YourITDepo Archives

All Platinum Categories

  • Security
  • Service

    All Platinum Tags

    Archive for July, 2011

    Passwords in Mac OS X can be pilfered with new tool

    Posted on Thursday, July 28th, 2011

    The tool capitalizes on a long-known issue in how FireWire can be used to read a computer’s memory

    A company that makes password recovery tools has released one that can snatch passwords from a locked or sleeping Macintosh   running Mac OS X Lion by plugging another computer into the Mac’s FireWire port. The attack technique is several years old   and the only way to defend against it is to turn the Mac off.

    Passware, which has engineering facilities in Moscow and headquarters in Mountain View, California, said its Passware Kit   Forensic v11 analyzes a Mac’s live memory via FireWire. FireWire is a fast serial interface developed in the 1980s by Apple.   It is also known by Sony as i.LINK and was standardized as IEEE 1394.

    If a computer is turned on and has been logged into at least once, Passware’s software can extract passwords in a few minutes,   even if the computer is locked or sleeping. It can even extract passwords in the Mac’s keychain password store — regardless   of password strength and even if FileVault encryption is used, the company said in a news release.

    The issue affects all “modern” Mac OS versions, including Snow Leopard and the latest one, Lion.

    Apple officials contacted in London did not have an immediate comment.

    Passware said there’s an easy defense: turn off the computer, which erases the passwords from the computer’s memory. Passware   also suggested disabling the feature that automatically logs in a user when the computer is turned on, a basic security step.

    The FireWire password issue has been for some time. In 2008, Uwe Hermann — a Debian developer — compiled a list of research papers from over the years summarizing issues with FireWire. Hermann wrote that if you can gain access to a computer with a FireWire   port, it is possible to read or write data in the computer’s RAM.

    Other defenses against the attack include simply not having a computer with a FireWire port or plugging an existing one up.   If a computer has a PCMCIA or PCI card slot, however, it could still be vulnerable if a FireWire-enabled card is inserted,   Hermann wrote. Another precautionary measure is to try and ensure no one gets access to your computer.

    Passware’s Kit Forensic costs $995 with one year of free updates.

    Originaly published on IDG News

    Posted in Security by | Comments Off on Passwords in Mac OS X can be pilfered with new tool

    Pentagon unveils five steps for better cybersecurity

    Posted on Saturday, July 16th, 2011

    The U.S. Department of Defense has announced a set of five guiding strategic principles for better preparing its forces to   handle operations to defend the nation in cyberspace.

    The strategy’s central tenet is that the United States’ posture in cyberspace must mirror its approach to other domains: Land,   sea, air and space. The Pentagon aims to prepare its forces to respond to attacks by other nations as well as rogue groups,   while avoiding the militarization of cyberspace and preserving citizens basic freedoms, William Lynn, III, Deputy Secretary   of Defense, said in prepared remarks.

    “Just as our military organizes to defend against hostile acts from land, air and sea, we must also be prepared to respond   to hostile acts in cyberspace,” Lynn said. “Accordingly, the United States reserves the right, under the laws of armed conflict,   to respond to serious cyber attacks with a proportional and justified military response at the time and place of our choosing.”

    As outlined in the strategy, the Pentagon will treat cyberspace as an operation domain, similar to land, air, sea and space. In addition, the military   will deploy more active defenses, mine civilian expertise to help it in its mission, and work with allies to track cyberspace   threats that impact all nations. Finally, the Pentagon plans to push for more research, technological expertise and training   within the United States to raise our capability to defend against cyberattacks.

    Much of the strategy has previously been talked about by military officials and experts. On Tuesday, for example, the White   House announced that the U.S. and Russia had reached an agreement to regularly exchange information on technical threats,   to clarify each other’s military views, and to establish a hotline to discuss ongoing attacks during crises.

    “Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances   a misunderstood incident could negatively affect our relationship,” Howard Schmidt, the White House cybersecurity coordinator,   wrote in a blog post.

