Could a judge order you to hand over the keys to your encrypted computer hard drive or flash drive?

COULD a judge order you to hand over the keys to your encrypted computer hard drive or flash drive?

Turns out the answer to this is a definitive “YES”.  And you can bet there is a major outcry by civil rights and privacy groups because a judge has ordered a person to provide an unencrypted hard drive as part of an investigation. The story is over on Wired.com and is titled “Judge orders defendant to decrypt laptop“.

What do you think? Is being forced to hand over your data a violation of your Fifth Amendment rights? What if it were a judge ordering a suspected terrorist to do the same?

Suddenly people cannot get to the internet at my business

So you have been cruising along at your business for years and all has been great, but now, out of the blue, people on your network are having trouble viewing websites.

You found that if you reboot that firewall (pull the plug on the thing since there is no power supply) that YOU get back online right away, but then later that day, someone else on the network is now having trouble accessing websites so you reboot the firewall and all is well, for a while.

What could it be? It MUST be the firewall going bad since that fixes it.

Before jumping to that conclusion and just replacing the device, think back. Has your company grown? Maybe you have added a few new employees, or, maybe you have added tablets or other connected devices.

What could be happening here is that you have added one too many devices to your network and exceeded the number of seats that your firewall appliance supports. When you originally purchased that device, a technician counted the number of computers, servers and connected devices and said “You need a 25 user firewall and it will cost $xxx.xx”, to which you agreed and promptly forgot about.

Now, flash forward to today and your 12 users and a server have grown to 15 users, two servers and many people have iPads or Android tablets or phones, taking you past the 25 user limit.  The last person to connect once you go over the limit will generally be denied access to websites by the firewall, as a warning that you have exceeded the license terms, and it probably won’t “reset” just by turning that computer off, you will have to reboot the firewall to free unused seats up.

So what are you going to do about it? I guess you could tell the employees to stop connecting their personal phones to your network, or you could replace the firewall with a cheap router that has no limitations.

Both will work, but are bad ideas.

The real solution is to correct the licensing issue. Determine how many connected devices you have within your network, and estimate how many you will need for the next year, then talk to a vendor who can provide the proper licenses and apply those for you. Don’t forget to include VoIP and security systems, even copiers and connected printers, as they may require a seat too.

If you are experiencing rapid growth, consider upgrading to an unlimited license.

Just a note – If you have an old device, say 4-5 years old, now may be the time to consider upgrading the entire device to the latest technology at the same time you correct the user limitation!

Should you require help with this, Homeland Secure IT offers sales and support of most major brands of firewalls. We partner with Cisco, WatchGuard, SonicWALL, TrendNet, D-Link, NetGear and more! Call us for more information in the Greenville / Upstate SC area – 864.990.4748 or email info@homelandsecureit.com

WatchGuard posts list of “PCI Pitfalls for Retailers”

Watchguard, provider of quality firewall and security products for small, media and enterprise business made a “Social Media Release” today that outlines a list of PCI Pitfalls for Retailers.

It is quoted below  in its entirety but can be found here.

I’ll be posting about the new WatchGuard XTM 33 designed for Small/Medium businesses, and may be ideal for retailers!

Should you wish to purchase a WatchGuard product, receive more information or support, please call us at 864.990.4748 or email info@homelandsecureit.com… We are a WatchGuard partner!

Social Media Release:
WatchGuard Lists PCI Pitfalls for Retailers

NEW YORK (January 16, 2012) – WatchGuard Technologies

Highlights / News Facts:

Businesses that process, transmit or store cardholder data must implement security controls as defined by the latest PCI DSS standard. The following are the nine common PCI DSS compliance pitfalls that many retailers fall into and tips to avoid them.

  • 1) Faulty firewall installation or configuration
    Many DIY (do it yourself) projects are easy; properly configuring a firewall is not one of them. According to WatchGuard research, a majority of small business security breaches are the result of improperly configured firewalls. Best practice: Use security certified technicians or trained resellers to ensure firewall configurations are proper and up to date; regularly audit firewall configurations as people and IT resources constantly change.
  • 2) Relying on vendor supplied defaults for system passwords
    Not only is it critical to change vendor supplied default passwords, be sure to use something other than “password” as a password. According to a recently published research report, the most common passwords are: 1) password, 2) 123456, 3) 12345678, 4) qwerty, 5) abc123, 6) monkey, 7) 1234567, 8) letmein, 9) trustno1, and 10) dragon. Best practice: Change vendor settings and utilize strong passwords.
  • 3) Failing to utilize IPS to protect stored cardholder data
    There are multiple ways to help protect stored cardholder data. One key technology that is often overlooked is IPS (intrusion prevention systems). IPS is to hackers as anti-virus is to viruses. IPS keeps hackers out and helps cardholder data stay safe. Best practice: Make sure intrusion prevention systems (IPS) are up and running.
  • 4) Not encrypting transmission of cardholder data across open, public networks
    Encryption is a key component to PCI DSS compliance. A common problem occurs in the transmission of credit card data, which is often done in unencrypted email. Best practice: Use encryption everywhere, and especially in email systems where any type of sensitive information may be transmitted.
  • 5) Failing to use and regularly update anti-virus software or programs
    Unlike desktop/endpoint anti-virus (AV), gateway anti-virus stops threats right at the entry point of a network. Using gateway AV adds an additional layer of defense at the primary point of attack, and because it functions at the gateway, users see no degradation of performance on their local computer. Best practice: Use gateway AV in addition to endpoint AV for maximum defense in depth.
  • 6) Not maintaining secure systems and applications
    Many businesses do a good job at maintaining secure systems, however what is often overlooked in today’s social media business world is application security. Most firewalls are incapable of distinguishing a web application from a website. Because of this, crafty cyber-crooks create web applications as a way to sneak past the firewall and steal cardholder data. Best practice: To gain control over web applications, businesses utilize the latest generation of UTMs and firewalls that include application control.
  • 7) Providing access to cardholder data to those who do not need to know
    About 80 percent of security violations happen from within an organization. In order to reduce that figure, businesses should use the “least privilege rule,” which parallels the same concept of “need to know.” Users should be granted the minimum necessary permissions and privileges that are required for them to accomplish their jobs. When employees have access to data that they should not, bad things often result. Best practice: Use RBAC (role based access controls), separation of duties and other forms of “least privilege” to make sure data is restricted to those who absolutely must have access to it.
  • 8) Forgetting to track and monitor all access to network resources and cardholder data
    Unfortunately, many businesses take a “fire and forget” approach to network security; once the firewall is set, they forget to check the reports. Many security breaches can me mitigated early on simply by checking reports and logs on a regular basis. Best practice: Establish a routine of checking logs and reports to spot trouble before it blossoms into headline security news.
  • 9) Not having an information security policy
    In order to meet PCI compliance, businesses must create an information security policy that is up to date, and that addresses the security requirements as proscribed by PCI DSS. This should also include operational security, system usage, security management and other related policies. Best practice: Get IT, HR and other business stakeholders to regularly review information security policies.

