SIDEBAR
»
S
I
D
E
B
A
R
«
To all a happy new year
Dec 22nd, 2015 by aperio

Happy Holidays from Aperio IT to you.  Thanks for making this a great year and we look forward to our next.

Has your router been hacked?
Dec 21st, 2015 by aperio

The Internet is a gigantic collection of linked networks that span the globe. The networks are connected using routers.

A router is a specialized computer that directs traffic on the Internet. As the Internet consists of hundreds of thousands of smaller networks linked together, the use of routers is absolutely necessary for it to function.

When you want to visit a particular website, you type the address of the site into your web browser. The address goes to the nearest router and the router decides where the required site is on the Internet.

The router also determines the most efficient path through all the networks to reach a particular destination… based on the traffic in different parts of the Internet and the available connections.

Cisco Systems Inc is an American multinational technology company that designs, manufactures, and sells networking equipment including most of the routers used on the internet. In fact, 85 percent of Internet traffic travels through Cisco’s systems.

Hacked routers

Security firm FireEye announced recently that its researchers have discovered malware (dubbed SYNful) on 14 Cisco routers in the Ukraine, the Philippines, Mexico and India.

SYNful replaces the operating system used in Cisco’s network equipment and thus opens a back door that provides a permanent foothold inside a targeted network.

This enables the hackers to harvest vast amounts of data while going undetected by existing cyber security defenses, according to Mandiant, FireEye’s computer forensic arm.

Cisco have confirmed that it has alerted its customers to these hacking attacks and said that it was working with Mandiant to develop ways for customers to detect the attacks.

Indeed Cisco has published intrusion detection signatures that customers can use to look for attacks in progress which, if found, can then be blocked.

If successful attacks are detected, customers will have to re-image the software used to control their routers.

It is highly probable that many other instances of these hacks have not been discovered, according to FireEye. Indeed it is likely that the infected routers are being used to infect other parts of the Internet.

Because the implanted software duplicates the normal functions of routers it could also affect routers from makers other than Cisco.

How bad is the threat?

Routers operate outside the perimeter of firewalls, anti-virus and other security tools used by organizations to safeguard data traffic.

This means that the estimated US$80 billion spent every year on cyber security tools is money down the drain where this form of attack is concerned.

According to Cisco, SYNful does not take advantage of any vulnerability in its own software. Instead it steals valid network administration credentials from the organizations targeted by the hackers so that it can install itself or it can be installed when the hackers gain physical access to Cisco routers.

No matter how it is installed, if a hacker seizes control of a router then he has control over the data of all the companies and government organizations that flow through that router.

According to FireEye, the affected routers have been used to hit multiple industries and government agencies. The company also says that the router logs indicate that the hacks began well over a year ago.

So what does all this imply for the ordinary consumer, who does his or her shopping and banking online?

The answer depends on who the hackers are working for.

The USA’s global spy agency, the NSA (National Security Agency), has a habit of intercepting networking equipment and installing backdoors before the equipment reaches customers.

This came to light in May 2014. In 2015, Cisco began offering to deliver this kind of equipment directly to customers in order to avoid interception by the NSA or other miscreants.

The latest findings from FireEye suggest that the miscreants, whoever they are, are managing to implant malware on routers no matter how they are being delivered.

While it is likely that the NSA or some other state actor is the culprit, this is not at all certain, even though FireEye says that interception could only be done a handful of sovereign states. In this writer’s view, the miscreants could well be a criminal gang intent on commercial gain.

Perhaps it would be as well to check with you bank to see whether they have any reservations regarding online banking in the light of these revelations.

Five Common Reasons for Data Loss
Dec 18th, 2015 by aperio

When the drive is damaged physically.

