OPM Breach Shows Need for ‘Nimble’ Government Network Security

No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions. If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million. Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.” Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM. Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network. Read Case Study Lessons from the Heartland Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with... read more

[WEBINAR] Two-Factor Authentication for Tighter VPN Security

If you think that passwords for online profiles are effective at preventing security breaches, consider these two new statistics: The average person has 19 passwords Four in five people say they forget their passwords To counter password forgetfulness, users often take steps that leave network administrators cringing. They may duplicate one password over multiple accounts. They could use birthdays or other numbers that can be easily guessed. Or they might write them down, sometimes in plain sight. Actions like these make it that much easier for attackers to successfully breach a network, and indeed, many recent breaches share a common origin – an employee’s password that was copied, discovered or given away. To counter this wave of password theft, an avalanche of popular sites and apps, including Google, Amazon, Facebook and now even Snapchat, have replaced one-dimensional passwords with a form of user login credentials that help better protect sensitive information. Download Whitepaper Enter two-factor authentication. This approach combines two (or more) methods of credentials authentication to establish the unambiguous identification of each user, including: Something Users Know: Password, PIN, one-time password (OTP), certificate Something Users Have: Token or calculator (with OTP), soft token, text message (with OTP), machine/hardware certificate, smartcard, trusted platform module (TPM) Something Users Are: Fingerprint, face recognition, iris recognition, keystroke dynamics Network administrators have all these options at their disposal, and the idea is to pick at least one form of authentication from two of the lists. An administrator may even pick a factor from all three lists, or combine multiple items from each. With this additional protection, users gain the convenience of anywhere-anytime access without... read more

NCP Channel Alliance Partner Program Takes Center Stage at Channel Link 2015

Given that three in four executives now say Bring-Your-Own-Device (BYOD) initiatives pose the greatest security risk to their companies, it shouldn’t be surprising that companies have tasked their IT departments with finding effective ways to guarantee secure remote access for users. Often, this means network administrators have to identify partner vendors that can provide secure remote access solutions, including VPNs. Here at NCP engineering, we’ve heard enough customer success stories to know that our NCP Secure Entry Clients are the centerpiece around which any remote access infrastructure should be built. That’s why we’re proud to be attending Tech Data’s Channel Link 2015, June 17-20, in Dallas, where we’ll be sharing information about our Channel Alliance Partner Program. The program, which has been in place since 2009, now includes 42 North American partners – 14 of which are new – that are able to access services from NCP, including business transformation training, advice on how to better incorporate cloud solutions into their current offerings, and training to simplify hosting and managed services concepts. NCP’s appearance at Channel Link comes just a few months after we reached a distribution agreement with Tech Data, one of the world’s largest wholesale distributors of technology products. Through the agreement, NCP is better able to meet demand from North American service providers in the channel for secure remote access. Specifically, end users are able to tap into our market-leading remote access VPN client, equipped with one-click logon, a fast connection, and always-on reliability. Together, the Channel Alliance Partner Program that we’ll be featuring at Channel Link, along with the Tech Data agreement, showcase NCP’s ability... read more

Two’s (or More) Company: How to Use Two-Factor Authentication the Right Way

These days, you need a password to access every aspect of your digital life, and we all know how problematic that can be. You can either come up with a unique (albeit difficult-to-remember) password for every website, or use easy passwords, or even duplicates, that leave your accounts insecure. Fortunately, many prominent websites today – Dropbox, Google, Apple, Facebook and PayPal – all support a security approach known as two-factor or multi-factor authentication. And it’s easy to see why. This process enhances security by adding another step (or more) to the user verification process, making even risky passwords much stronger. That’s because in addition to the factor that a user knows (a password), every login attempt requires the user to supply a factor he or she owns, such as a one-time access code or PIN sent to their mobile device via SMS text or email, and/or one that reflects who they are, like a fingerprint. Through this relatively simple extension of the traditional authentication scheme, a lost or stolen password becomes plain useless to a hacker. No successful login is possible without the additional factor or factors. If your security demands are higher than average, it’s also important to generate the second authentication code, or OTP, only when the user has already started the session and the first factor has been exchanged successfully. It might be simpler to implement and roll out tokens with pre-fabricated codes, but this kind of implementation is inherently easier to compromise, but is still almost impossible to break. As a rule, token solutions require a seed that contains the base data for generating the... read more

