The people at Information Is Beautiful created a very interesting visual representation of the worlds biggest data breaches found HERE. The criterial to make this list is being a company that experienced losses greater than 30,000 records during a data breach. Each bubble represents a company and can be clicked to bring up data about the breached as well as a link to the original report covering the incident. The next examples show clicking the recent Home Depot breach to pull up the quick info and detailed article. There is a filter on the right used to tune into what you want to view. Pretty cool little tool. Continue reading
I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.
I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading
Want to protect your privacy when using the Internet? Well unfortunately that is tough to do these days. Many agencies and governments are investing in network surveillance programs to monitor Internet traffic. Firewalls can offer application visibility packages capable of identifying device and browser type, where people are surfing the Internet and what applications are being accessed. Most websites include tracking cookies that gather data about users accessing their resources. Data obtained about you is used for various things you probably are not aware of and may not approve. This includes selling that data to large marking firms that eventually turns into SPAM and other unwanted contact. A more extreme example of unauthorized surveillance is covered by Jacob Appelbaum’s talk on the US governments Internet spy tools (found HERE). Its eye opening!
The Internet is not a safe place. Best practice is protecting users with a Web Security solution. The ideal solution should be able to identify the attackers meaning verifying the source of the threat along with various methods to look for attacks. Cisco accomplishes this through a combination of global correlation (IE verifying if the source is malicious based on things like location, time the source has ben active, reputation, content, etc.), malware scanning and traffic monitoring.
The flagship web security solution from cisco is the Web Security Appliance (WSA) coming from the 2007 Ironport acquisition. Other web security options are a cloud offering and next generation firewall addition to the ASA firewall known as CX. More on Cisco’s Web Security options can be found HERE. Continue reading
Aamir Lakhani wrote a good post on email security. The original can be found HERE
Headline Emails Lead To Data Breach
Today we use email far more than we use writing letters to communicate with our friends and relatives. In business, the use of email is ubiquitous and seems to grow exponentially each year. But who’s reading these emails besides those who they were intended for? Is sending information this way secure? Before email, we either sent our correspondence by post in an envelope or byway of fax. Both relatively secure. In the case of postal services, the interception of letters is quite rare and almost impossible for faxes. Continue reading
People use weak password practices to secure critical information. Weak password practices include using the same password for multiple systems regardless of the value of the asset, dictionary words, short phases and keeping the same passwords for extended periods of time. For example, it’s common to find a password on a non-critical asset such as a PlayStation 3 be the same as a person’s bank account login.
The more information an attack knows about your password profile, the more likely they will crack your password. For example, a policy of “6-10 characters with one upper case letter and special character” actually helps an attacker reduce the target space meaning passwords are weaker with the policy. If an hacker captures a password for another system and notices a formula such as ‘<dictionary word>’ followed by ‘<3 numbers>’, it helps the attacker prepare a dictionary attack (utilities such as Crunch makes this easy). Any password shorter than 10 characters is an easy target to brute force attack based on today’s system process power. Continue reading
Lancope enables visibility for security and network performance. Security capabilities focus on identifying insider threats such as botnets, malware and data loss using non-signature network wide correlation of all traffic. Pretty much anything touching the physical or virtual network leaves a footprint known as NetFlow that is investigated for malicious intent and performance statics.
Lancope offers a virtual and physical appliance option for the StealthWatch technology making it easy to build a lab. This post will explain how to build a simple Lancope lab integrated with Cisco ISE 1.2 beta using an Apple Mac mini server hosting vSphere ESXI 5.1 with ASA 5505 firewall. Continue reading