One of the most common reasons for data loss is physical damage. A simple manufacturing defect, or external influences such as shock, dust or power surges may cause internal damage. Anti-static discharge or ESD is also another common cause of failure. Physical damage will inevitably require the help of a data recovery expert. Unless you have a clean room and donor parts, any attempts to recover the data yourself will almost certainly render the data unrecoverable. A data recovery expert will assess the damage to your media before they can determine what parts of it may need to be replaced in order to have the drive working again. Often the expert will use a duplicate hard disk drive of the same make and model to replace damaged parts. Reputable experts will provide a file listing of files and quote for the recovery beforehand.

When the operating system fails.

Luckily if your operating system fails, it means that nothing is wrong with the hard drive itself. The data areas are usually safe, therefore your chances of a full recovery are high. All the expert needs to do is to copy the data from your hard drive to a new one. This can be easier said than done, so take advice. If you are not familiar with hard drives and data structures, don’t risk your valuable information.

When it dies of old age.

As hard drives grow old they experience unpredictable failures. All hard drives will fail at some point, but you will never know when. The mechanical parts of a hard drive will wear down over time and the media surface degrade. Eventually this will cause the drive to crash. Hard drives are becoming increasingly more reliable, but always read the manufacturers ‘mean time before failure’ or MTBF. This is normally calculated in hours and when this has expired, it might be time to upgrade.

If it catches a virus.

Computer viruses can be extremely malicious and damaging to your computer, whilst ransom-ware can be expensive if you fall victim. It is not only recommended but necessary to have a decent anti-virus program installed on your computer. Many users forget that malware doesn’t always present itself as a virus. So anti-malware software such as Malware bytes should also be considered essential. Some viruses will quickly spread around your computer and onto any networks your computer is connected to. So even if you have a mapped backup, catch any malware quickly before it spreads. Make sure you are extremely careful when downloading files and applications online, ensuring they are from safe sources, and don’t open any files emailed to you from an unknown source.

When you accidentally delete or overwrite data.

Manually overwriting data or accidentally deleting it is a common story. Many people will often think their data is already saved somewhere else and will delete the files. While data being overwritten is usually an accident, it is often intentionally done. In criminal and forensic circumstances data may be intentionally erased in an attempt to cover up the tracks of illegal activities, meaning forensic experts may be hired to perform data recovery for the hidden data. Unfortunately, it can be difficult and sometimes impossible to recover data that has been overwritten.

The best way to avoid data loss, is by simply backing up your valuable files on external hard drives or making use of cloud services. If you choose to back up your data, make sure to store it in a safe and secure location away from your computer. This will ensure any damage such as flood, fire or theft will not affect your backed up files. Also make sure that you are saving whole copies of the original files and remember to back up regularly.

Aligning IT to fit your Business Objective
Dec 14th, 2015 by aperio

IT has emerged as a central business function for many organizations in the recent years, and this holds true regardless of the industry that an organization caters to. Having said that, irrespective of the huge part that IT plays in reducing costs, standardizing processes, enhancing productivity and improving workflow and communications, its role in business planning is subservient to a large extent.

It is high time that establishments stop looking at IT as a mere implementation tool which does not have any role in shaping an organization’s business strategy. Today, technological developments pave the way for many business opportunities and IT can play a proactive and larger role in developing the long term business strategy of organizations.

Given below are some tips that would help your organization align its IT with its business objectives:

Understand your business and the nature of your organization

Unless you understand the nature of your business and how it fits into the sector and economy, it is very difficult to come up with a serious IT plan that would actually work. You can start by gathering important information such as organization charts, roles and responsibilities and associated markets and products. Needless to mention, you must also possess a crystal clear understanding of your customers and their persona. Also, you must take time to analyze the structure and cultural ethos of your organization. Once you have a map of your corporate model and how it fits into the larger picture, you can start planning for the future. At this stage, it is also crucial that you start documenting all IT assets and applications.

Identify and understand the relationship between your core business and your IT assets

Understand your business’ value chain and analyze its major components. You must have an in depth understanding of the factors that drive your business as these key scaling factors play a crucial role in planning IT strategy and alignment. At this stage, you must also duly collate information about internal as well as external factors.

