Convenience and Heartache All Wrapped Up in a Thumbdrive

Ever wonder how nice and handy it is to have a flash media device, such as a thumb drive.  How convenient it is to be able to take work home when there’s not enough time in the day, or use it to store temporary data to take with you on a business trip.  In all honesty, it’s so simple children in school use them daily to save work they’ve done up to a certain point.  But then, have you ever thought of the dangers associated with using a thumb drive, e.g. their size, there storage capacity, their lack of security.  The same dangers are the reasons why employees such as government or pharmaceuticals are banned from inserting them into their pc(s) at work. 

Truth of the matter is, these devices are simple and convenient to use, but the dangers associated with them should make anyone think twice about using them for work.  Thumb drives have come a long way since their invention, and what’s unnerving about these practical devices is their lack of security as it relates to physical and application protection. 

Due to their size, these devices are able to slip into a pants pocket, a purse, or be worn around a neck.  The problem associated with this, is the risk of the device being easily lost or stolen.  Once in the hands of a stranger, the next danger presents itself, the lack of encryption.  Most of the low end dollar devices do not come with any type of encryption or safety measures.  So what happens when one of these devices containing personal information is lost or stolen?  Well, the new founder of the device has easy access to all the information on the drive.  In a recent article, “A Maine-based company announced Thursday it fired an otherwise exemplary employee who downloaded medical data onto a jump drive and then lost the device while traveling between Salt Lake City, Denver and Washington, D.C.” Threatpost (January, 2013).  Luckily the personal information of the 6,000 recipients listed in the data caused no real threat.  However, the point is, these devices can cause damage when not properly secured.

If that doesn’t give a person enough to think about, here’s some more food for thought.  Since storage capabilities are in the gigabytes, taking work home is as common today as driving a car.  But what happens when a work file gets infected with a virus from a home pc without it being realized.  Then the file is transferred back to a work pc.  Far-fetched, maybe not as uncommon as one would think, and the result is an entire network becoming corrupted.

Lastly, because of their convenience and storage capacity, they create an internal threat.  Their simplicity alone provides employees the capability to download, store, and walk away with data that could have dire consequences to the company if it ever fell into the wrong hands.  The fact of the matter is, disgruntle employees may not even do it for the money, but for the satisfaction alone of harming the company.   

As one can see, thumb drives may be tiny, convenient and great to have.  But, if not protected, stored, and used properly they can cause irreparable damage.  So before you take it out of your pocket and plug it in, think about what you are doing.  Think about the risks and then think about the consequences.  Is it worth it?  

References:

Saita, A., (January 2013), ‘Terrific Employee’ Fired After Losing USB Drive Containing Medical Records.  Retrieved from http://threatpost.com/terrific-employee-fired-after-losing-usb-drive-containing-medical-records-011713/77422

 

Multiple Usernames and Passwords

Week 9 Blog

This week I wanted to take a minute and discuss a little about passwords and what some large companies are offering to help make it easier on users.  Keep in mind though, if it seems too good to be true, there are risks associated.

It seems like these days no matter what you do online, it somehow involves creating a user account followed up by creating a username / password.  Although this is a security practice that needs to take place, remembering different usernames and passwords for many different sites can become tedious.  Not to mention the aggravation associated with trying to get a password reset if the account gets locked out after so many failed attempts.  Because of the vast amount of websites requiring authentication, it’s no wonder many use the same username/ password for all their different accounts.

To help simplify matters and make it easier on users, many large companies are offering a service that allows a user to login into a certain site using the same credentials as what they use when accessing that same large company.  For instance, Yahoo allows a user to login with their Google credentials if they elect to.  Or some music sites allow users to login using their Facebook account credentials. 

Although this eases the burden for many users either trying to remember several username / passwords, or using the same one, there is a risk.  Because these credentials are linked to the various sites a user may visit, an attacker needs to only compromise one of the sites and retrieve the username /password, which would then give them access to all the other sites those credentials are linked to.  For instance, if a user’s Facebook account is compromised and their username/ password is obtained, all the sites associated with the account could then be compromised. 

