If you are using pcAnywhere to remotely access your computer, you probably want to go read the “pcAnywhere Security Recommendations” posted by Symantec.
The danger is that someone so inclined could potentially access your computer through vulnerabilities exposed from old source code, and gain full access to your computer, files and your network.
To sum it up, disabling pcAnywhere is a surefire way to protect yourself and your company.
If you have questions about this or any other security issue in the Greenville or Upstate SC area, please call upon Homeland Secure IT, we can help set your mind at ease. 864.990.4748
Anonymous has made the news lately with their attacks on many sites, with the most prominent being government sites. US-CERT released this info yesterday:
National Cyber Alert System
Technical Cyber Security Alert TA12-024A
“Anonymous” DDoS Activity
Original release date: January 24, 2012
Last revised: –
Source: US-CERT
Overview
US-CERT has received information from multiple sources about
coordinated distributed denial-of-service (DDoS) attacks with
targets that included U.S. government agency and entertainment
industry websites. The loosely affiliated collective “Anonymous”
allegedly promoted the attacks in response to the shutdown of the
file hosting site MegaUpload and in protest of proposed U.S.
legislation concerning online trafficking in copyrighted
intellectual property and counterfeit goods (Stop Online Piracy
Act, or SOPA, and Preventing Real Online Threats to Economic
Creativity and Theft of Intellectual Property Act, or PIPA).
I. Description
US-CERT has evidence of two types of DDoS attacks: One using HTTP
GET requests and another using a simple UDP flood.
The Low Orbit Ion Cannon (LOIC) is a denial-of-service attack tool
associated with previous Anonymous activity. US-CERT has reviewed
at least two implementations of LOIC. One variant is written in
JavaScript and is designed to be used from a web browser. An
attacker can access this variant of LOIC on a website and select
targets, specify an optional message, throttle attack traffic, and
monitor attack progress. A binary variant of LOIC includes the
ability to join a botnet to allow nodes to be controlled via IRC or
RSS command channels (the “HiveMind” feature).
The following is a sample of LOIC traffic recorded in a web server
log:
“GET /?id=1327014400570&msg=We%20Are%20Legion! HTTP/1.1″ 200
99406 “hxxp://pastehtml.com/view/blafp1ly1.html” “Mozilla/5.0
(Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1″
The following sites have been identified in HTTP referrer headers
of suspected LOIC traffic. This list may not be complete. Please do
not visit any of the links as they may still host functioning LOIC
or other malicious code.
“hxxp://3g.bamatea.com/loic.html”
“hxxp://anonymouse.org/cgi-bin/anon-www.cgi/”
“hxxp://chatimpacto.org/Loic/”
“hxxp://cybercrime.hostzi.com/Ym90bmV0/loic/”
“hxxp://event.seeho.co.kr/loic.html”
“hxxp://pastehtml.com/view/bl3weewxq.html”
“hxxp://pastehtml.com/view/bl7qhhp5c.html”
“hxxp://pastehtml.com/view/blafp1ly1.html”
“hxxp://pastehtml.com/view/blakyjwbi.html”
“hxxp://pastehtml.com/view/blal5t64j.html”
“hxxp://pastehtml.com/view/blaoyp0qs.html”
“hxxp://www.lcnongjipeijian.com/loic.html”
“hxxp://www.rotterproxy.info/browse.php/704521df/ccc21Oi8/
vY3liZXJ/jcmltZS5/ob3N0emk/uY29tL1l/tOTBibVY/wL2xvaWM/v/b5/
fnorefer”
“hxxp://www.tandycollection.co.kr/loic.html”
“hxxp://www.zgon.cn/loic.html”
“hxxp://zgon.cn/loic.html”
“hxxp://www.turbytoy.com.ar/admin/archivos/hive.html”
The following are the A records for the referrer sites as of
January, 20, 2012:
3g[.]bamatea[.]com A 218[.]5[.]113[.]218
cybercrime[.]hostzi[.]com A 31[.]170[.]161[.]36
event[.]seeho[.]co[.]kr A 210[.]207[.]87[.]195
chatimpacto[.]org A 66[.]96[.]160[.]151
anonymouse[.]org A 193[.]200[.]150[.]125
pastehtml[.]com A 88[.]90[.]29[.]58
lcnongjipeijian[.]com A 49[.]247[.]252[.]105
www[.]rotterproxy[.]info A 208[.]94[.]245[.]131
www[.]tandycollection[.]co[.]kr A 121[.]254[.]168[.]87
www[.]zgon[.]cn A 59[.]54[.]54[.]204
www[.]turbytoy[.]com[.]ar A 190[.]228[.]29[.]84
The HTTP requests contained an “id” value based on UNIX time and
user-defined “msg” value, for example:
GET /?id=1327014189930&msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
Other “msg” examples:
msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
msg=:)
msg=:D
msg=Somos%20Legion!!!
