You were lucky enough to make it through 2011 without a catastrophic failure of a hard drive, data corruption, loss of a notebook computer, etc, but will 2012 be so kind?
If you are like so many people and businesses we work with, you are NOT backing up your data. Maybe it is too much trouble, or too expensive.
Just remember, the most expensive backup is the one you didn’t perform….
Let us help you plan a backup strategy for your company, or even your personal data. Whether it is a single notebook, or a fleet of them, a single server, or 50 virtualized servers, we have a solution for you that will fit in your budget, be easy to maintain and more importantly, easy to recover in the event you do lose data.
We have physical backup systems, such as tape based, removable disk cartridge (RDX), disk based and network based, including full backup servers which can mirror your mission critical data. We also provide multiple cloud based offsite storage solutions which we highly recommend, even if you already have on location, physical backups. Servosity, a local offering and MozyPro.
In addition, we are a Symantec partner and work closely with businesses who rely on Symantec’s Backup Exec and deduplication systems.
Using tape or removable disk storage and need a secure offsite storage provider who will help create a rotation? We can help with that. Our local partner provides a climate and magnetic controlled vault and delivery/pickup services.
End of life for tape or disk media? We partner with another local company, ShredDisk who will dispose of that media in a guaranteed unrecoverable manner.
Call us today at 864.990.4748 or email info@homelandsecureit.com and we will help you with your data situation!
Homeland Secure IT Alert
Secure IT Alert for Thursday, February 2, 2012
If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.
These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.
How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.
The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server. Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.
A few examples:
Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.
Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.
QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.
The full update information can be found at http://support.apple.com/kb/HT5130
Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
#LeapIntoIT Kindle Fire Giveaway
It’s that time again! Time for us to have some fun, and help one of our Upstate, SC friends get something cool to play with.
We’ve given away stuff before, like Trend Micro anti-virus, a wireless IP security camera, a Cisco Flip Mino HD video camera, Microsoft Office 2010, and even a Microsoft X-BOX 360, but this is likely the most exciting thing yet, or at least the 2nd most exciting!
We decided that since it is a Leap Year, we will help one person leap into the tablet computer revolution by giving them one of the hottest little tablets out… The Amazon Kindle Fire! It is far more than just an eBook Reader, it’s a smokin’ hot tablet too! So hot, it’s on FIRE! =)
Let’s call it the “Leap Into IT” giveaway! #LeapIntoIT
Who is eligible?
Anyone who can walk into the Homeland Secure IT office at 104 Mauldin Rd, STE E in Greenville, SC to retrieve the tablet in person. We will NOT SHIP IT. Also, you must not be prohibited by law from participating in any giveaway, and all that legal mumbo-jumbo. Let’s put an age restriction on it too. You must not be older than, no wait, you must be at least 18 to participate.
Employees of Homeland Secure IT cannot play this silly game because they would never get any work done.
Past winners of Homeland Secure IT giveaways ARE eligible (Andrea, James, Hal, etc)
How do you get involved in this?
There is NO purchase necessary, but there are some things that you will want to do…
- Pass through our initiation process – This is where you tattoo your forehead with the Homeland Secure IT logo. Okay, this is optional.
- Sign up to this blog by hitting the SUBSCRIBE BUTTON over in the right-hand column. You can receive the daily blog posts in email first thing in the morning this way. And you can opt out later (after the contest is over) when you get tired of my yammering…
- Sign up for our SUPER LOW traffic mailing lists HERE … We rarely send anything out, so you won’t be too annoyed. You can unsubscribe from either or both at anytime, AFTER the contest end date.
- Go to our home page at www.HomelandSecureIT.com and hit the Google +1 button & Facebook “like” while you are there.
- Go to our Google business places page and leave a review and rating (hopefully a good one)
- Go to Merchant Circle and leave a review/rating
- Go to Yelp and leave a review/rating
- Go to Yahoo! and leave a review/rating
- LIKE us on facebook HERE … Follow us on Twitter HERE …
Here is a list of ways to connect:
http://www.homelandsecureit.com/connect.html
If you connect in a different manner and you feel it is important, email me, or tag me in a post so I can see what you have done and count that as well!
