Tag Archive for 2011

| November 3, 2011
2 comments

How Does Malware Spread?

The ZDNet Zero Day blog reports that Microsoft’s (MSFT) recently released Security Intelligence Report identified socially engineered malware (scareware pop-ups; blackhat search engine optimization attacks) enticing users into downloading and executing a malicious file as the most used malware propagation tactic.

ScarewareBased on a sample of 600 million systems worldwide, MSFT research ranks AutoRun USB infection as the second most used malware propagation tactic, according to Zero Day. Microsoft disabled AutoRun by default on Windows XP and Vista in February to prevent malware infections. The results, at least according to Microsoft, have indicated a significant decline in malware using AutoRun as a spreading mechanism.

The report also points out that zero-day flaws do not necessarily represent a driving force in the growth of malicious attacks or cybercrime in general according to the ZDNet blog. More propagation tactics:

  • User Interaction required – 44.8%
  • AuAuto-run malwaretoRun USB – 26%
  • AutoRun: Network – 17.2%
  • File Infector – 4.4%
  • Exploit: Update Long Available – 3.2%
  • Exploit: Update Available – 2.4%
  • Password Brute Force – 1.4%
  • Office Macros – 0.3%
  • Exploit: Zero Day – 0%

Zero Day points out that Microsoft is missing malware that spreads without user interaction, namely through the exploitation of client-side vulnerabilities in third-party software and browser plugins.  The MSFT report says attackers regularly exploit client-side Java. Java exploits were responsible for between one-third and one-half of all exploits observed in the four most recent quarters including:

rb-

I wrote about the problems with old versions of Java and JavaRa which can delete all the old unnecessary files java leaves on your hard drive everything Sun Oracle plugs some more holes in their app.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| November 1, 2011
Comments Off on Arbor Networks Adds 20 New Michigan Jobs

Arbor Networks Adds 20 New Michigan Jobs

Arbor Networks Adds 20 New Michigan JobsAnn Arbor.com reports that Information technology security firm Arbor Networks promises to add 20 new jobs to its Ann Arbor, Michigan R&D operations. In exchange, the Ann Arbor City Council unanimously agreed to give Arbor Networks a five-year abatement on $883,527 in real property improvements and $7.8 million in new personal property and equipment.

Aebor Networks logoThe tax break for the University of Michigan spin-off runs through Dec. 31, 2016. As part of the agreement, Arbor Networks will be required to add no less than 20 jobs by Dec. 31, 2013. The city’s administration recommended approval of the latest tax break, calling the attraction and retention of Arbor Networks’ operation consistent with the city’s economic growth objectives,

The digital information business is continually changing with new and faster technology and Arbor Networks needs new test equipment and digital equipment, with anticipation of 20 new employees resulting to this facility,” City Assessor David Petrak wrote in a memo to council members.

Ann Arbor SPARK logoPaul Krutko, president and CEO of the  economic development group Ann Arbor SPARK also supported the action in a statement; “Attracting and retaining Arbor Networks in the Ann Arbor region is reflective of Ann Arbor SPARK’s work to help IT businesses grow in the region.

Arbor Networks is a leading provider of network security and management solutions for next-generation data centers and carrier networks, including most of the world’s Internet service providers and many of the largest enterprise networks in use today. Arbor’s proven network security and management solutions help grow and protect customer networks, businesses and brands.

rb-

The Michigan techie jobs story keeps growing and maybe I was wrong about Arbor Networks abandoning Michigan.

The information technology security firm will receive a five-year abatement on $883,527 in real property improvements and $7.8 million in new personal property and equipment.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| October 25, 2011
One comment

Copier Security Best Practices

Copier Security Best PracticesMulti-function printers (MFP) can scan, copy, fax, and print. The lowly office copier can now send emails, host web-based administrative pages, and even tell you when the ink is low. While doing all that, MFPs can store image files on onboard hard drives, which can contain sensitive, personally identifiable information (PII). Compliance with standards/laws such as PCI-DSS, HIPAA, Sarbanes Oxley, state privacy laws, etc., may force MFPs to be secured.

MFP printer SecureState suggests some general questions to ask when trying to understand the criticality of these copier systems and to show some due diligence:

• Are these devices accessible on the network? If so, how is “Administrative” access controlled?
• How long are the image files retained on these systems?
• If the copier is compromised, can the attackers capture sensitive data?
• If a hard drive fails, does the replacement process follow the usual standard for securely destroying the disk?
• What are some of the services enabled on these devices? Is there an administrative website, SNMP client, or SMTP server? How about the accounts and passwords of the administrative websites; are they set to default accounts and passwords?

