Month: June 2005 | Bach Seat

Archive for June 15, 2005

RB | June 15, 2005

The Secret Life of Copiers

-Updated – 05-11-2007- Most digital copiers manufactured in the past five years have disk drives to reproduce documents. As a result, the seemingly harmless machines that are commonly used to spit out copies of sensitive information can retain the data being scanned.

Digital copier manufacturer Sharp issued a warning about photocopier vulnerabilities in conjunction with tax season. The company warned that it isn’t just people who make copies of their tax returns who are at risk.

A few years ago Sharp was among the first to offer a security kit for its machines. The security kit would encrypt and overwrite the images being scanned. Overwriting the data ensures it isn’t stored on the hard disks indefinitely.

In many cases, a central administrative or IT department monitors an entire fleet of copiers using each machine’s Internet Protocol (IP) address. What they forget is that, because the copiers are managed remotely, other people could get access to them. Firms can take action in several ways.

One option is to close IP ports. When a copier is being installed, the IT staff should close IP ports to ensure there is only one access point to the machine. Another option would be to use media access control (MAC) filtering. MAC filtering sets rules to accept commands only from specified MAC addresses such as the help desk, restricting outsiders.

The Secret Life of Copiers, CFO Magazine May 01, 2004

Last fall, reports began circulating that a large university in the Northeast had uncovered an illegal music-file-swapping service on campus. The music files were stored in a spot nobody would ever think to look: a copy machine. The students were actually transferring MP3s to and from a hard drive on a copier, The machine’s hard drive was designed to capture and store scanned documents. Apparently, a member of the school’s IT department stumbled on the plot after noticing a remarkable amount of traffic going to and from the networked copier.

While the technology for making copies has changed little in the past 50 years, most copiers are now full-blown IT devices, with network and E-mail server connectivity. employees typically have unfettered access to copiers — and thus any information stored on them. This makes copy machines perfect targets for hackers or, since the drives are usually removable, thieves.

Enterprise appliance security could prove to be of real importance in the new era of privacy (for example, the Health Insurance Portability and Accountability Act of 1996, or HIPAA) and document management (the Sarbanes-Oxley Act of 2002). That’s doubly true if a company uses copiers to scan sensitive personal documents such as medical records, birth certificates, or financial forms. Louis E. Slawetsky, president of Rochester, N.Y.-based research firm Industry Analysts Inc said, “People don’t think of copiers as a vulnerability … That’s a problem since they have hard drives and can store whatever has been copied for an indefinite period of time.”

This creates a potential security problem: customers have access to a machine connected to the bank’s network. mitigates the danger by placing the machine behind two firewalls and making the copier password-protected. Security consultants say potential buyers of new copiers should almost always look for machines with encryption or overwriting capabilities.

Hard-copy security is also an issue — you don’t want the wrong person picking up someone else’s copy job. Hence, experts advise prospective buyers to stick to machines that come with password protection. That way, says Larry Kovnat, systems security program manager for Xerox’s office group in Rochester, N.Y., “no one can inadvertently see documents or pick them up.”

Despite the improvements in copier-machine defenses, one security hole still has not been addressed: E-mail. Although copiers generally can keep track of who is E-mailing a document (through passwords), it is nigh impossible to put limits on what can be sent or where the E-mails can be sent. This could change, however, as copier hard drives and network connections become more sophisticated.

The Fed Single-Handedly Keeps Xerox And HP Alive (zerohedge.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2005, Copiers, Fax, HIPAA, MAC address, Photocopier, Printer, Risk, Security, Sharp, SOX, Xerox

RB | June 7, 2005

Comments Off

Anti-Spyware Best Practices

·Anti Spy-ware Best PracticesMake a spyware protection company policy. To protect your business’s best interests, anti-spyware protection should be required software on every computer.

Use more than one anti-spyware application

Regardless of what anti-spyware vendors claim, you almost always need more than one program to protect against a lot of adware and spyware. Experts say the best protection you can get is only probably around 70% using a combination of the two leading anti-spyware programs.

Use a centrally managed anti-spyware solution

Centrally managed software usually works best for companies with more than just a handful of computers. Spyware protection is no different. There are several vendors, such as Webroot and CA, which offer such software. If you have roughly 10 or more Microsoft (MSFT) Windows-based computers and want to save time, effort, and money in the long term, you should definitely consider this route.

Use a layered defense

The best defense against any information threat is a layered defense. You have a greater chance of defending against spyware if you use anti-spyware software combined with anti-virus software, personal firewalls, and host anomaly detection/intrusion prevention software. You can even help prevent infections at the network perimeter by utilizing spam and content filtering for inbound emails.

Lockdown your systems

A spyware defense that deserves separate mention is to configure Windows and Internet Explorer to be more secure. There are simple things you can do that will make a world of difference. For starters, make sure your systems are configured to be “hardened” from the elements. Roberta Bragg has written extensively on this topic at SearchWindowsSecurity.com. These hardening tricks are very easy to implement, and you can even push a lot of them out via Active Directory Group Policies.