Determine and set the change agenda

While setting the agenda, you must research and analyse your strategy several times; not only that, you must also ensure that there is a perfect balance between the cost, value and precedence of the IT estate and then identify the impact and implications of the IT alignment plan. Of course, you must also identify requirements, prioritize time frames and functionality, model and test the strategy well in advance to ensure that the final outcome is lucrative.

Once you have all the necessary information, chart out an IT plan that has business drive and is not extremely technology-eccentric

The most difficult hurdle that many organizations face while aligning IT with its business objectives is that most IT strategies lack business drive and are too technology-eccentric. This strategic variance can be counter-productive and can lead to overtly intricate IT infrastructures that are difficult to sustain and modify. In order to avoid such obstacles, it is recommended that organizations invest in strategic partnerships with IT Managed Service Providers who specialize in aligning IT with business objectives.

What Does Your IT Team Need to Know About PCI DSS Compliance?
Dec 9th, 2015 by aperio

(Part 6 in our series on IT Compliance Concerns.)

In Part 5 of our series, we discussed how the Payment Card Industry Data Security Standard (PCI DSS) was created in an effort to o improve protections for storing, processing, and transmitting cardholder data. In this part, we will look at some of the details your IT team will need to deal with regarding PCI DSS compliance.

What are some of the Information Technology concerns for PCI DSS compliance?

Keeping in mind that the penalties for failing to comply with these standards can include fines and possibly the termination of privileges to process credit cards, your IT team will need to pay careful attention to many details. We discussed the twelve general requirements for PCI DSS compliance in our last post. Naturally, each one of these raises concerns for your IT department.

Firewalls

This includes installing and maintaining a firewall configuration to protect cardholder data. Additionally, your IT team will need to regularly test your firewall for effectiveness.

Not using vendor-supplied defaults for system passwords and other security parameters

Your company will need to create, maintain, and regularly update your system passwords with unique and secure passwords. You cannot allow your employees to simply continue to use passwords your vendors started them with. For an IT department, getting users to follow password requirements can be a frustrating process. Educating your employees so they understand the real need for inconvenient policies is key to winning their compliance.

Protecting stored cardholder data

(This applies only to companies that store cardholder data.) In addition to encrypting all stored cardholder data, your IT team may need to combine virtual and physical security features. Examples of virtual security: authorization, authentication, etc. Examples of physical security: restricted access, locks on cabinets, servers, etc.

Encrypting transmission of cardholder data across open, public networks

Given the increased use of public networks, your IT team will need to pay close attention to wireless networks and remote access solutions for this requirement.

Using and regularly updating antivirus software

Your IT department is probably already aware of the need for antivirus software. With this requirement in mind, to need to regularly update software and apply patches becomes even more important.

Developing and maintaining secure systems and applications

Your IT team will need to have a process for tracking newly discovered security vulnerabilities in the software your company uses. This may mean making use of alert systems provided by your software vendors.

Restricting access to cardholder data by business need-to-know

This simply means limiting the number of employees who have access to cardholder data. It requires your company to have carefully designed processes for determining which employees will have that access so that your IT team can then provide that access.

Assigning a unique ID to each person with computer access

This will ensure that when actions are taken on critical data, those actions can be connected to known, authorised users.

Restricting physical access to cardholder data

Again, limiting access limits the chances of a security breach.

Tracking and monitoring all access to network resources and cardholder data

This means logging networks and appropriate devices, as well as storing those logs in case they need to be used later as evidence in case of a security breach.

Regularly testing security systems and processes

This means conducting regular vulnerability scans for possible weaknesses.

Maintaining a policy that addresses information security

  • Such a policy needs to address remote access and wireless technologies, removable electronic media, email, internet usage, laptops and other mobile devices, as well as addressing the monitoring of service providers.

To learn more about PCI DSS and related issues:

Other posts in this series:

Part 5: Is Your Company PCI DSS Compliant?

SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa