I remember the first time I read in the Wall Street Journal (1999) that “doing wireless was like putting an RJ-45 Ethernet jack in your parking lot.” The implication was that the company’s most sensitive information would be readily accessible if someone simply drove into the parking lot and had a wireless card. The presence of wireless would allow a would-be hacker to spend the night draining your company of its valuable information. We were clearly forewarned. And it did in fact happen – over and over again!

When I was asked how to prevent security leaks for a Fortune 500 company, the first question to answer was, “who are we protecting ourselves from?” We identified several classes of potential threats and determined their relative ability to penetrate our security from lowest (1) to highest (5): 1. Hackers, 2. Corporate Espionage, 3. Disgruntled employees, 4. Careless employees, 5. Domestic and Foreign Governments.

It is true, that wireless link into the parking lot is a high risk element in your security and the same is true for the Internet access. But there are many affordable techniques that are readily deployed to ward off the Hacker trying to penetrate these defendable portals. They are typically looking for easy targets and do not waste much time trying hardened sites.

The Corporate Espionage motivated hacker has more staying power. They have an identified motive and it requires various levels of monitoring to warn you when this type of person is working overtime to get into your records.

The Disgruntled Employee has gotten a lot of attention over the years and is clearly a challenging threat that needs to be managed. And trying to defend against National Agencies is a topic of growing concern and topic for another day.

It’s the Careless Employee that generally poses the highest threat where the typical corporation can improve security without breaking the bank. We have determined that access to information from anywhere is more important than the risk. Our managers, employees and officers all have laptops and home computers with “secure” access to routinely download all the corporate spreadsheets, customer lists and contracts, update these and upload them back again. This is done in virtually every company in the technology enabled world. The result of this style of information management is that your most critical information is now everywhere. Copies are on home computers, laptops and traversing the unsecured Internet. In most cases, if a copy of a document went out to a remote laptop, we do not have a clear record.

We only need listen to the local news for a clear example. Healthnet, a Shelton CT company, lost a USB disk drive. It took them over six months to determine that it contained the health records of nearly 460,000 customers. Now that’s not only embarrassing, it’s criminal.

So most reading this article will say, “But that’s the only way we can be productive. Isn’t there a reasonable way to continue the productivity without the risk?”

The answer is yes, we can minimize the risk. The key is to follow a philosophy we are promoting at Fandotech. Instead of using the Internet to distribute your critical information “to everywhere” make centrally controlled and stored information available “from anywhere”.

We now have cost effective technologies that allow us to design access to your information from anywhere without actually sending the files out. Products like XenAPP from Citrix can be configured so the trusted user can log into an audited port and be granted the ability to view and edit appropriate documents without moving the document out of the data center control. This provides clear custody and control mechanisms for the integrity of the document. The Citrix remote access technologies also allow for the download of information when truly required, but requires a “sign out” and “sign in” that deletes the remote copy of the document and makes an audited record of who, when and where the documents went.

Now information is version controlled, backed up and audited centrally. Think of the cost savings potential and restful nights of sleep knowing your data is more secure!

Information everywhere is a weak link in the security of your information. People are people and they will lose things or they will steal things. Centralized information management that is auditable will minimize embarrassing events and minimize your risk.

John Boyd

The Conficker virus stole headlines at the end of March 2009 with its dynamic and unique threat to infect the Internet.  Since the Internet continued to function after the supposed payload date of April 1, there has been a media silence since April 2.

However, this does not mean the threat disappeared. On the contrary, according to the Conficker Working Group, 350,073,303 infections have been tracked to date. These infected systems are used to send spam and to distribute fake anti-spyware applications known as scareware. Like most things, the motive comes down to money—money earned by the virus authors through spamming and selling malicious software to unwitting users.

In order to understand how it works and why it created such a furor, check out some good sources for reliable information about how the virus works:

US-CERT – Conficker Worm Targets Microsoft Windows Systems

Microsoft – Centralized Information About the Conficker Worm

New Scientist – The Inside Story of the Conficker Worm

There are also several testing and remediation resources out there, but be wary of over-enthusiastic, no-name vendors fueling infection panic and pushing a free removal tool. Research vendors before downloading any software. In fact, to be on the safe side, use tools recommended by the Conficker Working Group.

Conficker infections have not stopped even though headlines have slowed down to a trickle. Keep up to date on this ever-changing security threat.

Share your Conficker experiences below, in the comments.

With the influx of wireless technology into the world, and especially the home, the idea of actually protecting your personal information becomes more important.

In the days in which you simply ran a cable from your router to your computer, security wasn’t as drastically important. There was only a physical link to your network, so it was vastly more difficult to gain access to that network. Effectively someone would have to break into your house and plug a cable into your router to get access to what was on there. That wasn’t the only way, but it was essentially the only equivalent to what is possible today with wireless technology.

Now with wireless hot spots all over the globe, and laptops integrating such capabilities, security has become much more important.

There is a concept called “piggybacking.”  This involves driving around and searching for wireless networks throughout the world. This is quite often mislabeled as “wardriving.”  Wardrivers are generally just out to collect information—they don’t actually use the network resources they find. “Piggybacking” is the access and use of someone else’s wireless connection. This could be used to describe someone leeching off of their neighbor’s wireless access point, or someone sitting outside a coffee shop’s hotspot and using their network without actually giving them any business.

Piggybacking is what you’d want to prevent people from doing, and there are two main reasons I would like to highlight:

• Protection of your personal information. On your home network, you may or may not have documents, folders, and other files shared out to other users on the network. You might give your significant other or your children access to music or video files on your computer. There are many ways to do this, but by sharing files there is the potential that someone you didn’t intend to access your home network could see things you don’t want to be seen.
• Protection of your resources. With the idea of ISPs putting limits on the amount of traffic home users can use over the course of a month, having someone leech off your wireless signal could potentially cost you a lot of money. If a neighbor gets access and starts using it to download DVDs, this could cause a problem from a financial standpoint, as well as legal. You could be held responsible for copyrighted material that is downloaded by a rogue user on your network.

If you don’t secure your home network, connecting to it is as simple as selecting it from a list and clicking “Connect,” and suddenly a person unknown to you has capabilities you’d rather them not to have. However, since the influx of home users taking advantage of wireless technology, setting up security has become very user-friendly. Instruction manuals that come with your routers provide the necessary information to secure your network, but I would like to highlight three common methods here:

• WEP. WEP stands for Wired-Equivalent Privacy. It encrypts your data using a security key that you must apply at all computers accessing your network so they can read the data being sent. It isn’t the most secure method, and you can argue that the encryption is weak, but it is widespread and very easy to set up. This will require a password from users that wish to access your network. Despites its weakness based on other methods, it will prevent most unauthorized access to your network.
• WPA. Wi-Fi Protected Access. WPA answers a lot of the issues that WEP has-it is much more secure and takes measures to prevent the encryption from being broken so easily. It is not as widespread as WEP, but is relatively easy to set up if you have equipment that is compatible. It cannot be used in conjunction with WEP-you must pick one or the other.
• MAC Filtering. Every PC and network device has a unique number called a MAC address (MAC stands for Media Access Control, incidentally). It is very important in the world of networking. Most modern day routers have the ability to filter network traffic by checking the computer’s MAC address against a list of allowed addresses. If it does not match, the computer will not be able to access the network. This sort of setup is more advanced and calls for a little bit more administration—it requires you to obtain the MAC address of each device on the network and enter it into the router. By itself it isn’t the most secure method (it doesn’t encrypt data for instance, just prevents access), but used in conjunction with WEP or WPA it can help add a layer of security.

One more thing that I would like to point out: for most home networks, having multiple layers of security isn’t something to worry about. My suggestion is that you should just make sure that a random person will not be able to access your network. Secure your network, but use the method that is easiest for you (which in most cases is WEP).

None of the methods I described above are fool-proof: every single one has a way it can be cracked. But chances are very good that most people that understand how to break through these security measures aren’t going to have much interest in the average home network.

Having only worked on the Fandotech team for a few months, I see a lot of users catching malware or viruses which could have been avoided entirely. It’s unfortunate, especially when you see the same users come back with the same problems. Whether these problems are from opening email attachments from unknown sources (a common problem that can easily be defeated by user education) to malicious Javascript running automatically when browsing to a web page (defeated mostly by just paying attention to what you’re doing), they can be quite serious and can cause a lot of frustration and downtime. Frequently, the quickest and easiest way to clean an infected computer is to completely format the hard drive and reinstall Windows. Any IT professional will try and save important documents before doing so, but in this field there aren’t any guarantees.

So, without any guarantees, there is no way to ensure complete and total security. The best method might be abstinence, which in this case translates to completely unplugging from the internet. But that’s hardly feasible in any sort of environment, since the Internet has become such an integral part of society. So here are a few steps to help ensure a moderate amount of security, both at home and in your place of business:

1. Always work behind a router. A router is a device that allows multiple computers to use an internet connection (and share files with one another, among other things). If you’re in a business, this is pretty much a guarantee. At home, not necessarily. Routers are very, very common in households these days, especially since wireless connections have become so huge. However, they don’t exist everywhere. A lot of people may have the misconception that a router isn’t necessary if they only have one computer that needs internet access. This just is not true. Basically, when you sign up for internet access, you get assigned a public IP address (think of it as your home address: it’s how information finds your computer). This is an IP address that is routable from the internet, and is not something you want your computer to have. It is a better security practice to purchase a router. That way, the router will have the public IP address and will give your computer a private IP address. This is good practice even if you have a software firewall, even if the ISP tells you otherwise.
2. Pay attention to what you’re doing. This is a lot more difficult than it sounds—many people don’t quite have this method ingrained into their behavior. They’re simply not used to having to pay attention to every link they click. Many times there are website URLs that look legit, but are actually a slight misspelling of a real URL. Sometimes, you can have a malicious email sent from someone you know and trust. It’s difficult to defend against such things, so just try and pay attention. Work on modifying your behavior if you need to. If you get an email from someone close to you that doesn’t seem to have the right language/tone that you’re used to seeing, email them back before clicking any links or downloading any attachments it contains (this method is how my wife avoided getting a virus from me many years ago: she knew the message in the email was not something I had written).
3. Make use of anti-virus software. This is #3 on the list because it is absolutely useless if you don’t do #2. If you click a link or open an attachment, there is a good chance it will not be tagged by any anti-virus software. However, anti-virus software can detect viruses—but it’s not fool-proof. Viruses change and morph constantly, and each time they change, the anti-virus software you use needs to be updated, otherwise it is useless against new threats. Most programs do this for you automatically, but it’s wise to check and make sure it’s being regularly updated nonetheless. There are many who can argue the merits of which program is the best, but something is better than nothing. AVG and Avast! are free anti-virus programs you can use, and some ISPs offer free software for their subscribers (for instance, Comcast offers free McAfee subscriptions). In this day and age, there is no excuse not to have some sort of anti-virus software helping to protect your computer. It is also worth noting that Windows does not currently have any sort of built-in anti-virus software. The reason I mention this is because one of the more nasty rogue programs out there tricks users into thinking their machine has a virus, and tells them that Windows Antivirus 2008/2009/etc. has detected threats and must be purchased in order to protect your computer. This is not a legitimate program and will do nothing to protect you against attacks. If you see a program like this, you’ve already got a virus on your system, because it is the virus.

   

   Windows Antivirus 2009

4. Make use of anti-spyware software. I was going to combine this with #3, but I think it should have its own place on the list. Viruses and spyware are different, and best approached using different programs. A program that you choose to install on your computer could contain spyware, and it wouldn’t necessarily classify as a virus since you choose to install it. Windows has an anti-spyware program called Windows Defender, which you can get for free. There are also plenty of free third-party solutions, such as Spybot, Malwarebytes, and Ad-Aware.
5. Try an alternative browser. Every PC that ships with Windows ships with Internet Explorer as the only browser installed, and therefore it is the most widely used of them all. I’d venture to guess that most end-users don’t even know what a browser is (I have many times heard Internet Explorer referred to as “The Internet”). Since IE is the most widely used, it is therefore the most vulnerable. I won’t even begin discussing the security holes or which browser is the most secure based on its coding—in my eyes IE is the least secure because it is the most widely used, therefore the most targeted for attacks. There are other solutions, such as Mozilla Firefox, Google Chrome, and Opera (to name a few) which have only a fraction of the market share, and therefore are less likely to be compromised. None of them guarantee you security, but it only makes sense that the majority of malicious software written will try and hit the most users.

Those are just a few of the basic steps any end-user can take to help make them a bit more secure. Any of these are helpful to practice on a regular basis, but the best approach is the combination of some or all of them. As I said before, there is no single way to make you completely secure—merely several things that can add to your level of security. As I said at the beginning of this article: I’ve seen many occasions where the only feasible way to clean malicious software from a computer is to completely delete everything on it and start over. If your information is important to you, make a small effort to protect it.

Corey Slack