The Hackers You Can’t Guard Against

In the beginning, the act of hacking was just a test of skill, a show of playful wit on the part joker_card_by_bloodleachof the attacker that managed to bypass your security simply because it was. It represented a challenge, a mountain to climb and that was all the motivation they needed. They broke in to your programming code and did nothing more than to leave a calling card saying “Wizard X was here. Deal with it.”

This however changed with time, and what was once motivated by romantic dreams of anarchy became a business. There was money to be made here.

And while today’s majority of cyber-attacks are “pillage and plunder” runs, some of the old romantic dreams of computer hacking still exist, along with some of its integrity and honor. Small in numbers, true, but talented and motivated by something that -unlike money- is immortal: ideals. These are the attackers that today’s digital security specialists are having the hardest time dealing with. Without a point to focus on and have their defense revolve around, security efforts are more of frantic, they’re disorganized and in the end, inefficient. The rules of conflict, the arms race, are what keep the two sides balanced: attackers and defenders. Continue reading

Stuxnet, The First Cyberwar and an USB-Made Trojan Horse

The main fortes of the USB mass storage devices, data transfer speed and storage stuxnet - ghost in the shellcapabilities, can also act as a double edge sword. We’ve looked at these design features and seen that they can easily be used against the user as a security vulnerability. Theory aside, real life events come to act as solid proof to the risks posed by USB drives.

One of the largest cyber-attack in recent years stemmed from an USB vulnerability.

In 2010, Iran’s nuclear program suddenly stopped dead in its tracks. The responsible culprit was Stuxnet, a very sophisticated malware, the first that was ever identified that spies on and subverts industrial systems. Acting as a surgical scalpel, the malware targeted only Siemens SCADA systems, (supervisory control and data acquisition) which were used to monitor and control specific industrial processes within Iran’s uranium enrichment infrastructure. Continue reading

Securing Your USB Drives – How Safe Is Hardware Encryption?

IT security is the Arms Race of the 21st century.  As IT engineers develop more and more advanced ways to encrypt and secure digital data, on the other side of the barricade, the cracker, quickly find ways to nullify these efforts. Conflicts indeed breed excellence, and this forces the industry to constantly evolve, but that doesn’t really make us, the customers, feel any better. After all, because of this undecided battle, any investment is quickly proven wasted, as soon as the newly purchased security system is cracked in just a few weeks/months of release.

And one system that has proven most difficult to secure, as far as data access is concerned, has been the USB Storage Device. For a while it seemed like hardware encryption was the way to go, because it should have moved the security lock outside the comfort zone of cracker, which is the software side.  Taken to the physical world, this should have thrown a wrench in the cracking schemes. However, that too proved to be unreliable in early 2010. Continue reading

Can Your Business Partners Trust You with Their Sensitive Data?

When setting up your business data security system you need to think of more than just the safety of your company, because there is no such thing as a self-sufficient business. Whether it’s a business partner that acts as a supplier or a distributor or the client itself, every business is on one level or another, working with, or for someone else. That’s why most of your business data also incorporates -to some extent- information regarding your business associates. Your secrets are their secrets.

Just like a father is responsible for the safety of his family, a company is responsible for the safety of his business partners.

A party, be it an individual or a company, is more likely to commit to a long term partnership if they feel safe. The presence of a risk will only serve to raise doubts about the collaboration and make the threatened party seek out other alternatives, other business partner. Continue reading

The Security Risk of the USB Revolution

Once, companies had a very firm grip on the digital information that entered and left their company.

Floppy disks have long since become obsolete, especially in terms of data storage capabilities and writing a CD/DVD was initially a rather complicated process. Not all drives capable of reading CD-ROMs were capable of writing them and even if they were, you required certain software to write them. Not to mention that the writing process itself took quite a bit of time. As such, no significant amount of data could easily leave the company, even in the absence of any special security measures.

This changed dramatically with the technological advances of the USB mass storage device. Continue reading

A Rather Elegant Solution to a Common Security Leak

Each company has its own secrets to keep, and most, if not all of them, are not the romantic hacker dreams of corporate shady affairs.

The real secrets of a business are the sale reports, projects still under development or future mergers and in general any other nuggets of information that can be speculated by the competition. Putting the deliberate ones aside, most security breaches are accidents, unintentional “slips of the tongue” or fatigue induced human errors.

Sometimes employees feel the need to bring work home with them. This may be due to a fast approaching deadline, a need to catch up on lost work hours or simply because they are greatly engaged by the project; some people do enjoy their work! The ideal case for this situation would be to bring the work laptop along, a device which is secured by the company’s software.

However, in most cases, one is forced to bring home just the data itself via a USB stick or some similar mobile data storage device. This is where an accidental information security breach can occur. The home computer does not benefit from the company’s security systems and once sensitive information is uploaded on to it, it’s pretty much the same as making it public.

The files could be accessed by a random network intruder that recognizes their value and decides to make a profit out of it. Or the USB stick can be borrowed by a family member and your marketing plans could end up being shared on the campus network.

One simple way to prevent such incidents is to keep a close eye on your employees and grant them permission, based on each individual scenario, to take the information out of the company. However, this task quickly becomes insurmountable in a large business. This is where an automated system comes in handy, one that can track any inbound or outbound devices and data activity, control and block it if necessary.

The market is aware of this problem, and solutions are available, but most of them are very expensive and to rigid. These act as a small part of a much larger package, one that seeks to replace your entire security system.

A module-based alternative that allows you to pick the solution for your particular problem is the cost-efficient way to go.

With such a system, you can simply hand-pick the modules that cover any gaps or quirks of your current security without the elaborate and cluttered process of reinstalling an entire suite of security protocols.

Ways to increase data security

The world of IT is an ever growing one, mainly due to the great accessibility of information. A vast pool of data is always available to everyone, with the most minimal of efforts. However, the down side of this is that personal, private information can also be easily accessed. This year alone, the number of unsanctioned access to the private information held within a company’s client data base has been huge.

As such, there is no perfect solution in this arms races security versus intrusion, but there are numerous ways to increase data security. There are several, reliable, security applications that ensure a high level of protection. The hard part however is finding one the actually suits your needs. In an attempt to raise the level of security and to reduce the risk of a breach, most applications end up being too strict, too forceful on the user. Another great fault usually found in security applications is trying to cover a plethora of threats in a large and diverse environment, which makes them overly-elaborate and completely user-unfriendly.

The best compromise between security and functionality has proven to be the segmented one. A module-based application can offer the exact program needed for a specific, single operation, without being cluttered or too dense. A module can also avoid overspecialization, as the solution for a similar, but not quite the same as the one that the program currently used is designed for can literally be found in the next room.