The popular idea of security is something a kin to the 1980‘s movie “War Games.” Many people imagine a lone hacker sitting in his bedroom trying to break into the pentagon from the Internet. For this reason, many people believe that if their anti-virus programs are up-to-date then there is a very small likelihood they would become a victim of such a crime. The actual reality is far from this popular idea.
The Cyber-Criminal Structure
Second quarter 2008 Finjan announced that the MCRC, or Malicious, Code Research Center, found cyber criminals were anything but loners. After some research, the MCRC found that the cyber-criminal hierarchy was structured much like the Mafia. The cyber-criminal hierarchy consists of crime bosses, under bosses, and capos. Each serving a specific function while creating a division of labor to protect all the criminals involved.
Crime bosses do not commit the crimes they are like business entrepreneurs. Under bosses are in charge of operations and tools. Capos operate beneath the under bosses with their own foot soldiers and campaign managers; leading attacks against their “affiliation networks”. Finally “resellers” sell the stolen information. Resellers do not know about stealing information; they keep track of replacement rules, such as reported stolen credit cards and company specific policies.
Credit cards and bank accounts, being commodities, are low priced on the underground black market. Currently high priced items include stolen healthcare information, single sign-on credentials, e-mail addresses and FTP accounts. PINs for credit cards and bank accounts at one time sold for as much as $100, but theses days are only selling for only around $10-$20 per item.
That’s Nice, But How Does It Effect Me?
Theses treats are becoming surprisingly simple for cyber-criminals to deploy. A recent and common occurrence is when employees decide to make an extra buck by planting malicious software. Every successful deployment of malware is another opportunity for revenue. Therefore the race is on. Cyber-criminals want to own as many computers as possible. They cleverly plant malware on popular sites. All the while knowing that only a handful of products are used to protect their victims; all of which they have acquired themselves and have taken apart to find holes to circumvent security their victims machines.
So imagine if you would; a company with the resources of Microsoft, but their sole purpose is to gain information and to take control of machines. For a long time it appeared that enterprise companies and the government were the main targets, but now SMBs (small to medium businesses) are an even bigger target.
SMBs represent a large population, many of which handle sensitive information such as Social Security Numbers and/or Credit Information. They have limited IT staff and what staff they have are not specialist in the area of security. Their user population is often naive to the danger of online attacks and they rely heavily on anti-virus/anti-spyware as their only means of defense. Once infected they would have little idea that their computer slow downs were data breeches. To make things worse, if a breech was discovered it would hardly be front page news, therefore other SMBs would not be notified of this alarming trend.
So What To Do?
The mantra of security is layering. Layer your security. If one layer falters another is should be there to catch the fallout. Most important is visibility. With layered security and no visibility you have no defense (image a prison with no guards). You must have eyes on the network. Another important tool against cyber-crime is intrusion detection. An intrusion detection system (IDS), or Intrusion Prevention System (IPS), that works beyond just signatures and URLs is an absolute necessity.
An effective IPS can be difficult to find and must be tested and retested over time. These devices may be your only way of verifying that sensitive information is leaving the network and if hosts are compromised. Another important tool is having a vulnerability scan done on a regular basis. These scans look for signs of compromise and for possible holes to be exploited by malware or malicious users. It would be nice to say, “call Network Strategies;” but even if you don’t call Network Strategies please call a qualified security provider.
Scott Brumley
CEO
Network Strategies, Inc
http://www.nsisecure.com
Wednesday, October 7, 2009
Friday, September 25, 2009
SANS Top Security Threats
The SANS institute is reporting that the highest risks for data security breeches comes from not properly patching programs. The leading culprits are Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. The second on the list was web facing websites. Sixty percent of the websites being observed are getting compromised. And this is without a low estimate considering a large number of organizations are not monitoring their systems.
In this day and age web browsers are built with more functionality which creates an opportunity for more and more breeches. Now it is not even necessary to execute or download a program to get infected. Simply visiting a website can compromise your system and all the systems connected to it.
http://www.sans.org/top-cyber-security-risks/
In this day and age web browsers are built with more functionality which creates an opportunity for more and more breeches. Now it is not even necessary to execute or download a program to get infected. Simply visiting a website can compromise your system and all the systems connected to it.
http://www.sans.org/top-cyber-security-risks/
Friday, August 14, 2009
Cost Savings and Security Through Wireless
I recently wrote this article for an Association that we belong to and figured it might be good to put it here as well. Enjoy!
