July 2023 - Version 2

How to find MegaRAC BMCs

This week, Eclypsium Research published findings on critical vulnerabilities discovered in AMI MegaRAC baseboard management controller (BMC) firmware. Adding to the portfolio of “BMC&C” vulnerabilities that Eclypsium has been discovering and surfacing since late 2022, these two new vulnerabilities (tracked as CVE-2023-34329 and CVE-2023-34330) can be exploited and chained together to yield unauthenticated remote code execution on vulnerable targets. These vulnerabilities could impact many devices, as MegaRAC BMCs are popular across a number of manufacturers and appear in products from AMD, Asus, Dell EMC, Gigabyte, HPE, Lenovo, Nvidia, and more.

What is an A MI MegaRAC BMC?

MegaRAC baseboard management controllers (BMCs) provide “lights out” management capabilities for remotely monitoring and managing servers. Manufactured by American Megatrends International (AMI), MegaRAC BMCs include a service processor and network connection that operate separately from the server they are connected to. Modern MegaRAC BMC firmware includes support for the Redfish API.

What is the impact?

These two newly disclosed vulnerabilities involve the Redfish service running on the MegaRAC:

Authentication Bypass via HTTP Header Spoofing (CVE-2023-34329; CVSS score 9.1 – “critical”)
Code injection via Dynamic Redfish Extension (CVE-2023-34330; CVSS score 8.2 – “high”)

CVE-2023-34329 can be exploited with specially crafted HTTP headers to trick the Redfish service into believing the request is coming from an interface that does not require authentication, such as USB0. On systems which have the No Auth option enabled, these spoofed headers will allow attackers to access and interact with any Redfish API endpoints.

CVE-2023-34330 can be exploited via an HTTP POST action to execute arbitrary code on the MegaRAC processor. While this code-execution-via-POST was an intentional design choice by AMI, it likely was intended for internal development only. However, it is enabled by default in vulnerable versions of the firmware, making it available to a broader audience.

Chaining exploitation of the two above vulnerabilities together can provide attackers with unauthenticated remote code execution and full control over a vulnerable MegaRAC target. Following successful exploitation, attackers can establish persistence, perform data exfiltration, perform lateral movement in the network, deploy malware, and more. Attackers can also perform a denial of service by forcing the server into a reboot loop or even bricking the system so it will no longer properly function.

Are updates available?

AMI has made patched firmware available in versions SPx_12.4 and SPx_13.2. Admins should update MegaRAC BMCs to the newer firmware as soon as possible.

Eclypsium Research also shared mitigations to help reduce the chance of a successful attack, including:

Ensuring all remote server management network interfaces are NOT exposed externally and operate on networks dedicated to management traffic only.
Ensuring access to remote server management network interfaces is restricted to administrative users via ACLs or firewalls per Zero Trust Architecture principles.

Additionally, U.S. government agencies and contractors legally required to comply with CISA’s Binding Operational Directive 23-02 should note required guidance to follow (similar to the aforementioned mitigation steps).

How do I find potentially vulnerable MegaRAC BMCs with runZero?

From the Asset inventory, use the following prebuilt query to locate MegaRAC BMC instances in your network:

hw:megarac

Results from the above query should be triaged to verify if those assets are running updated firmware versions.

As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

runZero 2023

Avoiding PCI Compliance Fines While Strengthening Data Security

Grasping the intricacies of PCI DSS compliance is crucial for any enterprise dealing with cardholder data transactions. A slight deviation from these standards and your organization may be staring down the barrel of hefty PCI compliance fines. The result? Financial instability, cash flow issues, and a damaged reputation.

A crucial part of this equation is data security – something most businesses already have some strategy to manage. However, many companies don’t manage data security effectively or to the fullest extent, which puts them in a precarious position regarding PCI compliance. Luckily, there’s a better approach.

Think of bolstering data security as not just a defensive play but an offensive strategy that intertwines tightly with PCI compliance. By pumping resources into a solid data security infrastructure, you’re shielding your operations from cyber assaults and aligning yourself with the rigorous PCI guidelines. It yields a double victory – securing your business fort and meeting compliance requirements. But how should you go about this? Let’s get into it.

Demystifying PCI DSS Compliance

Understanding the Basics

Let’s cut through the jargon. PCI DSS is the Payment Card Industry Data Security Standard. It boils down to this: a set of rules to ensure businesses handle cardholder data safely.

Does My Company Need to Be PCI-Compliant?

If you deal with credit or debit cards – absolutely. Any company that processes, stores, or transmits credit card data must be PCI DSS compliant. From retail giants processing thousands of transactions per day to the neighborhood cafe swiping a few dozen cards, PCI DSS matters. Online stores, non-profits taking donations, even healthcare providers billing patients – they’re all in the mix. If cardholder data is floating about, PCI DSS steps in.

The Different Levels of PCI Compliance

Who’s behind PCI DSS? The major players in the credit card industry. Visa, Mastercard, Discover, American Express, and JCB teamed up to form the council.

Unraveling Compliance Levels

Here’s the deal. Visa, Mastercard, and Discover use identical criteria to determine merchant levels. So, if you’re a merchant dealing only with these three, take a shortcut (refer to Visa’s guidelines.)

But what if you’re also swiping American Express or JCB cards? Don’t worry; they’ve made the compliance process simple. If you qualify as a certain merchant level for one card brand, the same level applies across the board. It’s a one-size-fits-all approach.

Decoding the Four PCI Compliance Levels

So, let’s break down the tiers:

Level 1: These are merchants handling over 6 million card transactions annually.
Level 2: Merchants pushing through 1 to 6 million transactions yearly.
Level 3: Companies dealing with 20,000 up to 1 million transactions annually.
Level 4: Merchants processing fewer than 20,000 transactions a year.

Each level has its rules and challenges, but all are working toward the same goal – secure data handling.

What Does PCI Non-Compliance Look Like?

It’s easier than you think to break PCI compliance rules, especially if your systems aren’t designed to secure sensitive data. Even without malicious intent, these slip-ups can expose PCI and PII information to potential threats.

