iPower Technologies Arrests Hidden Malware from Body Cameras with SonicWall Firewalls

/0 Comments/in /by

Note: This is a guest blog by Jarrett Pavao CEO iPower Technologies Inc., a Premier Partner for SonicWall Security, in South Florida.

Every day viruses, malware and trojans infect IT infrastructure through a growing number of mobile devices. With the growth of Internet of Things (IoT), this threat is rapidly increasing. We are faced with viruses potentially infiltrating almost every connected device – even brand-new law enforcement body cameras.

That’s right, even the people sworn to protect are exposed to these threats. Here at iPower Technologies, we never ceased to be amazed at the lengths that the bad guys will go to break into networks. That’s why it’s important that organizations have comprehensive network security that protects their associates whether they are working in the field, at home or in the office. As more of our everyday devices become “smart” and “connected”, they bring great convenience to our private and professional lives, but also provide an access point to infect entire networks and wreak havoc. This potential threat may even come from new equipment straight out of the box.

As the CEO of iPower Technologies, my team based in Boca Raton recently discovered malware on the body cameras used by one of our law enforcement clients. As a SonicWall Security Premium Partner, we follow strict protocols and we regularly audit and scan our clients’ IT infrastructure and endpoint devices, including body cameras used by our law enforcement customers. With SonicWall next-generation firewalls, we were able to detect the virus before it infected the entire network and potentially put critical data at risk. These cameras leverage geolocation/GPS capabilities, meaning that the malware could be used to track law enforcement locations.

Discovery: Conficker Worm

We discovered the malware during testing of body camera equipment for one of our law-enforcement clients. iPower engineers connected the USB camera to one of our computers. When he did that, multiple security systems on our test environment were alerted to a new threat. It turned out to be a variant of the pervasive Conficker worm and we immediately quarantined it. A second camera was connected to a virtual lab PC with no antivirus. The SonicWall next-generation firewall immediately notified iPower of the virus’ attempt to spread on the LAN and blocked the virus’ from communicating with command-and-control servers on the public internet.

Prevention

Like body armor that peace officers wear, taking precautions and preventive measures is the best defense to stopping and limiting damage from attacks. Fortunately for our clients, my iPower team has the expertise to recognize active threats along with the support of the  SonicWall Threat Research team to prevent successful attacks. In this specific case, the threat was stopped before it could do any damage and an alert for the Confiker worm was issued.

Any network with a properly deployed  SonicWall next-gen firewall would have contained the attack to a local device, such as the USB port, and not to the entire network.

Sonicwall Next Generation firewalls have multiple security features including the ability to inspect encrypted traffic, and leverage deep packet inspection (DPI) technology. See the diagram below for an example of how to prevent a virus or worm like Conficker from spreading from a PC to your servers:

Examine Smart Devices before Deploying

It’s a matter of policy for us at iPower to test all equipment before we install on a client’s network. If you don’t have a test environment – or have access to one – I strongly suggest that you make the investment. It can pay for itself in preventing embarrassing events at the client site, as well as increase internal staff knowledge that can then be applied in the real world. So do test every device you plan to install or connect to your client’s network.

Make that sure testing is a matter of policy by having a strict written policy regarding the implementation of any new hardware or software. Test any new systems being added to your corporate network in a sandbox environment prior to deployment. We don’t know for sure how the malware got onto the body cameras. It could have happened in any number of the manufacture, assembly and – ironically – QA testing stages. I think the most likely reason is due to lack of manufacture controls and outsourced equipment production. It seems innocuous enough. It’s just a camera, but the potential of the worm could have devastating, even tragic, ramifications if it had been able to gain remote code execution inside a network. Attackers could then harvest police database for Personal Identifiable Information (PII). This can be used to forge fake identities, etc.

This threat is real and growing. When you extrapolate this threat out to common smart devices, such as connected refrigerators and thermostats and the general lack of security knowledge in the home and SMB markets, you have a potentially massive challenge. So again, any device that will be placed on the same network as servers, databases, or could potentially access a corporate network need to be checked out and properly aligned with security best practices.The best way to do this is careful network design, including intra-VLAN inspection on SonicWall next-generation firewalls is a great way to protect critical infrastructure from high risk PCs and IoT devices.

