Category : Security

Software Defined Networking – 5 best practices

software-defined-networking_sdn

Software Defined Networking, (SDN) provides cost-effective, easily adaptable management of network control and forwarding functions. In simple terms, SDN is the physical separation of the network control plane from the forwarding plane, where a control plane controls multiple devices. Software Defined Networking is an emerging technology and therefore lacks long term examples to be used as a guideline for success. Greg Stemberger, Principal Solutions Architect, has laid out what he has seen in his experience with SDN, creating a five step process for best practices of implementation.

The first step, as it most often it with any new technology employment it to define usage. Bringing in a new technology for your company is only helpful if the technology fits the needs of your organization. Determine the problems your company is facing and proceed to evaluate whether the desired technology will be able to handle and alleviate such problems accordingly. No one technology will be able to solve all your problems. Identify specific problems you believe SDN can fix, specifically just one problem at a time. As Stemberger suggests, “A single use case with tangible, positive results, offers more reliable, measurable outcomes than implementing SDN across your entire network.”

It is crucial to assemble a cross functional team with SDN. Utilizing SDN in the correct manner means having a skilled team with a united approach. A team of well versed members is the best way to manage SDN. You need people who can combine skill sets to work together. Increasing efficiency lets you IT staff spend more of their time on you IT infrastructure rather than operational overhead. Get everyone on the same page, toward a universal goal.

Remember to test in a less critical network area. This is common sense for most. Find a less critical network that you can play with first before moving to your network. This way you avoid uprooting your entire network and facing the wrath of angry coworkers. A small-scale SDN test allows the flexibility to learn and make mistakes.

After testing for a while, make sure to go over the data you gather and review your test case. Did it solve your current problem? Is it a wise investment to expand SDN to the entire network? Do you have the infrastructure ready on both a personnel and technical level?

As a gentle reminder that it’s okay to stay on the cautious side, it is suggested that you gain maturity before expanding deployment.  Rather than diving head first, proceed slowly and make the implementation gradual. Even if the SDN went better than expected in one area of the network, this is not a gurantee that the entire network will function at the same caliber. How will SDN performance change across higher trafficked areas of the network?

These steps are meant to evaluate risks, gain perspective and ensure efficiency. In order to get the most out of Software Defined Networking, it’s best to get all your ducks in a row.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: 5 steps to launching Software Defined Networking

ATM’s – The Next Target For Hackers

Use of outdated operating systems like Windows XP and lack of security means it’s still possible to crack ATM security, warn researchers.

As one of the millions of people who frequent their banks ATM at least once a week, the last thing on my mind is usually the security of the operating system. But when you think about the foundation of the machine taking your card and spitting back cash, you’ll realize this machine is just a PC running on old software. Easily susceptible to malware. Not comforting.

There was a 15 percent jump in ATM fraud activity between 2014 and 2015 and researchers believe statistics will only increase. Within this time cyber criminals were able to get their hands on more than $150 million. Researchers credit security vulnerabilities to the use of outdated platforms that no longer receive patches and fixes such as Windows XP.

“If we think of a modern ATM as a MS Windows PC with a money box attached to it that’s controlled through software, it is easy to see how it becomes an attractive target for any malware writer,” Sancho and Huq said.

Trend Micro and Europol’s European Cybercrime Center (EC3) discovered two main malware threats that either provide hackers with the card details of the user, or give the hacker privileges to dispensed cash. Most worrisome is the lack of extreme measures hackers have to employ in order to infect ATMS. Simply put all hackers have to do is install malware onto the machines via a USB or the CD- drive.

At the moment, malware ATM fraud has only been reported in international cases, Eastern Europe and South America. Despite little activity in the United States, authorities are aware of increasing malware ATM concerns and are monitoring cyber criminal forums for activity.1447059385670243


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: A Windows PC with a money box attached: Why hacking ATMs is big business for criminals

Who’s in Charge of Your Cybersecurity?

 

The first step in successful cyber-security is getting every employee on board. It is pretty obvious that some hardware goes into creating a security shield around important data. As an Information Technology company ourselves, we already know the value Firewall, and anti virus software have on making your network more secure. However, in order to adopt a more proactive protection policy, the groundwork needs to be laid, starting with company culture and communication. It is increasingly important to enforce awareness and education in order to save a lot of headache later down the line.

