BusinessContinuity_0.jpg

NetConnect Blog - Your Resource For IT Tips, Tricks and News

In Security, There is No Silver Bullet

Posted by Rob Lammert on Dec 22, 2016 12:47:48 PM

computer-security-threats.jpgNo one is above being breached. There are many ways that a breach can happen and there is no one piece of technology that can safeguard your organization, but, there are steps you can take to make sure you are not an easy target. Keep in mind, you don’t have to spend massive amounts of capital on your “cyber defense” posture; it is all about the policies put into place and the enforcement of those policies with your users. 

Rob Lammert from our partner, ESET breaks it down into these four important steps: 

1. Educate Your Users

Many studies show that the weakest link in your technology environment is actually human error. In their day to day activities, users are bombarded with many infiltration attempts such as phishing scams, infected email attachments or even unsolicited “help desk” phone calls. Educating your users on your security policies and procedures is a big step in preventing an infiltration. Many companies provide educational sessions like “Security Awareness Power Hour” on a regular basis to help users stay educated on how they are to identify and handle threat attempts.

2. Maintain Multiple Layers

secure-email.jpgYears ago, only having an antivirus product on your endpoints or servers seemed to be all you needed to be secure. In today’s threat landscape, having a multiple-layered approach helps safeguard against holes in one line of defense or another. For example, allowing multiple detection engines and styles, such as Anti-Spam, Anti-Phishing and Anti-Malware, to scan emails prior to them reaching their destination can be quick and easy way to safeguard against many spam or infected emails. This can be done by having an external scanning engine assess the email before it reaches your company gateway, with a final line of defense being on the endpoint to detect anything remaining. Multiple layers of security in each of your data entry and exit points helps make your environment unappealing to hackers, as security layers increase the time needed to infiltrate your infrastructure. Key items to consider for layers are encryption, authentication methods, data loss prevention, and endpoint security products, all of which can work independently or in unison to lock down your infrastructure.

3. Patching & Updating

Operating system and application exploits are among the most common infiltration points for malware and yet are the simplest to prevent. There are many products in the marketplace that can help you with patching your systems and can be deployed within a small time frame. Patching and updating products is not only limited to the common products that you think of such as Microsoft Windows or Microsoft Office, but really all products that your users might interact with such as Adobe Acrobat, Adobe Flash or Java. Keeping your environment up-to-date will go a long way in keeping your environment safe from external attacks.

4. Wash, Rinse & Repeat

security-key.jpgSecuring your infrastructure is not a project that has a specific completion date or objective; it is an ongoing process that will require you to update your methods as threats become more sophisticated. Many products, such as endpoint security software, do a lot of the heavy lifting for you to keep you (and your business) protected against many existing and “zero day” attacks, but they can’t do all the work for you.  Be sure to continually keep yourself educated on the latest threats - as well as techniques to prevent them - as they change frequently; sometimes daily! 

There are many fantastic websites out there to help you with this information, like ESET’s security news website, WeLiveSecurity.com. Also, ESET has a variety of free, educational white papers and webinars that cover a variety of security topics.

To find out more about security awareness and what options are a right fit for your organization, contact Network Center, Inc. to setup a free consultation. Network Center, Inc. also offers vulnerability tests to identify security risks in your environment. 

NCI Contact Us Button

 

Topics: Network Security, Cyber Security

Ransomware: A Tale of Three Companies

Posted by Michelle Killian, FRSecure Security Analyst on Apr 14, 2016 10:09:00 AM

Ransomware: A Tale of Three Companies

Our partner, FRSecure has been busy of late responding to calls regarding ransomware. They've seen a few success cases but not enough, so Michelle Killian, FRSecure Security Analyst, thought it would be useful to review three of the common scenarios they are encountering, what the outcome has typically been and what you can do to prepare and protect yourself from this nasty attack.

But First, What Is Ransomware?

“Ransomware?” you say. “What’s that?” Well, if you are lucky enough to not have been either directly or indirectly affected by ransomware, we'll give you a brief rundown:

Ransomware is a type of malware (malicious software) that attempts to block access to assets belonging to a victim (i.e. your files) and only unblock in exchange for a ransom payment.

The variant of ransomware running rampant today infects your device and encrypts (or locks) all the files you have access to, making them completely unusable to you unless you get the key to decrypt (or unlock) the files. The malware searches for and encrypts all applicable file types (including Word and Excel documents and PDFs) both on your device and on any shares you are mapped to, meaning the more access your device has, the more damage the malware can do.

While there are many ways your system can be infected, ransomware is typically delivered through an email phishing attack or website drive-by-download attack.

Attack Overview

Attack Overview

Download Overview

Download Overview

In order to decrypt the files, you have to get the key from the attacker who distributed the malware, which costs money, typically in the form of bitcoins. Up until recently, the attackers were demanding basically the same amount of ransom regardless of who they infected – typically between $500-1000, but they’ve now discovered that some targets are willing to pay much more and have started demanding ransom payments more proportional to the information they are holding hostage.

What FRSecure is Seeing

Michelle Killian lumped the companies FRSecure is hearing from, both in the field and from incident response calls,  into three broad categories. Read along and see which group your organization most closely aligns with and take away some action items to better prepare yourself!

Company 1: The Not-So-Lucky One

Company 1 calls shortly after getting that gut-wrenching pop-up notifying them that they’ve been ransomed, unsure of what to do or where to start. They haven’t really been good about consistently backing up their data so they don’t have a viable backup to restore from.

CryptoLocker     Photo: Malwarebytes.org

CryptoLocker Photo: Malwarebytes.org

These are usually painfully quick and unsatisfying conversations. While FRSecure always recommends doing some research on the particular malware strain to see if a key has been obtained and shared, odds are, if you don’t have a backup of your data, your only real option to get your data back is to pay up. For Company 1, this is exactly the outcome and after learning the ins and outs of Bitcoin, they are back up and running, less $500, and working diligently on formalizing their backup strategy.

FRSecure Does Not Support Paying The Ransom

For the record, FRSecure does not encourage paying the ransom as the best solution to this problem. Paying only encourages this type of activity to continue to grow and makes you a bigger target for future attacks. Additionally, FRSecure has seen many instances where the decryption process hasn’t gone smoothly and not all files are recovered. However, if there is no other way to get the information that’s been ransomed and it’s necessary for operations then sometimes this is the only solution.

Company 2: The Oh-So-Close-But-Not-Quite One

Company 2 got the same pop-up notification with ransom-payment instructions, but threw high-fives all around because they’ve got good backups and regularly test them, so they knew that this was but a blip in the road. They restored the systems they determined to be impacted by the malware from backup and resumed operations as normal.

Until they got a call from a user freaking out because their data was no longer usable. Turns out there was a small subset of the organization that was supposed to be segmented off (but wasn’t) and for all intents and purposes was thought to be no longer in use (but was) so the share wasn’t being backed up regularly. And the data stored on this share was pretty important.

So, while Company 2 was able to successfully restore most of their files from backup, because they didn’t have an updated inventory of their data resources, they still ended up paying a ransom to get the files from the not-so-segmented share back. And now they are focused on a top-to-bottom user access review and data mapping exercise to make sure they know where all their data lives and who has (and who should have) access to it.

Company 3: The Ready-For-Your-Stupid-Virus One

Company 3 called in advance of getting the ubiquitous pop-up. They noticed some files they were working on were changing and becoming inaccessible and suspected they might be in process of being infected by  ransomware. With a little digging we were able to confirm their suspicions and set about containing the malware.

The one nice thing about ransomware is that it’s pretty easy to determine where the attack started because the device where the infection initiated will be the device that provides the notification and instructions on how to pay up. But, on the flip side, once the pop-up shows up, it’s too late to contain the malware. So, you have to do some work while it’s in process of spreading to find the source and contain in.

For Company 3 there was some suspicion around a particular attachment and a particular user (based on internal conversations and where the file changes were taking place) so it was relatively easy to pinpoint the source. With that knowledge, we were able to isolate the system (disconnect it from the network and internet) and work on replacing the infected files.

Company 3 not only had replication of data to the cloud but also maintained regular offsite backups. The data being replicated in the cloud had already uploaded the encrypted versions of the files so we had to pinpoint when the ransomware was downloaded so we could revert back to the clean files, but after about four hours, Company 3 was back up and running with no ransom paid. Even so, Company 3 is not resting on their laurels, they used this close call to conduct additional user training on the perils of email and phishing attacks.

How To Protect Your Company (and Yourself)

One thing Killian would like to point out when talking about ransomware is that this virus does not discriminate. It will hit you at home and take your $500 just as readily as it will at the office. So her advice is advice that can be implemented in both environments and should be strongly considered if you place any value on the information residing on whatever device you use (PC, Mac, smartphone, tablet… all devices are fair game for this bugger).

