How a Remote Access VPN Extends the Reach of Your IT Staff

What do the federal government’s Office of Personnel Management (OPM), Ashley Madison and Target have in common? They may seem entirely unrelated on the surface, but each organization has been a target of a high-profile data breach within the last year. Each new cyberattack is more proof that the threat landscape has diversified, leaving no industry, system or organization immune to vulnerabilities. The landscape would suggest that, now more than ever, organizations need nimble network security systems, supported by a disciplined IT staff that can keep up with the shifting state of cybersecurity. Unfortunately, while the threat landscape has clearly expanded in recent years, the IT security industry has yet to catch up and adapt to the quick rate of change. Across the board, there is a clear security skills shortage that has left IT professionals and their organizations without the necessary talent that they now require. In fact, 44 percent of organizations say that they have an inadequate number of networking and security staff with strong knowledge of both security and networking technology. Looking beyond these numbers, the problem is not necessarily a lack of skills, but rather, many organizations do not have ample personnel to field growing IT requests and security needs within their companies. To overcome this shortage, many organizations are seeking technologies that can augment their IT departments, without requiring extensive management by IT staff. Companies need easy-to-use solutions that largely run on their own and can be managed seamlessly – whether they are preventing a network hack or data breach, or merely enabling a company to function on a daily basis. Let’s take a... read more

Open Haus: Graphical User Interface

Not long ago, the old aphorism “look but don’t touch” applied to computers and mobile devices. There were no touch screens, no tapping or pinching, no complicated gestures a user could issue with their fingertips. All that touching a screen would do was leave behind fingerprints. That all changed in 2007, when Apple brought touch screens into the mainstream with the first-generation iPhone, back then a first-of-its-kind touch-screen smartphone. Since then, keyboards have all but vanished from smartphones, and touch screens are now replacing or augmenting keyboards on larger devices. Global shipments of touch-screen displays are expected to double from 1.3 billion in 2012 to 2.8 billion in 2016. Already, touch-screen displays have moved from smartphones to tablets to, increasingly, desktops and laptops. Even as far back as 2013, one in 10 laptops were already equipped with a touch screen. Given this landscape, any program that runs on smartphones, tablets or computers now needs to be touch-screen compatible – that is to say, it requires a touch-screen compatible, graphically intuitive display that can also be scaled to whatever device the user has. Users demand this functionality, and users of NCP engineering’s remote access VPN clients now have access to just that for employees working on-the-go on a range of devices. How It Works Enhanced touch-screen compatibility is a core update to the latest version of the NCP Secure Clients that is intended to improve the user experience on touch-screen devices, such as Windows tablets and smartphones. Displays within NCP VPN clients are also intuitive and easy-to-use. Independent of the device or operating system, all remote access VPN clients provide... read more

How Far Does Your Cybersecurity Umbrella Extend?

Network administrators: No matter how impenetrable you think your network defenses are, there are always going to be remote access vulnerabilities that threaten the integrity of your walls. Often, it’s a threat that originates from outside the immediate range of your defenses, and it’s one you may not have any visibility into. Recently, these threats have started to originate from third-party partners – a company’s vendors, suppliers, agencies, firms and other outside service providers. These are often smaller companies with less sophisticated remote access defenses that, when they become a target of cyber crooks, provide a path for an attacker right into the heart of another company’s network. Target found this out the hard way, after its network was breached when attackers gained entry by acquiring network credentials though a third-party HVAC vendor. So did Lowe’s, after one of its vendors backed up customer data on an unsecure server and unknowingly exposed the information to the broader Internet. Goodwill, too, suffered a breach because of a vendor, this time a retail POS operator that acknowledged its managed service environment “may have experienced unauthorized access.” While it may seem odd for big-name companies to provide such privileged access to third parties and, in the process, put themselves in harm’s way – either deliberately or inadvertently – it’s actually quite a common situation. As Brian Krebs reported in the aftermath of the Target breach, large retailers often provide HVAC and energy vendors with privileged network access so they can alert retailers around-the-clock in the event something goes wrong in one of their buildings. As a source told Krebs, “Vendors need to... read more

