Security – A Misleading Concept?

Currently I am creating a presentation on cyber security as a competitive advantage. It looked like a simple task, but ….

When building a presentation I feel that the content should be meaningful. Starting to think about a good starting point, the fundamentals I need/want to transport and a good starting point i thought it would be a good idea to start with a definition of cyber security.

Defining both words, Cyber and Security I found a definition which is a little bit strange but it was taken from William Gibson’s Novel 1984:

„Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts… A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding.“ 

Source for the artwork:×1080/61/artwork_neuromancer_william_gibson_1920x1080_60671.jpg

Another one I found good and better suitable for business purposes was given by the university of maryland

The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems and embedded processors and controllers.


I believe this one has a better fit for purpose. Nevertheless it gives a limited view on security issues. Cyberspace is meant to be digitally. But what does that mean related to intellectual property that people have. Information written or printed on paper. Proof of concepts doming from a machine and so on. Short story: What is the representation of non digital Information? From what I found non digital information is not covered by the term “cyber”!

What is the better term to provide a holistic view on security?

To be honest: I didn’t find one. Information is written on paper, stored in brains, computers. Sometimes it is tangible, sometimes not. Sometimes it is related to buildings and other forms that might represent information or a value. The next question deriving from these thoughts:

Is there anything of value that is not related to information?

If you find something please tell me!

Security in general is meant to be a concept that implies protection from harm to any asset.

That is also the reason why we find numerous security functions in enterprises:

  • Corporate security
  • Facility security
  • Information security
  • IT security
  • Cyber Security
  • Data protection

When talking to clients about their security functions I very often hear that there is a wish to add new skills to the organization to cover new threats! When doing this organizations tend to look for reasonable compromises which are more likely to be trade offs. Usually existing structures are maintained (e.g. the IT Security Officer) and new functions like a Cyber Security Department is added to the organization with newly defined responsibilities and different reporting lines.

Looking at the cyber definition again the conflict is obvious! IT security deals with infrastructures. The information protection officer deals with information stored anywhere and the Cyber Security Defense Service feels extremely hip because it is something new, really important having excellent budget and sits on the territory of the CISO, IT SecOfficer and others.

I started to write down where security applies and found numbers of issues and security functions. Most of them have an overlap which I feel that it is ok.

Detection is the new Prevention

In another article I already presented my view on Detection versus Prevention. I believe Detection is key! A huge misunderstanding is that looking at the concept of security the spotlight is on prevention. This might be true but detection is the new prevention. In order to avoid harm to your organization you need to know your enemy and be prepared against almost everything that can happen. You will have to accept hackers to jump into your networks and you will need to be prepared to detect them and fix the damage asap.

What happens here: It is RESILIENCE!

Organizations need to be better prepared to fix security incidents no matter if they are related to buildings, employes, VIPs, IT infrastructure, paper based information etc.

When I came to this conclusion I felt that any security function in an organization is an important feature. It is preventive feature. It helps to detect issues. But recovery from incidents will be more important than we have ever believed.

I feel that a Business Resilience Function in any organization is the key to eliminate conflicts between different security functions and helps to align them to a powerful organization helping with prevention, detection and recovery!

What do you think? I do not know if I am right or wrong! I am really interested to read your views on this! Please share your thoughts with me and the rest of the community!

The link Between a Company’s Supervisory Board and its Security Strategy

Companies Need New Security Strategies

With regard to cloud computing, Bring Your Own Device (BYOD) or Social Networks companies have to think about their security strategy. Whereas the principle of prevention was effective for a long time it is not effective any more. Having a huge number of mobile devices in place, using various storage systems within the enterprise or outside and the demand for flexible and fast collaboration with clients, partners and suppliers nobody is able to predict where a certain piece of data is right now, how often it has been copied or will be tomorrow.
It is just a fact that business critical information does not reside within the perimeters of the enterprise any more.
Given this fact a company can protect its perimeters with huge efforts and be almost save, a weak system outside the enterprise like a social network or a pubic cloud system destroys all efforts of protecting the assets by preventing intrusion in the own infrastructure. The enterprises are simply not in control of prevention system any more.
Another challenge is the complexity of of attacks against enterprise infrastructures. Nowadays more often zero day exploits and strongly customized malicious code is being used, applying advanced persistent threat techniques which leads to the situation that most of the high sophisticated attacks are not recognized by any prevention system like antivirus, intrusion detection / prevention system or firewalls.
These attacks are simply below the radar screen of the traditional security systems.

What are the new Security Strategies to be applied better today than tomorrow?

