Category : Security/Compliane

BYOD Security concerns

From Slashdot

A Bring Your Own Device policy might save companies money, but a new survey highlights a lack of security procedures for keeping it secure.

Some two-thirds of businesses follow some sort of BYOD (“Bring Your Own Device”) policy, allowing workers to use their personal devices in a work context. That’s according to a new survey by consulting firm ITIC and KnowBe4.com.

The Web-based survey, which queried respondents from 550 companies worldwide between July and August 2012, also found something disturbing, at least from a security perspective: around 71 percent of businesses had no specific policies or procedures for keeping BYOD secure. Around 13 percent had such policies in place, while another 9 percent were in the process of developing them, with the remainder unsure of where their companies stood in terms of hardening personal devices against attack or data loss.

Full article here:  http://slashdot.org/topic/cloud/byod-lacks-security-survey/

Not Even NASA’s data is safe!

For those of us who think we are pretty good at keeping our information safe, I would highly suggest you think again. Most leading government organizations have issues on keeping their data secure. Take for instance NASA. According to a recent article in Popular Science, NASA was targeted some 47 times last year by cyber criminals and they were successful 13 times giving hackers full control of critical NASA networks. They even lost the codes to control the International Space Station at one point.

NASA is often a target for cybercriminals and often NASA hardware is stolen. Between 2009 and 2011, 48 mobile computing devices were lifted from NASA or NASA employees. One of which containted those control codes for the ISS. Believe it or not, the device in question was not encrypted, and it appears that a lot of NASA devices are like this.

One would think that NASA, a pioneering government organization would have this type of stuff under wraps considering they have a 1.5 billion dollar a year IT security budget. It gives you the sense that if somebody really wanted to, they could easily get into your computer and get your personal information.

Furthermore, think of all of the companies and business that are not NASA, with much smaller IT budgets, that are targets all the time. Hackers could easily can access to these networks without anyone even knowing it and that often happens. A good recommendation is that you be very cautious with your personal information and where you put it. Doing research into security standards and checking to see if companies have had previous IT breaches.

You can also encrypt your hard drive with Windows BIT Locker or 3rd party software if you would like. You can use software such as Pretty Good Privacy (PGP), TrueCrypt, or CyberAngel.

You can never be too safe with your personal information!

SSL Shopping?

The Internet and the data provided on the Internet have become a primary source for research, news, and shopping for much of today’s society.  But how much of that data is real and how can you be certain your financial data is transmitted securely.   Identify theft is not only prominent from a personal level; corporate identity theft has now become too common in today’s electronic society.  In regards to Internet communication, a corporation can take steps to ensure their customers they are who they say they are.   Online merchants can also give their customers the peace of mind that their personal data remains just that.  SSL certificates have been around for a number of years, but buying the right one from the right supplier can be frustrating.   The website SSL Shopper (www.sslshopper.com) is a great place to read reviews from many of the popular SSL providers while also providing easy to follow wizards to find the right SSL for you or your business.  Give your customers the peace of mind that comes with providing your services on the Internet, start using an SSL certificate today.

If you have already purchased an SSL certificate but are having problems with the configuration, don’t worry, SSL Shopper has a number of tools to assist.  I spent a number of hours troubleshooting a publicly assigned cert before finding the SSL Verification Utility.

SSL Verification Utility

Trying to resolve an SSL certificate issue?  The SSL Checker utility at SSL Shopper (http://www.sslshopper.com/ssl-certificate-tools.html) is a great utility to identify issues with any internally assigned or public assigned SSL certificate.  It provides a comprehensive look at your SSL cert, providing detailed information including server and server chain information.

Near Field Communication (NFC)

Something promising that i read up on recently was the concept of Near Field Communication. Essentially near field communication or NFC for short, consists of a close-range radio chip that is in your phone or other personal electronic devices and it will allow you to access different devices or rooms based on the settings. The current interesting use is for turning your cell phone into a key for a hotel, or a key-card lock. Personally I would love to just walk up to my house or hotel room and put my phone in front of the door which would allow me to access my room. Consolidating everything into one would be a great accomplishment.

This could also be potentially used for a variety of things. It wouldn’t necessarily have to be put into a cell phone but it could be in other devices as well. Maybe a car key or something of that nature. The nice thing is that they can be reprogrammed for anything.

If you lose your device, your access can easily be revoked through the management system. It is currently being pioneered in Sweden by a lock maker company Assa Abloy.

I think this is pretty neat and would love to see it in action.

Symantec Introduces Backup Exec 3600 Appliance

Symantec has recently release a backup exec appliance called the Symantec Backup Exec 3600 Appliance.  Here are some specifications.

  • It is an all-in-one solution pre-packaged with Backup Exec 2010
  • Includes 5.5 TB of useable disk space.
  • Unlimited software licensing to protect 5.5 TB of disk storage.
  • You can protect an unlimited number of servers and applications both physical and virtual.
  • Web based management console.
  • It includes RAID 5 data drives, mirrored SSDs for the OS, redundant power supplies and battery backup on the RAID controller.

I have yet to first hand see this product in action but it does sound like a pretty neat little box. This appears to me to be a more enterprise level backup solution as the price tag MSRP is around $25,000 dollars, but it packs quite a punch for such a small device.

I tried to demo this but Symantec will not actually send you a demo product. I probably wouldn’t either for the cost of one of the devices.

