Category : Security

Cyber Security Threats – Proactive Rather Than Reactive

Word Press PhotosSecurity executives have increasingly urged firms to utilize prevention, encouraging a plan that encompasses Information Technology and business units in order to ensure cyber security.

Why might you ask? As a mere observation, most firms have accepted hackers as a viable threat that will eventually infiltrate their network. Rather than focus on preventative measures, companies have taken to the opposite, strengthening their reactive forces and mitigating the damage a hacker can do once inside. Although important, focus needs to be on cyber security and data breach prevention in addition to recovery after the fact. This change of mindset ensures significant progress can be made to prevent threats, making better use of time and resources for your company.

John Davis, CSO of Palo Alto Networks’ federal division, suggests “Call for a comprehensive risk analysis, mapping out the different segments of the network and examining the needs of the enterprise along with the security concerns.” He encourages information technology teams and cybersecurity teams to work together for a higher level of performance. Prevention tactics bring together these two forces in a more collective manner.

 

 

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.networkworld.com/article/3039955/security/why-cios-to-be-proactive-not-reactive-to-cybersecurity-threats.html?token=%23tk.NWWNLE_nlt_networkworld_security_alert_2016-03-02&idg_eid=b0bd995e2814d7f58c50105dd3327c12&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Security%20Alert%202016-03-02&utm_term=networkworld_security_alert#tk.NWW_nlt_networkworld_security_alert_2016-03-02

Top Security Suites of 2015

The Best Security Suites for 2015

Malware, hacks, and data breaches are unquestionably possible if you do not tend to your security needs. Keep yourself and your computer protected from harmful intrusions by investing in top notch security. Take a look at the list compiled below as these are the leading security suites of 2015.

 

Bitdefender Total Security 2016 $69.95

  • Scored Excellenbitdefender1t in anti-malware, anti-spam, and anti-phishing tests.
  • No hassle firewall
  • Parental control
  • System tune-up
  • Advanced startup optimization
  • File encryption
  • Anti-theft
  • Password Manager
  • Secure browser

 

 

Kaspersky Internet Security $79.99

  • Spam Filterkap
  • No hassle firewall
  • Parental Control
  • Remote monitoring and management
  • Bonus features

 

 

 

 

 

Symantec Norton Security Deluxe $69.99

  • symantecBest at malicious URL blocking and antiphishing
  • Spam filtering
  • Password Management
  • Performance Optimization tools
  • Online Management
  • Powerful protection for Android and Mac

 

 

 

 

Bitdefender Internet Security 2016 $59.95

  • Accurate spam filterbitdender2
  • Tough firewall
  • Revamped parental Control
  • Password Management
  • Secure browser
  • Ransomware protection

 

 

 

 

Comodo Internet Security Complete 8 $69.99

  • Live remote tech support/Remediaticomodoon for any security problems
  • Virus free guarantee
  • VPN for protection on public networks
  • Local and online backup system
  • 50GB of hosted online backup

 

 

 

 

 

Trend Micro Internet Security 2016 $79.95

  • Great Antivirustrend
  • Accurate spam filter
  • Optimizes PC health
  • Secure deletion
  • Scans social media security settings

 

 

 

 

 

 

Webroot SecureAnywhere Internet Security Complete 2015 $79.99

  • Small and light on Resowebrooturces
  • Quick install and scan
  • Good malicious URL block
  • Full feature password manager
  • Mobile support
  • Remote management
  • PC optimization
  • Online backup and Sync

 

 

 

Check Point ZoneAlarm PRO Antivirus $69.95

  • Powerful firewzoneall
  • 5GB of hosted online backup
  • Credit monitoring
  • Identity protection
  • Password Management

 

Why Weak Passwords Are Harmful: Ashley Madison Hack IT Takeaways | BVA IT Consulting Blog

password_stolen-100577279-primary.idgeAs you may very well be aware, the Ashley Madison debacle revealing account emails of users has also divulged their passwords. A total of 11,716,208 silly, yet remarkably weak passwords were discovered. Passwords such as “password,” “123456,” and “IThinkILoveMyWife?” are a few of the many that were used.  These revelations only reinforce the importance of stronger passwords to keep your information secure. Never use weak passwords, and never underestimate hackers as I’m sure they continue to crack easy passwords like this time and time again. If you do happen to find yourself in a situation where you would use a site such as Ashely Madison create a completely randomized password yourself or use a password manager.

