Changing Strategies for IT Security
Filed under: Data Security, General Information, IT Security, Research, Security Attacks, Security Awareness
As cyber threats continue to evolve and become more efficient at compromising your data, so should the business strategies for IT Security to continue to protect said data.
The NIST (National Institute of Standards and Technology) agrees, and their newly revised catalog of IT security controls provides a framework for just that: a wider range of flexibility for administrators with which to protect their information systems. Specifically, this new set of controls, in a proactive approach rather than the typical reactive, focuses particularly on the systems themselves, and not the cyber threat.
Their latest publication “Security and Privacy Controls for Federal information Systems and Organizations”, having undergone its fourth revision, also promises to take into consideration the evolving state of IT Securities as recently as the past two years. This time around its goal is to spread awareness that security starts with what we already control, rather than retrospectively trying to control the attacks against our systems.
Ron Ross, the FISMA implementation lead at NIST had the following to say: “We need to stop wringing our hands about the threat…It’s not going away. We’ve got to be in control of the things we can control.”
By employing a bottom-up approach and thereby designing hardware and software to be more security aware, NIST appears to be aiming to redesign IT Security such that it’s innately more adaptable to the evolving threat environment; with security being applied less as an after thought than today’s standards.
NIST Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations Revision 4
Small Business Faces Growing Threat of Cyber Attacks
Filed under: Authentication Security, Authentication Trends, Data Security, General Information, password security, Research, Security Attacks, Security Awareness
As presented in an article by the Homeland Security News Wire last week, evidence has shown that it’s not just big businesses we’ve come to expect should be concerned with being the targets of cyber attacks, but small and medium business as well.
In particular, the 2013 Information Security Breaches Survey taken in the U.K shows that the number of security breaches on small businesses increased by more than 10 percent over the previous year, bringing the full figure to 87 percent of all small businesses in the U.K having experienced security breaches. In the same survey, large organizations are reported to remain very high risk, with 93 percent of all large businesses having suffered breaches.
Hopefully the data in these reports will do well in expanding awareness of Information Security, and the importance in applying good security practices to sensitive data within any company, big or small.
Two-Factor Takeover
Filed under: Authentication Security, Authentication Trends, Multi-factor Authentication, password security, Security Attacks, Security Awareness, Two-factor Authentication, Uncategorized
In extension to our post last week stating that Apple is the latest to join in a trend that’s having more and more of the presently most influential companies adding enhanced security in the form of two-factor login to their accounts, we follow up this week with yet another. Twitter will be joining the likes of Apple, Google, Facebook and Microsoft as they begin rolling out the feature in a short, but unspecified time from now.
It appears as though Twitter has had this project underway since at least early February, when they had posted a job position for the project. It is likely no coincidence that the service had suffered a hacking attack in which 250,000 account passwords were compromised just the week before the job posting. When just yesterday the Associated Press had also suffered a compromised account, in which bogus messages were tweeted, the need for the enhanced security is especially evident.
Source: The Wired
Source: Ars Technica
Is it Really a Problem when Connected to a Rogue Wireless Network?
Filed under: Authentication Security, IT Security, PortalGuard, Security Attacks
Benefits of a Free Wi-Fi Hotspot.
“Oh boy! They have free Wi-Fi here at McDonald’s. Let’s bring in our laptops and catch up on our Facebook and Twitter accounts and maybe even pay some bills while we enjoy a satisfying lunch.” Sounds like a great way to spend your lunch period or an afternoon, right? Wrong. As the old saying goes, “there’s no such thing as a free lunch” or in this case, “free Wi-Fi”. The glamour and convenience of being able to access the internet from just about anywhere that you can sit down at a table (Airport, Laundromat, Café, Car Dealership, etc.) is very misleading. Yes, you won’t have to use any of your cell phone data minutes and the ease of connecting without needing to enter credentials is enticing. Not to mention that getting some of your “internet” errands completed while waiting for the laundry to dry will give you more free time for more exciting interests. But what is really happening while you are enjoying this experience? Could you be opening yourself up to identity theft and exposing all of your sensitive social data? Let’s take a closer look.
Types of Wireless Networks
Wireless networks come in two varieties, ad-hoc or traditional. The traditional Wi-Fi network is a router that many devices can connect to for internet access. The ad-hoc network is simply two devices connected together. Both types can be unsecure, but the ad-hoc Wi-Fi hotspot is the type most widely used by local “bad guys” looking to intercept your sensitive data. Unsecure Wi-Fi networks usually don’t require a username and password, bill themselves as free and don’t encrypt any of the traffic.
Why is it unsafe on a public Wi-Fi network?
Once you have connected to an unsecure computer, pretending to be a legitimate router, the software on that computer can capture and save your sensitive data. Account names, passwords, bank accounts and credit card numbers are like gold to the cyber-criminal. Strangers can listen in on your emails and other private tasks performed over the web, including hijacking your Twitter account and broadcasting unhealthy tweets on your behalf.
How is it done?