Open Haus: Updated VPN Clients and Server

Of all the factors that would prevent an organization from launching a comprehensive remote access security strategy – limited budget, unfamiliarity with emerging threat vectors, lack of employee buy-in – the remote access tools themselves should not be the reason that a strategy has trouble gaining a foothold within an organization. The experience of using a remote access VPN needs to be an easy one – it should be straightforward for network administrators to centrally manage, and simple for users to deploy without interrupting their workflow. As Citrix’s Kurt Roemer recently told eWeek, “The industry needs to preconfigure for security and employ services that keep security settings optimal and balanced against user experience.” In the last month, NCP engineering has issued three product updates, all intended to improve remote access security for enterprises by enhancing administrator features and the end-user experience: NCP Secure Clients, Version 10.02 This update supports users of Windows 10, and is the first IPsec VPN Client compatible with Microsoft’s newest operating system. For users, Version 10.02 of the NCP Secure Entry Clients offers: Optimized Internet of Things (IoT) configuration Alerts when the preferred network is no longer available Improved user experience through a touchscreen-compatible interface The option to eliminate dual network connections Password- and PIN-free logon with machine certificates Meanwhile, administrators benefit from improved troubleshooting, through enhanced search log functionality, and immediate configuration updates. NCP Secure Client – Juniper Edition, Version 10.02 For users who access network connections through Juniper VPN gateways, Version 10.02 of the NCP Secure Client – Juniper Edition offers many of the same enhancements above, while providing seamless and secure remote... read more

Smaller Scale Is No Defense: Why SMBs Should Assume They’re Already Targets of Cyberattackers

You would be hard pressed to go a month without hearing about a new data breach or major cyberattack in the headlines. These incidents occur with such regularity nowadays that seemingly every industry has been affected – healthcare, education, retail and even amusement parks. There are variations across all these attacks, from the threat vectors themselves to the protections that may have faltered. But, the common thread is that these companies are generally big names with targets on their backs. This trend also tends to overshadow an even more worrisome one: data breaches occurring at small and medium-sized businesses. While SMBs may exist on a relatively small scale, they certainly don’t go unnoticed by hackers. The numbers actually show that three out of four attacks occur at businesses with fewer than 100 employees, and that each incident carries an average price tag of $20,752, according to the National Small Business Association (NSBA). The NSBA’s Jason Oxman elaborated further in comments to the Los Angeles Times last year: “We are absolutely facing an epidemic of attacks on our nation’s infrastructure and attempts to gain access to information. But smaller merchants tend to be easier and more attractive targets for cyber criminals.” This is because SMBs are less likely to be well-versed in security protocols and because they won’t get much attention from the media, thereby allowing the attacks to continue under relative quiet. Compared to enterprises, SMBs may also lack the resources to detect and respond quickly to attacks. The fallout can result in broken websites, bad customer reviews and narrower profit margins – all consequences that can completely devastate... read more

Seamless Roaming or Always On: The Remote Access VPN Feature Digital Nomads May Be Missing

In remote working environments, the Digital Nomad isn’t tied to a desk or cubicle, but he has close relationships with his coworkers. The Digital Nomad works exclusively from mobile devices that connect wirelessly to the Internet, and she’s still able to finish all her tasks on time. For now, these workers are generally the exception to the rule, but that may not be the case for much longer. One-third of business leaders anticipate that by 2020, more than half of their full-time workforce will be working remotely. It’s not difficult to see why remote work is so popular. Today, Digital Nomads can be more nomadic than ever, setting up new mobile “offices” wherever there’s a network connection. They don’t even need a hard surface to put their device on or an outlet to plug into. But, what they do need for security purposes is a remote access VPN to enable a secure connection back to the corporate network. VPNs are reliable, but the problem is, network interruptions have long seemed inevitable. They get in the way and disrupt the user’s computing session. That’s when a VPN feature known as seamless roaming or always on comes into play, allowing a user to move between different networks without losing the connection. The Value of Seamless Roaming Whether you’re a finance executive fighting dead zones as you work on your laptop from a train, or a sales professional working from an airport across a spotty Wi-Fi connection, each time there’s a network disruption, the user has to manually restart the VPN connection to continue working. This is why seamless roaming is no... read more

NCP engineering Earns ‘Champion’ Rating in techconsult Report

This year, cyberattacks are expected to rain down at a rate of more than 117,000 per day, adding up to more than 42.8 million total incidents. As these attacks are launched and subsequently investigated, the root cause of many of them will turn out to be the result of employee action – basic human error – such as accidentally violating a remote access policy. With these figures in mind, the new report “Security Solution Vendors 2015,” conducted by German analyst firm techconsult, analyzes the entire network, data, storage and endpoint security landscape, while identifying top providers and solutions that are on the front lines protecting businesses from these 42.8 million attacks. The report bodes well for NCP engineering and our remote access VPN solutions. Techconsult found that NCP “dominates” the network security space, while highlighting how NCP’s Secure Enterprise Solution “win…clearly against the competition” from other VPN solution providers. This assessment is reflected by NCP’s presence in the “Champion” quadrant, comprising all security solution vendors, based on evaluations from the market and users, as well as experts. NCP also earns a “Champion” rating when only network security vendors – those with VPN, external firewalls and Unified Threat Management (UTM) solutions – are assessed. NCP is the top solution provider in this quadrant, and we stand out for our 100 percent user satisfaction rating. In the Virtual Private Network quadrant, NCP again earns top marks and a “Champion” rating, with the report noting, “NCP has been able to set itself above the rest with the experts’ evaluations based on its excellent solution assessment as well as its company-specific framework conditions.”... read more