    While U.S. military power will likely deter other nation-states from overt attacks on U.S. networks, rogue groups, hacktivists and cybercriminals have less to lose, and the Pentagon assumes that they will attack when they can.

    “If a terrorist group gains disruptive or destructive cyber tools, we have to assume they will strike with little hesitation,”   Lynn says. “And it is clear that terrorists groups, as well as rogue states, are intent on acquiring, refining, and expanding   their cyber capabilities.”

    Among the strategy’s announcement, the commitment to work with private industry is the most exciting, says Jason Clark, chief   security officer for content security firm Websense. In the past, the government has always asked for information from private   industry, but the act was less of an exchange and more of a sinkhole. Sharing information with industry could help the companies   in charge of critical infrastructure to better defend themselves, he says.

    “Today, we just share information upstream, and we don’t get much downstream,” Clark says. “So it certainly has to change   were it is a lot more of a shared intelligence community.”

    Posted in Security by | Comments Off on Pentagon unveils five steps for better cybersecurity

    How to live with malware infections

    Posted on Tuesday, July 5th, 2011

    Get used to it: Malware can’t be completely blocked or eliminated. But you can manage your PCs, mobile devices, and networks to function despite being infected

    How can you be sure your organization doesn’t have insidious viruses or other malware lurking within systems and applications, waiting to inflict damage? You can’t.

    Malware has grown sophisticated to the point where there’s no guarantee that it’s actually gone, even when you’ve applied   the latest antivirus software. Making matters worse, IT infrastructures are becoming much more complex — with an ever-growing   population of devices that give malware even more possible entry points.

    These days, you have to assume there are some infected PCs or other devices on the corporate network.

    Get used to it: Malware is everywhere you go The malware problem is getting worse. According to the Ponemon Institute’s 2011 State of Endpoint Risk study, 43 percent of the 782 U.S.-based IT and IT security professionals surveyed reported a “dramatic uptick” in malware in 2010.   Fully 98 percent of the organizations surveyed by Ponemon experienced a virus or malware-based network intrusion, and 35 percent   said they had experienced 50 malware attempts within a span of just one month, or more than one intrusion per day.

    “The current batch of malware we’re seeing is very sophisticated and well written, and it hides itself well and avoids detection well,” says Fred Rica,   principal in the information security advisory practice at the PricewaterhouseCoopers consulting firm.

    The good news is that this “living with malware” scenario doesn’t have to lead to lost data, unavailable systems, or other   problems. Companies can and do function despite these intrusions.

    Here are some approaches that can help minimize the effect of malware on your network and in your systems so that your company   can carry on with business despite the nagging presence of these troublesome programs.

    Malware survival tip No. 1: Practice good data governance You can help minimize the damage caused by malware by more effectively protecting the specific types of data that many of   the malware programs are going after in the first place. In a lot of cases, they’re looking to exploit sensitive data such as personal information, trade secrets, research and development findings, and other intellectual property, Rica says.

    PricewaterhouseCoopers is working with many of its clients to create a strong data governance model that helps the organizations   better understand what their most critical data is, where it’s stored, how it moves on the corporate networks, and how they   can put the right controls in place to maximize the security of that information.

    An audit of the information assets at many companies will show that sensitive data such as customer credit card numbers is   initially well-guarded, Rica says. But eventually it ends up in less-protected applications such as spreadsheets or emails,   where it is more susceptible to malware.

    “We’ve seen clients lose tens of millions of credit card or Social Security numbers because they’re in spreadsheets somewhere   outside the HR system,” Rica says. “Our approach is to use better data governance models so that this data has the same [security]   controls around it regardless of where it resides. Make sure the data is protected through all stages of its lifecycle.”

    Because all data is not equal, a key part of data governance involves categorizing information so that you can identify which data is most critical to the company and its customers.   From there, you can apply more stringent access controls.

    “Start to separate the infrastructure based on what are your crown jewels versus what’s costume jewelry,” says Patricia Titus,   chief information security officer at technology services provider Unisys. Titus says Unisys uses guidelines created by the   National Institute of Standards and Technology (NIST) designed to help organizations characterize the importance of their   data and select the right security controls.

