Network Critical - The Window to your Network

Crime and Punishment…and Protection


Crime

The European Cybercrime Center announced in its 2016 Internet Organized Crime Threat Assessment report. Here is a quote from the organization. “The volume, scope and material cost of cybercrime all remain on an upward trend and have reached very high levels.” Another report from BT and KPMG stated that, “Criminal groups who mount a constant assault on legitimate businesses are not simply members of an amorphous underworld. They are, in fact operated as rational hard-nosed businesses with their own clearly defined business models and money making scams.”

Given the above information here is an interesting report. According to a Zurich Insurance Group survey of small and medium sized businesses, about 11 percent of respondents said they worried about cyber-crime. This is not a typo and your eyes are not playing tricks. Also note, this is not a small sample. The survey polled 2600 C-level executives from 13 countries for this study. However, even though the number is small, it is the fastest growing perceived business risk category. So, it appears that cyber-crime awareness is relatively weak in small and medium businesses, it is growing.

Law enforcement, however, is paying attention. About 200 delegates from 56 countries met in Singapore the last week of September to discuss best practices for overcoming the many steep challenges of fighting cyber-crime and bringing perpetrators to justice.

Punishment
As reported in SC Magazine UK, Nazariy Markuta, a hacker for D33D Company, has been convicted and will spend two years in prison by the UK’s National Crime Agency. Two years! That is not a typo either, two years! Now, this is a guy who is believed to be involved in the leak of 450,000 email addresses and passwords from Yahoo!’s contributor network. Further, when he was arrested, agents found thousands or payment card records in his possession. But wait there is more…between 2012 and 1014 Markuta had attacked a video game reseller and SMS messaging service. He actually was sentenced to 11 years pleading guilty to 8 counts of hacking and fraud but the sentences will run concurrently, leaving him locked up for only two years!

Time for a little editorial comment…So, look. Cyber crime is no joke. It hurts real people and causes severe financial distress for victims. Global losses are estimated to be in the Billions of dollars annually. It is also difficult to track, arrest and prosecute perpetrators. Cyber theft of payment cards and personal information should be treated just like bank robbery or any other high crime. Ransomware hackers who disable systems and hold the encryption key for ransom, should be tracked down and treated like any extortionist. Phishers, whalers and other criminals with cute cyber names should be gives stiff sentences with little leniency. What about an international treaty that requires a minimum sentence of 20 years prison time and no cell phone or tech access? It seems that international cooperation and internet crime legislation have not yet caught up to the cyber world. Hopefully, that will change soon.

Protection
Until our lawmakers, judges and leaders catch up with the connected world, all we can do is to be careful, aware and protected. I had just read a report from a company called mimecast that offers some sage tips to help protect against whaling, a cyber crime where the perpetrator sends an email pretending to be a high level company official asking a subordinate to send money. For example, a US networking company called Ubiquiti was victimized to the tune of $46 million dollars in 2015 by a whaling attack. Here are some anti-whaling ideas:

  • Educate senior management and finance teams about this type of attack so they can be aware of the whaling tactics.
  • Carry out tests within your organization to gauge staff vulnerability.
  • Consider technology that alerts users when an email is coming from outside the corporate network.
  • Subscribe to domain name registration so that you will be alerted to domains that look like or are similar to yours.
  • Review financial practices. Insist that multiple signatures and requisition review be done prior to any large fund distribution.

Cyber crime is one of the fastest growing businesses on the global landscape. Law enforcement and the legislators are struggling to catch up with the new and evolving types and styles of cyber theft and extortion. Until that happens, it is up to individuals and companies to read, learn and be aware of potential threats coming at you in cyber space.


Posted: 29/12/2016 22:53:37 by Network Critical with 0 comments

It's beginning to look a lot like Crisis


It's beginning to look a lot like a crisis
Everywhere you go
Take a look in the server stack
I think we’ve got a hack
With alarms and red lights aglow

It's beginning to look a lot like a crisis
At our on-line store
But the scariest sight to see
Is the trouble that will be
Because Black Hat found a back door

A pair of Rootkit boots and some malware too
Is the fear of my boss and then
Botnets that will talk and go for a walk
Is what puts us all in pain
And he and I can hardly wait
For the IPS to start again

It's beginning to look a lot like a crisis
Everywhere you go
There's spyware in the laptops
More on the desks as well
The sturdy kind that angers my mind and so

It's beginning to look a lot like a crisis
But I know my tools will start
Protecting our links from this thing that stinks
Right from the start
Our Smart TAPS are doing their part

A pair of intelligent TAPS and some anti-virus apps
Is the bane of the Black Hat guys
My firewall will block it all
And bring the network back
And my boss and I can hardly wait to trash another hack

It's beginning to get back to normal
Soon the servers will re-start
And the security our tools will bring
Keeps our network protected from this hacking thing
Visibility and security is our thing!