What You Can Do:

  • Inventory your data: This is Information Security 101, but we aren’t generally that great about it. Do you know where all of your information is stored? Map out all of your data repositories and then audit regularly to make sure it’s still appropriate.
  • Back it up: This is your #1 defense against ransomware. Determine how long is acceptable for you to be out of commission (1 hour, 1 day, 1 week?) and build out an appropriate backup strategy that ensures you can meet that acceptable level. Consider multiple types of backups in the event one gets compromised and regularly test the effectiveness of the backups. Side note: many versions of the ransomware either destroy your shadow copy or encrypt it before notifying you that you’ve been ransomed so do not let your shadow copy be your only backup solution.
  • Implement need-to-know access: Do you know, with certainty, who has access to what information? Or do you take a “everyone needs access to everything” approach? Play out a few table top exercises with ransomware and you may be re-thinking that approach. Use user access to data as a strategy to protect you from attacks to limit the exposure to information impacted from any one user. And like data inventory, review this access periodically and audit users to ensure nothing is changing.
  • Continue to train users: Make sure your user base knows what the current risks are to them so they are better able to protect both themselves and  your organization. Train them on the signs of ransomware so they can report it before the pop-up does, which can help mitigate the damage done. Remember that your users are computing at home so they have a vested interested in being a bit more technical – teach them about disconnecting from the internet, unplugging from the network, and the importance of controlling access to information.
  • Strengthen technical controls: there are some pretty easy solutions that you can implement that can help protect you from installing ransomware, including:
    • Block EXE file attachments so users cannot directly run executable files from emails.
    • Disable macros in Office applications, where malicious code is often embedded.
    • Implement web filtering for malicious sites to block known security risks sites.
    • Remove local admin rights so users are forced to enter in a privileged username and password to run new software.
    • Develop and implement a patch and vulnerability management program; many variants use vulnerabilities in applications to infiltrate your system.
    • Implement group policies and other restrictions on common payload entry points, such as the %AppData% folder.
  • Check online for solutions: If you don’t have a good backup to restore from, before you give in and pay the ransom, do some research to see if a key has been uncovered. Great sources to consider include Malwarebytes, Kaspersky Ransomware Decryptor  and BleepingComputer. Do not remove the malware until you are sure all of your files have been successfully recovered.

There’s no doubt about it, ransomware stinks. But it is a good reminder of how a strong information security program can protect you and how sticking to the basics (asset management, access control, backup management, user training) will continue to pay off.

Blog post provided by: 

* Killian, Michelle.  http://www.frsecure.com/ransomware-a-tale-of-three-companies/. N.p., 7 Mar. 2016. Web.12 Apr. 2016. <http://www.frsecure.com/ransomware-a-tale-of-three-companies/>.

Are you interested in improving your processes to reach your security goals? Reach out to the team at Network Center, Inc. for more information on how utilitzing FRSecure can positively impact your company. 

ContactUsButton.jpg

Topics: Network Security, Security, Ransomware

Dear Ransomware...

Posted by Sean Todd on Apr 8, 2016 1:00:00 PM

Dear Ransomware – let’s get familiar

First, let’s define what ransomware is. Basically, it’s a piece of malware that is able to infect a device that will prevent an end user from either accessing the device itself, or the data on the device. Typically, the person responsible for creating the ransomware will require the user to pay a fee in order to regain access to the infected files or system. Even when you think you’ve got your environment configured with the right layers of software designed to prevent an infiltration of potentially destructive ransomware, there’s still a good chance you may become a victim.

lock_image.jpgSounds like a pain right? Well, it could get much more serious than that pretty quickly. Let’s assume that device is on your corporate network. Let’s also assume that the user of that device has access to files on the network. See where this is going? It now has the potential to affect files across the network. All that business critical data is now that the mercy of a cyber-criminal demanding a ransom payment before giving you back your access, if at all. You don’t just lose access to the files, you have the potential to lose productivity, legal fees, IT services, customer service, etc. it adds up quickly.

So what exactly does this ransomware do? The most common side effect is file encryption. Encryption that is at this point is pretty much impossible to crack. It has the ability to encrypt not only data on your local device, but also data across the network that the user has access to. Without a good backup or paying the ransom, you can say good-bye to your data. Even a backup will only get you back to the point in time where it was last successfully run. That means if you’re backup ran last night, and the ransomware hit today at 4pm, you’ve pretty much lost an entire day of work for not only a single individual, but potentially an entire company.

But I have antivirus, that’s enough right? I hate to be the bearer of bad news, but antivirus software alone simply isn’t enough anymore. You need a layered approach to your preventative arsenal.ransomware2.jpg

  1. Education – Educate yourself and end users on how to detect these threats. Limit the amount of casual internet browsing and if an email seems fishy, there’s a good chance it is. Remember, ransomware can infect you in multiple ways.
  2. Email Filtering – Use a spam service to filter email before it gets to your mail server and inbox. Even users of a hosted email platforms should consider using 3rd party email filtering as an added layer of security.
  3. Web Filtering – Ransomware doesn’t just come from email. It can come from very popular legitimate websites as well. Utilizing some type of web filtering could help prevent access to infected websites or syndicated ads carrying malicious code.
  4. Antivirus – Use reputable antivirus. This is usually the last point in the preventative stage. Having up to date antivirus could be your saving grace, although there are never any guarantees. Even older versions of antivirus with up to date virus definitions could make you vulnerable. Much like the cyber criminals who are continuously trying to evade the various levels of protection, antivirus vendors are constantly evaluating and improving their software in order to combat the latest threats.

It's unfortunate that there are new stories daily of companies large and small being targeted by these malicious campaigns. There’s no doubt it will only get worse before it gets better as these threats are constantly evolving. They tend to get more destructive with each iteration and some aren’t even offering the option to decrypt anymore. Your best defense is a multi-layered approach. The more layers, the less chance of becoming the latest victim. Bottom line, it needs to be taken seriously.

Topics: Email Security, Network Security, Security, Ransomware

To Monitor or Not Monitor Your Network? That is the Question.

Posted by Nick Tichy on Jan 2, 2015 2:00:00 PM

networkWhat is a network? A network as defined by Merriam-webster is a system of computers, peripherals, terminals, and databases connected by communications lines. There are many types of networks. The biggest network is the internet which is a wide area network. A wide area network spans a large distance and is a collection of LANs or local area networks. A local area network connects network devices over a short distance. A school or home would be an example of a local area network.

In today’s networking world it is important to know if your equipment is running at maximum efficiency. There are some great tools out there to help us do that. Some tools are as simple as Angry IP Scanner which makes it easier to scan ip addresses and ports. Some of the more complex tools will not only allow you to monitor your network, but also allow you to monitor devices such as routers, switches, servers and much more. For the purpose of this blog we will talk about the complex type of network monitoring tools such as PRTG and Solarwinds.

All of the monitoring tools are a bit different in some way. The great thing about some monitoring tools (like PRTG and Solarwinds) is they will allow you to monitor the device plus certain characteristics of the device like the power voltage, temperatures, fan settings, and usage. Let’s say you are monitoring a router, and one of the fan’s goes out. You can be emailed and alerted of fan failure and some network monitor tools will even recommend that you replace the fan. Another example could be that you have a router and the temperature starts to climb up. The network monitoring tool can email you a warning letting you know the temperature is rising. This would allow you to hopefully find the issue on the router or at the very least troubleshoot what the issue could be.

prtg_sunNetwork monitoring tools such as PRTG or Solarwinds will allow some sort of map of your network, or tabs that will allow you to click into the device or expand the device to see what you have under the device.

Another handy feature that some network monitoring tools include is the ability to run reports. Running a report can be useful for a number of reasons. First and foremost running a report gives you the ability to see how well or not well your equipment and devices are running. You should be able to narrow the report down. Let’s look at the router again for an example. If we have been having temperature issues with the router we can go back and see if it has happened before. This can be handy and help identify trends. Maybe this has happened 7 times before in the last 2 months. Now might be a good time to look at the room it is in. There might be a cooling issue within the room that the router is stored. Or it could be a fan issue on the router. Running a report would allow you to see if the fans haven’t been running efficiently. This should help you pinpoint what the issue is.

Another option that some network monitoring tools will allow you to do is click into the device you are monitoring and see the history, logs, how much storage is left, usage, memory, free space on drives, and much more.

Since there are many network monitoring tools out there, you will want to research and decide what is best for your network and what is easiest for you and your company. You should have no problem finding one that will give you the features you are looking for.

For more information on network monitoring please contact NetWork Center, Inc.

Contact Us Today!

Topics: Network Security, Network Monitoring Tools, Computer Network, Network Monitoring

Reviewing the Impact of the SSLv3 POODLE Vulnerability

Posted by Joe Dunnigan on Oct 24, 2014 4:55:00 PM

PoodleFlaw_SQ-300x300Attack of the POODLE
Last week, a new high profile web vulnerability was disclosed, dubbed 'POODLE' (Padding Oracle On Downgraded Legacy Encryption). This vulnerability received much press, partly due to the fact that a number of other vulnerabilities have hit the news recently (Heartbleed and Shellshock in particular).