SecureState says If you answered “No” or “I don’t know” to these questions, some of the issues more than likely need to be addressed.

Just like any network appliance, MFPs and other print devices are small computers connected to the network that have memory, storage, processors, an operating system, and full-fledged web servers. These devices can hold sensitive information. Before that old printer is decommissioned, ensure the copier hard drive is securely wiped. If the existing device does not have advanced security options such as disk encryption or immediately overwriting data, the hard drive should be removed and securely wiped or destroyed separately before being decommissioned.

Recommended best practices

Recommended best practices for multi-function printers and copiers with disk drives:

  • Review vendor security configuration guides
  • Develop a standard configuration and check regularly
  • Enable immediate image to overwrite and schedule regular off-hours overwrite (DoD 3 pass)
  • Enable encryption (minimum 128-bit AES)
  • Use encryption and secure protocols such as IPSec, SSL, and SNMPv3 if network-enabled.
  • Regularly review copier vendor security bulletins.
  • Enable authentication and authorization (if possible, use network credentials)
  • Change admin password regularly
  • Enable audit log and review periodically
  • Treat network-enabled devices like any other computer on the network
  • Purchase a device that has an EAL2 Common Criteria certification

If the copier processes restricted data, it MUST have encryption and image overwrite. For devices that process restricted data but do not have the necessary security features:

  • Data destructionIf possible, buy the required security modules and enable the features.
  • If security features cannot be purchased or enabled, replace the copier as soon as appropriate and have the hard drive removed and destroyed.

By Copier Vendor

XeroxXerox—Newer Xerox (XRX) devices have security features that often need to be turned on. For more information, see the Xerox Information Security Guides.

RicohRicoh—Security options for Ricoh’s (7752) have to be purchased separately. For more information, see the Ricoh Common Security Features Guide (PDF).

CanonCanon—Security options for Canon (CAJ) devices must be purchased separately. For more information, see Canon Security Solutions for iR and iP Devices (PDF).

HP – All HP (HPQ) multi-function printers have hard drives.

  • HPThere is a disk-wipe utility for all MFPs.
  • This utility is not installed by default and must be downloaded from HP.COM. It is protected by an admin account and password.
  • The admin can configure the utility to do a printer disk wipe daily.
  • Some non-MFP HP printers may have hard drives. These printers will have an occupied EIO card (with a resident hard drive) in the slot next to the network card. Viewing the printer’s external case, this EIO card should be physically evident.
  • Third-party disk wipe utility cannot be used against HP MFP hard drives without removing the drive from the card, which is likely to damage the card and, possibly, the hard drive.
  • Non-MFPs with hard drives are rare and may be purchased for particular purposes.
  • Non-MFPs with hard drives and network connections can be remotely disk wiped. Non-MFPs with a hard drive but without a network connection need to be handled by HP.
  • The agreements should include a defective media retention provision for leased HP printers that permits the lessor to keep the hard drive before releasing the printer.
  • The WebJetAdmin tool, downloadable from HP.COM, can scan a network subnet and identify HP printers (and non-HP printers if the tool has an MIB for the non-HP printer).
rb-

Richard Nixon

All they focused on was the costs; they did not ask any of the due diligence questions pointed out in this post. They had no plans on wiping the HDDs on the 12 networked copy/scan/print Ricohs. It is pretty clear that all the info on the HDDs was bound for South America or else on the secondary market, as I wrote about here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| October 21, 2011
One comment

Michigan Adds Most Tech Jobs In US

Michigan added the highest number of technology-related jobs in 2010 according to TechAmerica. The state ranked 15th among cyberstates, employing over 155,000 tech industry workers. Cyberstates is a report by TechAmerica which quantifies the high-tech industry on a state-by-state basis in the U.S.. According to the report, Michigan added 2,700 tech workers last year.

Michigan now boasts 155,100 technology employees. The only other gainers were:

The study showed growth in varied sectors.

  • research and development and testing labs added 3,100 jobs.
  • Internet and software publishers added 900 jobs.
  • Computer systems and design-related services added 600 positions.