Why Outsourcing Remote Access Management Isn’t the Answer for SMBs

“How do you keep your data secure when you’re a data anchovy in a sea of hacker sharks?” When the Wall Street Journal’s John Bussey posed this question in 2011, the corporate network security landscape was drastically different. Employees weren’t using company-managed smartphones at a rate of 64 percent. Nine out of every 10 employees weren’t keeping sensitive business information on devices they use for both work and personal matters. Yet, even then, SMB network administrators were concerned about their security, and feeling like vulnerable little fish with bigger, more aggressive fish circling. So concerned, in fact, that according to Bussey, many were reluctant to outsource network security services to a managed service provider (MSP), even though these companies would have both the expertise and resources required to keep their networks safe. At the time, many SMBs thought that the “hard disk under the receptionist’s desk” strategy was more effective than handing over control to a third party, even though these MSPs could provide data encryption, threat mitigation and other critical security services. SMBs thought to themselves: “Yes, but what if the host isn’t entirely well-protected? Or what if a peer company within the shared environment was attacked? Or what if hackers prioritized these target-rich environments?” These were real concerns then, and they still are now. So, should network administrators consider tapping into MSPs for network security in our current environment? The core issue is a common one in network security – convenience vs. security. The Debate The convenience vs. security debate comes to how SMBs go about securing communications. On one hand, SMBs could opt for convenience and... read more

Open Haus: VPN Path Finder

Whenever Katelyn O’Shaughnessy checks into a hotel, room size isn’t anywhere near her top concern. As she told the Los Angeles Times in a story about the hotel preferences of Millennials, “You can put me in a closet; as long as there is Wi-Fi, I’ll be happy.” If you were to survey hotel users, you’d probably find many of them share O’Shaughnessy’s perspective. These days, if you’re traveling, whether for work or for business, Wi-Fi is a necessity. And it can’t just be any Wi-Fi. It needs to be high-speed, reliable Wi-Fi that facilitates secure remote access through any mobile device. Unfortunately for travelers, the reality is that many hotels – and other public places that provide network access through hotspots – restrict user access settings by blocking IPsec ports and only allowing Internet access to web browsers. This is a major constraint for road warriors trying to access their corporate networks remotely via a VPN, as they could find themselves unable to establish a connection. To overcome this obstacle, NCP engineering developed VPN Path Finder – a proprietary remote access technology that automatically establishes a connection wherever Internet access is possible, providing the user with anywhere, anytime connectivity. How It Works Path Finder – recently recognized with a patent – is a central feature of the NCP Secure Client Suite. With Path Finder, users achieve highly secure mobile computing in every remote access environment, even across unknown networks like those you might find in a hotel, café, or on a plane or train. Whenever a public network has a firewall setting that blocks native IPsec traffic, Path Finder... read more

NCP engineering and Tech Data Expand Secure Remote Access to SMB Market

In what’s being described by the president of the National Small Business Association (NSBA) as “a step in the right direction,” the U.S. Congress decided to take up legislation that would help the small business community better protect itself from network security threats. During a hearing by the House Small Business Committee last Wednesday, NSBA President Todd McCracken went on to say, “Any legislation should provide clear, simple steps for companies to follow when their data is breached.” This support is imperative, McCracken said, because more than half of U.S. small businesses now say they have been victims of a cyberattack. Given this rocky landscape, small businesses – which often have less sophisticated network defenses – need help. And now, NCP engineering is better able to meet North American SMB demand for secure remote access through a new distribution agreement with Tech Data, one of the world’s largest wholesale distributors of technology products. The agreement expands NCP’s North American partner network and offers Tech Data’s SMB solution providers NCP’s Secure Entry Clients through its Advanced Infrastructure Solutions (AIS) division. Tech Data’s ecosystem also includes major VPN gateway vendors, including Cisco, Check Point and WatchGuard, which complement NCP’s solutions well. For now, the go-to-market strategy initially targets SMBs through Tech Data’s network of resellers, and will evolve to include the enterprise market, as NCP engineering CEO Patrick Oliver Graf told ChannelBuzz. He said, “[Going] SMB would let Tech Data see revenue success very quickly, which is an important objective.” The agreement will help SMBs be more proactive in protecting their networks – an important step, given that the average cyberattack... read more