In a day and age where attackers tend to go after large databases to obtain user’s credentials, this could be like inviting the lion to dinner.  With that said, most major companies like those hosting this type of service do have many protection levels to help secure an individual’s personal information, but remember; nothing is full proof.  It really boils down to confidence in the company and the risk the user is willing to take.  So before a leap of faith is taken and one clicks to jump on board, just stop, think about it first, and then use your best judgment.  It’s the least anyone should do when it comes to protecting their most important assets.

Tips for Security Spring Cleaning

Just as we change our batteries in our smoke detectors or cleaning out the old to make room for the new is a routine we usually associate with springtime, securing our devices should be a part of a that routine.  And even though we may be half-way through the summer, it’s not too late to start servicing those devices to help deter and protect our home assets.  Therefore, this week I’d like to provide a few tips on things that can/should be done, and springtime is a great way to remember.

1.      Online accounts are one of those things we seldom think about.  Many folks may shop online and are forced to create an account.  Problem is, they use it one time and the account remains out there for years.  Information can be gathered from these accounts which can lead to theft.  Protect yourself and delete these accounts.

2.      Check the subscription on your Anti-virus software.  Some folks may get it for free from their place of business, but for those that pay, now is a good time to check its expiration date.  Many don’t even realize they are unprotected.  Finding out after something happens is a lot worse than taking the few minutes to check and update accordingly.

3.      Password changes are a great way to protect you and your devices.  Many fail to change for fear of forgetting them.  But changing your password and making it difficult so it’s harder to crack should not only be done at this time of year, but at least semi-annually.  Since some use the same password for many accounts, all it takes it to have it cracked once and the doors open wide for other instances.

4.      Firmware updates are fixes for known bugs whether it is for a router, printer, or mobile device.  Downloading and installing firmware updates is a great way to plug the holes.  If the vendor is aware, you can bet the attackers are also.  Since vendors normally do not send out messages regarding firmware updates, this is the time to go out and check for them. 

5.      Protect your mobile devices.  Malware is on the incline for such devices.  Downloading free apps or apps from places other than, for instance: Google Play or the Apple Store is like leaving the front door open.  Take this time to look over the apps on your devices.   Delete what’s not needed.  Since many apps don’t go through a screening process if not downloaded from a reliable source like the Apple Store, it stands a bigger chance of containing bugs and even backdoors.

6.      Connecting to the Internet is as natural today as eating dessert.  Although it’s not thought of much, but this is also an excellent time to update the Wi-fi security.  Just like with accounts, changing the password to the router, hiding the service set identification (SSD), and installing updates will help provide another level of security.  This will reduce the risk of an attacker either gaining access to the network and your personal information or using it wrongfully for their gain.

7.      Lastly, create rescue disks or restore disks.  Nothing is worse than having an unknown virus that causes a hard system crash. Having a rescue disk or restore disk can expedite getting your machine back up and running.  Also, if not already done, consider buying an external hard drive and begin backing up your files.  If the need ever arises, you’ll be glad you did.  External hard drives have the capacity in which an entire operating system and files can be stored and will make it easier if or when you have to reload.

So as winter disappears, don’t forget to take a look at the few tips just provided.   Not only will it protect your devices, but even more importantly, it will protect you.  “The gadgets that connect to the Internet need a security spring cleaning to keep them free from viruses and other forms of malware” Poremba, Sue (2013).

 

Reference:

Sue Marquette Poremba, Tech News Daily Contributor (May 2013).  7 Security Spring Cleaning Tips. Retrieved from http://www.technewsdaily.com/17974-7-security-spring-cleaning-tips.html

Dealing with Cyber Threats

This week’s blog is aimed at threats and some of the things that should be done to help mitigate and rebound from an attack.

An attacker’s job is to penetrate networks and either gather data or cause havoc.  For them, it is their full time job.  But for those who are there to protect and defend may find their full time job is partly that plus a dozen other things.  “Unfortunately, defenders don’t have the luxury of spending their days focused on security. The reality is that most IT security teams are understaffed, hampered by static and disconnected security technologies and consumed with addressing compliance and regulatory issues and other business imperatives” Huger, A., Sourcefire (May 2013).  In order to help even the odds a little, defenders can do a number of things, but they can’t do it alone, and will require help from management.