Higher Education Makes Cybersecurity a High Priority – Are You Prepared?

/0 Comments/in /by

Digital natives predominantly compose the student body at today’s education institutions, and technological advancements have created unprecedented opportunities for personalized learning. BYOD and other emerging technologies have allowed school districts, colleges, and universities to become more effective, inclusive, and collaborative.

With the proliferation of devices now on the network, however, IT administrators are now faced with the enormous task of empowering end-users to capitalize on the benefits of increased mobility and connectivity, while also ensuring the integrity of the organization’s network and data. In our current threat environment, it is more critical than ever that schools, colleges and universities develop an overarching, end-to-end security approach that aligns with the institution’s mission.

A recent SonicWall survey, conducted in partnership with the Center for Digital Education, targeted higher education IT professionals, including executives (CIO, CISO, VP of IT, etc.), IT Directors and network managers to assess the state of network security on college campuses. A key takeaway from the study, however unsurprising, is that 73 percent of respondents rank cybersecurity high or very high among their institution’s technology priorities.

Just as cybersecurity has become a priority across industry and government, higher education institutions are shining a brighter spotlight on security – and for good reason. While educational institutions rank their ability to detect and block cyber attacks relatively high, with 65 percent citing their abilities as good or excellent, only 17 percent indicate that they have not experienced a network breach/incident in the past year. This statistic is indicative of the fact that cyber threats are continuing to increase in both frequency and sophistication in every industry.

In response to the growing threat of data breaches, 77 percent of survey respondents indicate they expect to spend more on network security in the next 12 months and 63 percent expect to spend more on secure access to data and applications. This is an encouraging statistic, as it reflects increased awareness around the need to strengthen security and mitigate risk.

In our hyper-connected world, a strong security posture is a strategic investment for education at all levels. IT administrators and decision makers across the education industry need to address the continually growing role of technology on campus by implementing end-to-end security solutions that protect all data and endpoints, old and new. Holistic, end-to-end security that utilizes identity access management, next-gen firewalls, endpoint security and efficient patch management allows school districts, colleges and universities to confidently and securely offer the benefits of increased mobility and other IT advances to their faculty and students.

For more details from the survey, view the on-demand webcast “Network Security in Education: The changing landscape of campus data security.” In this November 2015 webinar, Larry Padgett of the School District of Palm Beach County reviews how his district – the 10th largest in the United States — is leveraging people, processes, and SonicWall next-generation firewalls to protect a network serving 189,000 students and staff in nearly 200 sites. SonicWall Security’s Ken Dang joins Larry in this Education Dive webinar.

Register for Webcast

Network Security Designs for Your Retail Business

/0 Comments/in , /by

The 2015 Verizon Data Breach Investigations Report (DBIR) estimate of $400 million financial loss from security breaches show the importance of managing the breaches and ensuring appropriate security infrastructure is put in place. Retail industry saw high-profile retail breaches this year through RAM scraping malware aimed at point-of-sale (POS) systems. The security breaches affect both large and small organizations. According to Verizon 2015 DBIR, attackers gained access to POS devices of small organizations through brute-force while larger breaches were a multi-step attack with some secondary system being breached before attacking the POS system. This article highlights the key design considerations to build and deploy a secure, scalable and robust retail network.

Secure Network Design Considerations

Organizations need to ensure that their networks are resilient, secure and robust. Security solution put in place must not be a knee-jerk reaction to an attack but rather a comprehensive protection solution. A typical retail location requirement includes support for POS systems, Guest Wi-Fi access, Employee access to restricted resources, third party vendor access to limited resources and reliable Internet connection with no downtime. Given these requirements, following strategies are recommended in the retail network design –

1. Network Segmentation – It is important to segment the retail network into multiple networks. This ensures that an attack on a particular device in a network does not infest the entire network. A simple, flat network design is an easy access for an infested POS terminal to bring the entire network down. Create separate networks for – POS terminals, Guest Wi-Fi devices, Employee access to restricted information and 3rd party vendor access (limited & appropriate access).

2. Access Control – Install strict access controls on all network segments to ensure how devices communicate within and across network segment(s).

