You look tired. Can I get you something? A data breach maybe?

We spend so much time learning how software can attack a network, but there is a completely different element to hacking that many times goes ignored – humans.  The common criminal will never ask if he can hack, but you can bet he is looking for the best way to get in your network without be noticed.  The most obvious expectation of social engineering is to take advantage of untrained employees.  As an example, a new employee could be tricked into giving unauthorized information or non-observant over the phone or employees could be tricked into escalating security access.  But information technology employees are trained to avoid these types of trickery.  They have years of experience and real-life on-the-job scenarios that help them avoid these problems, right?  Think again.

portsec_aThere are different levels of training for IT staff to avoid security pitfalls, but what happens when well trained employees are manipulated?  The smartest technology in the world can still be dependent on a person acting under every day human nature.  The 2013 Neiman Marcus data breach exposed what almost every network security office in America deals with on a daily basis.  Security events were triggered to give security analysts a chance to catch the would-be criminals, but those events were overlooked by Neiman Marcus employees.  The security system logged over 60,000 ignored alerts.

Possibilities include these alerts being ignored because they came through the same channel as maintenance alerts.  The maintenance alerts, which normally create a large volume of false alarms, could have become white noise to many security employees.  Standards and policies should be constructed to direct staff through proper channels when securing data.  Guidelines should be very specifically defined so no questions arise during implementation.  Hackers with enough patience can trigger alerts on a regular basis to the point these types of alerts begin looking normal to security staff, in essence, become ignored to the human eye.  Careless implementation of security mitigation techniques can be as bad as having no protection at all.

Picture Credit:

http://www.euronews.com/2014/04/07/opisrael-strikes-again-anonymous-hacks-israeli-websites/

 

*Originally posted through the PortSec blogger.

Stop putting out the fire and plan for the future

It seems we are always putting out the fire in the IT security realm rather than planning ways to keep us safe from future problems.  This cannot be helped at times since alot of our job is getting down in the weeds, but taking a look at security on a national perspective may help since we can learn from each other’s experiences.

Reviewing hot topics across the nation can help narrow the focus on what should be your top security priority since time is limited.  Just like tracing the flu or any other virus, we can see what’s coming to our network by looking on a well defined national and sometimes even global perspective.

This article on Yahoo! Small Business gives three current topics that could affect everyone no matter the size of your company:

1)      Phishing

Something as simple as an email from IRS.gov can send employees into a panic.  Present day fake emails claiming to be an organization such as the IRS can be tricky to spot since they are so well designed.  Even links embedded within the emails can be tricky looking very similar to the real thing.  IRS.gov could be listed as irs.gov.ly… which the user may initially read as irs.gov thinking the link is valid.  Cross training the end user on the importance of investigating claims of the email through a non-electronic channel will significantly help your battle with similar issues.

2)      Malicious Political Attacks

If you operate in the private business market, you likely want to make a profit.  That’s capitalism, right?  In some parts of the world, that desire is treated as a sin which makes you an electronic target.  There is no way to convince some people that capitalism is good so you need to be prepared.  Document action steps to take if you are attacked.  Put them in a red binder sitting on your desk so you are ready to take action at a moment’s notice.

3)      Monetary Fraud Hackers

There is greed on the opposite end of the capitalism spectrum.  Hackers with the motivation to make money will go to any means possible to steal.  There should be multiple layers of security to protect your data and the days of antivirus solving all your problems are gone.  The method of closing all ports and opening only what is required to do business is more effective.  The other layers of security will vary based on how much your business wants to spend along with the confidentiality level of your data.

Don’t be caught off guard.  You are at risk even if you are a small office of less than 10 employees.

 

*Originally posted through the PortSec blogger.

Uncle Sam Could Be Watching You (through your webcam)

Remote webcam hacks happen to everyone else… not you.  At least that’s what most people think.  Various news stories and TV shows have made reference to web cam hacks and remote spying by hackers.  Even a school system in Pennsylvania, sued by students of the school, was accused of spying on students remotely through their school issued Apple Macs.  NSA (National Security Agency) is the talk of the internet these days as reports of their ability to remotely snoop has grown leaps and bounds.  Edward Snowden’s latest classified document release of The Intercept is no different.