The POODLE vulnerability deals with attacks that downgrade the level of encryption and security in an https connection between a web browser and server, forcing the communication to use the old and less secure SSLv3 protocol over newer implementations like TLS 1.0-1.2.

SSLv3 has been around for nearly 15 years, and has outlived its usefulness. However, most systems have kept it enabled so that legacy systems can still function. At one time, this was the highest protocol that web browsers supported for secure communications, but TLS has been available for many years now. IE6 is the only browser with any notable market share that requires SSLv3 in order to establish secure connections. Any recent versions of IE, Chrome, Firefox, Safari, etc. will support TLS.

Sniffer-2-01So, what does this mean for us?
Upon reporting the vulnerability, it was recommended that systems be configured to not offer SSLv3 for secure connections. This includes web servers, application servers and appliances, and web browsers, among many other devices. If a user tries to connect to a secure service via SSLv3 and this support has been turned off, they will not be able to use the service any longer. The recommended approach is to ensure that recent versions of web browsers and other client software are as up to date as possible.

The greatest risk to allowing SSLv3 in communications is the possibility of a man-in-the-middle attack, where an attacker could listen in on the secure https communications and crack the encryption to expose sensitive information (passwords, banking information, etc.). By disabling SSLv3, this threat is successfully mitigated. 

In fact, disabling SSLv3 has been a topic of discussion prior to this discovery, as weaknesses in the protocol have been known for some time. However, the risk associated was not deemed worth the trouble of potentially shutting out users who were using older web browsers or application clients. With the POODLE vulnerability disclosed, it was determined that the risk to information disclosure is too great, and moving forward with disabling the protocol will be necessary. With IE6 usage falling below 0.1% in most of the world, the impact should be significantly lower than in previous years.

What should I do now?
As with all vulnerabilities, it is important to determine exposure and take action to remediate the issue as quickly as possible. By keeping software and systems up to date with security patches and new software versions, we can help to curb the possibility of serious attacks and information exposure.​

To find out if you are vulnerable, contact us at NetWork Center, Inc. for more information.

Topics: Network Security, Security, Protection, IT Consulting

Shellshock: It Has Nothing to Do with Ninja Turtles

Posted by Brian Johnson on Oct 17, 2014 4:13:04 PM

shellshock-bug-100457107-largeI’m probably starting to show my age, but when I hear the word “Shellshock” the first thing I think of is the old Teenage Mutant Ninja Turtles cartoons. But unfortunately, the Shellshock we are talking about has nothing to do with pizza-loving reptiles, and everything to do with a gaping security hole affecting many of your Internet-connected devices. Here’s what Shellshock (a.k.a. the “Bash bug”) is all about and why you should care:

What is it?

There are a few terms and technologies contributing to the Shellshock nickname. First up is Bash, which is a command-line interface used in Mac, Linux, and many other operating systems and devices. This interface, often referred to as accessing the “shell,” can be used to enter commands to perform various actions on a system, such as editing files, running tools, or initiating a restart or shutdown. 

The heart of the Shellshock problem is that when these Bash commands are tweaked for potentially malicious purposes, really really really bad stuff can happen all across the Internet. 

I don’t run Macs or Linux – so can I stop reading now?

No – please don’t! This still matters to you. You may not directly run these operating systems on the machines you use every day, but Linux is everywhere. It could be found on video cameras, routers and other devices on your home or work network, and is prevalent on thousands and thousands of Web servers scattered across the Internet. 

To understand the seriousness of this issue, we have to get a little nerdy first and look at an example Bash command:

/bin/eject

This simple command, when executed on some Linux servers, will eject the CD drive. No harm done there, right? 

Ok, but what if I could somehow modify that command and, from my comfy office in Waconia, use it to make a server across the Internet eject its CD drive? Wouldn’t that be cool? Well, if my target server was vulnerable to Shellshock, I could do exactly that with this command:

 curl -H "User-Agent: () { :; }; /bin/eject" http://www.example.com/

Again, this looks like a bunch of gibberish, right? But when we break it down, here’s essentially what this command is doing: first, it is asking www.example.com to display its Web content, much like it would if you visited www.example.com in a Web browser. Next, as my computer and the Web site send data back and forth to complete this connection, my computer sends the characters () { :; };. And here’s the bug: the server misinterprets the /bin/eject command as something to ignore or discard, and runs it instead. Wa-lah! The CD tray pops open!

Microsoft-Court-Email-Orders-01I don’t run a Web server either – why am I still reading?

In the example above I used a command which caused a Web server to eject its CD tray. Just a silly trick to show friends at parties, right? But use your imagination and think of some of the more sinister things I could do with this Shellshock vulnerability. Maybe I could figure out a way to make thousands of these severs attack your corporate network. Or I could craft a command to make the server send me sensitive information it has stored about you, such as your name, address, phone number, password, purchase history, credit card information…the possibilities are endless! 

And keep in mind, this vulnerability does not require any advanced skills on my part. I do not have to steal any usernames or passwords of people who administer these servers, download any special software or take a master’s class in hacking. Nope, just a quick Google search and about 10 minutes of my time would be all I needed to start launching attacks on vulnerable servers and potentially do damage to your networks, accounts and sensitive information. And that is why you should be concerned with Shellshock.

So what can I do about it?

If you are running Macs in your environments, check the support article Apple has published about the Bash bug, and download/install the appropriate patch.

On Linux systems, you can usually do a quick Google search for the type of Linux you run and the word “Shellshock” to find articles and instructions containing a fix. For instance, I run Ubuntu, and by searching for Ubuntu Shellshock I was treated to this nice article which walks me through patching the bug.

Don’t stop here. In your home or corporate network, you need to check other devices that may be vulnerable, such as video cameras, routers and backup devices. Tripwire offers a free tool to scan up to 100 internal IP addresses for free. Depending on what devices are identified as being vulnerable, head to that vendor’s Web site and search for any knowledge base articles or updates that might be available.

If you are concerned about Shellshock on your servers that are accessible via the Internet, this tool can help you test them.

Conclusion

Shellshock is a big deal – some experts say even bigger than Heartbleed. But as you can see above, Shellshock is not a real simple vulnerability to explain. I have had several conversations with clients who misunderstand it as “I don’t run Macs or Linux, so I don’t need to care.” Hopefully I was able to show you that is simply not the case, and you can help your fellow friends/family/coworkers better understand the bug when the opportunity arises. 

If you have any questions about Shellshock or perhaps want your network scanned for the vulnerability, we welcome the chance to talk to you. Contact NetWork Center, Inc. or FRSecure for any questions. 

This blog post is written by our guest blogger Brian Johnson, Information Security Analyst with our partner in information security, FRSecure

Topics: Technology Solutions, Network Security, Security, Security Technologies, IT Solutions

Heartbleed: Do We Still Need to Worry?

Posted by Tyler Voegele on Jul 2, 2014 4:00:00 PM

Heartbleed.svg resized 600It's been a little over two months since the security vulnerability Heartbleed was announced and a fix was provided. The Heartbleed flaw, which allows attackers to extract information from the memory of the servers that run versions 1.0.1 through 1.0.1f OpenSSL allows attackers to gain passwords and other information from strings of text taken from the memory leaks.

Have you audited yourself or the sites you frequent? According to a recent study the OpenSSL bug Heartbleed was discovered on more than 300,000 servers that remained vulnerable. In April that number was around 600,000. Nearly dropping half in the past few months is great, but nowhere near completely patched and it's only getting worse. Patched servers are slowing to a snail’s pace. Since the time between last month and this month it has only gone down by around 9,000 servers.

It seems that patching is going to almost halt altogether. What does this mean for you and the security of some SSL servers? SSL is the fundamental secured communication that most websites rely on. If you still haven't updated to protect yourself against the vulnerability then you are still vulnerable to someone gaining your sensitive information such as username, password, or encryption keys.

An updated list of the most recognizable and popular websites was created shortly after the release in patches for the vulnerability that are now not affected by the Heartbleed OpenSSL encryption bug. Below are a few of the entries most notable:

heartbleed virus- Google.com is not vulnerable to Heartbleed.

- Chase.com is not vulnerable to Heartbleed.

- BankofAmerica.com is not vulnerable to Heartbleed.

- WellsFargo.com is not vulnerable to Heartbleed.

- Facebook.com is not vulnerable to Heartbleed.

- YouTube.com is not vulnerable to Heartbleed.

- Wikipedia.org is not vulnerable to Heartbleed.

- Twitter.com is not vulnerable to Heartbleed.

- Amazon.com is not vulnerable to Heartbleed.

- Linkedin.com does not use SSL.

- eBay.com does not use SSL.

- Bing.com does not use SSL.

- Pinterest.com is not vulnerable to Heartbleed

- Ask.com does not use SSL.

- Msn.com does not use SSL.

- Instagram.com is not vulnerable to Heartbleed.

- Tumblr.com is not vulnerable to Heartbleed.

- Microsoft.com does not use SSL.

- Paypal.com is not vulnerable to Heartbleed.

