Mike Foster's IT Security and Best Practices Blog

Three secrets about managing IT pros

Mike Foster — Thu, 17 May 2012 04:00:46 +0000

Of course, you know the solution to managing IT pros, both in-house and out-sourced, should be somewhere between “Give them free range” and “tie their hands.” Here are three key points perhaps nobody has told you before:

Discern wants from needs—just be sure you are making an informed decision. For example, you may think that IT just wants that new server, but taking care of your six year old server may be more expensive than buying a new one.

Be Realistic—You may want IT to totally revamp an old application or perhaps an old infrastructure that is left over from the other guys. Be sure you provide IT the time and resources to add this to their schedule.

Reward Properly—Rather than saying “good job” when IT fixes something, ask them, “What will you do to prevent this next time?” Stop paying outsourced IT consultants an hourly rate. How long it takes to accomplish a task or solve a problem is irrelevant. Paying them by the hour incentivizes them to learn on the job at your expense.

Please post your comments on this blog.

New LinkedIn App

Mike Foster — Thu, 10 May 2012 04:00:23 +0000

LinkedIn just released new apps for Google’s Android and Apple’s iOS. They are built from the ground up to be more useful.

If you’ve used LinkedIn’s apps in the past, or know someone who did, there were complaints.

Rather than improving the old app, LinkedIn opted to generate a new app from the ground up that is worth checking out. If you’ve elected to use an iPad, the app for LinkedIn is especially neat.

Be sure to notice the ‘LinkedIn Today’ section at the top. You’ll see that LinkedIn provides you with popular and useful news and updates.

Please post your comments on this blog.

Viruses on Macs? Really?

Mike Foster — Thu, 03 May 2012 04:00:31 +0000

Really. Two recent outbreaks have Mac users thinking about whether they need to consider more security.

Early in April 2012, the Flashback Trojan infected an estimated 500,000 Mac computers. If you think your Mac may be infected, visit the link below to determine if it is and find step-by-step instructions to fix the problem: www.senki.org/check-your-mac-now-are-you-one-of-the-500000/

Flashback takes advantage of a problem in Java. Another virus named Sabpub came out shortly after Flashback and Sabpub exploits the same problem.

How do you protect yourself? Patch Java on your system—or remove it all together. Among others, use some of the same tried and true defenses:

Update your OS. Click on the apple symbol in the top left-hand corner of your screen and choose update.
Update your applications. Some of the most attacked are Java, Adobe Flash, and Adobe Reader.
Be careful what attachments you open and links you click on.
Be aware that you are at risk for what is known as a “drive-by-download.” Most attacks involve tricking a trusting user. The attackers become more cunning each time.
Anti-virus tools are getting better and better for Macs—especially now that the market demand is increasing.

Please post your comments on this blog.

Are you rolling out the welcome mat to attackers?

Mike Foster — Thu, 26 Apr 2012 04:00:14 +0000

One of the biggest surprises IT receives during an audit is that their network is basically configured to grant attackers access.

So often, there are active user accounts for users who no longer even work at your organization. Some executives ask, “How did so-and-so break into our network? We fired them months ago!” All the user needed to do was log in.

More often, the executives have administrative level permissions to access everything on the network and, additionally, the executive has a weak password. If an executive demands administrative access to a network, create two user accounts for the executive. One of the accounts is for day-to-day work and the administrative account is only for resetting passwords, deleting users, and whatever else the executive wants to do on occasion.

Any users who have administrative access should not have access to a web browser or to email. Avoid exposing administrative users to those common and dangerous attack vectors.

Please post your comments on this blog.

Recipe to get hacked: Keep doing what you’ve always done

Mike Foster — Thu, 19 Apr 2012 04:00:21 +0000

Been hacked? Well there is always the insanity defense! IT professionals, both in-house and out-sourced, have a validated reason for being adverse to patching operating systems. Executives have a valid reason to be adverse to upgrading operating systems from, for example, Windows XP to Windows 7. Unless you resolve the issues, or at least establish compensating controls, you are more vulnerable to attack. But doing what you’ve always done and expecting a different result (aside from being the definition of insanity) is the short route to being hacked. Here is the solution:

It is important that you make sure all users have all “high priority” and “critical” patches and updates tested and applied within hours of their release.