How One Challenging Gig with My Band Prepared Me for a Career in Cybersecurity

Sometimes, connections between work and play appear when they’re least expected. You wouldn’t expect, for example, a guitar-shredding metal-head to carry over much from his time on stage to his career in cybersecurity, but that’s exactly what happened to Julian Weinberger, CISSP and Director of Systems Engineering for NCP engineering. Julian isn’t performing in the U.S. anymore, but during his time in Germany, one gig in particular brought so many challenges that he still thinks about it today. We sat down with Julian to discuss what happened that night. What specific event involving your band has taught you the most about working in security and business continuity? A few years ago, after hustling to line up free gigs, I landed my first paid performance. Unfortunately, I ran into myriad unanticipated issues: a string on my first guitar broke, my backup guitar didn’t work, my cable made weird noises, and, as if that wasn’t enough, my in-ear system stopped working. Although none of these issues were my fault, they wreaked havoc on the gig – and when you’re hired to entertain, you risk not being paid if you’re unable to deliver, regardless of the circumstances. It’s similar with enterprise network security. If things break — and they will — you need to be prepared with a plan to fix it. So how did you respond on stage? And what did that teach you about security? When performing on stage, technical difficulties must be fixed within seconds, and it’s the same case with security. For instance, if your microphone cuts out – or worse, your organization is faced with security issues... read more

Open Haus: Automatic Hotspot Logon

If you were a hacker targeting a network, which would be most appealing – a network contained in a residential building, an office or corporate facility, or a public place? The information contained on the network of a residential building probably wouldn’t be particularly valuable, and it would also be well-protected. You’d face even more security if trying to attack a corporate network, so that probably wouldn’t be your best option either. You’d probably target a public network – one in an airport, coffee shop or hotel – over which users dealing with sensitive information would try to connect, perhaps without having the same security protections they would have if they were in their home or office. Public networks can be vulnerable, and they do make popular targets. Consider all the possible threats – from snooping and evil twin schemes to narrowband jamming and replay attacks – hackers can deploy against these networks. It’s also important to consider that there are now many more public hotspots than there were even a few years ago – global Wi-Fi hotspots are expected to triple from 1.3 million in 2011 to 5.8 million this year. For business users in particular, hotspot connections are ideal for when they’re at day-long events (when using mobile data on their phone or tablet would quickly drain their battery) or when they travel abroad (to avoid costly roaming fees). For these users, and for anyone else who relies on hotspots for secure remote access, NCP engineering has integrated Automatic Hotspot Logon into its NCP Secure Client. How It Works A safeguard protecting the end device against attack... read more

OPM Breach Shows Need for ‘Nimble’ Government Network Security

No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions. If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million. Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.” Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM. Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network. Read Case Study Lessons from the Heartland Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with... read more

[WEBINAR] Two-Factor Authentication for Tighter VPN Security

If you think that passwords for online profiles are effective at preventing security breaches, consider these two new statistics: The average person has 19 passwords Four in five people say they forget their passwords To counter password forgetfulness, users often take steps that leave network administrators cringing. They may duplicate one password over multiple accounts. They could use birthdays or other numbers that can be easily guessed. Or they might write them down, sometimes in plain sight. Actions like these make it that much easier for attackers to successfully breach a network, and indeed, many recent breaches share a common origin – an employee’s password that was copied, discovered or given away. To counter this wave of password theft, an avalanche of popular sites and apps, including Google, Amazon, Facebook and now even Snapchat, have replaced one-dimensional passwords with a form of user login credentials that help better protect sensitive information. Download Whitepaper Enter two-factor authentication. This approach combines two (or more) methods of credentials authentication to establish the unambiguous identification of each user, including: Something Users Know: Password, PIN, one-time password (OTP), certificate Something Users Have: Token or calculator (with OTP), soft token, text message (with OTP), machine/hardware certificate, smartcard, trusted platform module (TPM) Something Users Are: Fingerprint, face recognition, iris recognition, keystroke dynamics Network administrators have all these options at their disposal, and the idea is to pick at least one form of authentication from two of the lists. An administrator may even pick a factor from all three lists, or combine multiple items from each. With this additional protection, users gain the convenience of anywhere-anytime access without... read more