Familiar breach scenes often look something like this:

Visible credit card info or cardholder data sitting on desks or displayed on computer screens.
Storing credit card details on paper stashed in unlocked or insecure cabinets.
Point-of-sale systems entwined with other systems lacking robust PCI shields.
Weak defenses around customer and employee login details.
Use of outdated or unsupported software, which lacks the latest security patches and is more vulnerable to threats.
Insufficiently encrypted data during transmission over public networks.
Lack of regular network vulnerability scans and penetration tests to identify potential security gaps.
No proper disposal of old hardware or hard copies containing cardholder data.
Insufficient employee training on data security practices and PCI DSS requirements.
Not updating default system passwords and settings upon installation of new hardware or software.

So what happens if you break PCI compliance and experience a security breach? Next we’ll look at a breakdown of PCI compliance fines and penalties.

Facing the Consequences of a PCI Data Breach

A breach in PCI compliance is a costly blunder – not just in immediate fines, but also in long-term ripple effects. Here’s what a compromise of cardholder data could mean for your business:

PCI compliance fines ranging from $50 to $90 per cardholder data compromised.
Termination of business relations with your payment processors and banks.
Damaging publicity that tarnishes your company’s reputation.
Legal actions from customers whose data was compromised.
Eroded customer trust leading to potential loss of future business.

More specifically, if a security breach occurs while your company is not PCI compliant, you could face:

Fines up to $500,000 per incident, levied by the payment card brands.
Mandatory written notification to all potentially affected individuals, urging them to be vigilant for fraudulent charges – this means more costs for printing and postage.
Skyrocketing PCI DSS audit requirements.
The potential shutdown of all credit card activity across your business by your merchant bank,
Additional payroll expenses during the security recovery period,
Business interruptions due to register or store closures and the recovery process,
A dip in sales due to a tainted public image and diminished customer confidence.

The true cost of a security breach can soar well beyond the initial fine.

Post-Breach Action Plan: Navigating the Aftermath of a PCI Compliance Breach

A breach in PCI compliance is a red alert for any business. But it’s not the end of the road. There are concrete steps you can take to mitigate the impact, recover, and prevent future incidents.

Contain and Assess the Damage: The immediate priority is to stop further data loss. Identify the source of the breach and isolate affected systems.
Engage a Forensic Investigator: Enlist an expert to analyze the breach. They can determine the extent of the damage and identify any exploited vulnerabilities.
Report the Breach: Notify your bank, card brands, and the authorities as required. Honesty is crucial here – withholding information can lead to severe penalties down the line.
Notify Affected Parties: Inform customers whose data may have been compromised. Guide them on next steps, such as monitoring their accounts for fraudulent activity.
Revisit and Strengthen Security Measures: Conduct a thorough review of your current security systems and practices. Implement enhanced measures based on the forensic investigator’s findings.
Review and Update Compliance Measures: Update your PCI compliance plan, incorporating lessons learned from the breach. This could involve anything from updating software to training staff on new security protocols.
Communicate and Rebuild Trust: Open communication is essential. Update all stakeholders on the steps you’re taking to resolve the issue and prevent future breaches. Demonstrate your commitment to data security and rebuilding their trust.
Ongoing Monitoring and Auditing: Regular monitoring and audits can help you detect potential vulnerabilities early and ensure compliance with PCI DSS standards.

In the aftermath of a breach, it’s essential to learn from the incident and use it as a catalyst for strengthening your security and compliance measures. This is a journey, not a destination. Keep evolving your protocols to keep pace with the ever-changing threat landscape.

In a later section we’ll look more closely at how you can leverage the PCI compliance checklist to ensure you’re less likely to fall victim to a security breach in the future.

The State of PCI DSS Compliance Today

The next section will dive into a PCI DSS compliance checklist. But first, it’s important to understand why having a PCI DSS compliance checklist is so important. Sure, there are hefty fines for non-compliance, but there’s a bigger picture here. How many companies are failing to meet compliance standards, and why? Without understanding the context, you can’t begin to form a robust action plan that prioritizes data security while achieving PCI compliance.

In Verizon’s Investigations, 0% of breached companies were fully compliant.

This statistic highlights that compliance isn’t just about keeping PCI DSS auditors happy. Over ten years of forensic investigations, Verizon didn’t find one company that was fully compliant at the time it was breached.

80% of organizations are not compliant.

Though we’re seeing a rise in businesses taking strides toward PCI DSS compliance, it’s important to remember the starting line was set quite low. In fact, a report from Verizon reveals a staggering 80% of companies still fall short during interim assessments.

91% of attacks involving PCI data did not generate an alert.

Alarmingly, of breached companies surveyed, only 9% of attacks generated an alert. This means the vast majority of security teams were unaware of an ongoing threat to PCI data.

PCI DSS Compliance Checklist: The 12 Requirements

Okay, so let’s recap where we are so far. Non-compliance can land you in hot water, both in costly fines and also in reputational damage. It can also make it far more likely for you to fall victim to a cyber attack. But how do you ensure compliance? What precise steps should you take to safeguard your systems and keep the auditors happy? Let’s take a look at the 12 requirements.

1. Install and Maintain a Secure Network

To fulfill this requirement, companies must install robust firewalls and configure them properly. A firewall serves as a barrier between the trusted internal network and untrusted external networks, blocking or allowing data packets based on predefined security rules. It mitigates unauthorized access attempts, helping safeguard cardholder data from cyber threats. You should also regularly maintain and update firewall configurations to counter evolving threats. For example, removing unnecessary services or protocols and ensuring password and security settings align with best practices.

2. Protect Cardholder Data

Protection of cardholder data involves encrypting the data both at rest and in transit. Encryption transforms sensitive cardholder data into unreadable code, making it useless to intruders even if they gain access. For data at rest, implement strong encryption methods like AES-256. While transmitting data over open, public networks, use secure protocols such as TLS to provide confidentiality and data integrity. Regular audits are recommended to ensure that encryption mechanisms remain effective.

3. Maintain a Vulnerability Management Program

This requirement necessitates a proactive approach toward identifying, evaluating, and mitigating vulnerabilities. Companies should conduct regular vulnerability scans to identify security gaps in the system. Upon discovery, apply patches or remediation techniques to close these security holes. Ensuring your system is always updated with the latest patches and updates can prevent exploitation by malicious parties. This continual cycle of scanning, identifying, patching, and retesting is crucial to maintaining PCI DSS compliance.

