Tag Archive for Security

| November 10, 2011
Comments Off on Tablet Security Tips

Tablet Security Tips

Tablet Security Tips ICSA Labs, an independent division of Verizon has provided third-party testing and certification of security products since 1989. They suggest a series of security tips for smartphone, tablet, or app user’s Help Net Security reports.

Only buy apps from recognized app stores

App storeApps from unofficial third-party stores and applications downloaded from peer-to-peer sites are much more likely to contain malware than apps sanctioned by official vendor stores such as the Android App Market or Apple App Store.

Think twice about accepting permissions

Most applications, legitimate as well as malicious ones, need users to accept several “permissions” before the apps are installed. Check carefully to be sure that the app comes from a legitimate source. I wrote about mobile phones leaking data previously.

Monitor bills for irregular charges.

Monitor billsIf attackers gain access to personal information stored on the mobile device, they can quickly rack up charges by sending “silent” text messages to high-priced call services. For example, if the Google (GOOG) Android Trojan GGTracker is inadvertently installed on a device, it can sign up users, without their knowledge, for premium text messaging services.

Employ security policies to protect employer-issued devices

Employers should enforce password-based access and require voice mail codes so that only authorized users can get access to data on employer-issued devices.

Be mindful of more personal devices at work

more personal devices at workCompanies must have security systems and policies in place to safeguard their business environment and prevent access to company networks from employees’ personal devices. I wrote about BYOT here.

Remember that a tablet is a tiny PCs

Many security threats that apply to traditional computers also apply to mobile devices, such as smartphones and tablets, and consumers should take necessary measures to protect themselves. One way to do this is to install anti-malware software on mobile devices and enable VPN functionality.

Protect your tablet, smartphone, and voicemail PIN

Protect your tablet, smartphone, and voicemail PINIf your mobile phone does not have a password, add one that is at least six digits. Try to choose a unique password that is not already used across other systems and accounts. Do not use repeating digits in passwords or voice mail pins. Remember that your provider will never request your voice mail pin, so do not be tempted to give it to anyone who requests it.

Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| November 3, 2011
2 comments

How Does Malware Spread?

The ZDNet Zero Day blog reports that Microsoft’s (MSFT) recently released Security Intelligence Report identified socially engineered malware (scareware pop-ups; blackhat search engine optimization attacks) enticing users into downloading and executing a malicious file as the most used malware propagation tactic.

ScarewareBased on a sample of 600 million systems worldwide, MSFT research ranks AutoRun USB infection as the second most used malware propagation tactic, according to Zero Day. Microsoft disabled AutoRun by default on Windows XP and Vista in February to prevent malware infections. The results, at least according to Microsoft, have indicated a significant decline in malware using AutoRun as a spreading mechanism.

The report also points out that zero-day flaws do not necessarily represent a driving force in the growth of malicious attacks or cybercrime in general according to the ZDNet blog. More propagation tactics:

  • User Interaction required – 44.8%
  • AuAuto-run malwaretoRun USB – 26%
  • AutoRun: Network – 17.2%
  • File Infector – 4.4%
  • Exploit: Update Long Available – 3.2%
  • Exploit: Update Available – 2.4%
  • Password Brute Force – 1.4%
  • Office Macros – 0.3%
  • Exploit: Zero Day – 0%

Zero Day points out that Microsoft is missing malware that spreads without user interaction, namely through the exploitation of client-side vulnerabilities in third-party software and browser plugins.  The MSFT report says attackers regularly exploit client-side Java. Java exploits were responsible for between one-third and one-half of all exploits observed in the four most recent quarters including:

rb-

I wrote about the problems with old versions of Java and JavaRa which can delete all the old unnecessary files java leaves on your hard drive everything Sun Oracle plugs some more holes in their app.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| November 1, 2011
Comments Off on Arbor Networks Adds 20 New Michigan Jobs

Arbor Networks Adds 20 New Michigan Jobs

Arbor Networks Adds 20 New Michigan JobsAnn Arbor.com reports that Information technology security firm Arbor Networks promises to add 20 new jobs to its Ann Arbor, Michigan R&D operations. In exchange, the Ann Arbor City Council unanimously agreed to give Arbor Networks a five-year abatement on $883,527 in real property improvements and $7.8 million in new personal property and equipment.

