TBG Blog

03Jun

In case you missed it, check out the presentation about Amazon AWS from February 2014:

You can also download the presentation files at http://tbjcoffeeconnect.com/learn-about-amazon-aws/

Leave a Comment

17May

Verizon has just released the 2014 security breach report, which analyzes the security breaches and attacks form 2013. They found 198 total instances that they worked on with all 198 having confirmed data disclosed.

The common method of attack is to install malware on POS systems and collect magnetic strip data that is in process, retrieve the data and then cash in. Most of this type of compromise is based on criminal groups that are operating out of Eastern Europe and they are very good at what they do.

While most small businesses think they are not a target, that is not true, they are a very lucrative target. It will start with a compromise of the POS device with little legwork. The POS device is connected to the entire Internet without restriction and with weak or default passwords (sometimes no passwords).

The attacker will scan the Internet for open remote-access ports and if it identifies a point of sale device, it issues a script with credentials to brute-force to gain access to the device. If they gain access, they then install malware to collect and export payment card information.

Interesting enough, they are using what is called a RAM scraper malware to grab payment card data while it is in memory. Why? The payment card information in memory is typically unencrypted. Payment card information traveling across the network is typically encrypted when it is stored on the hard drive or in transit across the network.

The scary thing is that the breaches are not discovered until the criminals begin using the data they have stolen for fraud and other purposes.

These are some recommend security controls.

 

Restrict Remote Access

Limit remote access to your POS systems to only your third party management vendor and have a discussion on how and when they will be doing their duties. Consider only enabling remote access when the vendor needs and requests it.

Enforce Password Polices

Make sure that all passwords used for remote access to POS systems are not factory defaults, the name of the POS vendor or dictionary words and otherwise weak passwords. If this is outsourced, require and verify that this is completed and they do not use the same password for other customers.

Do Not Use the POS system for WEB Browsing

Disabled browsing the Internet from POS systems. They should only be used for POS transactions. Any modern firewall can help with this.

Deploy Anti-Virus

Install and maintain anti-virus software on POS systems. This is important to catch know threats and to help keep the machine secure.

If you are a Large or Multi-store Company

Segment the POS network.

You should really separate the POS network from the corporate network. You should also restrict what goes into and out of this network. You should also review connections between stores. Store POS networks typically do not need to communicate with each other.

Monitor and look for suspicious network activity

Monitor network traffic to and from the POS network. If you do enough monitoring, you should be able to tell what a normal traffic pattern is and if something looks like it is not normal, then it must be identified and investigated.

Utilize two-factor authentication

Using strong passwords on machines would cut out a large part of the issue with the POS system becoming compromised. If you use two-factor authentication for third parties and internal users, the compromise becomes very difficult and almost impossible.

Final Thoughts

This advice above was obtained from the Verizon security breach report. It is very simple advice. Most of this advice should just be part of everyone’s network security program. You should really have anti-virus on all systems and have it update every hour. You should also have a firewall that restricts incoming access and outgoing access. Most modern firewall’s have intrusion detection and threat prevention. These items should be enabled.

You should also have a strong password policy enabled on all systems and have vendors use strong passwords. You should have at least eight characters with a capital letter, a number and a special character. You should also require a password change every 90 days.

Finally, web browsing from machines that do financial transactions is not a good idea. You should restrict web access (deny all and only allow what is necessary).

This simple advice will help keep you secure and out of the newspaper headlines.

The Verizon security breach report can be found here

Leave a Comment

13May

Smartphones are being stolen at an alarming rate in the US over the past few years. This should be a concern as more company’s are looking to implement BYOD. A study also discovered that one in ten smart phone users are victims of device theft with only 30% every getting their smartphone back.

The most amount of the thefts occur when someone leaves/forgets the device in a public place, this accounts for 44% of all thefts. Of that 44%, restaurants are the most common place the theft occurs, 14% of thefts occur from a house or car that is burglarized. About 40% of the victims had the smartphone stolen between 12:00 PM to 5:00 PM and it took over an hour before they realized the device was missing.

This is bad news for enterprises as 10% of mobile devices contain confidential information are lost or stolen, according to mobile security provider Lookout’s “Phone Theft in America” report.

At least 12% of victims got hit with fraudulent charges on their stolen smartphones and 9% got hit with identify theft. You also occur a productive loss when losing a smartphone as 90% attempt to reclaim the phone with 60% filling police reports.

A scary statics is that 70% of people would go vigilante and put themselves in harm’s way in order to get their phones back. Some would even pay a ransom up to $1,000 dollars to retrieve the sensitive data on the phone.

Some key items in protecting your smartphone is a having a strong passcode, a located my device app and remain vigilant about the phones whereabouts. IPhones and Androids are the most commonly stolen device with 39 percent of victims reporting stolen IPHONES and 33 percent stolen Androids.

A major risk to corporate users is a smartphone that is setup for dual factor authentication. That could lead to a compromise of the corporate network. That is why a MDM solution is critical on devices so they can be wiped if the device is wiped or stolen.

You need to remind your users about best practices when owning a smartphone and how to help prevent them from becoming a victim.