First thing is to ensure up to date technology is put in place.  Too many times the focus of security is bestowed on key assets, but with the entourage of devices used these days, the technology must be able to encompass and protect against all of it, not just the cores.  Attackers don’t care if the security hole is with a server or a mobile device, to them; it’s just a way in.  Current technology whether it be hardware or software will comprise the tools necessary to cover all types of assets, and management must be willing to accept the cost to protect what’s most valuable.

Secondly, management and security personnel should perform a review of the processes in place and determine which ones could be automated.  Automation should be exercised to its fullest advantage as it can play a key role in reducing time, touch maintenance and allow for better utilization of resources, such as people; especially as manning becomes more limited.  Overall, automation will free up valuable time and allow administrators to cover tasks that they may have fallen to the wayside since higher priority tasks dominate.  Use of automation that can detect and enforce policies as needed, will help tremendously since threats and vulnerabilities are also changing at a rapid rate.  Additionally, having an Incidence Response Plan (IRP) readily available will help alleviate the threat if an attack does happen.  The old saying of “people don’t plan to fail, but fail to plan” holds true not just in the financial world but also the cyber world as well.  An IRP can help administrators act quickly and make decisions promptly allowing them to contain and remediate the damage.  Review of these policies and testing of the IRP should be done at least semi-annually but quarterly is best if time permits.

Lastly is training.  Training is what ties it all together.  People are the first line of defense, educating personnel on what to do will ensure each player knows their role, and when the time comes, will know exactly what to do.  If an orchestra wants to play music and sound well, you can bet they’re all playing to the same sheet of music.  Training also helps keep personnel aware of the latest threats in the cyber world and the fix actions which remediate them, “Organizations must be committed to keeping their staff highly trained on the current threat landscape” Huger, A., Sourcefire (May 2013).

To put it briefly, management must be willing to take the steps necessary to defend against threats, security must encompass all devices, not just the cores.  Automation should be utilized to help mitigate risk, reduce time, and increase productivity.  A sound IRP should be developed and exercised so the staff can act accordingly and remediate quickly.  Finally, training should not take a back seat as it is the foundation of safeguarding information.  A little pain today equals a lot of gain tomorrow.

 

References:

Huger, A., Sourcefire (May 2013).  The Need For Threat-Centric Security.  Retrieved from http://threatpost.com/the-need-for-threat-centric-security/100517

 

 

 

Protecting Your Home Network Assets

This week I wanted to talk a little bit about the mysterious box provided by Internet Service Providers (ISP’s) or store bought, which allow a home network to connect to the Internet.  Most don’t stop to think much about how they get to the Internet, or more importantly, how the mysterious box provides a connection.  In fact, most view the box, known as a router/modem combination, as nothing more than a plug and play device much like a CD ROM or flash drive.  Plug it in; turn it on and before you know it your surfing the net.  However, even though it really is that easy, the router/modem combination is eye candy for attackers and needs be secured.

Probably one of the most prevalent vulnerabilities associated with these devices is the default password.  In a research study by two individuals, they stated, “The first thing we [exploited] was the default passwords; we were able to see more than 1 million of them” (Mimoso, 2013).  When ISP’s send a customer a router/modem or install it during the initial setup, the router/modem combination is configured with a default username/password.  Many individuals aren’t even aware of this or if they are, they aren’t too concerned, and therefore it never gets changed.  After an attacker tracks down one of these devices, if the password hasn’t been changed, it’s relatively simple for them to login and take control.  Once logged in, they can perform a firmware upgrade which cannot be erased even if the router/modem is reset.  This allows them access to the device at any time.  In other words, they can utilize the device at will whenever they need it.  Once they have control of the device without the owner suspecting anything, it can be used for such things as: bank fraud, identity theft or could become part of a netbot system for Denial of Service Attacks.  Once the device is compromised the only fix is for the ISP to replace the device, which will also increase cost.  The researchers stated, “This not only creates avenues for malicious activity but also will likely leverage fees on consumers for getting replacement equipment” (Mimoso, 2013).