In review, it is up to you to determine how much, or how little you wish to get involved. The more ways you connect, the more chances to get this darn Kindle Fire!
How is the selection made?
Good question! We lay out a grid, with your each name written in it in the parking lot, and we then shoot a gerbil straight into the air, and in whatever grid the gerbil falls into, that’s our winner.
Okay, (maybe) it isn’t like that at all. No, in fact it is not.
On February 29th, 2012, I’ll take every name/email address from our mailing lists, all the names of those who have reviewed us on Yelp, Google Places, Yahoo! & Merchant Circle, all the mentions on Facebook, Twitter, Linked-In, all the Likes and Follows on Twitter, Facebook, Linked-In, all the Google Plus +1s, and dump them into a spread sheet. Next I go to www.Random.Org and put the number of lines in my spreadsheet as the max number and generate a random number.
Whoever matches that number in the spreadsheet is contacted.
If they are out of the area and cannot get it in person, another number will be selected and the process repeated until we have a winner!
So, with that said… Let’s do this! Leap Into IT!!!!
Cisco SPA525G2 with 32 button sidecar
One of the best selling phones for the small and medium business (SMB) market is the Cisco SPA525G2 phone. The entire series of SPA phones are affordable, reliable and well suited to SMB use, but the 525 G2 is the current big daddy with its color display, ability to play MP3s from a memory stick, sync to your cell phone via bluetooth, built-in bluetooth for wireless headset usage and so much more.
On every system we sell that includes the SPA 525, we get a few questions like, ‘How do you answer another extension?”, and of course we answer it, but, with such a long list of these “star codes”, I can’t remember them myself.
Cisco Star Codes for SPA525G2 Phones:
- Call Return (*69)—Calls the last caller, regardless which extension.
- Blind Transfer (*98)—Allows the user to transfer a call to another number without waiting for the other party to pick up.
- Call Back Act (*66)—Periodically redials the last busy number (every 30 seconds by default) until it rings or until the attempt expires (30 min by default), regardless which extension. Only one call back operation can be ordered at a time. A new order automatically cancels the previous order.
- Call Back Deact (*86)—Cancels the last call back operation.
- Call Forward All Act (*72)—Call forwards all inbound calls. Applies to primary extension only.
- Call Forward All Deact (*73)—Cancels call forward all. Applies to primary extension only.
- Call Forward Busy Act (*90)—Call forwards on busy. Applies to primary extension only.
- Call Forward Busy Deact (*91)—Cancels call forward on busy. Applies to primary extension only.
- Call Forward No Answer Act (*92)—Call forwards if no answer. Applies to primary extension only.
- Call Forward No Answer Deact (*93)—Cancels call forward no answer. Applies to primary extension only.
- CW Act (*56)—Enables call waiting. For example, if call waiting is turned off globally, this star code will turn on call waiting until the CW Deact code is entered.
- CW Deact (*57)—Deactivates call waiting. For example, if call waiting is turned on globally, this star code deactivates call waiting until the CW Act code is entered.
- CW Per Call Act (*71)—Enables call waiting for a single call. For example, if call waiting is turned off globally, this star code will turn on call waiting for that call.
- CW Per Call Deact (*70)—Deactivates call waiting for a single call. For example, if call waiting is turned on globally, this star code deactivates call waiting for that call.
- Block CID Act (*67)—Blocks caller ID on all outbound calls. Applies to all extensions.
- Block CID Deact (*68)—Deactivates caller ID blocking on outbound calls. Applies to all extensions.
- Block CID Per Call (*81)—Blocks caller ID on the next outbound call (on the current call appearance only).
- Block CID Per Call Deact (*82)—Deactivates caller ID blocking on the next outbound call (on the current call appearance only).
- Block ANC Act—Blocks anonymous calls. Applies to all extensions.
- Block ANC Deact—Deactivates anonymous call blocking. Applies to all extensions.
- DND Act (*78)—Activates Do Not Disturb. Applies to all extensions.
- DND Deact (*79)—Deactivates Do Not Disturb. Applies to all extensions.
