Paul Herring
Senior Manager of Cloud Services who has worked in Telcoms, network support and PKI support for 26 years. Paul has a PhD in Educational Technologies and an MSc in Cyber Security
Location Oxfordshire, United Kingdom
Activity
-
Paul Herring made a comment
I enjoyed the course and look forward to the next one.
-
Paul Herring made a comment
I do not think that it is possible to develop secure systems just based upon compliance with development and security standards. Zero day issues are becoming more common which has meant that software patching has become the necessary evil of every IT Support person's job. Also, Hakeem makes a very valuable point when stating that cod is very large and can be...
-
Paul Herring made a comment
GDPR is EU-based data protection legislation that strives to protect the rights of individuals PII and to ensure that PII is handled in a responsible way, is not held for any longer than it is needed to fulfil the reason for collecting it. Is not used for other reasons that has not been authorised by the individual associated with the PII and provides laws...
-
Paul Herring replied to Dennis McGhan
The challenge is to be able to enforce the act against a person or persons who for example hack into a company’s customer files and steal Personally Identifiable Information (PII) if they reside in a country that is outside of the EU and does not comply with Data Protection International Laws. It these circumstances it is very difficult to bring a perpetrator...
-
Paul Herring made a comment
IFS takes best practice described in ISO 27000 and other frameworks and guides companies and individual Security Officers through the process of becoming and retaining compliance with best practices.
-
Paul Herring made a comment
Compliance with Standards ensures that your systems design will follow best practice security design, will have more chance of being interoperable with other products (if that is needed). As Fidele quite rightly states there will be times when some systems will need to conform more rigorously to Standards than just at a basic level if it is to be accepted and...
-
Paul Herring made a comment
Experience show us that there is no software vendor on the market that is capable of providing completely secure software. Acceptance of this assumption means that we must also accept that all vendors will produce software security patches to protect against known vulnerabilities. Which begs the question m, what about the vulnerabilities that are still to be...
-
Paul Herring made a comment
It is important to use an iterating method like agile when security is added because it is important that security is re-evaluated at each stage and changes made to the developing code to ensure that the overall security of the application isn't compromised as new functionality is added. It is also important that iterative testing is undertaken at each stage...
-
Paul Herring made a comment
I learned about SDLC and how Security can be added to the cycle to ensure that the end result will be more secure and will address the CIA of customer PII
-
Paul Herring made a comment
I would use the agile model because it allows small changes and modifications to be done over the development cycle and can adapt functionality based on customer feedback. However, it is worth noting that in this case it is more likely that carers rather than end customers (who may also have some form of dementia) will provide feedback on the success, or...
-
Paul Herring made a comment
A reoccurring issue that finally resulted in vendors choosing stronger cryptographic algorithms was the cracking of RC4 which led to users and vendors adoption of WPA2. One of the biggest breaches reported that was associated with a WEP hack was in 2006 when credit card processing terminals in a US department store chain called TJ Maxx were hacked and millions...
-
Paul Herring made a comment
It is important to consider CIA in the development process because otherwise the software you develop is likely to be vulnerable to attacks with a consequence that user PII will be stolen. This will mean that your company could infringe GDPR/DPA regulations and be subject to a very large fine. Also, a breach will also damage your company's reputation and could...
-
Paul Herring made a comment
Security should always be considered during any software development, from the initial requirement, design, implementation and testing stages. However, software development is dependent on other parts of the solution (applications are dependent on secure OS design and both can be dependent on the firmware that is used) any part can mean that security can...
-
Paul Herring replied to Paul Herring
@FideleAKOBE great to speak to you again. Yes, it will be good to work together again. How many courses have you got to go until the dissertation?
-
Paul Herring made a comment
Computer systems and networks have been developed from stand-alone system built to complete a single task, quickly (such as Colossus development to crack German codes). These early systems relied on physical security (locked rooms security guards and restricted physical access) to protect them as these systems weren't connected to external networks. Later...