NCP Channel Alliance Partner Program Takes Center Stage at Channel Link 2015

Given that three in four executives now say Bring-Your-Own-Device (BYOD) initiatives pose the greatest security risk to their companies, it shouldn’t be surprising that companies have tasked their IT departments with finding effective ways to guarantee secure remote access for users. Often, this means network administrators have to identify partner vendors that can provide secure remote access solutions, including VPNs. Here at NCP engineering, we’ve heard enough customer success stories to know that our NCP Secure Entry Clients are the centerpiece around which any remote access infrastructure should be built. That’s why we’re proud to be attending Tech Data’s Channel Link 2015, June 17-20, in Dallas, where we’ll be sharing information about our Channel Alliance Partner Program. The program, which has been in place since 2009, now includes 42 North American partners – 14 of which are new – that are able to access services from NCP, including business transformation training, advice on how to better incorporate cloud solutions into their current offerings, and training to simplify hosting and managed services concepts. NCP’s appearance at Channel Link comes just a few months after we reached a distribution agreement with Tech Data, one of the world’s largest wholesale distributors of technology products. Through the agreement, NCP is better able to meet demand from North American service providers in the channel for secure remote access. Specifically, end users are able to tap into our market-leading remote access VPN client, equipped with one-click logon, a fast connection, and always-on reliability. Together, the Channel Alliance Partner Program that we’ll be featuring at Channel Link, along with the Tech Data agreement, showcase NCP’s ability... read more

Two’s (or More) Company: How to Use Two-Factor Authentication the Right Way

These days, you need a password to access every aspect of your digital life, and we all know how problematic that can be. You can either come up with a unique (albeit difficult-to-remember) password for every website, or use easy passwords, or even duplicates, that leave your accounts insecure. Fortunately, many prominent websites today – Dropbox, Google, Apple, Facebook and PayPal – all support a security approach known as two-factor or multi-factor authentication. And it’s easy to see why. This process enhances security by adding another step (or more) to the user verification process, making even risky passwords much stronger. That’s because in addition to the factor that a user knows (a password), every login attempt requires the user to supply a factor he or she owns, such as a one-time access code or PIN sent to their mobile device via SMS text or email, and/or one that reflects who they are, like a fingerprint. Through this relatively simple extension of the traditional authentication scheme, a lost or stolen password becomes plain useless to a hacker. No successful login is possible without the additional factor or factors. If your security demands are higher than average, it’s also important to generate the second authentication code, or OTP, only when the user has already started the session and the first factor has been exchanged successfully. It might be simpler to implement and roll out tokens with pre-fabricated codes, but this kind of implementation is inherently easier to compromise, but is still almost impossible to break. As a rule, token solutions require a seed that contains the base data for generating the... read more

Why Outsourcing Remote Access Management Isn’t the Answer for SMBs

“How do you keep your data secure when you’re a data anchovy in a sea of hacker sharks?” When the Wall Street Journal’s John Bussey posed this question in 2011, the corporate network security landscape was drastically different. Employees weren’t using company-managed smartphones at a rate of 64 percent. Nine out of every 10 employees weren’t keeping sensitive business information on devices they use for both work and personal matters. Yet, even then, SMB network administrators were concerned about their security, and feeling like vulnerable little fish with bigger, more aggressive fish circling. So concerned, in fact, that according to Bussey, many were reluctant to outsource network security services to a managed service provider (MSP), even though these companies would have both the expertise and resources required to keep their networks safe. At the time, many SMBs thought that the “hard disk under the receptionist’s desk” strategy was more effective than handing over control to a third party, even though these MSPs could provide data encryption, threat mitigation and other critical security services. SMBs thought to themselves: “Yes, but what if the host isn’t entirely well-protected? Or what if a peer company within the shared environment was attacked? Or what if hackers prioritized these target-rich environments?” These were real concerns then, and they still are now. So, should network administrators consider tapping into MSPs for network security in our current environment? The core issue is a common one in network security – convenience vs. security. The Debate The convenience vs. security debate comes to how SMBs go about securing communications. On one hand, SMBs could opt for convenience and... read more