How to Resolve the BYOD Stand-Off between Employees and IT

“Try to please everyone, and you’ll end up pleasing no one.” This is one of those classic, ubiquitous statements that can apply to any number of situations. Take the Bring-Your-Own-Device (BYOD) trend. To the employees whose jobs are made easier and more convenient by BYOD, the appeal of these initiatives is obvious. That’s why demand for BYOD is expected to increase by 25 percent between 2014 and 2019, driven by the consumerization of IT and increased mobile data speeds that meet enterprise-acceptable levels. Yet, on the other side of the spectrum, are the IT departments tasked with enforcing BYOD security frameworks. The same things that employees see as beneficial about BYOD – convenience and freedom of choice – are exactly what make IT departments so fearful. The two groups are fundamentally at odds. Users want, and demand, access to a broad range of personal mobile devices in the workplace. They want to be able to safely access work files on their phones while on-the-go and work from their homes on their personal laptops. Meanwhile, IT departments are tasked with protecting network security at all costs, and that means they are the ones who have to say “no,” and who have to restrict the technology employees are permitted to use in the workplace. That’s how BYOD “pleases no one” – users are frustrated by what they perceive to be restrictions on free use, while IT feels like it’s constantly engaged in an uphill fight against employees who frequently, both purposely and unwittingly, violate best practices around secure remote access VPN and BYOD. It’s the classic case of unstoppable force (in... read more

Open Haus: Friendly Net Detection

The prevalence of remote work has climbed steadily over the last decade thanks to advances in technology and attitudes towards the practice. According to Global Workplace Analytics, teleworking has increased about 80 percent between 2005 and 2012. Still, only a few million Americans consider their home, or somewhere other than an office, to be their primary place of work. What’s holding remote work back? A lot of it is cultural, as well as logistical, but there are also lingering security concerns. Despite the convenience of the practice, accessing the corporate network remotely doesn’t carry with it quite the same guarantee that a user’s end-to-end connection to the network is entirely secure. That’s why NCP engineering’s Remote Access VPN solution is equipped with Friendly Net Detection (FND), a technology that automatically recognizes safe, friendly networks or unsafe, unfriendly networks, no matter where the user may be, thereby protecting end devices against Internet attacks via 3G/4G, Wi-Fi and LAN. How it Works FND is a component of all NCP Secure VPN Clients, and since the FND server is installed independent of the VPN gateway, it’s therefore agnostic to any particular operating system or third-party vendor gateway. Once installed, the FND client is configured within the VPN client’s firewall settings. The feature works by forcing the network to identify itself to the end user’s device, and then dynamically activating or deactivating the appropriate firewall rules and security mechanisms, depending on whether it’s a known/secure/friendly network or an unknown/insecure/unfriendly network. If the FND client is successful in its attempt to contact and authenticate the FND server, then it can confirm that the device... read more

IT Security? “Yes Please,” says Uncle Sam – But Offers No Tangible Help

When it comes to IT security, government agencies around the world are aware of the challenges and risks small and medium-sized enterprises (SMEs) face. So it only figures that they offer help, in the form of initiatives aimed specifically at SMEs. Germany has one of the most active administrations in this respect, as it finances or supports a whopping 21 initiatives. And while the U.S. government would do well to follow Germany’s lead and further IT security by offering numerous assistance programs to SMEs, unfortunately, a recent study from management consultancy Detecon International shows that most U.S. initiatives are focused on admonitory finger-wagging rather than hands-on help with implementation. Yet, hands-on help is exactly the type of assistance that would have the biggest impact on raising the security level of SMEs. Most German public initiatives prioritize awareness of the issue at the upper management level. However, only a small part of the surveyed initiatives – 35 percent – can be mapped to concrete measures within the Federal Office for Information Security (BSI) IT baseline protection catalogs. Furthermore, 36 of 56 assistance programs analyzed lack a concrete goal with achievable benchmarks for success. Instead, they focus on information security as a whole and therefore try to pursue many targets at once, with a shotgun, light-handed effect. Naturally, IT security has to be approached holistically. There is no use securing remote access for employees with a VPN when a company’s Wi-Fi network is open and therefore accessible from outside the enterprise. But because SMEs have usually only limited resources at their disposal, it is important to prioritize and focus on the... read more

The Cloud is Covered: VPNs Enhance Data Security in the Cloud

Cloud computing not only introduces a new level of flexibility for enterprise IT services, but it often improves data security, too. A cloud provider that has to adhere to stringent privacy and compliance regulations typically has more know-how and access to more resources than a small- or medium-size company. But it is just not possible to rely on a cloud provider for every aspect of data security. In the end, the company is responsible for its own data. Many aspects of data security are beyond the purview of the cloud provider, but at least it is responsible for checking all certificates and knowing which ones are relevant. However, all basic security measures are the responsibility of the company. Among them is the protection of the data-in-transit between the company’s LAN and the data center in the cloud. The easiest way to ensure this protection is to use a location-to-location VPN tunnel. If a VPN solution is already being used, the company has to make sure there aren’t any compatibility issues between its VPN gateway and the gateway at the cloud provider’s site. The VPN standards IPsec and SSL have been in use for many years and are tried and trusted, greatly reducing the potential for trouble. Usually the cloud data center provides a virtual machine on which the company installs another instance of its VPN gateway solution. Major solution providers like Microsoft Azure, Amazon Web Services and Google Compute Engine provide extensive how-to guides and online manuals explaining how to assure compatibility with a VPN. Most providers even relieve the customer of that process by offering a turnkey, managed... read more