Aebor Networks logoThe tax break for the University of Michigan spin-off runs through Dec. 31, 2016. As part of the agreement, Arbor Networks will be required to add no less than 20 jobs by Dec. 31, 2013. The city’s administration recommended approval of the latest tax break, calling the attraction and retention of Arbor Networks’ operation consistent with the city’s economic growth objectives,

The digital information business is continually changing with new and faster technology and Arbor Networks needs new test equipment and digital equipment, with anticipation of 20 new employees resulting to this facility,” City Assessor David Petrak wrote in a memo to council members.

Ann Arbor SPARK logoPaul Krutko, president and CEO of the  economic development group Ann Arbor SPARK also supported the action in a statement; “Attracting and retaining Arbor Networks in the Ann Arbor region is reflective of Ann Arbor SPARK’s work to help IT businesses grow in the region.

Arbor Networks is a leading provider of network security and management solutions for next-generation data centers and carrier networks, including most of the world’s Internet service providers and many of the largest enterprise networks in use today. Arbor’s proven network security and management solutions help grow and protect customer networks, businesses and brands.

rb-

The Michigan techie jobs story keeps growing and maybe I was wrong about Arbor Networks abandoning Michigan.

The information technology security firm will receive a five-year abatement on $883,527 in real property improvements and $7.8 million in new personal property and equipment.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| October 25, 2011
One comment

Copier Security Best Practices

Copier Security Best PracticesMulti-function printers (MFP) can scan, copy, fax, and print. The lowly office copier can now send emails, host web-based administrative pages, and even tell you when the ink is low. While doing all that, MFPs can store image files on onboard hard drives, which can contain sensitive, personally identifiable information (PII). Compliance with standards/laws such as PCI-DSS, HIPAA, Sarbanes Oxley, state privacy laws, etc., may force MFPs to be secured.

MFP printer SecureState suggests some general questions to ask when trying to understand the criticality of these copier systems and to show some due diligence:

• Are these devices accessible on the network? If so, how is “Administrative” access controlled?
• How long are the image files retained on these systems?
• If the copier is compromised, can the attackers capture sensitive data?
• If a hard drive fails, does the replacement process follow the usual standard for securely destroying the disk?
• What are some of the services enabled on these devices? Is there an administrative website, SNMP client, or SMTP server? How about the accounts and passwords of the administrative websites; are they set to default accounts and passwords?

SecureState says If you answered “No” or “I don’t know” to these questions, some of the issues more than likely need to be addressed.

Just like any network appliance, MFPs and other print devices are small computers connected to the network that have memory, storage, processors, an operating system, and full-fledged web servers. These devices can hold sensitive information. Before that old printer is decommissioned, ensure the copier hard drive is securely wiped. If the existing device does not have advanced security options such as disk encryption or immediately overwriting data, the hard drive should be removed and securely wiped or destroyed separately before being decommissioned.

Recommended best practices

Recommended best practices for multi-function printers and copiers with disk drives:

  • Review vendor security configuration guides
  • Develop a standard configuration and check regularly
  • Enable immediate image to overwrite and schedule regular off-hours overwrite (DoD 3 pass)
  • Enable encryption (minimum 128-bit AES)
  • Use encryption and secure protocols such as IPSec, SSL, and SNMPv3 if network-enabled.
  • Regularly review copier vendor security bulletins.
  • Enable authentication and authorization (if possible, use network credentials)
  • Change admin password regularly
  • Enable audit log and review periodically
  • Treat network-enabled devices like any other computer on the network
  • Purchase a device that has an EAL2 Common Criteria certification

If the copier processes restricted data, it MUST have encryption and image overwrite. For devices that process restricted data but do not have the necessary security features:

  • Data destructionIf possible, buy the required security modules and enable the features.
  • If security features cannot be purchased or enabled, replace the copier as soon as appropriate and have the hard drive removed and destroyed.

By Copier Vendor

XeroxXerox—Newer Xerox (XRX) devices have security features that often need to be turned on. For more information, see the Xerox Information Security Guides.

RicohRicoh—Security options for Ricoh’s (7752) have to be purchased separately. For more information, see the Ricoh Common Security Features Guide (PDF).

CanonCanon—Security options for Canon (CAJ) devices must be purchased separately. For more information, see Canon Security Solutions for iR and iP Devices (PDF).

HP – All HP (HPQ) multi-function printers have hard drives.

