DNS layer security

Posted on Leave a comment

DNS layer security

Your first line of defence against malware.

For just £3 per device per month you can protect your business from malware and cryptlockers.


What is DNS?

DNS (domain name system) is a protocol that performs address translation.

Every website has a unique address called an IP address and it is the job of a domain name server to translate the website address you type into your website browser e.g. www.bbc.co.uk into an IP address.

When you type a web address (FQDN (fully qualified domain name)) into your browser a request goes off to a DNS server which translates the FQDN into the required IP address and directs your browser to the correct site.

The DNS you use will most of the time be determined by your internet service provider.

How can DNS layer security help?

OpenDNS by Cisco is a service that combines standard DNS with intelligent security. Their network actively monitors and learns from internet activity patterns to identify and block malicious infrastructure used to launch attacks.

What this means is that if you inadvertently try to visit a website with malicious content, or a piece of malware already on your computer tries to make contact with its command and control server the request will be blocked and the malicious code will be unable to communicate with your computer.

What’s wrong with just using an anti-virus?

Anti-viruses are usually signature based which means they are only as good as the threat database they are referencing. It is also very easy to disguise viruses so that they escape the attentions of a virus scanner.

Unlike antivirus’s which only deals with threats once they arrive on your computer, DNS security aims to block the threats before they reach your network.

How do I get DNS layer security?

If you are a home user, you are eligible for the OpenDNS free service. https://www.opendns.com/home-internet-security/

If you are business, please get in touch with Convergence. We are Cisco partners and are able to provide business DNS security for £3 per device per month. Setup is straight forward and usually requires no additional equipment. We are also able to provide protection for mobile devices when they leave your office network.

Protecting your children when they use the Internet

Posted on Tags , , Leave a comment

The Internet is a wonderful resource, a source of education and entertainment for everyone.
However, there is also a lot of content which may not be suitable for a young mind and as a parent it is you responsibility to minimise your children’s exposure to this material.

Up until recently there has been very little guidance for parents when it comes to monitoring a child’s activity on the web.

However, with government intervention and internet service providers taking a more proactive role in not only educating parents but also in providing them the tools to secure home connections there is really no excuse now.

The simplest precaution is to keep internet accessible devices out in the open, in rooms where you can monitor what is being viewed. For particularly young children it may be beneficial to make surfing the web a shared activity between parent and child. This way you can monitor their usage and turn what is usually an isolated activity into a more sociable one.

As children get older it is increasingly difficult to control their web access habits, and this is when parental controls setup on the router can go some way to limiting the material that is viewable. Both BT and Virgin provide parental controls and you can find an explanation of how these function by following the links below:

http://bt.custhelp.com/app/answers/detail/a_id/46768#settingup
http://parentalcontrols-on.org/Virgin-Media

If your child has a mobile device that uses 3G/4G then you will need to contact your provider to ensure parental control are enabled on the account.

If your Internet Service Provider does not provide filtering you can use a free service by OpenDNS. This service facility will protect every device in your home, instantly. OpenDNS settings apply to every device — laptops, smartphones, tablets, DVRs, game consoles, TVs, literally anything that connects to the internet.

OpenDNS: https://www.opendns.com/home-internet-security/

While these services protect against inappropriate content, the other aspect to staying safe online is education on how to behave. This includes the basics such as:

• Not letting anyone know your password.
• Not giving out personal information online such as phone numbers, email addresses, home address or name of your school.
• Taking care when opening files, pictures of texts from someone you don’t know or trust.

Interacting with people on the internet, whether it be by email, chat room, social media, or even using in-game communication can also present risk. Make sure your children understand that:

• Unless you have permission from a parent, don’t arrange to meet up with someone you have been talking to online.
• You can never be 100% sure that people are being truthful on the internet.
• You must treat people on the internet as you would do in person. Being hurtful or rude is not OK.
• If you are in any doubt or something is making you uncomfortable, that you should tell a parent, carer or teacher.

In the past, keeping your child from viewing inappropriate material was simply ensuring they did not watch the TV after 9pm… now things are more complicated. Fortunately, while the internet creates some problems it also provides you with the tools and knowledge to overcome them!

Security concerns of BYOD

Posted on Leave a comment

BYOD (Bring your own device) is an increasingly popular trend within businesses.

Mobile devices come in all shapes and sizes, from smartphones and tablets to laptops and even smart watches.

But while BYOD is can be advantageous in many scenarios, it can also open your organisation up to serious security concerns.

Security concerns of BYOD

Software updates

Are your employees keeping their devices up to date with the latest operating system and third party program security updates? While it’s true that devices are getting very good and keeping themselves up to date, it is still important to have a policy in place to monitor updates and ensure there have been no errors that may have prevented updates from being applied.

Business vs Personal

Employees using their device for personal use may encounter websites or files that could cause damage and data loss. They may also allow family members or friends to use the device without their supervision.

