Router security in the wake of the CIA’s Cherry Blossom attack

If you have been following the news, you will have heard that the CIA has, since 2007, been exploiting security holes on some routers to eavesdrop on unsuspecting individuals. The project is reported to have covertly replaced the routers’ firmware with custom, Linux based versions, which gave the organization a stepping stone into target networks.

Why Routers are Important

Routers are, without doubt, one of the most important components on any given network. By receiving and forwarding data packets along the best possible routes, routers act as gateways through which traffic flows on the internet.

Router Security

The revelation that the CIA has been exploiting firmware holes in some routers is hardly surprising. By compromising these most important of devices, hackers get the ability to exploit any part of a computing system. They can, as an example, perform the following tasks;

  • Install custom firmware
  • Launch man-in-the-middle attacks
  • Monitor internet activity
  • Inject malware into the data stream
  • Direct traffic to bogus websites.

Why are routers vulnerable

Although routers are, as we have already noted, one of the most important components on any given network, they are, more often than not, also the most neglected. For most people, the only time that they ever think about their router is when they are setting up their network. From then on, most of us forget about the devices. The following are some of the reasons why routers are vulnerable to attack;

  1. Failure to upgrade firmware

Most people out there never bother to update the firmware that is on their routers. This exposes them to attacks such as the one that was launched by the CIA. We have previously written a number of articles in which we take note of the fact that the recent WannaCry ransomware attack was mainly the result of failure by some individuals and institutions to keep their Operation Systems up to date. This is exactly the same thing that happens with routers. Failure to keep the devices up to date exposes the entire network to attack.

  1. Out of date hardware

Another cause of concern is the fact that not many people ever bother to upgrade their hardware. If a device is functioning as it should, people will keep it at work, even when security vulnerabilities, such as the ones that enabled the CIA to infiltrate certain routers, are exposed. There is clearly need for people to make sure that they have devices that are capable of withstanding the increasing security demands of today’s computing environment.

  1. Home vs Enterprise Routers

What most people do not understand is that the type of router that is in use also has a bearing on the amount of security that it can provide to a network. Roughly speaking, routers come in two configurations; basic and enterprise.

The basic type of router is the one that is installed on most home networks. This type of router places emphasis on speed and not only security. Despite this, it is not uncommon to find businesses using this type of router. This is what exposes them to the type of attacks that we have been witnessing over the past few months.

Enterprise routers, on the other hand, place greater emphasis on security. This is clearly the type of router that we recommend to people who talk to any of our CISCO CCIE certified experts. Businesses should never use the basic type of router, lest they expose themselves and their customers to attack.

  1. Router Settings

Another thing that exposes routers to attack is having the wrong settings. Although most routers come with adequate security protocols, it is up to you to make sure that all of them are enabled to give your network maximum security.

If you have a wireless router, you need to have the strongest possible password to thwart brute force attacks.  Such things as Remote Administration and UPnP and NAT-PMP also need to be turned off to prevent attack.

  1. Encryption

You also need to activate encryption on your router. If the device that you have does not have this function, then you need to quickly get rid of it. Encryption on any router should be set to AES. You should, by all means, avoid the TKIP option.

  1. Firewall

Another thing that you need to do is make sure that your router’s firewall is up to the task of protecting your network. All routers come with built in firewalls. This should always be activated. You should also have a firewall on your PC to double the protection.

Free Network Consultation

If you are worried about securing your router and network, talk to us and we will provide you with the expert advice that you need to stay safe in today’s environment. We also provide free webinars for managed I.T solutions and Security.

Could hackers drive off with an autonomous vehicle?

Self driving cars used to be the stuff of Science Fiction. Now, estimates indicate that up to 10 million autonomous vehicles will be cruising across the planet’s roads by 2020. The truth, however, is that this type of vehicle comes with a lot of cyber security risks. What do we mean by that?

Cyber Security Risks

Imagining a hacker driving off with a self driving vehicle may appear to be a bit over imaginative, but the idea is actually conceivable for one reason; vehicle autonomy is all about coming up with the right algorithms. Self driving vehicles rely heavily on the advances that have been made over the past few years in Artificial Intelligence.

