ITogether Promoted to UK Akamai Silver NetAlliance Partner

We are pleased to announce that ITogether have been promoted to a Silver NetAlliance Partner by Akamai in recognition of sales and marketing success in the previous twelve months.

Posted in News and Updates | Leave a comment

SecOps – Why you need ITogether Vulnerability Early Warning Powered by Flexera

It is quite common that policies are not aligned with business needs, that processes are not integrated and that technologies are not implemented to their full capabilities. The result of the misalignment is that, despite security investments, we continue to see organisations being breached and suffering significant losses as a consequence of the exploitation of known software vulnerabilities. This can happen months or even years after the vulnerabilty is published.

ITogether has a a SecOp solution to address this challenge head-on.  Protecting companies and their networks around the world.

Vulnerabilities are flagged within hours (closing the critical time window between vulnerability exposure and patch) and more importantly prioritising those vulnerabilities and providing a dashboard of those vulnerabilities in one place for the customer or MSP to quickly react to.

At ITogether we run large scale managed services for our customers around the clock and around the world. We have a duty of care to provide upto the minute information about risk posture. Using our partnership with Flexera we have designed a service that does this for ourselves and also our Enterprise customers. It does the heavy lifting, so we and our customers don’t have to waste resources and time doing it.

We looked at the market, including Trustar, Surf Watch Labs, Looking Glass Cyber, Cygliant and all on paper looked suitable. In the end the one that ‘just works out of the box within minutes’ is Flexera Software Vulnerability Manager.

ITogether provides Flexera SVM (Software Vulnerability Management) as an additional service to all customers. A secure portal is provided for customers to login to and set their ‘vendors and products’ of interest to monitor. Two factor authentication is used to gain access to the portal. Alerts come in the form of email and SMS text. ITogether provide private SMS txt messages to all customers now for alerting purposes as well as email alerting. If you would like to know the costs for Flexera it is very much a ‘must have’ service and costs are incredibly reasonable. The cost is an annual subscription and based on the number of administrators that want to receive alerts. Flexera Software Vulnerability Management provides details on over 10,400 vendors and over 46,500 products going back historically to 2002.

 

Posted in Managed Service, News and Updates, Video | Leave a comment

Cybersecurity Predictions for 2018

It’s that time of year again. A time to make some vague or very specific estimate/guesstimate of the things likely to disrupt us in a negative way in 2018.

If you want to know what cyber threats we will face in the next year, look no further.

Well not quite…information security predictions should ideally help guide decisions about where to invest resources, but instead they are often ‘over dramatised’ to attract attention and clickrate.

For example drone hacking in 2016, like 2017 was and 2018 will be…a theoretical issue.

It is safe to say these issues will be on the 2018 list… the top threat trends for 2018 are: a continued increase in ransomware, more attacks on Bitcoin users and companies, more exploitation of the internet of things (IoT), new nation state attacks, General Data Protection Regulation which is set to be implemented in the EU next year, more use of machine learning, and lots suggesting company budgets for infosec need to increase !

We may well see a return to securing applications instead of building complex, expensive and defence strategies for APT (advanced persistent threat) attacks  – suggesting developers will be focusing on common threats for their specific products, rather than trying to guard against highly sophisticated attackers such as a state sponsored hacking group.

Infosec hasn’t changed a huge amount in the past 20 years since I’ve been active in it. At a macro level, we still hear about data loss, weak passwords, and failure in service availability combined with vulnerabilities that weren’t patched or missed for months at a time.

Posted in Networks, News and Updates | Leave a comment

What is blockchain ?

This is a series of articles we are writing about digitial currencies. In the first of the series, we ask the question , “What is blockchain ?”

A blockchain facilitates a secure online connection commonly associated with Bitcoin and is managed by a peer to peer network.

Blockchain is a decentralised and distributed ledger that keeps a record of transactions across many computer systems to guard against records been altered without all the subsequent blocks having been altered and allows users to verify and audit transactions inexpensively.

Blockchain is authenticated by multiple users working together and this results in a robust system where user’s uncertainty regarding data security is marginal.

The blockchain confirms each unit of value is only transferred once which solves a long-standing issue of double spending as block chains use what is called a “Value-exchange protocol” these transactions can be completed more quickly, safely and cheaper than traditional systems.

The blockchain database consists of two records transactions and blocks, blocks hold branches of valid transactions that are hashed and encoded into a “Merkle Tree”, Each block has a hash of the previous block in the chain linking the two. The linked blocks for a chain which confirmed the integrity of the previous block, some blockchains create blocks as frequently as 5 seconds.

Sometimes separate blocks can be created these are called (Orphan blocks) which causes a temporary fork, a block chain holds a secure hash based history and algorithm for scoring different versions so it will always use the highest version & blocks not included (Orphans), When a higher version is received the database is over written and republished to their peer. Block chain is built with the best version always changing; adding the score of new blocks onto older blocks as there are incentives to extending new blocks onto old blocks.

Major applications of blockchain include cryptocurrencies, such as bitcoin, and blockchain platforms such as Factom as a distributed registry, Gems for decentralized messaging, Storj and Sia for distributed cloud storage, and Tezos for decentralised voting.

Posted in News and Updates, Opinion | Leave a comment

Kaspersky – Am I at risk ?

Kaspersky has been in the news this week and last week. In early September 2017, the USA Department of Homeland Security ordered all federal executive branch agencies to stop using Kaspersky products, giving agencies 90 days to remove the software. Paranoia has been mentioned. Should customers be ‘ripping’ out Kaspersky ?

This has had a ripple effect around the rest of the world as organisations want to distance themselves from Kaspersky ‘just in case’.

Here are a couple of links to statements about it.

Most vendors have a ‘plan’ or ‘workaround’ to avoid Kaspersky integration. If you are concerned about your product and whether it is affected, please contact sales@itogether.co.uk or call 0113 341 0123

Check Point – General Statement

Check Point – How to remove from Endpoint

Check Point – Gateway Products

 

 

Posted in Network Security, Networks, News and Updates | Leave a comment

ITogether Helping You Prepare for GDPR

Preparing for GDPR

On 25th May 2018 the General Data Protection Regulation (more commonly known as the GDPR) will come into force in the EU. Organisations need to prepare themselves for the introduction of this new legislation to ensure that they continue to process personal data lawfully. We understand that our customers might need some more information to be able to make decisions about what they need to do, so we’ve prepared this Q&A to answer some of the more frequent questions that we’re asked.

Does GDPR apply to my organisation?

Almost definitely. It applies to all organisations that process personal data. For example, if you store customer contact information (maybe in a CRM, or your phone or email) or you store data about your employees (HR and/or payroll). Broadly speaking if the data protection act (DPA) applies to your organisation then GDPR will.

What about Brexit, doesn’t this mean it won’t apply to the UK?

No. The UK government has committed to including the GDPR into UK law so it will apply even after Brexit. Also, if UK data protection legislation starts to diverge from the EU’s post Brexit, the full GDPR will still apply to your organisation if you store the personal data of EU citizens.

What’s new in GDPR compared with the DPA?

In essence the GDPR is an evolution and extension of the DPA, that is, it’s updating the existing legislation adding new principles and rights for data subjects. Some of the new changes are: a new accountability principle for organisations: new rights for data subjects including the right to be forgotten: the definition of personal data has been widened: it’ll be mandatory for some organisations to have a Data Protection Officer: mandatory data breach reporting has been introduced.

What do I need to do?

That depends on many factors including, the size of your organisation, the type of personal data you process (i.e. do you process any sensitive personal data), whether you do any high-risk processing, and whether you process children’s data.

All organisations subject to GDPR need to review their existing data processing arrangements as elements of the new legislation apply to all organisations. For example, there’s a new principle of accountability that means all organisations need to be able to explain how they comply with the principles of the GDPR. For some organisations the changes will be significant and far reaching.

I have Cyber Essentials, Cyber Essentials Plus, or ISO27001 Certification, so I’ll be alright, won’t I?

No. These certifications don’t automatically demonstrate that you comply with the GDPR.

What’s the risk to my organisation if I’m not compliant?

New penalties have been introduced for organisations that don’t comply with the new legislation. An organisation can now be fined up to the higher of £17m or 4% of its annual global turnover.

How can ITogether help?

We offer a service that’s specifically designed to help organisations comply with the GDPR. We’ll work with you to assess your organisation’s compliance with the GDPR. We’ll focus on what data you have access to, where it is (in terms of its geographic and physical location and the application that uses it), and review your existing data processing arrangements so you know who’s using it, why, and that you have consent to process it. We’ll then provide you with a list of actions and recommendations based on your organisation’s current state of readiness for the GDPR which you can implement with or without our help. Finally, when you’ve had time to implement the actions and recommendations we’ll come back and audit you to check your data processing arrangements are fit for the GDPR.

For more information please contact our sales team on 0113 341 0123 or email sales@itogether.co.uk and someone will get back to you as soon as possible.

Posted in News and Updates, Opinion | Leave a comment

DNS Amplification DDOS Attack

A Domain Name Server (DNS) amplification attack is a distributed denial of service (DDoS) that uses publically accessible open DNS servers to overwhelm a victim system with DNS response traffic.

The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address. When the DNS server sends the DNS record response, it is sent instead to the target. This creates a denial of service to the target.

Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect. In most attacks of this type the spoofed queries sent by the attacker are of the type, “ANY,” which returns all known information about a DNS zone in a single request.

The size of the response is considerably larger than the request, the attacker is therefore able to increase the amount of traffic directed at the victim. By leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort and very little of their own bandwidth. Additionally, because the responses are legitimate data coming from valid (allbeit open to query) DNS servers, it is extremely difficult to prevent these types of attacks. While the attacks are difficult to stop, network operators can apply several possible mitigation strategies.

While the most common form of this attack involves DNS servers configured to allow unrestricted recursive resolution for any client on the Internet, attacks can also involve authoritative name servers that do not provide recursive resolution. The attack method is similar to open recursive resolvers, but is more difficult to mitigate since even a server configured with best practices can still be used in an attack. In the case of authoritative servers, mitigation should focus on using Response Rate Limiting to restrict the amount of traffic.

In a typical recursive DNS query, a client sends a query request to a local DNS server requesting the resolution of a name or the reverse resolution of an IP address. The DNS server performs the necessary queries on behalf of the client and returns a response packet with the requested information or an error.  The DNS specification does not allow for unsolicited responses. In a DNS amplification attack, the main indicator is a query response without a matching request.

Due to the massive traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack.

Because the DNS queries being sent by the attacker-controlled clients must have a source address spoofed to appear as the victim’s system, the first step to reducing the effectiveness of DNS amplification is for Internet Service Providers to reject any DNS traffic with spoofed addresses. The Network Working Group of the Internet Engineering Task Force released Best Current Practice 38 document in May 2000 and Best Current Practice 84 in March 2004 that describes how an Internet Service Provider can filter network traffic on their network to reject packets with source addresses not reachable via the actual packet’s path. The changes recommended in this document would cause a routing device to evaluate whether it is possible to reach the source address of the packet via the interface that transmitted the packet. If it is not possible, then the packet obviously has a spoofed source address. This configuration change would substantially reduce the potential for most popular types of DDoS attacks. As such, we highly recommend to all network operators to perform network ingress filtering if possible.

In some cases the above may not be possible or practical. The only other option is to ‘throw’ more bandwidth at the problem, which is a ‘finger in the dam’ approach. The only way to overcome this effectively is to use a cloud based DDOS service such as Akamai Prolexic. However unless the victim is BGP connected this won’t be possible as Prolexic uses BGP to protect a BGP connected network. For example if the customer only has a small IP range (/30 or /28) they can’t be BGP connected to Prolexic. This would necessitate them having an ‘upstream’ clean pipe service, but even then the ISP or carrier would be also flooded by DDOS attack and would then need protecting themselves. The problem shifts up the food-chain.

At the point the query makes it to your (now spoofed) server it’s already too late. Your server will waste its resources trying to do something with the packets and the requests. Even if you have something like iptables or a stateful firewall drop all connections it’s still going to use up all of the bandwidth on the server inbound. Redirecting all traffic someplace else eats up your outbound bandwidth and propagates the network failure between your server and the now new target.

It’s a network infrastructure issue. Not a server issue (unless it’s an open recursive resolver). The traffic needs to be handled (killed) further up the pipe. Other mitigation techniques for resolvers include enforcing a minimum TTL (which also helps against poisoning) and a reasonable maximum payload size for responses sent using UDP. Google DNS are using a 512 bytes limit for this reason. Theoretically it’s important to use some combination of response-rate limiting or upstream measures. Technically you could use egress-filtering on edge routers to block outgoing packets that originated on a different link/interface than the route to the spoofed destination, but on simple networks (ie with a single Internet link) that’s not feasible.

The problem is that you need to drop the traffic before it reaches your network. So even when dropping packets at your server is way too late. The best way to reduce risk is to use packet scrubbing services like Akamai who have DDoS mitigation techniques in place to prevent this traffic from reaching your network.

There are two criteria for a good amplification attack vector: 1) query can be set with a spoofed source address (e.g., via a protocol like ICMP or UDP that does not require a handshake); and 2) the response to the query is significantly larger than the query itself. DNS is a core, ubiquitous Internet platform that meets these criteria and therefore has become the largest source of amplification attacks.

DNS queries are typically transmitted over UDP, meaning that, like ICMP queries used in a SMURF attack, they are fire and forget. As a result, their source attribute can be spoofed and the receiver has no way of determining its veracity before responding. DNS also is capable of generating a much larger response than query.

 

Posted in Network Security, Opinion | Leave a comment

Anatomy of an IoT Attack

This is a very neat 3Min film showing you why, who and how to carry out an IoT attack. Cisco made it, but cleverly they don’t product name drop or even drop their brand name until the very end. Neat.

 

Posted in Network Security, Opinion, Video | Leave a comment

ITogether Check Point Blade Training Course Sign Up Form 2017

Please complete this little form to register yourself for any of the ITogether and Check Point Official Blade Training Courses in 2017. Please select the course you would like to attend.

If you have any questions you can call us on 0113 341 0123

Your First Name and Surname *

Your Email Address *

Phone Number in case we need to call you

Company Name and Postal Address in
case we need to write to you *

Do you maybe have any facilities
requirements or diet requirements ?

captcha

Posted in Network Security, News and Updates | Leave a comment

New 2017 Outpost24 advert on Youtube

Whilst browsing some Symantec information on YouTube around the subject of CASB (Cloud Access Security Brokers) I was played the new Outpost24 advert.

I like it because it’s simple and to the point. Have a look here.

 

Posted in Network Security, News and Updates, Opinion | Leave a comment