- Secure All Call Act (*16)—Defaults to prefer to use encrypted media (voice codecs).
- Secure No Call Act (*17)—Defaults to prefer to use unencrypted media for all outbound calls. Applies to all extensions.
- Secure One Call Act (*18)—Prefers to use encrypted media for the outbound call (on this call appearance only).
- Secure One Call Deact (*19)—Prefers to use unencrypted media for the outbound call (on this call appearance only).
- Paging (*96)—Pages the number called.
- Call Park (*38)—Parks a call on an entered line number.
- Call UnPark Code (*39)—Retrieves a call from an entered line number.
- Call Pickup (*36)—Picks up a call at an entered extension.
- Group Call Pickup (*37)—Picks up a ringing call at a group of extensions.
- Media Loopback Code (*03)—A service provider can set up a test call from an IP media loopback server (the source) to a subscriber’s VoIP device (the mirror). The test call provides statistical reporting on network performance and audio quality.
Depending on the source’s capabilities, the SP can see packet jitter, loss, and delay (although Media Loopback cannot identify an offending hop). This helps the SP identify an offending hop that could be causing issues in VoIP calls to a subscriber. The test results can also provide audio quality scoring, which lets a SP better understand the subscriber’s experience.
Referral Services Codes—One or more * codes can be configured into this parameter, such as *98, or *97|*98|*123, and so on. The maximum total length is 79 characters.
This parameter applies when the user places the current call on hold (by Hook Flash) and is listening to second dial tone. Each * code (and the following valid target number according to current dial plan) entered on the second dial-tone triggers the Cisco IP phone to perform a blind transfer to a target number that is prepended by the service * code. For example:
a. After the user dials *98, the Cisco IP phone plays a special prompt tone while waiting for the user the enter a target number (which is validated according to the dial plan as in normal dialing).
b. When a complete number is entered, the Cisco IP phone sends a blind REFER to the holding party with the Refer-To target equals to *98 target_number. This feature allows the Cisco IP phone to hand off a call to an application server to perform further processing, such as call park. The * codes should not conflict with any of the other vertical service codes internally processed by the Cisco IP phone. You can delete any * code that you do not want the call server to process.
Feature Dial Services Codes: Tells the Cisco IP phone what to do when the user is listening to the first or second dial tone.
You can configure one or more * codes into this parameter, such as *72, or *72|*74|*67|*82, and so on. The maximum total length is 79 characters. When the user has a dial tone (first or second dial tone), they can enter a * code (and the following target number according to current dial plan) to trigger the Cisco IP phone to call the target number prepended by the * code. For example:
a. After the user dials *72, the Cisco IP phone plays a special prompt tone while waiting for the user the enter a target number (which is validated according to the dial plan as in normal dialing).
b. When a complete number is entered, the Cisco IP phone sends an INVITE to *72 target_number as in a normal call. This feature allows the proxy to process features such as call forward (*72) or BLock Caller ID (*67).
You can add a parameter to each * code in Features Dial Services Codes to indicate what tone to play after the * code is entered, such as *72‘c‘|*67‘p‘.
Following is a list of allowed dial tone parameters (note the use of back quotes surrounding the parameter without spaces).
- ‘c‘ = Cfwd dial tone
- ‘d‘ = Dial tone
- ‘m‘ = MWI dial tone
- ‘o‘ = Outside dial tone
- ‘p‘ = Prompt dial tone
- ‘s‘ = Second dial tone
- ‘x‘ = No tones are place, x is any digit not used above
If no tone parameter is specified, the Cisco IP phone plays the prompt tone by default.
If the * code is not to be followed by a phone number, such as *73 to cancel call forwarding, do not include it in this parameter. In that case, add that * code in the dial plan.
Homeland Secure IT is happy to be a Cisco SMB Select Partner! If we can provide your business VoIP support in the Greenville / Upstate, SC area, please call upon us at 864.990.4748 or email info@homelandsecureit.com
If you are using pcAnywhere to remotely access your computer, you probably want to go read the “pcAnywhere Security Recommendations” posted by Symantec.