4. Implement Strong Access Control Measures

This requirement focuses on implementing strict controls to ensure that only authorized individuals have access to cardholder data. It includes mechanisms such as two-factor authentication, where a user must provide two types of identification before gaining access.

Companies should build access controls around the principle of least privilege (PoLP), which means users should have the minimum levels of access they need to perform their jobs. For instance, a customer support representative might only have access to view customer details, not modify them. Regular audits should be conducted to ensure appropriate access rights are maintained and outdated permissions are promptly revoked.

Better yet, companies should take this further and implement Zero Trust. Zero Trust is a security model that operates on the principle of “never trust, always verify.” It assumes potential threats can originate both outside and within the network, thus advocating for strict access controls regardless of a user’s location.

For PCI compliance, Zero Trust can ensure that only authorized individuals access cardholder data by implementing measures like multi-factor authentication, micro-segmentation, and least privilege access. This prevents unauthorized access and helps secure the cardholder data environment against breaches. Continuous monitoring under Zero Trust can also facilitate detection and response to any anomalies or threats, further bolstering PCI compliance.

5. Regularly Monitor & Test Networks

Ensure that your security controls remain effective by actively monitoring and testing your networks. Engage in continuous logging and surveillance of all network traffic, access logs, and transaction records. Use network intrusion detection systems (IDS) and intrusion prevention systems (IPS) proactively to spot and neutralize potential threats. By conducting regular tests such as penetration tests and vulnerability scans, you can pinpoint system weaknesses before they become exploitable. Utilize tools like security information and event management (SIEM) for real-time analysis of security alerts from applications and network hardware.

6. Maintain an Information Security Policy

This policy should lay out the rules, procedures, and guidelines for managing and safeguarding cardholder data, and you must enforce it throughout your organization. Conduct regular security awareness training to ensure all staff members comprehend their compliance responsibilities. For example, the policy may stipulate the use of robust, unique passwords and their routine change. The training will ensure that all employees are aware of this policy and stick to it.

7. Restrict Physical Access to Cardholder Data

Physical access to cardholder data requires stringent controls. Establish secure environments such as locked file cabinets or secure server rooms where cardholder data is stored. Implement access control systems like keycards or biometric access points to allow only authorized personnel access. Video surveillance could enhance security by monitoring these areas. A log of physical access attempts, for example, through digital sign-in sheets, can provide an audit trail and serve as a deterrent against unauthorized access attempts.

8. Regularly Test Security Systems & Processes

Consistent testing of security systems and processes is key to maintaining a secure data environment. This includes conducting regular vulnerability scans, penetration tests, and firewall reviews. For example, run automated vulnerability scans every quarter and after any significant network change. Also, perform penetration tests annually or after any significant infrastructure upgrade to identify potential avenues for intrusion.

9. Maintain a Data Protection Program

This involves elements such as encryption, tokenization, and anonymization. For example, utilize encryption algorithms like AES-256 to render data unreadable to unauthorized individuals. Consider tokenization to replace sensitive data with non-sensitive equivalents. Additionally, anonymize data whenever possible, so even if data is compromised, it doesn’t lead back to the cardholder.

10. Monitor & Test Security Controls

Continual monitoring and testing of security controls is vital to ensure their effectiveness. Implement a combination of automated systems, such as Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) platforms. For instance, IDS can provide real-time alerts on any suspicious activity, while a SIEM platform aggregates log data from various sources to detect patterns or anomalies. Regularly evaluate the effectiveness of these controls through internal audits and external assessments.

11. Implement an Incident Response Plan

Every organization needs a solid incident response plan to tackle security breaches. The plan should detail procedures for identification, containment, eradication, recovery, and learning from security incidents. For example, it might specify that upon detection of an intrusion, the security team disconnects affected systems to contain the breach, followed by a forensics investigation to eliminate the threat. After recovery, you should perform a root-cause analysis should to learn from and prevent future incidents. Regularly test this plan through drills and update it as per lessons learned or changes in the security landscape.

Here are just some of the things that should be included in an incident response plan:

Clearly defined roles and responsibilities for incident response team members
Contact information for key stakeholders, including internal team members, external vendors, and relevant authorities
Escalation procedures for notifying senior management and executives about the incident
Procedures for assessing the severity and impact of the incident
Steps for containing and mitigating the incident to prevent further damage
Protocols for documenting and collecting evidence related to the incident
Communication plans for both internal and external stakeholders, including customers, partners, and the media
Procedures for coordinating with external entities such as law enforcement or regulatory agencies if necessary
Strategies for restoring affected systems, data, and services to normal operations
Guidelines for conducting post-incident reviews and analysis to identify lessons learned and areas for improvement

12. Regularly Review & Update Security Policies

A proactive approach to security requires regular reviews and updates of security policies. This ensures alignment with emerging threats, technological advancements, and changes in business operations. For example, as you adopt new cloud services, you should update the security policy to include protocols for data protection in the cloud.

Quarterly reviews of policies could be ideal, but also consider ad-hoc reviews in response to significant changes in the IT environment or after a security incident. Make these updates a collaborative effort involving stakeholders from across the organization to ensure practical and comprehensive policy creation.

What’s the Verdict?

In conclusion, navigating the ever-changing landscape of data security and PCI compliance is not just a business obligation, but a cornerstone of sustainable enterprise in today’s digital age. Failure to adhere to PCI DSS standards exposes businesses not only to potentially crippling fines but also to the devastating fallout of a data breach—both financial and reputational.

The proactive implementation of stringent security controls serves a twofold purpose: safeguarding sensitive customer data and preventing costly non-compliance penalties. This approach underlines the undeniable interconnectedness between data security and compliance, reinforcing that they are not independent efforts but interconnected facets of a robust business model.

Remember, when we talk about PCI compliance, we are not speaking in abstract terms. Non-compliance comes with concrete, tangible consequences. Fines can range from $5,000 to $100,000 per month, a burden that can quickly cripple even successful businesses. Moreover, a data breach resulting from lax security measures can exponentially multiply this financial damage, not to mention the loss of customer trust and damage to your brand’s reputation.