According to Snowden, you are at risk of being watched through your computer webcam.  The NSA can take advantage of your webcam through an intercept feature named GUMFISH.  Not only does this mean your webcam can be hacked, but the feature can also use the webcam to take snapshots.  A separate plug in named CAPTIVATEDAUDIENCE can take advantage of the microphone recording any audio available through your computer’s microphone.

The only guarantee to avoid being recorded is extremely low tech.  Even software disabled video cameras have the ability to be started remotely so low tech tape is the only way to truly feel secure.  Use thick tape such as duct tape to cover the webcam.  Audio can also be enabled by software even if the microphone is muted.  The way around this involves inserting a dummy plug into the microphone, in effect, tricking the microphone to record dead air.

*Originally posted through the PortSec blogger.

To Android or not?

Reports of a possible iOS vulnerability released this month shows a flaw in design of the new iOS7 software.  As expected, the news stunned many of my iPhone addict friends who cannot believe their beloved OS would have a flaw.  The media attention garnered by this iOS problem is remarkable considering the low iOS market share of 15.5%.  According to the same Strategy Analytics estimate, almost 79% of the smartphone market is dominated by the Android operating system.  Don’t get me wrong – the iOS kernel problem is a big deal, but not in comparison.

portsec_aea

Try this Android vulnerability on for size.  A flaw in Android OS has been discovered that not only allows unauthorized remote access to a phone but may even allow rerouting of data while the phone is connected to a secure VPN.  That kind of a problem takes the word “breach” to a whole new level.  And remember how iOS only has 15.5% of the market with even less exposed to the iOS flaw.  This Android vulnerability is so wide spread that it could eat 15.5% of the Android market that are running either the Jelly Bean or Kit Kat flavors of the OS.

Face the facts.  No phone is perfect, but you have the power to protect your phone.  Your phone requires maintenance just like a personal computer.  The best you can do is get the latest operating system updates from your software vendor (Apple for iOS, Google for Android, or Microsoft for Windows Phone).  You should also avoid direct contact with viruses (your phone gets sick by being exposed to sickness) by using a remote email source like the Gmail app which scans emails before they download to your device.  And just like your mother told you, be smart when choosing who you play with (also known as the software you install).  Choosing an unknown app through the Play store can expose you much worse than the vulnerabilities you hear about in the media.

May your Android/iOS/Windows Phone live long and prosper.

*Apple Image Source: http://applesfera.com

*Originally posted through the PortSec blogger.

Lock the back door

Here is an easy tip to protect you from the majority of external computer security concerns.  Assuming you are using the Windows Operating System, you’ll want to FULLY enable your Windows software firewall. What do I mean by fully? I mean to enable the checkmark that says “”Don’t allow exceptions”.

Make sure you accomplish these preliminary steps before you do anything else. Ensure your Windows OS Software (eg. XP Pro) is up-to-date by visiting http://windowsupdate.microsoft.com/

It’s also recommended that you have antivirus software installed.

Windows 7 or 8

Follow these steps to enable your Windows firewall:

portsec_win7sec
Windows 7 or 8 Firewall Settings

1) go to start > control panel > windows firewall (assumes ‘view by’ in control panel is set to small icons)

2) click “Turn Windows Firewall On or Off”

3) click the “On (recommended)” radio button for all options

3) also ensure the “Don’t allow exceptions” checkmark is enabled

4) click the “Ok” button to exit firewall settings.

The firewall is now enabled.

Windows XP

Follow these steps to enable your Windows firewall:

1) go to start > control panel > security center > windows firewall

2) click the “On (recommended)” radio button

3) also check the “Don’t allow exceptions” checkmark

4) click the “Ok” button to exit firewall settings

The firewall is now enabled.

This change can cause problems with some programs that regularly connect to the internet such as Yahoo Messenger or AOL IM. But keep in mind that it does make you much more safe while using the internet.

 

*Originally posted through the PortSec blogger.