The danger is that someone so inclined could potentially access your computer through vulnerabilities exposed from old source code, and gain full access to your computer, files and your network.
To sum it up, disabling pcAnywhere is a surefire way to protect yourself and your company.
If you have questions about this or any other security issue in the Greenville or Upstate SC area, please call upon Homeland Secure IT, we can help set your mind at ease. 864.990.4748
Anonymous has made the news lately with their attacks on many sites, with the most prominent being government sites. US-CERT released this info yesterday:
National Cyber Alert System
Technical Cyber Security Alert TA12-024A
“Anonymous” DDoS Activity
Original release date: January 24, 2012
Last revised: –
Source: US-CERT
Overview
US-CERT has received information from multiple sources about
coordinated distributed denial-of-service (DDoS) attacks with
targets that included U.S. government agency and entertainment
industry websites. The loosely affiliated collective “Anonymous”
allegedly promoted the attacks in response to the shutdown of the
file hosting site MegaUpload and in protest of proposed U.S.
legislation concerning online trafficking in copyrighted
intellectual property and counterfeit goods (Stop Online Piracy
Act, or SOPA, and Preventing Real Online Threats to Economic
Creativity and Theft of Intellectual Property Act, or PIPA).
I. Description
US-CERT has evidence of two types of DDoS attacks: One using HTTP
GET requests and another using a simple UDP flood.
The Low Orbit Ion Cannon (LOIC) is a denial-of-service attack tool
associated with previous Anonymous activity. US-CERT has reviewed
at least two implementations of LOIC. One variant is written in
JavaScript and is designed to be used from a web browser. An
attacker can access this variant of LOIC on a website and select
targets, specify an optional message, throttle attack traffic, and
monitor attack progress. A binary variant of LOIC includes the
ability to join a botnet to allow nodes to be controlled via IRC or
RSS command channels (the “HiveMind” feature).
The following is a sample of LOIC traffic recorded in a web server
log:
“GET /?id=1327014400570&msg=We%20Are%20Legion! HTTP/1.1″ 200
99406 “hxxp://pastehtml.com/view/blafp1ly1.html” “Mozilla/5.0
(Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1″
The following sites have been identified in HTTP referrer headers
of suspected LOIC traffic. This list may not be complete. Please do
not visit any of the links as they may still host functioning LOIC
or other malicious code.
“hxxp://3g.bamatea.com/loic.html”
“hxxp://anonymouse.org/cgi-bin/anon-www.cgi/”
“hxxp://chatimpacto.org/Loic/”
“hxxp://cybercrime.hostzi.com/Ym90bmV0/loic/”
“hxxp://event.seeho.co.kr/loic.html”
“hxxp://pastehtml.com/view/bl3weewxq.html”
“hxxp://pastehtml.com/view/bl7qhhp5c.html”
“hxxp://pastehtml.com/view/blafp1ly1.html”
“hxxp://pastehtml.com/view/blakyjwbi.html”
“hxxp://pastehtml.com/view/blal5t64j.html”
“hxxp://pastehtml.com/view/blaoyp0qs.html”
“hxxp://www.lcnongjipeijian.com/loic.html”
“hxxp://www.rotterproxy.info/browse.php/704521df/ccc21Oi8/
vY3liZXJ/jcmltZS5/ob3N0emk/uY29tL1l/tOTBibVY/wL2xvaWM/v/b5/
fnorefer”
“hxxp://www.tandycollection.co.kr/loic.html”
“hxxp://www.zgon.cn/loic.html”
“hxxp://zgon.cn/loic.html”
“hxxp://www.turbytoy.com.ar/admin/archivos/hive.html”
The following are the A records for the referrer sites as of
January, 20, 2012:
3g[.]bamatea[.]com A 218[.]5[.]113[.]218
cybercrime[.]hostzi[.]com A 31[.]170[.]161[.]36
event[.]seeho[.]co[.]kr A 210[.]207[.]87[.]195
chatimpacto[.]org A 66[.]96[.]160[.]151
anonymouse[.]org A 193[.]200[.]150[.]125
pastehtml[.]com A 88[.]90[.]29[.]58
lcnongjipeijian[.]com A 49[.]247[.]252[.]105
www[.]rotterproxy[.]info A 208[.]94[.]245[.]131
www[.]tandycollection[.]co[.]kr A 121[.]254[.]168[.]87
www[.]zgon[.]cn A 59[.]54[.]54[.]204
www[.]turbytoy[.]com[.]ar A 190[.]228[.]29[.]84
The HTTP requests contained an “id” value based on UNIX time and
user-defined “msg” value, for example:
GET /?id=1327014189930&msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
Other “msg” examples:
msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
msg=:)
msg=:D
msg=Somos%20Legion!!!