    Malware survival tip No. 2: Deploy technologies and tactics that can help keep malware from spreading Even when some of your systems are infected with a virus to the point where nothing seems to remove it completely, that doesn’t   mean the virus has to spread to other systems in your organization.

    When you discover or suspect such a virus, take the infected systems offline as soon as possible to reduce the chance of spreading   the malware or compromising other systems. Next, reapply a known, clean image, says Andy Hayter, the antimalcode program manager   at ICSA Labs, a testing and certification firm.

    Putting in a layered defense that includes technologies such as firewalls, antispam, intrusion prevention systems, intrusion   detection systems, and antivirus software — plus keeping systems up to date with the latest patches — should help prevent   the malware from infecting an entire organization, Hayter says.

    “Control gateways between network segments and apply greater monitoring and control over internal networks,” adds Richard   Zuleg, a consultant at security consulting firm SystemExperts.

    Encrypt traffic and data whenever possible, Zuleg advises, and use technology such as server and desktop virtualization both to quickly redeploy systems or even reset them to clean images and to separate data from the system.

    “Companies need to be controlling who has advanced privileges on systems and strictly control access to data,” Zuleg says.   “If infected PCs are to become an accepted part of a network segment, then you will have no trust in that segment and must   consider it to be like the public Internet.”

    New network analysis tools will soon emerge that let you better identify where malware exists on the network and how to best   contain viruses, says Marc Seybold, CIO at the State University of New York at Old Westbury. When such technology becomes   available, “if devices that Jane Smith uses to access the network are persistently trying to transmit data to outside domains   that are in some way anomalous compared to other traffic on the network or her long-term patterns, then additional attention   would be focused on such a user’s devices and remedial action taken,” he says. Among the companies working on such technology   are Alcatel-Lucent, Riverbed, and SonicWall.

    At the same time, Seybold says, network traffic flows will start to be more compartmentalized and insulated from each other   as network access control and policy-based management are combined with application flow monitoring. “As these are linked   up, full behavioral analysis based on end-to-end application flows bound to specific users will become possible,” he says.   Eventually there might be predictive analytics that could preemptively intercept malware transmissions based on past user   behavior, “but that is still science fiction,” he says.

    Malware survival tip No. 3: Diversify your IT infrastructure to decrease reliance on one or two OSes or browsers It might make sense to move away from the Windows monoculture, which can be more quickly and easily attacked, and bring in other operating systems and devices so that you know a malware   infection can never take down everyone in the organization. Maybe some people who handle critical systems or data can use   a Linux PC or a Mac OS X PC so that they’re not as likely to be hurt by a virus aimed specifically at a common Windows vulnerability.

    Along these lines, consider avoiding a browser monoculture, because a lot of current malware invades systems via the browser.   Evaluate browsers such as Internet Explorer, Firefox, Chrome, Safari, and Opera to see which fit best with your enterprise applications and user base.

    “Diversity is always good to prevent your entire infrastructure from coming down,” says B. Clifford Neuman, director of the   University of Southern California’s Center for Computer Systems Security. “But there is the flip side to this strategy in   that it gives an intruder many different possible choices of attacked system in which to get a foothold into your organization.”   You trade potentially limiting infection for having more possible infection entry points.

    Of course, whenever you make a move to switch operating systems, you might encounter resistance from some quarters. Tony Hildesheim,   senior vice president of IT at financial services firm Redwood Credit Union, says his company is reviewing the use of alternative   operating systems, browsers, and some business applications. But “none of these options appear to be all that popular with   the business units,” he notes.

    Technology diversity is not always an effective defense per se. ICSA Labs’ Hayter points out that malware infections are not   limited to desktop PC environments. “There are many serious pieces of malware that can infect other [operating systems] and   devices, be they desktop-based or mobile,” he says. “Additionally, malware can cross platforms from one OS or device to another,   further requiring a layered defense plan.”