When the device is brought back into the office environment and connected to the business network, malicious programs have the opportunity to spread to other computers on the network.

Data backup Policy

When using personal devices an employee may become complacent in where they store their work files. Instead of putting documents on a network share or a cloud storage solution they may opt to place files directly on their computers hard drive. Not only does this mean files may not be backed up, it also presents possible data security issues.

Physical Security

Devices taken outside of the work place are more susceptible to theft. The result of this could be lost working hours while a replacement device is purchased or more seriously the loss of company data which has the potential to incur legal or financial penalties.

End of life

Once a device has reach the end of its life, are you ensuring that any data has been securely removed from the device before it is disposed of? It is not enough to simply format the machine. The only sure way of disposing of data is to physically damage the disk.

 

While it is possible to mitigate the risks that BYOD brings through the use of hardware solutions, the most cost effect option is to educate your staff members. Providing your employees with the skills and knowledge to operate their devices safely can save you time, money and potentially your businesses reputation.

Creating a secure password, and one that you will remember!

Posted on Tags , Leave a comment

Creating a secure password, and one that you will remember!

We all know how annoying it is to try and come up with a password that is not only secure but that is memorable. It also seems like almost every week another company has been hacked and passwords stolen.

In the continuing battle to create unique passwords, I’m sure many of us end up with variations on a theme. If the ones below look familiar… read on!

  • Football clubs
  • Family names
  • Pet names
  • Date of Birth

A recent attack on Adobe has revealed how insecure many people’s passwords are. The list below highlights the most common passwords found in the Adobe breach.

  • 123456
  • 123456789
  • password
  • admin
  • 12345678
  • qwerty
  • 1234567
  • 111111
  • photoshop
  • 123123
  • 1234567890
  • 000000
  • abc123
  • 1234
  • adobe1
  • macromedia
  • azerty
  • iloveyou
  • aaaaaa
  • 654321

Perhaps even some of those look familiar!

So what goes into creating a strong password?

  1. Ideally you should look to have a minimum of 8 characters. The reason for this is that length is the only factor that will exponentially increase the time it takes for a password to be cracked.For example, the password “!24Thp*” may look secure but in fact “applerunningseatablebasket” is a more secure choice.
  2. Include uppercase letters, numbers and symbols.
  3. Exclude any personal information, for example dates of birth, favourite football teams, and spouse’s names.
  4. Don’t write your passwords down! Instead, make an abstract note that will jog your memory but give nothing else away.
  5. Create a new password for every account you own.
  6. Don’t reuse passwords. Once you know a password has been broken, or you have been notified by a company that there is the possibility of your password having been compromised, abandon it. It’s highly likely that broken passwords end up being added to a list for future dictionary attacks.

So, with all that in mind, how can I come up with a safe password?

A security expert named Bruce Schneier created a method in 2008 that he still recommends today.

‘Combine a personally memorable sentence with some personally memorable tricks to modify that sentence into a password to create a lengthy password.’

For example:

Wtdo3sacamerat@ke?Ptrs! – What does a camera take? Pictures!

Grt!Iluvthew33kEND –  Great! I love the weekend!

Spam and Malware Network Offline

Posted on Leave a comment

A botnet called Necurs which is believed to be made up of around six million infected Windows machines has gone quiet according to internet security firms.

Necurs has been used to send junk mail and malware from various cyber-thieves but in recent months has appeared to slow down.

The first signs of this was the reduction of infected emails spreading the banking Trojan named Dridex and the ransomware program named Locky.

Experts believe that some of Necurs administration systems have disappeared and that is maybe looking for a new command and control system to feed it instructions.

What is a rootkit?

Posted on Tags , , 1 Comment

A rootkit is a type of malware that enables remote control of a user’s computer without their knowledge.

Once a computer has been infected it becomes part of a botnet, the goal of which is to create a network of infected computers that can be used by cyber-thieves to do their bidding.

What is a botnet?

Posted on Tags , 2 Comments

A botnet is made up of computers that have been compromised by a malicious program known as a rootkit. These computers are then used to perform tasks without the owner’s consent. The most popular uses of a botnet are sending large volumes of spam email and launching denial of service attacks.

Malware Removal

Posted on Tags , , , , Leave a comment

Malware Removal

What is Malware?

Malware is a blanket term used to describe any computer program that is created with the intention of harming a computer, the data stored on it, or intercepting information and sending it on to cyber thieves.

Unfortunately, malware is very much a part of modern life when using a computer.

It is easy to be caught out by an infected installer or by whizzing through the install process of a piece of software and inadvertently agreeing to an unwanted program.

So what are the options for malware removal?

The tools we use for malware removal are:

There are three programs that we turn to when it comes to removing Malware from computers.

These tools are either free, free for home users or free for 30days.

