I don't think so. LulzSec last week supposedly threw up the white flag last week and decided to disband. Was this because the Anonymous group was going to go after them or because law enforcement was hot on their trail? I have a different theory.
I believe we will still see attacks by this group except it will be under a new name or a splinter faction. LulzSec drew a lot of attention over the last couple of months by their attacks on PBS and the Arizona DPS, and it was this attention that may have drew the ire of some hacker groups (Anonyomous Group) for bringing too much attention or stealing the limelight. It has been remored that there may have also been a splintering of LulzSec by those who did not want to draw this attention. Either way, I still believe we have not heard the last of LulzSec.
My take on Network IT Security issues and events.
Tuesday, June 28, 2011
Friday, June 3, 2011
Small and Medium Size Business...You to should be concerned about Cyber Attacks as well
Yesterday in the Financial Times was a report on the current issues surrounding Cyber Security. The report had many articles on current attacks to large enterprises and what we can can expect in 2011 (download the report here). One of the articles titled "Market chaos leaves small businesses as primary target", mentions an all too familiar issue with small to medium size businesses, the “accidental IT guy – or gal."
Small and medium size businesses sometimes have a person in charge of any IT issues that are put in that position because there is not a qualified person on staff or the duties just sorta of fall in their lap. Whatever the reason, the network then becomes vulnerable to cyber thiefs because they know the network may not be secure and an easy mark for an attack.
Due to the current fiscal crisis that a lot of small and businesses are growing through, IT security is usually put on the back burner. This usually leads to a vulnerable network, that a hacker may be able to attack and steal either data or financial information. Think about it, why would hackers try and go after a large enterprise with its security when it could go after a small or medium size business's unprotected network? If your business is collecting and type of data or financial information, your company is vulnerable. This is a growing problem and one that needs to be addressed if you want to protect your business.
What is the answer to this growing problem? Small and medium size business's need to have a trained IT security person on their staff or hire a security consultant to do a security audit for the whole company and a penetration test to ensure all vulnerabilities are addressed and countermeasures are in place.
In this day and age the worst thing a business can do is ignore a cyber threat because they think "It won't happen to our company." You never know it may have happened already and you just don't know it.
If you have any questions on small or medium size business IT security, please feel free to contact me:
wpruett@everestkc.net
Small and medium size businesses sometimes have a person in charge of any IT issues that are put in that position because there is not a qualified person on staff or the duties just sorta of fall in their lap. Whatever the reason, the network then becomes vulnerable to cyber thiefs because they know the network may not be secure and an easy mark for an attack.
Due to the current fiscal crisis that a lot of small and businesses are growing through, IT security is usually put on the back burner. This usually leads to a vulnerable network, that a hacker may be able to attack and steal either data or financial information. Think about it, why would hackers try and go after a large enterprise with its security when it could go after a small or medium size business's unprotected network? If your business is collecting and type of data or financial information, your company is vulnerable. This is a growing problem and one that needs to be addressed if you want to protect your business.
What is the answer to this growing problem? Small and medium size business's need to have a trained IT security person on their staff or hire a security consultant to do a security audit for the whole company and a penetration test to ensure all vulnerabilities are addressed and countermeasures are in place.
In this day and age the worst thing a business can do is ignore a cyber threat because they think "It won't happen to our company." You never know it may have happened already and you just don't know it.
If you have any questions on small or medium size business IT security, please feel free to contact me:
wpruett@everestkc.net
Tom Pruett
Security and Network Engineer Consultant
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEH, CHFI, A+, Network+, Security+
Security and Network Engineer Consultant
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEH, CHFI, A+, Network+, Security+
Wednesday, June 1, 2011
Latest Security Events - Two Different Issues, Same Result
In the past week 2 companies have been hit with security breaches regarding unauthorized access. Although both incidents are different in the mode of attack the outcome is still the same, unauthorized access causing downtime and loss of integrity in a system which in the long run will have more of a financial impact.
First Lockheed Martin is hit with authorized access surrounding the use of remote server access by employees using RSA token system. Right now Lockheed Martin is reporting that a remote server was hacked into and that the hacker gained access to a system by possibly using an RSA token. This is significant because RSA in March reported a security breach and that possibly tokens were stolen. Could a hacker have used a stolen token to access Lockheed Martin or could a Lockheed Martin employee token been stolen and used to gain access? The answer is not clear and we may never know. However swift action by Lockheed Martin's cyber-security unit prevented any more unauthorized access or breach of data.
Second, PBS reported thier website was defaced by hackers because of the airing of the
"Wiki Leaks story" last week. The hacking group claimed they were upset over the show and decided to show PBS the power of a hacking group. The website was restored and new security measures were added to prevent this type of attack in the future.