Also, configure Internet Explorer (or whichever browser you use) to have pop-up blocker protection. This feature is built into most new browsers, and there are several well-known third-party applications for this. A good one for Internet Explorer is the free Google toolbar. It not only blocks most pop-up ads that harbor spyware, it also serves as a quick and convenient way to perform Google queries while browsing the Internet.

Use a more secure browser

Internet Explorer is a huge target for pop-ups, phishing, executable code, and other hacker vectors. If possible, use a more secure Web browser such as Firefox or Opera. These browsers likely have 99% or more of the functionality your users need with less hassle.

Install anti-spyware protection before new computers are deployed

Rather than installing spyware protection and cleaning utilities after you suspect infections, put it on systems before they’re deployed into the wild. For existing systems, simply install your favorite anti-spyware application such as Spybot Search and Destroy, Ad-Aware, or PestPatrol (or a combination of two or more). Let the software clean your systems and simply keep it running full-time in the background to act as a preventative layer to keep your systems protected.

Protect every Windows-based system on your network

Anti-spyware software is no longer just for workstations – it needs to be on servers, laptops, and any system running Windows – regardless of whether or not they are networked. Windows is the OS of choice for most spyware infections (at least for now) so make sure every single Windows-based system has protection.

Remote users might not be receiving updates

If you have remote users, remember that their systems may not be receiving the proper anti-spyware and other software updates.

Educate your users

User gullibility, ignorance, and carelessness are the main causes for infection. People clicking “yes” or “OK” in pop-up windows allowing software to be installed opens up the floodgates. Downloading and running seemingly innocuous programs doesn’t help the cause either. Educate your users on what to do and what not to do. Give them examples of what can happen when spyware infects a computer and how that relates to their everyday job functions. It’s amazing how much buy-in you can get using this technique.

Category: Uncategorized | Tags: 2005, Ad-Aware, Malware, Microsoft, MSFT, Security, Spybot – Search & Destroy, Spyware, Windows

RB | June 3, 2005

Comments Off

Network Security Layering

Most companies are prepared for threats to their networks from the outside world. However, security breaches from within the corporation often pose the biggest concern. In this post-Enron world of increased corporate governance, IT managers must deal with both technical and human challenges to meet their companies’ security requirements. New legislative mandates, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Graham-Leach-Bliley Act, also exist.

When considering securing a network, it’s essential to take a holistic approach, from the physical layer to the application layer. Thorough security policies, appropriate authentication mechanisms, and effective user education must complement the technologies implemented within the network.

The security-layering concept allows for variable-depth security. Variable-depth security occurs when each security level builds upon the capabilities of the layer below, resulting in more stringent security moving up through the layers. This can help protect organizations from security breaches that may come from within, as layering provides multiple measures of security controls.

The first security layer: VLANs

At the first layer, essential network compartmentalization and segmentation can be provided by virtual LANs. This allows various business functions to be contained and segmented into private LANs. Traffic from other VLAN segments is strictly controlled or prohibited. Several benefits may be derived from deploying VLANs for small to midsize businesses across the company’s multiple sites. These include the use of VLAN “tags.” VLAN tags allow traffic segregation into specific groups, such as finance, human resources, and engineering. It also prevents the separation of data without “leakage” between VLANs as a required element for security.

The second layer: Firewalls

The second layer of security can be achieved with perimeter defense and distributed firewall-filtering capabilities at strategic points within the network. The firewall layer allows the network to be further segmented into smaller areas, monitors it, and protects against harmful traffic from the public network. In addition, an authentication capability for incoming or outgoing users can be provided. The use of firewalls provides an extra layer of protection that’s useful for access control. The application of policy-based access allows the customization of access based on business needs. Using a distributed firewall approach affords the added benefit of scalability as enterprise needs evolve.

The third security layer: VPNs

Virtual private networks, which offer a finer detail of user access control and personalization, can be added as a third layer of security. VPNs offer fine-grain security down to the personal user level and enable secure access for remote sites and business partners. With VPNs, dedicated pipes aren’t required since the use of dynamic routing over secure tunnels over the Internet provides a highly secure, reliable, and scalable solution. VPNs with VLANs and firewalls allow the network administrator to limit access by a user or user group based on policy criteria and business needs. VPNs give more robust assurance of data integrity and confidentiality, and strong data encryption can be enacted at this layer to provide more security.

The fourth layer: Solid security practices

Best practices by the IT security team are yet another level in a layered network security strategy. This can be achieved by ensuring that operating systems are protected against known threats. (This can be accomplished by consulting with the operating system manufacturer to get the latest systems-hardening patches and procedures.) In addition, steps must be followed to ensure all installed software is virus-free.

Securing network management traffic is essential to ensuring the network. To protect HTTP traffic, it’s preferable to encrypt all management traffic at all times using the IPsec or Secure Sockets Layer protocol. Encryption is a must even if traffic travels on the local-area network.

Category: Uncategorized | Tags: 2005, Best practices, Encryption, Firewall, HIPAA, IPsec, LAN, RADIUS, Risk, Security, SNMP, SOX, SSL, VLAN, VPN

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Bach Seat