 

The full Lookout report is available here for download.

Leave a Comment

10May

 

Symantec just stated that Ant-Virus is dead. That is a very bold statement, one that I happen not to agree with. The better statement would have been is Anti-Virus is not very effective or is not the only tool needed to maintain a security posture.

While Anti-Virus is not catching the most current attacks and threats, it never really did. The way Anti-Virus makers find viruses is waiting for a sacrificial lamb to get infected, they then can analyze it and then create a signature for it. They then share this signature with other virus manufactures. So it was never a perfect solution.

So with this statement, can you run without Anti-Virus? No, Anti-Virus software can still detect known virus threats and prevent them from infecting your machine. While it might not be detecting all threats these days, it still detects existing threats.

Anti-Virus should not be the only item in your security bag of tricks that you rely on. You should also make sure you have a good URL filter to block access to known bad sites. If you really want to get aggressive, you can block access to unknown and unclassified websites. This would allow you to prevent people from going to a site a hacker/attacker just created.

You should also get a high quality spam filter that looks for threats in email. I like the spam filter from MacAfee, it is a great product that can help prevent threats from getting into your network. You should really never click a link in email from a bank or someone you don’t know. Even if it is someone you know, you need to trust but verify.

Finally, you need to make sure you are patching your machines. Most Malware/Spyware take advantage of systems that are not patched. So make sure you are applying the latest security patches.

You cannot rely on just one item to keep you secure, it is a process.

Leave a Comment

01Apr

Hackers are always looking for an easy target to gain access to their targets. I recently attended a presentation by the FBI and they have seen a rise in activity against small to medium businesses. Who is easier to attack, a big corporation like Target or a small HVAC contractor?? I hear small business owner’s state that what would they want with me? If you stop and think it could be a lot. It could even be to use you to gain access to one of your client’s networks.

Hackers are also looking for jumping off points to attack other networks. A big corporate network might block China and Russia from accessing there network. A small business typically cannot afford the same security program as a large business.

Another point of entry is email with phishing attacks or websites that are streaming advertisements to you. You should really make sure that you have a good email filter to help prevent these type of attacks.

A few things you can do to protect yourself is make sure you have a next generation and UTM firewall, this will have web filtering and some Intrusion detection and prevention build into it. It will also have logging enabled so you can monitor your Internet connection. If you review your logs you can determine  what is regular vs irregular traffic is.

Another step is to have someone else monitor your firewall. This would allow you to have an expert help you better secure your network. They can monitor your firewall and notify you if anything seems to be incorrect.

Just remember, you are not too small to be attacked.

Leave a Comment

09Feb

I was recently at a very interesting conference. They discussed the risk of advanced persistent threats also known as (APT). Advanced persistent threats are basically threats that bypass your security and can constantly talk to the attacker.

I am going to walk you through a quick example of how this works. The Chinese government has state sponsored hackers that go after valuable targets. These hackers are required to be fluent in the English language. The first thing they do is use google to find out who the important people in the company are and who the direct reports are. They then do either spearfishing email attempting to get you click or open an email with a link to spyware or malware. Once you click on this and download it, you have the malware on your machine creating a back door for them to get access to. Since more firewalls limit inbound connections, this malware calls out to a server waiting for commands.

They can tell the malware to sleep, log key strokes or various other options. They can even export emails from your outlook mail program. Their goal is not to get credit card information, but to get trade secrets or intellectual property. Once in the network they are usually in for a minimum of 256 days with a maximum of 7-8 years.

The reason they remain undiscovered is the attack is advanced and most virus scanners will not pick the attack up. The reason is the attack is customized for that specific hack and not deployed in mass. Current virus scanning technology while good, needs a mass infection with numerous people reporting it before a signature is written. If you don’t have this mass infection, you will not detect the virus. These attacks are also hiding the file type by either encrypting part of the program or changing it using a simple xor algorithm. So if you are looking to block by file type, it will circumvent that.

This is a new type of attack and only a few companies can discover and stop it. One company is Fireeye. Fireeye has an advanced technology that runs this type of attacks within various virtual machines. If it finds one, it distributes a signature to everyone in the network. It has a high success rate of finding and blocking this type of attack.

These threats are becoming common and traditional security solutions will not help you. What are you doing to protect yourself against these types of threats?

For more an interesting read on this type of attack, read the Mandiant APT1 report located here APT Report.

If you would like more information about this type of Threat, email james@tbjconsulting.com or call 262-373-9070

Leave a Comment

04Feb

 Demand for wireless access is expected to soar this year and beyond. Analysts have predicted an increase of 300% in wireless demand in your organization. The question is are you ready for it?

Expanding Your Coverage

Your locations more than likely have some wireless coverage, but they will have a hard time keeping up to the number of devices attempting to connect to them.

Increasing the number of access points and turning the power down on some of the existing access points will provide better overall coverage and also satisfy the new demand. You also need to make sure you design your wireless network for the device types it will service. Wireless VOIP phones have a different coverage model than laptops. They need more access points at less power so they can roam without dropping the call.