 

Microsoft On Malware and Protecting your Business: How To Protect Your Business From Malicious Software | BVA IT Consulting Blog

Malware is continuing to wreak havoc on devices, notably Android. So what is Microsoft doing to combat such intrusions? Prevention and understanding are key. The definition of malware has extended from the more traditional viruses to the embodiment of varied attack levels including the new, more malicious threats. The Director of the Microsoft Malware Protection Center, Dennis Batchelder, says that crime syndicates, malware supply chain, antimalware vendors, and the antimalware ecosystem are the main participants involved. Microsoft’s Digital Crimes Unit and antimalware security software’s purpose is to proactively intercept new strains of malware. They aim to block malware, stop it in its tracks when first discovered, and seek to prosecute those involved.Malware-spy

From a business owners perspective there are a couple things you can do to protect yourself. A layered approach to cybersecurity is important. Protecting your business from various angles and the level at which you invest into an IT Staff make a big difference in your defense.  Security begins from where and how users interact with the data, to how you transmit data past firewalls, and the level of end-to-end encryption that is put in place. Data at rest must be encrypted to protect against high valued attacks on your servers, and you can complement that with the use of intrusion detection measures and data leakage monitors. The decision must be made on what the price of security is for you, depending on the value of which you want protected and what you are willing to spend for it. For big businesses, handling it in-house may seem more appropriate. However, for small businesses a manageable and more cost effective option would reasonably be hiring a managed service provider (MSP) to tend to security needs.

 

Tricky, more Advanced Malware than Ever Before: How To Combat Advance Malware | BVA IT Consulting Blog

As the world continues to exponentially develop through the rapid advancements of technology, experts have observed that innovation and high tech evolution is not without some costs. Malware, a term used to describe a variety of malicious and intrusive software, has consequently become a newer and bigger threat, as they are increasingly more creative and complex than ever before.  Research has shown that desktops are no longer the only domains at risk, but mobile phones as well.

Phishing applications pose as ostensibly harmless entities in popular Android games, often masquerading as a cheat or modification only to steal sensitive information such as your passwords, usernames, and even credit card details.

An even more disturbing malware, the so-called “crypto-ransomware” is a hostile code that holds your phone hostage, locks the screen, encrypts your data, and impels a blackmail payment of up to $500 to undo.  Simplock, a type of crypto-ransomware worms its entry into an Android devices’ administrator rights, spreading its encryption to not only your documents and multimedia, but archived files as well.movile malware

Most targeted devices of advanced attacks such as ransomware reside in the developed world, whereas the underdeveloped countries are subject to the older, well-known malware.  Statistics have shown that 77 percent of Androids affected with this sort of malware are in the United States.

Free Password Managing – Good Free Password Managers – Dashlane Password Management | BVA IT Consulting Blog

dashlane-logo-cover_w_500

Are you guilty of using the same password for all your logins? This is typically discouraged especially if you’re attempting to secure sensitive content. With all the diverse apps and websites we now have available to us it’s understandable to not bother to create and remember a different password for every single one.  However, if one password is discovered you leave the flood gates open to everything you want to remain secure.

Dashlane is a free password manager that securely imports your passwords from your browser to a protected password vault. The database is encrypted with AES-256 encryption and only the user has the master password saved in his or her head.   If you are especially paranoid you can utilize a google authenticator for additional security.   Dashlane has the ability to identify weak passwords that might be easily cracked by hackers and creates stronger, more impenetrable passwords for you. It also alerts you when there is a breach and stops potential hackers in their tracks before your security is compromised.

https://www.dashlane.com/passwordmanager

Mandatory SonicOS Firmware Upgrade for your Sonicwall Firewall

Issue Summary
In the past, Dell SonicWALL used industry standard 1024-bit certificates. To comply with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, as of January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. Certificates with less than 2048-bit key length will need to be revoked and replaced with certificates of higher encryption strength. All current Dell SonicWALL firewalls use versions of SonicOS firmware with the 2048-bit security standard. Recent updates and upgrades of SonicOS firmware use the industry standard and recommended 2048-bit certificate. This is an urgent notification that on January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer support 1024-bit RSA certificates. This change is not driven by Dell SonicWALL, but rather a decision by Certificate Authorities to enforce the use of highly secure certificates. Certificates using the 1024-bit key length will be revoked and must be replaced with certificates of higher encryption strength. If you own a Dell SonicWALL firewall with an older firmware version that does not use 2048-bit certificates you must upgrade the firmware to the latest version or the minimum General Release version which includes the 2048-bit certificate as listed in the Firmware Upgrade Table below by December 31, 2013. Dell SonicWALL is providing the minimum firmware upgrade to all customers regardless of support contract status.