    Malware survival tip No. 4: Be sensible about using consumer devices in the workplace If you believe in allowing lots of data access for everyone and from every conceivable type of device, it might be time to   rethink your data management and access strategy. Limit network access via mobile devices to those users who really need this   access, and put in place controls so that those who can get in to the network can only reach certain parts of it.

    Personal portable devices such as tablets, laptops, and Wi-Fi-equipped smartphones are becoming ever more popular in the workplace,   and users will want to be connected to the corporate network.

    But using diligence when granting access — considering that these devices might be sources of malware — makes sense. “What   we’ve noticed is that once devices reach a certain threshold of consumer acceptance, malware appears for those platforms,”   says SUNY Old Westbury’s Seybold. “Witness [recent] iPhone and Android attacks.”

    According to the Ponemon study, the rise of mobile and remote workers, PC vulnerabilities, and the introduction of third-party   applications onto the network are the greatest areas of endpoint security risk today. This is a shift from last year’s survey,   when endpoint security concerns were mainly focused on removable media and data center risks.

    Even without the “bring your own device” and “use your own apps” trends to consider how to manage, IT could reduce the ability   of malware to spread by rethinking how many apps it deploys for users. “In looking at our line staff, there is no reason they   need all the tools loaded on all the systems,” says Redwood Credit Union’s Hildesheim.

    A report released in April 2011 by PandaLabs, Panda Security’s antimalware laboratory, showed that the first three months   of the year have seen “particularly intense virus activity,” including a major attack against Android smartphones and intensive use of Facebook to distribute malware.

    The beginning of March saw the largest ever attack on Android to date, the PandaLabs report stated. The assault was launched   from malicious applications on Android Market, the official Google app store for the mobile OS. In just four days, these Trojan   applications racked up more than 50,000 downloads: “The Trojan in this case was highly sophisticated, not only stealing personal   information from cellphones, but also downloading and installing other apps without the user’s knowledge.”

    Malware survival tip No. 5: Build a solid security foundation to protect the organization, rather than to protect devices Sure, you need antimalware software on PCs and other devices to help prevent infections. But to create an environment where   your company can continue to function without malware-related problems even with the existence of malware on some systems,   you have to deploy a secure system architecture rather than a security architecture for a system, says USC’s Neuman.

    “You need to determine issues such as placement of data with an understanding of the application and the risks of compromise   of the data, rather than just bolting security solutions onto an existing system,” Neuman says. “Good architecture will define   multiple protection domains, with successive layers of protection deployed, and fewer users legitimately able to access data   as it becomes more and more sensitive.”

    Along these lines, processor manufacturer Intel has embarked on an ambitious multiyear effort to redesign its information   security architecture, which the company hopes will allow it to better keep up with the rapid evolution of malware.

    “We believe that compromise is inevitable, and in order to manage the risk, we need to improve survivability and increase   our flexibility,” says Malcolm Harkins, vice president of the IT group and chief information security officer at Intel.

    The redesign is based on four pillars:

    • A “dynamic trust calculation” that adjusts users privileges as their level of risk changes
    • A segmentation of the IT environment into multiple “trust zones”
    • A rebalancing of prevention, detection, and response controls
    • A clear recognition that users and data must be treated as security perimeters and be protected as such

    Living with infection is a fact of life Malware is pervasive and is getting increasingly sophisticated. For many organizations, living with viruses, worms, and other   types of malware is becoming a fact of life. In a sense, computer technology is catching up to the reality that biological   systems have long had to manage.

    As Intel’s Harkins says, “I always assume that there is some level of compromise, [and] organizations who think they are malware-free   — or ever will be — are not adequately understanding the true nature of information risk.”

    That doesn’t mean your systems and applications can’t continue to function well and support the business. By taking the right   steps, your organization can operate a generally healthy IT environment despite malware intrusions.

    This story, “How to live with malware infections,” was originally published at

    Posted in Security by | Comments Off on How to live with malware infections