Cybersecurity Predictions for 2018

It’s that time of year again. A time to make some vague or very specific estimate/guesstimate of the things likely to disrupt us in a negative way in 2018.

If you want to know what cyber threats we will face in the next year, look no further.

Well not quite…information security predictions should ideally help guide decisions about where to invest resources, but instead they are often ‘over dramatised’ to attract attention and clickrate.

For example drone hacking in 2016, like 2017 was and 2018 will be…a theoretical issue.

It is safe to say these issues will be on the 2018 list… the top threat trends for 2018 are: a continued increase in ransomware, more attacks on Bitcoin users and companies, more exploitation of the internet of things (IoT), new nation state attacks, General Data Protection Regulation which is set to be implemented in the EU next year, more use of machine learning, and lots suggesting company budgets for infosec need to increase !

We may well see a return to securing applications instead of building complex, expensive and defence strategies for APT (advanced persistent threat) attacks  – suggesting developers will be focusing on common threats for their specific products, rather than trying to guard against highly sophisticated attackers such as a state sponsored hacking group.

Infosec hasn’t changed a huge amount in the past 20 years since I’ve been active in it. At a macro level, we still hear about data loss, weak passwords, and failure in service availability combined with vulnerabilities that weren’t patched or missed for months at a time.

Posted in Networks, News and Updates | Leave a comment

What is blockchain ?

This is a series of articles we are writing about digitial currencies. In the first of the series, we ask the question , “What is blockchain ?”

A blockchain facilitates a secure online connection commonly associated with Bitcoin and is managed by a peer to peer network.

Blockchain is a decentralised and distributed ledger that keeps a record of transactions across many computer systems to guard against records been altered without all the subsequent blocks having been altered and allows users to verify and audit transactions inexpensively.

Blockchain is authenticated by multiple users working together and this results in a robust system where user’s uncertainty regarding data security is marginal.

The blockchain confirms each unit of value is only transferred once which solves a long-standing issue of double spending as block chains use what is called a “Value-exchange protocol” these transactions can be completed more quickly, safely and cheaper than traditional systems.

The blockchain database consists of two records transactions and blocks, blocks hold branches of valid transactions that are hashed and encoded into a “Merkle Tree”, Each block has a hash of the previous block in the chain linking the two. The linked blocks for a chain which confirmed the integrity of the previous block, some blockchains create blocks as frequently as 5 seconds.

Sometimes separate blocks can be created these are called (Orphan blocks) which causes a temporary fork, a block chain holds a secure hash based history and algorithm for scoring different versions so it will always use the highest version & blocks not included (Orphans), When a higher version is received the database is over written and republished to their peer. Block chain is built with the best version always changing; adding the score of new blocks onto older blocks as there are incentives to extending new blocks onto old blocks.

Major applications of blockchain include cryptocurrencies, such as bitcoin, and blockchain platforms such as Factom as a distributed registry, Gems for decentralized messaging, Storj and Sia for distributed cloud storage, and Tezos for decentralised voting.

Posted in News and Updates, Opinion | Leave a comment

Kaspersky – Am I at risk ?

Kaspersky has been in the news this week and last week. In early September 2017, the USA Department of Homeland Security ordered all federal executive branch agencies to stop using Kaspersky products, giving agencies 90 days to remove the software. Paranoia has been mentioned. Should customers be ‘ripping’ out Kaspersky ?

This has had a ripple effect around the rest of the world as organisations want to distance themselves from Kaspersky ‘just in case’.

Here are a couple of links to statements about it.

Most vendors have a ‘plan’ or ‘workaround’ to avoid Kaspersky integration. If you are concerned about your product and whether it is affected, please contact sales@itogether.co.uk or call 0113 341 0123

Check Point – General Statement

Check Point – How to remove from Endpoint

Check Point – Gateway Products

 

 

Posted in Network Security, Networks, News and Updates | Leave a comment

ITogether Helping You Prepare for GDPR

Preparing for GDPR

On 25th May 2018 the General Data Protection Regulation (more commonly known as the GDPR) will come into force in the EU. Organisations need to prepare themselves for the introduction of this new legislation to ensure that they continue to process personal data lawfully. We understand that our customers might need some more information to be able to make decisions about what they need to do, so we’ve prepared this Q&A to answer some of the more frequent questions that we’re asked.

