One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 3421939 |
| Date de publication | 2021-09-24 03:51:21 (vue: 2021-09-24 08:05:43) |
| Titre | Check: that Republican audit of Maricopa |
| Texte | Author: Robert Graham (@erratarob)Later today (Friday, September 24, 2021), Republican auditors release their final report on the found with elections in Maricopa county. Draft copies have circulated online. In this blogpost, I write up my comments on the cybersecurity portions of their draft.https://arizonaagenda.substack.com/p/we-got-the-senate-audit-reportThe three main problems are:They misapply cybersecurity principles that are meaningful for normal networks, but which don't really apply to the air gapped networks we see here.They make some errors about technology, especially networking.They are overstretching themselves to find dirt, claiming the things they don't understand are evidence of something bad.In the parts below, I pick apart individual pieces from that document to demonstrate these criticisms. I focus on section 7, the cybersecurity section, and ignore the other parts of the document, where others are more qualified than I to opine.In short, when corrected, section 7 is nearly empty of any content.7.5.2.1.1 Software and Patch Management, part 1They claim Dominion is defective at one of the best-known cyber-security issues: applying patches.It's not true. The systems are “air gapped”, disconnected from the typical sort of threat that exploits unpatched systems. The primary security of the system is physical.This is standard in other industries with hard reliability constraints, like industrial or medical. Patches in those systems can destabilize systems and kill people, so these industries are risk averse. They prefer to mitigate the threat in other ways, such as with firewalls and air gaps.Yes, this approach is controversial. There are some in the cybersecurity community who use lack of patches as a bludgeon with which to bully any who don't apply every patch immediately. But this is because patching is more a political issue than a technical one. In the real, non-political world we live in, most things don't get immediately patched all the time.7.5.2.1.1 Software and Patch Management, part 2They claim new software executables were applied to the system, despite the rules against new software being applied. This isn't necessarily true.There are many reasons why Windows may create new software executables even when no new software is added. One reason is “Features on Demand” or FOD. You'll see new executables appear in C:\Windows\WinSxS for these. Another reason is their .NET language, which causes binary x86 executables to be created from bytecode. You'll see this in the C:\Windows\assembly directory.The auditors simply counted the number of new executables, with no indication which category they fell in. Maybe they are right, maybe new software was installed or old software updated. It's just that their mere counting of executable files doesn't show understanding of these differences.7.5.2.1.2 Log ManagementThe auditors claim that a central log management system should be used.This obviously wouldn't apply to “air gapped” systems, because it would need a connection to an external network.Dominion already designates their EMSERVER as the central log repository for their little air gapped network. Important files from C: are copied to D:, a RAID10 drive. This is a perfectly adequate solution, adding yet another computer to their little network would be overkill, and add as many security problems as it solved.One could argue more Windows logs need to be preserved, but that would simply mean archiving the from the C: drive onto the D: drive, not that you need to connect to the Internet to centrally log files.7.5.2.1.3 Credential ManagementLike the other sections, this claim is out of place |
| Envoyé | Oui |
| Condensat | 100 168 192 1they 2020 2021 2they 9th @erratarob about above absurd access account accounts accusations activitythey add added adding address addresses adequate administration administrators after afterwards again against ahead air airgap airgapped all almost already also alternative always anomalies anonymous another any anyway apart appear applications applied apply applying approach appropriate archiving are are:they areas aren argue argument arizona arp ask asked assembly associated attached attacking attempt audit audited auditor auditors author: automatically available averse bad ballots based baseless baseline baselines baselining basis because been being believe below best big binary bios bits blame blogpost bludgeon boot both box boxes” budget build bully but bytecode can cannot case cast catastrophic category cause causes centers central centrally certainly certified challenge challenging champion change changed check: choose circulated cisa claim claiming claims clear clerk colorado com/p/we come comments common commonly community comparing competence competing complain complete comply computer conclusionwe configuration configured confirms conflict confusion connect connected connection considered conspiracy constraints constructed containing content continued controlling controversial copied copies corporate correct corrected could count counted counting county cover crazier create created credential criticisms customers cyber cybersecurity data datathe day days” deal debate debunking dedicated default defective demand demanded demands demand” democracy demonstrate demonstrates depends description designates desktop despite destabilize detected devices dhcp did didn differences directory dirt disconnected discoveredthe document doesn dominion dominions don done doubt draft drive drives dual dummy during each early either election elections empty ems emserver enable endless entire entries environment errors especially ethernet even every everyone everything evidence excessive executable executables exist expedition expert explain explanation explanations exploits external extraordinarily fact failure fair fairly fallacy false falsely far fell files fill final find firewall firewalls first fix fixed flipped flow focus focuses fod fodder forensics forgot former found fraud friday from full future gap gapped gapped” gaps general generally generic get getting given going got graham guessing guy hack had hand happened hard has have headline here highly hire homed host hosts” how https://arizonaagenda hunting idea ideally ideas identified identifying ignorance ignore immediately important improvements inability inappropriate including incredibly indication individual industrial industries industry inherently install installation installed instead intend intended internet isn issue issues: its itself junk just keeps kept key kill know known lack language last later law laws left like likely little live local log loginsthey logins” logs long look looking mac machines made main make management managementlike managementthe many maricopa massive matches matching may maybe mean meaning meaningful meaningless means medical mere messages might misapply missing mitigate months more most mostly much must nat nature nearly necessarily need needed nefarious neighboring net netowrk network networking networks networkthe new nist non normal normally not note number obviously oddly offer old one online only onto operating opine order other others out over overfilling overkill overstretching own paper part partisan parts party password passwords past patch patched patches patching peaceful people perfectly person peters phase phishing physical pick pieces place pluralism pluralistic point points political portion portions possible power practice predictable prefer preserve preserved preservedit primary principle principles probably problem problematic problems process produce proof protection provide providing put qualified question raid10 real really reason reasonable reasons recommendations records records” recount |
| Tags | Threat Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.