How does this issue affect me?

If you own a Dell SonicWALL firewall with an older firmware version that does not support 2048-bit certificates, the firewall will NOT be able to get real-time license information or the latest security services updates from our back-end systems. Existing security services on Dell SonicWALL firewalls that use 1024-bit certificates will continue to block previously-known threats, but the lack of updates may expose the protected network to new threats and exploits. In addition, you will NOT be able to activate and renew security services.

How can I tell what firmware version is running on my firewall?

Follow these steps to find the firmware version running on your Dell SonicWALL firewall.

  • Log into your Dell SonicWALL firewall
  • Click on “System” in the left-hand navigation
  • Look for “Firmware Version” under the “System Information” heading

What actions do I need to take?

Dell SonicWALL strongly recommends upgrading firewalls running older firmware to the minimum General Release version indicated in the table below. The table lists the affected Dell SonicWALL products and the associated minimum required firmware versions. All General Release versions of the required minimum SonicOS version for your appliance(s) are available on MySonicWALL.com.

Note: Active support is not required to download the minimum General Release version of the firmware listed in the Firmware Upgrade Table below.

When do I need to do this by?

If you have a Dell SonicWALL firewall that does not support 2048-bit certificates you must upgrade the firmware on the firewall by December 31, 2013.

How do I upgrade the firmware on my firewall?

Firmware must be upgraded on your Dell SonicWALL firewall(s) to the latest firmware version or the minimum firmware version as listed in the table below. The latest or minimum required General Release firmware can be downloaded from the MySonicWALL.com Download Center. The following Knowledge Base articles will guide you through the processes for downloading and upgrading the firmware on your firewall.
How to Download SonicOS Firmware
How to Upgrade SonicOS Firmware with Current Preferences on a Dell SonicWALL Firewall

What firmware version do I need to upgrade to?

Follow these steps to determine the required firmware version for your Dell SonicWALL firewall.

  • Find your firewall model under the “Dell SonicWALL Firewall” column.
  • Determine if your firewall is running one of the versions listed under “Currently Running Firmware.”
  • Check the “Minimum Required SonicOS Firmware Version” to see if an upgrade is required. If it is, you will need to upgrade to at least the minimum required version listed in the right-hand column of the table.

FIRMWARE UPGRADE MATRIX

Dell SonicWALL Firewall Current Running Firmware Minimum Required SonicOS
Firmware Version
NSA E5500/E6500/E7500/E8500/E8510
NSA 240/2400/3500/4500/5000
TZ 210/210W
TZ 200/200W
TZ 100/100W
5.3.x.x – 5.6.0.11 or older 5.6.0.12
5.9.0.0 or newer Upgrade not required
5.8.1.0 or newer Upgrade not required
5.8.0.0 – 5.8.0.7 5.8.0.8
NSA 2400MX 5.7.0.0 – 5.7.1.0 5.7.2.0
5.9.0.0 or newer Upgrade not required
TZ 205/205W
TZ 105/105W
5.8.0.0 – 5.8.1.5 5.8.1.6
5.9.0.0 or newer Upgrade not required
PRO 4060/4100/5060 4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
PRO 2040/3060 4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
3.1.6.5 Standard or older 3.1.6.6 Standard
PRO 1260 3.4.1.3 Enhanced or older 3.4.1.4 Enhanced
3.1.6.5 Standard or older 3.1.6.6 Standard
TZ 190/190W 4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
TZ 180/180W 3.9.1.4 Standard or older 3.9.1.5 Standard
4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
TZ 170/170W/170 SP 3.4.1.3 Enhanced or older 3.4.1.4 Enhanced
3.1.6.5 Standard or older 3.1.6.6 Standard
TZ 170 SPW 3.4.1.3 Enhanced or older 3.4.1.4 Enhanced
TZ 150/150W/150W Rev B 3.1.6.5 Standard or older 3.1.6.6 Standard
Product models not affected by this certificate issue include:

  • SuperMassive 9200/9400/9600
  • NSA 2600/3600/4600/5600/6600
  • NSA 250M/250MW
  • NSA 220/220W
  • TZ 215/215W