A “Bad Guy”, disguised as a regular patron of your favorite coffee shop, calmly walks in, waits in line with everyone else and orders his usual latte and cruller. As he settles in to his usual spot and waits for his coffee to cool, he enables his own router and software to setup a “rogue” Wi-Fi hotspot with the same name as the shop. i.e. “Java Joe’s Free Wi-Fi”. You walk in a few minutes later and as you start to enjoy your bagel and cream cheese, you open your laptop and discover that this fine establishment is nice enough to offer free Wi-Fi to its patrons. You gladly connect to the hotspot and begin surfing the web. It’s the end of the month and your car payment is overdue so you login to your bank account with your credentials and make the payment with your credit card. Relieved that you did not miss the deadline for the payment, you finish enjoying your bagel and hot chocolate.
What you don’t know is that directly over your shoulder, Mr. Bad Guy is watching and recording all of your internet activity. Any emails, usernames, passwords or account numbers you supply to the internet are now his for the taking. As part of his setup, he made a fake web site available that looks just like your bank, but since it is his web site, he is able to see all of your activity with what you think is your bank.
Legitimate hotspots that you may have already visited can be faked as well and your PC will automatically connect to the bad router without you even knowing that you connected. It’s not enough to just make sure you don’t connect to any hotspots you don’t recognize. The owners of these rouge hotspots can see everything you are doing because they are essentially the ISP.
Eric Butler developed Firesheep (http://codebutler.com/firesheep/) which is a utility that allows for the capture of “cookies” or internet tracking/history and data. This Firesheep gathered info allows attackers to assume your identity and use your sessions to get your data. Firesheep was developed to encourage social media sites to encrypt a user’s session and prevent these “man in the middle” attacks.
Connecting to an ad-hoc Wi-Fi network that has bad intentions does not only compromise your private data, but it can also lead to your PC being infected with a virus. Bringing that PC into your company’s offices and connecting to the network can spread the virus over that network to other PCs.
Hopefully this article was able to illuminate some of the risks associated with internet activity. Come back soon for an article on how to protect yourself from these risks.
REFERENCES:
http://www.creditcards.com/credit-card-news/free-wifi-danger-credit-card-fraud-1273.php
http://news.yahoo.com/blogs/upgrade-your-life/banking-online-not-hacked-182159934.html
http://techtalker.quickanddirtytips.com/dangers-of-unsecured-wifi-hotspots.aspx
China Using CyberAttacks
Filed under: General Information, IT Security, PortalGuard, Security Attacks
China has a cyber warfare program which is targeting the United States. This is a new realm of attack and how do we respond? For example as the video states, if China was flying Chinese planes over our airspace it would been seen as an act of war. So what are cyber attacks considered? Should these be seen as acts of war? Overall the government is trying to decide what the attacks are, where they are coming from, and what our offensive response will be. It seems that our government is struggling to know what to do with cyber warfare.
In another article China’s military denies any allegations that they are participating in these cyber attacks. Mandiant reported on major claims that hacking activities could be linked directly to the Chinese military. Although the military denies it these attacks have been traced back to an area in Shanghai which is run by the People’s Liberation Army. The Chinese are resting heavily on the fact that Mandiant’s discovery is based IP addresses which can easily be spoofed. Read More…
###
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php
https://twitter.com/portalguard
http://pinterest.com/pistolstar/portalguard
http://www.facebook.com/pistolstar.authentication
http://www.facebook.com/pages/PortalGuard/240761992635169
250,000 Twitter Users Hacked
Filed under: General Information, IT Security, password security, Security Attacks
Do you have a Twitter account? Most of us do and it is a bit unnerving to hear that once again our accounts have possibly been compromised. Early this week a report came out that 250,000 Twitter user accounts had been compromised giving limited access to usernames, email addresses, session tokens, and encrypted/salted passwords.
Twitter discovered this after seeing unauthorized access behaviors and patterns. It was detected early on and any account which has thought to have been compromised had the password reset and the user was sent an email. Twitter is of course working with police to determine the cause of the attack and source, of course as with many cyber crimes it is difficult to track.
So what should you do if you have a Twitter account? Protect yourself and be proactive. Make sure that you are using a password which is strong containing at least eight characters, upper and lowercase letters, as well as special characters. Seems like the typical “Password123″ is not going to be enough to protect this targeted site. Read More…
###
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php
https://twitter.com/portalguard
http://pinterest.com/pistolstar/portalguard
http://www.facebook.com/pistolstar.authentication
http://www.facebook.com/pages/PortalGuard/240761992635169
Data Breach Investigations Report – Great Data!
Filed under: Authentication Trends, General Information, IT Security, Security Attacks
One of the better reports of the year Verizon’s Data Breach Investigations Report (DBIR) really sheds some light on the outlook on data breaches in the previous year and what trends we are seeing. This should also help you determine what security precautions are going to be necessary as we start a new year.