Mobile World Congress: E.ON Achieves Secure Remote Access with Samsung, NCP

Last month, Samsung hosted one of the largest, most-visited booths at Mobile World Congress in Barcelona – and rightfully so. The company chose the world’s largest mobile industry trade show to launch its newest phones, the Galaxy S6 and S6 Edge, to the 93,000 industry influencers in attendance. Samsung also hosted an Enterprise Mobility Showcase, where guests could “hear [Samsung’s] business strategy with key strategic partners, and meet the industry opinion leaders who are working with them.” NCP engineering is proud to have been one of those featured partners. As part of that presentation, Samsung revealed a case study exploring how it developed a secure smartphone – the KNOX – that could be used by officials from E.ON, a German electric utility. NCP’s role involved outfitting the phone with one of its most important elements – secure remote access capabilities. Because of the sensitive nature of the information passing through those devices, and the fact E.ON supplies critical infrastructure to Germany, Samsung and NCP had to follow stringent requirements laid out by the Federal Office for Information Security (BSI), the German national security agency. The BSI lists several factors for secure mobile communication, all of which Samsung and NCP had to abide by, including: Secure digital identity certificates issued by a trust center per system/user, All security operations in the device based on this digital identity, Secure two-factor authentication, Encryption of all stored local data, Secure data communication between the mobile device and the related server, Secure boot process, Controlled process for installing additional software (digital signature). The Samsung KNOX meets these requirements through integrations with etaSuite, which provides... read more

SXSW: Three Cybersecurity, Remote Access Takeaways from Austin

The South by Southwest (SXSW) Interactive Festival wrapped up last week in Austin, Texas, where 65,000 industry movers and shakers learned about some of the most innovative technology expected to hit the market over the next few years. What was on the minds of presenters, panelists, and attendees alike? “The Future” – all of its possibilities and its promise. Given all of these technology advancements, it makes sense that some of the panels and conversations happening in Austin took on a more cautious tone and focused on the surrounding cybersecurity concerns. We’ve identified three panels from SXSW that addressed cybersecurity directly – or brought to light security issues that weren’t on the agenda – and provide these lessons for each. 1. ‘Everything is Connected, Everything is Vulnerable’ Marc Goodman is hardly the first network security expert to predict that cyberthreats will become increasingly pervasive and damaging in the coming years. But few people have gone into such detail about these threats, as Goodman did during his SXSW panel, “Future Crimes of the Digital Underworld.” Goodman, the author of “Future Crimes: Everything Is Connected, Everyone Is Vulnerable,” brought with him to Austin a laundry list of possible new targets for hackers, including but not limited to Internet of Things devices like pacemakers, baby monitors, insulin dispensers, and even drone aircraft. He warned, “We’re not going to solve these problems by burying our heads and pretending they don’t exist.” For network administrators, that means acknowledging that these devices could enter their workplace, and then taking steps to neutralize any threat they may pose. As we’ve written before when discussing the Internet... read more

Open Haus: Wi-Fi and Seamless Roaming for Mobile Workers

When you hear the term “mobile worker,” what image comes to mind? Is it the employee who is constantly taking his laptop into different corners of the office, working from their desk, conference rooms and couches? Or is it the “road warrior” executive who works from airports, trains, cafés, hotels and anywhere else she can find a Wi-Fi or 3G/4G connection? Whatever you picture, the fact is that mobility is now a key expectation of many employees. Those who work from laptops, tablets and other mobile devices need to be certain that the technology they depend on is able to follow them from place to place, without any service interruption. As an example, remote workers often use a VPN to securely connect to their corporate network, no matter their location. But what happens if their network connection changes? Imagine an employee who works on her laptop while commuting by train, but constantly loses her Wi-Fi connection as she travels. You’d think that every time the network connection switches between Wi-Fi and 4G, she would need to log into her VPN. The employee would get frustrated and not be nearly as productive. To avoid this scenario and others that impede mobile working, NCP engineering developed two key additions to its Remote Access VPN solution – Wi-Fi roaming and seamless roaming. With these features, the VPN tunnel connection is constantly maintained without disrupting the user’s computing session, even if their network connection changes. Here’s how these two features enhance NCP engineering’s Remote Access VPN solution: Wi-Fi Roaming Say a remote worker moves within the range of several wireless access points using... read more

How to Manage Secure Communications in M2M Environments

For all the talk of the Internet of Things (IoT) and machine-to-machine (M2M) communications making our lives easier, there always seems to be a cautionary tale involving security of these devices around every corner. Take self-driving cars – something it seems like almost everyone would want. That is, until last summer, when the cybersecurity community raised a red flag around connected cars, and the possibility that hackers could tap into a vehicle’s network and disrupt its operating system. The same concerns have followed connected televisions. As of a year ago, smart TVs had taken over about one-third of the flat-screen television market. Then, just last week, news outlets picked up on the possibility that Samsung’s smart televisions could effectively “eavesdrop” on conversations, and that the company could then pass that information along to third parties. Although these specific examples are recent, questions about network security in M2M communications and the IoT are not new. ZDNet flagged the issue back in January 2013, in an article that posited security concerns could prevent M2M from reaching its full potential. REGISTER FOR WEBINAR Although M2M communications have actually been common for decades, they have never before been quite as widespread as they are now, and they now communicate over the open, public Internet, versus being confined to limited, secure networks. As NetIQ’s Ian Yip told ZDNet, in many cases security is an afterthought – it is something that is a “retrofit” to M2M. This is a mistake. Security needs to be considered from the very beginning. M2M security is already difficult enough, as human beings aren’t even part of the communications process.... read more

Europe: More than Just ‘Stumbling Forward’ to Improved Cybersecurity

Two years ago almost to the day, months before cyberattacks entered the world’s collective consciousness, the European Union took the bold step of publishing an ambitious cybersecurity strategy. The strategy aims to outline the best path forward for identifying and responding to emerging digital threats. Orchestrators of the plan, “An Open, Safe and Secure Cyberspace,” believed that it would be a central step towards creating an environment in which the digital economy could thrive, having so far been largely isolated from attacks but known to be vulnerable. As the European Commission’s Catherine Ashton said, “For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online.” Since its inception in 2013, the EU’s Cybersecurity Strategy has focused on five pillars, namely: Achieving cyber resilience Reducing cyber crime Building cyber defense policies Deploying new cybersecurity technologies Creating a central international cybersecurity policy. Even in this short period of time, significant strides have been made towards adoption. The NIS Directive has been a cornerstone piece of legislation resulting from the plan. It requires EU member states to adopt a national strategy that “sets out concrete policy and regulatory measures to maintain a level of network and information security.” The Directive also requires private entities to disclose major cyberattacks. As Defense One points out, this amount of progress is no small feat, as institutions within the EU generally “stumble forward” because of the fragmentation that is inherent to the union. In the case of the Cybersecurity Strategy, three separate EU institutions – the Directorate General for Home Affairs, the European Council and European External Action... read more

White House Turns Attention to Cybersecurity

Cyberattackers and hackers operate in the shadows, lurking away from where conventional law enforcement can easily identify and investigate them. They prefer secrecy and anonymity. But they may not have that luxury any longer – not since the federal government and the White House, specifically, have escalated their focus on cybersecurity. First, President Barack Obama addressed the issue during his State of the Union address earlier this month, declaring, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.” To back up his comments, the president also submitted a budget proposal that allocates funding toward combating cyberattacks. In the initial proposal, the president called for cybersecurity spending to increase by 10 percent to $14 billion – all in an effort to improve detection of and response to the kinds of massive attacks that have plagued both the public and private sector over the last year. Specifically, the budget proposal calls for: Improved data sharing Increased monitoring and diagnostics of federal computer networks More widespread deployment of the EINSTEIN intrusion detection and prevention system Government-wide testing and incident-response training New teams of engineers and technology consultants In the White House’s explanation of these budget items, it said, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.” The cybersecurity community has largely lauded the budget and the government’s increased attention to the issue,... read more

Two-Factor Authentication Transforms Even ‘123456’ Into a Secure Password

Since 2011, the same two passwords have ranked as the most common (and worst) among users. Care to take a guess as to what they are? You don’t have to be a savvy hacker to figure them out – “123456” and “password” have again topped the list this year. The good news is the prevalence of these two passwords in particular has fallen quite a bit, from 8.5 percent of all passwords in 2011 to less than 1 percent now. As a password to an individual’s Facebook or Tumblr account, these are probably adequate. The accounts they’re “protecting” are low-profile, unlikely targets, and hackers wouldn’t really gain much from breaking into them anyway. It’s a different story when a user sets up a work-related email or credit card account – much more likely targets of attackers – using these easy-to-crack passwords. Instead of using brute force and repeatedly trying passwords, hackers barely have to break a sweat or exert any effort. They can simply type in “1-2-3-4-5-6” or “p-a-s-s-w-o-r-d” and they’ll be granted entry on their first try. A gold mine of information suddenly materializes right at their fingertips. At first glance, network administrators appear to have a few different courses of action to prevent these types of weak passwords and shore up their network security. They could try employee education – teaching their workforce best practices when it comes to setting up their credentials. Or they could provide them with tools that both randomly generate secure passwords and then store them securely for easy recall. The problem with each of these solutions is that they’re really just temporary... read more

