Romance scams are increasing in frequency and becoming more sophisticated. Be prepared to protect yourself!
Viewing entries in
Security
This article is being written in surreal times. We are living through a truly worldwide pandemic called COVID 19 which has created a shutdown of businesses throughout the globe and has a large portion of the word under various levels of human lock-down. It’s crazy times. We are in fear of an invisible enemy that is creating havoc in our world. It is making people sick, causing unimaginable death and causing an untold toll on our businesses and financial markets. It is a truly scary time.
As a technology company we cannot begin to help with the solution to this pandemic. Our part has been to assist our customers to shift their business models an various ways that were unseen just a few weeks ago. We have moved large numbers of people to work from home. We have deployed mass quantities of new laptops and connected many businesses with VPN and remote solutions that were not in place prior to this pandemic. We are also seeing a spike in the number of users that are communicating via products like Microsoft teams, GoToMeeting and Zoom.
New Challenges
What we cannot forget in our business model is the daily operations. There may not be anyone at the office but the systems must remain. Servers are still required. Workstations are being used remotely. Cloud services must continue to function. This may seem like it’s a slowdown for the service providers but it is not. Instead we are seeing new challenges. The quick change in the model has presented a new set of security challenges that require new solutions. What are the challenges? Here are a few….
Securing a large volume of VPN connections
Securing connections using unknown home internet connections
Security problems with online meetings like Zoom hijacks
New attack vectors opened by new services such as Remote Desktop
Maintaining software updates on fleets of now remote laptops
These are just a few challenges that every IT department and Service provider is facing today. As we face these challenges we are seeing the emails begin to flow in to our inboxes. Software and hardware vendors are coming to our rescue with “Solutions” to all our security problems. Anti-everything (fill in virus, malware, intrusion, etc) is going to save us from what is lurrking around the corner on our “endpoints”. (endpoint is a fancy word for computers, phones and the things we use to connect to the world) Penetration testing solutions are going to help secure our networks and high tech (i.e. expensive) Intrusion Detection and Prevention systems are going to identify bad guys and kick them off our networks like a mall cop chasing down a kid on a skateboard.
Unfortunately it’s not that simple. Marketing guys can make their solution sound like the silver bullet but it rarely is. The reality facing every business today is that we are living on an internet that is the wild west. Attacks come from all directions and there is no single solution that will keep you secure.
The Egg vs. the Onion
For decades the key to securing our networks and data was the “hard outer shell”. This egg like model guided us to use hardened firewalls and protection devices at the edge of the network to keep bad guys out and good guys in. It allowed for a simple solution that worked well in the early days of the internet. As time progressed this model started to fail and we realized that the egg model secured the Yoke well until the egg was dropped and someone made it through the shell. You were then left with a network that looked about as hardened as an egg dropped on pavement from the roof!
Today we look to the Onion as the food of choice for our security. We want to create layers of security that need to be peeled back to get through our security. These layers provide the ability to slow down attackers, detect them and prevent them from getting too far before we resolve the problem. As you peel away each layer of the onion you find another layer of security.
Security as a Mindset (SaaM)
The internet is full of solutions for every sort of “as a Solution” buzzword you can imagine. Software as a service (SaaS) started things off and we now have everything from Infrastructure as a Solution (IaaS) to Security as a Solution. At Capstan Services we provide security solutions that permeate many areas of our business and the businesses we support. Unfortunately, we cannot say that we have the “Solution”. Nobody alone has the solution. Instead we need to look at Security as both a partnership and a Mindset. Lets call this SaaM to keep up with buzzwords.
As a services company we provide technology that is part of the solutions we offer. our recipe starts with a good firewall. Sprinkle in proper configuration. Stir in a generous amount of data segmentation and internal security. Add best in class solutions for systems maintenance. Throw in a helping of systems monitoring. Finally, top off with penetration testing and garnish with training. This is a recipe that can and should be provided by your service provider. The solutions are not just software but a mindset within our company that put security at the top of our minds in everything we do. It should start with training that instills the mindset from your service provider (or IT team) to your employees and management. From there it must be embraced and incorporated into all aspects of the business.
