Personal Firewall Decisions

When weighing in on personal firewall protection software, there are three important factors that should be considered prior to making a decision.   The first and most important is that the updates for the software must be continuous and be prompt to address the ever-changing hostile environment that users are accustomed to.  The second factor I would look at is load or how the software impacts the performance of my computer.  Many firewall software suites I’ve used in the past have severely hampered my performance to the point where I have even disabled the software to accomplish certain things on my system which defeats the purpose of having the software.  The last factor I take into account is how easy it is to manipulate and use the software.  When you download a software suite designed to protect you system, it needs to be “plug-n-play” type software that doesn’t require too much thought into installation and configuration.  This is especially important when you are recommending software to install to protect a family members computer.   That is unless you like to receive family tech support calls on those least opportune moments such as during one of your weekend football games.

Risk Management and Mitigation

This week’s blog I would like to address risk management an important matter that can quickly break a company if not properly implemented or simply not implemented at all.

One of the keys to protecting our information assets is to understand the risks associated with that asset and knowing out to mitigate those risks.  Risk in regards to information security is the likelihood that a threat will expose vulnerability in a system.  Once the risks have been identified, risk mitigation the second step of a risk management process involves prioritizing, evaluating, implementing and maintaining the appropriate risk reducing controls on our systems.

The elimination of all risk is impractical and/or impossible.  It is the responsibility of management to use the most cost effective approach and implement the most appropriate controls to decrease mission risk to an acceptable level, with minimal adverse impact on business resources and mission.

Bluetooth Vulneralbilities

With the popularity of smartphones and the utilization of Bluetooth for communication and data transfer, three-quarters of mobile phone users are not even aware of the internet security risks linked to Bluetooth-equipped devices. Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless personal area networks (WPANs), and it has been integrated into many types of business and consumer devices.  Utilizing Bluetooth has its risks and they can be categorized into four main semblances:

• Bluejacking is when anonymous text messages are sent to mobile phones
• Bluespamming is when a phone’s contacts are secretly sent text messages
• Bluesnarfing is when hackers gain access to a mobile phone’s contacts
• Bluebugging is when hackers have access to a handset’s commands

While each of these risks is a nuisance, Bluesnarfing and Bluebugging can be very serious. With bluesnarfing, hackers can gain access to stored data on your smartphone, such as a phonebook, calendar or they can even use the data discovered to clone your phone.

Bluebugging, on the other hand allows hackers to make phone calls from the mobile phone they control. They can write messages and send them from the phone and they can even eavesdrop on private conversations.

Even though you think it can never happen to me, you should take some simple precautions to protect yourself against Bluetooth security breaches on your mobile phone such as always disable Bluetooth functionality on your phone when it’s not in use and investing in some mobile antivirus software available for you particular phone.  Though not fool-proof, they will help to mitigate risks associated with Bluetooth communication.

Any fool can have bad luck; the art consists in knowing how to exploit it.

When vulnerability is found within a system, an “exploit” is needed to provide access to the computer. The vulnerability can be a glitch, a bug, or even a simple design weakness within the hardware or software.  Once the weakness is discovered, an attacker can use software or commands to carry out some sort of malicious intent such as a worm, virus, or a denial-of-service attack.  On many occasions, once a vulnerability is discovered by a hacker, it is immediately posted to a website or discussed in forums so others can take advantage of it.  Even though there are no known inoculations against future exploits, patches and/or fixes are our only line of defense to protect us once a weakness is discovered.  Thus, it is very important for us to update our systems often.

Penetration Testing

For the next few blogs, I will be discussing some common terms one might encounter if they are lucky to be working within any information security capacity. The first term that I will be discussing and most are probably already familiar with is penetration testing, or often called pen testing.

Pen testing is the practice of attacking an IT system the same way a hacker might attack in order to identify security holes. The person who carries out the testing is often called a penetration tester or pentester.  Of course, this is all done with the permission of the client and also without harming the actual network.  If the client were unaware, this would be considered hacking into the system which is considered illegal.  Most pentesters would recommend that before testing begins, it is in the tester’s best interest to obtain written permission prior in order to cover their ass if questions should arise.

To become a pentester, one could be lucky to have natural talent like HD Moore.  HD Moore, who was a high-school whiz kid, started a company in 2003 that goes by the name of Metasploit.  Both him and his company have become the de facto standard for penetration testing and exploit code development.  I highly recommend you visiting his web site www.metasploit.com if you are interested in this line of work.  Of course, if you don’t have the ‘natural” skills like Moore, you could enroll in some type of formal training to help educate yourself to become a pentester.  There are many training resources available such as Rapid7, GIAC, etc…. just make sure you do your research to find one that is reputable and is also recognized by the information security community.

 

Reveton Malware

     I recently came across an interesting article on the FBI’s web site in regards to a new malware that seems to be growing in popularity by holding an unsuspecting victim’s computer for ransom.  The ransomware, known as Reveton, freezes your system and then brings up a window indicating that your IP address has violated United States federal law by participating in an illegal activity such as child pornography, illegal downloading, and or distribution of copyright content.  According to the FBI, some versions of Reveton even “turn on computer webcams and display the victim’s picture on the frozen screen.” The pop-up window goes on to say that if you want to unlock your computer, you are instructed to pay a fine upwards to $200 via a prepaid credit card or a payment service.  The geographic location of the victim’s IP address determines what payment services are offered within their area and in some cases, the pop-up window will even include a code entry box for payment.

According to the Internet Crime Complaint Center (IC3), this is one nasty virus to remove and sometimes the malware you think you have eradicated continues to operate to commit online fraud. There a few ways to remove this virus and those methods can be found on the Internet by doing your research.  That is of course if you can still access the Internet.

Stay safe and be vigilant!