Software is Vulnerable

We have already noted that vehicle autonomy largely has to do with developments in software. What this means is that the same threats that are present today in computers around the globe will also be present when autonomous vehicles become widespread.

If you have been following our posts, you will have read our article on some of the network threats that people need to be aware of. Some of the most common types of malware that are floating around out there include;

  • Ransomware
  • Trojans
  • Worms
  • Viruses
  • Adware
  • Spyware
  • Rootkits

Vehicles held at ransom

The idea that someone could, at some point, take over a vehicle and go on a virtual joy ride, with its occupants still inside, is rather scary. However, it could very well happen in the near future. If you have read our article on Ransomware, you will know that this type of attack usually manifests itself in the encryption of all the data that is on a computer.

You are then required to pay a given amount to the cyber criminals to be able to regain access to your important data. Something that is similar to this could happen with regards to autonomous vehicles. The prospect, we have to admit, is rather scary.

Locked in your vehicle

There is every chance that when self driving vehicles become really prevalent, hackers will look for ways through which they can lock people out of their vehicles. Worse still, they could also find ways through which they can remotely lock you in your vehicle; thus turning it into a prison of sorts. You would then be asked to pay ransom in order to be allowed to get out.

Solutions

The good news is that all is not doom and gloom as far as self driving vehicles are concerned. In fact, the issue of security is one that companies that have been working on autonomous vehicles are well aware of.

Reduced connectivity to the cloud

One of the things that can help reduce the risks of hacking with regards to self driving vehicles is reducing reliance on the cloud. A computer system is, it has to be said, only as vulnerable as it gets exposed to the many threats that are to found on the internet. If there is no internet connectivity, then there would really be no way through which a hacker could hijack an autonomous vehicle.

Legislative framework

Last year, the US Transportation Department came up with a policy document that was meant to regulate the adoption of self driving vehicles. It contains guidelines for the designing, manufacturing, testing and deployment of automated vehicles on the United States’ roads.

The way forward

Although government regulation will likely help pave the way for the widespread adoption of autonomous vehicles, the onus for the safety of the driving public largely lies in the hands of companies such as Uber, Google, Toyota, Yandex and others, which have been at the forefront of the impending automotive revolution.

Free consultation with a Cisco certified expert

Many of the threats that are now rife across the internet can largely be avoided. If you are wondering how you can build an impervious network, don’t hesitate to get in touch with you. We will hook you up with a Cisco certified expert who will walk you through all the options that are available to you in this regard. The good this is that all our consultations are completely free of charge!

Network Security Solutions using Cisco Meraki Security

Network Security Solutions – Build a Secure & Seamless Network with Cisco Meraki Solutions

Network Security Solutions – With the continuous and fast growth of the worldwide web’s viability  , it is immensely important that a company must build secure, efficient, and seamless network connections to keep up with the volume of works that need to be processed and completed within a specified timeframe. A company should focus on efficiency, intuitiveness, stability, cost, and integrity.

Network Security Solutions Essentials

Today, almost everything is relying on the digital world. Most of the transactions are digitized, which makes essential information and confidential data to be susceptible to online perpetrators except if you have secure and stable network security solutions.

So, with the increase reliance on technology, it is becoming significantly more important to secure and protect every aspect of online data and information, and highly designed network security solutions can help you with this quest.

What Exactly Is Network Security?

To put it in a layman’s term, network security is a shield against online attackers. So, it is a form of online protection against unauthorized access, hacking, and misuse of clients’ valuable files and the company’s directories in a computer network system. Some of the most common online threats to a network include adware, identity theft, malware, spyware, viruses, and worms.

One of the most significant features in a computer network system is the multiple layers of security. In order to get a complete protection against every online threat, your company’s network is to set up reliable network security solutions that offer comprehensive features to provide impeccable security protection.

How to Find the Most Cost-Effective Network Security Solutions

Finding the most cost-effective solutions in network security requires an utmost understanding of what you should be looking for in network security solutions. With this, here’s a list of factors and features that you should consider and look for network security solutions that include the following enumerated below.