3. VPN Tunnels – Create site-to-site VPN tunnels between retail location and centralized data center location to ensure all traffic originating from a POS system is always encrypted. Typically customer sensitive credit card information is encrypted when validating over internet. However, simple management data such as login credentials may not be encrypted and could pose an entry point for a security breach.

4. Security – SonicWall 2015 Annual Threat Report findings show 109% increase in the encrypted connection traffic from last year. This potentially means that attackers could be using encryption as a way to hide their malware from firewalls. It is imperative to use a Next-Generation Firewall (NGFW) that performs deep packet inspection on all traffic including encrypted ones. Deep packet inspection services such as Intrusion Prevention, Malware detection and Content Filtering are strongly recommended to reduce the risk of intrusions and malware attacks. Additionally, enable endpoint anti-virus on all POS terminals for increased security.

5. Reliability – Retail networks need to be secure, and fault tolerant with zero-downtime. For fault tolerance at smaller retail location, it is recommended to use 3G/4G backup failovers with a multi-ISP provider strategy. For heavier traffic retail location, NGFWs deployed in High-Availability mode provides for un-interrupted connectivity.

6. Guest Wi-Fi – Retail locations are increasingly using guest Wi-Fi access as a means to increase their business and stickiness with customers. For guest Wi-Fi, create a locked-down Internet-only network access for visitors or untrusted network nodes. Choose a solution that provides guest services with the latest wireless technology such as 802.11ac for increased bandwidth.

The SonicWall Next Generation Firewall based security solution provides an integrated approach to addressing all the requirements of a typical retail network. For more information on best practices for securing your retail network, download this white paper.

DOWNLOAD EBOOK

The Holiday Online Shopping Season is Coming Is Your Network Prepared?

/0 Comments/in /by

Now that Halloween is over, it’s time for the holiday online shopping season to kick in, beginning on Black Friday, continuing through Cyber Monday, and finishing up on New Year’s day. For a lot of people it’s time to start spending money.

When we shop for the holidays many of us like to do it online. The National Retail Federation indicates that more than half of U.S. consumers plan to make at least some of their holiday purchases online this year. Why? Well, we can do it from anywhere at any time. It’s convenient. That includes shopping from work.

What does it mean to your organization? Well, there’s a good chance your employees will spend some of their work time shopping online over the next six weeks. Is that a potential problem? If you consider the security of your network, the productivity of your employees and the use of network bandwidth important to your organization, then the answer is yes, and here’s why.

Online shopping at work introduces security risks. For example, employees may inadvertently create opportunities for malicious attacks directed at your organization. An “attack or threat vector” is the means a hacker uses to gain access to one or more systems or servers on your network. Through the attack vector, the hacker can compromise systems on your network and deliver a malicious payload, the most common being a virus, worm, trojan or spyware. A common threat vector around the holidays is phishing. Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email instructing recipients to go to the fake website of a reputable business such as FedEx or UPS. The site will attempt to collect personal information such as the user’s name, passwords, social security number and credit card details. Another attack vector you may come across is “malvertising,” or “malicious advertising,” which is a threat that uses online advertising to spread malware. The malware can then capture information from an infected machine, or send probes around the network to find servers and other systems that can be compromised.

The security of your network isn’t the only issue your organization faces during the holiday buying season. Employees are exercising more freedom for personal activities such as online shopping during work hours. This is concerning. Why? Well, they’re shopping on company time so they’re not as productive and it’s likely they’re connecting to sites through the corporate network which could lead to a security risk as well as a misappropriation of valuable bandwidth.

Speaking of your bandwidth, there’s the question of how it’s being used. With likely over half of your employees shopping online at some point during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use such as online shopping, streaming music and watching HD videos which can all have a negative impact on network performance if left unchecked.