Happy Holidays from Network Critical

Posted: 22/12/2016 17:52:10 by Network Critical with 0 comments

#Read!


“A reader lives a thousand lives before he dies. The man who never reads lives only one.”

George R.R. Martin

Here are some startling statistics about adults and books in the United States. According to a study by The Jenkins Group, one third of high school graduates never read another book the rest of their lives. Forty-two percent of college graduates never read another book after college. Eighty percent of families in the study did not buy or read a book last year.

Most members of the fast moving high technology community are readers. We read trade magazines, white papers, technical journals and industry blogs. We search the web for the latest network research to help make our networks faster, more reliable and more secure. In short, we are always learning because things are always changing. We must keep up, we must get ahead. Consistent industry education, while necessary and beneficial, is narrow.

There is a wide world of books available that have nothing to do with technology. They can be historical in nature, helping us understand how we got here. They can be inspirational stories about sports heroes, political leaders and inventors whose work changed our lives in one way or another. They can be simple escape stories of mystery and intrigue that just help us relax and escape from our daily responsibilities for an hour or two.

Reading can also give us a perspective on past and current events that we have not previously considered. A good book can make us feel. In school, we learned the names and dates of battles. We learned who won, who lost and who paid the bill. We did not learn about the feelings of those whose lives were turned on end when an enemy nation occupied their country. We did not learn of the helpless submission some felt or about the ruthless resistance others mounted. Books can provide a personal window into those lives so we can feel what they felt. So we can understand, not just learn.

Reading can take us on a 1930’s midnight escape out of the deep south where black sharecroppers sneak out from under the oppressive control of their white employers, seeking a better life in the industrialized North. Reading can take us on a voyage deep beneath the sea or far into outer space where we let our imaginations loose, discovering new worlds. Reading can have us hiding in a dark corner as a mass murderer creeps into our bedroom, knife in hand.

Too often, though, we miss out on these varied and interesting experiences; these feelings, these windows into the hearts of our fellow humans. We miss out because we are busy keeping up with daily life. We prioritize our time. We still need to eat and sleep. We miss out because with all the other priorities in life, we just do not think about reading as a relaxing leisure experience.

Someone needs to tell us, “Don’t forget to read books that are not associated with your profession.” So I am reminding you to find a book and start it. You do not need to read it all at once. Set aside some time to sit down and start one now. Turn off that 55 inch wide-screen TV. You will be amazed at the doors that open in your mind. You might even get some new ideas that will help you at work.

Posted: 16/12/2016 15:43:44 by Network Critical with 0 comments

Hey You, Get Off My Cloud!


Fifty one years after the release of this very popular Rolling Stones song, the words, “get off my cloud” are taking on a completely new meaning. While Mick Jagger might have been pleading for some peace and quiet and to just be left alone, today’s pleading is for unauthorized hackers to stay away from confidential and proprietary information stored in a very publicly accessible place.

Why would a company place their information that is the heart of their business in the hands of a stranger in a strange land. On the surface, that sounds ludicrous. However, there are a few very good reasons that companies are moving their IT infrastructure to the cloud.

The CapEx and OpEx of an in house IT system is a very large investment. When companies decide where to place their scarce investment dollars, it is becoming increasingly popular to place those dollars in “line of business” investments that will provide profits rather than support infrastructure. This is particularly relevant for small and medium sized businesses. However, even for larger business, the trend is to focus the IT staff on special high-value projects rather than day to day infrastructure and operations. Relying on cloud infrastructure also simplifies growth and technology upgrades. Thus, we see the continued growth of cloud computing.

Along with the rapid growth of cloud-based infrastructures comes double digit growth of cloud infrastructure monitoring. Continuous monitoring is important for a variety of reasons including basic network traffic analysis and resource planning, receiving alarms of outages, bottlenecks or unanticipated heavy traffic periods. Monitoring, of course, is also a critical initial component for network security and protection against crippling malware.

According to a Ponemon Institute report, The 2016 Global Cloud Data Security Study, companies are not doing a very good job of securing the confidential information stored in the cloud. Respondents included IT professionals from around the world. Over half believed that their companies did not employ a proactive approach to compliance with privacy and data security regulations in a cloud environment. Most of the respondents (56%) also believed that their companies were not as careful with private customer information stored in the cloud.