The prevention of the future is detection! What does that mean? This means that enterprises have to improve their ability to register anomalies in the data flows leading to a more reliable and faster detection of security incidents. There are two main areas of improvement:

  1. Time to detect a security incident caused by APTs or other high sophisticated techniques
  2. Time to fix the issue

Especially the time to detects requires companies to have intense monitoring capabilities in place to ensure reliable detection. By building these capabilities not only the requirements of companies are in scope but also the personal rights of employees are affected. A company going this way will need to have trust within their working councils and from my perspective it is even better to integrate the employees to build trust that these facilities are not only a requirement to secure the enterprise but also the individual.

Any requirement for the supervisory board?

With respect to the supervisory boards requirements to monitor and give advise to C-Levels, a few questions have to be clarified:

  1. Does the internal control system of the enterprise reduce the risk of exposure of employees and management against threats from the outside (e.G. Use of eMail, websites, unknown documents)?
  2. Is a reporting system in place to to indicate potential threats and suspicious activities?
  3. Does the enterprise have a stable detection system in place to uncover security incidents?
  4. Did the company test the effectiveness of detection techniques and includes the results in a continuous improvement process?
  5. Are security incidents adequately reflected in the board of management’s report on the business situation of the company?


In the end this means that companies have numerous options in place to improve security, deal with liabilities of board members and the supervisory board and drive efficient security measures.

I would suggest to keep an eye on two work streams:

  1. Switch of non effective security measures that simply address prevention – Just talk to me and I will assist you to go this way based on a success fee.
  2. Establish a process too ensure that materiality and severity of security incidents becomes transparent to board members and their supervisory boards to ensure conformity to financial reporting standards.

Just in case that you do not believe that security is to be reflected in the financial reporting you should read the Corporate Finance Disclosure Guidance No. 2: Cybersecurity issued by the SEC. You might also want to use Google to find out who was already addressed by the Regulators of the US to have not properly addressed this issue!

What is the bigger threat? Employees or hackers?

Years ago I read an FBI survey on security incidents and a root cause analysis. I didn’t find it again (if you have it – please send it to me) but I can still remember that it said something like almost 70% of security incidents have been caused by employees.

The last survey I found from the United States Secret Service named “2013 US State of Cybercrime Survey” says that only 21% of cybersecurity incidents have been caused by current and former employees (There is a summary availabe from PwC in the US that helps you to avoid reading all this stuff).

Nevertheless I found it really difficult to qualify these information and have a more solid foundation of sources that helps me to better understand and to better argue with my peers.

But as time went by and big data is not just a buzzword but real applications are available I found a website I desperately want to share with you. They analyzed hacks and other security incidents and built categories to classify these hacks.

The result is a really meaning- and beautiful visualization of security breaches and their sources. What strikes me is the possibility to slice and dice industries sources and size of the incident and get a visual presentation.


I believe that this is one of the most advanced ways to present these figures without leaving room for arguing if the numbers are correct or not. They are simply based on press releases!

My suggestion: Read it and play with it! Click on the graphics and you are forwarded to the website. Enjoy it!

Btw: They also disclose the source of information that leads to this fantastic visualization: Click me!

World’s Biggest Data Breaches & Hacks – Information Is Beautiful

See on Scoop.itGraphics from my #factsandfiguresday

Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.

Joerg Asma‘s insight:

I like the way information is presented. I am personally a very analog guy which is perfectly addressed here.

The titel "Information is Beautiful’ says it all! What’s your opinion? Tell me!

See on

Building a more stable TOR Access Point

As I earlier pointed out I want to have more convenience in using the TOR network which means that I want to be independent from Browser software updates, OS updates etc.

In one of my earlier postings I described building the SPONionPi based on a tutorial brought to us by Spiegel Online. This is Raspberry Pi project works like some sort of Access Point Bridge with one DHCP WLAN client and one Access Point with a DHCP server bound to it.

The disadvantage of this project is:

  • The admin interface is purely German
  • Only a limited number of card drivers seems to be implemented
  • Authentication method does only cover WPA but not WPA2
  • Limited monitoring etc.

Having a WLAN AP Bridge looks smart but for my purpose it is not necessary to have more WLAN dongles. They consume power and increase the temperature of the Raspberry, which means that I would have to lower clocking to compensate those effects.

Furthermore all those articles I found explain building Aps and TOR servers but they are very simple with regards what you should do to avoid exit nodes which might not be trustworthy, which browsers you should use and give some basic rules of thumb on how to use TOR.

I therefore decided to create my own Raspberry Pi disk image and mix some good features I found elsewhere and combine those things with some general hints for using TOR.