Battlefield Mobile: Threats Targeting In-Motion Endpoints Climbed in 2014

By now, cybersecurity veterans are well-versed in the most common attack vectors exploited by hackers to breach their corporate networks. Brute force attacks, phishing schemes, SQL injections – they’re all proven attack methods that network administrators prepare for and defend against. But what about the next frontier? What attack vectors and endpoints do hackers now think are most vulnerable? It starts with mobile devices. They look like the perfect target to many attackers, who think that they can exploit the fact that so many connections over these endpoints go unsecured and that these devices are so popular with employees – 74 percent of organizations use or plan to use BYOD. In addition to mobile, another frontier could be devices that rely on machine-to-machine (M2M) communications, which create a scenario where human beings are entirely removed from the equation. As this small, isolated group of attack targets grows, network administrators need to be ready to fight back wherever hackers go, whether that’s on the mobile, M2M or some other battlefield. The Next Trends in Cybercrime The landscape of cyberthreats network administrators must be aware of is ever-evolving with the advent of new technologies and new criminal strategies. While there’s consensus in the security industry that mobile attacks will only increase in the coming years, the current prevalence of these incidents is really in the eye of the beholder. Only about 15 million mobile devices were infected by malware midway through 2014 – an infection rate of less than 1 percent. On the other hand, in the last year, mobile malware attacks did increase by 75 percent, off the back of... read more

The Risk Within: Could an Ex-Employee Be Responsible for the Sony Hack?

One month ago, we asked, “What network security lessons can we learn from the Sony attack?” Since then, new information has been slow to trickle out, save for the FBI’s mid-December statement that assigned responsibility to the North Korean government. Despite the seeming finality of that announcement, many in the cybersecurity community are still not convinced of North Korea’s sole culpability. In fact, some have even gone as far as to construct counter-narratives to identify the responsible parties. One of the more vocal opponents of the FBI’s North Korea theory has been Norse, a cyber-intelligence provider. Kurt Stammberger, the company’s senior vice president, recently laid out his case to the Huffington Post as to why he thinks that internal factors – specifically, an ex-employee of Sony – may have been central to the breach. As Stammberger detailed, the malware deployed in the hack contained Sony credentials, server addresses and digital certificates. He said, “It’s virtually impossible to get that information unless you are an insider, were an insider, or have been working with an insider.” While this evidence is compelling by itself, even if an insider is ultimately found not to have been involved in the attack, Norse’s assertion has already provided those in IT and cybersecurity with plenty to think about when it comes to the damage ex-employees can do on their way out the door. The Risks Inherent to Network Privilege On their first day at work, IT departments provide employees with all the tools they’ll need to do their jobs – the devices themselves, the necessary access credentials, remote access capabilities and more. The problem is, once... read more

Ex-Employees: All the Best, But Can We Have Our Personal Emails Back, Please?

It doesn’t matter if employees leave a company on unpleasant terms or quite amicably – it is absolutely essential that enterprises have solid, well-defined termination processes in place, and that they’re followed to the letter. In their final days at a company, employees can demand various personal documents, depending on local regulations. A final paycheck and unclaimed vacation days also need to be sorted out. A smooth termination process is a good business practice and documenting it in a written agreement, signed by both parties, helps to avoid misunderstandings. Putting this type of process in place is inexpensive, and in the long run costs nothing at all. A well-defined process also contributes tremendously to the overall integrity of the corporate network security structure, in that companies that follow these processes, drastically reduce the danger of sensitive information being leaked whenever an employee leaves the company. As part of the termination process, employees should confirm they have read and deleted all private emails on the companies’ servers, are no longer storing private data in the LAN, have transferred all personal data, e.g. phone numbers, videos, photos and text messages, from company-owned mobile devices, and that all other private information has either been deleted completely or transferred to a private data storage device. It’s also important that both sides acknowledge the hand over of all private data and that no more data is residing on the companies’ servers. In Germany, where employers are granted full ownership of email, failure to do so could create legal repercussions for companies. As a decision by the Higher Regional Court Dresden (4 W 961/12) explains,... read more