In the end, a rigorous commitment to PCI compliance is a testament to your business’s integrity. It signals to customers that you value their trust, prioritizing the security of their data over potential cost-saving shortcuts. This commitment to robust data security isn’t merely a protective measure; it’s a business advantage that fosters trust, loyalty, and long-term customer relationships.

Data security is an investment, not an expense. The cost of non-compliance and the potential fallout from data breaches are far higher than the cost of implementing comprehensive, robust security controls. As such, continuous investment in and dedication to PCI compliance and data security isn’t just good business practice; it’s a crucial factor in business survival and success in the 21st century.

About Version 2 Digital

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

DNS Poisoning: Understanding the Threat and Securing Your Online Experience

In the world of the Internet, the Domain Name System (DNS) plays a vital role in translating human-readable website addresses into computer-readable IP addresses. It acts as a directory that helps users navigate the vast online landscape. However, the DNS is not immune to security threats, and one such threat is DNS poisoning. In this blog post, we will delve into the intricacies of DNS poisoning, its potential dangers to internet users, and how SafeDNS can protect your online activities. Let’s explore this topic further.

What is DNS Poisoning?

DNS poisoning, also known as DNS cache poisoning or DNS spoofing, is a cyber attack that manipulates the DNS resolution process to redirect users to malicious websites or intercept their network traffic. This attack targets the DNS cache, where previously resolved domain names and their corresponding IP addresses are stored. By injecting false information into the DNS cache, attackers can trick users and redirect online traffic from them to malicious websites without their knowledge or consent.

Attackers can poison DNS caches by impersonating DNS name servers, making a request to a DNS resolver and then spoofing the response when the DNS resolver queries a name server. This is possible because DNS servers use UDP (User Datagram Protocol) instead of TCP and because there is currently no verification of DNS information.

The Mechanics of DNS Poisoning

DNS poisoning typically occurs in two forms: client-side and server-side attacks. In a client-side DNS poisoning attack, malware infects the user’s device and modifies its DNS settings to redirect DNS requests to malicious servers. On the other hand, server-side attacks exploit vulnerabilities in DNS servers, allowing attackers to inject false DNS records directly into the server’s cache. This enables them to redirect traffic across multiple devices connected to the compromised server.

The Dangers of DNS Poisoning

DNS poisoning can have severe consequences for both individuals and organizations. Here are a few notable dangers:

Leakage of Sensitive Data: Phishing attacks can lead to the leakage of sensitive data. Attackers may attempt to trick users into revealing confidential information such as bank card details, login credentials, or personal information. By impersonating legitimate websites or services, phishing attacks can result in the inadvertent disclosure of sensitive data to malicious actors.
Malware Distribution: DNS poisoning can be employed to redirect users to websites that host malware, resulting in unintended downloads and installations of malicious software.
Unauthorized Data Access: Man-in-the-Middle attacks pose the risk of unauthorized access to personal data or the interception of sensitive information. In such attacks, malicious actors can intercept network traffic and manipulate or steal data by altering packets. This can lead to the exposure of personal information, financial data, or the reception of misleading and untrustworthy information.
Brand Reputation Damage: Organizations may face reputational damage if their customers unknowingly access malicious websites that imitate their legitimate platforms, leading to compromised data or financial losses.

Detecting and Mitigating DNS Poisoning Attacks

Detecting and mitigating DNS spoofing attacks is crucial to ensuring online security. While there are various security solutions available, it is essential to understand the techniques and best practices that can help identify and counter DNS poisoning attacks. Here are some effective strategies:

DNSSEC Implementation: DNS Security Extensions (DNSSEC) is a security protocol that adds an extra layer of authentication to DNS responses. By digitally signing DNS records, DNSSEC prevents attackers from injecting false information into the DNS cache and helps validate the authenticity of DNS responses.
Regular DNS Monitoring: Organizations should proactively monitor their DNS infrastructure for any signs of poisoning attacks. This involves analyzing DNS traffic patterns, monitoring DNS cache contents, and utilizing intrusion detection systems (IDS) or security information and event management (SIEM) solutions to identify suspicious activities.
DNS Firewall Protection: Deploying a DNS firewall can help block malicious DNS requests and prevent DNS poisoning of caches. DNS firewalls use threat intelligence, reputation-based filtering, and behavioral analysis to identify and block DNS requests associated with known malicious domains or suspicious behavior.
Encrypted DNS (DoT/DoH): Encrypted DNS protocols such as DNS over TLS (DoT) and DNS over HTTPS (DoH) provide an additional layer of security by encrypting DNS traffic between clients and DNS resolvers. This prevents attackers from eavesdropping on or tampering with DNS requests and responses.
Regular Security Audits: Conducting regular security audits of DNS infrastructure helps identify vulnerabilities and ensure proper configuration. This includes reviewing DNS server settings, access controls, and applying necessary patches and updates to mitigate potential security risks.

By implementing these strategies and staying vigilant, organizations can significantly reduce the risk of DNS poisoning attacks and protect their online presence and sensitive information.

Safeguarding DNS Infrastructure with Secure Practices

In addition to specific techniques for detecting and mitigating DNS poisoning attacks, there are general best practices to safeguard DNS infrastructure. Consider the following security protocols.

Implement Access Controls: Restrict access to DNS servers by allowing only authorized personnel to make changes to DNS configurations. Enforce strong authentication measures, including two-factor authentication (2FA) or multi-factor authentication (MFA).
Regularly Patch and Update: Keep DNS servers and associated software up to date with the latest security patches and updates. Promptly address any known vulnerabilities to minimize the risk of exploitation.
Employ Network Segmentation: Separate DNS servers from other critical infrastructure by implementing network segmentation. This prevents unauthorized access or lateral movement in case of a security breach.
Backup and Recovery: Regularly backup DNS configurations and zone files. In the event of a DNS cache poisoning attack, having recent backups ensures quick recovery and reduces the impact on DNS services.
Continuous Staff Training: Provide ongoing training to IT staff and employees to educate them about DNS poisoning attacks, phishing techniques, and general cybersecurity practices. Encourage reporting of suspicious activities to facilitate early detection and response. Consider SafeDNS cybersecurity awareness training to equip employees with the knowledge and skills needed to identify and respond to potential security risks.

