Network Critical - The Window to your Network

Don’t it Make you WannaCry?!


It is enough to make anyone responsible for network security to want to sit down and cry. What is? The WannaCry ransomware attack, of course. The attack hit 150 countries in one day. The bad news is that there will be more such attacks in the future. The WannaCry ransomware attack is the broadest such attack in history.The good news is that we are not defenseless. Here are some history, thoughts and precautions about WannaCry and other malware.

By now, most of us have heard of the WannaCry attack. It is a trojan virus that encrypts all the data on the infected computer and instructs the owner to pay US$300 to decrypt the data. If the ransom is not paid in bitcoin in three days, the ransom amount doubles to US$600. After seven days all data will be deleted from the system.

So, how does the virus get into a computer? Generally the user is tricked into loading an infected file. Therefore, being cautious with your clicks is the best way to keep your files safe. According to a great security blog called Krebs on Security, here are three keys to help stay safe from this and other malicious viruses:

- If you did not go looking for it, don’t install it.
- If you installed it, update it. (WannaCry exploited a vulnerability in older systems)
- If you no longer need it, get rid of it.

These rules apply for all devices, desktops, smartphones, and tablets. Microsoft has macros turned off by default on most computers because they allow attackers to take advantage of resources that could result in running code on the system. Be very cautious of clicking on a request to “Enable Macros”. Also, regularly backup your data on a device that is not networked or connected to your computer. A current, disassociated back-up is your best defense against a ransomware attack.

With that background, we know that WannaCry exploited an old Microsoft Office vulnerability. Microsoft has since created a patch and is making it available to Windows XP, Windows 8 and Windows Server 2003. But wait, there is more…

According to an article by Bruce Schneier in Foreign Affairs, The National Security Agency (NSA) detected this flaw years ago but chose not to disclose it. Wait, w hat? Why on earth would they not expose a potential flaw that could cripple hundreds of thousands of computers worldwide if it got into the wrong hands? (There is an argument that being under control of the NSA constitutes being in the wrong hands, but that is a story for another day.)

The government agency had found a vulnerability and made a decision to exploit it rather than disclose it. This code, it seems, is a powerful weapon in gathering intelligence. With its own mission in mind news of the the code was kept quiet. Subsequently, the code was leaked and ended up in the “wrong hands” doing substantial damage around the globe.

Schneier suggests that the US agencies would be better served by using a stream of newly discovered vulnerabilities for offensive intelligence and disclose existing vulnerabilities to the community for defensive purposes. This idea keeps the intelligence flowing while helping improve security on systems everywhere.

The moral of this story is that cyber security is an ecosystem not an individual responsibility. In order to stifle ubiquitous attacks on computers and systems everywhere, the entire cyber community must remain vigilant and informed. This includes IT professionals as well as non-IT users. Companies and individual users must keep patches up to date. New employees must be trained on security practices for computer and network use. Strong perimeter security must be deployed and maintained to the latest standards.

Network Critical works with many partner companies who provide innovative approaches to network performance and security. These companies provide Firewalls, Intrusion Prevention Systems, Data Loss Protection, intelligent malware detection, WAN acceleration and performance as well as many other appliances to help protect computers and networks.

TAPs and Packet Brokers provide safe and secure connectivity and visibility to these protective appliances. Connecting specialized security appliances with Network Critical’s SmartNA TAPs and SmartNA-X Packet Brokers allows companies to add new layers of security without compromising network reliability or availability.

If you don’t WannaCry about malicious viruses, review your cyber practices now. Update patches, review user training and access policy and shore up your perimeter defenses.

Posted: 21/07/2017 13:01:31 by Network Critical with 0 comments

Net Neutrality Protest and DDOS


As has been reported by many outlets, the John Oliver show on HBO has advocated that his viewers send their comments about net neutrality to the FCC. His idea was to flood the FCC website and, therefore, render the FCC website unavailable. By having viewers all send comments protesting the potential repeal of net neutrality rules they could shut down the FCC. This would send a powerful message about the will of the people.

However, it is unlikely that the viewership of the show actually brought the FCC to its knees. Here is a little background about DDoS attacks.

DDoS
DDOS, or Distributed Denial of Service, is a highly coordinated attack that uses thousands and sometimes millions of devices to send such things as connection requests or large volumes of data to a network of servers thus overwhelming its capacity to respond. This malicious traffic blocks legitimate requests to the targeted network of servers from being processed. Thus the Distributed Denial of Service monicker.

DDoS attacks can come from many sources. Malicious botnets can be imbedded in thousands of devices by having users click on seemingly innocent links. Then when the time comes, the botnets send floods of requests or data files to target servers. One large DDoS attack was initiated by hacked public video cameras. That attacked sent 20,000 requests per second from 900 of the infected video security cameras.

John Oliver and the FCC
Now lets look at the John Oliver show’s viewers. The show has a large following. So, what if John Oliver suggested that all his viewers send their net neutrality comments to the FCC in order to bring down the FCC comments server. Let’s say that thousands of viewers followed the suggestion. What do you think the probability would be that enough comments were sent all at a specific time in order to block the network of FCC servers. Fairly unlikely.

According to a statement by David Bray of the FCC, their servers were victims of a series of DDOS attacks about midnight Eastern Time. Mr. Bray said, “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.”

Now, what is open to speculation and wonder is whether the DDOS attack timing was coincidental or if John Oliver’s comments inspired a person or group to perpetrate the DDOS attack. Interestingly, if the attack was created by sympathetic John Oliver viewers, they might have actually blocked many comments supporting net neutrality from being delivered by blocking the comment servers.

DDoS Protection
There are many reasons that businesses are attacked. Some include Hacktivism, hacking for social change. Extortion, hacking for ransom. Revenge, hacking to get back at a company for a perceived wrong. The motivations for these attacks are not much different than motivation for any other crime.

These attacks can come from anywhere ant any time. It is important for business and personal networks to be prepared ahead of time by protecting the network perimeter with strong Intrusion Prevention and other security appliances that can detect anomalies in network traffic. Forrester, IDC and Yankee Group predict that the cost of a 24 hour outage by a large e-commerce business would approach US$30 Million.

There are many specialized appliances that are designed to detect and block DDoS attacks. These appliances can save thousands to millions of dollars in lost revenue and reputation repair by preventing attacks that shut down business websites for hours or even days.

Of course, these appliances must be safely and securely connected to network links. TAPs and Network Packet Brokers are designed specifically for this purpose. These security enablement appliances allow connection of multiple security appliances on network links without impacting availability, speed or reliability. Further, large and complex networks can use intelligent TAPs and Packet Brokers to improve efficiency of security appliances through filtering and port mapping features that cut costs and increase processing speeds. You can find more information on TAPs and Packet Brokers at www.networkcritical.com/products.

Network Neutrality
Here is a final thought on the issue at the core of this controversy. The new FCC Chairman, Ajit Pai was an attorney for Verizon prior to his selection to this position. According to an article in the Seattle Times, since his appointment, he has stopped nine companies from providing discounted high speed internet access to low-income individuals, withdrew an effort to keep prison pay-phone rates low, and scrapped a proposal to open the cable box market to greater competition. Like these changes or not, the telecom, cable and media industries are in for many changes ahead.

Stay informed, stay connected, stay protected!

Posted: 07/07/2017 16:44:15 by Network Critical with 0 comments