-
Paul Herring made a comment
Dennis and Robbie make very good points. History shows us that it is very difficult to make systems secure and often requires frequent security patching as and when vulnerabilities are discovered. Policies, standards and legislation work well as guidance toward secure software but factors such as software peer review, rigorous testing, standardised and best...
-
Paul Herring made a comment
Hello everyone,
My name is Paul Herring and I have worked in various IT roles for more years than I am prepared to admit ;-). Currently I am an Operations Manager with a Computer Security company.I am currently studying towards the MSc in Cyber Security and this will be my final course before going onto the dissertation. Although this is a prerequisite of...
-
Paul Herring replied to Paul Herring
Hi Krisl, sorry I have only just seen your message. How many were you able to decrypt?
-
Paul Herring made a comment
A very interesting introduction into Network Security. I look forward to learning more in the coming courses.
-
Paul Herring made a comment
I still feel that cyber attacks are inevitable. To quote John Chambers (CEO of Cisco "There are only two types of companies: those that know they’ve been compromised, and those that don’t know.” Bejtlich (2018)
References
Bejtlich (2018) 'The Origin of the Quote "There Are Two Types of Companies"', [online] Available from:... -
Paul Herring made a comment
The red team provides a way of confirming a networks ability to protect against attack and ensures that the blue team can take steps to improve security and remove vulnerabilities based upon the red teams findings.
-
Paul Herring made a comment
I agree with Sabiha, the battle between the blue team (defensive) and red team (hackers) is ongoing with each side trying to get the upper hand. However, we should also consider state agencies that use red team techniques to gain advantage over other country's state projects etc. (for example Stuxnet). In these situations organisations with the role of...
-
Paul Herring made a comment
Cyber attacks are a real threat that everyone should consider and put protective measures in place on their computers and networks. Cyber security is also not a one solution fits all, there is a requirement to use different techniques to mitigate the risk of successful network penetration by attackers.
-
Paul Herring made a comment
By running nmap with -A and T4 additional information is provided about the possible version of the OS on the target machine (note HTTP scan suggests CentOS is being used (although this might be a false positive result):
Server with firewall down
oot@cueh:~# nmap -A -T4 192.168.5.100
[...].
Not shown: 996 closed ports
PORT STATE SERVICE... -
Paul Herring made a comment
Server with no firewall running:
root@cueh:~# nmap 192.168.5.100
Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-24 06:47 EDT
Nmap scan report for 192.168.5.100
Host is up (0.0071s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
MAC Address:... -
Paul Herring made a comment
The basic nmaps can gave the following results:
root@cueh:~# nmap 192.168.5.100
Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-24 06:23 EDT
Nmap scan report for 192.168.5.100
Host is up (0.018s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
MAC... -
Paul Herring made a comment
I work for a highly regulated company. Policies and procedures must follow realword use cases and not be driven purely by the whim of the security team. It is important to follow best practices relating to security but it must be reflective of the business and support the business to work in safe ways that balance a need for CIA data security and the need to...
-
Paul Herring made a comment
Badly configured switch fabric can result in network loops and network segment downtime. However implementation of soanni g tree and other techniques can mitigate the risk of this issue. Malware can also cause havoc on networks when they propagate through connected network hosts and cause huge increases on network traffic (possibly as a DDoS attack) or take...
-
Paul Herring made a comment
I have really enjoyed this short course. It has been informative and challenging. I particularly enjoyed the practical tasks and would like to see more examples of these in the coming weeks.
-
Paul Herring made a comment
I still think that encrypted data is difficult to keep secret. As technology advances there will be greater threats to our 'secure' data and algorithms and processes will need to change to meet this threat. It is also important to take into account the human factor as it is easy for people to make mistakes or to become sloppy in the encoding process (as has...
-
Paul Herring made a comment
To ensure crypto integrity it was important that OTP was used once and then destroyed, the sender and receiver were aware of which OTP was in use and both parties had a copy of OTP. This made distribution and concealment of OTP of prime importance. Also, use by only two operators, or scaling up of OTP meant that a stringent and secure handling, storage and...
