GNSC Blog

Commemorated by the U.S. Congress, the goal of National Cyber Security Awareness Month is to heighten public awareness of the
critical role each citizen plays in protecting information assets.

If you contact us, we’ll send you resources you can use in the office to help raise awareness of Cyber Security.

And remember, you don’t have to go to extreme measures just to make your information safe

Call 814-620-2006 or
contact us at info@gnscon.com

With all that has been going on with the Federal Government’s proposed bailout of banks and mortgages, little attention has been focused on that state of security.  There are two trends we picked up this week. 

First, there are new phishing attempts using eye-catching subject lines regarding Wall Street and stocks to trick people into providing personal information.  Please beware of this.  These emails look very similar to news items or transaction confirmations from brokerage houses.

Secondly, we are seeing some delay in purchasing as we come into the budget season.  Here are a couple of things to remember.  As you are looking at your 2009 spending, don’t skimp on security.  Most companies should have at a minimum the following security related items installed and up to date at all times.

1. A Firewall that has been properly installed and configured.  This includes protecting the inside network from outside access and logging all attempts to access the firewall from the outside.
2. An email filtering system that scans messages for spam, phishing attempts, viruses and other malware.  This is the most common vector for injecting malware into company networks.
3. A web filtering solution that scans web sites for content, spyware and other malware.  It also should log employee access to all web sites.  This is the second most common vector for injecting malware into company networks.  It also provides valuable information as to the use of computer network resources.
4. A desktop anti-virus/spyware solution.  This should be your last line of defense, not the first.  This solution should be configured in such a way that updates are managed automatically according to the vendor’s recommendations.
5. Workstation protection against the extraction of company information.  This includes the monitoring and management of USB mass storage devices that include cameras, MP3 Players, USB Drives, Memory Sticks, etc.  These devices can be configured as mass storage devices to extract information from your company.

Each of these items should be under maintenance agreement with the vendors, updated per the manufacturer’s requirements and routinely tested. 

Other security related items that are required by mandates with in your industry should be added to the list. 

These are the bare minimums for today’s small to medium business.  When you are looking at paring down your budget, these 5 items should be on the non-negotiable list. 

If you must pare down your budgets, look for items that can optimized or postponed.  Two of the main ones we recommend our customers look at are server hardware and Internet connectivity.  Both these items benefit from new cost effective optimization technologies.

In the Server Hardware space, look at virtualization.  We have found that companies typically add more “iron” (hardware) when new systems come online.  However, with today’s virutalization technology, server utilization can be balanced by moving or sharing server resources. Thus an under-utilized server can be used to ease an over utilized one.  In most cases actual server purchases can be deferred by just adding virtualization software and more memory.  And to top it off, you can actually run a proof of concept for free using VMWare Server.  Contact us for more information.  sales@gnscon.com or +1 814-620-2006

Secondly, Internet connectivity is subject to what we call the “bag of potato chip effect”  When it’s opened, it’s consumed.  If you’re noticing slowing or you are thinking about more bandwidth, think optimization first.  Today’s protocol management systems can easily reclaim your bandwidth and ensure you always have enough for business operations.  We have had many customers double or triple their effective bandwidth with the installation of an Cymphonix Bandwidth Composer.  It makes better use of what you currently have and helps defer additional bandwidth additions.  Payback in most cases is 3 months or less.  Contact us for more information.  sales@gnscon.com or +1 814-620-2006

Norman Data Defense unveiled its new in-line malware scanning appliance yesterday at the InterOp Conference in New York City.  Dubbed the Norman Network Protector, this product does not stop or delay network traffic to scan pages or files using a traditional proxy-based, as do other products. The system essentially duplicates the stream of data,  passing one stream onto the ultimate recipient (your PC) and the other is scanned simultaneously by device’s internal detector.  .As soon as something malicious is found, the unit stops the communication, causing the destination client (your PC) to discard all data from the transmission. This is takes advantage of TCP/IP’s protocol structure. 

Detection is made by both signatures and Norman’s award winning Sandbox technology which detects malicious content without signatures. 

For more information or for a demonstration of this technology, please contact us at sales@gnscon.com or at +1 814-620-2006

Two security researchers were asked by Adobe corporation not to present their findings at the September 24 AppSec conference in New York.  The reason….Adobe’s software contains a vulnerability that is very difficult to fix and the public disclosure would release a mass of “clickjacking” incidents on users of the Internet. According to the researchers, not only is Adobe’s software vulnerable but also IE, Firefox, Opera and other browsers.

In a clickjacking attack, the attacker tricks the victim into clicking on a link without realizing it.  You have all probably experienced this.  The most common one is the popup window that you click on the X to close but it actually opens a new browser session.  It’s the preferred method of sleazy pop-up advertising.  However the two researchers showed how the use of this technique could wreak havoc on workstations if the link was designed in a specific way.

The only way to protect against this is to turn off your scripting option in your browser, which in today’s world really means, you can’t do anything on the Internet.  So again, this is a reminder that if a message received is from someone not known to you, don’t open it.  Don’t visit unknown web sites and especially don’t be too curious about web sites on the “dark side” of the Internet; hacker and black hat sites. 