  • Reliable
  • Smooth network security solutions
  • Secure entire computer network system
  • Comprehensive network security protection
  • Well-maintained
  • Highly Optimized and Extremely up to the par
  • All-inclusive
  • Efficient
  • Meticulously well-structured and designed
  • Cost-effective

With the vastness and rampant growth of the online world, there have been numerous providers of network security and web hosting management solutions. So, finding the best one will be quite a complex and rigorous process. Although one significant name leaves a strong mark in this industry, Cisco Meraki Solutions is among the best network security solutions you can take refuge online.

Why Cisco Meraki Solutions?

Cisco Meraki Solutions has worked on the security of several companies such as law firms. The company takes pride with its easy management and IT cost reduction, and reliability. Moreover, the Meraki configured remote office smoothly over the net with no on-site IT, and firmly secure employee network skillfully inaccessible from the Internet-only guest network. Thus, Cisco Meraki Solutions provides stern and smart network security solutions.

Aside from the aforementioned highlights of the Meraki, law firms experienced seamless roaming all throughout the wireless network without undesirable congestion on the communication line. Apart from this, Meraki also built acloud-based dashboard for online remote offices for various law and accounting firms as well asautomatic site-to-site VPN which enables secure and stable secure connectivity between branches in just two clicks.

Lastly, Cisco Meraki Solutions also shapes the network security traffic to prioritize important assignment on critical web applications.

What Are the Important Network Security Solutions Structure?

So, you might be wondering what a basic network security solutions structure includes, and what Cisco Meraki Solutions offers and delivers.The basic network security basics include the following listed below.

  • Firewall

This network security helps you protect your network from online threats. It functions through locking down unutilized open ports and filtering the influx traffic into your network. It comes in two types, software, and hardware.

  • VPN

It allows remote access and mobile users to log on to the network through encrypted tunnels. It provides employees the same type of security protection effectively like the local users.

  • Intrusion Protection Systems

The IPS technology features a higher level of network security through identification of potential threats and warnings as well as responding to them proactively, deterring or preventing these online threats to get through the network system.

  • Content Security

The content security includes email and web security to protect computer network system from any threats such as spam, virus, and other continuously changing online perpetrators.

  • Identity Management

This network security feature refers to setting up network controls who and what can access the network. It designates rights and restrictions with each identity.

  • Secure Wireless Networks

Almost everything today is accessible through the wireless network connection. The network security protects wireless networks for unauthorized access to the company’s network computer system.

The above-mentioned features are the basic structure of network security, and Cisco Meraki Solutions can provide your company’s specific needs, and prioritize them accordingly.

What Are Intrusion Detection Systems And Why Are They Important?

What Are Intrusion Detection Systems And Why Are They Important?

The term “Intrusion Detection Systems,” refers to programs (software) or devices that have been designed specifically for the purposes of monitoring a network and identifying potential vulnerabilities and ongoing attacks.

IDS Types

There are five main types of Intrusion Detection Systems. These are;

  • Active
  • Passive
  • Network Based
  • Host Based
  • Knowledge Based
  • Behavior Based

 

  1. Active Intrusion Detection Systems

These are also commonly referred to as Intrusion Prevention Systems. An active IDS not only identifies an ongoing attack on a network, but it also actively takes measures to stop the network from being compromised. One major disadvantage of this type of system is that false alarms may deny access to legitimate users.

  1. Passive IDS

A passive IDS, on the other hand, does not take measures to stop an attack, but only identifies the threat and notifies the operator of the potential vulnerabilities. Unlike and active IDS, this system is not itself usually prone to falling prey to attacks.

  1. Network Based IDS

This type of IDS is composed of a sensor and a NIC (Network Interface Card). The network based IDS monitors traffic on a particular segment of the network. The NIC operates in promiscuous mode and checks out all packets of data that pass through the segment.

  1. Host Based IDS

This comes with “agents;” small programs that are installed on individual systems (the hosts). They have the task of keeping an eye on the Operation System and trigger alarms when threats are detected. This type of IDS does not monitor the entire network.