Open Haus: VPN Path Finder

Whenever Katelyn O’Shaughnessy checks into a hotel, room size isn’t anywhere near her top concern. As she told the Los Angeles Times in a story about the hotel preferences of Millennials, “You can put me in a closet; as long as there is Wi-Fi, I’ll be happy.” If you were to survey hotel users, you’d probably find many of them share O’Shaughnessy’s perspective. These days, if you’re traveling, whether for work or for business, Wi-Fi is a necessity. And it can’t just be any Wi-Fi. It needs to be high-speed, reliable Wi-Fi that facilitates secure remote access through any mobile device. Unfortunately for travelers, the reality is that many hotels – and other public places that provide network access through hotspots – restrict user access settings by blocking IPsec ports and only allowing Internet access to web browsers. This is a major constraint for road warriors trying to access their corporate networks remotely via a VPN, as they could find themselves unable to establish a connection. To overcome this obstacle, NCP engineering developed VPN Path Finder – a proprietary remote access technology that automatically establishes a connection wherever Internet access is possible, providing the user with anywhere, anytime connectivity. How It Works Path Finder – recently recognized with a patent – is a central feature of the NCP Secure Client Suite. With Path Finder, users achieve highly secure mobile computing in every remote access environment, even across unknown networks like those you might find in a hotel, café, or on a plane or train. Whenever a public network has a firewall setting that blocks native IPsec traffic, Path Finder... read more

NCP engineering and Tech Data Expand Secure Remote Access to SMB Market

In what’s being described by the president of the National Small Business Association (NSBA) as “a step in the right direction,” the U.S. Congress decided to take up legislation that would help the small business community better protect itself from network security threats. During a hearing by the House Small Business Committee last Wednesday, NSBA President Todd McCracken went on to say, “Any legislation should provide clear, simple steps for companies to follow when their data is breached.” This support is imperative, McCracken said, because more than half of U.S. small businesses now say they have been victims of a cyberattack. Given this rocky landscape, small businesses – which often have less sophisticated network defenses – need help. And now, NCP engineering is better able to meet North American SMB demand for secure remote access through a new distribution agreement with Tech Data, one of the world’s largest wholesale distributors of technology products. The agreement expands NCP’s North American partner network and offers Tech Data’s SMB solution providers NCP’s Secure Entry Clients through its Advanced Infrastructure Solutions (AIS) division. Tech Data’s ecosystem also includes major VPN gateway vendors, including Cisco, Check Point and WatchGuard, which complement NCP’s solutions well. For now, the go-to-market strategy initially targets SMBs through Tech Data’s network of resellers, and will evolve to include the enterprise market, as NCP engineering CEO Patrick Oliver Graf told ChannelBuzz. He said, “[Going] SMB would let Tech Data see revenue success very quickly, which is an important objective.” The agreement will help SMBs be more proactive in protecting their networks – an important step, given that the average cyberattack... read more

How to Resolve the BYOD Stand-Off between Employees and IT

“Try to please everyone, and you’ll end up pleasing no one.” This is one of those classic, ubiquitous statements that can apply to any number of situations. Take the Bring-Your-Own-Device (BYOD) trend. To the employees whose jobs are made easier and more convenient by BYOD, the appeal of these initiatives is obvious. That’s why demand for BYOD is expected to increase by 25 percent between 2014 and 2019, driven by the consumerization of IT and increased mobile data speeds that meet enterprise-acceptable levels. Yet, on the other side of the spectrum, are the IT departments tasked with enforcing BYOD security frameworks. The same things that employees see as beneficial about BYOD – convenience and freedom of choice – are exactly what make IT departments so fearful. The two groups are fundamentally at odds. Users want, and demand, access to a broad range of personal mobile devices in the workplace. They want to be able to safely access work files on their phones while on-the-go and work from their homes on their personal laptops. Meanwhile, IT departments are tasked with protecting network security at all costs, and that means they are the ones who have to say “no,” and who have to restrict the technology employees are permitted to use in the workplace. That’s how BYOD “pleases no one” – users are frustrated by what they perceive to be restrictions on free use, while IT feels like it’s constantly engaged in an uphill fight against employees who frequently, both purposely and unwittingly, violate best practices around secure remote access VPN and BYOD. It’s the classic case of unstoppable force (in... read more

Open Haus: Friendly Net Detection

The prevalence of remote work has climbed steadily over the last decade thanks to advances in technology and attitudes towards the practice. According to Global Workplace Analytics, teleworking has increased about 80 percent between 2005 and 2012. Still, only a few million Americans consider their home, or somewhere other than an office, to be their primary place of work. What’s holding remote work back? A lot of it is cultural, as well as logistical, but there are also lingering security concerns. Despite the convenience of the practice, accessing the corporate network remotely doesn’t carry with it quite the same guarantee that a user’s end-to-end connection to the network is entirely secure. That’s why NCP engineering’s Remote Access VPN solution is equipped with Friendly Net Detection (FND), a technology that automatically recognizes safe, friendly networks or unsafe, unfriendly networks, no matter where the user may be, thereby protecting end devices against Internet attacks via 3G/4G, Wi-Fi and LAN. How it Works FND is a component of all NCP Secure VPN Clients, and since the FND server is installed independent of the VPN gateway, it’s therefore agnostic to any particular operating system or third-party vendor gateway. Once installed, the FND client is configured within the VPN client’s firewall settings. The feature works by forcing the network to identify itself to the end user’s device, and then dynamically activating or deactivating the appropriate firewall rules and security mechanisms, depending on whether it’s a known/secure/friendly network or an unknown/insecure/unfriendly network. If the FND client is successful in its attempt to contact and authenticate the FND server, then it can confirm that the device... read more

