Friday, December 27, 2013

Free business resources from Ready.gov

One aspect of cybersecurity is physical security. The concept, and practice, of physical security goes beyond making sure unauthorized personnel can't walk up to a critical system and tamper with it. You may find your organization faced with threats to more than just its IT systems. Hurricanes, tornadoes and other natural disasters are just some of the physical dangers your organization faces and you need to prepare for.

To that end the Federal Emergency Management Agency (FEMA) runs the Ready.gov campaign.  The goal of Ready.gov is to raise awareness for emergency preparedness.  There is much that you, as an employer, are responsible for if/when disaster strikes.

Ready.gov's Preparedness Planning for Your Business page aims to assist organization with creating BC/DR plans. It offers templates to create an Emergency Response Plan and Business Continuity Plan. In addition to these helpful documents you can find excellent guidance on how to implement and manage your organizations preparedness plan.

Whenever a disaster or emergency arises first and foremost you must ensure the safety of your employees.  Beyond that you need to ensure the safety of your business.  In order to accomplish this you need adequate Emergency Response, Disaster Recovery (DR) and Business Continuity Planning (BCP) plans.  These documents, and related exercises, serve as proactive measures you need to take in order to guarantee the safety of your staff and business during a crisis.

2013-12-27 Link of the Day: Sophos Threatsaurus

More great free stuff from Sophos:

Sophos Threatsaurus

Per vendor "This guide is written in plain language, not security jargon. So it’s perfect for IT managers and end users alike. Whether you're an IT professional, use a computer at work, or just browse the Internet, our Threatsaurus is for you."

This is a great piece for people who are not familiar with cybersecurity terms.  The free .pdf contains chapters on; Threats, Security Software & Hardware, Safety Tips and a Malware Timeline.  Each chapters provides the reader with simple and easy to understand explanations of the term or concept.  Where applicable, the Threatsaurus provides advice on how to defend yourself and your organization against the threat. 

Tuesday, December 24, 2013

2013-12-24 Link of the Day: United States Computer Emergency Readiness Team (US-CERT)

Merry Christmas to everyone.  The United States Computer Emergency Readiness Team (US-CERT) is a great source of cybersecurity info for consumers and SMB's.  With a number of email alerts from various government agencies (not all cybersecurity related but pretty interesting nonetheless) the latest threat information is delivered to your inbox.

This is a site for beginners and seasoned security professionals.  Regardless of your experience you will find a wealth of free information available here.

Friday, December 20, 2013

Target Data Breach: Updated

From Brian Krebs:

Cards Stolen in Target Breach Flood Underground Markets

Target Data Breach: What to do if you've been affected

Yesterday Target disclosed that it was the victim of a cyber attack.  The cybercriminals were able to obtain the credit/debit card numbers of approximately 40 million people between 2013-11-27 and 2013-12-15.  If you or someone from your organization shopped at Target, using either a personal or company card, between those dates there's a good chance you may have been impacted.

According to Target the thieves were able to capture the following info from customers credit/debit cards:
  • Cardholders name
  • Card number
  • Card expiration date
  • Card CVV (security) code

As of this writing Target has not stated whether other PII; SSN's, addresses ... had been breached.  Regardless, with what has already disclosed a thief has enough to begin making purchases with your card information.

If you think you or your firm may be a victim of this data breach consider taking the following steps:

Contact Target Directly

Target has set up the following two ways to contact them regarding the data breach
  • Phone - 866-852-8680
  • Website - Great source of information with an excellent set of FAQ's to assist customers.

Bank/Card Issuer

  1. Begin monitoring your account(s) immediately. Do not wait for your monthly statement, use online or mobile app's to access your account.
    1. If you notice any unauthorized activity contact your bank immediately to dispute the charges.  Consumers are not responsible for charges incurred when the card has been stolen.  SMB's may not be afforded the same level of protection as consumers so make sure any unauthorized charges are addressed as soon as they are discovered.
    2. Look for "microcharges".  These are small purchases, usually under $5USD that cybercriminals use to verify the card is valid.  Once validated the cybercriminal can sell the card data at a premium.
    3. Also be aware of whats called "bust out" activity.  This is when a cybercriminal attempts to purchase as much as possible on your card as quickly as they can.
  2. File a fraud report with your bank/card issuer.
  3. If applicable, call your bank/card issuer and either have your PIN changed or have them issue you a new card or cards.
    1. Don't forget to update any information that references the old accounts, i.e. automated payment methods
  4. If available, configure email/text alerts for your account.  This service provided by most banks will alert you via email/text message when your account has been charged.