Form Factor 1U
CPU Quad Intel Xeon 2.4 Ghz CPU
Memory 16GB DDR RAM
OS Windows 2008 R2 Embedded
Security OS Hardened At Factory with Symantec Critical System Protection
Data Storage 2 X 40GB SSD Disks for OS (RAID 1)
4 X 2 TB SATA Disks (RAID 5)
5.5TB of Useable Deduplication Storage Capacity
Disk Management Onboard Hardware RAID 5 controller
I/O One 1Gb Ethernet port (1 additional port dedicated for Appliance Management)
Other I/O Ports One FE management network port / Two USB 2.0 ports

The Ten Cities With The Highest Online Risks Of Cybercrime In 2012

Symantec, the makers of Norton Antivirus and other products, teamed up with Sperling’s BestPlaces, an independent research firm, to uncover the ten US cities with the highest risk of cybercrime.

This was determined by looking at a number of contributing factors, including per-capita prevalence of PCs and smartphones, social networking, ecommerce and the accessing of potentially unsecured WiFi hotspots.

Note that, according to the published report, the cities with the greatest risk factor are not necessarily those with the highest infection rates – this points to the fact that many consumers are practicing safety precautions.

The list is, as follows:
#1 – Washington, D.C.
#2 – Seattle
#3 – San Francisco
#4 – Atlanta
#5 – Boston
#6 – Denver
#7 – Minneapolis
#8 – Sacramento, Calif.
#9 – Raleigh, N.C.
#10 – Austin, Texas

This is the second such collaborative effort between Norton and Sperling’s BestPlaces.
http://www.symantec.com/about/news/release/article.jsp?prid=20120215_01

Unlimited Backup!

Backup’s are extremely critical for individuals and organizations to have in place. One solution I’ve found to be not only extremely cheap and affordable for any user, but also extremely safe and reliable is known as BackBlaze, a $4 dollar per month service that provides unlimited storage, end to end encryption, and integrates seamlessly with both mac and window’s based environments. Not only is this solution a great for anyone, it’s also extremely easy to use and setup, accessible anywhere through their easy to use website, and automatically keep’s itself in sync providing you reports of job success’s and failure’s.

Features Include:

  • Unlimited Storage
  • External Drive Support
  • Military-Grade Encryption
  • Continuous Backup
  • Automatically Finds Files
  • Automatic Throttle
  • Locate Computer
  • Free Web Restore
  • Restore to USB Hard Drive
  • Restore to Flash Drive
  • File versioning
  • 11 Languages

WiFi – Secure? Think Again!

When it comes to WiFi, most would claim their network is secure and that there is little to worry about when it comes to someone in your neighborhood breaking into your network, but what happens when you combine a PogoPlug, 8gb of flash storage, some WiFi & GPS Radio’s, and a case or enclosure to hide all of that? You get the F-BOMB (Falling or Ballistically-launched Object that Makes Backdoors), Created by Brendan O’Connor and funded by DARPA, it’s a battery-powered device that cost’s a mere $50, and once it’s in range of a wireless network, this home-brewed Linux based device can crack into your WiFi network and upload it’s findings to a server, making it a device remotely accessible for further mischief. We here at BVA strongly suggest taking every precaution available for protecting your home-networks and business networks which includes the use of certificates, mac filtering, and even enterprise protocol’s.

The Internet Blackout of 2012

As many of you have probably heard, there are forces of power collaborating over two pieces of legislation, that if passed, could threaten the Internet and all of the vast freedoms we take advantage of. As we all know, the Internet is a world where people from all over collaborate to share information, build friendships, and openly express themselves, but what happens if it’s all taken away?

A little background information on the two laws currently under open debate in congress are SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act). These bills, opposed by a force of businesses titled The Net Coalition, essentially empower the government to put an end to piracy and copyright infringements, using any means necessary up to shutting off a persons or companies access to the web. The bills, designed to help enforce copyright holders in the United States, allow corporations to seek court orders forcing payment providers, search engines, and advertisers to stop doing business with these infringing sites. It doesn’t stop there, provisions of SOPA also permit the government to issue court orders to Internet Service Providers to enforce a DNS block on infringing sites (even though the IP’s would still make the website reachable). To take it one step further, these laws even empower copyright holders to require entities such as YouTube to take down videos of people singing other’s songs, which again if passed, can claim infringe the copyrights held by music companies

Today, January 18th, marks the official first blackout day for the major companies on the internet that oppose these bills. Corporations such as google, wikipedia, and craigslist have all blacked out their websites in protest, requiring users to view a little statement of their feelings regarding these bills before being able to continue browsing through their site, all of which also have a form that can be signed to enlist yourself in their protest on these laws.

It’s quite simple, these law’s threaten the freedom’s that many of us truly cherish, and unless we all band together to vocalize our opinions, we risk losing our right to express ourselves and speak freely.

Incriminate Yourself!

Data protection is becoming more and more of a compliance requirement for organizations that surround themselves with confidential information (whether it be social security numbers, banking information, or even credit cards), and one key element in protecting the data comes in the form of Data Encryption, often used throughout the world used as a last line of defense in the event of a breach or compromise to a companies network.

One US Citizen, charged by a Colorado District Court, is being accused by the FBI to have key information in the investigation of a Mortgage Scam stored on her “legally seized” laptop. Upon the acquisition of the laptop, authorities found the laptop to be encrypted by a password known only by its owner, and in the Case of US vs. Fricosu, the Colorado district court is deciding whether they can legally compel (or in better terms, “force”) Fricosu to divulge the decryption key that unlocks the hard drive, thus potentially incriminating her in the process.

The Electronic Frontier Foundation (backing the accused) is under the belief that due to the lack of presented evidence by the government prosecution with regards to what they expect to find on the laptop or what they are looking for, is simply fishing for evidence to prosecute the defendant, and believes forcing Fricosu to disclose her password is a direct violation of her Fifth Amendment rights (which protects witnesses from being forced to incriminate themselves).

It’s pretty simple, no evidence against the defendant, a clear violation of the users privacy, and an attempt to force a person to violate their civil rights? This case should clearly be dropped, what’s your take on it?