IT Security? “Yes Please,” says Uncle Sam – But Offers No Tangible Help

When it comes to IT security, government agencies around the world are aware of the challenges and risks small and medium-sized enterprises (SMEs) face. So it only figures that they offer help, in the form of initiatives aimed specifically at SMEs. Germany has one of the most active administrations in this respect, as it finances or supports a whopping 21 initiatives. And while the U.S. government would do well to follow Germany’s lead and further IT security by offering numerous assistance programs to SMEs, unfortunately, a recent study from management consultancy Detecon International shows that most U.S. initiatives are focused on admonitory finger-wagging rather than hands-on help with implementation. Yet, hands-on help is exactly the type of assistance that would have the biggest impact on raising the security level of SMEs. Most German public initiatives prioritize awareness of the issue at the upper management level. However, only a small part of the surveyed initiatives – 35 percent – can be mapped to concrete measures within the Federal Office for Information Security (BSI) IT baseline protection catalogs. Furthermore, 36 of 56 assistance programs analyzed lack a concrete goal with achievable benchmarks for success. Instead, they focus on information security as a whole and therefore try to pursue many targets at once, with a shotgun, light-handed effect. Naturally, IT security has to be approached holistically. There is no use securing remote access for employees with a VPN when a company’s Wi-Fi network is open and therefore accessible from outside the enterprise. But because SMEs have usually only limited resources at their disposal, it is important to prioritize and focus on the... read more

The Cloud is Covered: VPNs Enhance Data Security in the Cloud

Cloud computing not only introduces a new level of flexibility for enterprise IT services, but it often improves data security, too. A cloud provider that has to adhere to stringent privacy and compliance regulations typically has more know-how and access to more resources than a small- or medium-size company. But it is just not possible to rely on a cloud provider for every aspect of data security. In the end, the company is responsible for its own data. Many aspects of data security are beyond the purview of the cloud provider, but at least it is responsible for checking all certificates and knowing which ones are relevant. However, all basic security measures are the responsibility of the company. Among them is the protection of the data-in-transit between the company’s LAN and the data center in the cloud. The easiest way to ensure this protection is to use a location-to-location VPN tunnel. If a VPN solution is already being used, the company has to make sure there aren’t any compatibility issues between its VPN gateway and the gateway at the cloud provider’s site. The VPN standards IPsec and SSL have been in use for many years and are tried and trusted, greatly reducing the potential for trouble. Usually the cloud data center provides a virtual machine on which the company installs another instance of its VPN gateway solution. Major solution providers like Microsoft Azure, Amazon Web Services and Google Compute Engine provide extensive how-to guides and online manuals explaining how to assure compatibility with a VPN. Most providers even relieve the customer of that process by offering a turnkey, managed... read more

Mobile World Congress: E.ON Achieves Secure Remote Access with Samsung, NCP

Last month, Samsung hosted one of the largest, most-visited booths at Mobile World Congress in Barcelona – and rightfully so. The company chose the world’s largest mobile industry trade show to launch its newest phones, the Galaxy S6 and S6 Edge, to the 93,000 industry influencers in attendance. Samsung also hosted an Enterprise Mobility Showcase, where guests could “hear [Samsung’s] business strategy with key strategic partners, and meet the industry opinion leaders who are working with them.” NCP engineering is proud to have been one of those featured partners. As part of that presentation, Samsung revealed a case study exploring how it developed a secure smartphone – the KNOX – that could be used by officials from E.ON, a German electric utility. NCP’s role involved outfitting the phone with one of its most important elements – secure remote access capabilities. Because of the sensitive nature of the information passing through those devices, and the fact E.ON supplies critical infrastructure to Germany, Samsung and NCP had to follow stringent requirements laid out by the Federal Office for Information Security (BSI), the German national security agency. The BSI lists several factors for secure mobile communication, all of which Samsung and NCP had to abide by, including: Secure digital identity certificates issued by a trust center per system/user, All security operations in the device based on this digital identity, Secure two-factor authentication, Encryption of all stored local data, Secure data communication between the mobile device and the related server, Secure boot process, Controlled process for installing additional software (digital signature). The Samsung KNOX meets these requirements through integrations with etaSuite, which provides... read more