What can you do to secure your network, improve employee productivity and get the most out of your bandwidth during the holiday online shopping season? Here are a few tips:

  • Get a next-generation firewall. If you don’t have one already, next-generation firewalls secure inbound and outbound traffic from threats, provide you the tools to determine which websites your employees can and can’t access (hint – online shopping sites) and allow you to identify and control the apps used on your network and how much bandwidth you want to allocate to them. Not only that, with more websites moving to SSL encryption, it’s important that the next-generation firewall be able to decrypt and inspect encrypted traffic for threats.
  • Help your employees learn how to avoid malvertising and recognize phishing emails. Be alert for suspicious emails and links to unknown websites.
  • Educate employees to use different passwords for every account and establish policies for strong passwords.
  • Many attacks are based on known vulnerabilities in recognized browsers, as well as in plug-ins and common apps. Therefore it’s critical to apply updates and patches promptly and reliably.
  • It’s a good idea to use tools that allow IT managers to monitor the use of network applications. It’s called “Application Intelligence” and it can help you determine if anyone is violating company policies or simply visiting sites that have no business purpose such as online shopping.

SonicWall offers a complete range industry-leading next-generation firewalls including the NSA Series that integrate numerous advanced features for deep packet inspection such as Anti-Malware, Intrusion Prevention, Application Intelligence and Control, Content and URL Filtering and SSL Decryption and Inspection.

Take Control of Your Network During the Holiday Shopping Season

/0 Comments/in /by

It’s the holiday season and that means we’re all busy with fun activities. Take online shopping for example. Many of us will do it between Black Friday and New Year’s, even for just a little while. Some of us do it at work. When employees spend time shopping online during work hours it presents challenges for any organization. Perhaps the three biggest challenges are network security, employee productivity and bandwidth consumption.

How popular is online shopping? Last year, data from the National Retail Federation (NRF) revealed that retail holiday buying increased 4.1% to just over $600 billion. Much of that shopping was done online. This year the NRF is forecasting retail sales of $630 billion, up 3.7% over 2014. According to an NRF survey almost half of all holiday shopping, whether it’s making a purchase or merely browsing, will again be done online this year. Let’s take a look at the impact this has on organizations and the steps you can take to overcome the challenges online shopping poses.

Network security

  • Malware – Employees who shop online at work inadvertently create opportunities for malicious attacks directed at your network and your organization. The most common threats are viruses, worms, Trojans and spyware.
  • Phishing – Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from unsuspecting recipients.
  • Malicious advertising – Commonly referred to as “malvertising,” this threat uses online advertising to spread malware which can then capture information such as credit card and social security numbers from infected machines.

Employee productivity

  • The big drain – With workers bringing their own smartphones and tablets into the office, we’re seeing an increased blurring of the line between work life and personal life as employees exercise more freedom to use these devices for personal activities such as online shopping during work hours. When they’re shopping on company time it means they’re not working so their productivity has decreased.

Bandwidth consumption

  • Disappearing bandwidth – With about half of your employees shopping online during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use.

While you can’t completely eliminate threats to your network, drops in productivity and misuse of valuable bandwidth, there are measures you can take that are well within the reach of your organization simply by practicing good digital hygiene. Here are five things your organization can do to reduce the risks of a successful attack while maintaining productivity levels and conserving bandwidth.

  1. Help employees learn how to avoid malvertising and recognize phishing emails. Be on the lookout for suspicious emails and links, especially those requesting sensitive information.
  2. Educate employees to use different passwords for every account. Establish policies for strong passwords such as guidelines regarding password length, the use of special characters and periodic expiration, and reduce the number of passwords through single sign-on.
  3. Because many attacks are based on known vulnerabilities in browsers including Internet Explorer, as well as in plug-ins and common apps, it’s critical to apply updates and patches promptly and reliably. They will contain fixes that can block exploits.
  4. Make sure you install an intrusion prevention system and gateway anti-malware technology on your network. They add important layers of protection by blocking Trojans, viruses, and other malware before they reach the company network. They can also detect and block communications between malware inside the network and the cybercriminal’s server on the outside.
  5. Take back control of your network by limiting the use of your bandwidth to business-related activities. There are several technologies available such as content and URL filtering that can be used to prevent employees from visiting websites dedicated to shopping and other non-productive topics. Also, application control provides the tools to restrict the use of applications such as social media to employees who have a business reason to use them.

SonicWall offers a complete range industry-leading next-generation firewalls that secure your network from threats and give you the controls to keep employee productivity high and bandwidth focused on business-critical applications. To learn more about how these solutions can help you during the holiday shopping season and beyond, please visit our website.