msg=Somos%20legi%C3%B3n!
msg=Stop%20S.O.P.A%20:)%20%E2%99%AB%E2%99%AB HTTP/1.1″ 200 99406
“http://pastehtml.com/view/bl7qhhp5c.html”
msg=We%20Are%20Legion!
msg=gh
msg=open%20megaupload
msg=que%20sepan%20los%20nacidos%20y%20los%20que%20van%20a%20nacer
%20que%20nacimos%20para%20vencer%20y%20no%20para%20ser%20vencidos
msg=stop%20SOPA!!
msg=We%20are%20Anonymous.%20We%20are%20Legion.%20We%20do%20not%20
forgive.%20We%20do%20not%20forget.%20Expect%20us!
The “msg” field can be arbitrarily set by the attacker.
As of January 20, 20012, US-CERT has observed another attack that
consists of UDP packets on ports 25 and 80. The packets contained a
message followed by variable amounts of padding, for example:
66:6c:6f:6f:64:00:00:00:00:00:00:00:00:00 | flood………
Target selection, timing, and other attack activity is often
coordinated through social media sites or online forums.
US-CERT is continuing research efforts and will provide additional
data as it becomes available.
II. Solution
There are a number of mitigation strategies available for dealing
with DDoS attacks, depending on the type of attack as well as the
target network infrastructure. In general, the best practice
defense for mitigating DDoS attacks involves advanced preparation.
* Develop a checklist or Standard Operating Procedure (SOP) to
follow in the event of a DDoS attack. One critical point in a
checklist or SOP is to have contact information for your ISP and
hosting providers. Identify who should be contacted during a
DDoS, what processes should be followed, what information is
needed, and what actions will be taken during the attack with
each entity.
* The ISP or hosting provider may provide DDoS mitigation services.
Ensure your staff is aware of the provisions of your service
level agreement (SLA).
* Maintain contact information for firewall teams, IDS teams,
network teams and ensure that it is current and readily available.
* Identify critical services that must be maintained during an
attack as well as their priority. Services should be prioritized
beforehand to identify what resources can be turned off or
blocked as needed to limit the effects of the attack. Also,
ensure that critical systems have sufficient capacity to
withstand a DDoS attack.
* Have current network diagrams, IT infrastructure details, and
asset inventories. This will assist in determining actions and
priorities as the attack progresses.
* Understand your current environment and have a baseline of daily
network traffic volume, type, and performance. This will allow
staff to better identify the type of attack, the point of attack,
and the attack vector used. Also, identify any existing
bottlenecks and remediation actions if required.
* Harden the configuration settings of your network, operating
systems, and applications by disabling services and applications
not required for a system to perform its intended function.
* Implement a bogon block list at the network boundary.
* Employ service screening on edge routers wherever possible in
order to decrease the load on stateful security devices such as
firewalls.
* Separate or compartmentalize critical services:
* Separate public and private services
* Separate intranet, extranet, and internet services
* Create single purpose servers for each service such as HTTP,
FTP, and DNS
* Review the US-CERT Cyber Security Tip Understanding
Denial-of-Service Attacks.