SXSW: Three Cybersecurity, Remote Access Takeaways from Austin

The South by Southwest (SXSW) Interactive Festival wrapped up last week in Austin, Texas, where 65,000 industry movers and shakers learned about some of the most innovative technology expected to hit the market over the next few years. What was on the minds of presenters, panelists, and attendees alike? “The Future” – all of its possibilities and its promise. Given all of these technology advancements, it makes sense that some of the panels and conversations happening in Austin took on a more cautious tone and focused on the surrounding cybersecurity concerns. We’ve identified three panels from SXSW that addressed cybersecurity directly – or brought to light security issues that weren’t on the agenda – and provide these lessons for each. 1. ‘Everything is Connected, Everything is Vulnerable’ Marc Goodman is hardly the first network security expert to predict that cyberthreats will become increasingly pervasive and damaging in the coming years. But few people have gone into such detail about these threats, as Goodman did during his SXSW panel, “Future Crimes of the Digital Underworld.” Goodman, the author of “Future Crimes: Everything Is Connected, Everyone Is Vulnerable,” brought with him to Austin a laundry list of possible new targets for hackers, including but not limited to Internet of Things devices like pacemakers, baby monitors, insulin dispensers, and even drone aircraft. He warned, “We’re not going to solve these problems by burying our heads and pretending they don’t exist.” For network administrators, that means acknowledging that these devices could enter their workplace, and then taking steps to neutralize any threat they may pose. As we’ve written before when discussing the Internet... read more

Open Haus: Wi-Fi and Seamless Roaming for Mobile Workers

When you hear the term “mobile worker,” what image comes to mind? Is it the employee who is constantly taking his laptop into different corners of the office, working from their desk, conference rooms and couches? Or is it the “road warrior” executive who works from airports, trains, cafés, hotels and anywhere else she can find a Wi-Fi or 3G/4G connection? Whatever you picture, the fact is that mobility is now a key expectation of many employees. Those who work from laptops, tablets and other mobile devices need to be certain that the technology they depend on is able to follow them from place to place, without any service interruption. As an example, remote workers often use a VPN to securely connect to their corporate network, no matter their location. But what happens if their network connection changes? Imagine an employee who works on her laptop while commuting by train, but constantly loses her Wi-Fi connection as she travels. You’d think that every time the network connection switches between Wi-Fi and 4G, she would need to log into her VPN. The employee would get frustrated and not be nearly as productive. To avoid this scenario and others that impede mobile working, NCP engineering developed two key additions to its Remote Access VPN solution – Wi-Fi roaming and seamless roaming. With these features, the VPN tunnel connection is constantly maintained without disrupting the user’s computing session, even if their network connection changes. Here’s how these two features enhance NCP engineering’s Remote Access VPN solution: Wi-Fi Roaming Say a remote worker moves within the range of several wireless access points using... read more

How to Manage Secure Communications in M2M Environments

For all the talk of the Internet of Things (IoT) and machine-to-machine (M2M) communications making our lives easier, there always seems to be a cautionary tale involving security of these devices around every corner. Take self-driving cars – something it seems like almost everyone would want. That is, until last summer, when the cybersecurity community raised a red flag around connected cars, and the possibility that hackers could tap into a vehicle’s network and disrupt its operating system. The same concerns have followed connected televisions. As of a year ago, smart TVs had taken over about one-third of the flat-screen television market. Then, just last week, news outlets picked up on the possibility that Samsung’s smart televisions could effectively “eavesdrop” on conversations, and that the company could then pass that information along to third parties. Although these specific examples are recent, questions about network security in M2M communications and the IoT are not new. ZDNet flagged the issue back in January 2013, in an article that posited security concerns could prevent M2M from reaching its full potential. REGISTER FOR WEBINAR Although M2M communications have actually been common for decades, they have never before been quite as widespread as they are now, and they now communicate over the open, public Internet, versus being confined to limited, secure networks. As NetIQ’s Ian Yip told ZDNet, in many cases security is an afterthought – it is something that is a “retrofit” to M2M. This is a mistake. Security needs to be considered from the very beginning. M2M security is already difficult enough, as human beings aren’t even part of the communications process.... read more