Conclusion

DNS poisoning attacks pose a significant threat to online security, but with the right strategies and practices in place, organizations can detect and mitigate these attacks effectively. By implementing DNSSEC, monitoring DNS traffic, utilizing DNS firewalls, and practicing secure DNS infrastructure management, organizations can safeguard their online presence and protect sensitive information. Employing these techniques, along with regular security audits and staff training, will contribute to a robust defense against DNS poisoning attacks.

About Version 2 Digital

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

safedns 2023

How To Implement Zero Trust for State & Local Governments

In the digital age, cyber threats loom larger than ever. State and local governments are not immune, often targeted due to their troves of sensitive data and critical infrastructure. Recent incidents, such as the ransomware attack on Oakland, California’s government systems, and the cyber intrusion in Curry County, Oregon, are stark reminders of this emerging reality. Add to this a litany of attacks on other US state and federal agencies, and it becomes clear: cybersecurity is not a luxury but an absolute necessity.

Cyber threats are no longer isolated incidents; they are constant and evolving, probing for weaknesses in our security architecture. As the saying goes, it’s not a matter of if a cyber attack will occur but when. Against this backdrop, a new security approach has emerged from the smoke of the digital battlefield known as Zero Trust.

With its mantra of “Never trust, always verify,” Zero Trust operates under the assumption that threats can come from anywhere — both outside and within an organization’s network. In contrast to traditional security models, which heavily invest in establishing a secure perimeter, Zero Trust focuses on securing data and services directly. Achieving Zero Trust isn’t just a step forward; it’s a leap toward a secure future where data breaches and system compromises are reduced to a minimum.

Today, we will guide you through both understanding and how to implement zero trust in state and local governments. Whether you’re a government executive, a cybersecurity officer, or a concerned citizen, understanding Zero Trust is the first step in fortifying our government’s digital infrastructure against the burgeoning tide of cyber threats. So, let’s dig in and explore how we can turn these principles into practice.

Understanding Zero Trust

Definition and Principles of Zero Trust

Zero Trust is a security model pivoting on the belief that no user or device, inside or outside the network, should be trusted by default. This concept dismantles the outdated idea of a secure perimeter, replacing it with robust mechanisms to secure data and services directly.

Zero Trust is built upon a set of key principles:

It treats all resources as external and available over the untrusted network. This means that the traditional distinction between internal and external networks evaporates.
Zero Trust identifies and verifies every user and device trying to access resources on the network, regardless of their location or role.
It operates on a least-privilege strategy, ensuring that every user, device, or application has only the bare minimum permissions necessary to perform their functions.

Key Components of Zero Trust Architecture

For a state or local government to implement Zero Trust, they need to focus on five core components:

Identity Verification: With Zero Trust, every user is a potential threat, so their identities must be consistently verified. This can be accomplished using multi-factor authentication (MFA), biometrics, or smart cards.
Device Authentication: Similar to user authentication, all devices attempting to access the network must also be authenticated. This ensures that only devices compliant with security standards are granted access.
Micro-segmentation: This involves dividing the network into small, isolated segments to limit the lateral movement of potential threats. Micro-segmentation reduces the risk of a system-wide breach, confining any damage to isolated pockets of the network.
Least-Privilege Access: Zero Trust calls for limiting user and device permissions to the absolute minimum required to fulfill their roles. This restricts the amount of damage an attacker could inflict if they were to compromise a user or device. network access controls play a critical role here.
Continuous Monitoring and Analytics: Even after verification and authorization, Zero Trust assumes the possibility of threats. Hence, continuous network traffic monitoring and real-time analytics are crucial for detecting and mitigating potential breaches.

Remember, the journey to a Zero Trust architecture is an evolution, not a one-off project. Start small, define your security parameters and network access controls, and gradually extend them across your organization. This framework not only fortifies your government’s digital infrastructure but also ensures the safety and privacy of the citizens you serve.

Benefits of Zero Trust for State and Local Governments

Implementing a Zero Trust security model can offer a multitude of benefits for state and local governments. Here are some of the most impactful advantages:

Enhanced Data Security: By verifying every user and device, zero trust reduces the risk of data breaches. By assigning minimum permissions, even if an attacker compromises a user or device, they have limited access.
Improved Visibility: Zero Trust provides a holistic view of the entire digital ecosystem, enabling IT departments to monitor and manage all activities within their network more effectively.
Mitigation of Insider Threats: Zero Trust assumes threats can originate from anywhere, including inside the network. By adopting this model, governments can proactively detect and handle potential insider threats. And remember, insider threats aren’t always about a disgruntled employee going rogue – sometimes, it’s well-meaning employees acting irresponsibly or carelessly.
Flexibility and Scalability: Zero Trust is adaptable to changing network environments, making it ideal for government entities that need to scale up or adapt their security in line with evolving digital transformation strategies.
Reduced Attack Surface: Through micro-segmentation, Zero Trust limits the damage of a potential breach to confined network segments, reducing the overall attack surface.
Compliance Assurance: Zero Trust can help governments comply with stringent data protection regulations and standards, such as GDPR, HIPAA, and NIST.
Improved User Experience: With identity and access management central to Zero Trust, users enjoy secure access to the resources they need from any device or location, improving overall productivity and satisfaction.
Cost Efficiency: By preventing data breaches and minimizing damage, Zero Trust could save state and local governments a significant amount in remediation costs.

Assessing the State of State & Local Government Cybersecurity

While cybersecurity should be a priority for all organizations, it’s especially critical for state and local governments due to their handling of lucrative data.

Recent Cyber Attacks on State and Local Governments

State and local governments have become prime targets for cyber attacks, jeopardizing critical infrastructure, sensitive data, and public trust. In recent years, several high-profile incidents have highlighted the urgent need for robust cybersecurity measures. Examining these attacks sheds light on the devastating consequences and underscores the importance of implementing effective security strategies.

Curry County, Oregon Ransomware Attack

In a chilling demonstration of the vulnerability of state and local governments, Curry County, Oregon fell victim to a ransomware attack in April 2023. Bad actors infiltrated the county’s network and encrypted critical systems, effectively rendering them inaccessible. While the county still had control over 911 dispatch calls and the local election, the attack impacted every other part of government operations^[1].