Baseline the Raspberry

My RaspberryPi shall be build on the adafruit learning system with their OnionPi. So please apologize that I will only describe the basic steps shortly. I will add some more steps within the initial setup procedure from which I believe they improve stability or make the configuration slightly easier for people like me (not a Linux native).

 Create your Occidentalis image, prepare your SD card

I believe it is best to follow the instructions on the adafuit webpage:

 First Power On and initial login

Use a ssh connection (eG PuTTY on Windows or the terminal in your MAC) to login using the default credentials “pi” ant “raspberry”

Initial configuration

Use the sudo raspi-config to start the configuration program.

Please upgrade the installation application first to be able to set the right parameters. You will be asked if you want to allocate more diskspace then answer “y” to confirm. After having done so, please use the sudo raspi-config program againto set the right parameters for:

  • Expand Filesystem
  • Change User Password
  • Internationalisation Options – Change Timezone
  • Advanced Options – A2 Hostname

When exiting the application please reboot the Raspberry.

Due to the broken ssh pipeline you will need to re-login.


Please run the sudo apt-get upgrade command to bring the image to a recent state. Go and have a cup of coffee – or better two – because it will take some time-

Installing software for Ethernet and WLan

The initial configuration is now done and we can start to configure the network adapters.

The next step will include the setup of the network conection.

We will hace a DHCP client to listen to the Ethernet interface whereas the WLan will provide a DHCP service to authenticat incoming connections from our mobile devices.

Use command sudo apt-get install hostapd isc-dhcp-server to install both packages.

Do not worry that you will receive a message telling you that start of the DHCP server failed. It is not configured yet ;-)

After having installed these packages we will start with the configuration of both.

Please power down the Raspberry to plug in the wlan dongle.Please take a few minutes to let it boot up with the wlan dongle before loging in using ssh.

Set up the DHCP server

First we will have to configure the file /etc/dhcpd/dhcpd.conf by using the sudo nano /etc/dhcp/dhcpd.conf

Please search for the following lines and change them

Original   Changed
option domain-name “”; #option domain-name “”;
option domain-name-servers,; #option domain-name-servers,;
# If this DHCP server is the official DHCP server for the local # If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented. # network, the authoritative directive should be uncommented.
#authoritative; authoritative;

After this add the following lines at the bottom of the file:

subnet netmask {


option broadcast-address;

option routers;

default-lease-time 600;

max-lease-time 7200;

option domain-name “local”;

option domain-name-servers,;


You may want to change the DNS servers or the IP range. I will take a closer look at the DNS service itself.

Close file with ctrl-x (or strg-x) followed by “y”  and “return” to confirm saving.

Type sudo nano /etc/default/isc-dhcp-server

Change the line that contains interfaces=”” to interfaces=”wlan0”

As I have written before, the WLan interface will provide a DCP server so that it needs to have a static IP address. It also serves as gateway between WLan and Ethernet interface.

Please run “sudo nano /etc/network/interfaces”

Add a “#” in front of the auto wlan0.

After that make sure that you add these lines to file and that there is no further “iface wlan0” line exists

iface wlan0 inet static



After having saved the file (ctrl-x, y, return) run sudo ifconfig wlan0

Configuring the Access Point

Now let’s start configuring the HostAPD which is used to authenticate incoming requests.

We will create a new file by running sudo /etc/hostapd/hostapd.conf

Please paste the following code into this configuration file and make sure that you set the ssid and wpa_passphrase with the parameters you want to use.

Later on I will spend some time to explain the configuration file in more detail and make some changes to it. But for the moment we are done!














Now we will tell the hostapd where the configuration file can be found.

Change the line #DAEMON_CONF=”” to DAEMON_CONF=”/etc/hostapd/hostapd.conf  and save the file as usual.

Now we need to configure the path from the wlan to the Ethernet interface using NAT (network address translation)

Type sudo nano /etc/sysctl.conf and scroll to the section looking like this

# Uncomment the next line to enable packet forwarding for IPv4


and remove the # before net.ipv4.ip_forward=1 to enable IP forwarding

Now we need to run the command

sudo sh -c “echo 1 > /proc/sys/net/ipv4/ip_forward”

to active forwarding at once

The following commands will then start the address translation between eth0 and wlan0:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Then change the boot configuration to execute this every time you boot this image.

sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”

run again sudo nano /etc/network/interfaces  and add

up iptables-restore < /etc/iptables.ipv4.nat

at the very end of this file and save it again

We will simply bring the hostapd together with drivers etc. to an appropriate version using the following commands:



sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.ORIG

sudo mv hostapd /usr/sbin

sudo chmod 755 /usr/sbin/hostapd

The configuration is now finished and we simply need to finally test it using a mobile device to list our wlan networks.