Does GDPR apply to my organisation?

Almost definitely. It applies to all organisations that process personal data. For example, if you store customer contact information (maybe in a CRM, or your phone or email) or you store data about your employees (HR and/or payroll). Broadly speaking if the data protection act (DPA) applies to your organisation then GDPR will.

What about Brexit, doesn’t this mean it won’t apply to the UK?

No. The UK government has committed to including the GDPR into UK law so it will apply even after Brexit. Also, if UK data protection legislation starts to diverge from the EU’s post Brexit, the full GDPR will still apply to your organisation if you store the personal data of EU citizens.

What’s new in GDPR compared with the DPA?

In essence the GDPR is an evolution and extension of the DPA, that is, it’s updating the existing legislation adding new principles and rights for data subjects. Some of the new changes are: a new accountability principle for organisations: new rights for data subjects including the right to be forgotten: the definition of personal data has been widened: it’ll be mandatory for some organisations to have a Data Protection Officer: mandatory data breach reporting has been introduced.

What do I need to do?

That depends on many factors including, the size of your organisation, the type of personal data you process (i.e. do you process any sensitive personal data), whether you do any high-risk processing, and whether you process children’s data.

All organisations subject to GDPR need to review their existing data processing arrangements as elements of the new legislation apply to all organisations. For example, there’s a new principle of accountability that means all organisations need to be able to explain how they comply with the principles of the GDPR. For some organisations the changes will be significant and far reaching.

I have Cyber Essentials, Cyber Essentials Plus, or ISO27001 Certification, so I’ll be alright, won’t I?

No. These certifications don’t automatically demonstrate that you comply with the GDPR.

What’s the risk to my organisation if I’m not compliant?

New penalties have been introduced for organisations that don’t comply with the new legislation. An organisation can now be fined up to the higher of £17m or 4% of its annual global turnover.

How can ITogether help?

We offer a service that’s specifically designed to help organisations comply with the GDPR. We’ll work with you to assess your organisation’s compliance with the GDPR. We’ll focus on what data you have access to, where it is (in terms of its geographic and physical location and the application that uses it), and review your existing data processing arrangements so you know who’s using it, why, and that you have consent to process it. We’ll then provide you with a list of actions and recommendations based on your organisation’s current state of readiness for the GDPR which you can implement with or without our help. Finally, when you’ve had time to implement the actions and recommendations we’ll come back and audit you to check your data processing arrangements are fit for the GDPR.

For more information please contact our sales team on 0113 341 0123 or email sales@itogether.co.uk and someone will get back to you as soon as possible.

Posted in News and Updates, Opinion | Leave a comment

DNS Amplification DDOS Attack

A Domain Name Server (DNS) amplification attack is a distributed denial of service (DDoS) that uses publically accessible open DNS servers to overwhelm a victim system with DNS response traffic.

The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address. When the DNS server sends the DNS record response, it is sent instead to the target. This creates a denial of service to the target.

Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect. In most attacks of this type the spoofed queries sent by the attacker are of the type, “ANY,” which returns all known information about a DNS zone in a single request.

The size of the response is considerably larger than the request, the attacker is therefore able to increase the amount of traffic directed at the victim. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort and very little of their own bandwidth. Additionally, because the responses are legitimate data coming from valid (allbeit open to query) DNS servers, it is extremely difficult to prevent these types of attacks. While the attacks are difficult to stop, network operators can apply several possible mitigation strategies.

While the most common form of this attack involves DNS servers configured to allow unrestricted recursive resolution for any client on the Internet, attacks can also involve authoritative name servers that do not provide recursive resolution. The attack method is similar to open recursive resolvers, but is more difficult to mitigate since even a server configured with best practices can still be used in an attack. In the case of authoritative servers, mitigation should focus on using Response Rate Limiting to restrict the amount of traffic.

In a typical recursive DNS query, a client sends a query request to a local DNS server requesting the resolution of a name or the reverse resolution of an IP address. The DNS server performs the necessary queries on behalf of the client and returns a response packet with the requested information or an error.  The DNS specification does not allow for unsolicited responses. In a DNS amplification attack, the main indicator is a query response without a matching request.

Due to the massive traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack.

Because the DNS queries being sent by the attacker-controlled clients must have a source address spoofed to appear as the victim’s system, the first step to reducing the effectiveness of DNS amplification is for Internet Service Providers to reject any DNS traffic with spoofed addresses. The Network Working Group of the Internet Engineering Task Force released Best Current Practice 38 document in May 2000 and Best Current Practice 84 in March 2004 that describes how an Internet Service Provider can filter network traffic on their network to reject packets with source addresses not reachable via the actual packet’s path. The changes recommended in this document would cause a routing device to evaluate whether it is possible to reach the source address of the packet via the interface that transmitted the packet. If it is not possible, then the packet obviously has a spoofed source address. This configuration change would substantially reduce the potential for most popular types of DDoS attacks. As such, we highly recommend to all network operators to perform network ingress filtering if possible.

In some cases the above may not be possible or practical. The only other option is to ‘throw’ more bandwidth at the problem, which is a ‘finger in the dam’ approach. The only way to overcome this effectively is to use a cloud based DDOS service such as Akamai Prolexic. However unless the victim is BGP connected this won’t be possible as Prolexic uses BGP to protect a BGP connected network. For example if the customer only has a small IP range (/30 or /28) they can’t be BGP connected to Prolexic. This would necessitate them having an ‘upstream’ clean pipe service, but even then the ISP or carrier would be also flooded by DDOS attack and would then need protecting themselves. The problem shifts up the food-chain.

At the point the query makes it to your (now spoofed) server it’s already too late. Your server will waste its resources trying to do something with the packets and the requests. Even if you have something like iptables or a stateful firewall drop all connections it’s still going to use up all of the bandwidth on the server inbound. Redirecting all traffic someplace else eats up your outbound bandwidth and propagates the network failure between your server and the now new target.

It’s a network infrastructure issue. Not a server issue (unless it’s an open recursive resolver). The traffic needs to be handled (killed) further up the pipe. Other mitigation techniques for resolvers include enforcing a minimum TTL (which also helps against poisoning) and a reasonable maximum payload size for responses sent using UDP. Google DNS are using a 512 bytes limit for this reason. Theoretically it’s important to use some combination of response-rate limiting or upstream measures. Technically you could use egress-filtering on edge routers to block outgoing packets that originated on a different link/interface than the route to the spoofed destination, but on simple networks (ie with a single Internet link) that’s not feasible.

The problem is that you need to drop the traffic before it reaches your network. So even when dropping packets at your server is way too late. The best way to reduce risk is to use packet scrubbing services like Akamai who have DDoS mitigation techniques in place to prevent this traffic from reaching your network.

There are two criteria for a good amplification attack vector: 1) query can be set with a spoofed source address (e.g., via a protocol like ICMP or UDP that does not require a handshake); and 2) the response to the query is significantly larger than the query itself. DNS is a core, ubiquitous Internet platform that meets these criteria and therefore has become the largest source of amplification attacks.

DNS queries are typically transmitted over UDP, meaning that, like ICMP queries used in a SMURF attack, they are fire and forget. As a result, their source attribute can be spoofed and the receiver has no way of determining its veracity before responding. DNS also is capable of generating a much larger response than query.

 

Posted in Network Security, Opinion | Leave a comment

Anatomy of an IoT Attack

This is a very neat 3Min film showing you why, who and how to carry out an IoT attack. Cisco made it, but cleverly they don’t product name drop or even drop their brand name until the very end. Neat.

 

Posted in Network Security, Opinion, Video | Leave a comment

ITogether Check Point Blade Training Course Sign Up Form 2017

Please complete this little form to register yourself for any of the ITogether and Check Point Official Blade Training Courses in 2017. Please select the course you would like to attend.

If you have any questions you can call us on 0113 341 0123

Your First Name and Surname *

Your Email Address *

Phone Number in case we need to call you

Company Name and Postal Address in
case we need to write to you *

Do you maybe have any facilities
requirements or diet requirements ?

captcha

Posted in Network Security, News and Updates | Leave a comment

New 2017 Outpost24 advert on Youtube

Whilst browsing some Symantec information on YouTube around the subject of CASB (Cloud Access Security Brokers) I was played the new Outpost24 advert.

I like it because it’s simple and to the point. Have a look here.

 

Posted in Network Security, News and Updates, Opinion | Leave a comment

ITogether the first UK partner to offer monthly free Check Point Blade Courses

ITogether, the fastest growing UK Check Point Three Star partner yet again are providing additional value to the Check Point user base in the UK.

On 18th and 19th October 2017 ITogether are offering ANY Check Point or ‘would like to be Check Point’ customer free Check Point Blade Training.

There is no cost for the course and lunch and free parking is included on both days. Delegates are asked to bring their own laptop (the labs are virtual cloud hosted) and ipad or similar tablet to view the course notes and make it easier when working on the labs on your laptop. The course notes are secured using Check Point Capsule which will need to be installed on the tablet before the course commences.

The course provides a unique insight into the use of the Check Point blades and newer essential features. It is ideal for any customer that has bought already or are considering a purchase of any new blades or are looking to add blades to their deployment.

This training goes beyond that offered on the CCSA and CCSE courses, which focus on ‘features and architecture’ of the product and the accreditation, by showcasing the blade features in full and using real-world scenarios to look at how they might be deployed and how to get the best out of them.

This is a deep-dive of blade functionality that can’t be found elsewhere and covers NGTP and NGTX on predominantly R77.30 but also will cover an intro to R80 blades.

This course is perfect for anyone who is worried about deploying blades in a production environment and wants to see them working in the lab first. A team of Check Point technical specialists will be on hand to answer questions around deployment methods and sizing requirements.

The course is available to any customer who meets the pre-requisites. Customers are entitled to send as many employees as they wish through all of the courses, however customers are asked to send a maximum of two delegates per course date.

Training courses are run from the ITogether offices in Leeds, West Yorkshire by official Check Point Trainers and only using official Check Point courseware and labs.

Contact ITogether via the form on the website for more information.

Further courses will follow in November and December so far are 14th and 15th November 2017, and 12th and 13th December 2017. You can sign up for the course here.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com), is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organisations of all sizes.

Posted in Network Security, News and Updates, Opinion | Leave a comment

ITogether first UK Check Point partner to launch managed services powered by Check Point MDSM (Multi Domain Site Management)

Following on from our announcement in 2015 that ITogether were the first partner in the UK to offer ‘leasing options for Check Point hardware and software’ ITogether are today announcing another first to market. After significant investment in infrastructure and software and training and whilst working closely with Check Point ITogether are now able to offer Check Point managed cyber security services powered by Check Point MDSM.

MDSM gives ITogether and their customers significant advantage when it comes to management of Check Point firewall products. Centralised management and reporting and simple change management.

Intially offered as a complimentary service to existing ITogether Check Point customers this is now being rolled out and marketed to other existing and new Check Point customers.

The cost of the service is only a marginal increase in existing support contracts and for new customers special offers are available when combined with a traditional support contract with ITogether (not necessarily multi-year contract)

ITogether are also offering a unique offer of ‘zero cost’ Check Point support services for net new customers. Essentially a long term ‘try before you buy’ of upto 6 months with no cost and no risk.

Contact ITogether via the form on our website for pricing or more information

Posted in Managed Service, Network Security, News and Updates | Leave a comment