 Credit Bureau

  1. Contact the 3 major credit reporting agencies
    1. Equifax - 800-525-6285
    2. TransUnion - 800-680-7289
    3. Experian - 888-397-3742
  2. Consider enabling a fraud alert or credit freeze.  Talk to the credit bureau's representative and decide what the best option is for you or your organization.
  3. Obtain a credit report from each credit bureau.  Upon receipt thoroughly review the information in them and take any corrective measures that may be needed.

 Additional Steps
 

If you have confirmed you are a victim.
  1. Contact the Federal Trade commission (FTC) at 877-438-4338 or their website to file an Identity Theft Fraud Report.  Remember to print your ID Theft Affitdavit as you will need it to dispute any adverse effects
  2. Take the ID Theft Affidavit to your local police and ask them to file a ID Theft Report.

Sophos Security Threat Report 2014

More good stuff from Sophos:

Security Threat Report 2014

How To: Set up Parental Controls on Windows 7/8 & Mac OS X Mavericks

From Sophos NakedSecurity:

Five-minute fix: Setting up parental controls on Windows 7

Five-minute fix: Setting up parental controls on Windows 8

Five-minute fix: Setting up parental controls on Mac OS X Mavericks

Not really for the SMB crowd but for those of us with kids this is useful.

2013-12-20 Link of the Day: WinSCP

Hello & happy Friday.  Today's link is to WinSCP, a free secure file transfer client for Microsoft Windows.  Using WinSCP you can quickly and, most importantly, securely transfer files between systems.

Download WinSCP here.


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Wednesday, December 18, 2013

CryptoLocker: What it is, what it does & how you can defend against it

The CryptoLocker virus, actually a trojan horse, has been making a lot of headlines lately.  With publications such as ZDNet labelling it the "Menace of 2013" it's not hard to see why.  Lets take a look at what all the hype is about.

What Is CryptoLocker?
CryptoLocker is a form of malware known as ransomware.  It is called ransomware because it requires the victim to pay a ransom in order to undo the damage caused by it.  As of this writing CryptoLocker is only known to target Microsoft Windows based systems.


CryptoLocker infections usually come from one of two sources.  The primary method of infection is from clicking a link contained in a phishing email.  Fraudulent delivery notifications from UPS, FedEx or DHL are the most common form of CryptoLocker phishing emails.

Another method of infection is from other malware infections.  Through their Command & Control (C&C) servers cybercriminals are able to do any number of things to your compromised PC.  One of them is to push updated or new versions of malware to your machine.  It is through this channel cybercriminals are able to covertly install CryptoLocker on your system.  If you were infected by this method it would be a very good idea to scan all your organizations computers with an offline AV product like Windows Defender Offline or Kaspersky's Rescue CD 10.  Chances are you'll find a number of infected machines, failing to clean them will only result in additional infections and other headaches.

What does CryptoLocker do?
After a successful installation on a Windows system CryptoLocker "dials home" to a remote C&C server.  Once connected to the server it uploads a file (Sophos refers to this as your "CryptoLocker ID") then generates a 2048-bit RSA key pair, one public the other private.  The private key, required for decryption, is stored on the remote server while the public key is sent to the infected machine.

Once the private & public keys have been generated the malware looks for and then encrypts certain types of data.  This encryption doesn't just affect what's stored on the local machine.  CryptoLocker will search for data on network (mapped) drives, USB drives, web-based storage connected to the system (think Google Drive) and any other data it can access.

After it has encrypted the user data CryptoLocker makes itself known.  The malware will display a pop up informing the user of the infection.  It will tell the user they have 72 hours to pay the ransom or their data will be lost forever. Clicking Next>> on the malware pop up will provide instructions on how to pay the ransom.

I cannot stress this enough, DO NOT PAY THE RANSOM.  Remember, you are dealing with criminals, there is no guarantee you will receive the private key if you pay.  As of this writing there is no way of decrypting data affected by CryptoLocker.

