TBG Blog

08Jun

LinkedIn recently was hacked and had its passwords compromised. I highly suggest using separate passwords for online accounts. Use one set of passwords for banking and other important sites and different password for Facebook, twitter and LinkedIn.

The reason for this if a password is compromised; they do not have access to all of your accounts.

To make things really secure, I would recommend using a password vault product live password safe. It will keep your passwords in a database that is encrypted; you just need to be sure your master password is secure.

Embrace the use of separate passwords.

Leave a Comment

06Jun

We at TBJ have just launched the TBJ Defigo firewall service. I have launched this service because I see such a need for good network security and most do not provide a great service. I have taken all of my experience installing corporate firewall’s and created a very cost effective great service.

If you would like to find out more about this service, email me at james@tbjconsulting.com or call 262-373-9070.

The service has the following features.

 

·        On Demand Reporting VIA a Secure Portal

 

·        Virus and Threat Prevention

 

·        Website URL Filtering

 

·        Active Directory Integration

 

·        VPN support for Windows, MAC OS, IPADS

 

·        Weekly Reports

 

·        24/7 monitoring

 

·        Blocking of Latest Internet Attacks

 

·        Configuration Backup and Archiving

 

·        All Add/moves Changes included in the price

 

·        Includes a harden Firewall appliance

 

·        Online on-demand reporting available

 

·        Yearly External Security Assessment

Leave a Comment

04Jun

Recently, I had a laptop crash and I needed to restore some data. I made a decision to use an automated online backup product and I was not disappointed.

I have attempted in the past to use an external hard drive and other backup methods, but the issue is I need to take some action. I was not always the best with backups.

I decided to try a tool that offers a Cloud based hard drive and also the ability to back up the data on my machine. The product is cloud drive from Rackspace.

I have been very happy with it. The backups work great and I can restore up to 90 days’ worth f previous versions. I can also share documents between computers and tablets.

The best part is after my Hard drive crash, I was able to restore my data and be up and running in a very quick fashion.

If you have mobile users and are looking for a backup solution, this one works very well.

 

Leave a Comment

17Apr

I just got back from a very good SANS seminar last month. Thetraining I attended was a class on ethical hacking.

One of the items we did was become what is called a man inthe middle. We had a piece of software and we tricked the client into thinkingall of the network traffic routed through the laptop. It was scary how easy itwas.

It also got me thinking about how easy it would be forsomeone to sit in a Starbucks or a hotel and grab passwords. Once they are inthe middle of your traffic, they can run tools to decode what you are sending.

If you are going to use Public WIFI, do not do anythingbanking or you would not want someone to have. In fact, if you travelfrequently, I would suggest purchasing a Verizon AIR card.

Remember, a public network is a public network and shouldnot be used for any time of banking or for transferring sensitive information.

Leave a Comment

09Mar

I recently worked on a project where we had to get a VPNtunnel up and running quickly for a client for a new office. They could not getInternet or any other type of connection.

To meet their needs, we purchased some Fortigate 60Cappliances and a ULM290 4G card. After configuring it, we tested the upload anddownload speed and it was very good. 10MB Up and 5 MB down.

We shipped it to the remote office and discovered that theVerizon network in the area dropped out about 3 time’s day. The connectionworks great besides those nasty drop outs.

What is the point of this blog post???? Well, the first ismake sure you test a configuration like this in the area of the country it isgoing to be placed into to ensure that it will work correctly. Second, it iscool that you can put a 4G air card in a Fortinet and have a dynamic VPNTunnel. It will work great in a backup environment and it will also work wellif you need a connection.

Just remember to test your connection first.

Leave a Comment

22Feb

So How do we protect against You?

I was asked to prepare a presentation on secuirty and during my research, I discovered that a big part of Information Security is You.

What do I mean by You? The easiest and most profitable way to attack someone is to utilize some social engineering or phishing attack. The human need to help makes it very easy to take advantage of.

A perfect example…

RSA who makes secureid was hacked last year. Was it a fancy attack? No, a spreadsheet was emailed and someone clicked on it installing a backdoor. A good virus scanner or firewall should have prevented this. Also, not trusting a file would have also prevented it.