The CEO of the company needs to take interest in cyber-security before any of the employees can get on board. Simple risk analysis is a great start. Buying products online is not sufficient. A knowledgeable IT professional should be on hand. You need someone who is going to leverage the right equipment as well as set security measures that fit your establishment.

“The cyber threat cannot be solved by buying products” says Tim Holman, president of the Information Systems Security Association in the UK. Holman has the right idea, if your company is not equipped with the right skills to manage these products they are basically junk. It is important to attack cyber-security the way a hacker does. Common sense leads us to find that reducing the amount of sensitive data stored will always be a great measure. Restricting access to information and getting cyber liability cover is another way to lessen the probability of attack.

As information continues to flow in and out of your business remember that with any exchange over the internet comes a great deal of risk. Ensure your company professionals understand how to practice good security efforts. Never open an attachment that is unfamiliar, back up data in two separate places, and utilize solid Firewall and anti-virus software. Keep all platforms up to date with the latest patches and security fixes. Top to bottom, cyber-security is the responsibility of all.bva_withninja_teal-centered

 


 

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: The CISO, the CIO, the CEO, or you: Who is really responsible for cybersecurity?

The Newest Security Trend – Rewarding Hackers

hacker-malware

There is always that one superhero willing to play nice with the villain. In the world of tech hackers, HackerOne is that superhero. HackerOne acknowledges that modern security is hacker-powered. They have created a platform for vulnerability coordination and bug bounty. In other words, HackerOne works with hackers to find security holes in your company, because to be honest, who better to trust than the villain himself!

HackerOne facilitates communication between hackers and companies. If a hacker does find a bug, HackerOne works as the middleman ensuring the company pays the hacker for the discovery, charging 20 percent commission of the hacker’s pay out. Companies such as Uber, Dropbox, Square, Snapchat, Airbnb, Vimeo, have all joined the HackerOne movement.

Bugcrowd works similar to HackerOne, bringing together good hackers with companies looking to verify their security systems. In comparison to HackerOne, which rewards hackers with a payout decided by the company in question, Bugcrowd works on a subscription basis. Charging a service fee or a project-based charge, Bugcrowd provides market rate suggestions for rewards and manages all payouts for their companies. Their companies consist of AT&T, Dropbox, Facebook, Etsy, Paypal, Twitter, just to name a few. As you might notice, some of the companies listed are clients of both HackerOne and Bugcrowd.

Google, of course, has a public bug bounty program of their own, that offers up to $100,000 for hackers who find vulnerabilities in its Chrome software. Although the reward amount depends on the size of the bug, the rewards are substantial enough to keep hacker interest, ranging from a few hundred dollars to several thousands.

Opening a bug bounty program to the public, puts forth the message that the company values the security of its systems and lessens the likelihood of malicious activity. Despite strong efforts to keep systems secure, no one bulletproof organization exists. In the fight against hackers, a little incentive goes a long way toward a more secure system.

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Meet the Middlemen Who Connect Hackers for Hire With Corporate America

Sophos, Did you say.. Free?

You heard right. Sophos is offering free commercial grade security software for users. Sophos free security

Sophos is a security software and hardware company that develops products for encryption, network security, mobile and email security as well as threat management. Although mostly geared toward large enterprise organizations, they haven’t forgot about the security needs of home users.

In addition to their free Sophos Cloud, which can be used in business, commercial, or government organizations, Sophos offers free home protection, a great tool for users. This free version of Sophos Home lets you manage and protect up to ten computers per account. A huge advantage for anyone looking to better protect sensitive data from their home base.

The free security software protects against malicious software and inappropriate websites and viruses. In a world where malware is at the forefront of security concerns, it is best to ensure added protection for all your Mac and PC devices. As an added cherry on top, you can manage security settings for the entire family from any browser.

If you want software that is trusted by IT professionals, we highly recommend trying the new free version of Sophos.

To find out more information about Sophos and sign up for Sophos Home please visit their website:

https://www.sophos.com/en-us/lp/sophos-home.aspx

 

Ransomware seeks victims via TeamViewer

Download-TeamViewerAnyone use Teamviewer? If so, sorry to say,  you may have been hacked.

A new ransomware has been discovered appending the .surprise extension to encrypt important files. Further research into the extension revealed the loader had EDA2 ransomware from memory, and was only attacking those who also had TeamViewer installed. The victim logs showed that TeamViewer had been utilized as a means to reach computers. Someone connected via TeamViewer and proceeded to download the encrypted surprise files onto the unsuspecting desktop.