- Imbd.com is not vulnerable to Heartbleed.

- Apple.com does not use SSL.

- CNN.com does not use SSL.

- Craigslist.org is not vulnerable to Heartbleed.

- Reddit.com is not vulnerable to Heartbleed.

- Netflix.com does not use SSL.

- Adobe.com is not vulnerable to Heartbleed.

- Dropbox.com is not vulnerable to Heartbleed.

- Mozilla.org is not vulnerable to Heartbleed.

- Pandora.com is not vulnerable to Heartbleed.

So what's next? Since the announcements of vulnerabilities like Heartbleed, Apple's SSL bug GoToFail, and many more, how can we predict what's next? Well, there really is no easy way other than preparing ourselves for the worst. Vulnerabilities like Heartbleed should heighten our sense of security and the need to be aware of it in our environments. As bad as Heartbleed was, and still is since countless of thousands of websites remain unpatched, it actually marked an improvement in what we consider a critical security hole. Make sure your organization has a plan to patch defects and prevent possible attacks that could compromise your servers. With Heartbleed fresh in our minds it’s the best time to take a look at what the best ways to stay secure are. 

If you'd like help on planning, implementing, and creating security policies contact our specialists at Network Center, Inc. today!

Contact Us Today! 

Topics: Technology Solutions, Network Security, Security, Protection

The Silence of Corruption

Posted by Jason Keller on May 16, 2014 4:00:00 PM

datacenterRacks of servers, a low drone of fan noise. A breeze of cool air on your face as you walk through the cold isle. Disks, shallowly clicking away like a synchronized ballet reliably serving data to hungry processors and memory subsystems to be processed. Network switches, carrying data out to waiting customers to enrich their lives.

Well, that's the dream at least. But this is your datacenter. Your network has terminal cancer (the DNS kind).Your internet connection is fifty megabits too small and your old groaning disk subsystems have all the grace and poise of a Call of Duty team death match. Sure, there are problems, but accounting won't budge until they feel some pain, some damage. Problem is, by the time they feel it, it'll be too late. As in, too late to save your company. Because a disk just failed in your SAN, and what you didn't know is that it wasn't the only one not feeling well.

It’s what you don’t know that can hurt you. How error detection and correction on disks actually works. First off, all modern storage subsystems utilize error correction code (ECC). You may notice that term from your server memory. And on that very label, you'll notice in the fine print it always says "corrects single bit errors, detects double bit errors". That should be your first clue as to how ECC works. An ECC can detect an error up to twice the hamming distance of what it can correct. So if it can correct 46 bytes in your 512 byte sector hard drive, it can detect up to 92 bytes of error. What isn't correctable, is reported to the controller as uncorrectable and the disk controller increments the "uncorrectable error" counter in S.M.A.R.T.

Guess what happens to any error larger than that? It isn't detected. It is passed straight up the stack to the controller as good data. Yes, you read that right. Go read it again. We'll wait for your jaw to come off the floor.

But surely RAID will catch it, right? Wrong. RAID actually depends on the disk ECC subsystem to detect errors and report them, so it can pull data from another disk or reconstruct it via parity depending on your RAID level. Take RAID 5 for instance, does it hit every disk in your array for every single read to compute parity and make sure nothing is amiss? Negative. RAID does not preserve the integrity of your data. It only addresses availability of your data, nothing more.

So what about the file system? Hate to burst your bubble, but the most ubiquitous file systems in use today (NTFS, HFS+, XFS, UFS, EXT) are woefully underprepared for data corruption, and don't have any mechanisms to verify the data they are getting from the subsystem is good. Some can check their metadata, but that's about it.

Ok, well, what about your backups? Hate to break it to you, but what good are your backups when you've been feeding them corrupt data? Garbage in, garbage out. So we all need to be buying expensive, higher quality disks right? Thank Google for busting that myth wide open, as they discovered essentially identical failure rates among drives in their huge populations.

So, to recap. We have big corruption on our disks that is invisible to ECC. RAID is useless rubble and doesn't do anything but pass it on, because it relies on the disk's ECC to tell it the data is good or bad. The transport, even if it arrives intact courtesy of its own ECC, is still corrupt! The file system is blind to corruption and passes it right up to the application, which freaks out and in all likelihood crashes immediately. Our backups, which everyone likes to knee-jerk about as being the gold standard, are useless as well because they've been fed bad data too.

This is all stemming from a huge, industry-wide attitude that data integrity is simply taken for granted. No one really cares whether you have good data or bad data. They just care about doing it as quickly as possible so they look good on their performance benchmarks.

storwize v7000.jpg resized 600First off, in the SAN camp, they've finally gotten their brains pointed in the right direction and implemented a little thing called T10 PI (SCSI DIF, expanding each 512 byte sector to 520 bytes to hold some additional tags and a 16 bit CRC-16-T10-DIF checksum). Checksums are far more sensitive to disturbances in the force, and can reliably detect single bit errors. They just can't do anything about it but cry like Chicken Little. This field is rigidly defined, including the hash, so that all devices in the path can independently verify it. Nice. But there are some downsides to this implementation.

CRC-16, while reliable, is expensive to calculate in software, and HBAs that don't implement it in hardware pass on quite a significant tax to the CPU. And to top it off, if you actually have something like Oracle's DIX implementation (so that the OS can verify the checksum as well) you'll be doing it twice, one for the HBA and one for the OS.

Another problem is, you need special disks, special firmware, special HBAs, special drivers, and kernel support to do all that all the way up the stack. Very few vendors today actually support it, and unless you get a significant chunk of that out of the way (say, to the HBA), you're still in significant danger.

Oh, and I'm not done throwing dirt on that either. Do you have any good mechanisms to pull all data on the array at an opportune time and compute its checksums to verify that it’s still good? Because if even one sector is corrupt on a disk and you lose another disk, if you only have one disk margin of safety you are once again in the dock, as now you have no way to rebuild that data. The best way to reliably know that a sector has been recorded successfully to media is to read it!

On the personal side, what's happening to your vacation pictures or pictures of your newborn child? Did I mention that SATA doesn't have SCSI DIF? And by the way, when they went to 4k sectors, and "enhanced ECC", guess what they did? They "doubled" it. As in, they blew up the sectors to eight times the size, while only doubling the size of the per-sector ECC. Did you catch that math? You now have 1/4 of the ECC you previously had. Have fun with that.

If you're still with me, you're one step closer to becoming a paranoid storage zealot. So, what are we to do to combat this growing epidemic? By using modern file systems designed from the ground up for data integrity. ZFS for instance. It hashes for integrity (optionally even using cryptographically strong hashes like SHA256), and can automatically heal data using known good replicas (because it knows what data blocks are good and bad by checksumming on each read/write). It can also do scrubs that can pull every block of data from every disk in its array and ensure it's all still good at opportune times on a periodic basis. There are loads of other hugely useful features of ZFS too, but those are beyond the scope of this blog post.

It's time to get serious about data integrity. Silent corruption isn't a myth. It happens to real people in the real world. I was personally burned by it three times before I started using ZFS. Now you have some options – it’s time to go use them and save your data, and quite possibly your whole company. Contact NetWork Center, Inc. if you have any questions.

Contact Us Today! 

Topics: Technology Solutions, NetWork Center Inc., Network Security, Data Backup

Security in Microsoft Dynamics CRM 2013 – How to Handle Exceptions

Posted by Sarah Jelinek on Mar 27, 2014 3:00:00 PM

If you have had the opportunity to work with the planning and implementation of security in CRM, you are aware that you can have a very simple to extremely complex security model. Security in CRM is always evolving. There are those records that are the exceptions to the security model. 

It can be a situation where we need to lock down who has privileges to records. There are also those records that require more users than normal to need access to them. Another exception is where there is no consistency to the people that need access to a record.

This article is the first is a series of three articles that will explore what options are available to handle those records that are exceptions to the rule. With CRM 2013 you can use the following:

  1. Share the record with users or teams

  2. Create a team, assign a security role to the team, and assign the record to the team

  3. Use Access Teams to grant users access to the record based on a template


Sharing

This feature is part of the basic CRM functionality and has been available in all versions. You can simply open a single record and click the command for sharing on the toolbar, ribbon or under More Commands (depending on which version of CRM you are using). You can add users or teams or both and the privileges (actions) they can perform on the record.

Here is the process for sharing a record in CRM 2013:

  1. Open the record you wish to share with other users

  2. Click the ellipsis ... (More Commands)

  3. Click Share1   More Commands & Share resized 600

  4. On the Share dialog, you will be able to see a list of any users or teams to whom this record has already been shared (if any)2  Share Dialog resized 600

  5. Under Common Tasks on the left, click Add User/Team

  6. On the Look Up Records dialog, a list of users will appear by default. If you wish to select a team instead, click on the Look For drop down and select Team

  7. Select a record by clicking the checkbox to the left of the record name. Click Select to add the current record to the list of Selected Records

  8. Once you have added all the users or teams, click Add on the Look Up Records dialog

  9. The User(s) and/or Team(s) will now appear in the Share dialog. For each user or team in the list, you will then be able to select the privileges they will be granted to this record

  10. Begin by selecting the user or team for whom you want to grant privileges

  11. Click the checkbox under the Privilege column to grant them the respective privilege3   User Share Privileges resized 600

  12. When you have given all the appropriate privileges, click Share. The users and/or teams will now have access to this record

Sharing in CRM gives you the ability to allow users to view those records to which they normally would not have access based on their security role. For those concerned about Security in CRM, Sharing can appear to be a significant risk. Here are some points to review when you are considering using Sharing in CRM:

  • In order for one user to share a record with another user, the user performing the share needs to have access to that record. 

