Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Latest Articles
Marrying the Firewall with the Threat Intelligence You Need

Marrying the Firewall with the Threat Intelligence You Need

threatintelligence.pngTo avoid becoming the next victim in the long line of data breach impacted organizations, many have started using a diverse and wide array of threat intelligence sources such as honeypots, social media monitoring, malware reverse engineering approaches, or others, as described by Anton Chuvakin in this blog.

Read more...

skathuria
A Hale and Hearty Network

A Hale and Hearty Network

                                                        healthy_heart_image.jpg

As I was reading this article describing examples of certain healthcare practitioners using data mining and analytics of patients’ lifestyles (e.g. foods they eat, activity levels, where they live, etc.) to help predict their risk factor for ailments, I started to draw a parallel to the state of the network. I was thinking about how security analytics of a network may help predict the onset of a data breach. The common goal in both cases, human and network, is to maintain a certain level of health – call it an “equilibrium” state, one that doesn’t require immediate intervention or repair.

 

Inspired by the table shared in the article describing what certain collected data about a patient could indicate about his/her health habits, I came up with a table containing types of network state related which could be indicators for a potential data exploit/breach.

 

State of Network

Analysis

Weak password for an online account

This could allow a hacker to uncover the password (by using automated tools), gain access to user data (name, address, phone #, bank account/credit card data) and perform unauthorized transaction (e.g., purchase of product/service or withdrawal of money from bank account) on the user’s behalf.

Multiple unsuccessful attempts to search for usernames and passwords via Web browser exploitation techniques

This could result in a data breach.

Improper isolation of HR records, financial, medical, credit/debit card, or other PII data within Enterprise data center/private cloud network

This could inadvertently allow an insider (e.g. employee) access to the network for obtaining and selling data on black market for profit.

Excessive communication requests to a Web server or other resource, slowing it down considerably or rendering it unavailable

This could indicate someone is trying to gain access to the server for malicious intent.

No application layer protection at Enterprise edge

This could allow a hacker to launch an application-layer attack and access data for further exploitation.

 

Enterprise and service providers would benefit greatly from self-monitoring and constantly improving the health of networks, to minimize the possibility of a data breach.

 

One of the ways to do this is via technology, including application-aware, next generation firewalls, and strong SIEM solutions and network security management solutions (for firewall management), which provide visibility, analyze network security posture, and alert administrators about unusual network activity.

 

In addition, humans themselves should be held accountable for security. For one, it is imperative that the IT security team is proactively monitoring the network security posture, carefully balancing access to certain network resources, applications and data with control over the same. In addition, trust plays a big role in maintaining security and privacy, so it is ultimately the responsibility of individuals (business owners and employees) to not exploit data for personal gain.

Read more...

skathuria
Do you purchase Stamps from the US Postal Office? Beware!

Do you purchase Stamps from the US Postal Office? Beware!

                                                            13card.jpg

 

Trusted security “informant” Brian Krebs just shared that the United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at post office locations across the United States. Alarming, right? We’ve heard umpteen times about various retail brick and mortar stores falling victim to payment card skimmers, but here’s a first.

 

Moreover, according to the Verizon 2014 Data Breach Investigations Report, payment card skimming, is one of just nine total patterns of threats which are tied to 92% of the 100, 000 security incidents analyzed over the last 10 years. And, according to the same study, this type of criminal activity has been primarily targeted at the Finance and Retail industries to date. Looks like perpetrators are looking for a wider range of targets.

 

What is further disturbing is that now it has become somewhat easier for would-be criminals to more surreptitiously steal data. For one, they can purchase skimming devices that are Bluetooth enabled, which allows them to download the track and PIN data easily and remotely, from the safety of a parking lot! In addition, they can get skimming devices with built-in SIM cards, allowing for remote configuration, remote uploading of data, and tampering alerts that, if triggered, can cache the data and send it out immediately to the thieves, making it difficult for the victims to discover that there has been a data exfiltration.

 

Given the recent multiplicity of payment card skimming occurrences targeted at retail and post office locations, I have become quite wary of shopping using my credit and debit cards. Are you, too? The thing is, it’s convenient to pay by card vs. cash. 

 

Still, prevention is better than cure. If you aren’t already, take note of and follow Verizon’s suggestions. I certainly plan to:

  1. Protect the card PIN by covering it with a hand to block any possible miniscule cameras that may be recording as you enter it.
  2. Be mindful of surroundings – if you see multiple payment card devices installed, just check if they all look “the same” – should the device you are about to enter your card into look different from the others, don’t use it.
  3. Inform the merchant and/or bank if something seems out of place (e.g., the payment card device appears to have been tampered with, or someone seems to be attaching a foreign object to the device, etc.) so they can investigate the matter.

Safe shopping everyone!

Read more...

skathuria
From TJX to Target: Protect or Pay Up!

From TJX to Target: Protect or Pay Up!

                          ProtectorPay.png

As many would have rightly guessed, Target has been sued due to the significant data breach affecting its customers in 2013. According to this Reuters article, “Trustmark National Bank and Green Bank NA accused the defendants [,Target Corp and Trustwave Holdings Inc, which provides credit card security services,] of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records.”

 

This reminds me of the prominent TJX (operator of TJ Maxx stores) data breach eight years ago that affected ~94M records, making it the largest single data breach to date. You can learn more about it on the Hacks of Ages timeline that Erin O’Malley so eloquently described recently. Juniper will add the Target breach to it.

 

According to the Ponemon Institute 2013 Cost of Data Breach Study: Global Analysis report, German and U.S. companies had the most costly data breaches ($199 and $188 per record, respectively). For U.S. retailer TJX, the financial losses were significant. The company agreed to pay $9.75 million to 41 states. Of this, per the settlement, $5.5 million was to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million was to aid in reimbursement of the costs and fees of the investigation. Further, $2.5 million of the settlement was to be used to fund a Data Security Trust Fund to be used by State Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information.

 

Let’s see how Target financially fares with regards to the settlement. In the meanwhile, I hope that both these and other enterprises will take effective, preventative measures to detect and stop such attacks early. If they don’t protect their customers’ data, certainly, sooner or later, they will have to pay the price. And, as my esteemed colleague, John Pennington, warned loudly and clearly in his blog, which summarizes the findings of a compelling study of the cybercriminal world, “Take action or be hacked!”

Read more...

skathuria
Top Kudoed Authors
Latest Comments
networkingnow | 10-19-2017
Re: What is a Trusted Platform Module (TPM)?
networkingnow | 10-19-2017
Re: Automating Cyber Threat Intelligence with SkyATP: Part One
networkingnow | 10-16-2017
Re: What is a Trusted Platform Module (TPM)?