The two TeamViewer IDs used by the attackers were  479441239 and 479440875.

This surprise ransomware is unique in that it has successfully bypassed AV signature definitions as well as behavior detection. Rather than containing the more typical encryption functions seen in ransomware, this surprise ransomware encompassed an encrypted BASE64 encoded string. This string is loaded into memory and functions from there.

The ransomware scans all fixed disks on the computer for files that contain a particular file extension. When it finds a matching file, it will encrypt it with the AES encryption key and append the .surprise extention to it. The targeted file extensions are a hefty list. It will skip any files containing the $ symbol or contain the c:/windows and c:/program strings in the filename.

Bleeping Computer discovered the 3 files the ransomware creates are as follows:

  • %Desktop%\DECRYPTION_HOWTO.Notepad ransom note.
  • %Desktop%\surprise.bat, which executes the vssadmin.exe Delete Shadows /All /Quiet to remove Shadow Volume Copies.
  • %Desktop%\Encrypted_Files.Notepad file that contains a list of encrypted files

Sadly for those encrypted there is no alternative method to gain access to the files at this time without paying the ransom.

If you would like to educate yourself in greater detail about the material presented in this blog post please visit:

http://www.bleepingcomputer.com/news/security/surprise-ransomware-installed-via-teamviewer-and-executes-from-memory/

Two-Factor Authentication Evaluation Guide

Two-factor Authentication is a type of multi-factor authentication that provides identification of users using a combination of two different components. These components are often something the user knows, possesses, or something that is inseparable from the user. This Guide has been adapted from Duo Security, and illustrates what to consider when deciding upon a vendor for Two-factor Authentication for your company.WP17

Security

 

In order to enforce this extra layer of protection it is important to consider the factors involved. Security and ease of implementation should be of first priority. The vendor in which provides your two-factor authentication should be secure by design. The cloud based service should use multiple, independent PCI DSS Level 1 and ISO 27001-certified, SAS 70 Type II-audited service providers and is split across multiple geographic regions, service providers and power grids for seamless failover. This ensures that you have a reliable vendor that has an infrastructure that is fully scalable and elastic enough to be able to accommodate any number of users. You should be able to add users as you need them without issue. The vendor should also be backed by a strong service level agreement and the service should offer 24/7 operational coverage.

Cloud-based authentication services are easy to use and tend not to require installation of hardware. Selecting a vendor with drop-in integrations for all major VPNs, Unix, and MS remote access points. Something to look for is deployment. The two-factor authentication process is best implemented when it leverages a platform users already have, such as cell phones. Make sure the service you employ works with landlines and tokens to save your IT administrator from having to manage tokens.

Usability

Usability and convenience are a major part of making two-factor authentication a productive solution. A vendor that keeps a lot of “clutter” such as extra steps gets in the way of the login path and makes for a large and unneeded distraction. Allowing users to easily enroll themselves and set their preferred devices to use for authentication makes the login process easier. This should be met by a vendor that supports a wide range of authentication methods including push to mobiles app, passcode and phone call back.

Administration

When choosing the ideal vendor, make sure the administrative needs are met. For instance, consider if the solution allows for visibility insight into user access of your network. Authentication logs should be provided for auditing and reporting. Systems that provide a centralized admin interface give a consolidated view of how the two-factor authentication is working, and allows for better maintenance. It would be best if the system managed the physical tokens rather than forcing you to manage such items. In addition if you are looking for a cost effective solution, cloud hosted vendors have the lowest costs and least amount of hassle because the infrastructure, upgrades and maintenance are all managed by the vendor.

 

 

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://hosteddocs.emediausa.com/duo-security-twofactor-evaluation-guide.pdf

Transmission BitTorrent App Infects OS X with First Ransomware…

If you recently installed the Transmission BitTorrent App, most likely you are one unhappy user.

WP15The recently released version of Transmission BitTorrent for OS X contained the embedded KeRanger ransomware, the debilitating program designed to lock and encrypt files in order to extort money from consumers. In case you didn’t read our previous post about ransomware, this malware is extremely debilitating to consumers and business owners alike. It locks files and infiltrates all external hard drives and shared networks, making external hard drive back up prevention useless in protecting sensitive data.

The March 4th version 2.90 of the application contained the malware. The Transmission’s website is encouraging all users who have downloaded this version to upgrade to version 2.91 or at a bare minimum delete the 2.90 version from their computers. If you would rather, wiping and restoring your system to an earlier time period is also an option. Make sure if you utilize this option, that you restore your device to a period before the Transmission 2.90 installation.