BildAs you can see from the screenshot from my iPhone the WLan “myTOR” is active

Finalizing the AccessPoint before Installing TOR

There are a few commands you will need to run to complete our installation.

Start services

sudo service hostapd start

sudo service isc-dhcp-server start

Did that work?

sudo service hostapd status
sudo service isc-dhcp-server status

Finally: Reboot using sudo reboot

Now: Installing TOR

Now we need to downlaod TOR and configure it propperly by typing the following command:

sudo apt-get install tor

Please edit the torrc file by opening it

sudo nano /etc/tor/torrc

and then copying the following lines to the top of the file

Log notice file /var/log/tor/notices.log


AutomapHostsSuffixes .onion,.exit

AutomapHostsOnResolve 1

TransPort 9040


DNSPort 53


It is now time to configure the iptables, routing, ports etc by using the following commands:

sudo iptables -F
sudo iptables -t nat -F

sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp –dport 22 -j REDIRECT –to-ports 22

sudo iptables -t nat -A PREROUTING -i wlan0 -p udp –dport 53 -j REDIRECT –to-ports 53

sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp –syn -j REDIRECT –to-ports 9040

sudo iptables -t nat -L

Then replace the old NAT file with the new ones:

sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”

will create a log file for debug purposes

sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log

check it

ls -l /var/log/tor

start the TOR service manually

 sudo service tor start

and make it start right when you power on your Raspberry

sudo update-rc.d tor enable

After reboot using sudo reboot as usual you may now check your TOR connection by using the URL

You may also want to see where you are leaving the TOR network which can be done using a geolocation service.

A better reeadable version as PDF is downloadable here : Link to the PDF


Building a TOR WLAN AccessPoint

Since a couple of years I am using different distributions of TOR routing packages. I installed TunnelBlick, TOR Browser Bundle and tried to build something different based on a Linux distribution hosted on my VMWare platform.

It was always a little bit difficult. My family did not like those things installed by me and was not very supportive to switch to this kind of anonymous browsing.

Some months ago I saw different articles related to Raspberry Pi which I really liked. Some years ago I created my home automation and watering system based on Arduino and a self developed client server environment with some 10 thousand lines of code for the SQL server, the server and the Arduino environment.

So taking a closer look at the Raspberry was the next thing to find out what you can really use it for. Given my experience with the Arduino I was really surprised about the fact that there is already a Linux distribution available and a lot of projects based on Linux features.

Difference between Arduino and Raspberry

The roots of Arduino and the Raspberry Pi seem to be pretty similar. Both have been developed to make projects as easy as possible.


The Arduino needs to be loaded with self developed code. It is developed in a java based coding environment, then make a compile step and load it via USB into the NVRAM of the Arduino. The board itself is developed to have as many I/O ports as possible. These ports may be used as digital I/O or analog I/O. Use-cases are switching relays (I do so in my watering environment) , sensors for water, temperature and others. It was designed to operate actors and sensors in art projects.

The Raspberry is more or less used as a micro computer having everything in place what a “big” machine has: USB ports for keyboards and Mouses, HDMI interface for Monitors and an SD Card Slot for storage and booting the OS.

My Own Raspberry Pi Project

When I decided to start with the Raspberry Pi it took me longer time to figure out whether this is a step of improvement for my home IT or is it just another platform.

I believe that a single Raspberry is powerful enough to serve as AccessPoint or work as XMBC Device  but first time that I was really convinced when I saw that the Raspberry can also work in a cluster successfully and it scales excellent.

In different articles I read that the scaling effect of Raspberry Pi is pretty good when up to 50 (the exact number is 48 – don’t ask me why) nodes are clustered.

All the machines that I have in my Home IT environment use on central SAN so that I no not need storage but application servers for eMail,OpenVPN, TOR and MySQl and some other minor applications. Especially for OpenVPN and MySQL I believe that the Raspberry Pi could be a good choice to get rid of the VMWare servers (I want to switch my platform from a DELL server to a MAC OSX server to have more benefits in my home entertainment environment which is dominated by APPLE products).

So let’s start to build the Raspberry TOR AccessPoint. For all of you which are German native speakers you may also want to read the Spiegel Online Posting which is excellent. For all other readers I try to make it as simple as possible. Just to let you know: I am not a Linux expert so bear with me if you feel that you might have more easy or elegant ways to go a certain step.