The Holidays Bring Both Cheer and Fear to Network Administrators

Almost one year ago to the day, the “most wonderful time of the year” became anything but for millions of Americans when news of the Target data breach broke. Not only did that attack force us all to think twice about how our digital information is managed, it forever changed the network security landscape and put IT administrators in a perpetual state of high alert. This holiday season, having suffered through a full year of attack after attack, network administrators have battened down the hatches even further, living in constant fear that their organization could become the next target of hackers. The silver lining is that these attacks have forced IT departments to re-evaluate their internal security policies, and at least raise awareness of how crucial it is – if not actually put in place – the infrastructure necessary to protect their organizations. But despite now having a better understanding of the landscape of cyberthreats and vulnerabilities, as well as having shored up their cyber defenses, IT departments must remain vigilant towards the potential cyberthreats lurking in the shadows this holiday season. From the new technologies employees receive as gifts, to the vulnerabilities that could arise from employees accessing the corporate network remotely, there’s plenty for network administrators to be preoccupied by this time of year. New Gifts, New Threats? For a few holiday seasons now, mobile devices, Internet of Things trinkets and wearable technology have been at the top of consumer gift lists. They’re popular nearly to the point of ubiquity, which is actually bad news for the network administrators who have to account for employees connecting these... read more

What Network Security Lessons Can We Learn from the Sony Attack?

Hollywood is a place that can be driven mad by star-studded gossip, where the talk of the town is rarely private and where people are accustomed to their secrets not staying secret for very long. Yet, this state of play hasn’t made it any easier for the victims of last month’s cyberattack against Sony, carried out by shadowy assailants calling themselves the Guardians of Peace. As the public knows by now, it seems as though the attackers spared nothing in their initial leak of 27 gigabytes worth of data. They released the type of information that seems to be exposed after seemingly every corporate hack, from the personal information of employees to the company’s classified assets, which in this case even included the script for an upcoming James Bond film. But that wasn’t all. They also exposed the kind of information unique to an entertainment giant like Sony – the lurid Hollywood gossip, revelations of celebrity aliases and even off-the-record studio executives’ opinions about some of today’s box office smashes. Sony’s Imperfect Network Security History So how could this have happened? Although the finger-pointing has been ongoing since the attackers revealed themselves to Sony employees at the end of November, what’s clear is that the malware used by the Guardians of Peace was undetectable by antivirus software, and, as is often the case with attacks as broad as these, human error within Sony – passwords that were both easy to crack and stored in a file directory marked “passwords” – may also have been a factor. Unfortunately, these aren’t new criticisms of the company. Sony’s network security defenses, from... read more

The Trouble with the Endpoint

Much to the dismay of network administrators, IT security today is complex and multi-faceted, from the varied attack vectors to the different types of attackers themselves. But there is always one constant: the endpoint. When those endpoints are attacked, and end users cannot access services, data and applications, it is futile for a business to even host and offer them. The client, that is the device, not the human being using it, has undergone enormous changes over the last decade, thereby putting the burden on IT professionals to evolve their networks accordingly. The PC, with Windows 95, was the starting point. Next came myriad Microsoft operating system updates, followed by new form factors like tablets and smart phones, which introduced a whole new dimension. With each new client, the applications changed as well. Browsers and apps opened up unfamiliar, sometimes encrypted, and sometimes proprietary, data channels, from the Internet right down to the file system. And of course, attackers have kept track of those changes and adapted their methods accordingly over the years. To cope with these ever-evolving forms of attack, network administrators developed innovative defense mechanisms. Classic anti-virus tools were followed by sandboxes that tried to detect and block malware by offering these programs a limited, simulated runtime environment. The most recent approach uses micro-VMs, which try to contain malware within the kernel process level. Additionally, businesses now use a whole arsenal of security measures, ranging from the humble password to two-factor authentication, firewalls and encryption, to name but a few. And nothing is wrong with these measures. After all, an endpoint that uses anti-virus software is better... read more

3 New Year’s Resolutions for Network Administrators

Although it’s been a historically troubling year for the cybersecurity community, the advantage of a new year is that network administrators can make a fresh start. The end-of-year Sony hack has brought even more mainstream attention to network security – not to say that a full year of prominent attacks didn’t – and this increased awareness should lead to healthier IT security budgets and more resources to prevent the next attack. When network administrators get back to work in 2015, here are three New Year’s resolutions they should focus on: 1. Take Back Control with Remote Access Central Management As IT administrators know all too well, employees often perceive a see-saw effect between their productivity and the degree of restrictions placed on the technology they use day-to-day. The fewer restrictions, the easier their jobs become, and vice versa. So, how can IT departments find middle ground? The answer is to selectively limit the ability of employees to access and share certain information. Unfortunately, as a report by the Ponemon Institute found, 80 percent of IT administrators say their companies do not enforce a “need-to-know” data policy. This is despite the fact that, as the report said, “An organization that reduces the amount of data employees have access to … and streamlines their processes for granting access will likely benefit from more productive employees.” The New Year’s lesson here for network administrators is to take back some power from employees. Just as some of the most common New Year’s resolutions focus on regaining control of some aspect of your life, whether that’s financial (reducing debt), social (planning a vacation), or... read more