 

Malwarebytes_logoMalware Bytes

Free Anti-Malware & Internet Security Software

Visit the website: https://www.malwarebytes.org/

 

 

HitmanProHitman Pro

Designed to discover viruses, trojans, rootkits, spyware and other malware on up-to-date and fully protected computers.

Website: https://www.surfright.nl/en/hitmanpro

 

spybot_logo_largeSpybot Search and Destroy

Free Malware Removal Tool removes Malware, Spyware, Rootkits, Adware

Website: https://www.safer-networking.org/

 

 

 

So far, using a combination of these three, we have not encountered any malware that could not be removed.

We recommend installing the above programs, running them all, restarting your machine and then running them again.

Securely deleting data

Posted on Tags Leave a comment

Hard Drive and Eraser

When you delete a file from your computer it may appear to be gone but in reality the information remains on the hard drive.

All that has been removed is the link to the file and until new data is written to the same position on the drive, the file can still be retrieved.

This is no problem during the day to day operation of your computer but if you ever sell your computer or gift it to someone you should take precautions to ensure your data is securely removed.

To do so you simply have to ensure the hard drive is overwritten with multiple passes of data.

The tool that we use in house to do this is called DBAN.

DBAN is free erasure software designed for the personal user. It automatically deletes the contents of any hard disk that it can detect. This method prevents identity theft before recycling a computer. DBAN is also a commonly used solution to remove viruses and spyware from Microsoft Windows installations.https://www.dban.org/

If you want to be more proactive with your data security on a daily basis and securely delete files as and when you are finished with them, you can look to the open source program called Eraser.

This free to use program adds an option to your right click menu that allows the secure removal of files by overwriting the data.

Eraser Menu

Disposing of a hard drive

If you no longer require your hard drive you can employ the services of a hard drive recycling company that will securely destroy the drive.

Alternatively, you could take matters into your own hands and break out a hammer! Of course, we don’t endorse or recommend doing so!

Spotting fake emails

Posted on Tags , , , Leave a comment

Spam emails are a fact of modern day life. Here I will go through an email that I recently received that claims to be from Santander.

As expected, the email is written in such a way as to cause panic and fear. The goal is to get you to act immediately before their website is shut down and the opportunity to get your banking login details is lost.

fake-email

The more you examine the email, the more obvious it becomes that it is fake. The spammer is hoping that you will simply skim read the message and click the link in that email where the next stage of their con can continue.

At first glance the email address looks legitimate and the web address shown is indeed for Santander.

fake-email-inbox-preview

However, not all is as it seems. Let’s read the email and see what it says.

It’s safe to open an email to read, just don’t open any attachments or click any links within the email until you’re sure it’s legitimate.

Starting at the top…

fake-email-header

The first thing that raises suspicions is the grammatical mistake in the subject: ‘3 Times Login Attempts’. It’s highly unlikely that a banking giant would make such an error.

Next is the header image. It’s clearly not in the correct proportions, and if you look carefully you can see there is a mismatch of colour between the red in the logo and the red strip of colour running behind it. A big name brand would never allow their logo to be displayed in such a way.

Moving on to the text below:

fake-email-notification

Why is there an accent above the ‘e’? There is also a grammatical error in the form of an erroneous comma and a lack of full stop at the end of the paragraph.

The lower section of the email again features an improperly proportioned image, spelling mistakes and grammatical errors.

fake-email-bottom

So, after all that we’re pretty sure that is message is fake. There is one final check that will put this to bed, and that is to check the headers of the email.

What are headers?

Header lines that identify particular routing information of the message, including the sender, recipient, date and subject. Some headers are mandatory, such as the FROM, TO and DATE headers. Others are optional, but very commonly used, such as SUBJECT and CC. http://whatismyipaddress.com/email-header

The process of checking a header varies in email clients, but in the case of Microsoft Outlook you need to open the email in question and then click the arrow to the right of reply and select ‘View message source’.

A box will pop up with lots of text to scroll through. Here we looking for an email address that is different to that of the one we saw earlier. In the following image I have highlighted the email address in question.

 

fake-email-address

The email address is not legitimate.

Checking the links

If by now your still not sure you can also check the links within the email. If a spam email does not have an attachment then it is likely they are wanting to direct you to a website where they can extract your personal information. By putting your cursor over a link, in this case the ‘Confirm’ link. we can see where we are being taken by looking in the bottom left of the browser window.

dodgy-link

This is obviously not a Santander address.

For the sake of research, lets visit the site (please don’t do this yourself) and see what we find…

Immediately we are redirected to a clone of the Santander login screen which appears almost identical to the original.

fake-real

But look at the address bar.

subtle-spelling

A subtle addition of an ‘i’ to the spelling of Santander. This is not the real website. Cheeky monkeys even have an SSL certificate!

 

So, after all of this we can agree that this is a fraudulent email. They did make it easy for us this time but be aware that some emails are much more polished. I hope that with the above information you will now be able to analyse emails and pick out the frauds.


Copyright © 2018 Convergence. All rights reserved.
^