Why does the Internet seem broken lately? Because the Government is shut down and let the foxes in the hen house.

Why does the Internet seem broken lately? Let’s start with the obvious – the government shut down is a horrific occurrence far beyond what people realize.

Why is the Internet slow right “now”? Because DNS is under attack and the government is shut down and incapable of responding. Seriously. We, the InfoSec community, are flying blind. For the average person – you are kind of hosed. (kidding, not kidding….)

What is DNS? “DNS” means “domain name resolution.” and it tells your computer how to find a web site. The thing is, *most* sites pull content from numerous places (think twitter feeds on your page, or a FB badge, or a font, etc.) If *ANY* of these items are slowed down, so is your site.

Not surprisingly, criminals look for opportunities and our politicians gave them a big giant gift by shutting down the government.

The DNS attacks, among others, haven’t made the news because the government has been shut down.

Recovery from one month of nobody managing CyberSecurity for the US Government will take months if not years. Some damage is permanent. (I’m just the messenger.)

https://arstechnica.com/information-technology/2019/01/multiple-us-gov-domains-hit-in-serious-dns-hijacking-wave-dhs-warns/

If the Internet and cybersecurity are put in the category of “non-essential” then we have a serious problem. And we have a serious problem far larger than the drop in home buying. Hackers are patient. Very patient. Recon conducted over the last month will be used far into 2020. The RATs will persist in silence and nobody will know until they are activated.

Image from: https://www.deteque.com/live-threat-map/

Additional resources:

Fox News on the impact of the government shut down on cybersecurity

https://video.foxnews.com/v/5990953428001/#sp=show-clips

Krebs on Security’s take:

https://krebsonsecurity.com/2019/01/how-the-u-s-govt-shutdown-harms-security/

#forgotten Hurricane Harvey and Houston

One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown “is crushing our ability to take the fight to cyber criminals.”

“The talent drain after this is finally resolved will cost us five years,” said the source, who asked to remain anonymous because he was not authorized to speak to the news media. “Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”

The source said his agency can’t even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.

North Carolina Coalition to End Homelessness Releases Revamped Tendenci Website Following Hurricane Florence

Mobile responsiveness was crucial to the design of the new site in order to deliver an optimal user experience to NCCEH members and constituents. The added challenge for the Coalition was the enormous amount of information they host and determining the best way to structure their resources for ease of access and maintenance. NCCEH relied on the feature-rich Tendenci Content Management System (CMS) to build an engaging interface that makes information readily accessible.

Using Tendenci Events, NCCEH hosts a variety of informational meetings, trainings and community events. The flexibiilty of the Events module allows NCCEH to post both paid and free events, collecting registrations and payments online when needed. Event reminders, rosters, invoicing reports and quick addition of offline registrations makes event management simple and complete.

The North Carolina Coalition to End Homelessness, NCCEH, serves as an advocacy group and central resource for agencies,organizations and individuals that address the needs of the homeless residents of North Carolina. The recently upgraded Tendenci website has been critical to collection and dissemination of information following the devastation of Hurricane Florence.

Read full story here.

And some thoughts on asynchronous communications.

I believe humans as a whole, put too much faith in technology. Not all phone calls ring on the other end. SMS/text doesn’t always get delivered. Even worse is – sometimes they get delivered hours or days later and the recipient sees a time stamp that may be yesterday, or just this instant. I think that is why phone calls can clear up misunderstandings so quickly. 


I believe we need to be kinder to each other in general. And give people the benefit of the doubt instead of doubting their credibility when they say “I sent that to you!” They probably did. 

In this regard – technology unfortunately can divide us. We should try to focus on the positives and be kind with each other when communication isn’t perfect. Be it a turn of the phrase, delayed chat, or just a message lost in the ether. 
Be kind. Especially with our families. I know all of you are really awesome people. 

-Ed Schipul
#peace

Joy, Happiness & Health to You and Your Loved Ones

To Our Open Source Family,

As the holiday season is upon us, we find ourselves reflecting on the past year and those who have supported us and the entire Tendenci community. With your help, we continue to work toward our shared goal – Connect the world’s people and do some good.

For many of us, it’s been a tough year with all the changes happening across the globe  – natural disasters, wildfires, shootings, political issues, personal issues, and hardest of all, the loss of our loved ones. All lead us to the greatest lesson—love. It is the action of love that makes our world a better place.

It is why we are sending you our most loving holiday wishes as you embark on your journey into 2019. So Happy Holidays our dear Tendenci friends and we wish you all a Happy New Year!

As leaders in Open Source, we are here for you. Always.

Warmest regards,

The Tendenci Team

Security in the Tendenci SaaS Cloud at AWS

Kibana OSSEC Tendenci

Cyber Security is based on Prevention, Monitoring, and Incident Response

Associations are part of the fabric of society. We take it seriously. And we also understand there are no “perfect” or “completely secure” systems. Not even air-gapped.

To guard our SaaS AMS clients’s sites we use redundant systems. These include SSL encryption, application isolation, containers, layers of AWS (Amazon Web Services) VPC, Security Groups, ACLs, Route53 DNS, custom AMIs, virus scanners, malware scanners, pentesting, auditing and more. All of these activities generate redundant logs which need to be monitored. To do that we run what is called the “ELK Stack” or now the “Elastic Stack“.

Network Monitoring with OSSEC Logstash ElasticSearch and Kibana

Cyber Security starts with Project Management

A Cyber PM, upon initial completion, never ends. It requires constant vigilance. The process of Cyber Security can be further explained as:

  1. Architecture – Start with Security In Mind
  2. Passive Cyber Defense – Systems that are in place
  3. Active Cyber Defense
  4. Cyber Intelligence Gathering
  5. Response

** Note: There is a longer explanation on our site at https://www.tendenci.com/security/

There are many resources available for cyber security training. We encourage you to look them up and take an active role in keeping your web site, company, family and country secure from cyber attacks!

For the expanded full version of the basics of cyber security in the Tendenci SaaS cloud, view at https://www.tendenci.com/security