  • The user that is performing the share also needs to have the Share privilege and appropriate access level in the Security Role(s) assigned to him/her.

  • The user or team that the record is being shared with must have a Security Role assigned to him/her that gives them access to the record. For example, I cannot share an Opportunity record with a user or team that does not have access to Opportunity records with their currently assigned Security Roles. They would need to have at least User access to Opportunities.

Our CRM experts at NetWork Center, Inc. can help you with planning and implementing your Security in CRM. Look for our next article where we feature using Teams in CRM as another option for handling Security Exceptions in Microsoft Dynamics CRM.


Contact NetWork Center, Inc.

Topics: NetWork Center Inc., Microsoft Dynamics CRM, Network Security

BYOD: The Wild West of WiFi

Posted by Jason Keller on Feb 24, 2014 5:05:00 PM

wifiHave you ever wondered why your wireless connectivity was so poor at your last meeting? Do you suffer from chronic connectivity problems at hotels? Has your own wireless become frustratingly unusable?

Welcome to the Wild West of WiFi. Everyone can play, no matter their skill level or impact to your sanity. All it takes is a single trip to Best Buy, a misguided store associate, and a lazy Saturday to bodge together a smoldering wreck that will ruin your weekend, anger your wife, and elicit howls of disgust from your teenagers. Or worse, your customers and coworkers will be at the receiving end of a similar lapse in judgment. Increasingly, I have been seeing more and more home-grade networking gear in environments that they were never designed for nor are capable of effectively operating in. If that wasn’t bad enough, many are so woefully misconfigured that it’s a wonder that the end stations even see the beacons. When it comes to wireless networking, you’re not just bringing your own devices - you’re building your own disaster. Instead of enhancing your services (and your company image), clients and employees alike are furious because of unstable, unusable connections. All hope is lost, and all your time and money sunk into it is for naught. The whole deployment becomes counterproductive.

wifiHow did it get there? Let’s think about it. First, home grade (or as they frequently like to call them “small business”) access points don’t generally handle more than a handful of clients, and usually within a closer radius. They’re built with cheap radios with insensitive receivers, often using lower gain antennas because they are designed to be standalone in radio-quiet environments in a small cell radius. The cheaper ones are 2.4GHz only, while the higher end ones are dual band 2.4GHz and 5GHz. Most are simply incapable of dealing with the growing chorus of additional access points and interference sources in their midst.

Enterprise grade wireless isn’t cheap for a reason. They’re built to blanket whole facilities, allowing you to roam freely while you remain connected seamlessly as you walk about the structure. Often they are built to function in multiple bands, identify and report interference sources, and have highly sensitive receivers coupled with equally powerful transmitters. They make tactical use of diversity and additional spatial streams to weed out interference and distortions while also boosting their transmission speeds. Wireless QoS for voice and streaming deployments, beam forming to further improve signal quality and range, and mesh uplink configurations for hard to reach areas - the list goes on and on. You have hundreds of reasons to go enterprise grade, and far more reasons to let the professionals spec and configure it.

wireless networkI’ve heard from several customers after a successful wireless deployment project that they never realized just how complicated it is, and just how much work goes into it. Proper channel spacing and access point overlap are critical to good roaming experience. Knowing when you need higher transmit power and when you need lower transmit power can make all the difference for your connection stability, creating a stable connection where others will randomly stall and drop. Spectrum planning is crucial for projects large and small, and knowing the regulations of each of the bands can give you a tactical advantage that will pay dividends for years to come. Identifying environmental interference sources can save you a lot of headache as well.

The most important part of wireless deployments is realizing that none of this exists in a vacuum. Everything you do impacts not only your system, but potentially others. Devices that you don’t think can interfere with wireless can, and often do. Microwaves, cordless headsets, bluetooth devices, cordless phones, radar, and above all, other WiFi access points.

Are you looking at deploying WiFi infrastructure for your organization? Don’t build a disaster.  Contact NetWork Center, Inc. and let the professionals help make your vision a reality.

Contact NetWork Center, Inc. 

 

 

Topics: Technology Solutions, NetWork Center Inc., Network Security, Mobility

How To Shop Securely Online

Posted by Tyler Voegele on Dec 13, 2013 5:00:00 PM

online shopping resized 600It's that time of year again. Snow, holiday music, family, and of course holiday shopping. If you're like me, maybe you do most of your shopping online because, let's face it, sometimes it's easier to buy online than wade through a crowd for an unknown amount of hours. One thing you may not give much thought about when shopping online is internet security. As we all start shopping and purchasing online we use a lot of our personal information to complete these transactions. Do you know if the site is secure? If your data is secure? Your identity? More people purchase online during the holidays than any other time of the year. This brings out all of the people who could exploit you or steal your data. It’s always important to use the best security practices when buying online.

I’ve outlined the top 10 ways to keep yourself secure for holiday shopping online.

1. Update Your PC, Laptop, or Device

Keeping your browser and anti-virus up to date, and making sure your Operating System has the latest patches should be first on your list. They keep you safe from possible malware and viruses that could infect your system.

2. Shop online with familiar retailers 

If you think that it might be suspicious then chances are it probably isn’t legitimate. A lot of companies like Target, Amazon, and many other retailers are recognizable and have online sites. If you aren’t sure about the validity of a site, use www.urlvoid.com or others like it to check. Also, here is a good article on identifying fake shopping sites.

3. Site Security

When you are shopping online make sure the site has HTTPS or a padlock when finalizing your transactions. If you don’t see those items in your browser's URL it probably is not safe to enter your information.

shopping security1 
4. Site privacy

Not only should you worry about what reputable companies do with your data, but you should also make sure they handle your data properly. You can look for a privacy policy and learn about whether the company will use your information in ways you don’t want shared. If a site shares your email address to other companies it could open your email up to get spam linked with malicious items.

5. Install a Phishing Filter and other helpful extensions to your choice browser

Using phishing filters and extensions can be useful tools to keep yourself safe online. If you save your passwords in your internet browser, you could download an application like LastPass. There are many extensions for each type of browser that assist with URL checking, credit card safety, password security, ad blocking, and others that can check your browser for exploits.

6. Password Complexity

We talk about this one all the time, but it should always be addressed. Make sure the passwords you use for your shopping sites are secure. If you have simple passwords then it’s much easier to obtain your information. While using passwords it’s also safest if you don’t automatically save them into your browser. Also, let’s all agree that writing your passwords on sticky notes is just a bad idea.

7. Mobile Shopping

Be extra careful when shopping from a mobile device. Sometimes using dedicated applications from businesses is more secure than using a mobile browser. If using an application make sure it’s legitimate because there are many created with malicious intent. One rule to always follow when using a mobile device to buy online is to never do it while connected to a public Wi-Fi. This allows the possibility of everyone seeing what you are doing.

8. Use your own devices

I think we all know this is pretty self-explanatory. Don’t use machines or other devices that you don’t own. Your information can be saved or even be tracked if using a public PC. Take the safe route and always do your shopping on your devices.

9. Watch out for scams

If it sounds too good to be true, it probably is. No business is going to randomly give free gifts online or have a 80% off sale. Be aware that email scams and deals will be all over, especially this time of year. They try to get you to enter personal information to obtain what they need. Even if you believe an email or site to be legitimate, always proceed with caution.

online shopping2 resized 60010. Be careful of what you use for payment.

Using debit cards and credit cards are one of the two biggest options when paying online, but which is better? Most of the time credit cards are the safest bet. Credit companies have policies for fraudulent charges if you happen to have your card stolen online.  

Make sure that you use these tools to have a safe and happy holiday season. The most important tool you will always have is a good dose of common sense. Shopping online is easy and convenient, and hopefully you can use what you’ve read to be confident that you are secure. The final step to any holiday season is to enjoy it!

Happy Holidays from all of us at Network Center, Inc.!

Topics: Technology Solutions, Network Security, Security

Getting Serious About IT Security

Posted by Tyler Voegele on Oct 25, 2013 5:15:00 PM

We can all agree that the Internet, PCs, mobile devices, servers, and other equipment are essential to everyday business, and without them we would not be able to complete our work. Also, everyone knows by now the impact and multitude of viruses, malware infections, and even hackers that can affect our businesses. It's no secret to how much money can be spent on these problems to try to properly resolve them, so why don't we give it as much attention as any other area? We need to be more proactive in our view towards security. More often than not, the only time we think about security is when it is already too late.

