Most Organizations Have Been Compromised and Don’t Even Know It
According to the Cisco 2014 Annual Security Report most businesses have been compromised and they don’t even realize it. In this report, 100% of business networks that Cisco analyzed had traffic going to websites that host malware. Attacks are also taking much longer to detect.
With the explosion of cloud services and mobile devices, the threat landscape has become larger, much more complex, and difficult to secure. So the question becomes, what can you do about it?
First, you can make sure you are using a modern-day firewall. A firewall from even 5 years ago will not be very effective with today’s threat landscape. You need a device that combines firewall, web filtering, anti-virus and threat protection. While this will not prevent 100% of the threats, it is a good start.
The report from Cisco stated that Java comprises 91% of web exploits. Also, 76% of companies are running Java 6, which is end of life and not supported anymore. So, along with a modern day firewall, you need a patch management system that not only patches Windows operating systems, but also patches software such as Java and Adobe. But keep in mind – just patching the operating system will not keep you secure in the new threat landscape.
Second, if you have mobile devices, they are also being targeted. A staggering 99% of all mobile malware in 2013 targeted Android devices. Android devices also have a 71% rate of encountering a web-delivered malware. So you should be securing your mobile endpoints. Antivirus is needed on your mobile devices along with a mobile device management software (MDM). An MDM can help you control which applications are installed on a mobile device and also create a sandbox that allows you to secure corporate owned data.
Finally, for outbound web traffic, a good Internet web filter is needed. You can prevent your end users from going to malware infested websites. In fact, an unknown category exists in most web filters. I would suggest blocking that category because it will help keep your network more secure. If a website is unknown, should you really be going to it anyway?
If you would like some guidance on how to secure yourself better against these attacks, feel free to contact me at James@tbjconsulting.com
Update the Firmware On Your Firewall
This is not the first time I have sent out this security tip. With the recent heartbleed and open SSL vulnerabilities, you really need to upgrade the firmware on your Firewall. Open SSL actually had another discovered vulnerability after Heartbleed, so another round of firmware updates are needed. If you are questioning whether your device is vulnerable or not, you can check out the vulnerability here. But it is always a good practice to keep your security devices updated.
Gadget of the Month – Metageek Wi-Spy
If you are looking for a tool that can quickly tell you what your Wireless RF environment is doing, then Wi-Spy by Metageek is the tool for you. It can quickly tell you what wireless channels your access points are running on. You can also purchase a piece of software that acts like a spectrum analyzer. If you are looking for a quick and easy tool to troubleshoot WIFI deployments, check this gadget out. Find out more information here.
Product of the Month – Nimble Storage SANS
I have been installing Nimble Storage SANS for about 3 years and I believe it is one of the better products on the market.
The first feature I like is how small the snapshots of storage volumes are. You can keep at least 60-90 days of snapshots on the SAN without eating up your storage. It effectively acts as another backup device. It also makes it very efficient when you are sending snapshots to a remote device.
Unlike most storage platforms, Nimble Storage has upgrade paths if you start to stress out the storage. You can add additional disk shelves and additional cache disks. You can even add additional controllers to allow you to upgrade to the next model of SAN.
The SAN has redundant controllers that allow for a network or power failure so it will stay running. It also allows for a zero downtime upgrade as it will upgrade the primary storage first, then the secondary storage. This allows you to have a very long uptime.
Ease of Installation
The SAN is very easy to install and configure. Most environments can have the storage up and operational in less than 4 hours. They also have very good guides on how to integrate with vendors such as Microsoft and VMWARE.
Finally this product makes a great addition to your disaster recovery plans. If you want a good base disaster recovery product, this is a great SAN to accomplish that.
TBJ Consulting September Word Search
Cloud as the New Perimeter
The cloud revolution is comparable to the revolution of web-based applications in the late 1990’s. With that revolution comes a shift in the perimeter. The network edge was very easy to define before with the network firewall being the separation between you and the rest of the world. With applications and date shifting to the cloud, you lose that separation and, really, the ability to monitor what data is going between corporate boundaries and what actions are taken.
Moving data to the cloud makes it much easier to access data, but also much easier for your attacker to access the same data. Many sites store data with a simple username and password. If moving data to the cloud, it might be time to think about incorporating another factor of authentication such as two-factor authentication.
When moving data to the cloud make sure you understand your vendor’s service-level agreements along with how vendors are handling security and patch management. You should also make sure the vendor is having a third party test the security and you should ask for the reports that they are indeed doing those tests. You should also understand how your data is secured at rest to ensure that no one who is not authorized is reading your data.
For some organizations with a limited budget and staff, the Cloud might actually be more secure than maintaining the system themselves. It will allow them to focus on what they are best at.
Make sure that you are actually checking the security of the cloud vendors you are using. It is still your responsibility.
Final Thought of the Month – Password Security
It seems like every week we are hearing about another password compromise. What truly surprises me is how weak most passwords are.
The first sin I see is using default passwords on networking devices. Recently I had a consulting job and had to review some firewalls. Those firewalls all had the default password. While most were not in production, they should have had the password changed before they were placed on the network.
The second sin I see is using the same password for everything. With banking and financial sites, this is not a very good idea. You should keep separate passwords and change them every 90 to 180 days. This way, if one password is compromised, you will not have all of your websites compromised.
The third sin I see is doing banking on a computer you are browsing questionable content with. Just like something bad is going to happen if you are on the bad side of town, if you go to a bad website something is going to happen to you.
The fourth sin is giving someone else your password. Banking or support sites do not need your password to access your account. If they ask for it, it is typically someone attempting to trick you. Don’t give it to them.
Finally, the choice of password is also classic. Do not using kid’s names or even something from the English dictionary – they are too easy to crack. Instead, use the first letters from a phrase such as “I would really like it to rain today” and put a special character at the end of it and it would look like Iwrlitrt!.
Password security is not really all that difficult and we can help prevent these breaches by implementing a few best practices. We may have to start having more two-factor authentication methods as replacement for the everyday password to help cut down on this problem. But mostly, if people used common sense, most of these breaches could be preventable.