msg=Somos%20legi%C3%B3n!
msg=Stop%20S.O.P.A%20:)%20%E2%99%AB%E2%99%AB HTTP/1.1″ 200 99406
“http://pastehtml.com/view/bl7qhhp5c.html”
msg=We%20Are%20Legion!
msg=gh
msg=open%20megaupload
msg=que%20sepan%20los%20nacidos%20y%20los%20que%20van%20a%20nacer
%20que%20nacimos%20para%20vencer%20y%20no%20para%20ser%20vencidos
msg=stop%20SOPA!!
msg=We%20are%20Anonymous.%20We%20are%20Legion.%20We%20do%20not%20
forgive.%20We%20do%20not%20forget.%20Expect%20us!
The “msg” field can be arbitrarily set by the attacker.
As of January 20, 20012, US-CERT has observed another attack that
consists of UDP packets on ports 25 and 80. The packets contained a
message followed by variable amounts of padding, for example:
66:6c:6f:6f:64:00:00:00:00:00:00:00:00:00 | flood………
Target selection, timing, and other attack activity is often
coordinated through social media sites or online forums.
US-CERT is continuing research efforts and will provide additional
data as it becomes available.
II. Solution
There are a number of mitigation strategies available for dealing
with DDoS attacks, depending on the type of attack as well as the
target network infrastructure. In general, the best practice
defense for mitigating DDoS attacks involves advanced preparation.
* Develop a checklist or Standard Operating Procedure (SOP) to
follow in the event of a DDoS attack. One critical point in a
checklist or SOP is to have contact information for your ISP and
hosting providers. Identify who should be contacted during a
DDoS, what processes should be followed, what information is
needed, and what actions will be taken during the attack with
each entity.
* The ISP or hosting provider may provide DDoS mitigation services.
Ensure your staff is aware of the provisions of your service
level agreement (SLA).
* Maintain contact information for firewall teams, IDS teams,
network teams and ensure that it is current and readily available.
* Identify critical services that must be maintained during an
attack as well as their priority. Services should be prioritized
beforehand to identify what resources can be turned off or
blocked as needed to limit the effects of the attack. Also,
ensure that critical systems have sufficient capacity to
withstand a DDoS attack.
* Have current network diagrams, IT infrastructure details, and
asset inventories. This will assist in determining actions and
priorities as the attack progresses.
* Understand your current environment and have a baseline of daily
network traffic volume, type, and performance. This will allow
staff to better identify the type of attack, the point of attack,
and the attack vector used. Also, identify any existing
bottlenecks and remediation actions if required.
* Harden the configuration settings of your network, operating
systems, and applications by disabling services and applications
not required for a system to perform its intended function.
* Implement a bogon block list at the network boundary.
* Employ service screening on edge routers wherever possible in
order to decrease the load on stateful security devices such as
firewalls.
* Separate or compartmentalize critical services:
* Separate public and private services
* Separate intranet, extranet, and internet services
* Create single purpose servers for each service such as HTTP,
FTP, and DNS
* Review the US-CERT Cyber Security Tip Understanding
Denial-of-Service Attacks.