Let’s take a look at some statistics to make more sense of how breaches are effected today:

IT SecurityIT SecurityIT Securityhttp://www.verizonenterprise.com/DBIR/2013/

What are your biggest concerns with IT security? Preventing data loss? Preventing outages? Keeping security up-to-date? To better understand you have to determine where your valued assets lie or maybe you want to focus more on certain parts of your business structure. I like to think of security in three seperate layers. It may be an oversimplification, but it's easier to understand where you should focus time and energy when starting to get serious about security. One of the first road blocks many people come to find when beginning to secure the entirety of their network is where extactly to start.

1. External Network/Edge Devices
2. Core Network/Server Structure
3. Endpoint Devices/BYOD 

As I mentioned, this is a very broad view into your network, and at some point we have to look at cost of dealing with security breaches and spending money to be more secure. Let’s say you want to go with the top-down approach. It is a more comprehensive strategy towards IT security and is definetly not the only way it can be done. I’ve outlined some key steps that I think are very important and the components that are involved in each step.

1.       Create Security Policies and Procedures

This is by far one of the most important and hardest steps you will do. You should create an overall security policy document, BYOD security policy, and determine an action plan for an overall security audit, and also establish a risk management framework and determine the level of risk the business is willing to tolerate. After developing these policies you have to train the staff to adhere to them. Training staff is equally as important as sticking to a training schedule.These documents should always be continuously updated to make sure you can adapt to future security needs. After completeing documenation and an action plan you’ll be better equiped at knowing where to spend time, focus resources, and tackle the big projects. Preparation and adaptiveness are the keys to security success.

2.       Inventory Equipment and Data

Finding old, outdated, or decommissioned equipment and replacing or removing it is important to keeping vulnerability out of the business. Eleminating unnecessary or old data, starting to keep track of what you have, and whether or not it is secure is important to keeping data loss to a minimum. Creating an inventory of what equipment is in the network and asset tagging equipment helps logging and maintentence which is the last step.

3.       Fix Secuirty Holes and Update Equipement

Run tests to see where the security flaws in your network are. Having external auditors run tests both internally and externally is a good idea. Updating software, firmware, operating systems, and antivirus are usually a top priority. Applying security patches when needed and creating secure configurations throughout the network is also important. Create a maintenance window for all equipment and devices you've done, getting up to date. Protect your network against external and internal attacks. Manage the network perimeter of devices at all locations. Create filters for unwanted access both internally and externally.

 4.       Harden Network Security

You’ve probably already documented the policies for most of this step. They may include locking down the operating system and software you run. Creating Group Policies for workstations, servers, and users might also be part of  your policies and is also important. Locking down firewalls and other network equipment is probably one of the most important steps to hardening your security. Why? At least 92% of attacks originate from the external facing part of your network. Put in place policies to disable features that allow users to either remove, disable, or inhibit the functions of a firewall and virus protection suite. Managing user privileges, management processes, and limiting the number of privileged accounts is important. Preventing data loss by creating secure backups is a must to save you in case of critical failures.

 5.       Protecting Mobile Users and Endpoint Devices

Securing users that authenticate from the external world is a must. PCs and other media used to access internal resources need to be as secure as the servers themselves. Manage risks related to the use, processing, storage, and transmission of information or data. Data needs to be kept safe and made sure it is not lost or stolen. Apply a security baseline to all devices. Protect the data in transit as well as outside the network. Those who log into the business through mobile means must have guidelines and restrictions in place to prevent any possible data loss.

 6.       Stabilize and Monitor

Establishing a monitoring strategy is important to maintain support of the policies you’ve created and preventing further exploits that could arise. Continuously monitor the network and analyze logs for unusual activity that could indicate an attack. This is were having an IDS or IPS helps immensly. Without de-emphasizing prevention, focus on better and faster detection through a mix of people, processes, and technology. Tentatively monitoring users can be the difference between pinpointing malicious intent whether intentional or unintentional. Further educate the users of the business to keep policies in check and to make sure they are understood.

IT Security
There is no way to absolutely prevent everything from happening. We can only strengthen our ability to try and detect, prevent, and fix threats that can slip through our defenses. Attackers don’t rely on a single tactic to breach your defenses and neither should you. Remember, there is no “one-size fits all” strategy and many of the things I am suggesting are a great start to a security plan you can implement.

Keep an eye out for the next security blog posts defining more detailed approaches to the top-down approach I explained in this post.

Questions? Comments? We’d love to hear from you! Leave a comment or email us with your questions and we will gladly respond!

 Contact NetWork Center, Inc.

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security, Data Backup, Security, Security Technologies, Firewall

Better Endpoint Protection: Hardware Firewall Security

Posted by Tyler Voegele on Aug 26, 2013 11:15:00 AM

Every business needs a firewall or some form of protection from external threats. Firewalls can protect from external, malicious users, network infections, and packet flooding attacks from reaching the internal resources of your network. They can also prevent your users from connecting to things that may harm the network.

With all kinds of hardware security technology out there, it can be a little challenging to choose which device is right for you. When thinking about upgrading or strengthening your security at the Internet facing part of your network, there are several things to take into consideration.

Firewall TypesSecurity Technologies

There are three types of firewalls: stateless packet filtering, stateful packet filtering, and application-layer firewalls. Each of these provides filtering at different levels within a network. Packet filtering firewalls allow only packets to pass, which are allowed as per your firewall policy. Every packet has information contained inside, such as its source, destination, port ranges, etc. Each packet passing through is inspected and the firewall then decides to pass it or not. The packet filtering can be divided into two parts: stateless and stateful.

Stateless:

If the information about the passing packets is not remembered by the firewall, then this type of filtering is called stateless packet filtering. Every packet that passes through this type of firewall is handled on an individual basis by the set of rules that were set up manually. Previously forwarded packets belonging to a connection have no bearing on the filter’s decision to forward or drop the packet.

Stateful:

If the firewall remembers the information about the previously passed packets, then that type of filtering is stateful packet filtering. The packet filtering firewalls inspect these TCP or UDP packet streams to allow or deny them. Stateful packet filtering firewalls also monitor the state of a connection and gather the information about it. With this intelligence, the firewall can not only make decisions based on the defined rules but also make decisions from prior packets that have passed through it.


Application-Layer

Application-layer firewalls, or proxy-firewalls, do not just look at the packet data; they also look at the actual data that is being transported between the application-layer. They know how certain protocols work, such as HTTP and FTP.  Since they are application-aware and inspect the contents of the traffic, you are able to block specific content such as websites, viruses, or software. They can then look to see if the data that is in the packet is valid for specific protocols, and if it is not, it can be dropped.


Other ConsiderationsSecurity Technologies

The first thing to ask yourself when you are deciding on a firewall is what are you are trying to accomplish. Whether you want a firewall that handles stateful-packet inspection, or a firewall with extra features such as IDS and IPS built in, there are options for them all. You will want to clearly identify what is important to you and figure out where the bulk of your security needs lie. With so many different options for firewall technologies, there are also a lot of features to think about. Below are just a few features that are worth considering:

  • Monitoring and Reporting

  • Spam Filtering

  • High Availability

  • URL Screening

  • Anti-Virus

  • Bandwidth Sizing

  • Layered Security

  • Remote Connections

  • Physical Interfaces

  • Intrusion Detection

  • Intrusion Prevention

  • Web Caching

When you compare the costs of different firewalls, you also need to take into account any of the extra costs associated with the features that you will want to implement. If you choose a firewall with specific features and capabilities, there can sometimes be an extra fee in licensing.

If you're in the market for a new firewall, take some time to identify the needs you are looking for. Firewalls are still one of the best ways to protect yourself from any threats to your network, and with so many options you can do almost anything. If you have any questions or want to know more about firewall security, please contact NetWork Center, Inc. 

Contact NetWork Center, Inc.

Topics: NetWork Center Inc., Network Security, Security, Protection, Security Technologies, Firewall, Filtering

Your Unknown Vulnerability: Password Security

Posted by Tyler Voegele on Apr 5, 2013 5:00:00 PM

common security mistakes password resized 600In today's heavily based world of online activity one often overlooks the fact that the vulnerability of your business and personal IT security lies in the strength or weakness of your password. Many of you may have heard about the online services such as LinkedIn, Last.fm, eHarmony, Yahoo! and Evernote having their password databases compromised. Often we think too little too late when it comes to our passwords. Sometimes we assume things are secure just the way they are. We often underestimate the importance strong passwords can have on our corporate infrastructure and our personal lives.

Many of us are still using very simple and easy to guess passwords. According to a list compiled from Antivirus and other IT security companies users still need a lot of work when it comes to their passwords. Here is a brief top 10 most used passwords in our corporate and personal digital lives.

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. Password1
  7. letmein
  8. Password01
  9. 111111
  10. welcome


Reading that list often makes most IT and business professionals chuckle at the thought of our companies’ users even using such passwords, but it can be a problem.