Internal IT professionals do not want to rush into patches since “they’ve been burned” in the past by a patch that “broke” some process’ functionality on your network—usually one of the most important processes your organization relies upon. Outsourced IT professionals are super-reluctant because, if all of their customers go down at the same time after a patch, then the outsourced company will be overwhelmed trying to get all of their customers up and running again.

Successful patch management solutions I’ve seen during the process of audits are, and these “numbers of computers on the network” are approximate and vary depending on each organization’s needs:

Less than 10 users—Keep good backups and set the computers to run automatic updates. After the second Tuesday of every month, check each computer to be sure it is up to date simply by choosing the “check for updates” option.

Between 10 and 100 users—use a centrally managed patch solution such as Microsoft’s free WSUS or one of the commercial tools that tend work better than WSUS. Alternatively, consider using an outsourced IT company to provided “managed services” that include patching and monitoring your computers. Be aware that, during audits, I often discover and record proof that some managed service providers are unaware that their patching service is failing to keep their customers up to date.

100 or more computers—Implement a successful change management process. Schedule the change management to be the top priority, akin to “dial 911” priority, right after the second Tuesday of every month. Document your change management procedures, requirements, and approval process. For even larger entities, establish and enforce policies and procedures to document all modifications, including fixes, to the applications, hardware, network configuration, and all other modifications. Include the date, location, person making the changes, the quality assessment process, testing, effects on productivity and security, and follow-up up to ensure maintained integrity.

If you elect not to apply certain patches right away, then establish another control to mitigate or eliminate the risk.

Please post your comments on this blog.

Single Biggest Way to Repel IT Attacks

Mike Foster — Thu, 12 Apr 2012 04:00:20 +0000

Attackers have learned that one of the easiest and most successful ways to successfully take control of a network is to launch attacks against vulnerable programs on your systems. It is almost certain that you are not protected against these attacks—at least not until you take important steps.

Many viruses and other malware exploit vulnerabilities in applications. Are all of your patches current for applications such as Adobe Acrobat, Flash, Java, Microsoft Office, etc.?

In some cases, the application patches are even more important than OS patches—although both are important.

Attackers often exploit applications before the vendor has issued a patch to prevent the exploit. These attacks are referred to as zero-day exploits.

Your organization’s IT professionals need to create a list of applications in order to apply patches ASAP because, unless they identify all of your applications, they will not be able to patch all of them.

Ensure that new application patches get tested first on non-production machines. The test needs to be instituted immediately after the patch is released. Desktop and server virtualization can help IT with the testing process by providing a method to run server and workstation configurations on a single piece of hardware for testing.

Please post your comments on this blog.

Stop Drive-By-Downloads

Mike Foster — Thu, 05 Apr 2012 04:00:20 +0000

It is time to review your anti-spam filters and your web-filters to ensure you are adequately protected against targeted email attacks as well as drive-by-download attacks. The latter attacks happen when one of your users visits an infected site. The settings your IT department configured in 2011 probably need to be reconfigured to repel new attacks.

When I perform IT audits, IT Professionals, more often than not, express frustration that the anti-spam and/or web protection is inadequate. Either you don’t have the proper tools, or usually you already have the tools but tied IT’s hands. Ask IT to make reconfiguring and/or activating these tools a priority.

Good anti-spam solutions block unwanted email, allow email you are interested in receiving, and even attempts to block viruses arriving via email. One of the biggest signs of a good service, in addition to working properly, is that the service saves your workers and your IT team time by not needing to babysit the anti-spam solution.

Eliminate specific E-mail attachments since they may contain malicious code. This infection vector is a significant source of infections that lead to attackers gaining control over major assets in your network.

It is important for security and productivity to implement a solution to block Internet access to inappropriate sites. While most everyone in an organization can quickly agree on blocking certain sites because the inappropriate content could endanger the organization. For other categories of web sites, there may be more than one point of view.

Consider, at least initially, only blocking the sites that everyone can agree need to be blocked. Simply activating the blocking tool will usually help reduce drive-by-downloads at some sites.

