19

Nov

2019

Eliminating the Weakest Security Link on Your Network

Eliminating the Weakest Security Link on Your Network

How to eliminate printer vulnerabilities as a prime target on your corporate network

When network security breaches hit the news, headlines typically focus on the scale of the breach, the number of records compromised, and the cost of the breach in lawsuits and recovery. What often gets buried in the details is the surprisingly mundane ways hackers find their way into networks to steal data and cause mayhem, including an open door through networked printers.

Until recently, most people would not have considered a printer to be a doorway to their otherwise secure network. But as IT security becomes more hardened, hackers have been creative in finding softer targets. In the last year, attacks on printers as network gateways has exploded, often with dramatic results.

How Networked Printers Can Become an Open Door

Last December, one hacker discovered hundreds of thousands of printers with open network ports on a service called Shodan, which systematically polls every IPv4 address on the internet, tries to log on with manufacturer default passwords, and details any information it can gather including open ports. The hacker selected 50,000 printers with open ports, and sent instructions to every one of them to print a message.

The attack was fairly innocuous--the victims simply saw their printer deliver an unexpected message. But the exploit opened the floodgates for other hackers who would go on expand on the technique to use networked printers as access points to the network. Once on the network, the threats and vulnerabilities become exponential.

Ways Printers Can be Used in Cyberattacks

Using networked printers as an unsecured gateway to a business network is only one kind of vulnerability. Even if hackers aren't able to use your printer as a gateway, there other types of attacks on printers that cause damage and unexpected losses:

  • Printer attacks can be used to intercept documents queued for printing--including contracts, business plans, presentations and personnel matters.
  • Data and documents stored temporarily on printer hard disks can be accessed and stolen.
  • Multi-function printers can be hacked to mail out documents to external sources.
  • Attacks on printers, including mass printing of unexpected documents, can be used to cause a distraction from another kind of attack or crime.

In one recently uncovered case, North Korean hackers regularly disabled the printers used by targeted banks to confirm monetary transfers, while creating transfers of cash into a remote bank account.

Securing Your Printers Against Cyberattacks

The vulnerability of printers has been known for several years, and yet repeated surveys by security firms like Kaspersky show that businesses have been slow to respond with even the most basic security protocols. Here are some of the most important steps to take to secure your printers.

  1. Change the default login credentials.
  2. Monitor security updates for your printers as frequently as you monitor updates for your computers.
  3. Ensure your printers are covered within your network security protocols, including managing open ports.
  4. Disable any networking protocols your employees don't need, like Telnet and FTP.
  5. Isolate your printers on a local network and disable out-of-network connections.
Comments (0)
Number of views (2428)
Article rating: No rating
Read more

Categories: TIG Blog

Tags:

15

Jan

2019

Six Security Practices to Teach Employees

No matter how strong your security and defense systems may be, there is always one flaw: human error.

No matter how big or small a company is, the fact behind employees being the biggest threat will never change for IT security. However, there are steps that can reduce the effect of human error, one of which is educating your employees on basic fundamentals of security and awareness.

Other steps that you can take include:

  • Avoiding Unknown Networks. Sure, you can send an email through a Starbucks Wi-Fi network, but these are open doors for hackers to gain access to a device that may contain corporate data.
  • Always Have a Passcode. Everything has gone mobile, and that includes the devices we use both at work and at home. Most of our devices don’t require passcodes, but they should. Teaching employees the importance of having every device require a passcode will pause the threat of an unknown visitor gaining access to critical information.
  • Watching What You Click. Antivirus software isn’t always the answer. Employees have become relaxed in what they click because of the “protection software.” Helping them understand that this is not the case, and the consequences of opening up documents from unknown people or websites.
  • Do Not Share Credentials. Purchase additional login accounts rather than sharing one account. That mentality needs to be done away with, and employees should learn value behind guest or role-based accounts. This is what keeps systems safe and secure.,/li>

Saying Something If You See Something. Keeps your eyes open for any suspicious documents, emails, or websites. Awareness goes a long way towards preventing cyber-attacks and hacks.