Let's jump right in and talk about the four key things that you should follow to make up great passwords. Some of this may be common sense, but implementing sensibility with these key components is a must.

1) Length

I'm sure it comes to no surprise the length of your password is a big factor in how secure it will be. The length of your password can significantly increase the time it takes to crack it. Adding just one to two characters in your password can be the difference in adding 4 months to 10 years of its ability to be cracked. Realistically, you should have a minimum of eight characters.

2) Complexity

It is a good practice to include a variety of characters such as letters, punctuation, symbols, and numbers. You should also try to avoid common dictionary words as they are much easier to attain by attackers. Combine upper and lower case letters, but try to focus on incorporating a combination of any non-letters. However, be aware that password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."

3) Variation

To keep strong passwords effective, change them often. Encourage or require employees to change passwords every 30 to 90 days. By the time a hacker gets a chance at your secure password it will already be outdated.

4) Variety

Don't use the same password for everything. If you start using similar or the same passwords it makes it much easier for someone to gain access. Be aware of your personal accounts and what passwords are used for which services. If you use the same password for a site that was compromised you should be changing all of the same passwords for other sites as well.

Password Security resized 600

I'm sure we all have not followed at least one category of the top four. Although you know the basics and what makes a strong password, what can make it easier for you to adhere to these best practices? You don't always want to remember 10 character, scrambled passwords that you will forget the next day. That's where the password managers come into play. LastPass, 1Password and Roboform are all great password managing tools. Personally, I use LastPass and use it across my browser as well as a stand-alone application. For a more detailed review of password managers, give this article a read, "Best Password Managers Top 4 Reviewed."

Remember, one of the most important parts of keeping you secure is having a secure password. Use this guide and you will feel better about the security of your business and personal life.

Want to check out how your password stacks up? Check out the following links for a little tool to give you an idea about your password’s strength!

GRC's Interactive Brute Force Password “Search Space” Calculator

The Password Meter

If you are interested in the latest security news, I suggest reading the following articles:

  • There was a large attack to Spamhaus recently (a company that monitors and stops major spamming operations) involving a complex DDoS attack on their network. Read full article.
  • With recent Java exploits on the rise, this article covers how many of us still are using vulnerable versions. Read full article.
  • Crackers don't waste the time to break individual accounts through a Web login, but focus efforts on obtaining databases that contain passwords. Read full article.

Please contact us if you have any questions regarding password security for your organization. 

Contact Us Today!

 

 

 

 

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security

Network Security: Your Business is Never Too Small for Attacks

Posted by Sean Todd on Apr 1, 2013 4:59:00 PM

network security preventionThere is a common misconception with many small businesses that the need to follow the same types of security protocols as enterprise environments isn’t necessary because they really aren’t a target of malicious activity due to their size. “Who would want to steal information from us, we only have 25 people”. Nothing could be further from the truth!

First, we define small business as any company having fewer than 500 employees, although this can vary based on the SBA Table of Small Business Size Standards.  For the purpose of this post I want to focus even smaller on those companies with fewer than 50 employees. In my experience these are the companies who tend to have the most issues with viruses and malware, and have the least amount of information gathering utilities to determine the overall health of their network, thus making them the most vulnerable.

Think about the repercussions if your proprietary data was leaked, or someone was able to obtain and exploit your companies’ financial information. The results could easily be enough to shut you down overnight. We need to start thinking about this just as we do our disaster recovery planning.

Here is a brief list of things at stake:

  1. Financial loss
  2. Lawsuits
  3. Reputation
  4. Market Share
  5. Your Business!

network security tipsSo, now that we’ve identified some the repercussions, let’s discuss how these things could happen. It doesn’t always take a targeted hacking attempt to exploit your network. Something as simple as an employee accessing an infected website could allow an attacker to automatically install malicious software that in turn, could send key information back to them.

Out of date software can also put your information at risk. Think Java for example. On several occasions over the last few months exploits have been identified within Java that would allow someone to remotely exploit their browser session without the need for a user name or password. Like the previous example this is internet based vulnerability; the key difference is that it’s out of date software that allows it to happen.

Another possibility would be unsecured remote access. Allowing remote access to your network without a VPN or other means of security opens you up to the potential for an unauthorized intruder to crack weak passwords and access your network along with all information that it contains.

computer securityWe’ve identified risks and dangers, so now we will talk about prevention. What should we do to maintain a high level of network security and protect our assets?

  1. Anti-Virus – We should always maintain up-to-date AV. We want to be sure we have the latest virus definitions applied at all times. Using centralized AV in larger environments is also beneficial because its gives a central point of distributing updates as well as centralized reporting so we can see the overall health of all clients.
  2. Web Filtering – By utilizing a web filter, we get the ability to block potentially malicious websites. The majority of infections we see come via the web, so this is very important. An added side benefit is selective blocking of websites for specific user groups. This means Facebook for those who need it for their job duties, and blocking it for those who don’t.
  3. Software Updates – Utilizing software titles such as WSUS and vCenter Protect gives us the ability to determine from one console the software versions on each machine as well as deploy updates to those who need it.
  4. Password Policies – Enforce strong passwords. Weak passwords are easy to crack, the longer and more complex passwords mean the tougher they are to crack. I would suggest a minimum of 8 characters including the need for numbers, capital letters, and symbols. Also, force regular password changes. Even though routine password changes can be considered a nuisance to many, it’s a necessity to ensure old routinely used passwords are flushed from the system.
  5. Remote Access Policies – At the very least allow remote connections ONLY via an encrypted method. Client VPN, SSLVPN, and Client Access Gateway are all methods of securing remote access. Without this, information can be obtained in transit.
  6. Education – Educating your employees on safe internet habits is one of the most effective things you can do. Network security starts with the end user.

This list is certainly not all-inclusive as there are many other things that contribute to network and information security. I encourage you to spend some time thinking about this topic and educate yourself on real world security risks. If you have any questions or thoughts on this topic please let us know.

Contact Us Today!

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security

Know Your Threats: Network Infections

Posted by Tyler Voegele on Jan 22, 2013 10:38:00 AM

computer worm threatsOne of the most common threats to any business network is a network infection due to virus or malware. Most do not cause many problems and are easily removed, but some can cause significant damage and downtime within your network. Today I will cover a new form of “worm” that made its way into the top ten most common infections of 2012.  

The difference between a worm and the more commonly known “Trojans” is a worm is spread through a network quickly and replicates itself on other machines. This worm goes by different aliases given by different security organizations.

Known Aliases:

  • W32/Autorun.worm.aaeh [McAfee]
  • W32.Changeup [Symantec]
  • Worm.Win32.VBNA.b [Kaspersky]
  • Win32/Vobfus.MD [Microsoft]
  • Trj/CI.A [Panda Software]
  • W32/VBNA-X [Sophos]
  • WORM_VOBFUS [Trend]
  • Win32/Pronny.xx [ESET-NOD32]

computer worm holeThis worm takes advantage of the Windows auto run feature. Windows auto run feature does exactly that; it enables media and devices to automatically launch programs by the use of command line from an autorun.inf  file usually stored in the root directory of the medium. This is the main exploit of the worm.

So now that you know a little bit about the origin, let’s talk about how the worm spreads if it were in your network environment.

  • It uses the auto run feature in Windows (autorun.inf files) to launch remotely.
  • It copies itself to open shares, hides the legitimate folders/files, and then imitates the same ones found in the share, creating executable files in their place.
  • Additional files are added to network shares with common names such as:
    • Porn.exe
    • Passwords.exe
    • Sexy.exe
    • Secret.exe
  • It continues to spread, when the network share is used, to other machines.

So now you are wondering, “What should I do if this does happen to me?” The simple and quickest answer is to contact your IT department or your technology solution provider. As a technology solution provider we handle these cases all the time and can quickly give answers our customers need when this happens. This is a serious infection and steps should be taken very quickly to quarantine the worm. Let’s cover a couple of quick steps.

  1. Identify the infected machines.computer virus

This is a very important first step to removing this type of worm, or any infection, completely. Anti-virus may not always help you find the infected machines, so it is up to you or the support team to find the traits listed above and take care of the machine. It is also very important you let everyone know they should not use network shares or removable media until the infection is safely removed. (Some anti-virus programs may warn infected machines that it is quarantining the autorun.inf file)

  1. Remove threats from the infected machines.

Now that you have quarantined the machines and users know about the threat it’s time to remove it. One of the first steps in this process is to download a malware removal program other than the anti-virus you may already have. I have found the free Malwarebytes tool works very well for this process. After running a scan on the infected machine you will need to show the extensions of the files and folders of the local system. You may also need to make hidden files visible to see the original content of your system. You want to remove any duplicate entries listed with executable extensions and the autorun.inf file. Once everything has been scanned or removed from of all infected machines you may need to do some cleanup.