Some general recommendations noted in the report are for companies to make broader use of encryption when data is stored in the cloud. Further, comprehensive policies should be developed that govern what information should and should not be stored in the cloud. Finally, continuous monitoring and security measures should be implemented by the company and the cloud service provider.

Cloud providers are offering enterprise monitoring services in IaaS environments with a goal of allowing more management control to the client company. EarthLink, for example, offers a server monitoring and management service as well as a network monitoring and management service for cloud customers.

Comprehensive monitoring services require access and visibility to data flows in a network. In order to establish a monitoring program that includes network analysis, application performance and acceleration, intrusion prevention, data loss protection, encryption/decryption offloading and other specialized services, numerous appliances may be required. Packet Brokers like the SmartNA-X™ from Network Critical help enterprise networks and cloud service providers manage the panoply of appliances that are required for robust monitoring.

Packet Brokers provide the physical access ports required to connect monitoring appliances but that is only the beginning. Intelligent features like filtering and port mapping ensures that the right information is sent to the right appliance. Access ports are protected from unauthorized access, and fail-over features help maintain network operation when appliances lose power or are out of service.

In 2016, The Rolling Stones might now be singing, “Hey You, Get On My Cloud,” but only if they have complete monitoring services and good security. For more information about Packet Brokers and cloud monitoring go to www.networkcritical.com.

Posted: 08/12/2016 20:12:36 by Network Critical with 0 comments

Elections, Emails and Your Career


The recent US election cycle was more about past emails than future policy. I wonder if there may be some lessons to be learned. The answer is "Absolutely, YES!"

True Historical Story
To provide some perspective, here is a story from the early days of email: Back in those days I worked for a high-tech company with about 1500 employees. We were an early adopter of email technology, but there was no email etiquette rule book at the time and we had to learn as we went along.

One day, the HR Vice-President sent a routine email memo to the entire company distribution list regarding the holiday shut-down period. He suggested, “Please notify your customers, suppliers and other interested parties that we will be closed from December 24 until January 2.”

That email generated 1500 messages and actually required no response. However, about 200 people hit “reply all” and responded with an “OK”. (It was, after all, a message from the VP of HR.) That generated another 300,000 messages.

When HR realized what they had started, of course, they sent another message to the entire company requesting, “Please do not hit “reply all” when responding to messages to company distribution lists.”

Well, you guessed it, about 100 people hit “reply all” to respond with another “OK”, generating a further 150,000 messages. This cycle went on for about a week before the company email system got back to normal.

Email Today
The point of this story is that we now have a couple of decades of experience behind us with email and believe we are pretty sophisticated regarding electronic communication. We have faster servers, more bandwidth, world-wide scope and instantaneous messaging. We even have emoticons to help users understand communication subtleties such as sarcasm and humor. Electronic communication is so much a part of our every day life that we may not think about one very important distinction between email and live voice communication, the email trail.

Emails are not only stored on the senders computer, they are also stored on servers and hard drives of every recipient of every message. Further, the message recipient may have forwarded the message on to other computers or servers where it is also stored. Once an email user hits the “send” button there is no control over the future life and location of that message.

During the U.S. election, there have been many server hacks and very public display of confidential messages. There have also been lingering political investigations into emails of the candidates. This was all made possible by the physical nature of email communications. People think email is ones and zeros flying through the air, but once it hits a server or laptop it is real and it can be forever.

Your Career
What does any of this have to do with the careers of people outside of the public eye? There are many lessons that we can all take to our office. We all use email and text as an effective and convenient communication tool. In fact, email communication is often thought of as a direct replacement for face to face, or real time voice communication. Email is not real time and therefore is stored. As such it is vulnerable to being hacked and used in ways not intended by the user.

Your corporate network may be protected by firewalls, intrusion protection, packet brokers and other security appliances. Those necessary precautions cut down the probability of a breach. However, it does not eliminate the possibility of your private or confidential messages getting into the wrong hands. Remember, after the message leaves your computer and your company network, you give up control of that message. Even if your network is secure, once the message is on the recipient's computer, it can be stored and forwarded and attached many more times on unknown computers and servers.

Be careful with email communication. If you are communicating critical data, confidential financial information, company strategy or just venting, it may be prudent to do it old school…real time voice. Before you hit “send “ you need to ask yourself, if this email message ends up on an electronic billboard by the airport, am I OK with that? If the answer is "Yes", then send it. If the answer is "No", find a more secure and private alternative.

Posted: 02/12/2016 19:01:01 by Network Critical with 0 comments