  1. Knowledge based IDS

A knowledge based IDS relies on a database of previous attacks and vulnerabilities. It uses this information to identify active attacks and security holes. A major plus for this type of system is that it has a low rate of false alarms. Its disadvantage is that it can fail to identify new attacks.

  1. Behavior Based

Behavior based IDSs identify threats based on the identified patterns of attempts to gain access to a network. Although this gives this type of IDS the ability to identify new attacks, a major disadvantage is that a higher rate of false alarms is triggered.

Why are Intrusion Detection Systems Important?

Intrusion Detection Systems are of paramount importance in today’s computing environment, inasmuch as they serve as a barrier between the many threats that can be found online and your network. They do the following;

  • Detect intrusions into a network from a program or a person
  • Record attack patterns in order to improve detection systems
  • Detect attacks on the data link layer

Protecting your network from unwanted Intrusion

The last thing that you need is to have your computer hacked or infected by one of the many types of malicious software that are floating around out there. We have previously written an article in which we talk about Ransomware, and how the WannaCry Ransomware recently wreaked havoc across the globe.

The companies that fell prey to the nefarious activities by the people behind this attack were, clearly, not prepared for the fast moving pace of today’s I.T World. Although it is impossible to be fully proofed against the many types of threats that can be found out there, Intrusion Detection Systems are part of the steps that can be taken to virtually eliminate the risks.

Are Firewalls and Antiviruses not enough?

One of the questions that you are likely to get asked you mention the importance of IDSs to people pertains to the fact that most computers already have installed antimalware programs and Firewalls. Doesn’t this invalidate the need to have an Intrusion Detection System?

Another Layer of Protection

The answer to the above question is that you can never really have too much protection, particularly in the high stakes worlds of ecommerce and communication. There is also the fact that an IDS works in a completely different way to the above mentioned online security measures.

Firewalls, as an example, are good for blocking the unauthorized use of ports at the TCP/IP level.  However, those ports that are used by applications remain open. An example would be port 80, which is used for HTTP traffic.

Most of the computers that fall prey to malware on a daily basis actually have working antiviruses. There are so many things that can go wrong, particularly when the stakes are so high, that the antimalware programs that are out there are really never enough to keep networks secure.

IDSs are much more intelligent

Intrusion Detection Systems give your network the extra layer of security that is needed to keep your company safe. IDSs represent a smart solution to the ever evolving threats that are out there.

 

Ransomware – Do You Really Care?

Contact us for a FREE check list on ransomware protection. Protect your business from ransomware.

This article is about ransomware and some tips on ransomware protection.

What is Ransomware?

Ransomware, as the name suggests, is a kind of computer malware which affects a system’s normal working unless a ransom is paid by its user. The ransomware are generally of two types – One which encrypts the data on the systems and demands money to give you the decryption key and the second type which completely locks out a user from accessing his system until a sum is paid.  

Ransomware attack have the following threats –

  1. Data kidnapping –  your important data is at risk
  2. Complete Lock down of your systems – your day to day activities may be hampered.
  3. Demand of huge sums of money – ransom

How users get affected

With internet accessibility on every device, it has rather become easy for any kind of malware to travel to newer systems. Ransomware can easily spread through e-mails attachments, infected programs or through some untrusted sites that users visit unknowingly. Once it reaches a system, it has the ability to alter your system files, encrypt them and scramble them making it almost impossible for you to undo its impacts on your own. It can also spread to other systems in the network causing further damage.  

Impact on business

Although any system/user can get affected by ransomware, it is the ‘businesses’ who are the top targets of ransomware creators and distributers. The presence of complex systems sometimes makes them error prone which enables ransomware to enter such networks. Also, small disruptions in business processes can bring huge losses to companies which increases their chances to get paid.

  1. Ransomware can cause major business disruptions because of limited or no access to systems. It can also affect servers and cloud based systems, hence the impacts can be huge.
  2. It can lead to loss of important data and confidential data being leaked away.  Even after the ransom is paid, it is not guaranteed that all the data will be recovered.
  3. It can cost of you money in terms of ransom price and payment.