If you only have a dozen or so devices two access points should be able to provide adequate coverage for a 1500 to 2000 square foot building.

Access Point Placement

You want to make sure you place your access points carefully. You do not want to mount them on structural metal; it can cause issues with the signal. You also want to make sure that you check the construction of your walls. Some buildings have sand in the walls, which can decrease signal and require additional access points.

Also make sure you leave some extra cable so if you need to move the access point, you can.

Security

Wireless is much less secure than a wired network. Anyone with a device can find your network and attempt to break in. For you private wireless network, use WPA2 Enterprise security. This will require a username and password and not a key that is easily guessed. It also rotates the wireless keys providing another level of security.

At the least, you should not use WEP as it can be cracked in less than 1 hour in a heavily utilized network.

Wireless Controller

If you are going to be deploying a bunch of access points, you should consider using a wireless controller. This will help you make mass changes and also give you the ability to easily add and remove access points. You also have a central location to look for wireless issues if any are reported.

Final Thought

If you have not deployed wireless yet, chances are you will be in the next 12 months. Make sure you take time to understand your requirements so you can size your wireless deployment appropriately. Otherwise you will have coverage issues and unhappy users and unneeded expense.

Leave a Comment

02Feb

Hackers are exploiting a weakness in Internet security, ad makers and sellers that target user’s online browsing habits.

Recently, Yahoo displayed and advertisement that contained malicious malware to European for at least one week. Additional high traffic websites have had malicious code injected into their display ads, newspapers, blogs and Dailymotion, a popular destination for streaming video.

In some instances, the malicious ads download viruses without user interaction. In other instances, the ads servers up a security alert- “Your computer’s antivirus is out of date!”- to trick you into paying a fraudsters money or downloading a virus. This type of spot ad is severed up unknowingly by major ad networks and can bypass antivirus software.

The design of the Internet advertising system is a major part of the problem. Ads pass through dozens of virtual hands to match buyers to sellers in quick online auctions. This process happens so fast with numerous players, that it can be very difficult to screen every ad, according to leading security researchers. Once a Hacker discovers a vulnerability others flock to use the same exploit, which is the case with the ad vulnerability.

In the Year 2013, cybersecurity company RiskIQ, Inc tracked nearly 384,000 malicious online ads. That up from 205,000 in 2012 and 70,000 in 2011. The large ad companies acknowledge an increase in malicious  ads.

Google, which hosts one of the largest ad networks has disabled ads from than 400,000 sites containing malware in 2013, up from 123,000 in 2012.

Advertisers have known about the potential problems of malware for years, but have struggled to eliminate the threat. Scanning the web ad for bugs is time-consuming, expensive and is difficult to do as more ads are becoming interactive with graphics and complex code to target a specific type of user. “This is much like an arms race” stated Chris Olson, chief executive of Media Trust, an ad-security company in McLean, VA.

In Yahoo’s case, the malicious ad was on display between December 27th and January 3rd before it was discovered. It is impossible to find out how many people were infected because the virus only was deployed in certain instances, according to people who are familiar with the investigation. If the malicious ad discovered a vulnerability, it infected the machine with a host of viruses. One of them is called Zeus, it is often used to steal online banking credentials, according to security researches who have studied the incident.

This is why you need a good firewall to help you prevent this type of attack. I have recommended blocking Ad sites for at least two years because they contain a vulnerability. The companies who have listened to me, have cut down their malware infections significantly.

If you don’t have the ability to block ads at the firewall, contact me and I can get help you find a suitable security device or help make recommendations. Just call 262-373-9070 or email james@tbjconsulting.com

Leave a Comment

19Jan

Most businesses these days are using wireless networks, but for most small to medium business
they are not secure. The first item is get rid of WEP, use WPA2 encryption only. It is the most secure
and least likely to be hacked.

Along with that, you should have a strong password for WPA2. You should also avoid an SSID with TBJNetwork, it identifies who you are and can make you a target. You should also disable WPS, WPS is an easy way to add new devices, but it is very insecure and is an
easy way for you to get hacked.

Finally, if you want to allow guests to connect, setup a guest network. This will allow for a secure way to allow guests on to your wireless network.

Also, use an enterprise class wireless solution, it has better security built in and it will allow you to grow. To find out more about wireless security, contact TBJ Consulting at info@tbjconsulting.com or 262-373-9070.

 

Leave a Comment

13Jan

Wildfire is a service from Palo Alto Networks that can evaluate files to see if they contain malware. At the firewall you configure what you want to have send to the Wildfire network and it will execute it on a Virtual XP machine in the cloud. If it happens to find something that looks like malware, it will notify you.

This service works well, I have had clients use it and discover malware on there network even before a virus definition has discovered it.

It is very easy to configure, you just tell it which files you want to send up and it will send them up to be analyzed. The files need to be 2MB or less.

In the 5.0 code they have a subscription you can subscribe too that updates every few hours with the latest threats.

It is a very cool service that is easy to enable

If you want to learn more about wildfire, read about it here, Wildfire.

If you want help configuring it, feel free to contact me at james@tbjconsulting.com

Leave a Comment