What types of data does CryptoLocker target?
CryptoLocker targets a wide variety of file types.  Documents, spreadsheets, PDF documents, pictures, video, Outlook mail files, databases and more are all targets.  CryptoLocker even goes so far as to encrypt certain types of certificate files (*.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c).  This could cause a lot of problems if your organization is using certificate based authentication or other services that rely on certificates.


What can I do to defend against CryptoLocker?
Here is a list of things to help mitigate a potential CryptoLocker infection:


1. Raise awareness of phishing, and other threats, throughout your
   organization, i.e. a Security Awareness program
   (See my 2013-12-17 post for some free resources to help out here)
2. Make sure all computers have anti-virus software installed & the

   virus definition files are current
3. Ensure all systems, both the operating system and applications,

   are up to date with any patches or hotfixes
4. Perform regular backups of your critical data.  This requires

   either a tape (old school) or disk based (HDD/CD/DVD)
   solution.  Online services that backup data can mistake the

   encrypted file as the newest version and archive it
   leaving nothing but encrypted backups with the service
5. Do not put users in the local/domain administrators 
group(s). 
   The malware can only encrypt data it can access so limiting a
   users privileges can help mitigate the damage of a CryptoLocker
   infection
6. Perform regular audits of file shares and applications. 

   Implement a "principle of least privilege" approach, if a user   
   doesn't require access to a resource then they should not have
   access to it
7. Use Windows Volume Shadow Copy Service (VSS), this is not a cure

   all but it has been known to assist in recovering
   unencrypted versions of CryptoLocker affected files

2013-12-18 Link of the Day: Blue Coat K9 Web Protection

Web filtering is essential to any SMB.  You need a way to control what your employees are accessing from their workstations.  Blue Coat offers its K9 Web Protection solution for this problem. 

The product is free for home use.  Businesses can license the application on a monthly/yearly basis at a cost of about $1.85/mo or $18.49/year per license.  This makes K9 Web Protection one of the most cost effective web filtering solutions available.

While this may not be as robust a solution as other content filtering products its price point makes it a very attractive option for SMB's.  Some advantages of the product are:

1. Difficult even for tech savvy users to disable.  Attempts to turn off or uninstall the service require the administrator password.  Unauthorized attemtps to shut it down will result in web access being disabled.

2. The product relies on an external database to categorize web sites.  The advantage of this is that Blue Coat continuously updates the database so you don't need to.  This is also advantageous because the application itself doesn't need to download and store a large amount of data locally.

3. The application can be configured to force all major search engines to use "safe search" options.

4. Reporting is built in for monitoring and controlling employee web behavior.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Tuesday, December 17, 2013

Free cyber security awareness posters

Check out these free cyber security awareness posters.  Great for adding emphasis to any Cyber Security Awareness program.

SANS Securing the Human - You Are A Target



















MindfulSecurity.com:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 











Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

2013-12-17 Link of the Day: McAfee SiteAdvisor

This is a cool little browser plug-in from McAfee.  Per the vendor "SiteAdvisor software adds safety ratings to your browser and search engine results."

What I find to be most useful with this application is how it rates search engine results.  This is very useful when researching security topics.  Safe sites have a green bullet point with a check mark, questionable sites have an exclamation point in a yellow circle and known malicious sites display a red circle with an X in it.

Please make sure to read any/all product documentation prior to downloading and installing this software.

Download - McAfee SiteAdvisor

Added bonus - McAfee Total Protection Beta (free)


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Monday, December 16, 2013

2013-12-16 Link of the Day: Free for SMB's: A Detailed Guide for Cybersecurity to Ensure Business Vitality

Today's link comes from a great article by Linda Musthaler of Network World.  The article, "Free for SMB's: A Detailed Guide for Cybersecurity to Ensure Business Vitality" talks about the State of Cybersecurity discussion sponsored by the Greater Houston Partnership (GHP).  With talk of the discussion centering around how large corporations are cutting ties with their SMB partners over cybersecurity concerns it is a must read for any SMB decision maker.

The report, although focused on the SMB's in the Houston, TX area, is an excellent cybersecurity guide for any SMB.  You can download it directly here.