-
Paul Herring made a comment
HMAC is used in VPN connections, TLS protected services like online banking and online shopping and password and data encryption.
-
the quick brown fox jumps over the lazy dog
-
Paul Herring made a comment
The best way to defend against these types of attack is to use random #(non-dictionary) passwords that are in excess of 14 characters long (Kevin Mitnick actually suggests 25 or more characters long) that are a mix of numbers, Upper and lower characters and special characters and to not end with a special character or symbol and do not start with a number or...
-
Paul Herring made a comment
I was able to recover passwords for all but six of the hashes given using https://hashtoolkit.com/
-
Paul Herring made a comment
The use of knowledge-based authentication is simply to increase the likelihood that the person logging in is who they say they are. This is not to say that a skilled social engineer could not get this information using a spear phishing attack. To protect against this sort of activity it is wise to use random words that have no connection with the question...
-
Paul Herring made a comment
By its very nature technology provides predictable outputs. algorithms such as Random Number and Pseudo random number generators can be used to provide randomness with a key but it is possible (as the BBC article has shown) for outside agencies to manipulate the method to ensure a deterministic result. Also, organisations like NSA have adapted and installed...
-
Paul Herring made a comment
It is inevitable that data encrypted with algorithms considered to be secure now will be broken in the future. The increase in key length an use of elliptic curve encryption methods will secure data now by ensuring that the cost, time and effort to break encrypted messages is too costly. For now cryptologist and researchers are working on ways in which...
-
Paul Herring made a comment
I agree with Nicholas, cyber attacks are inevitable and there is probably a lot truth in the view that companies fall in to those who have been hacked and those who don't yet know they have been hacked. Given this view everyone needs to acquire skills to identify and deal with potential attacks as quickly and effectively as they can
-
Paul Herring made a comment
Hi everyone, my name is Paul Herring. I work for an IT security company that provides PKI managed services. I am particularly interested in this course because I am becoming more involved in network security in my job.
-
Paul Herring made a comment
Algorithms get ever more complex and crypto keys increase in size, however, the tools to break encryption is also becoming more advanced with state and academic researchers and cryptanalysts finding ways to cause (possibly theoretical) collisions in algorithm outputs and the threat posed by quantum computing in the future it is possible that all algorithms...
-
Paul Herring made a comment
Encryption of messages has evolved over many hundreds of years from simple substitution codes to more complex methods that has included technology. Encryption methods have become more complex, but there is an increased need to continue developing better ways to encrypt communication as technology and knowledge of encryption by cryptologists becomes ever more...
-
Paul Herring made a comment
Without cryptography people would not be able to take part in online shopping, banking, communicating with friends using social media and working from home (especially during the Covid-19 crisis).
-
Paul Herring made a comment
Breaking of German and Japanese codes was very important to the shortening of WW2. Examples include passing battalion and regiment strengths and structure of the German army prior to the Battle of Kursk to the Russians which resulted in the German army defeat. Other examples include the allies ability to interpret if deception plans prior to and during D Day...
-
Paul Herring made a comment
YCAJSDGRDALVHSCUCWCPB (clue for the key something used in cryptography) ;-)
-
Paul Herring made a comment
Al Kindi is credited with developing frequency analysis, which allows the cryptographer to analyse a coded message and using the knowledge of the most often used letters to decrypt substitution encrypted messages. Letter frequencies can be made more difficult to find if a onetime pad is used and the key is changed regularly. Another method would be to use a...
-
Paul Herring made a comment
I agree with Simon codes within codes would make decryption more difficult. However, it would also probably make the message difficult to decrypt by the legitimate recipient of the message as well. Especially if the sender inadvertently made a mistake when encoding the message.
-
Paul Herring made a comment
The methods tend to rely on substitution of characters or symbols. If the cryptanalyst is aware of frequency analysis then it is possible that any of the early codes could be broken.
