Without a easy to use password management solution in place, it’s almost inevitable at least 1 of the following will occur:
– You will use weak passwords
– Passwords will be reused
– Passwords will not be cycled out on a regular basis

One clever and simple product is QWERTY CARD, priced at ~$7aud each it allows virtually anyone to make a secure unique password for any service.

For example to generate passwords for Facebook and Youtube, I would use the card shown below to generate

Space Bar Code + AIRGAP + Site Name
Facebook: sh(/J3Hq.Q2s.o”.mA*qq1
Youtube: sh(/J3Hq.Q2s.o<q9&9*A

As no two cards are unique, the ability to choose your own secret passphrase, and the trailing ‘site name’ unique for each password makes this a very secure solution. Even if the card was compromised, without the personal secret, the password is still secure, and can be rotated on a regular basis by changing the secret.

What are your thoughts on the QWERTY card? Do you have a different solution in place?

The post Generating secure password’s with QWERTY Cards first appeared on Air-Gap.

Ransomware is quickly becoming one of the largest threats to organisations of all shapes and sizes, and the stuff of nightmares for both IT professionals and business owners.

McAfee reports that ransomware attacks have doubled in 2019 and the reality is it’s a threat you’ve likely already experienced before or will in in the future in some form or another. If you’ve experienced ransomware before, the first thoughts are often denial, shock, helplessness, followed by anger. By the time you find out your network is infected by ransomware, it’s probably too late to stop it and you’ve been presented with a “pay up, or lose it” screen.

Before continuing, if your experiencing an active ransomware attack make sure you have completed the following steps:

1. Isolate the network to stop the attack spreading. Shutdown network switches, routers and modems
2. Call your IT Provider and executive manager, you may need to start your disaster plans.
3. Check your backups are intact, if they are secure the servers and start copying them onto an offline storage device (ie USB hard disk)
4. Start anti-virus scans, file search to identify how far the infection has spread
5. Identify ‘patient zero’ (source of the infection) and how it entered the system, ie clicking on an infected email

If you successfully caught the infection in time, cleaned up the infection with your anti-virus and restored lost files from backups, well done.
If your not so lucky your in for a rough ride.

One of the first objectives ransomware attacks when targeting your network is destroying your backups and restore points saved on both the local computer, and saved on network shares/devices.
If you’ve signed on and found everything gone, I’ll save you the ‘pep talk’ and leave it at your not the first and certainly won’t be the last.

Moving forward with no backups you have only 3 options;

1. Kiss your data goodbye and start wiping disks
2. Attempt to decrypt your data
3. Pay the ransom

The official rule is “never pay a ransom”, the funds will most likely be used to fund crime or terrorism and you have no guarantee the data will actually be decrypted. This is all high and mighty, but not when it’s your irreplaceable data!

How to proceed; (This is general advice)

1. Identify the type of type of ransomware that has infected your network.
   
   You might be able to restore the files for free.
   Some variants may have weaknesses that can be exploited to unlock the files and their may be notes from other unlucky individuals that have been successful/unsuccessful at recovering their files by paying the ransom.
   
   Online Ransomware Detection Tools:
   https://www.nomoreransom.org/en/index.html
   https://id-ransomware.malwarehunterteam.com
   
   
2. Determine what files are missing and calculate the value/disruption of business for each file in dollars.
   If the files are only low value reference material that can be recreated or re-downloaded you might be able to write it off. On the other hand it’s irreplaceable or costly to reproduce you might want to consider paying the ransom
   
   
3. Call a local ‘Ransomware Recovery specialist’.  Once you know the type of ransomware, damage and have determined you need recovery you are best off contacting a specialist for assistance. They may be able to recover lost files without resorting to paying the ransomware or assist you through recovery process.
   
   
4. Consult with business owners, legal team and insurers on the legalities on paying the ransom. This is a very high risk transaction and may be against company policy or local laws to complete. Your insurer may refuse to reimburse you or might be able to provide additional resources.
   
   
5. Try to establish a dialogue with the attacker. Many attackers will decrypt a file as proof that they have the decryption key.
   If possible try to decrypt a single file for a smaller amount before paying the full amount.
   Paying an attacker does not guarantee the files will be decrypted, you are gambling and the odds are quiet literally 50/50.
   
   
6. Calculate and obtain the required bitcoin. Take note of the currency they expect it in. ie $5000usd of bitcoin.
   When transferring the money take extreme care that the transaction address is 100% correct, it’s impossible to reverse an incorrect transaction.
   
7. Wait. Automated schemes may send you the decrypt tool instantly, other days, weeks, months or not at all.
   
   

Don’t trust the attacker not to re-infect your network. Take lessons learned from the attack immediately to secure your network. ie Implement mail scanning, reducing access permissions, re-evaluating AV vendor, improving backup

Do you need help securing your network or recovering from a malware event?
Give us a call on 1300 733 240 or by sending us a message.

The post Ransomware: Should you pay? first appeared on Air-Gap.

Contrary to popular belief RSA SecureID hardware tokens do not have a radio receiver’s in them and don’t have anyway to communicate. In Fact they are actually more similar to a digital watch and operate on the principle of both parties knowing a shared secret, also known as symmetric key cryptography

When each RSA token is manufactured the current time is set alongside a unique 128bit ‘seed’ which is only known by the individual token and the manufacturer. Every 60 seconds the token generates a new 6 digit code using a mathematical formula containing elements of the secret seed value and current timestamp. Exactly how this algorithm works is still a secret, but what we publicly know is it’s based on a secure one way AES hash.