You can also use the free GHP Cybersecurity Self Assessment Tool located here.

Friday, December 13, 2013

Survey Says... IT Decision Makers Don't Trust Employees With Company Data

Here's a piece from SecurityWeek:

IT Workers Believe Employees Would Sell Company Data if Price is Right: Survey

"Fifty-two percent admit their employees have read or seen company documents they should not have had access to, and more than 50 percent of the respondents have experienced situations where terminated employees tried to access company data or applications after they left the organization."

I can't say I find this surprising.  This is why it is vital SMB's take the time to discover and audit file shares.  The "Principle of least privilege" should always be implemented when determining who has access to a resource.  If an employee doesn't require access to a file/folder to perform their duties they should not have access to it.  This is also applicable to systems, databases, applications and so on.  It is well worth the time to regularly review employee access needs to various company resources.

Another issue this shows SMB's need to be concerned with is user lifecycle management.  No matter the size of your organiation you should have a process in place to immediately revoke all access to an employee that has left the company.  The last thing you need is a former employee having access to your data for any length of time.

2013-12-13 Link of the Day: Microsoft Basline Security Analyzer (MBSA) 2.3

Just released by Microsoft:

Microsoft Basline Security Analyzer (MBSA) 2.3

Use this tool to scan your network for required patches and vulnerabilities.  Very simple to use & presents its findings in an easy to understand report.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Thursday, December 5, 2013

DHS Cybersecurity Tips

Here's a great site from the Dept. of Homeland Securitys STOPTHINKCONNECT (@STOPTHINKCONNECT) program.

DHS STOPTHINKCONNECT Cybersecurity Tips & Advice

This site offers simple, but sound, cybersecurity guidelines.  Tech savvy people will already know these but can still benefit from a review of the basics.  For less technical readers let these act as guidelines for more security conscious computing.

2013-12-05 Link of the Day: Windows Defender Offline

Windows Defender Offline - A free malware removal tool from Microsoft for Windows XP and above. 

Windows Defender Offline offers a number of advantages over other anti-malware applications.  You boot the infected system from the Defender CD/DVD, circumventing the normal Windows boot process.  Booting the infected computer this way prevents malware from launching and hiding itself.  In addition, the CD/DVD you create can be updated.  If you're using an older version make sure to use the Update feature available once the system has been booted from the Defender CD/DVD.  This will ensure the most recent virus definition files are being used.

Remember to download and burn Windows Defender on a computer that is not infected.

Using Windows Defender Offline requires several steps.  

1. Download the application
2. Insert a writable CD/DVD into your CD/DVD drive
3. Locate and double click the downloaded file (either mssstool32.exe or
   mssstool64.exe)
4. Burn the CD/DVD
5. After the CD/DVD has been completed place it in the infected computers CD/DVD
   drive and boot the system from it

You can download Windows Defender Offline here.

You can watch a good video tutorial on how to use Windows Defender Offline here.


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Wednesday, December 4, 2013

2013-12-04 Link of the Day: Sophos UTM

Here are two free Unified Threat Management (UTM) firewalls from Sophos.  The Essential Firewall is for small businesses.  It offers a number of features such as; Networking options (routing, DNS, DHCP, proxy ...), Security features, Remote Access and other functionality important to SMB's.  The Home Edition is perfect for use on home computers.  It has parental controls for controlling kids internet access, web & email virus protection, remote access and a number of other features.

They can be downloaded here:

Sophos UTM Essential Firewall

Sophos UTM Home Edition

As always, make sure to locate and read the documentation for this product.


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

2012-12-03 Link of the Day: DoD DC3 Newsletter

For today I am going to give a link to a newsletter.  It's the Dept. of Defense - Defense Cyber Crime Center (DC3) DC3 Dispatch.  I consider it to be one of my "daily reads".

You can find their website here.

To subscibe to the DC3 Dispatch newsletter send a subscribe email to dispatch@dc3.mil.

2013-12-02 Link of the Day: ZoneAlarm Firewall

Today's link is for:

ZoneAlarm Firewall

You can choose from either the free version or the $19.95 PRO version.  Make sure to read the documentation.  Knowing how to install and properly configure a firewall is very important.



Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.