There are also some sceptic voices I do not want to conceal. The TOR network itself has a good foundation to enable anonymous communication. If you do things wrong you will not be anonymous anymore. Login in to social websites, using eMail and other things might endanger your privacy. The TOR concept itself has also some weaknesses in the exit node. To compromise the exit nodes means eliminating privacy. To be on the safe side it is recommended to use secure exit nodes. A list of those exit nodes is available in the internet. A good article about this issue comes from Mike Kuketz. I will try to find something similar in english and update this posting.

During the project I will fix this issue and define a number of secure exit nodes in the configuration files.

Step 1: Prepare your environment

What you need is a PC or Mac to build your boot device based on an SDHC Card.

I will be using a SanDisk Ultra with 16GB and Speedclass 10. You will find several articles about the influence of the SD card related to the Raspberry Pi so that I do not describe it in detail.

This SDHC card will be prepared with the Linux Distribution coming from Adafruit, called Occidentalis. Please download it here: Occidentalis on Adafruit.

This Linux distribution needs to be written to your SDHC card. For the preparation of  the SDHC card you can use Ray’s installation script or any other tool for your platform described in Adafruit’s article about the preparation of an SDHC card.

Extract Occidentalis and Ray’s script to one single folder – which makes life a lot easier when running the install script later.

Open a terminal window on your mac and go to your directory.

Please make sure to get rid of all devices that you mounted before like software installers and disks you do not need because it makes it easier to find the right device later when you have to select the device to install the Linux distribution on.

Beware: In case you select the wrong disk (eG your Mac startup volume) it will be lost!

You can check upfront in the terminal using the command df -hl 


which devices are mounted.

Hint: I already gave the SDHC Card a Name to make it better identifiable in the course of the installation process

Step 2: Install the Image

Run the command sudo ./install Occidentalis_v02.img and select the SDHC card you inserted in your cardreader.


Please be patient – the process takes a couple of minutes to complete.

It is completed when you see the message “All done!“. That’s the point when you already have a full bootable standard Linux for your Raspberry Pi in hands.

I decided to over clock the Raspberry Pi to have a better performance. Some people are writing that this might damage the SDHC card but I decided to ignore this hint. There are tables available for the different values but keep in mind that over clocking means increasing power consumption. If your power supply is weak this may cause instabilities. On certain cases (starting with 950 MHz) you also need to have a 6 V power supply! and set the over_voltage flag.

To over clock the Raspberry Pi you can directly mount the SDHC card again in your Mac and edit the config.txt file in the root partition.

#uncomment to overclock the arm. 700 MHz is the default.

I decided to replace the 800 MHz over clock with 900 MHz.  After saving the file please unmount the SDHC card again.

Step 3: Start up the Raspberry for the first time

I do not use an external keyboard or monitor. I just use a ssh connection.

Starting up the Raspberry means plugging in the Micro USB, the SDHC card and the ethernet cable. The Raspberry looks for a DHCP connection.

BildIn the next step you will need to open an SSH connection using the IP address the Raspberry Pi uses. Simply look in the administration console of your DHCP server (usually in home environments your DSL router)  and identify the device called raspberrypi. My Raspberry has the IP address so you will find this IP in the course of the documentation.

Use ssh pi@<IP address> to connect and add the Raspberry Pi to the list of the known hosts by following the questions on your screen.

The default user is pi and the password is raspberry. Please make sure to have it changed asap using the command sudo passwd.

Step 4: Install the TOR package

Next step is to install the TOR environment that comes from Spiegel Online.

Please execute the following lines of code in your ssh console:

git clone SPONionPi

cd SPONionPi

sudo sh

The whole installation takes a longer time – around 45 minutes. You will be asked to reboot the Raspberry Pi by powering off and on again. After that you will have to run again (please be aware that this installation procedure resets the Pi’s password to raspberry) :

cd SPONionPi

sudo sh

Before doing anything with the card it is recommended to clone the SDHC card to avoid any additional work when misconfiguring  the interface later. Some tutorials how to do that are available in the internet. One is this one.

The commands you need to use are

diskutil list  (assume your SDHC Card is disk4)

sudo dd if=/dev/rdisk4 of=~/Desktop/pi.img bs=1m

You may use the SDHC image installer described in Step 2 to install the clone on a new SDHC card.

After the procedure terminates with success you will have to power off the device and plug in both WLAN adapters and remove the ethernet cable from the device.

After that you need to reconfigure the access point interfacce which is available under with the login credentials SPONionPi-Tor and spiegelonline.

Please follow the steps described there to modify your installation.

I will update this posting to after my next steps to tailor my Raspberry to meet my requirements including interfaces, Passwords, usernames etc.