Wireless, or to be more specific unlicensed ISM band wireless networks, has been all the rage for the last 10 years. Terms such as WiFi, 802.11, and hotspots are not new to the mainstream media. When these wireless networks began making their debut back in the 1990’s, they were touted as the solution to untethered networks. This was technically correct, but the ratification of IEEE 802.11 created a security hole in the technology. Ever since, the security of wireless technology has been in question making institutions hesitant to deploy them.
Now more than 10 years later, wireless vendors have made wireless more secure and more cost effective than wired networks. Now wireless is being used to replace wired network devices and in some cases it is even replacing frame-relay. In the process, wireless has created a more cost effective and a more fault tolerant solution. Several institutions, with a number of remote sites, have been able to save money and pay back their initial investment (in some cases within 18 months). The really exciting part is that a handful of wireless vendors have secured the wireless so thoroughly that the wireless security bests most wired networks.
Most wired networks do not require user authentication (username and password) to connect, therefore anyone that can connect can have their way with your network. When user authentication is required, access can be controlled by the users' permissions. Some of these wireless devices will even allow you to extend user authentication to your existing wired network as well.
When evaluating wireless technology, five important requirements come to mind. First, an integrated system is important. It is difficult to secure and manage a system that has multiple products that are not integrated (having the same vendors logo on all the devices does not count). Secondly, an identity-based system is vital to security. A system that can separate guests, employees, and vendors while meeting compliance standards is paramount.
Third, wireless should provide application continuity for reliable operation and convergence. Fourth, centralized management is required to make configuring, monitoring, and troubleshooting easy and effective. Centralized management keeps sensitive information, such as WEP keys, out of an easily stolen wireless device. Last, but not least; one should consider flexibility and scalability. A wireless system should fit easily into your existing structure, should avoid excessive upgrades, and should avoid network redesigns.
Scott Brumley
CEO
Network Strategies, Inc.
Wireless, or to be more specific unlicensed ISM band wireless networks, has been all the rage for the last 10 years. Terms such as WiFi, 802.11, and hotspots are not new to the mainstream media. When these wireless networks began making their debut back in the 1990’s, they were touted as the solution to untethered networks. This was technically correct, but the ratification of IEEE 802.11 created a security hole in the technology. Ever since, the security of wireless technology has been in question making institutions hesitant to deploy them.
Now more than 10 years later, wireless vendors have made wireless more secure and more cost effective than wired networks. Now wireless is being used to replace wired network devices and in some cases it is even replacing frame-relay. In the process, wireless has created a more cost effective and a more fault tolerant solution. Several institutions, with a number of remote sites, have been able to save money and pay back their initial investment (in some cases within 18 months). The really exciting part is that a handful of wireless vendors have secured the wireless so thoroughly that the wireless security bests most wired networks.
Most wired networks do not require user authentication (username and password) to connect, therefore anyone that can connect can have their way with your network. When user authentication is required, access can be controlled by the users' permissions. Some of these wireless devices will even allow you to extend user authentication to your existing wired network as well.
When evaluating wireless technology, five important requirements come to mind. First, an integrated system is important. It is difficult to secure and manage a system that has multiple products that are not integrated (having the same vendors logo on all the devices does not count). Secondly, an identity-based system is vital to security. A system that can separate guests, employees, and vendors while meeting compliance standards is paramount.
Third, wireless should provide application continuity for reliable operation and convergence. Fourth, centralized management is required to make configuring, monitoring, and troubleshooting easy and effective. Centralized management keeps sensitive information, such as WEP keys, out of an easily stolen wireless device. Last, but not least; one should consider flexibility and scalability. A wireless system should fit easily into your existing structure, should avoid excessive upgrades, and should avoid network redesigns.
Scott Brumley
CEO
Network Strategies, Inc.
Sunday, August 2, 2009
802.11n vs. Switch Networking
For years the wireless pipe dream has been alive, but unrealized. Replace your cable plant with wireless and save millions. There were three major drawbacks to this idea:
1) Wireless was not secure
2) Wireless was slow
3) Wireless had poor management
With the ratification of the 802.11n, the pipe dream has become a reality. Many large enterprise clients have upgraded and are saving.