  • HPThere is a disk-wipe utility for all MFPs.
  • This utility is not installed by default and must be downloaded from HP.COM. It is protected by an admin account and password.
  • The admin can configure the utility to do a printer disk wipe daily.
  • Some non-MFP HP printers may have hard drives. These printers will have an occupied EIO card (with a resident hard drive) in the slot next to the network card. Viewing the printer’s external case, this EIO card should be physically evident.
  • Third-party disk wipe utility cannot be used against HP MFP hard drives without removing the drive from the card, which is likely to damage the card and, possibly, the hard drive.
  • Non-MFPs with hard drives are rare and may be purchased for particular purposes.
  • Non-MFPs with hard drives and network connections can be remotely disk wiped. Non-MFPs with a hard drive but without a network connection need to be handled by HP.
  • The agreements should include a defective media retention provision for leased HP printers that permits the lessor to keep the hard drive before releasing the printer.
  • The WebJetAdmin tool, downloadable from HP.COM, can scan a network subnet and identify HP printers (and non-HP printers if the tool has an MIB for the non-HP printer).
rb-

Richard Nixon

All they focused on was the costs; they did not ask any of the due diligence questions pointed out in this post. They had no plans on wiping the HDDs on the 12 networked copy/scan/print Ricohs. It is pretty clear that all the info on the HDDs was bound for South America or else on the secondary market, as I wrote about here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| October 18, 2011
One comment

Staff End Runs Security

When I am reclining in my Bach Seat, contemplating sharing tech services, my mind wanders to the consumerization of IT. The iPads have made an official beachhead and Skype has made it inside the perimeter. So I should not feel alone being concerned about security according to recent reports from Trend Micro and Cisco (CSCO).

employees bypass security roadblocks to engage in social networkingHelp Net Security reports that despite more workplaces regulating social networking site access, employees bypass security roadblocks to engage in social networking. The research by Trend Micro says that employees are finding ways around security roadblocks, making social networking a way of office life around the world. Trend Micro’s 2010 corporate end-user survey, found that globally, social networking at the workplace steadily rose from 19 percent in 2008 to 24 percent in 2010.

The survey also found that laptop users are much more likely than desktop users to visit social networking sites. Globally, social networking usage via laptops went up by 8 percent from 2008 to 2010. In the U.S., it increased by 10 percent In 2010, 29 percent of laptop users versus 18 percent of desktop users surveyed said they frequented these sites at work.

social networking is one of their organization's three greatest security risksThe survey also found that laptop users who can connect to the Internet outside of the company network are more likely to share confidential information via instant messenger, Webmail, and social media applications than those who are always connected to a company’s network.

A 2010 Cisco survey, which looked at the security impact of personal gadgets and social networking in the workplace, found that employees are consistently (Cisco’s words) finding ways around security policies. 68 percent of those surveyed by Cisco said that employees use unsupported social networking applications. Heavy use of unsupported collaboration, P2P, and cloud applications were also reported. More than half said social networking is one of their organization’s three greatest security risks. More than a third reported that their company lost data or experienced a breach because of employees using unsupported devices.

rb-

So why is Facebook such a problem for enterprises? For one, it is a huge time waster. Datacenter Knowledge reports that Facebook users spend a total of more than 16 billion minutes on social networking site Facebook per day. Facebook VP of Technical Operations Jonathan Heiliger stated that 3 billion photos are uploaded to Facebook each month and users view more than 1 million photos every second during a presentation at the Velocity 2010 conference

The more popular the social network, the more effective social networks become as malware distribution platforms. KOOBFACE, the “largest Web 2.0 botnet,” controls and commands compromised machines globally. This demonstrates the scale of the threat and emphasizes the need to educate users and implement strong policies.

Trend Micro says that trying to just prevent users from accessing social networks from work could potentially increase the risk to an organization as users look for ways around computer security possibly increasing the chance of exposure to security threats. The lesson, in Cisco’s view, is that you better find the technologies–and resources–to support personal devices and applications because they will be used regardless. “The best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use,” said Fred Kost, Cisco’s director of security solutions.

Call me old-school but it seems that employees have always learned to work within reasonable company boundaries. Another option for those organizations that need web 2.0 in the organization should take a look at Palo Alto Networks who have developed a firewall that can block the wasteful parts of social media and leave some parts of the web 2.0 app accessible.

Consumer technologies evolve faster than the IT department budget, and it could be a constant game of catch-up trying to accommodate the latest rogue gadgets and widgets. Ultimately, rogue IT use is not so much a failure of technology, but a failure of policy and policy enforcement.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »