Monday, July 18, 2016

A Discussion About Office Macros

Hey everyone - With the last few posts, we have talked about various host-based defense measures you might want to consider implementing.  Today, I want to talk about something else on the host that is a common vector for malware: Office macros.

You might be thinking that we have covered some things over the past few weeks that seem really basic and that Office macros is just another basic topic.  However, since Office macros are still a viable means for malware authors to spread their work, I feel that it is important to talk about.

Monday, July 4, 2016

The "Other" Linux MAC Software: AppArmor

Hey everyone - We have spent a lot of time talking about security measures that are somewhat similar in what they do at a high level.  The implementations differ, but AppLocker, SELinux, and AppArmor (which we will talk about today) implement varying levels of mandatory access control.  The reason I am harping on this topic so much is because I do not feel that it is well understood.  While I have mentioned in every article I have written on these defense measures, none is a foolproof way to prevent all attacks all of the time.  When they are configured correctly, they make it more difficult for an attack to be successful.

AppArmor is similar to SELinux, but the implementation details between each differ.  They both sit on top of the default discretionary access control that exists in Linux systems.  Which one you would want to implement will probably depend on which Linux distribution you are using.  AppArmor is turned on by default on Ubuntu and OpenSUSE whereas SELinux is turned on by default for Red Hat based distributions like CentOS and Fedora.  Both are available for other distributions as well.