Many firewalls support web filtering although many firewalls do not provide reporting features with enough detail. If your solution is inadequate, then upgrade the firewall or add a tool that will provide this functionality.

Please post your comments on this blog.

Quickly Identify an Attack Email Message–Know thy Enemy

Mike Foster — Thu, 29 Mar 2012 04:00:02 +0000

Many attacks come from the outside world. Those attacks are directed at your users. There are two ways, and teach these to your workers, to identify almost all of these dangerous email messages before the user clicks on them.

The giveaways are:

The email message has some kind of urgency. For example, “such and such will expire unless you…”
There is a link in the email or, less commonly, an attachment to the email message. Those links, when clicked, are when attackers can interact with your users in ways from tricking the user into giving out personal information to injecting malicious code into the user’s computer.

Protect your system from attacks. Teach your users to quickly identify the “urgency” and “click here to…” dangers.

Please post your comments on this blog.

Lighten Your Load–78 Items your Smartphone replaces

Mike Foster — Thu, 22 Mar 2012 04:00:24 +0000

Perhaps you want to lighten your load. Perhaps you want to save money. Perhaps you want to make the most of your investment in your iPhone, iPad, Android, BlackBerry, etc. Brainstorming with CEOs, other senior level executives, and owners resulted in the following list of 78 items your device can replace.

411 information / Yellow Pages / Phone books
Airline boarding pass
Airline Status
Alarm Clock
Backup (happens in cloud now)
Bank tellers – depending on the task
Bar code scanner
Bill Pay
Books / Magazines
Bookstore
Bug Spray
Business Cards (use NFC)
Calculator
Calorie counters by scanning food barcode labels
Camcorder
Camera
Carpenter’s Bubble Level / plumb bob
Compass
Contacts List
Cookbooks
Credit Card Machines
Credit Cards
Dedicated music players
Dials an stay on hold for you (App is named Fast Customer)
Dictionary
Document Scanner
Dog Whistle
DVD movies
Employees
Encyclopedia
Expense Reports
Expensive video conferencing tools
Expert Advice
Flatbed Scanner
Games
Garage Door Opener
GPS Directions & Traffic
Home phone
Keys

Language Translation
Laptop Computer – especially: Web browsing, Email, Presenting
Library
Light Switch
Loyalty Cards
Magnifying Glass
Maps
Mirror
Mouse
Music CD’s
Newspapers
Pager
Paper tablet on which to take notes
Paper based tools commonly referred to as “planners”
Pen
Photo Albums
Portable DVD Players
Post-It ® notes
Price checking
Radio
Really long arms – LogMeIn etc.
Research materials
Restaurant reservations
Restaurant Reviews
Retail Stores – use Amazon etc. now
Ruler
Secretary
Smart Boards ®
Speedometer
Spell Checker
Starbuck’s ® Card
String on your finger
Teacher
Thesaurus
TV
TV Remote Control
Voice Mail
Watch
Weather

Can you add more items to the list?

Please post your comments, and other items not on this list, on this blog.

Stop Attackers Who Bypass Your Firewall: Firewall or Failwall?

Mike Foster — Thu, 15 Mar 2012 04:00:13 +0000

When a user gets one of those phishing emails about, “click here to…” and the user clicks, that communication just went through and your organization’s firewall probably didn’t even realize what was happening. Other than training users, there is a simple way to make up for the weakness of your organization’s firewall.

It is very important to have a good firewall between your organization and the Internet. Since attackers find many vectors to bypass that firewall, it is crucial to have what is known as a “client firewall” as well. While over-simplified, think of the client firewall as a firewall “program” running on each computer. This simple tool, if utilized properly, will thwart many common security attacks.

Often, your anti-virus suite offers the client firewalls as an inexpensive upgrade. You may already have the tool and it isn’t turned on. A free firewall, especially good for your computers at home, is described here: https://www.fosterinstitute.com/blog/powerful-windows-firewall/

You might find it fascinating how, when I’m performing audits, I discover that many organizations have the technology for client-side firewalls and the firewalls are turned off. Maybe your IT professional(s) are just too busy to enable and configure the firewall? If so, that is a priority management problem.

Please post your comments on this blog.