III. References
* Cyber Security Tip ST04-015 -
<http://www.us-cert.gov/cas/tips/ST04-015.html>
* Anonymous's response to the seizure of MegaUpload according to
CNN -
<http://money.cnn.com/2012/01/19/technology/megaupload_shutdown/index.htm>
* The Internet Strikes Back #OpMegaupload -
<http://anonops.blogspot.com/2012/01/internet-strikes-back-opmegaupload.html>
* Twitter Post from the author of the JavaScript based LOIC code -
<http://www.twitter.com/#!/mendes_rs>
* Anonymous Operations tweets on Twitter -
<http://twitter.com/#!/anonops>
* @Megaupload Tweets on Twitter -
<http://twitter.com/#!/search?q=%2523Megaupload>
* LOIC DDoS Analysis and Detection -
<http://blog.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html>
* Impact of Operation Payback according to CNN -
<http://money.cnn.com/2010/12/08/news/companies/mastercard_wiki/index.htm>
* OperationPayback messages on YouTube -
<http://www.youtube.com/results?search_query=operationpayback>
* The Bogon Reference – Team Cymru -
<http://www.team-cymru.org/Services/Bogons/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA12-024A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with “TA12-024A Feedback INFO#919868″ in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2012 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 24, 2012: Initial release
If you require assistance with DDoS or any other security need for your Greenville or Upstate SC business, please call upon us at 864.990.4748 or email info@homelandsecureit.com
Microsoft rings in the new year with updates! HAPPY NEW YEAR!!!!
The Advance Notification outlines 7 bulletins that cover updates from “important” to “critical” in Microsoft Windows (XP / Server 2003 / Vista / Server 2008) and Microsoft Developer Tools & Software.
Most will require a restart, or at least MAY require a restart.
On the Advance Notification page you can find out more about the updates coming your way on January 10th.
If you require assistance with these updates or any other security issue in the Greenville / Upstate SC area please call us at 864.990.4748 or email info@homelandsecureit.com
Remember the flaw that was announced around the beginning of December 2011, where hackers could possibly cause HP printers to burst into flames?
Well, HP released a fix for that a week or so back… However, they didn’t mention fire issue.
None-the-less, you may wish to consider upgrading.
Should you require assistance applying updates to your devices, servers or computers in the Greenville or Upstate SC area, you can call upon us at 864.990.4748 or email info@homelandsecureit.com
I’ve written a number of blog posts about the RIAA, and how people have been wrongfully accused of stealing (pirating) by the RIAA, and law suits threatened.
Well, it appears, that someone at the RIAA has been doing a little illegal downloading of their own, though the RIAA claims it was not them.
Here’s more information:
http://torrentfreak.com/riaa-someone-else-is-pirating-through-out-ip-addresses-111221/
So secure those access points, and disable unused network jacks in public locations to keep from receiving a nasty-gram because someone else is using your internet connection to download.
If you need help securing your business or home, we can help in the Greenville / Upstate, SC area. We can even help the RIAA. Call us at 864.990.4748 or email info@homelandsecureit.com
Western Digital
It’s all over the news, Thailand has been affected by flooding in a treacherous monsoon season. Yeah yeah yeah, what does that mean?
Unfortunately, it appears that just shy of half of all hard drive parts are manufactured in Thailand, and the flooding has forced closures at those manufacturing facilities.
In one article, it states that Toshiba has halted hard drive production entirely, and Western Digital has closed their plants as well. Seagate remains open, but their suppliers are in question.
I’ve already been told by one of our suppliers to expect this shortage to raise prices considerably and referenced a 10 dollar hike in the cost of 250GB drives, probably driven by speculation alone. The same supplier told us that quotes for server, desktop and notebook computers would be valid for only 7 days, effective immediately.
Those in the know are estimating it could take as long as a year to recover from this situation and every manufacturer of computers is likely to be affected by this, causing the cost of your next computer to be considerably higher. A computer repair that requires a hard drive replacement will obviously be higher as well.
Hopefully it will not be like the Cisco ASA shortage of last year, where we had to WAIT for the units to become available.
Today could be the perfect time to get that 3TB hard drive you have been wanting, or to renew some desktops at your business! Call us today and lock it in if you are in the Greenville / Upstate, SC area. 864.990.4748 or info@homelandsecureit.com
I stole the picture at the right from this article.