Oakland, California Cyber Attack

On April 27th, the city of Oakland announced that it had been hit with a ransomware attack. The attack affected the city’s email systems, phone lines, and some of its websites. It did not affect the city’s emergency services, but it caused significant disruptions to non-emergency services.

Although the ransom demand was not disclosed, the city stated it would not pay it. Instead, they worked with law enforcement and cybersecurity experts to investigate the attack and restore their systems. The city also urged residents to be cautious of potential scams and phishing attempts that might arise as a result of the attack.

Atlanta, Georgia Cyber Attack

In March 2018, the city of Atlanta, Georgia, fell victim to a massive cyber attack that crippled its operations for weeks. The attackers employed ransomware, infecting numerous systems and encrypting critical data, including police and court records. The incident led to widespread service disruptions, financial losses, and a severe blow to the city’s reputation.

Baltimore, Maryland Ransomware Attack

In May 2019, Baltimore, Maryland, suffered a devastating ransomware attack that targeted the city’s government systems. The attackers exploited a vulnerability in the city’s network and encrypted crucial data, paralyzing many municipal services. The incident had severe repercussions, causing substantial financial losses, service disruptions, and compromising sensitive citizen information.

These attacks are stark reminders of the significant threats facing state and local governments in the digital age. The ramifications extend beyond financial losses and operational disruptions, impacting public safety, critical services, and citizen trust.

Vulnerabilities and Challenges Faced by State and Local Governments

Outdated Systems: Many government agencies rely on legacy systems no longer supported by vendors, exposing them to unpatched security flaws. For instance, the 2017 WannaCry ransomware attack exploited a weakness in older Windows systems that many organizations still use.
Insider Threats: Whether it’s intentional malicious activity or unintentional mistakes, insider threats pose a significant challenge. Employees or contractors with access to sensitive data can be exploited by cybercriminals or could unknowingly cause a data breach.
Lack of Cybersecurity Awareness: Many breaches occur due to employees clicking on malicious links or falling victim to phishing attacks. Without proper cybersecurity education and training, employees remain an easy target for attackers.
Resource Constraints: Often, government entities struggle with budget limitations and a lack of specialized personnel, making it challenging to maintain an up-to-date, robust cybersecurity infrastructure.
Interconnected Systems: Government entities often need to interact with various other systems, such as federal databases or those of other municipalities. These interconnections can create security vulnerabilities if not properly managed and protected.
Physical Security Breaches: Physical breaches, such as unauthorized access to data centers or theft of devices, can lead to significant security risks. These risks are exacerbated if the stolen devices contain unencrypted data or have logged-in sessions to critical systems.
Supply Chain Attacks: Cybercriminals can compromise a government’s supply chain, infecting software or hardware before it even reaches the government network. The 2020 SolarWinds attack is a prime example, where sophisticated attackers compromised the software update process to infiltrate numerous organizations.
Emerging Technologies: Adopting emerging technologies like IoT, AI, and 5G brings new vulnerabilities. For instance, insecure IoT devices can provide an easy entry point for attackers into the network.

The Need for Enhanced Cybersecurity Measures

In light of these vulnerabilities, there’s a pressing need for state and local governments to upgrade their cybersecurity measures. Traditional perimeter-based security models are no longer enough. Given the evolving threat landscape, a proactive approach is required, and that’s where Zero Trust comes into play.

Zero Trust provides an enhanced security framework that addresses many of these vulnerabilities. It bolsters defenses against both external and insider threats, limits the potential damage from a breach through micro-segmentation, and adapts to the changing needs of the organization. Combining robust identity verification, least-privilege access, and continuous monitoring is a significant step toward a more secure future for state and local governments.

While implementing Zero Trust can be complex, its benefits far outweigh the investment. In the fight against cybercrime, state, and local governments can’t afford to be left behind.

The State and Local Government Cybersecurity Act of 2021: A Comprehensive Overview

The State and Local Government Cybersecurity Act of 2021 is a landmark piece of legislation aimed at bolstering cybersecurity defenses across state and local government entities.

What is it?

This groundbreaking act represents a commitment to address cyber threats head-on. It establishes a framework for federal agencies like the Department of Homeland Security (DHS) to collaborate with state and local governments, providing vital resources, guidance, and information sharing. The act seeks to boost cybersecurity resilience through improved education, technical tools, and enhanced defensive measures.

What Impact Will It Have?

The potential impact of this act is vast and multifaceted. It provides critical resources to governments that often struggle with budget constraints and outdated systems, enabling them to upgrade their cybersecurity infrastructure. By fostering greater cooperation and information sharing between federal and local entities, the act allows for more coordinated responses to cyber threats. Moreover, the focus on education and training resources will help build a more cyber-literate workforce, mitigating the risk of breaches caused by human error.

How Does it Align With Zero Trust?

The act’s emphasis on collaboration, information sharing, and upgrading cybersecurity infrastructure lays the foundation for implementing a Zero Trust model. The increased resources provided by the act can assist governments in adopting crucial elements of Zero Trust, such as multi-factor authentication, micro-segmentation, and continuous monitoring.

In essence, this legislation represents an important step in reimagining our approach to cybersecurity, moving from static defenses to a dynamic and proactive strategy.

How to Implement Zero Trust

Step 1: Assemble a Focused Zero-Trust Task Force

The journey toward Zero Trust requires focused attention and dedicated resources. Instead of making the “transition to Zero Trust” an afterthought or a secondary task for your IT department, form a specialized team responsible for strategizing and executing the Zero Trust transformation. You can also engage a third-party company to act as this Zero Trust Task Force if you lack the in-house talent (many state and federal agencies do due to the cybersecurity skills shortage).

This task force should comprise experts from key areas that align closely with the foundational pillars of Zero Trust:

Application and Data Security: Individuals from these teams understand where critical data resides and how it’s accessed, making them essential for defining and protecting your sensitive data assets.
Network and Infrastructure Security: These team members can leverage their understanding of your network’s architecture to facilitate micro-segmentation and prevent lateral movement of threats within your network.
User and Device Security: Representatives from this area ensure all users and devices are adequately authenticated and have appropriate levels of access, crucial components of the “never trust, always verify” principle.