Comments (0)
Number of views (5896)
Article rating: 3.0
Read more

Categories: TIG Blog

Tags:

3

Jan

2019

What’s Your Data Worth?

Have you ever wondered what your data is worth on the dark web? Recently, RSA went undercover in the dark web to find out just how pervasive “dump” selling was and what your information is worth.

RSA and Fox Business News Report found the following:

Social

  • Instant Messaging ($1-$5)
  • Emails ($1-$3)
  • Dating Sites ($1-$10)
  • Social Media Websites ($3)

Finance

  • Financial Services ($7-$10.50)
  • Online Money Transfer Services ($0.0-$15.50)
  • Bank Accounts ($3-$24)
  • Credit Card Websites ($3-$5)
  • Accounts from Recent Breach ($1)

Travel/Leisure

  • Airlines ($3-$10.50)
  • Hospitality Services ($0.7-$1.50)

The scariest part of these findings is that dating accounts have quickly become the third & fourth most valuable type of account to resell on the dark web. The reason? It provides the attacker with enhanced knowledge giving them the ability to generate a ‘Synthetic’ Identity. They glean intimate personal details about your life to create a new physical and virtual you in order gain credit, buy property, and obtain enough knowledge to take over your existing accounts by answering deeper security questions such as, “What was your first car?”, “What’s your dad’s middle name?”, or “Who was your favorite teacher in high school?”

So why do businesses & organizations care about this new trend?

Many organizations deploy technologies that are based on the same “Personal Question” methodology. An attacker who knows the answers to these questions can gain access to password reset mechanisms. Likewise, employees often use similar passwords across work and personal sites. More cases are being seen involving blackmail and corporate espionage – when people feel subject to embarrassment or criticism over information they posted on a dating site or social media outlet, they are more susceptible to do unnatural things to keep that information private.

How are you protecting not only your networks and Intellectual Property, but how are you educating your users and protecting them?

Be Vigilant, Stay Aware!

Christian Rolland, BVP, CCDP, CCNP+S, CCNP+R&S
Sr. Practice Director, Enterprise Networking

Comments (0)
Number of views (7255)
Article rating: 5.0
Read more

Categories: TIG Blog

Tags:

9

Jan

2018

Meltdown and Spectre Side-Channel Advisement

Meltdown and Spectre Side-Channel Advisement

– The Bottom Line
There have been so many articles, advisories, blogs and opinions shared regarding the Meltdown and Spectre Side-Channel vulnerability, it’s difficult to tell fact from FUD. All these data points may still leave you asking: How does all this affect me, my business and my clouds?

Bottom line up front: know what your computer systems are running and quickly apply the recommended patches to each of the vulnerable platforms. Don’t take this lightly, it’s a very serious situation, however exploiting this vulnerability is not easy nor is there a known instance of an exploit in the wild. If you are unsure if you are affected, TIG can help.

Why Look To TIG?
As a leading technology solution provider, TIG has long standing relationships with most of the top tier vendors that manufacturer the equipment that is subject to this published Meltdown and Spectre Side-Channel vulnerability. This relationship provides TIG with an inside track on present and future impact, exposure and recommendations on how to mitigate the risk of this wide-spread vulnerability. TIG is offering a Meltdown/Spectre assessment services which catalogs your organizations assets and assesses the possible points of exposure and makes specific recommendations to minimize risk to your infrastructure.

Comments (0)
Number of views (5673)
Article rating: 3.0
Read more

Categories: TIG Blog

Tags:

16

Sep

2016

Security Alert

Alert!

The FBI issues a warning of rampant attacks of ransomware.  " The best defense against these attacks? Protecting your data!"

https://www.ic3.gov/media/2016/160915.aspx

The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack.

  • Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
  • Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization

Get the latest updates! Contact your TIG Account Executive or call us at 800-858-0549

Comments (0)
Number of views (8745)
Article rating: 1.0
RSS