-
The use of cryptography and the development of cryptoanalysis has been an ongoing process and has certainly become more complex since the early codes like Caesar Cypher, the more complex, but still weak nuanced (the use of specific numbers or symbols to represent frequently used words or phrases) and stenography (messages were sent and received in beer barrels...
-
Paul Herring made a comment
All codes can be broken given enough time and resources. The aim behind cryptography is more to make something so difficult to break that the attacker won't expend the effort required to break it, or the time to break it is suitably long enough that the information in the message is no longer useful to the attacker (for example messages associated with battle...
-
Paul Herring made a comment
Hello everyone. My name is Paul Herring and I am an IT Operations Manager supporting network and PKI services for customers. Although I have supported PKI systems for many years I do not have a crypto background and would like to learn more about how cryptography has developed from early cyphers to today cryptographic techniques.
-
Paul Herring made a comment
This was an excellent introduction to automotive security. I look forward to learning more in the mini courses to come in this subject area.
-
Paul Herring made a comment
The course has enabled me to understand the pros and cons to the development of smart cars and our gradual move to vehicle autonomy. Security of modern cars was driving force for me to take this course and I have found it to be very enlightening and rather disturbing. Churchill was once quoted as saying "those who do not learn from history are doomed to repeat...
-
Paul Herring made a comment
I agree with Mohammed and Shola, hackers could target a specific car manufacturer to remove a particular car model from the market. Also it is possible that hackers living in a nation may target a car manufacturer based in a nation who us enforcing economic sanctions, etc. in retaliation.
-
Paul Herring made a comment
The motivation of car manufacturers to produce smarter cars if purely affected by the increased desire of customers to have more autonomous vehicles. Unfortunately, this has come at the price of less then adequate security of the CAN and general vehicle design. It is often felt that security stifles innovation and functionality, however, this is misguided as...
-
Paul Herring made a comment
A great introduction into IoT. I look forward to learning more.
-
Paul Herring made a comment
A very interesting week that helped to highlight the legal, ethical and social aspects of IoT use. I agree with Ben who highlights privacy concerns; I think that this is a key potential issue with IoT.
-
Paul Herring made a comment
The question really is how ethical is it to collect this data and this really depends on the real reason for collecting it and the protections against misuse is deployed by the company. When looked at from a humanitarian perspective it seems a very good thing to do as it has the potential to increase crop yields whilst reducing CO2 and other pollutants caused...
-
Paul Herring made a comment
The right to tinker offers up a number of issues for me. Firstly, tinkering by the enthusiast may enable better performance or new functionality in their product. However, when that tinkering has an influence on safety or security features then there is the possibility of putting people in harms way, opening up the chance of identity theft and/or fraud,...
-
Paul Herring made a comment
tinkering will happen, but it is important to protect company IP whilst at e same time ensuring consumers security and privacy is upheld by governance and law.
-
Paul Herring made a comment
One example is when Three 'bricked' Samsung Note 7 smart phones deliberately to stop owners from continuing to use their phones after batteries in some phones over heated and caused fires or the battery to explode.
-
Paul Herring made a comment
Concerns have been raised about data collection by Samsung smart televisions and by the always listening nature of Amazon Echo. Both of these examples may constitute the spy in the living room risk that could allow law enforcement and criminals to have easy access to personal information, etc.
-
The issue surrounding Internet sites not being compliant with GDPR is worrying. People are presented with requests to agreement with cookies as a matter of course now and it seems that the data collected by these companies is not being protected or used appropriately.
-
Paul Herring made a comment
I want to learn about the legal and ethical implications of IoT when compared to the convenience they can bring to end users.
-
Paul Herring made a comment
The most interesting aspect is that IoT can in some cases appear to be invisible to the consumer, but is able to provide very useful functionality to the user. I have immensely enjoyed this week and look forward to learning more.
-
Paul Herring made a comment
Initially I thought it was a gimmick, but the description in this course suggests that the use and need for IoT run more deeply than merely being used as a way of getting a device to play music using a voice command, or putting the heating on from a smart phone.