In addition to these core areas, your Zero Trust task force should also include representatives from security operations, particularly those from the security operations center, and risk management. Their collective insight will be instrumental in monitoring the Zero Trust environment, identifying potential threats, and assessing the effectiveness of the implemented measures.

Remember, implementing Zero Trust isn’t a side project—it’s a significant shift in your security posture that demands dedicated resources and expertise. By assembling a focused task force, you can ensure your move toward Zero Trust is strategically planned, effectively implemented, and continuously monitored.

Step 2: Define the Attack Surface

The next step in implementing a Zero Trust model within state and local governments involves defining the attack surface. This process uncovers the landscape that needs defending from cyber threats. Let’s break it down into four key areas:

Sensitive Data: Identify where sensitive data resides across your digital infrastructure. This could include databases containing personally identifiable information (PII), financial details, healthcare records, or law enforcement data. It’s crucial to pinpoint all storage and transit paths of this data to protect it from potential breaches.
Critical Applications: Your organization’s mission-critical applications—like those used for public services, financial management, or law enforcement activities—are lucrative targets for attackers. It’s essential to know where these applications are hosted, how they interact with other systems, and who has access to them. Rigorous access control and monitoring are key to securing these applications.
Physical Assets: While focusing on the digital sphere, don’t neglect your physical assets. These include data centers, networking equipment, servers, and even individual workstations and mobile devices. An unauthorized individual gaining physical access to these assets could bypass many digital security measures. Zero Trust mandates verification at every layer, including physical access.
Corporate Services: Often, common corporate services, like email systems or intranets, can be an entry point for cyber threats. Any service that requires user authentication and interacts with your network can be exploited. Applying Zero Trust principles to these services means consistently verifying users, even if they are on your internal network.

Step 3: Evaluating the Security Landscape

A clear understanding of your existing security framework simplifies the implementation of a Zero Trust approach. As you assess your environment, consider the following points:

Locate the Security Controls: Identify where your security controls are distributed across your infrastructure. In the network sphere, these controls could be firewalls, web application gateways, and similar systems. From user/identity perspectives, controls might involve endpoint security systems like Endpoint Detection and Response (EDR), or Extended Detection and Response (XDR), and Identity Access Management (IAM). In applications and data, controls might be container security, Data Loss Prevention (DLP), microservices authorization, and others.
Assess the Effectiveness of Controls: Evaluate whether these controls provide dynamic, granular, end-to-end trust frameworks independent of outdated classifications. Traditional tools like firewalls often aren’t as granular, dynamic, or comprehensive, and rely on outdated categorizations like “outside = bad” and “inside = good.”
Identify Knowledge Gaps: Determine what you don’t know. Achieving granular access to data is impossible without understanding its security classification. Unclassified data signals a knowledge gap that needs attention when moving toward a Zero Trust model.

Step 4: Exploring Available Technology

While conducting your assessment or immediately after, it’s important to explore and understand the burgeoning technologies available to support your Zero Trust initiative. The landscape of cybersecurity tools and solutions is rapidly evolving, and several of these advancements can play a pivotal role in bolstering your Zero Trust architecture.

Next-generation networking equipment, for instance, offers a host of advanced capabilities that can be integral to your Zero Trust journey:

Microsegmentation: This technique divides your network into multiple isolated segments or zones, each with its own set of access controls. This way, if one segment is compromised, the impact is limited, and the threat is less likely to spread to other areas of your network.
Virtual Routing: This method allows you to control the traffic flow on your network, routing data packets based on predefined rules and conditions. This granular control over network traffic further enhances security and allows for more precise implementation of access policies.
Stateful Session Management: This technology keeps track of all active connections in your network, providing real-time visibility and control. If a session exhibits suspicious behavior, it can be immediately terminated, limiting potential damage.

Identity Access Management (IAM) solutions are also becoming more refined, providing dynamic and granular control over who has access to what. Capabilities like risk-based authentication, contextual access policies, and real-time access management can help ensure that every user’s access rights align with their role and current context.

By leveraging these cutting-edge technologies, you can add a layer of sophistication to your Zero Trust strategy, making your government network more secure, responsive, and agile.

Step 5: Implementing the Principle of Least Privilege (PoLP)

Simply put, this principle restricts user and system access rights to the bare minimum necessary to complete a specific task. In other words, it’s about giving just enough access to get the job done and nothing more. This approach significantly reduces the attack surface and limits the potential damage from security breaches.

For human users, this may involve:

Consider a local government clerk who needs access to citizen records to process a public service request. Their permissions should be precisely defined only to allow viewing of necessary documents. They should not be able to modify, delete, or access unrelated records. By applying PoLP, even if their credentials are compromised, the potential damage is significantly limited.
A system administrator might require wide-ranging access to perform their duties. Still, this should be tightly controlled with high-level monitoring and the use of temporarily elevated access privileges when necessary to avoid persistent high-level access that malicious actors could exploit.

For non-human resources such as applications, systems, devices, and processes, PoLP takes a similar approach:

An email server, for example, might need to read and deliver incoming messages but does not need permission to delete databases or modify other servers. By restricting the server’s privileges, you can minimize potential damage if a cybercriminal exploits it.
A payment processing application may need access to sensitive financial data. Still, it should be limited to interacting only with the necessary databases and kept separate from unrelated systems to prevent unauthorized access or lateral movement in case of a breach.

Implementing the Principle of Least Privilege is not just a one-time action but a continuous process. It requires regular audits and adjustments to ensure that access permissions remain aligned with job requirements and organizational changes.

Step 6: Strengthening Network Access Control

Taking it a step further, we have comprehensive Network Access Control (NAC). A central aspect of implementing Zero Trust lies in fortifying your network access controls. NAC is a security solution that dictates who or what can access your network and to what extent. It verifies the security status and user credentials of every device trying to connect to your network, effectively enforcing the “never trust, always verify” principle of Zero Trust at the network level.

When implemented correctly, NAC can prevent unauthorized access, contain potential threats, and maintain the overall integrity of your network.