Keywords:

PCI DSS, Network Security, Firewall, Cardholder Data, Passwords, Encryption, IPS, Anti-Virus, Application Control, Next-Generation UTM, Policy

 

Quote:

  • “The PCI DSS standard is a model that many businesses – even non-retailers can look to in order to maintain best security practices,” said Eric Aarrestad, Vice President at WatchGuard Technologies. “The devil is in the details when it comes to security. Hopefully, this quick list helps remind businesses owners and IT management that little things can make a big difference in preventing data loss.”

Google’s personal search results can be turned off if you prefer not to see them

Over on lifehacker.com there is a great post about how to turn off the Google personal search results feature.

The instructions for doing so are simply to click on the settings cog at the top of the Google page, then select “Search Settings”.

Next find “Personal results” and select “Do not use personal results”.

This makes the “Hide personal results” the default for your searching pleasure.

Thank you to Melanie Pinola for posting that as I have already had a few people inquire about it!

 

Secure IT Alert: Adobe patches address Reader & Acrobat vulnerabilities

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, January 11, 2012

Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.

The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.

Adobe Reader X 10.1.2

Adobe Acrobat X 10.1.2

If you require assistance with these updates or any other security related issues in the Greenville / Upstate SC area, please call us at 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Charter starting initiative to replace older generation docsis 1 and 1.1 modems

We have been informed by our Charter rep that starting today (January 10, 2012), Charter is starting an initiative focused on removing older generation docsis 1 and 1.1 modems from the customer user base that currently subscribes to MAX, PLUS and ULTRA.

The email included the following information:

  1. This is a company-wide project focused on technically positioning our customer base for advanced HSI products and increased speeds.
  2. The communication is handled via a browser message that will alert only those customers with older docsis 1 or 1.1 modems and asking them swap.
  3. Replaced at no cost to the customer, including customer owned modems. See sample screenshot image below…
  4. The customer will communicate with us via phone at 877.739.0427 or use the browser link to expedite the delivery.
  5. All modems will be sent via mail to the mailing address on the account. (again, at no cost to the customer)
  6. The modems will be mailed as a self install kit from a central distribution center.

Here’s the link: https://connect.charter.com/replacemodem/

If you have any questions about Charter internet, phone or television, either home or business, please call us at 864.990.4748 or email info@homelandsecureit.com

 

 

Could your next internet connection be satellite based? ViaSat would like to believe so.

Satellite internet connections have been around for a while, and if you have used that technology, you have likely been disappointed.

Hughes probably has the highest market penetration, and those using it have been quick to complain about caps and upload speed.

This is where ViaSat comes in. They revealed their home satellite system at CES and Engadget has a pretty good write-up with a video that tells more about the 12 Mbps down/3 Mbps up service that runs $50.oo per month.

What is left out is what types of data caps they may have.

Microsoft Security Bulletin Advance Notification for January 2012 – Happy New Year!

Microsoft rings in the new year with updates!  HAPPY NEW YEAR!!!!

The Advance Notification outlines 7 bulletins that cover updates from “important” to “critical” in Microsoft Windows (XP / Server 2003 / Vista / Server 2008) and Microsoft Developer Tools & Software.

Most will require a restart, or at least MAY require a restart.

On the Advance Notification page you can find out more about the updates coming your way on January 10th.

If you require assistance with these updates or any other security issue in the Greenville / Upstate SC area please call us at 864.990.4748 or email info@homelandsecureit.com

Happy birthday to my baby girl, Megan!!!!! (AKA @MegzCA / Megz)

Today is a special day… It’s the birthday of Megan, my daughter!

But what makes it any different than her other birthdays? Well, for one, this birthday is her first as a young lady out on her own, or close to being on her own. She’s attending college and though it is only an hour away, it feels like she has moved halfway across the country!

But, at least she has today and tomorrow off, so, tonight, we are going out to eat and live it up…

If you see her, wish her a happy birthday, even if it is next week. Honestly, our family celebrates “Birth WEEK”, so this could go on for another few days!

Happy Birthday Megan – I love you so much – MORE!  =) =)