I came across a very handy document from www.securingthehuman.org that explains which security standards and awareness compliance requirements might apply to your organization.
It is by no means a complete listing, but gives the one minute run-down of the majority of the biggies….
—
Last Updated: 19 July, 2011
1. Executive Summary
The purpose of this document is to identify different standards and legislations that require organizations to have security awareness programs. This information can then be used to help justify your security awareness program. Any questions or suggestions for this document should be sent to info@securingthehuman.org.
2. ISO/IEC 27001 & 27002
§ISO 27002 8.2.2 – All employees of the organization and, where relevant, contractors and third party users should receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. Learn more at: http://en.wikipedia.org/wiki/ISO_27001
3. PCI DSS
§12.6 – Make all employees aware of the importance of cardholder information security.
• Educate employees (for example, through posters, letters, memos, meetings and promotions).
• Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
Download the standard at:
https://www.pcisecuritystandards.org/security_standards/documents.php
4. Sarbanes-Oxley (SOX)
§404(a).(a).(1) – The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C 78m or 78o(d)) to contain an internal control report which shall – state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;
Learn more at: http://en.wikipedia.org/wiki/Sarbanes-Oxley
5. Gramm-Leach Bliley Act
§6801.(b).(1)-(3) – In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical and physical safeguards –
• To insure the security and confidentiality of customer records and information;
• To protect against any anticipated threats or hazards to the security or integrity of such records;
• To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
Learn more at: http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_Act
6. CobiT
§PO7.4 Personnel Training – Provide IT employees with appropriate orientation when hired and ongoing training to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required to achieve organizational goals.
§DS7 – Management of the process of Educate and train users that satisfies the business requirement for IT of effectively and efficiently using applications and technology solutions and ensuring user compliance with policies and procedures is: […] 3 Defined when A training and education program is instituted and communicated, and employees and managers identify and document training needs. Training and education processes are standardized and documented. Budgets, resources, facilities and trainers are being established to support the training and education program. Formal classes are given to employees on ethical conduct and system security awareness and practices. Most training and education processes are monitored, but not all deviations are likely to be detected by management. Analysis of training and education problems is only occasionally applied.
Learn more at: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
7. Federal Information Security Management Act (FISMA)
§3544.(b).(4).(A),(B) – Securing awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures designed to reduce these risks.
Learn more at: http://en.wikipedia.org/wiki/FISMA
8. Health Insurance Portability & Accountability Act (HIPAA)
§164.308.(a).(5).(i) – Implement a security awareness and training program for all members of its workforce (including management).
Learn more at: http://en.wikipedia.org/wiki/Hipaa
9. NERC CIP
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standard.
§CIP-004-3(B)(R1) – The Responsible Entity shall establish, document, implement, and maintain a security awareness program to ensure personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets receive on-going reinforcement in sound security practices. The program shall include security awareness reinforcement on at least a quarterly basis using mechanisms such as:
• Direct communications (e.g., emails, memos, computer based training, etc.);
• Indirect communications (e.g., posters, intranet, brochures, etc.);
• Management support and reinforcement (e.g., presentations, meetings, etc.).
Download the standard at: http://www.NERC.com/files/ CIP-004-3.pdf
10. US State Privacy Laws
Many states in the United States have their own individual privacy laws. You can find a listing of most of those state privacy laws at the Morrison & Foerster’s Privacy Library. Many of these privacy laws require some type of awareness training, or at a minimum that the privacy requirements are communicated to employees in that state.
Learn more at: http://www.mofo.com/privacy–data-security-services/
11. EU Data Protection Directive
The European Union has directed all European member countries to develop and define laws regarding the protecting of personal privacy of the citizens of their respective country. While each country’s implementation of this directive is different and unique, many of them require security awareness training to educate people on how to protect individual privacy.
Learn more at: http://en.wikipedia.org/wiki/Data_Protection_Directive
12. Australian Government InfoSec Manual
§0252 – Information security awareness and training: Revision: 2; Updated: Nov-10;
Applicability: U, IC, R/P, C, S/HP, TS; Compliance: must
Agencies must provide ongoing information security awareness and training for personnel on information security policies including topics such as responsibilities, consequences of non-compliance, and potential security risks and counter-measures.