Several sources this week have reported the large uptick in bot nets over the last month.  I have seen estimates that say that the number of bot nets are up by almost 400%.  I’ve also seen estimates that say that as many as 1 out of 5 US PC’s are compromised.  From my analysis this seems high.  It has certainly nearly doubled but given the nature of detection and the nature of bot nets in general.   The bot net controllers or  “herders” as they are called, avoid detection by having these programs lie dormant for a time and then call them to life and then shut them down again.  So it’s hard to know if they are new infections or just commanding new machines to come online.

There’s an interesting argument that says that home computer users should received some sort of training and pass a test before being allowed on the Internet.  Why?  Because most of the bot net infections that cause the world-wide spam plague and much of the denial of service attacks are traced back to compromised home user computers.  In aggregate, compromised home computers are costing businesses millions if not billions of dollars a year.  A lack of understanding the risks and threats is in large measure part of the problem.  I heard one person say it’s like allowing every 12 year old to drive a car on the freeway with no experience.  We as a society don’t allow this.  The inevitable havoc it would create is recognized and addressed.  It is prevented by knowing and obeying the rules of the road.  The same can be said of the Internet.

Some better ISP’s are becoming proactive by shutting down compromised computers.  However paying customers insist on having their connections restored and the ISP has no assurance the problem has been solved. 

I also think one way ISP’s can help is to create a “prepaid risk” account for each customer, essentially having the customer fund an insurance-like account that is used to indemnify ISP’s for the extra work they must do on certain accounts where people refuse to deal with bot issues.  Users would receive rebates on their bills for having clean systems, those who don’t, continue to pay more and not receive the rebates.  They only way this would work if it was universal since broadband access is now a commodity in many areas of the country.  A market-based system of incentives and disincentives may help. 

The key to bot net protection is a multi-layered approach.  Education about the threat, a properly configured firewall and an a good  anti-virus that scans for Trojans, keyloggers and root-kits is the best protection today.   These things are “musts” when it comes to basic protection against bots.

Contact us at 814-620-2006 if you have questions or concerns about your computer’s security. 

A UK IT Administrator last week purchased what he thought was a simple NAS server on eBay for about $ 75.  However he discovered that it contained the information of millions of personal identifies of American Express, Royal Bank of Scotland and NatWest customers, including security questions to gain access to data in case of lost passwords and actual scans of people’s signatures.

The UK government is investigating the breach.

Again this is a reminder of why it so important to be careful who you give your personal information to.  If your company handles personal information, there should be audited policies and procedures for the handling of information.

From Cnet News – August 28, 2008

A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.

Basically, clicking emergency call and double-clicking the "home" button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to private information in a favorite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on "send a text message" in a contact gives full access to the text messages.

The report suggests using the "home" setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.

Engadget reports that a fix for the hole will be included in the next firmware update, but it’s not known when that update will come.

Representatives from Apple did not respond to e-mails seeking comment.

GNSC announced today that it is adding new PostX encryption functionality to Marshal’s MailMarshal SMTP product. 

“Our ability to integrate PostX with our existing  suite of secure email products that integrate with MailMarshal provides customers with even greater choice” said Art Costigan of GNSC. “We now have the ability to offer our MailMarshal customers 4 forms of encryption to secure their emails.  What we have found is that customers need B-2-C solutions more than B-2-B.  That makes S/MIME less of a contender.  The addition of a “push” technology that complements Marshal’s TLS and S/MIME along with GNSC’s exclusive Secure Mail Web product , customers have another choice.”

The new product tentatively named Secure Mail Delivery for MailMarshal will be available in early September.

Well I can’t help you if you like the mystery meat(??) kind…However if you’re still being served up spam in your inbox, here are a few pieces of advice. 

Anti-spam technology today is so good that even the most rudimentary forms of filtering should be about 96% effective.  The better providers are upwards of 99% effective.

If you’re still seeing too much of it, here are some suggestions…

1) If you’re a home user try changing your email account to GMAIL.  You’ll definitely get less spam. 

2) If you don’t want to change your email account and you use Outlook or Outlook Express, try installing SpamBayes or PopFile.  They’re  free and they do a good job.  The downside is you have to install and train them before they will work for you.

3) Another option is to use Thunderbird as your email client.  It has an excellent built-in spam filter.

4) If you’re a business user, your company can install a simple spam filtering system at your gateway.  In this way, all the company email is filtered before it is delivered.  There literally dozens of vendors who offer solutions that do a good job and in most cases won’t break the budget.  If your company is pinched for money but they are willing to tinker, Spam Assassin is a good choice.  It’s free, very light on resources and it works fairly well. 

5) Another option is to use a service that filters mail before it arrives at your mail server.  It’s a bit more expensive up-front but it saves you the investment of hardware, software and maintenance.  It involves some simple changes from your ISP so you’ll need to get them involved if that’s your solution.

We offer several anti-spam solutions that are scalable from 10 users up to tens of thousands of users.  Our choice of vendors is based on their reputation and longevity in the market.  If you would like some more information, please contact us at sales@gnscon.com or 814-620-2006

The rumors of a Facebook exploit have been around for a few weeks now.  However it was rumor, until now.  A proof of concept was posted on Facebook that shows how it works.  Try it.

Log into your Facebook account and then click on this this URL

Facebook Exploit

Well when I did it, it showed how this works however upon writing this post it now shows this…

Looks like it might be fixed.

We’ll see what the blogs say today.