The mindset cannot end at the edge of our company. It must extend into all of our customers, vendors, partners and even to the vendors that do business with our customers. This is the hard part. For most businesses changing the mindset of the entire company to focus on security is not easy. Security is often hard. Long, random passwords are hard. Having to ask for access to other peoples data is intrusive. living by strict data security principles is not fun. However, these small challenges are what helps to keep your business safe and secure.
Do I have the Security Mindset?
We work with many executives at varied companies. In 30+ years of working in technology I have never met an executive that would not say that security is a priority. However I have worked with many executives who’s actions were not consistent with a security focused mindset. Are you security focused? That is a discussion you should have with your IT provider(s) in a safe environment where they are given permission to be critical without any repercussions. (guess how often this actually happens?) In the meantime, here are a few questions you can answer as an executive to see if you have the security mindset.
If you can answer Yes to every question above you and your business are highly security focused. If you answer no to more than a small number of these questions it would be a good time to reassess your business model.
Keith McLaren is the CEO of Capstan Services, Inc. Capstan Services is an IT services company which provides services to small and mid-sized businesses. If your company had technology challenges or needs to find better profitability through technology then you may want to reach out to Capstan Services for a consultation.
Email security is a topic that has been getting more attention in the media recently. We are also seeing a spike in instances of email based attacks at our customers and I believe that now is a good time to set the record straight on email. I will cut to the chase right here and say that email is not secure. Period. Are there ways to securely communicate using email as a part of the process? Yes. But email itself is inherently insecure and you should consider everything that you send in email as being public.
At Capstan Services we partner with both customers and non-customers to share news about potential threats to your computing environment. We feel it is imperative to notify you about the release of patches for the BadLock vulnerability. Details about this vulnerability were released on April 12, 2016 along with patches for both Microsoft Windows and the Samba project.
What is Badlock?
Badlock is a vulnerability in the Server Message Block or SMB protocol. This is the protocol which is used by Microsoft Windows networks and certain Unix/Linux machines to share files over a network connection. In simple terms, this the how you get to your network drives and "Drive Letters" that are not on your machine.
What is the Risk?
Capstan Services is calling the risk level High although not critical. This vulnerability was hyped quite a bit and we believe that the hype was not quite warranted. The risks of badlock are primarily going to be exposed only to the internal network which dramatically lowers the risk in most environments. It should be noted that this is a good time to verify that your organization does not have any open SMB ports facing the internet. This is a terrible practice to start with and becomes more dangerous with badlock.
This vulnerability opens un-patched users to the following Risks:
- Man In The Middle Attacks
A Man in the Middle attack allows an attacker to gain access to resources by standing between a user and a server. In this case an exploit would be able to gain access to a file server and change user accounts, passwords, users rights, delete files and shut off services. For Microsoft Active Directory environments the attacker might also be able to gain access to Active Directory features.
- Denial of Service Attacks
A denial of service attack will allow the attacker to prevent users from accessing a server or services
How do I Remediate?
The most important first step is to verify that you do not have any SMB presence on the internet. SMB is not an internet friendly protocol and should NEVER be available outside of your local network. This can be verified by your Information Technology staff by checking the following:
- Verify that there are not any external firewall rules which allow traffic on ports 445 TCP, 137 TCP/UDP, 138 UDP or 139 TCP
- Verify that there are no external firewall NAT rules to any of the above ports
- Check to make sure that none of the above ports are open on any outside IP address
For Microsoft Windows based machines you will need to install the latest patches for each machine. For details on the latest security bulletins please see:
https://technet.microsoft.com/en-us/security/bulletin/dn602597.aspx
For Linux & Unix Machines running Samba you will need to install that latest patches for your version of Samba AND you must be running one of the following Samba versions:
- 4.2.10
- 4.2.11
- 4.3.7
- 4.3.8
- 4.4.1
- 4.4.2
You should check with the vendor of your Samba version to identify and install the appropriate patch for your Samba implementation.
What is Capstan Services doing?
If you are a Capstan Services customer we will be scheduling a time to deploy fixes in your environment. We will be deploying patches to servers based on outage windows and you should coordinate this with your contact at Capstan Services.
If you are a Capstan Services Managed Desktop or Worry Free Desktop customer we will deploy patches to your desktop machines on your current deployment schedule.
If you have any questions or would like to have us assist you with remediation please call us at (469) 312-8100.
More Information
For more information on the Badlock bug and detailed information on remediation please go to badlock.org.