Europe: More than Just ‘Stumbling Forward’ to Improved Cybersecurity

Two years ago almost to the day, months before cyberattacks entered the world’s collective consciousness, the European Union took the bold step of publishing an ambitious cybersecurity strategy. The strategy aims to outline the best path forward for identifying and responding to emerging digital threats. Orchestrators of the plan, “An Open, Safe and Secure Cyberspace,” believed that it would be a central step towards creating an environment in which the digital economy could thrive, having so far been largely isolated from attacks but known to be vulnerable. As the European Commission’s Catherine Ashton said, “For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online.” Since its inception in 2013, the EU’s Cybersecurity Strategy has focused on five pillars, namely: Achieving cyber resilience Reducing cyber crime Building cyber defense policies Deploying new cybersecurity technologies Creating a central international cybersecurity policy. Even in this short period of time, significant strides have been made towards adoption. The NIS Directive has been a cornerstone piece of legislation resulting from the plan. It requires EU member states to adopt a national strategy that “sets out concrete policy and regulatory measures to maintain a level of network and information security.” The Directive also requires private entities to disclose major cyberattacks. As Defense One points out, this amount of progress is no small feat, as institutions within the EU generally “stumble forward” because of the fragmentation that is inherent to the union. In the case of the Cybersecurity Strategy, three separate EU institutions – the Directorate General for Home Affairs, the European Council and European External Action... read more

White House Turns Attention to Cybersecurity

Cyberattackers and hackers operate in the shadows, lurking away from where conventional law enforcement can easily identify and investigate them. They prefer secrecy and anonymity. But they may not have that luxury any longer – not since the federal government and the White House, specifically, have escalated their focus on cybersecurity. First, President Barack Obama addressed the issue during his State of the Union address earlier this month, declaring, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.” To back up his comments, the president also submitted a budget proposal that allocates funding toward combating cyberattacks. In the initial proposal, the president called for cybersecurity spending to increase by 10 percent to $14 billion – all in an effort to improve detection of and response to the kinds of massive attacks that have plagued both the public and private sector over the last year. Specifically, the budget proposal calls for: Improved data sharing Increased monitoring and diagnostics of federal computer networks More widespread deployment of the EINSTEIN intrusion detection and prevention system Government-wide testing and incident-response training New teams of engineers and technology consultants In the White House’s explanation of these budget items, it said, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.” The cybersecurity community has largely lauded the budget and the government’s increased attention to the issue,... read more

Two-Factor Authentication Transforms Even ‘123456’ Into a Secure Password

Since 2011, the same two passwords have ranked as the most common (and worst) among users. Care to take a guess as to what they are? You don’t have to be a savvy hacker to figure them out – “123456” and “password” have again topped the list this year. The good news is the prevalence of these two passwords in particular has fallen quite a bit, from 8.5 percent of all passwords in 2011 to less than 1 percent now. As a password to an individual’s Facebook or Tumblr account, these are probably adequate. The accounts they’re “protecting” are low-profile, unlikely targets, and hackers wouldn’t really gain much from breaking into them anyway. It’s a different story when a user sets up a work-related email or credit card account – much more likely targets of attackers – using these easy-to-crack passwords. Instead of using brute force and repeatedly trying passwords, hackers barely have to break a sweat or exert any effort. They can simply type in “1-2-3-4-5-6” or “p-a-s-s-w-o-r-d” and they’ll be granted entry on their first try. A gold mine of information suddenly materializes right at their fingertips. At first glance, network administrators appear to have a few different courses of action to prevent these types of weak passwords and shore up their network security. They could try employee education – teaching their workforce best practices when it comes to setting up their credentials. Or they could provide them with tools that both randomly generate secure passwords and then store them securely for easy recall. The problem with each of these solutions is that they’re really just temporary... read more

Battlefield Mobile: Threats Targeting In-Motion Endpoints Climbed in 2014

By now, cybersecurity veterans are well-versed in the most common attack vectors exploited by hackers to breach their corporate networks. Brute force attacks, phishing schemes, SQL injections – they’re all proven attack methods that network administrators prepare for and defend against. But what about the next frontier? What attack vectors and endpoints do hackers now think are most vulnerable? It starts with mobile devices. They look like the perfect target to many attackers, who think that they can exploit the fact that so many connections over these endpoints go unsecured and that these devices are so popular with employees – 74 percent of organizations use or plan to use BYOD. In addition to mobile, another frontier could be devices that rely on machine-to-machine (M2M) communications, which create a scenario where human beings are entirely removed from the equation. As this small, isolated group of attack targets grows, network administrators need to be ready to fight back wherever hackers go, whether that’s on the mobile, M2M or some other battlefield. The Next Trends in Cybercrime The landscape of cyberthreats network administrators must be aware of is ever-evolving with the advent of new technologies and new criminal strategies. While there’s consensus in the security industry that mobile attacks will only increase in the coming years, the current prevalence of these incidents is really in the eye of the beholder. Only about 15 million mobile devices were infected by malware midway through 2014 – an infection rate of less than 1 percent. On the other hand, in the last year, mobile malware attacks did increase by 75 percent, off the back of... read more

Stay up to date

Subscribe for email updates

Connect With Us

Contributing Member

Want to contribute?

Want to contribute? Drop us a line at