Let’s take a broad view of the kinds of technologies that underpin Network Access Control (NAC) solutions:

Authentication Servers: These systems verify the identity of users or devices trying to access the network. They often integrate with existing identity solutions, like Active Directory or LDAP, to validate credentials and enforce authentication policies.
Policy Servers: These systems make decisions about access based on predefined rules. They consider factors like the user’s role, the device type, and the network location to determine the level of access granted.
Enforcement Points: These are network devices like routers, switches, or firewalls that carry out the decisions of the policy server. They can block access, redirect traffic, or apply certain restrictions based on the policies defined.
Endpoint Assessment Technology: These tools inspect devices before they connect to the network to ensure they meet your organization’s security standards. They can check for updated antivirus software, specific security configurations, or the absence of prohibited software.
Network Security Platforms: These comprehensive solutions often combine several of the above elements into a single package. They can provide capabilities like intrusion prevention, web filtering, and threat intelligence, all of which help enhance the overall security posture of your network.

Step 7: Creating a Zero Trust Policy

Once you’ve laid the groundwork by architecting your network, the next critical step in your Zero Trust journey is to design your Zero Trust policies. These policies serve as the guiding principles for access decisions, defining who can access what, under what circumstances, and how such access is granted.

To do this effectively, you can leverage a time-tested approach known as the Kipling Method. Rooted in the six fundamental questions – who, what, when, where, why, and how – this method provides a comprehensive framework for access decisions.

Who: Identify the individual or system attempting to gain access. This could be a government employee, an automated process, or an external contractor. Identity verification is crucial to ensure that the entity seeking access is legitimate.
What: Determine the resources or data the user or system is attempting to access. For example, a tax department officer may require access to a citizen’s income details but should not have access to unrelated health records.
When: Set policies regarding when access is granted. This could involve time-bound access privileges. For instance, access to certain sensitive systems might only be given during regular business hours unless there is an emergency.
Where: Consider the location from which the request is being made. A login attempt from an unfamiliar location may require additional security checks.
Why: Understand the purpose behind the access request. For example, an IT personnel performing routine maintenance would have a valid reason to access server data. On the other hand, the same request from an admin employee might be unusual.
How: Examine the method by which the user or system attempts to access the network. This includes the type of device being used and the security posture of that device.

By systematically answering these questions for every user, device, and network attempting to gain access, you can create robust Zero Trust policies that provide granular, context-aware access control.

Final Thoughts

With the escalating cybersecurity threats and evolving attack strategies, Zero Trust is our most potent defense. From defining the attack surface to formulating robust policies and leveraging advanced technologies, each step strengthens our digital fortresses. It’s an ongoing journey that demands commitment, agility, and precision. As we move forward in the Zero Trust journey, we’re not just fortifying our networks but safeguarding the foundations of our democratic institutions.

About Version 2 Digital

Portnox 2023 Network

Server monitoring and inventory management: API in action

Integria IMS has a history that goes back several years. It was developed by Pandora FMS, the famous software company based in Spain. Today, Integria IMS has become one of the most powerful tools with extensive global experience in monitoring servers, applications and networks.

External API and automation with Pandora FMS

Both products are standalone; however, Integria IMS can be integrated into Pandora FMS, allowing you to leverage their combined power.

Application Programming Interface

This technology, better known by the acronym API, is the one that enables communication between Integria IMS and Pandora FMS, and even third-party applications.

This is achieved by using user credentials, both to perform data queries and to perform task creation and writing actions, such as incidents.

Since security is a fundamental aspect, the API has two additional measures to prevent brute-force attacks, that is, repetitive attempts to guess usernames and passwords. The first step requires you to set a specific password in order to use the API.

The second and most important measure is the possibility of establishing a list of IP addresses authorized to use the API. That way, any request that comes from outside this list will be immediately discarded.

Decreasing repetitive tasks

The main advantage of using the API in both systems is the automation of routine tasks that must be performed dozens or even thousands of times. This allows hired staff to focus on really important tasks, such as providing custom responses to customers or planning new processes to close tickets and collect them later, classifying them appropriately.

Deadline compliance

Another important advantage is the ability to schedule automatic actions for certain dates, even at the most favorable times. For example, you can schedule instructions to be sent to the API during lower workload hours, such as early mornings. This allows you to take advantage of the optimal moments to execute tasks without manual intervention.

According to results, additional actions

Since the API can return messages of success or failure in the “conversation” in formats such as XML or CSV, it is possible to execute additional conditional instructions after receiving a response. This enhances operations and provides the feeling of having more staff constantly and relentlessly available to perform their tasks.

In aspects such as hardware and software inventory management and control, it is really necessary to use an API, since the huge number of items involved makes it almost impossible to perform it manually.

Reporting

Another aspect that benefits from the use of APIs is the creation and forwarding of periodic reports. By providing real-time information at any time, it is ensured that the reports generated reflect the most up-to-date situation.

New Options

Integria IMS API is open to develop new features quickly since it was built with the flexibility of Pandora FMS in mind.

Conclusions

Integrating Integria IMS and Pandora FMS through an external API has revolutionized server, application and network monitoring. This technology enables efficient and safe communication, with additional security measures to prevent brute force attacks.

Automating routine tasks and scheduling automatic actions at optimal times has freed staff from repetitive tasks, allowing them to focus on more important tasks and provide personalized responses to customers.

In addition, the API provides the ability to execute additional conditional actions and obtain real-time information to generate updated reports.

Hardware and software inventory management is greatly simplified thanks to the API, overcoming the limitations of a manual approach.

And finally, the Integria IMS API remains open to new features, allowing agile and flexible development to adapt to the constantly evolving needs of Pandora FMS.

Dimas Pardo

Dimas P.L., de la lejana y exótica Vega Baja, CasiMurcia, periodista, redactor, taumaturgo del contenido y campeón de espantar palomas en los parques. Actualmente resido en Madrid donde trabajo como paladín de la comunicación en Pandora FMS y periodista freelance cultural en cualquier medio que se ofrezca. También me vuelvo loco escribiendo y recitando por los círculos poéticos más profundos y oscuros de la ciudad.

Dimas P.L., from the distant and exotic Vega Baja, CasiMurcia, journalist, editor, thaumaturgist of content and champion of scaring pigeons in parks. I currently live in Madrid where I work as a communication champion in Pandora FMS and as a freelance cultural journalist in any media offered. I also go crazy writing and reciting in the deepest and darkest poetic circles of the city.

About Version 2 Digital

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Pandorafms 2023