5 Ways to Know if You Are a Data Security Risk | By John Kogan

Here are some way to know if you are putting your client’s data at risk.

1. YOU ARE QUICK TO CLICK ON HYPERLINKS. Avoid clicking on links in emails, especially if they are from an unknown sender or sent without context. A good way to verify links before clicking is to hover your mouse over them. Do they lead where they purport to? Check carefully for tricky typos like “arnazon.com.” If you do click on a link, never enter sensitive information into the window that opens.

2. YOU WANT TO BE EXTRA HELPFUL BY EMAIL AND ON THE PHONE. Say you get an email from a partner of your firm: they are stranded abroad, have lost their wallet, and need your help immediately. It’s natural that your first instinct would be to help, but think twice. Even if the email does seem to be from someone you know, be on guard if it seems out of character. Watch out for odd spelling and grammar, threats of negative consequences, and requests for fund transfers. If it seems weird, it probably is. By extension, be careful when someone calls you requesting information about you or a colleague.2 These kinds of scams are called social engineering, and they are remarkably effective.

3. YOU LOSE YOUR GADGETS AND DON’T DISPOSE OF THEM PROPERLY. Are you the type to leave your cellphone and credit card behind at restaurants, or forget your laptop in a cab? I can relate. Aside from causing headaches, such slip-ups can also lead to major breaches if your lost items end up in ill-meaning hands. To avoid worst case scenarios, make sure everything is encrypted and, at the least, password-protected. Your phone should have a pin or a forensic safeguard, such as fingerprint scanning or facial recognition. Your laptop should be encrypted with a solution such as Microsoft Windows’s BitLocker.

4. YOU USE THE SAME PASSWORD FOR EVERYTHING. I know, it’s become so difficult to remember all our passwords. Still, do try to avoid repeating them, and definitely, do not write them on a post-it note that you stick to your computer monitor. If one of your accounts is breached, the rest of your accounts with the same password will be at risk as well. We recommend using a password manager such as Roboform, which creates complex and unique passwords and remembers them for you. Browsers such as Google Chrome are also starting to offer complex password management now. Also, consider multifactor authentication. If someone does get a hold of your password and tries to enter it on an unfamiliar computer, they will not be able to log in without a second verifying step, such as a prompt on your cell phone.

5. YOU HAVE LOCAL ADMINISTRATOR RIGHTS ON YOUR COMPUTER. This is common at small firms. Having administrator rights means that you are able to make big changes on your work computer, such as installing new programs. While it may be convenient, it is also dangerous, as it makes it easy for malware and hackers to access your firm’s core systems. Your IT department or provider should be the only one with administrator privileges.

Cybersecurity: New NJ Privacy Law

You may have started to read about changes that may directly affect your organization. In response to Europe’s new GDPR law.

In response to Europe’s new GDPR law, states have begun to draft and implement additional privacy laws and regulations. My home state of New Jersey is now attempting to lead the charge forward in seeing these new policies are in place.

We all know that security of credentials is critical to preventing data breaches, but now we have arrived at a point of what else defines “personal information”. States are not considering passwords and other credentials to be labeled personal information.

“The measure closest to becoming law, S-52, would force companies to disclose data breaches involving an expanded definition of “personal information.” The bipartisan bill was approved unanimously in the Legislature and now awaits a signature or veto by Governor Phil Murphy.

Current state law mandates that companies tell customers when their driver’s license numbers, Social Security numbers, account numbers or credit or debit card numbers have been compromised. The bill would expand that list to include user names, email addresses, and passwords or security questions and answers that could be used to gain access to an online account.”

For more info:

SENATE, No. 52 – STATE OF NEW JERSEY – 218th LEGISLATURE
https://www.njleg.state.nj.us/2018/Bills/S0500/52_R1.HTM

NJ Releases Annual Statistics on Cyber Breaches – https://www.nj.gov/oag/newsreleases18/pr20181023b.html

Americans and Cybersecurity – http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/

NJ’s APP News – https://www.app.com/story/news/new-jersey/2019/03/18/nj-data-breaches-notification-cybersecurity-online-privacy-legislation/3013418002/

Intrusion Prevention with Fail2Ban

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper. Wikipedia

To assist in further locking down the exposed SSH endpoint I manage,I decided to use the tool Fail2Ban as it supports many of the services (sshd, apache, etc) that can be integrated with IPTables.

Installing Fail2Ban is simple and can be completed with a few simple steps, assuming you have su or root access to the system you are managing.

Here are steps you might follow to accomplish this:

Log into you system and issue the following command and update

sudo apt-get update
sudo apt-get upgrade -y

Next install the Fail2Ban software via apt-get

sudo apt-get install fail2ban

Edit Fail2Ban to work with your SSH configuration by opening ‘/etc/fail2ban/jail.local’ file with the following command:

sudo nano /etc/fail2ban/jail.local

Add the following to the file /etc/fail2ban/jail.local

[ssh]
 
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
bantime = 900
banaction = iptables-allports
findtime = 900
maxretry = 3

Restart Fail2Ban service or reboot your host

sudo service fail2ban restart

To view banded IP’s you can use IPTables for this.
Use the following command:

sudo iptables -L -n --line

At the end of the day a secure password will always protect you as this solution will only slow the bad actor down, it doesn’t stop them.

Techshort: IP Addresses with PowerShell

Quick PowerShell Tip!

To list all of the IP addresses, both v4 and v6 on your local system, along with the associated interface name issue the following command:

Get-NetIPAddress | Select IPAddress, InterfaceAlias | Out-GridView

What you get from the above command is a grid view output which can be copied and pasted into a document.

Security News: Citrix Breach

If you haven’t heard, Citrix was breached through a compromised employee account due to password spraying.

Password spraying is an attack that that attempts to access a large number of accounts (usernames) with a few commonly used passwords. Traditional brute-force attacks attempt to gain unauthorized access to a single account by guessing the password.

The exploitation of weak passwords has become an increasing area of worry for all of us in the IT area where security is relevant. It’s been said that a compromised account was used to access and steal 6TB of sensitive data from email, file shares, and database applications.

At this point the question in your mind is or should be: What could have helped to prevented this?

My simple response is: Develop a policy of using and enforcing strong passwords, configuring proactive authentication monitoring to take the time to look for password spraying and please audit user passwords against common and aquired leaked password lists.

Citrix said it “still doesn’t know what specific data was stolen, but an initial investigation appears to show the attackers may have obtained business documents”.

While Citrix is moving as quickly as possible,  its a sad turn of events that companies are reactive only and measures to prevent such attacks are lacking.

Is this your company? Let’s hope not, because you can be next.

For more info from Citrix stop by their blog – https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/