-
Paul Herring made a comment
Amazon Alexa speakers have a physical and a digital presence. They are able to play music requested from a digital data store and they are also able to act as a control mechanism for other smart devices in the home when these devices are available.
-
Paul Herring made a comment
IoT are devices that use communication methods to cooperate, alert or do other functions and can be interacted with using the Internet.
-
Paul Herring made a comment
Intelligent systems in modern cars, smart heating systems in houses, smart meters, smart TVs, Alexa devices, smart phones, home security systems and autonomous lawn mowers to name few.
-
Paul Herring made a comment
Ahmed raises very good points; we are in the early stages of a new technological evolution which will inevitably raise concerns about safety and the real benefits of its use. However, IoT could help to improve safety and enable reliable and more diverse ways of doing things. But this can only be achieved through a structured approach to ensuring these systems...
-
Paul Herring made a comment
Smart home devices offer increased freedom and independence to physically disabled people, convenience (e.g. you can turn up the heating before you get home or answer the door via a microphone if someone rings the door bell when you are away from home) and reassurance (you can be alerted if someone attempts to break in) however this also raises the question...
-
Paul Herring made a comment
The article authors broadly agree on what constitutes IoT, however IoT is included in so many different areas of our technical environment that it has in many cases become invisible to the consumer, but crucial to the functioning of technology as a whole, in much the same way as the tbe nervous system and neurons of a person are invisible to another person...
-
I am keen to understand how the wide variety of interconnected and often unseen devices can be secured against malicious actions.
-
Paul Herring made a comment
This week we were introduced to the key components that can be used to access a car's onboard management system and gain access to CAN hosted devices in the car. We also found out that car security is not as robust as car manufacturers suggest and how ethical hackers have demonstrated flaws in car security that can be potentially exploited from anywhere via...
-
Paul Herring made a comment
OBD2 is an unsecured access to onboard management systems in the car to allow mechanics to diagnose faults and reset alarms.
-
The responsibility should be with the manufacturer who should take all reasonable steps to recall advise the owner of the issue. However, the owner also bears a responsibility for the road worthiness of his/her vehicle. The manufacturer cannot force the owner to go to a garage to have the vehicle patched and for most their car will only go to the garage if it...
-
Paul Herring made a comment
In the recent past people have not taken IoT security seriously. However, people are slowly becoming more aware of the issues embedded technologies pose to privacy and the potential of financial loss. Unfortunately, manufacturers have been slow to provide adequate security controls. This failing must be addressed as a matter of urgency.
-
Paul Herring made a comment
Vehicle security should follow the same cybersecurity good practice used in network based hosts: firewall protection, IDS, AV, regular patch updates, credential protection, etc.
-
Paul Herring made a comment
A learning log helps to collect notes and reference material that you can use later in your studies. It also helps to show how your understanding has developed over the study period. I have no experience of these tools, however.
I would also suggest using a reference database like Mendeley to store all of the papers, references to books and websites, etc. as... -
Paul Herring made a comment
Hi, My name is Paul and I am in the UK. I work for an IT company that specialises the provision of PKI managed services to our customers.
I have already studied the Coventry University Hacking, digital forensics and incident response courses, which have all been very engaging and thought provoking. I am really looking forward to extending my knowledge in...
-
Paul Herring made a comment
Service transition processes are particularly important to the SOC. It is important that services are taken into operation and eventually decommissioned following security best Practices; for example, services should not be allowed to go-live until a full security audit is carried out on the service and it, it is deemed to meet the security standards for the...
-
Paul Herring made a comment
From a business perspective the key business functions of the SOC are security governance of the Company’s IT services that support the business to provide effective and usable services to its customers. Key services to support service management include effective use of appropriate policies and procedures based either on ITIL or ISO 20000 that enable the...
-
Paul Herring made a comment
The first possible issue will be the requirement to enforce security on company networks. This will mean that users may not be able to insert their own, or newly found memory sticks or other media into their computers. Users may also become concerned that ‘big brother’ is monitoring their use of the network/work computers. These issues can often be resolved by...