III. References
* Cyber Security Tip ST04-015 -
<http://www.us-cert.gov/cas/tips/ST04-015.html>
* Anonymous's response to the seizure of MegaUpload according to
CNN -
<http://money.cnn.com/2012/01/19/technology/megaupload_shutdown/index.htm>
* The Internet Strikes Back #OpMegaupload -
<http://anonops.blogspot.com/2012/01/internet-strikes-back-opmegaupload.html>
* Twitter Post from the author of the JavaScript based LOIC code -
<http://www.twitter.com/#!/mendes_rs>
* Anonymous Operations tweets on Twitter -
<http://twitter.com/#!/anonops>
* @Megaupload Tweets on Twitter -
<http://twitter.com/#!/search?q=%2523Megaupload>
* LOIC DDoS Analysis and Detection -
<http://blog.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html>
* Impact of Operation Payback according to CNN -
<http://money.cnn.com/2010/12/08/news/companies/mastercard_wiki/index.htm>
* OperationPayback messages on YouTube -
<http://www.youtube.com/results?search_query=operationpayback>
* The Bogon Reference – Team Cymru -
<http://www.team-cymru.org/Services/Bogons/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA12-024A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with “TA12-024A Feedback INFO#919868″ in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2012 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 24, 2012: Initial release
If you require assistance with DDoS or any other security need for your Greenville or Upstate SC business, please call upon us at 864.990.4748 or email info@homelandsecureit.com
So you have been cruising along at your business for years and all has been great, but now, out of the blue, people on your network are having trouble viewing websites.
You found that if you reboot that firewall (pull the plug on the thing since there is no power supply) that YOU get back online right away, but then later that day, someone else on the network is now having trouble accessing websites so you reboot the firewall and all is well, for a while.
What could it be? It MUST be the firewall going bad since that fixes it.
Before jumping to that conclusion and just replacing the device, think back. Has your company grown? Maybe you have added a few new employees, or, maybe you have added tablets or other connected devices.
What could be happening here is that you have added one too many devices to your network and exceeded the number of seats that your firewall appliance supports. When you originally purchased that device, a technician counted the number of computers, servers and connected devices and said “You need a 25 user firewall and it will cost $xxx.xx”, to which you agreed and promptly forgot about.
Now, flash forward to today and your 12 users and a server have grown to 15 users, two servers and many people have iPads or Android tablets or phones, taking you past the 25 user limit. The last person to connect once you go over the limit will generally be denied access to websites by the firewall, as a warning that you have exceeded the license terms, and it probably won’t “reset” just by turning that computer off, you will have to reboot the firewall to free unused seats up.
So what are you going to do about it? I guess you could tell the employees to stop connecting their personal phones to your network, or you could replace the firewall with a cheap router that has no limitations.
Both will work, but are bad ideas.
The real solution is to correct the licensing issue. Determine how many connected devices you have within your network, and estimate how many you will need for the next year, then talk to a vendor who can provide the proper licenses and apply those for you. Don’t forget to include VoIP and security systems, even copiers and connected printers, as they may require a seat too.
If you are experiencing rapid growth, consider upgrading to an unlimited license.
Just a note – If you have an old device, say 4-5 years old, now may be the time to consider upgrading the entire device to the latest technology at the same time you correct the user limitation!
Should you require help with this, Homeland Secure IT offers sales and support of most major brands of firewalls. We partner with Cisco, WatchGuard, SonicWALL, TrendNet, D-Link, NetGear and more! Call us for more information in the Greenville / Upstate SC area – 864.990.4748 or email info@homelandsecureit.com
Watchguard, provider of quality firewall and security products for small, media and enterprise business made a “Social Media Release” today that outlines a list of PCI Pitfalls for Retailers.
It is quoted below in its entirety but can be found here.
I’ll be posting about the new WatchGuard XTM 33 designed for Small/Medium businesses, and may be ideal for retailers!
Should you wish to purchase a WatchGuard product, receive more information or support, please call us at 864.990.4748 or email info@homelandsecureit.com… We are a WatchGuard partner!
—
Social Media Release:
WatchGuard Lists PCI Pitfalls for Retailers
NEW YORK (January 16, 2012) – WatchGuard Technologies
Highlights / News Facts:
Businesses that process, transmit or store cardholder data must implement security controls as defined by the latest PCI DSS standard. The following are the nine common PCI DSS compliance pitfalls that many retailers fall into and tips to avoid them.