The Three Human Failures Behind Remote Access Shortcomings

Whenever news of a network security breach reaches the public airwaves, observers are quick to assign blame to some combination of technological shortcomings and human error that allowed an attacker to slip through the victim’s cyber defenses. When it comes to remote access in particular, network security is even more dependent on technology like VPNs, and employees who do their part and follow company protocol. Unfortunately, network administrators often find themselves in a position where, due to human imperfection, remote access technology is the constant that protects their network. Here are the three types of people who are guilty of common, understandable human errors that network administrators need to have on their radar, and try to protect against, as they build a network security infrastructure: The Strained IT Pro Information security professionals are modern-day gladiators, fighting back against complex network security threats, internal and external, as quickly as they form. Yet, as a Ponemon Institute study revealed earlier this year, many IT departments are overburdened as they try to defend against all of these threats at once. The problem is actually two-fold: a dearth of talent to fill positions (according to the study, 70 percent of the organizations say they do not have sufficient IT security staff) and turnover in security positions that can be filled (CISOs leave their positions, on average, after 2.5 years). The result is that IT departments, despite their best efforts, cannot defend against every attack particularly as cyberattackers diversify and expand their efforts in the coming years. The Oblivious Employee For companies that lack a consistent frontline defense by their IT staff, employees are next... read more

Cyber Threats in 2015: New Attack Vectors, More Severe Incidents

One year ago today, Target was gearing up for Black Friday sales and projecting a strong end to the year. That was the company’s primary focus. The same could be said for Neiman Marcus and Home Depot. And no one had even heard of Heartbleed or Shellshock yet. Needless to say, much has changed in the last year. If 2014 ends up going down in the history books as the “Year of the Cyberattack,” then what does 2015 have in store for network administrators? We’re already started to see the predictions start to roll in, the first coming from the report, “The Invisible Becomes Visible,” by Trend Micro. The report paints the new network security threat landscape as becoming much more broad and diverse than it has ever been, evolving beyond the advanced persistent threats (APTs) and targeted attacks that have been the favorite weapon of hackers. Trend Micro CTO Raimund Genes told InfoSecurity that cyberattack tools now require less expertise to use and don’t cost as much. He listed “botnets for hire … downloadable tools such as password sniffers, brute-force and cryptanalysis hacking programs … [and] routing protocols analysis” as just a few of hackers’ new favorites. Given these new threats, how can network administrators shore up their network security for 2015 and beyond? The ‘Three-Legged Stool’ of Network Security As network administrators build out their network security infrastructure, it’s best to focus on the so-called “three-legged stool” approach – prevention, detection and response. Network security cannot be limited to simply installing prevention measures and hoping for the best. Why? Because there is no one universal, surefire way... read more

7 Security Threats You May Have Overlooked

If there’s been a silver lining to the string of devastating cyberattacks against some of the biggest organizations in the world over the last year, it’s that the list of “what not to do” has continued to grow, putting other companies on notice. If you use a third-party vendor, for example, make sure their networks are just as secure as your own. When there are known security vulnerabilities, reconsider using end of life operating systems like Windows XP on your devices. These are some of the most prominent recent lessons, but there are plenty of other threats to network security lurking just below the surface. And these are the vulnerabilities that attackers will look to exploit. After all, why would they target a well-defended vector when there may be an easier point-of-entry somewhere else? That would be like a burglar trying to break down a locked door, instead of checking first to see if maybe a window was left cracked open. In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks. Here are seven to think about: 1. Rogue Employees 2. Delayed Device Deprovisioning 3. A Single, Vulnerable Security Vendor 4. Out of Date Software 5. Failure to Adapt to New Technology 6. Security Solutions and Policy Misalignment 7. Shadow IT REGISTER FOR WEBINAR Most working environments would be lucky to be vulnerable to only one of these. The reality is,... read more

Stay up to date

Subscribe for email updates

Connect With Us

Contributing Member

Want to contribute?

Want to contribute? Drop us a line at editor@vpnhaus.com