With the Aruba wireless system we have found that wireless is now:
1) More secure than most wired networks
2) Is just as fast as wired networks to the access layer (10 GB might be the wired replacement limit)
3) And with the integrated Aruba controller, it is now easy to manage
But there are a few extras that you also get with the Aruba system.
4) It is a Green technology
5) It will authenticate users (doing away with insecure WEP/WPA keys)
6) It will authorize users (Users can be authenticated to the network hardware right out of the box)
7) It will provide accounting for users (Can account for what your users are doing to your network)
8) With the Aruba solution you can also manage other vendors devices (including Cisco Wireless)
9) Can manage network load and can balance it
10) Can provide true redundancy for the clients
11) Can manages interference with neighboring wireless
12) Comes with an integrated firewall
13) Comes with an integrated IDS (Intrusion Detection System)
14) Comes with a built-in guest portal (keeping visitors off secure networks while allowing them to browser the web. And even better it can work on you wired ports too)
15) Best of all is the ROI. It saves money!
Now if you remember many other wireless vendors claimed to be able to do this as well. Take Cisco for instance. To meet the integrated solution one Aruba controller provides, Cisco requires at least 5 Cisco 6500 Catalyst switches ($$$) and a list of security and management devices. To add insult to injury while using them our technicians found that the Cisco solution was far from integrated. You have to login to many different devices to see your network activity.
1) Wireless was not secure
2) Wireless was slow
3) Wireless had poor management
With the ratification of the 802.11n, the pipe dream has become a reality. Many large enterprise clients have upgraded and are saving.
With the Aruba wireless system we have found that wireless is now:
1) More secure than most wired networks
2) Is just as fast as wired networks to the access layer (10 GB might be the wired replacement limit)
3) And with the integrated Aruba controller, it is now easy to manage
But there are a few extras that you also get with the Aruba system.
4) It is a Green technology
5) It will authenticate users (doing away with insecure WEP/WPA keys)
6) It will authorize users (Users can be authenticated to the network hardware right out of the box)
7) It will provide accounting for users (Can account for what your users are doing to your network)
8) With the Aruba solution you can also manage other vendors devices (including Cisco Wireless)
9) Can manage network load and can balance it
10) Can provide true redundancy for the clients
11) Can manages interference with neighboring wireless
12) Comes with an integrated firewall
13) Comes with an integrated IDS (Intrusion Detection System)
14) Comes with a built-in guest portal (keeping visitors off secure networks while allowing them to browser the web. And even better it can work on you wired ports too)
15) Best of all is the ROI. It saves money!
Now if you remember many other wireless vendors claimed to be able to do this as well. Take Cisco for instance. To meet the integrated solution one Aruba controller provides, Cisco requires at least 5 Cisco 6500 Catalyst switches ($$$) and a list of security and management devices. To add insult to injury while using them our technicians found that the Cisco solution was far from integrated. You have to login to many different devices to see your network activity.
Thursday, July 16, 2009
Why would we be a Cyber Victim?
Cisco Systems recently performed a study that showed cyber-crime is on an upswing during these tough economic times. Inside jobs are becoming more common as employees are infecting systems to make ends meet. One man recently sold off 10,000 bot nets to pay for his sick child. He said that one of his friends made $5,000 to $10,000 per week deploying bot nets for phishing attacks.
Very little technical knowledge is need to exploit a system. A person can got to a fraud subscription service to find bugs to plant and get paid.
Reference - Cyber-Criminals and the Struggling Economy
Very little technical knowledge is need to exploit a system. A person can got to a fraud subscription service to find bugs to plant and get paid.
Reference - Cyber-Criminals and the Struggling Economy
Patching Operating Systems is Not Enough
In the shadow of Microsoft's latest security hole, it becomes painfully clear that vendors patches alone will not insure a safe work place.
