Computer & Network Security

/Computer & Network Security

Our top 5 findings from IT security audits

What are the top things we have learned from performing 200+ security audits? 1.  The “major issues” do not change Good security is good security, and you can think of the major security issues as being giant “targets” within your organization.  Targets which the bad guys hope will come into their line of fire, and they are regularly shooting at. You can easily spot and name these targets: User awareness, access control, backups/recoverability, etc.  These are the primary topics that most compliance requirements are based on. Identifying these large targets and putting in the appropriate safeguards to make these targets [...]

By | 2018-12-07T16:21:24+00:00 May 25th, 2018|Compliance, Computer & Network Security, Data Breach, Information Security, Research, Viruses, Vulnerabilities|Comments Off on Our top 5 findings from IT security audits

Everything you wanted to know about Ransomware…but were afraid to ask

What is Ransomware? Ransomware is a type of malicious software that prevents users from accessing their computer system or files until a sum of money (ransom) is paid. In the malware landscape, ransomware has earned itself a well-deserved nasty reputation. There are two types of ransomware identified in this branch of the malware family tree; 1) locker ransomware and 2) crypto ransomware Locker ransomware effectively locks Windows access preventing the user from accessing their desktop or files. Typically designed to prevent access to one’s computer interface, Locker ransomware mostly leaves the underlying system and files unaltered.  A message would be [...]

By | 2018-12-07T16:14:54+00:00 May 18th, 2018|Data Breach, Encryption, Information Security, Malware, Privacy, Uncategorized, Viruses, Vulnerabilities|Comments Off on Everything you wanted to know about Ransomware…but were afraid to ask

How to configure warning messages for Office 365 emails from external senders

As a security precaution, it’s a good idea to remind your staff not to open attachments from unknown senders. One easy way to implement this in Office 365 is by setting up a mail flow rule in the Exchange admin center. If you have ever set up a Disclaimer mail flow rule, the setup is almost identical. In this tutorial, we’ll cover how to setup your own warning message for all external email sent to users inside your organization. Steps to Configure Attachment Security in Office365 1. Log in to your Office 365 Admin account at: https://portal.office.com 2. Select Admin [...]

By | 2018-12-07T16:32:05+00:00 May 10th, 2018|Microsoft, Phishing, Viruses, Vulnerabilities|Comments Off on How to configure warning messages for Office 365 emails from external senders

The Zenis Ransomware Variant Goes the Extra Mile

Overview Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer or files.  A subset of ransomware called crypto ransomware (or crypto virus) has seen a dramatic rise in use over the last few years.  Crypto ransomware’s modus operandi involves encrypting popular and common file types on a compromised system and then demanding a ransom from the user for a key that can then be used to decrypt the files. In Q3 2017, according to Malwarebytes, a company is hit with ransomware every 40 seconds.  This was an increase of 3x [...]

By | 2018-03-21T22:04:03+00:00 March 21st, 2018|Malware|Comments Off on The Zenis Ransomware Variant Goes the Extra Mile

Security Incident Case Study – A MSSP Run Amok

This is a case study of a security incident that occurred recently. The purpose of sharing this case study is to provide an example as to why proper security measures must be constantly validated both internally AND externally to include Managed Service Providers.     Security Incident Overview A valid user account (UserX) downloaded a malicious executable file on the Remote Desktop Protocol (RDP) server used by employees for remote desktop access in the middle of the afternoon. The updated security software on the server blocked the file from executing and placed it into Quarantine. Upon closer inspection, after being alerted [...]

By | 2017-01-17T23:33:08+00:00 January 17th, 2017|Computer & Network Security, Data Breach, Uncategorized, Vulnerabilities|Comments Off on Security Incident Case Study – A MSSP Run Amok

Law Firm Breach Used for Insider Trading Profit

Three Chinese citizens are charged for insider trading after allegedly making $4 million by using information obtained from Law Firms.  The breach has to do with stolen credentials and malware planted within Firm systems - a very common tactic.  The Law Firm names have not been released yet.  Firms are typically diligent with Banking and Healthcare data, but this breach had to do with a merger that was in the works.  The hackers bought shares before the announcement and profited from the stock increase.  This highlights the need for more than just basic cyber security products.  A more disciplined approach [...]

By | 2016-12-30T13:19:30+00:00 December 28th, 2016|Computer & Network Security, Data Breach, Information Security, Social Engineering|Comments Off on Law Firm Breach Used for Insider Trading Profit

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

In the first post I covered best practices for securing service accounts.  In this post, I am going to discuss some key elements in securing priveleged access.  Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory. Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices.  Once processes are in place, these key components should not add significant overhead to administrative tasks. No users should regularly reside in Domain Admins (DA) or Enterprise Admins (EA) groups Straight from the horse's mouth: As [...]

By | 2016-03-21T09:57:50+00:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

I recently had a client ask me about our recommendations for securing service accounts within Active Directory.   We talked for a bit, and then I decided to write them down.  This post will have two parts, the first part is for Service Accounts and then the second post will be about privileged accounts. What is the minimum privilege needed? If the account will only use local resources on a single device, use a local account on that device. If the account needs permission to see users, computers, groups etc use a domain service acct. When only read access to [...]

By | 2016-02-18T11:02:18+00:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

2015 Cyber Security Awareness Month

What is Cybersecurity? According to US-CERT, "The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation." In other words, it is the people, processes and technology that manage or maintain the Integrity, Availability, and Confidentiality of the systems and data with which an organization functions.  Many times these roles are shared with IT which in turn can come with its own challenges.  Often times, IT is focuses solely on availability, or up-time and ease of use, and both [...]

By | 2015-10-02T09:15:18+00:00 October 2nd, 2015|Compliance, Computer & Network Security, Information Security, Research|Comments Off on 2015 Cyber Security Awareness Month

Third Party Apps: Consider The Risks

What are 3rd party tools? Everyone, from individuals to enterprises, uses third party tools and applications on their workstations, servers and mobile devices.  Some examples are Adobe Reader, Java, WinRAR, and many more.  They are applications that are run or installed, but are typically not centrally managed by your organization. Why are they important to an organization? Many times these tools are required to carry out critical job functions.  These can be running applications that require Java applets, fax services, custom written applications and so on. What risks can they introduce? Since these applications are usually not centrally managed, their [...]

By | 2015-10-01T09:22:47+00:00 October 1st, 2015|Adobe, Compliance, Computer & Network Security, Java, Vulnerabilities|Comments Off on Third Party Apps: Consider The Risks