Overall in 2012 there were 855 incidents of corporate theft with 174 million records being compromised. 98% of those came from outside hackers mostly using hacking methods to break in. One of the more amazing statistics is that 97% of these breaches were completely avoidable if the organizations had implemented stronger methods for controlling risk. The report goes into the demographics and industries of the companies targeted. Do you think you’re a target? It is important to know if you are in a targeted industry and therefore need to implement stronger authentication solutions.
This report is just full of useful insights including:
- Percentages of attacks coming from external, internal or partner agents
- Motives of external agents for attacking
- Which methods of hacking were the most popular over the last seven years
- The functionality of the malware which performed the breach
- And much more….
One that we found especially interesting was the percentage of breaches executed using a specific hacking method. It was astonishing to see that many of the methods are ones which can be prevented with the right authentication solution. To see that guessable credentials makes up 55% of the breaches and stolen login credentials coming in second at 40%, it is amazing to think why two-factor authentication is not deployed more often? Read More…
###
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php
https://twitter.com/portalguard
http://pinterest.com/pistolstar/portalguard
http://www.facebook.com/pistolstar.authentication
http://www.facebook.com/pages/PortalGuard/240761992635169
Declaring War on Passwords
Filed under: Authentication Trends, General Information, IT Security, Security Attacks
You’ll want to keep an eye out for the IEEE Security & Privacy Magazine set to be published this month as it will include Google’s point of view on all the ways that people could log into websites in the future. One of these is the use of a ring on your finger to tap to your computer which authenticates you. Overall the theme to looking for new methods of authentication is because, as the article states, “passwords are a cheap and easy way to authenticate web surfers, but they’re not secure enough for today’s internet, and they never will be”.
This cold hard fact has become apparent with the ever increasing number of attacks including the very well publicized hack of Matt Honan an editor for WIRED, whose digital identity was wiped out in the matter of an hour. One of the ideas for logging users in involves a PortalGuard partner, Yubico, with their USB cryptographic card which does not require the user to type in the one-time password, but instead automatically generates it and populates the password field.
The future Google is predicting is free of complex, hard to remember passwords and filled with easy to use small hardware devices such as Yubico’s Yubikey. This is all in attempt to avoid the hacking which as the “Epic Hack Spike” shows it only continuing to grow. Read More…
WhiteHat’s Top Ten Web Hacking Techniques of 2012
Filed under: General Information, IT Security, Security Attacks, Uncategorized
A list that everyone should read is a the Top Ten Web Hacking Techniques that WhiteHat puts out yearly. It is an amazing collection of the security industries findings on the hacking capabilities which are out on the web. Having been created for the last seven years the list points out attacks on various websites, browsers, proxies, and mobile platforms. The list is a collection with the goal of choosing the top ten new and most creative web-based attacks. The list also serves another purpose, awareness.
By collecting all of these attacks in one list it allows us to be aware of what is going on in the industry. As they say knowledge is power and by exposing these techniques you may be able to look at your organization and make changes to prevent attacks you didn’t even know were possible. Below are just some of the attacks which stood out. THe list is still being compiled so that WhiteHat can choose the Top Ten, but what an intense list it is so far:
- Parasitic Computing Using Cloud Browsers
- Hyperlink Spoofing and the Modern Web
- Content Smuggling
- Blended Threats and JavaScript
- .NET Cross Site Scripting – Request Validation Bypassing
- How Facebook Lacked X-Frame Options and What I Did With It
- Bruteforce of PHPSESSID
- And Many More…
###
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php
https://twitter.com/portalguard
http://pinterest.com/pistolstar/portalguard
http://www.facebook.com/pistolstar.authentication
http://www.facebook.com/pages/PortalGuard/240761992635169
Protect Your Attack Surfaces – Intelligence-based Security
Filed under: Authentication Trends, General Information, IT Security, PortalGuard, Security Attacks
Picking up popularity after RSA Conference 2012, intelligence-based security is seen as the future to protecting the ever expanding attack surfaces within your organization. The IT world is changing rapidly with demands from users for more anywhere anytime access, BYOD, and remote access (refer to our previous blog post: “Trying to Secure a Global Perimeter? – Remote Workers and Access Pose a Threat”). This all poses new threats to security which must be adapted to. No longer are basic firewalls and front-end back-end server configurations going to be enough since you have a global perimeter to protect.
Predicted to become the norm in 2013, intelligence-based security is the new way to secure your organization when there is more to worry about then basic perimeters, DMZs, or firewalls. The concept of intelligence-based security started to gain traction at the RSA Conference 2012 and has only begun to pick up in popularity from there. This security no longer thinks about access points to secure but more of risk-based approaches and predictive analytics. For example, anti-virus software is now starting to detect the patterns and actions of certain malware programs.
Although most of the solutions out there are beyond most organizations’ budgets, there are more cost effective solutions coming out on the market (PortalGuard for example with its transparent user authentication). The focus however has at least switched to prevention in the majority of organizations with 80% on prevention, 15% on detection, and 5% on response. The key for organizations to stay secure is to take the risks seriously, such as mobility and cloud computing, and realize hackers are already well versed and ready to attack. Read More…