So what do these two different security breaches have in common? Both show what happens when "a threat + a vulnerablity = a breach." It can be assumed that Lockheed Martin, the largest supplier of military airplanes, has very good security. PBS, well since they are a non-profit company, they might not have the tightest security. Both Lockheed and PBS remind us that no matter what your company, vulnerabilities have to be addressed or eventually your company will either have a major disruption or downtime.
First Lockheed Martin is hit with authorized access surrounding the use of remote server access by employees using RSA token system. Right now Lockheed Martin is reporting that a remote server was hacked into and that the hacker gained access to a system by possibly using an RSA token. This is significant because RSA in March reported a security breach and that possibly tokens were stolen. Could a hacker have used a stolen token to access Lockheed Martin or could a Lockheed Martin employee token been stolen and used to gain access? The answer is not clear and we may never know. However swift action by Lockheed Martin's cyber-security unit prevented any more unauthorized access or breach of data.
Second, PBS reported thier website was defaced by hackers because of the airing of the
"Wiki Leaks story" last week. The hacking group claimed they were upset over the show and decided to show PBS the power of a hacking group. The website was restored and new security measures were added to prevent this type of attack in the future.
So what do these two different security breaches have in common? Both show what happens when "a threat + a vulnerablity = a breach." It can be assumed that Lockheed Martin, the largest supplier of military airplanes, has very good security. PBS, well since they are a non-profit company, they might not have the tightest security. Both Lockheed and PBS remind us that no matter what your company, vulnerabilities have to be addressed or eventually your company will either have a major disruption or downtime.
Wednesday, March 2, 2011
CISSP Exam - March 12th - Kansas City
The ISC2 CISSP exam is schedule for March 12th 2011 in Kansas City. Usually the Kansas City area schedules this exam twice a year. Well it’s that time, most people have been studying for a few months for this exam date and are now coming down to crunch time. Here are my 5 tips for success for the exam.
1. In the last few weeks of studying you should be going over the questions on the CCCure Quizzer. You can either do the free questions or pay $39.99 for the 6 month subscription. The pay option is well worth it.
2. Create a testing plan that will allow you time to take little breaks in between questions. You have 6 hours for the exam with no scheduled breaks and all breaks count against your test time. Using all of you allotted time is beneficial. Allowing yourself a 5 or 10 minute break after so many questions allows you to keep on schedule and not get behind or go to fast. Also remember to bring little snacks and something to drink which you can put in the back of the room during your breaks.
3. Do not cram the night before. In fact put all of your studying aside and have a quiet evening doing something you enjoy. Go to bed early and get a good night’s rest.
4. The morning of the exam, don’t drink a lot of caffeine and eat a little something for breakfast for energy. You do not want to waste too much time going to the restroom several times during the exam.
5. Remember to bring your certification ticket and two forms of ID. You will not be allowed in with any of these items.
Good luck on the exam.
Tuesday, March 1, 2011
Public WiFi - You are not alone..
One of the concepts I teach in both my consulting business and the classroom is when you are using free public WiFi access you have to take precautions because you are not alone. Public WiFi access is free but the security is not. Here is a scenario.
You are at your favorite coffee shop that offers free WiFi. You connect your laptop and surf out to Facebook or you go check your email. Now unbeknown to everyone in the coffee shop is a hacker that is "sniffing" the wireless network. Since you have no security protocols and access does not require any type of password or key, all of the wireless traffic can be recorded on a packet sniffer such as Wireshark, Cain & Abel, or NetResident. A packet sniffer is software that captures packets on a wired or wireless network. The packets captured show the network or internet traffic that a person is creating by surfing on the internet or while using the network. These packets will contain usernames and passwords that you type into a web browser as well as the location of all the sites you are browsing too. If you put any PII (Personal Identifiable Information) on the internet, the hacker can capture this information and sell it on the internet which would create "Identity Theft" for the user.
The hacker may even attempt to gain access to your laptop right there in the coffee shop as well. Also remember the hacker does not have to be in the coffee shop, they can be several hundred yards away using a special high gain antennae to access the wireless network.
Don't think this can happen to you? Check out what happend at a coffee shop in New York using a tool called Firesheep.
So is there such a thing as using a free wireless network safely? Yes, you can. You just have to follow a few simple rules to protect yourself.
1) If your on a company laptop, make sure you are using a VPN (Virtual Private Network) connection. This will encrypt your connection and you can safely access the internet through your company. Don't have a company vpn? Try AnchorFree, it is a free vpn client that anyone can install and use to surf the internet through a secure vpn server.
2) If you need to just check your email or access a web site make sure you are using https or ssl to ensure you are checking your email with a encrypted and safe connection.
3) If you are going to surf the internet in public try using a wireless phone modem device which you can purchase from your wireless carrier. It is a USB device you plug in to access a secure wireless network for your computer.
Good luck and remember "we are not alone on the internet".
