Threats at Public Hotspots

Germany is reported to be increasingly left behind in terms of digitization in public spaces. The reason: There are just not enough hotspots available. A political decision has now been taken to abolish any “disturber“ liability (“Störerhaftung” under German law). This means, the door has been closed for any business models based on cease and desist letters. This will pave the way for more free hotspots in cafés, at airports, train stations and hotels.

Many professionals frequently use free Internet access in remote locations, especially when they travel, making them easy targets for hackers. And while most encrypt their private Wi-Fi to ensure data protection and IT security related to corporate network access, they seldom take the same precautions when surfing the Internet or checking email from public hotspots.

Open Haus: Automatic Hotspot Logon

If you were a hacker targeting a network, which would be most appealing – a network contained in a residential building, an office or corporate facility, or a public place? The information contained on the network of a residential building probably wouldn’t be particularly valuable, and it would also be well-protected. You’d face even more security if trying to attack a corporate network, so that probably wouldn’t be your best option either. You’d probably target a public network – one in an airport, coffee shop or hotel – over which users dealing with sensitive information would try to connect, perhaps without having the same security protections they would have if they were in their home or office. Public networks can be vulnerable, and they do make popular targets. Consider all the possible threats – from snooping and evil twin schemes to narrowband jamming and replay attacks – hackers can deploy against these networks. It’s also important to consider that there are now many more public hotspots than there were even a few years ago – global Wi-Fi hotspots are expected to triple from 1.3 million in 2011 to 5.8 million this year. For business users in particular, hotspot connections are ideal for when they’re at day-long events (when using mobile data on their phone or tablet would quickly drain their battery) or when they travel abroad (to avoid costly roaming fees). For these users, and for anyone else who relies on hotspots for secure remote access, NCP engineering has integrated Automatic Hotspot Logon into its NCP Secure Client. How It Works A safeguard protecting the end device against attack...

Staying Secure at Trade Shows

By Nicholas Greene With RSA 2012 kicking off next week, then Interop and BlackHat just around the corner after that – we are officially in trade show season. Of course, every show brings with it the challenge of connecting to its official Wi-Fi connection to plug back into corporate headquarters to do everything from email to sending documents and beyond. And as most of us know, this could invite a barrage of security vulnerabilities. Of course, at IT conferences like Interop and Black Hat, you’ll find yourself with a better class of wireless network– it’s more or less a given that their Wi-Fi connections will be more secure than those at many other trade shows, as the organizers know enough to take an active role in securing the data of attendees. But the real risks come in when, for example, connecting via a hotel or a café near the show – or worse, a rogue unsecured network that tricks users into signing on with a strangely “official sounding” name. So how will you stay safe this trade show season? In short, VPNs are the key. A VPN will give you all the security you’d get from a private network, and places it into a public arena; opening the requisite ports for easier connectivity, keeping your activities anonymous from others on the network, and encrypting any data you send between yourself and the server. Unlike with unsecure (and even secure) wireless networks, no known exploits currently exist that are capable of subverting the security on most of the well-designed Virtual Private Networks. While it’s certainly true that a user connected...

Myth 6: RSA SecurID provides a secure connection.

Today’s SSL myth tackles the topic of RSA SecurID. The prevailing myth is that RSA SecurID provides a secure connection – but of course, this isn’t so.  The RSA SecurID token authentication system is a two-factor authentication method, which is the most common secure access method in the U.S. with 40 million users. The RSA SecurID token authentication method uses the RSA ACE Server, which is a clock synchronization key scheme. It works on a timing frequency that changes the token keys so that they never seem to be the same. The frequency and the seed key were both found on the RSA ACE Server, which was hacked by perpetrators on March 18, 2011. Here is the way one inventor describes the scheme in his patent granted in 2008: “The pseudorandom token codes are only valid during a short time that they are displayed (e.g. 30 seconds). A hash function that generates the pseudo-random token code takes a current time and a secret key as inputs. The secret key is provided to the token by the manufacturer and then provided to the authentication server. ” This scheme makes the authentication system very time sensitive. If an authentication server and token have clocks that diverge, the system quickly breaks. Also, the security of the leading hash function has been called into question.” The inventor is referring to a detailed cryptanalysis study by Springer-Verlag, 2003. These researchers found that the block cipher at the heart of the RSA SecurID hash function can be broken in a few milliseconds using a 2003-vintage PC.  Once again, myth debunked. Source: EMC...

FDE and VPN: Don't Throw out the Security Baby with the Legacy Bathwater, Part 1

By Cameron Laird In “Die, VPN! We’re all ‘telecommuters’ now–and IT must adjust,” John C. Welch accurately describes much of the changing landscape through which corporate computing is traveling now: Work is as likely to take place outside the office as in; Work in some domains has become as likely to take place on an employee’s device as one owned by the corporation; A large percentage of all work can be done through the Web; and “Endpoint” (in)security is nothing short of horrifying: the data equivalents of bars of gold are regularly walked unescorted through neighborhoods so bad they can’t help but end up in the wrong hands. The situation is unsustainable; what should be done? Welch’s conclusion: adopt full-disk encryption (FDE)–and ditch VPNs. His arguments for FDE have merit. The ones against VPN? Well, I expect to use VPNs for a long time into the future, and you should, too. Here’s why: What is VPN? First, let’s review the basics: information technology (IT) departments are responsible for computing operations. Computers have, in general, the capacity to make general-purpose calculations. This means both that IT is called on to perform a wide, wide range of tasks–everything from routing telephone connections in a call center, to control of machine actions in a steel plant, to running accounting programs in a hair salon–and also that there is inevitably more than one technique to complete each task or fulfill each requirement. Even the simplest analysis of the “remote problem” exhibits these characteristics. Let’s begin with Welch’s starting point: much of the work of the future will be done outside the conventional workplace,...