Now if you find yourself infected, resist paying the $400 asked to restore your files. There is no guarantee that paying this fee will result in any data retrieval and could possibly be a complete waste of your money. If you decide to do nothing, at least remove the malware installed. Leaving the installation only allows the ransomware more opportunity to further exploit your system.WP14

If you would like to do a little investigating of your own, a new blog post from Palo Alto Networks’ threat intelligence team lists the steps for finding out if you have been infected with the KeRanger ransomware.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/article2/0,2817,2500391,00.asp?mailing_id=1587787&mailing=DailyNews&mailingID=510C4584BD5C3E3CDD5A15D97D2B87C0

 

Ransomware

 

Ransomware Malware Ransomware is the devilish and extremely debilitating program designed to lock and encrypt files in order to extort money from consumers, business owners, and even government officials. It seems that no one is safe in the fight against ransomware. Most ransomware programs are targeted at the most popular operating system, Windows. Ransomware programs can and will target other systems such as Android applications, Mac OS X and possibly even smart TVs in the near future. Not only is this an unsettling forecast for consumers, but also a call to action for preventative measures to protect your most important data files.

What can be done? Most users have learned the hard way that it is better to back up sensitive data to an external hard drive. However, this type of malware is tuned in to this. When a ransomware program infiltrates a computer, it infects all accessible drives and shared networks, encrypting all files found. This makes for a very irritating discovery of locked data across the board.

Rather than rely on the external hard drive method for backups, it is suggested that consumers adopt a new best practice. Ensure at least three copies of sensitive data are made, and stored in two different formats. At least one of these copies should be stored off-site or offline. This way if ransomware locks files away consumers are not forced into a sticky situation of deciding whether to risk paying for the data retrieval or losing the data forever.

What to do when faced with ransomware? Not much can be done once ransomware has attacked. Most security researchers advise not paying for files to be unlocked, as there is no guarantee that the hackers will provide the deception key once paid. Security vendors also worry about the implications for fueling the fire. The more consumers give in and pay for the safe return of their data, the further encouraged ransomware criminals become to continue this practice of extortion.

If I haven’t said it enough already, I will say it again. Prevention is key. Know how ransomware reaches your computer. Be especially careful of email attachments, word documents with macro code, and malicious advertisements. Always keep the software on your computer up to date. It is especially important to ensure that OS, browsers such as Flash Player, Adobe Reader, and Java are always updated when available. Unless you have verified the senders, never enable the execution of macros in documents. Finally and most importantly, perform daily activities from a limited user account rather than an administrative one. And always, always, utilize a well running and up to date antivirus program.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcworld.com/article/3041001/security/five-things-you-need-to-know-about-ransomware.html

FTC: Debt collection, Impostor scams, and identity theft, oh my!

Debt collection, impostor scams, and identity theft remain at the forefront of consumer concerns, and show no signs of slowing down any time soon. The Federal Trade Commission fielded more than 3 million complaints in 2015 alone, a significant jump compared to the 2.5 million received in 2014. Abusive debt collection was 29% of overall complaints. Debt collection was the top complaint mainly from data contributors who collect complaints via a mobile app, producing a surge in unwanted debt collection mobile phone calls.

WP 2Identify Theft was the second most reported behind abusive debt collection, despite increasing more than 47 percent from 2014. Identity theft has been the top category for the previous 15 years and only recently has dropped down on the Federal Trade Commission’s list of most reported complaint. Tax- or wage- related fraud (45%) was the most common form of reported identity theft, followed by credit card fraud, phone or utilities fraud, and bank fraud. The FTC has combated this by providing a personal recovery plan for victims of fraud, available through the IdentityTheft.gov website.

Imposter Scams, where individuals pose as government officials remained the third most commonly reported complaint. The FTC cleaned up a bit, shutting down a fake Medicare operation and working to educate the public through webinars, town halls, blog posts, and twitter.

 

 

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.networkworld.com/article/3039912/security/ftc-imposter-scams-identity-theft-and-debt-collection-top-consumer-grumbles.html?token=%23tk.NWWNLE_nlt_networkworld_security_alert_2016-03-02&idg_eid=b0bd995e2814d7f58c50105dd3327c12&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Security%20Alert%202016-03-02&utm_term=networkworld_security_alert#tk.NWW_nlt_networkworld_security_alert_2016-03-02