Download the manual at:
http://www.dsd.gov.au/publications/Information_Security_Manual_2010.pdf
You can find the original latest version of this document here.
—
Should you need assistance with security and compliance at your Upstate or Greenville SC area business, Homeland Secure IT can assist. Call us at 864.990.4748 or email info@homelandsecureit.com for more information!
Cisco OnPlus service available now to small & medium businesses
Large businesses have full-time IT staff or fully outsourced IT support that provide monitoring of their infrastructure and keep them up to date and now small & medium (SMB) businesses can have the same level of support when it comes to devices on their network.
Cisco OnPlus works by allowing Homeland Secure IT or your Cisco SMB service provider to place a Cisco OnPlus Network Agent at your location and configure it for reporting. The Cisco SMB specialist will be able to monitor your site from remote on a variety of devices, from handheld to tablets, to desktops and take action when needed.
OnPlus is the latest tool in the Managed Service Provider’s arsenal. Using it, Cisco products can be backed up, restored and fully managed remotely. Other devices are supported as well!
As always with Cisco, security is the name of the game and OnPlus provides a secure environment for your IT service provider to manage your network. Your data is safe from prying eyes, only the devices themselves can be managed and use of this system does not permit access to data outside of configuration and management.
If you would like your business to have monitoring, alerting, reporting and managing capabilities, then ask your Cisco SMB provider about this exciting offering. No need to wait for a service or repair technician to visit your location, management is handled in real-time, remotely! This service is one of the most affordable methods for managing your firewalls and security appliances, IP surveillance systems, switches, routers, VoIP phone systems and more.
Homeland Secure IT provides Cisco SMB sales and support in the Greenville & Upstate SC area. Call us today at 864.990.4748 or email info@homelandsecureit.com.
Multiple vulnerabilities in MS Windows, MS Windows Server and Microsoft Office have been identified and addressed. These should not be taken lightly as they are of a critical nature, allowing a “remote, unauthenticated attacker” the ability to gain access to your system, as well as DoS.
If you require assistance applying updates to your business computers in the Greenville / Upstate, SC area, please call us at 864.990.4748 or email info@homelandsecureit.com….
This is from US-CERT, for your reading enjoyment:
National Cyber Alert System
Technical Cyber Security Alert TA11-256A
Microsoft Updates for Multiple Vulnerabilities
Original release date: September 13, 2011
Last revised: –
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
* Microsoft Server Software
Overview
There are multiple vulnerabilities in Microsoft Windows, Microsoft
Server Software, and Microsoft Office. Microsoft has released
updates to address these vulnerabilities.
I. Description
The Microsoft Security Bulletin Summary for September 2011
describes multiple vulnerabilities in Microsoft Windows, Microsoft
Server Software, and Microsoft Office. Microsoft has released
updates to address the vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for September 2011. That
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. In addition, administrators should
consider using an automated update distribution system such as
Windows Server Update Services (WSUS).
IV. References
* Microsoft Security Bulletin Summary for September 2011 -
<http://technet.microsoft.com/en-us/security/bulletin/ms11-sep>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
____________________________________________________________________
The most recent version of this document can be found at:
Using Mac’s in your enterprise?
You will want to read this article http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/…
This is kind of a big deal, as it underscores that Mac OS X Lion machines simply fail at LDAP, a basic part of enterprise network integration.
In short, if you bring these Macs into your environment, once authenticated, they simply don’t care which password is entered, they simply say “yer in!”…
Those of you who believe Macs are super secure need to rethink that philosophy and accept that there are problems with all OSes that pose a threat. About a week ago, I posted about a threat that involves a pure Mac server network, without any Microsoft involvement, just as bad as this current LDAP issue, no, actually worse.
If you would like to discuss integration of Macs into your Greenville / Upstate, SC Microsoft Windows environment, please give us a call at 864.990.4748 or email info@homelandsecureit.com…