Again these attacks are using web browsers as the delivery mechanism.
http://www.channelinsider.com/c/a/Security/Microsoft-Office-Users-Attacked-by-Cybercriminals-305650/?kc=CITCIEMNL07162009STR3
Again these attacks are using web browsers as the delivery mechanism.
http://www.channelinsider.com/c/a/Security/Microsoft-Office-Users-Attacked-by-Cybercriminals-305650/?kc=CITCIEMNL07162009STR3
Wednesday, May 6, 2009
I Have Anti-Virus and a Firewall So We Are Covered
Currently health care providers are being targeted for attacks. One of the latest victims is Virginia Health Professionals. This incident only highlights the under lying problem in health care security, where providers are often operating under a false sense of security. In our research the premise is consistent, "I have a firewall and anti-virus, so we are covered."
Most of the attack mitigation sites that Network Strategies has been involved in for the last 3 years were sites with firewall and anti-virus. Several times anti-virus packages as popular as Symantec had been infiltrated, without any ones knowledge. In many cases, anti-virus updates systems or operating system update systems were actually being used to spread malware.
By far the biggest hole in network security is blind trust in one or two security measures. A second is that security counter measures are often deployed then forgotten. Best Practice in Network Security requires a layered plan that is consistently monitored and maintained.
1) Are Service Packs and Service Releases up-to-date? Are you certain of it?
2) Are any update services (anti-virus and operating system) compromised and reporting falsely that the system is up-to-date?
3) Are you able to detect anomalies outside of your anti-virus and firewalls?
4) Are you able to detect when network conditions change suspiciously?
- Network Performance De gradates
- All workstations started accessing a known malware site at the same time
- Workstations that only use web browsers start sending files to FTP servers
- Servers or workstations suddenly have new services or users on them
5) Do you have accountability for systems that touch health care information?
- Network Devices
- Databases
- File Storage
The age of script kiddie is past. A new age has dawned where the bad guys have the upper hand. They have more resources than their victims. This makes it vital to layer security and to consistently double check it. It is important to keep in mind that many bad guys also buy that Symantec (insert popular anti-virus here) anti-virus or that Cisco (insert popular firewall name here) firewall. But instead of using it to protect their networks they are reverse engineering them to improve the stealth and effectiveness of their attacks.
One recent article in a popular trade rag spelled it out plainly. Bad guys get paid based on the same criteria that should be used in defending networks known as CIA, Confidentiality, Integrity, Reliability. Their systems must be reliable to maximize profits and the integrity of their data should be maintained to maximize profit. These means they need to deploy large amounts of malware. That malware must be reliable. That malware must be invisible.
Most of the attack mitigation sites that Network Strategies has been involved in for the last 3 years were sites with firewall and anti-virus. Several times anti-virus packages as popular as Symantec had been infiltrated, without any ones knowledge. In many cases, anti-virus updates systems or operating system update systems were actually being used to spread malware.
By far the biggest hole in network security is blind trust in one or two security measures. A second is that security counter measures are often deployed then forgotten. Best Practice in Network Security requires a layered plan that is consistently monitored and maintained.
1) Are Service Packs and Service Releases up-to-date? Are you certain of it?
2) Are any update services (anti-virus and operating system) compromised and reporting falsely that the system is up-to-date?
3) Are you able to detect anomalies outside of your anti-virus and firewalls?
4) Are you able to detect when network conditions change suspiciously?
- Network Performance De gradates
- All workstations started accessing a known malware site at the same time
- Workstations that only use web browsers start sending files to FTP servers
- Servers or workstations suddenly have new services or users on them
5) Do you have accountability for systems that touch health care information?
- Network Devices
- Databases
- File Storage
The age of script kiddie is past. A new age has dawned where the bad guys have the upper hand. They have more resources than their victims. This makes it vital to layer security and to consistently double check it. It is important to keep in mind that many bad guys also buy that Symantec (insert popular anti-virus here) anti-virus or that Cisco (insert popular firewall name here) firewall. But instead of using it to protect their networks they are reverse engineering them to improve the stealth and effectiveness of their attacks.
One recent article in a popular trade rag spelled it out plainly. Bad guys get paid based on the same criteria that should be used in defending networks known as CIA, Confidentiality, Integrity, Reliability. Their systems must be reliable to maximize profits and the integrity of their data should be maintained to maximize profit. These means they need to deploy large amounts of malware. That malware must be reliable. That malware must be invisible.
Subscribe to:
Posts (Atom)