Tom
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEH, CHFI, A+, Network+, Security+
You are at your favorite coffee shop that offers free WiFi. You connect your laptop and surf out to Facebook or you go check your email. Now unbeknown to everyone in the coffee shop is a hacker that is "sniffing" the wireless network. Since you have no security protocols and access does not require any type of password or key, all of the wireless traffic can be recorded on a packet sniffer such as Wireshark, Cain & Abel, or NetResident. A packet sniffer is software that captures packets on a wired or wireless network. The packets captured show the network or internet traffic that a person is creating by surfing on the internet or while using the network. These packets will contain usernames and passwords that you type into a web browser as well as the location of all the sites you are browsing too. If you put any PII (Personal Identifiable Information) on the internet, the hacker can capture this information and sell it on the internet which would create "Identity Theft" for the user.
The hacker may even attempt to gain access to your laptop right there in the coffee shop as well. Also remember the hacker does not have to be in the coffee shop, they can be several hundred yards away using a special high gain antennae to access the wireless network.
Don't think this can happen to you? Check out what happend at a coffee shop in New York using a tool called Firesheep.
So is there such a thing as using a free wireless network safely? Yes, you can. You just have to follow a few simple rules to protect yourself.
1) If your on a company laptop, make sure you are using a VPN (Virtual Private Network) connection. This will encrypt your connection and you can safely access the internet through your company. Don't have a company vpn? Try AnchorFree, it is a free vpn client that anyone can install and use to surf the internet through a secure vpn server.
2) If you need to just check your email or access a web site make sure you are using https or ssl to ensure you are checking your email with a encrypted and safe connection.
3) If you are going to surf the internet in public try using a wireless phone modem device which you can purchase from your wireless carrier. It is a USB device you plug in to access a secure wireless network for your computer.
Good luck and remember "we are not alone on the internet".
Tom
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEH, CHFI, A+, Network+, Security+
Wednesday, February 16, 2011
Ease of Use vs. Secure
Everyday there is news of a security breach. A hacker has attacked a website with a DDoS or malicious code has infected an employees' computer and has spread to the rest of the office. These types of security breaches may not have happened to you, but they do happen and eventually they will happen to your network. The question is: Are security events such as these or others completely preventable? The answer is no, however what we can do is help mitigate these types of events by applying a simple security axiom I have taught for many years in my security classes. "Ease of Use vs. Secure"
IT security departments constantly are torn between business directives and security directives. On one hand administrators need to balance the needs of users with the needs of security. The two work in a vacuum most of the time in IT. If something is done in IT that is considered "Ease of Use" meaning its easy for the administrator to create or implement then it probably is not very "Secure". On the other hand if something is "Secure" it is likely to be more intensive to create or implement and not very easy for users to use.
As you can see in diagram above, with "Ease of Use" on one end and "Secure" on the other, business needs for users tend to be less restrictive while IT needs tend to be more secure. If IT implements things that satisfy user needs and not security needs, eventually there will be a breach. However there can be a happy medium between the two so that security breaches are less likely to happen.
Lets take a look at an IT practice to see how this really works.
Last month Vodafone learned a hard lesson about users sharing passwords that access a customer database. Vodafone's Breach
Vodafone's practice of allowing shared passwords with the company (Ease of Use) was easier for users and administrators, however it was not a secure practice. Although Vodafone rectified the issue, it should have never been allowed to happen in the first place. Does your company practice "Ease of Use or Secure"?
IT security departments constantly are torn between business directives and security directives. On one hand administrators need to balance the needs of users with the needs of security. The two work in a vacuum most of the time in IT. If something is done in IT that is considered "Ease of Use" meaning its easy for the administrator to create or implement then it probably is not very "Secure". On the other hand if something is "Secure" it is likely to be more intensive to create or implement and not very easy for users to use.
As you can see in diagram above, with "Ease of Use" on one end and "Secure" on the other, business needs for users tend to be less restrictive while IT needs tend to be more secure. If IT implements things that satisfy user needs and not security needs, eventually there will be a breach. However there can be a happy medium between the two so that security breaches are less likely to happen.
Lets take a look at an IT practice to see how this really works.
Last month Vodafone learned a hard lesson about users sharing passwords that access a customer database. Vodafone's Breach
Vodafone's practice of allowing shared passwords with the company (Ease of Use) was easier for users and administrators, however it was not a secure practice. Although Vodafone rectified the issue, it should have never been allowed to happen in the first place. Does your company practice "Ease of Use or Secure"?
Wednesday, February 2, 2011
Eccouncil is now offering a chance to be a part of the new CEH v.7 course.
Register for the new Eccouncil Certified Ethical Hacker v.7 http://bit.ly/eOdgv6
Register for the new Eccouncil Certified Ethical Hacker v.7 http://bit.ly/eOdgv6
Subscribe to:
Posts (Atom)