According to MLive organizations like Spectrum Health, Amway, GE Aviation and a variety of automotive components makers like Gentex and LG Chem led the tech job growth. National heavyweights reliant on tech workers including Ford Motor Company (F), General Motors (GM), Chrysler, Dow Chemicals (DOW), and Stryker (SYK) also have ramped up tech sector hiring.

Tech jobs key to Michigan economic future

Michigan U.S. Senator Debbie Stabenow, who joined TechAmerica for the announcement, said tech jobs play an important part in Michigan’s ongoing economic turnaround.

FordIt focuses on all the work we’ve been doing on advanced battery technologies, the research, and development into new clean energy alternatives and electric vehicles,” she said. ”The great news is we are developing and growing an industry that can cut across many different kinds of businesses … being a high-tech hub.

I think it’s significant to layer on this also that we are the number one state in new clean energy patents. In other words, new ideas being developed and being patented,” Ms. Stabenow said.

Representing about 1,000 member companies of all sizes from the public and commercial sectors of the economy, TechAmerica is an industry advocacy organization “dedicated to helping members’ top and bottom lines.”

rb-

I first noted the up-surge in Michigan tech jobs here. I have hired 6 new staff in the last six months, 3 of which were unemployed when I brought them on. So maybe there is something to their reports.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| October 18, 2011
One comment

Staff End Runs Security

When I am reclining in my Bach Seat, contemplating sharing tech services, my mind wanders to the consumerization of IT. The iPads have made an official beachhead and Skype has made it inside the perimeter. So I should not feel alone being concerned about security according to recent reports from Trend Micro and Cisco (CSCO).

employees bypass security roadblocks to engage in social networkingHelp Net Security reports that despite more workplaces regulating social networking site access, employees bypass security roadblocks to engage in social networking. The research by Trend Micro says that employees are finding ways around security roadblocks, making social networking a way of office life around the world. Trend Micro’s 2010 corporate end-user survey, found that globally, social networking at the workplace steadily rose from 19 percent in 2008 to 24 percent in 2010.

The survey also found that laptop users are much more likely than desktop users to visit social networking sites. Globally, social networking usage via laptops went up by 8 percent from 2008 to 2010. In the U.S., it increased by 10 percent In 2010, 29 percent of laptop users versus 18 percent of desktop users surveyed said they frequented these sites at work.

social networking is one of their organization's three greatest security risksThe survey also found that laptop users who can connect to the Internet outside of the company network are more likely to share confidential information via instant messenger, Webmail, and social media applications than those who are always connected to a company’s network.

A 2010 Cisco survey, which looked at the security impact of personal gadgets and social networking in the workplace, found that employees are consistently (Cisco’s words) finding ways around security policies. 68 percent of those surveyed by Cisco said that employees use unsupported social networking applications. Heavy use of unsupported collaboration, P2P, and cloud applications were also reported. More than half said social networking is one of their organization’s three greatest security risks. More than a third reported that their company lost data or experienced a breach because of employees using unsupported devices.

rb-

So why is Facebook such a problem for enterprises? For one, it is a huge time waster. Datacenter Knowledge reports that Facebook users spend a total of more than 16 billion minutes on social networking site Facebook per day. Facebook VP of Technical Operations Jonathan Heiliger stated that 3 billion photos are uploaded to Facebook each month and users view more than 1 million photos every second during a presentation at the Velocity 2010 conference

The more popular the social network, the more effective social networks become as malware distribution platforms. KOOBFACE, the “largest Web 2.0 botnet,” controls and commands compromised machines globally. This demonstrates the scale of the threat and emphasizes the need to educate users and implement strong policies.

Trend Micro says that trying to just prevent users from accessing social networks from work could potentially increase the risk to an organization as users look for ways around computer security possibly increasing the chance of exposure to security threats. The lesson, in Cisco’s view, is that you better find the technologies–and resources–to support personal devices and applications because they will be used regardless. “The best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use,” said Fred Kost, Cisco’s director of security solutions.

Call me old-school but it seems that employees have always learned to work within reasonable company boundaries. Another option for those organizations that need web 2.0 in the organization should take a look at Palo Alto Networks who have developed a firewall that can block the wasteful parts of social media and leave some parts of the web 2.0 app accessible.

Consumer technologies evolve faster than the IT department budget, and it could be a constant game of catch-up trying to accommodate the latest rogue gadgets and widgets. Ultimately, rogue IT use is not so much a failure of technology, but a failure of policy and policy enforcement.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »