I’ve known Michael Young for a number of years, first meeting him early in NextStage’s history. Michael has provided valuable advice to NextStage in the past and, during a recent lunch, we had a chance to catch up. Michael is recently returned and retired from the Naval Reserves, serving in the Persian Gulf as the lead in a small team responsible for all Atlantic and Gulf information and cyber-security.
I’m turning this blog over to Michael for the next few Fridays as it might be in your interests to read what he thinks about 24×7.
Information Security, Network Analysis, and Services Support (Help Desk) rely on analytic information to maintain operation and gage the success of operations. Just as analytics can help determine the success or failure of a web site, it can also provide a view to the threat indication status of your global enterprise network. To explore these concepts here is a simplistic example.
Internet communications all happen over the Transmission Control protocol/Internet Protocol (TCP/IP) Stack. Part of the standard of TCP/IP is the separation of different application traffic into different ports. There are two distinctive port types, TCP ports and Uniform Datagram Protocol or UDP Ports. Each port represents a type of traffic based upon predefined usage under the IEEE.
The most common ports are 80=HTTP (Web), 25=SMTP (Email), 21=FTP, and 110=POP3 (Email). There are a roughly 200 defined ports and a series of undefined ports. Unfortunately the system is open to the development of new ports and the private use of custom ports dependent on need. Cyber criminals attack ports to gain access to your network. Unfortunately a port does not have to be defined to be attacked, just open. An open port is one that is not explicitly blocked by the host system or a network firewall.
Fortunately, a port must have a listener to be affected. This is where we introduce SPAM, WORMs, Trojan Horse and Spyware, all of which are currently referred to as Malicious Ware or MALWARE. In our scenario a user visits an innocuous web site which silently installs a code known as a web bot to listen for a specific port. Once the listening application is present, a cyber criminal has control of that system and potentially your network.
Next week, The Good News.
Michael Young’s Bio
has serverd as Chief Information Security Officer (CISO) and Principle Privacy Officer, State Street Global Advisors, State Street Corporation, Senior IT Management and Technology Consultant, DMR Consulting Group, Dublin Ireland, IT Consultant, Fife Regional Council and Local Government Authority, Fife Scotland UK and Senior IT Director, Special Programs, Sanders a Lockheed Martin Company in addition to his naval duties.
As CISO of SSgA, Michael created and managed the global information security program for SSgA. From March of 2000 to April of 2002, Michael, acted as principle advisor to the CEO, CIO, Compliance and Risk Officer on all matters concerning technology security and global privacy legislation and the affects of the legislation on IT operations.