A perfect example…

Hacker target You all the time. Think about Facebook and Linkedin. How much personal information do you put on those sites? An attacker can utilize this information to craft an attack against you. If it does not need to be put out on the Internet, do not do it.

Some Things you can do to help…

  • Enduser training. You can not expect someone to understand how to prevent this without some sort of training program.(Think of it like this, my 12 year old daughter got a chance to move my car,well she had no training and you can guess what happened. Let’s just say theneighbors house stopped the car and it had a missing drivers mirror, and yes itwas my fault and my wife was furious).
  • Run a phishing attack against your users and teach them to be aware. You can hiresomeone to help or do it yourself
  • Trainend users not to provide passwords in emails or over the phone.
  • Be careful what you share and who you share it with
  • Do not run on your machine as administrator, use a low level account
  • Social Media needs to be monitored and if possible only allow posting of informationif the job they perform requires it.
  • If the information is sensitive enough, require 2 factor authentication.

I actually have a survey you can take to see how secure you are. Click Here to find out how secure you are. Security Survey

Leave a Comment

09Feb

 

Did you know that your Smart Phone is the target for phishingand malware attacks? Over 70% of adultusers connect to the web with mobile phones and 65% send and receive emailmessages. These email messages contain links to malicious websites and the usercannot see the web URL. Smart phones users are 3x times more likely to give upa username and password.

 

If you have a smart phone, make sure that you are puttinganti-virus and malware protection on it. Also make sure that you do not clickon web links with your smart phone.

 

Also, smart phones can easily be swiped and have malwareplaced on them. Make sure if you have sensitive data on it that you put apassword on it. If you lose the device and find it again, I would suggestwiping it and starting over. You cannot be sure if someone put something onyour phone to capture a username and password.

 

If you are an enterprise, a Mobile Device Management suiteMDM would be a wise investment. If someone loses a device, it can be remotelywiped and you can put some sort of security policy on the device.

 

Finally, a good user education program is important to make sure that users understand the risk and hopefully be able to identify the risk in the future.


Leave a Comment

02Feb

This is a little off topic from most of my posts but I believeit is relevant. Both of my daughters are in a club basketball program and Icoach one of them. That makes it so most weekends I am unable to see my youngerdaughters game. My wife, using our IPAD2 was able to record the game andallowed me to watch it. I was surprised at the quality.

Since I am an assistant coach, I figured it would work wellto also record the team I coach. We recorded the game and were then able toconnect it to a project to have the team watch. It was very easy and useful.Finally, you can also get the video off of the IPAD and create DVD’s with anAPP called IMOVIE. The IPAD is becoming more useful than just a tool that runsapps.

Anyway, the video recorder in the IPAD is very usefully ,you do not need to go and purchase an advanced video recorder. Find out more about it here.


Leave a Comment

02Feb

Most network equipment has telnet enabled by default. Thesedays most devices can also support a protocol called SSH. I would suggest thatyou disable the insecure protocol telnet and enable a secure protocol calledSSH. Why? Telnet allows passwords to be seen in clear text and if someone issmart, they are able to capture your password.

If you ever have a security audit or this will be one of thefirst item they are looking for.


Leave a Comment

25Jan

If you have read the news lately, passwords are becoming atarget of attack. Organized crime has figured out how to profit using theInternet and is hiring hackers to write code to harvest passwords. The securitytip this week is how to protect yourself from being a victim.

The best practice is to pick a password that has nothing todo with you. You do not want a child’s name or parent’s name. The place yougrew up is also bad. I also suggest using the letters of a phrase. For exampleyou can use the first letters and the numbers in the following phrase, (I donot like the cold in January 2012!). It would look like this Idnltcij2012! Itmakes a strong password you can remember.

Also remember to use multiple passwords, that way if you arecompromised you limit your exposure.

Finally, if you need to remember passwords, use a tool such as password safe to keep your passwords secure. It will provide an encrypted database that if is is compromised, you will not have given someone the keys to your Kingdom.

Leave a Comment