- 1) Faulty firewall installation or configuration
Many DIY (do it yourself) projects are easy; properly configuring a firewall is not one of them. According to WatchGuard research, a majority of small business security breaches are the result of improperly configured firewalls. Best practice: Use security certified technicians or trained resellers to ensure firewall configurations are proper and up to date; regularly audit firewall configurations as people and IT resources constantly change. - 2) Relying on vendor supplied defaults for system passwords
Not only is it critical to change vendor supplied default passwords, be sure to use something other than “password” as a password. According to a recently published research report, the most common passwords are: 1) password, 2) 123456, 3) 12345678, 4) qwerty, 5) abc123, 6) monkey, 7) 1234567,
letmein, 9) trustno1, and 10) dragon. Best practice: Change vendor settings and utilize strong passwords. - 3) Failing to utilize IPS to protect stored cardholder data
There are multiple ways to help protect stored cardholder data. One key technology that is often overlooked is IPS (intrusion prevention systems). IPS is to hackers as anti-virus is to viruses. IPS keeps hackers out and helps cardholder data stay safe. Best practice: Make sure intrusion prevention systems (IPS) are up and running. - 4) Not encrypting transmission of cardholder data across open, public networks
Encryption is a key component to PCI DSS compliance. A common problem occurs in the transmission of credit card data, which is often done in unencrypted email. Best practice: Use encryption everywhere, and especially in email systems where any type of sensitive information may be transmitted. - 5) Failing to use and regularly update anti-virus software or programs
Unlike desktop/endpoint anti-virus (AV), gateway anti-virus stops threats right at the entry point of a network. Using gateway AV adds an additional layer of defense at the primary point of attack, and because it functions at the gateway, users see no degradation of performance on their local computer. Best practice: Use gateway AV in addition to endpoint AV for maximum defense in depth. - 6) Not maintaining secure systems and applications
Many businesses do a good job at maintaining secure systems, however what is often overlooked in today’s social media business world is application security. Most firewalls are incapable of distinguishing a web application from a website. Because of this, crafty cyber-crooks create web applications as a way to sneak past the firewall and steal cardholder data. Best practice: To gain control over web applications, businesses utilize the latest generation of UTMs and firewalls that include application control. - 7) Providing access to cardholder data to those who do not need to know
About 80 percent of security violations happen from within an organization. In order to reduce that figure, businesses should use the “least privilege rule,” which parallels the same concept of “need to know.” Users should be granted the minimum necessary permissions and privileges that are required for them to accomplish their jobs. When employees have access to data that they should not, bad things often result. Best practice: Use RBAC (role based access controls), separation of duties and other forms of “least privilege” to make sure data is restricted to those who absolutely must have access to it. - Forgetting to track and monitor all access to network resources and cardholder data
Unfortunately, many businesses take a “fire and forget” approach to network security; once the firewall is set, they forget to check the reports. Many security breaches can me mitigated early on simply by checking reports and logs on a regular basis. Best practice: Establish a routine of checking logs and reports to spot trouble before it blossoms into headline security news. - 9) Not having an information security policy
In order to meet PCI compliance, businesses must create an information security policy that is up to date, and that addresses the security requirements as proscribed by PCI DSS. This should also include operational security, system usage, security management and other related policies. Best practice: Get IT, HR and other business stakeholders to regularly review information security policies.
Keywords:
PCI DSS, Network Security, Firewall, Cardholder Data, Passwords, Encryption, IPS, Anti-Virus, Application Control, Next-Generation UTM, Policy
Quote:
- “The PCI DSS standard is a model that many businesses – even non-retailers can look to in order to maintain best security practices,” said Eric Aarrestad, Vice President at WatchGuard Technologies. “The devil is in the details when it comes to security. Hopefully, this quick list helps remind businesses owners and IT management that little things can make a big difference in preventing data loss.”
Over on lifehacker.com there is a great post about how to turn off the Google personal search results feature.
The instructions for doing so are simply to click on the settings cog at the top of the Google page, then select “Search Settings”.
Next find “Personal results” and select “Do not use personal results”.
This makes the “Hide personal results” the default for your searching pleasure.
Thank you to Melanie Pinola for posting that as I have already had a few people inquire about it!