-
Paul Herring made a comment
I agree with Jan, I am looking forward to learning about security traps and the darknet
-
Paul Herring made a comment
This is a very interesting and useful introduction into the SOC.
-
Paul Herring made a comment
Ethos is a large organisation that has a distributed workforce. It is likely that IT services on remote sites are connected to the head office by WAN links. It is not clear that hosts on the Ethos network are not hardened which has resulted in the successful attack by DannyG on corporate assets. Therefore, it will be necessary for the creation of a SOC with...
-
Paul Herring made a comment
Operations Engineer role is the closest fit to my current work role (I manage Network Operations engineers). However, I would like to eventually like to become a Tier 3 analyst as this would give me the most exposure to working on technical issues without having to manage a team (I much prefer working on issues than spending my time managing others ;-) ).
-
Paul Herring made a comment
Ethos need to implement the PDCA loop (Plan, Do, Check/Study, Act/Adjust) process to manage the changing complexity of the company IT systems and understand the weaknesses they may have in their current IT Security policies and procedures.
They then need to implement IT incident response processes to enable their SOC to efficiently detect and deal with an... -
I agree with Krisl, information risk management is very important in this context. It is also clear that staff need to have Cyber Security training to enable them to avoid the risks of phishing attacks and malware infected USB sticks, etc. It is also a good idea for Ethos to deploy IDS/IPS services to help to alert and stop an active exploit.
-
Paul Herring made a comment
The SOC can use a variety of approaches to accomplish robust cybersecurity; IDS/IPS can be used to detect and prevent access (like the security guard), regular protesting of the network and its hosts can test that the systems are secure, security patching and continued improvement of network security will also ensure that assets remain secure.
-
Paul Herring made a comment
My company wish to setup a SOC in the UK. I want to learn how the SOC works and to become aware of SOC best practices.
-
Paul Herring made a comment
The SOC provides oversight of a company's network security. It has the ability to monitor the network using a variety of tools to detect and react to a number of threat vectors which include external and insider attacks, malware infection to name a few examples.
-
Paul Herring made a comment
This was quite a difficult first assignment. I probably went into too much depth in some areas and not enough in others. I am still waiting for my feedback, so I don't know how I fared, but I found it interesting and hope that I am able to do better when I get a chance to do this again.
-
Paul Herring made a comment
Penetration testing is carried out for a number of reasons:
1. Organisations hosting services supporting critical infrastructure will be required to have annual pen testing to comply with government IT legislation
2. Organisations who control and process customer personal information want to be sure that they are able to protect the customer data and not... -
Paul Herring made a comment
This week has helped me to better understand GDRP and other legislation relating to data protection, etc. Subjects that could have been rather dry but have been presented in an easy to understand format.
If I were to describe this weeks work in three words I think they would be Interesting, absorbing and supportive
-
Paul Herring made a comment
Protection against cyber crime is enforced in United States law by the Computer Fraud and Abuse Act. The act has been changed and strengthened a number of times over the years and covers similar subject areas, including DoS (which is now an offence). In UK law it is a crime if you attempt or succeed in gaining unauthorised access to a computer to enable the...
-
Paul Herring made a comment
New Zealand’s (NZ) security clearance has comparable levels to that of the UK: NZ Confidential (UK BPSS), NZ Secret (UK SC), NZ Top Secret (occasional exposure is covered by UK SC and more routine access is UK DV) and Top Secret Special and requirements (UK DV, which may include UK STRAP). However, New Zealand minimum citizenship time range from 5 years (NZ...
-
Paul Herring made a comment
A person, or persons who attack and in some circumstances access systems with the sole intent of stealing information and/or causing harm to networks and systems that they are not authorised to access.
-
Paul Herring made a comment
I agree with the comments here. It is better to test your security than to assume you are safe, because those with bad intentions won't think twice when it comes exploiting the weaknesses they find in your networks and systems.