Generic solutions For Ransomware protection:

There are various things you can do to save your business and make it less vulnerable to such monetizing cyber-attacks.

  1. Ensure your antivirus solutions are always up-to-date across every end point in the business – be it servers, cloud based systems, network devices or even employees hand held devices.
  2. Increase awareness and alertness related to security concerns amongst the team members like the need to avoid clicking unnecessary links or attachments.
  3. Regularly back up your data to be able to recover your data even if your systems are infected.
  4. Add proper administrative rights to all your end points. Reducing privileges can significantly reduce the attacks.
  5. Use whitelisting instead of blacklisting to allow only specific programs to run on your systems. This can save you against unknown new malicious programs.

Security of data is non-negotiable for a business. The list of things that ransomware can do is growing each day which makes it important for everyone to have at least a baseline protection to avoid data loss or any other trouble. These days there are various sophisticated solutions being offered by security companies which can save you from this security concern. What it needs the most is to understand the issues to the core and then carefully lay out a security plan specific to the needs. 

Being the security experts, we can help you create a secure and safe setup for your business. Contact us for more details.

Contact us for a free Ransomware consultation.

Further reading on Ransomware protection

What is Malware and its impact on business

What is Malware?

Malware is a term that refers to any unwanted software which is designed to damage your system and access data without your consent. Malware is identified by its malicious intent of accessing or modifying data or services on a system or network. This is a broad term which includes virus, worms, Trojan horses, spyware, adware and more.

Malware usually exploit the security and design defects in a software or system to enter. Sometimes, over privileged user accounts also expose vulnerabilities of the system.

How is it injected?

There are various types of malware being created and injected every day. Internet and networking of multiple systems are the major factors making our systems more vulnerable to malware. This interconnectivity of devices makes it easy for the malware to be injected and transferred from one system to another. Malware’s most common pathway is through internet – either through emails or World Wide Web.

What are the impacts?

Malware is posing serious security threats to the enterprises. These software are designed with different intentions behind it which decide their impact on the targets that they attack. Following can be the impacts of malware on your business.

Attack sites and disable services

Malware attacks can be huge to the extent that they can block your networks, bring your sites down and disrupt your services or completely disable them. This can affect your business in a big way and can result in huge losses.

Identity Theft

When malware runs in the background of your computer without your knowledge and collects personal information about you, it is referred to as Identity theft. It can record your browsing history, monitor the apps you use and copy personal details like username passwords, bank account details or address books from your system.

Identity Spoofing

When a malware attacks your system and uses your identity/credentials to accomplish some of its goals, it is termed as identity spoofing. It may be used to send emails on your behalf or run some software.

Affect network performance or complete breakdown of the corporate network

Malware poses significant threat to all networks – large or small.  They can temporarily increase the traffic in the network or completely block it to practically make it unusable. This can affect the business considerably.

Steal sensitive information

On a corporate network, malware can access a particular server and can steal sensitive business information which if available to the competitors can harm your business.

Control over the applications running in your systems

In some cases, malware may be used to assess the applications running in your system or impersonate your user account to run some other malicious code.

Hardware Failure

Though it’s not common but hardware failure due to malware is still possible. This happens when inappropriate actions or repeated actions are forced on hardware through its software.

Malware and its impacts are innumerable. The only way out of this security threat is to get a best in class and latest anti-malware solution. Being the security experts, we have the knowledge and skills to incorporate latest technology in your enterprise networks and make it secure.

Contact us for any queries.

Network Security Basics – What and How!

Network Security is a term we all have heard of and understand but do we know enough to set up a secure network system for our own business whether big or small.

Network Security refers to steps designed and taken to protect your network against unauthorized access, misuse or destruction. With every day advances in technology and the moves to their convergence, networks are exposed to new vulnerabilities as every connected user can be a potential attacker. Through a combination of hardware, software and best practices, one can minimize these risks. If Network Security seems too complex to you, following steps will help you get started on securing your network.