So bottom line is, be aware.  If your ISP provides your device or if you purchase one on your own, the first thing that needs to be done before connecting it and surfing the web is to change the default password.   Changing the password on your router/modem is no different than locking your front door.  Other things that can be done as well are: turning off the SSID broadcast, filtering/blocking addresses, and using static IP’s versus DHCP or limiting the number of devices that can connect to the network…just to name a few.  Don’t become one of the million statistics; don’t make it easy on the attacker.  The harder it is, the more likely it is he/she will move on to something more readily accessible.

 

Reference:

Mimoso, M. (April 2013).  Using Customer Premise Equipment to Take Over the Internet.  Retrieved from http://threatpost.com/using-customer-premise-equipment-take-over-internet-040113/77684

Importance of Automatic Updates for Windows

Importance of Automatic Updates for Windows

This week’s blog I wanted to talk a little bit about the importance of automatic updates for Windows systems.  Operating systems in general, inherently come with vulnerabilities which can be exploited.  Let’s face it, nothing is perfect and the code to an OS is no exception.  With the thousands of lines of code, there’s sure to be security issues.  For this reason, safeguards are put into place to help combat vulnerabilities as they are found and hopefully before they are exploited to the point where someone can use them to cause serious damage. 

Windows automatic updates can help secure your operating system by automatically loading and installing the required patch or patches needed to remove the vulnerability or at least mitigate it.  For example, “Nineteen privately reported vulnerabilities in Internet Explorer.  An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients.  Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically”, according to Security Tech Center (June, 2013).

 

From the example it should be clear of the importance of utilizing automatic updates.  The security update, MS13-047 was able to resolve 19 vulnerabilities that could potentially provide an attacker the opportunity and capability to take control of a system.  This control could lead to such things as identify theft, be used as a netbot for denial of service, or some other form of malicious intent.

Keep in mind though; some patches can cause other type of issues like certain programs not to work correctly.  For this reason, it should be stated that before installing patches, other than critical ones, the patch or patches should be reviewed to see if may cause any other types of complications.  

Bottom line is, whenever that little window pops up and states updates are available or installed and your computer needs to be restarted, don’t ignore it.  Stop and think of the 5 minutes it may take and reboot the system quickly as you’re able.  It’s a small task to do to protect your system, your network and even your identity.

 

Reference:

 

Microsoft Security Bulletin MS13-047 – Critical Cumulative Security Update for Internet Explorer (2838727), version 1.0, June 2013.  Retrieved from http://technet.microsoft.com/en-us/security/bulletin/MS13-047

VPN...Keeping Us Secure

Wk 4 Blog

This week’s blog may seem a little different, but when it pertains to information security it’s always important.  This week is going to discuss a little about Virtual Private Networks or VPN’s as its commonly known as.

With the ever increasing expansion of the Internet and global business, accessing data remotely has also increased.  Consequently, the risk associated with accessing sensitive data has therefore increased, and the potential for stealing the data has risen as well.  One solution to help with protecting the data from remote locations is the use of VPN’s.  VPN’s are a secure way to exchange data over the Internet between the user and the system they are connected to.  Because the data exchanged is encrypted through a virtual tunnel, it’s nearly impossible to penetrate the tunnel and steal the data.  Furthermore, even if the tunnel is somehow compromised, the data is still encrypted.

VPN’s are a must for business travelers or anyone who works remotely, especially those that are using a public Wi-Fi connection.  In most cases these types of people need to have the capability to download large amounts of data and therefore need to have the confidence and assurance of knowing the data is protected from point to point; VPN’s offer the right type of protection at an affordable cost.

Keep in mind, as stated earlier, VPN’s are nearly impossible to penetrate, but they are not 100%.  For instance, they can’t protect a user from downloading malicious malware, opening an e-mail with a virus attached, or clicking on a fraudulent link.  Therefore, use VPN’s as another layer of security, as part of a bundled security suite.  Just like anything else, common sense and thinking before clicking are always good habits to learn and practice. 

So the next time you head out on a business trip or need to download business data to one of your many devices, think of VPN.  It may be the one thing that protects traversing data between you and your businesses’ greatest asset, and keeps the bad people at bay.