  1. Restoring the original files back to normal.computer security

The final step in the process is to bring everything back to normal. Since this type of infection will hide all of the original content, you will need to manually change the attributes of the files. The quickest way of tackling this situation is by command prompt. The command: attrib –h –s –r “file path” /s /d  will automatically go through all files specified and unhide them (ex. attrib –h –s –r “D:/Share/*” /s /d). After you have finished with that, everything should be back in working order.


Hopefully you are not faced with this type of infection, but if you are, you will be better equipped to quickly handle the situation, and if need be, involve your technology solution provider. Remember this worm takes advantage of the users of your network. By learning and explaining to everyone how exactly this threat works, the more your organization can focus on day to day tasks and continue running proficiently.

For any further questions feel free to contact our team. Our job is to make yours easier.

Contact NetWork Center, Inc.

Topics: Technology Solutions, NetWork Center Inc., Network Security

Java Security Advisory - CVE-2013-0422

Posted by Sean Todd on Jan 14, 2013 1:05:00 PM

An exploit that has been identified in the Java 7 application allowing remote code execution to be run without end user intervention. This threat has been deemed severe by the U.S. Computer Emergency Readiness Team and it is recommended to either patch the software with yesterday’s release or disable Java all together. Should you have any questions please feel free to contact us.

This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.

The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible. 

A great Q and A article has been written by Brian Krebs titled What You Need to Know About the Java Exploit.

Topics: Technology Solutions, NetWork Center Inc., Network Security

Grade Your Network: How Does Your Network Stack Up

Posted by Kyle Riveland on Jan 4, 2013 11:00:00 AM

Network assessmentSince technology changes at an incredibly fast pace, we understand it’s not always easy to keep up when other daily tasks must take precedence. One of our services at Network Center, Inc. allows you to keep up with your important duties by allowing us to take the burden of finding technology that fits your network off your shoulders. We call this service a Network Assessment. We will come to your company, take an inventory of what hardware and software is in use, and make recommendations based off of the findings. This includes hardware equipment such as servers, switches, firewalls, printers, etc. We can certainly take a look at the software currently in use, or even the procedures in place that could benefit from a software package. Soon after the visit, you will have information on what technology could make your daily process smoother. 

vulnerability network assessmentMaybe you do not need new technology. Maybe you are wondering if your current network setup is vulnerable to intrusion. Network Center has you covered. We have another service called a Vulnerability Assessment. With the help of a scanning computer, we will put your network through a rigorous test. We have a series of questions that relate to your current procedures ranging from your backup solution, to your disaster recovery policy. We also take a look at share folders, Group Policy (if you use Windows Active Directory), as well as physical security (such as locking up your critical equipment). After all the data is gathered, we will send a report with the findings and recommendations on resolution.

If the firewall is your concern, we have an external Penetration Test (Pen Test). We use the same software from the Vulnerability Assessment, and point it at your firewall. We will be able to detect vulnerabilities of the firewall or any other servers that are visible by the internet at large. We also take a look at your e-mail server and your “footprint” on the internet. Upon completion of this test, a report is generated, and given to you with all the data gathered.

network assessment gradeSo which assessment do you need to grade your network? If you are simply looking for what hardware and software may be available that will help you improve your processes, then the Network Assessment is your best bet. If you have an audit coming up, the Vulnerability Assessment and/or the Penetration Test will get you ready. Regardless, Network Center will help you get the information you need.

Contact us to schedule your network assessment to grade your network and see how it stacks up. 

Request a Network Assessment

Topics: Technology Solutions, NetWork Center Inc., Network Security, Network Assessment

Why Antivirus May Not be Enough Anymore

Posted by Sean Todd on Dec 17, 2012 4:20:00 PM

Computer security threatsWe see the same scenario unfolding almost daily. An end user calling in describing what appears to be the latest round of viruses or malware infecting their machine bringing all productivity to a screeching halt. We explain the fact that it sounds as though they’ve become a victim and we’ll need to verify and clean and clean the machine if needed, but they can’t believe it as they have anti-virus and it’s up to date.  

Computer viruses exist for a number of reasons. It could be a corporation or country attempting cyber espionage, a disgruntled former employee seeking revenge against a former employer, or perhaps just someone looking for a quick thrill. The motives are endless which translates to a lot of viruses and malware. Symantec estimates that 403 million new variants of malware were created in 2010.

The sad reality is that Anti-Virus is merely a reactive technology only protecting you against what has already been discovered and analyzed by security professionals at any of the dozens of security firms around the globe. These professionals create vaccines much like a flu shot and then release software updates that protect your computer against these known threats. Even if one firm has a virus identified, it doesn’t mean they all do, so you may be protected against different threats based on the type of protection you have.

I’m by no means suggesting doing away with Anti-Virus. As a matter of fact, quite the opposite. Anti-Virus is a crucial tool in your bag of security tricks. What I would recommend is adding additional tools to your bag in order to better protect you and your end-users. Some of these include but are not limited to the following:

  1. Application Whitelisting – Much like Anti-virus prevents viruses from running based on its list, whitelisting only allows applications to run based on its list of allowed programs. If the application isn’t on the allowed list, it won’t be allowed to run.
  2. internet web filteringWeb Filters – The majority of infections of viruses and malware come from the internet. By filtering the allowed traffic you protect your ends users from visiting sites that are known to carry malicious code. In other words, if the filter detects a virus, it will block your users from seeing it. You are more likely to be infected by a legitimate website carrying malware than you are to be infected from one created by a hacker.
  3. Education – Educate your users on safe computer usage. In an age of computers you would think safe surfing would be second nature, but it’s surprising on the amount of infections we see daily that could have been prevented if users were educated on the impact of their computer habits.
  4. Policy – Create a company policy that holds end-users responsible should they choose to ignore safe internet usage. If they choose to purposefully ignore your company policies, they are a liability, and if they choose to adhere, they are an asset.  

computer securityThe seriousness of a virus outbreak shouldn’t be taken lightly. Sure, in some scenarios it may be something as little as a benign pop-up, but it could also be the demise of your business. Take Gauss for example. It has targeted machines in the Middle East and was used to spy on things such as financial transactions, emails, and passwords. Even though you may have identified an infection and run several utilities against it, you can never guarantee it is 100% clean. (RT, Published: 09 August, 2012)

To conclude, a multi-faceted approach is your best option. Relying on one method alone will not provide adequate protection against these threats leaving your end users vulnerable. Review your policies and educate your users before it’s too late.

Contact us if you would like us to review your security processes and procedures. 

Contact Us Today!

 

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security

5 Ways to Protect Your Network from Internal Attacks

Posted by Jeremy Hostrup on Nov 21, 2012 4:10:00 PM

network securitySecuring your network is an important part of any security plan. The majority of professionals focus their attention on securing their network from outside threats, which is an important piece to network security but internal threats sometimes get overlooked. However, the majority of all network attacks come from inside the network.

Those attacks could be someone plugging in an unauthorized access point, switch, computer, or someone trying to attack switches and routers. There are many ways to mitigate these threats but they occasionally get overlooked.

Here are five general guidelines that can be followed to secure your internal network with little work:

  1. Hard code all of your switch ports to access ports and assign them to a specific vlan. This way, if an unauthorized switch is plugged in, it cannot auto-negotiate a trunk to the other switch. The default setting on a Cisco switch is to auto-negotiate a trunk if another switch is plugged in. Setting the access ports to use spanning-tree portfast with bpduguard is another way to disable a port if a switch that sends bpdus is plugged in.
  2. Use port security on the switch ports to limit the number of mac addresses a single port can have. This will prevent someone from plugging a hub into a switch port. With port security, you can set the maximum number of mac addresses for the access ports. You can also specify what actions you want the switch to take if the access ports exceed the maximum number of mac addresses. The default action is to shut down the port.
  3. Put Access Control Lists (ACLs) on the management interfaces of switches and routers to only allow management from certain IP addresses. This way if someone installs a program like Putty on their computer, they would not be able to get the log in screen on routers and switches.
  4. Configure switches and routers to only use secure shell (ssh) so usernames and passwords are not transported in clear text. Telnet transports usernames and passwords in clear text so if someone had a traffic sniffer on their computer, it would be possible for them to capture the username and password.
  5. Disable switch ports that are not in use or assign them to an unassigned vlan so that if someone plugs into them, they can’t access your network.


network security piecesIf you want to get a little more involved, you could implement RADIUS for login authentication on the network equipment. This could be tied in with active directory and provides another level of security. This way, only users in a specific active directory group would have access to login into the network equipment.

You could also use RADIUS with the dot1x protocol to automatically assign a vlan to a switch port based on the user’s authentication to the RADIUS server. Using dot1x, you could also specify the vlan for users that don’t authenticate to the RADIUS server.

How much you invest in your network is dependent on your unique set of requirements. If you have spent thousands of dollars on your network, that investment could be compromised by an internal threat if you are not prepared.

network securityThere are different ways to protect a network from different threats depending on the risk involved. And there are many additional ways to secure your network but these are just a few to get you started. Feel free to contact us for a review of your network security. 

Contact Us Today!

 



Topics: Technology Solutions, NetWork Center Inc., Network Security

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all