many of these systems, because they do support single sign-on,
Prasanna Malaiyandi:
it's usually up to those single sign-on providers to do the MFA.
Prasanna Malaiyandi:
For instance, if you are able to log into, say, Rubrik using Okta as your
Prasanna Malaiyandi:
single sign-on provider, as long as Okta has MFA enabled, Rubrik necessarily
Prasanna Malaiyandi:
doesn't need explicitly to support it because it's already supported
Prasanna Malaiyandi:
by the single sign-on provider.
Prasanna Malaiyandi:
W. Curtis Preston: So I'm gonna agree and disagree with you, right?
Prasanna Malaiyandi:
Is there a way to log into Rubrik without that, that system needs
Prasanna Malaiyandi:
MFA, that's all I'm saying.
Prasanna Malaiyandi:
Um, if there's like a back door, a back way, I.
Prasanna Malaiyandi:
If Okta is down, there's another way for you to log into
Prasanna Malaiyandi:
your favorite backup system.
Prasanna Malaiyandi:
That system needs to mf have MFA, and it's the back doors that often
Prasanna Malaiyandi:
get compromised because they're ignored and not maintained.
Prasanna Malaiyandi:
So,
Prasanna Malaiyandi:
And change your default password.
Prasanna Malaiyandi:
W. Curtis Preston: and change your default password.
Prasanna Malaiyandi:
Again, we keep reading these things right.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Uh, anyway, this will stop 90 plus percent of
Prasanna Malaiyandi:
ransomware attacks out there, and all of this stuff is relatively easy
Prasanna Malaiyandi:
and there's no point in doing the fancier stuff until you've done this.
Prasanna Malaiyandi:
So anyway, thanks for, you know, helping me work through that persona.
Prasanna Malaiyandi:
Uh, no worries, Curtis, and I'm glad your
Prasanna Malaiyandi:
wifi is up and running and, uh.
Prasanna Malaiyandi:
W. Curtis Preston: that's what I was about to say.
Prasanna Malaiyandi:
Even though you were completely worthless yesterday, right around this time.
Prasanna Malaiyandi:
Um, and thanks again to our listeners.
Prasanna Malaiyandi:
We'd be nothing without you.
Prasanna Malaiyandi:
That is a wrap.
Listen On
