GNSC Blog

Commemorated by the U.S. Congress, the goal of National Cyber Security Awareness Month is to heighten public awareness of the
critical role each citizen plays in protecting information assets.

If you contact us, we’ll send you resources you can use in the office to help raise awareness of Cyber Security.

And remember, you don’t have to go to extreme measures just to make your information safe

Call 814-620-2006 or
contact us at info@gnscon.com

With all that has been going on with the Federal Government’s proposed bailout of banks and mortgages, little attention has been focused on that state of security.  There are two trends we picked up this week. 

First, there are new phishing attempts using eye-catching subject lines regarding Wall Street and stocks to trick people into providing personal information.  Please beware of this.  These emails look very similar to news items or transaction confirmations from brokerage houses.

Secondly, we are seeing some delay in purchasing as we come into the budget season.  Here are a couple of things to remember.  As you are looking at your 2009 spending, don’t skimp on security.  Most companies should have at a minimum the following security related items installed and up to date at all times.

1. A Firewall that has been properly installed and configured.  This includes protecting the inside network from outside access and logging all attempts to access the firewall from the outside.
2. An email filtering system that scans messages for spam, phishing attempts, viruses and other malware.  This is the most common vector for injecting malware into company networks.
3. A web filtering solution that scans web sites for content, spyware and other malware.  It also should log employee access to all web sites.  This is the second most common vector for injecting malware into company networks.  It also provides valuable information as to the use of computer network resources.
4. A desktop anti-virus/spyware solution.  This should be your last line of defense, not the first.  This solution should be configured in such a way that updates are managed automatically according to the vendor’s recommendations.
5. Workstation protection against the extraction of company information.  This includes the monitoring and management of USB mass storage devices that include cameras, MP3 Players, USB Drives, Memory Sticks, etc.  These devices can be configured as mass storage devices to extract information from your company.

Each of these items should be under maintenance agreement with the vendors, updated per the manufacturer’s requirements and routinely tested. 

Other security related items that are required by mandates with in your industry should be added to the list. 

These are the bare minimums for today’s small to medium business.  When you are looking at paring down your budget, these 5 items should be on the non-negotiable list. 

If you must pare down your budgets, look for items that can optimized or postponed.  Two of the main ones we recommend our customers look at are server hardware and Internet connectivity.  Both these items benefit from new cost effective optimization technologies.

In the Server Hardware space, look at virtualization.  We have found that companies typically add more “iron” (hardware) when new systems come online.  However, with today’s virutalization technology, server utilization can be balanced by moving or sharing server resources. Thus an under-utilized server can be used to ease an over utilized one.  In most cases actual server purchases can be deferred by just adding virtualization software and more memory.  And to top it off, you can actually run a proof of concept for free using VMWare Server.  Contact us for more information.  sales@gnscon.com or +1 814-620-2006

Secondly, Internet connectivity is subject to what we call the “bag of potato chip effect”  When it’s opened, it’s consumed.  If you’re noticing slowing or you are thinking about more bandwidth, think optimization first.  Today’s protocol management systems can easily reclaim your bandwidth and ensure you always have enough for business operations.  We have had many customers double or triple their effective bandwidth with the installation of an Cymphonix Bandwidth Composer.  It makes better use of what you currently have and helps defer additional bandwidth additions.  Payback in most cases is 3 months or less.  Contact us for more information.  sales@gnscon.com or +1 814-620-2006

Norman Data Defense unveiled its new in-line malware scanning appliance yesterday at the InterOp Conference in New York City.  Dubbed the Norman Network Protector, this product does not stop or delay network traffic to scan pages or files using a traditional proxy-based, as do other products. The system essentially duplicates the stream of data,  passing one stream onto the ultimate recipient (your PC) and the other is scanned simultaneously by device’s internal detector.  .As soon as something malicious is found, the unit stops the communication, causing the destination client (your PC) to discard all data from the transmission. This is takes advantage of TCP/IP’s protocol structure. 

Detection is made by both signatures and Norman’s award winning Sandbox technology which detects malicious content without signatures. 

For more information or for a demonstration of this technology, please contact us at sales@gnscon.com or at +1 814-620-2006

Two security researchers were asked by Adobe corporation not to present their findings at the September 24 AppSec conference in New York.  The reason….Adobe’s software contains a vulnerability that is very difficult to fix and the public disclosure would release a mass of “clickjacking” incidents on users of the Internet. According to the researchers, not only is Adobe’s software vulnerable but also IE, Firefox, Opera and other browsers.

In a clickjacking attack, the attacker tricks the victim into clicking on a link without realizing it.  You have all probably experienced this.  The most common one is the popup window that you click on the X to close but it actually opens a new browser session.  It’s the preferred method of sleazy pop-up advertising.  However the two researchers showed how the use of this technique could wreak havoc on workstations if the link was designed in a specific way.

The only way to protect against this is to turn off your scripting option in your browser, which in today’s world really means, you can’t do anything on the Internet.  So again, this is a reminder that if a message received is from someone not known to you, don’t open it.  Don’t visit unknown web sites and especially don’t be too curious about web sites on the “dark side” of the Internet; hacker and black hat sites. 

Several sources this week have reported the large uptick in bot nets over the last month.  I have seen estimates that say that the number of bot nets are up by almost 400%.  I’ve also seen estimates that say that as many as 1 out of 5 US PC’s are compromised.  From my analysis this seems high.  It has certainly nearly doubled but given the nature of detection and the nature of bot nets in general.   The bot net controllers or  “herders” as they are called, avoid detection by having these programs lie dormant for a time and then call them to life and then shut them down again.  So it’s hard to know if they are new infections or just commanding new machines to come online.

There’s an interesting argument that says that home computer users should received some sort of training and pass a test before being allowed on the Internet.  Why?  Because most of the bot net infections that cause the world-wide spam plague and much of the denial of service attacks are traced back to compromised home user computers.  In aggregate, compromised home computers are costing businesses millions if not billions of dollars a year.  A lack of understanding the risks and threats is in large measure part of the problem.  I heard one person say it’s like allowing every 12 year old to drive a car on the freeway with no experience.  We as a society don’t allow this.  The inevitable havoc it would create is recognized and addressed.  It is prevented by knowing and obeying the rules of the road.  The same can be said of the Internet.

Some better ISP’s are becoming proactive by shutting down compromised computers.  However paying customers insist on having their connections restored and the ISP has no assurance the problem has been solved. 

I also think one way ISP’s can help is to create a “prepaid risk” account for each customer, essentially having the customer fund an insurance-like account that is used to indemnify ISP’s for the extra work they must do on certain accounts where people refuse to deal with bot issues.  Users would receive rebates on their bills for having clean systems, those who don’t, continue to pay more and not receive the rebates.  They only way this would work if it was universal since broadband access is now a commodity in many areas of the country.  A market-based system of incentives and disincentives may help. 

The key to bot net protection is a multi-layered approach.  Education about the threat, a properly configured firewall and an a good  anti-virus that scans for Trojans, keyloggers and root-kits is the best protection today.   These things are “musts” when it comes to basic protection against bots.

Contact us at 814-620-2006 if you have questions or concerns about your computer’s security.