  • Set Up a Firewall – A firewall is something that helps you shield your network from threats over the internet. It works by locking down unused open ports and filtering the traffic inflow into your network. There are two types of firewalls – software and hardware.  Software firewalls are installed like any other software on your system. Hardware firewalls are usually built on the routers that connect your network to the internet. Ideal configuration is to have both hardware and software firewalls installed for your network.
  • Set up VPN – A VPN allows your remote or mobile users to log on to the network through encrypted tunnels. It effectively provides your remote employees the same kind of security shield as your local users.  
  • Set up Intrusion Protection Systems – IPS technology introduces a higher degree of security in the network by identifying potential threats and responding to them preemptively. It works by examining network traffic flows and takes automated actions on the malicious packets.
  • Set up Content Security – Content security refers to email and web security to protect your network from virus, spam and other constantly changing threats. A lot of business sensitive data is exchanged over emails and web. Hence it is of utmost importance to protect this data. Such systems include Antivirus protection, advanced malware protection, email encryption, data loss prevention etc.
  • Set up Identity Management – This refers to setting up controls over who and what can access the network. It associates rights and restrictions with every identity.
  • Set up Secure Wireless Networks – Todays devices have all gone wireless. Any device within a range can get the signals and access your network. Hence wireless security is an important consideration even for home networks. Using encryption for the Wi-Fi network is the first basic step to secure your network. Securing your router and limited access to your network also help secure wireless networks.  

The points listed above are generic. Your specific business needs will help you prioritize them. Security and usability may not go together. In an attempt to make the network secure, it may become difficult to use, hence it is very important to find the right balance.

Network Security Checklist and creating security policy for your company

Network security planning is a very essential process for every big and small organization these days. With increasing dependence on network and internet for every operation from inventory to billing and sales, it is very important that you have proper policies in place to guard against network attacks which can practically become business continuity issues. If it seems too complex to you to start, here is a list of items that a thoroughly prepared policy will address. The main goals of network security are confidentiality, integrity and availability. The exact implementation of these policies will depend on your specific business goals.

Acceptable Use Policy – Inappropriate usage of company resources can expose your company to various kinds of risks, hence it is important to define a use policy which outlines the acceptable use of network resources of your company. It lists down what kind of activities are allowed in your network and which ones are not. It also specifies the consequences of violations of the set policies and guidelines and actions that can be taken in case of non-compliance.

E-mail and Communication related policies – These policies are designed to minimize risks that enter your network through emails and other sources of communication. The aim is to make users aware of what is deemed as acceptable and unacceptable use of its email system. These policies should detail the protection processes for the company’s communication system in its entirety, including its data and hardware.

Antivirus policy – This policy is designed to protect company resources against attacks from viruses, worms, trojan horses and other malware. This policy defines the anti-virus programs to be run on various network resources, how often scans are to be done, what is to be done to prevent or remove malware programs. It also lists what kind of files or data should be blocked from entering the network.

Identity Policy – The purpose of this policy is to protect the network from unauthorized users. It regulates how a new user can be added to the network and what kind of access rights can be assigned to each user. It can also list guidelines to proactively enforce access policies and detect violations, if any.

Password Policy – This policy is set to enhance security by the use of strong and difficult to decode passwords. A poorly set password may result in unauthorized exploitation of resources and data leakage. This policy should define a standard for generating strong passwords, how to protect the passwords, how often to change the passwords and how frequently old passwords can be reused.

Encryption Policy – This policy is expected to provide guidance about which encryption technology to use and how to use it effectively. It is meant to safeguard data not just during communication but also during storage.

Remote Access Policy – With the increase in the number of mobile workforce, this policy has become more important than ever. This policy defines how to use company’s network resources while being away. This covers policies related to setting up virtual private networks, encryption mechanisms for connecting to internal network remotely. It may also list the consequences of the misuse of this access.

Guest Access Policy – This policy outlines the access rights that a guest can have over company’s network resources. This is meant for businesses where customers, vendors or consultants often visit company offices.

Network security is a continuous effort. The implementation of these policies need frequent updates with changing times and increasing risks. The priority of the policies listed above may vary based on the nature of your business.

Need help creating your specific Security Policy Plan – Contact Us.