As the user signs in, the RSA’s authentication servers run the same formula using their copy of the same ‘seed value’ and the servers time which should generate the same code. If the codes don’t match, the server will run the same calculation but plus/minus a minute to check if the token is running a little fast or slow. Should one of those codes work the server will recognise that the built in clock of the token must have drifted and will apply a ‘token offset’ for next time.

If the codes are still not working despite a +- 1 minute correction, the server will calculate all the possible codes +- 10 minutes and try it against those. Should the code match any of these the authentication server will acknowledge it as a possible match and challenge the user by asking for the next code in the sequence to ensure it wasn’t just a lucky guess. If the code isn’t correct the user will need to contact the organisation and request a new token.

Despite these tokens working on straight-forward and relatively low-tech concepts, they are incredibly effective and significantly improve security when used for 2 Factor authentication. While not all services allow you to use RSA token, many popular services allow you to use apps like ‘Google Authenticator’ which operate very similarly.

Was this article useful and did you have any questions?
Leave us a comment below

The post How RSA SecureID tokens work first appeared on Air-Gap.

You don’t need to turn your office into Fort Knox to be secure! The following tips can greatly increase the difficulty of an attacker compromising your building.

Enforce a sign in policy for visitors

• All visitors into your building should be signed in at reception. This ensures you have a record of who is in the building at all times and who they are visiting.
• Always ask for Photo ID of new visitors to confirm their identity, and ask who they are visiting and the purpose of their visit. If you have any suspicious about the person, don’t be afraid to question them further and confirm with the staff member was expecting someone.
• Consider using a digital visitor system instead of a paper visitor book. Not only does this give a good impression to visitors, it ensures personal information from other visitors isn’t on display or can be stolen, provides real-time data as to who is in the building and can provide alerts if someone is banned from the premises.
• Visitors should be required to wear a visitors badge at all times and be escorted around the building by a staff member.
• Ensure staff enforce that all visitors must sign in and vigilant of people trying to sneak in via alternative entry points.

Keep IT infrastructure and sensitive information out of sight

• Computer in high traffic areas should be out of sight such as under desk to prevent tampering, like plugging in a USB stick without the operators knowledge.
• Networking equipment should be in a locked cabinet
• Disable unused network points and enable port security features such as mac address filtering.
• Be aware of what the visitors can see when roaming around the building: Nearby computer screens, whiteboards, documents left on desks.

Computer Equipment must be password protected

It sounds basic and low-tech, but a open computer is a gold-mine for even a novice attacker to exploit.

• All computers should be password protected with a non generic password
• Passwords should not be written down on a sticky note next stuck to the screen or on the bottom of the keyboard. Honestly it happens more than you think!
• Enforce a policy that all workstations must be locked if the user is moving out of arm’s reach.
• Computer should be set to timeout and require a password if inactive for 15 minutes.

Clean Desk Policy

Clean desk policies can seem pedantic, but they have a valid purpose beyond just keeping a neat appearance. Cluttered desks significantly increases the risk of data-loss and misplacement of sensitive information.

• When leaving the workplace temporarily all visibly sensitive documents should be filled or removed from sight and the workstation locked.
• Each task’s paperwork and documentation should be filed away before starting the next
• At the end of each day all sensitive documents, portable equipment such as laptops, security tokens, USB keys and directories should be locked away. All unneeded notes, paperwork and rubbish should be securely disposed of.

CCTV, security systems and motion lighting

• All entry points into the building should have exterior CCTV cameras, it’s not overly expensive nowadays for a digital setup which can clearly capture faces and number plates. Even something as simple as a $50 IP camera at reception is a huge deterrent.
• Your building should have a multi-zone alarm system with 3G backup which sends a message to a nominated number on activation. An attacker or burglar can do far less damage if they only have 10 minutes than all night if your not aware someone else in the building.
• Motion activated flood lights should be installed on all entry/exit points. Paired with cameras it can really turn a stealth entry into a public affair.

Beef up your exterior protection

• Installing metal plates over the gap between the door and frame offers moderate protection against being forced open with a crowbar
• Consider installing plastic guards over door handles and lock tabs to prevent an attacker using a piece of wire or tools to unlock the door.
• Security films can be excellent deterrent for would be attacks for a fraction of the cost of replacing windows. This holds the window together and prevents it instantly shattering when smashed with a object and can significantly slow down an attacker.
• Prune large plants around the building and car park which could conceal an attacker

Implement Keyless entry cards

Key-cards can seem like unneeded high-tech junk for a small business, but it serves a valid purpose.

Unlike a traditional keyed locks, a key-card can be tracked down to who opened what door at a certain time. If a access card is lost, compromised or an employer has left the card can be disabled.

Keep an inventory of equipment

One of the first signs of a security breach is missing equipment. Without a regular inventory and asset register you may never realize the full extent of the incident.

A register can help you establish exactly what items are missing and provide in depth details on  ownership, serial numbers and a indication of what information may have been compromised. Checkout our article 10 reasons why you should be using asset registers to see more important reasons why.

Secure Disposal of documents and old IT equipment

What goes into the building, often gets thrown out!

• Ensure all sensitive documents are shredded or destroyed before being disposed of in the trash.
• Computer equipment should be sanitised before disposal. Checkout our article ‘What Secrets are you giving away with your old it equipment’ to learn more about how to safely dispose of equipment.

Staff Training

Your staff are often the first point of contact with attacks, quality training can allow them to identify and avoid situations which don’t quite look right

• Provide education on common social Engineering techniques (phone, email, in person)
• Instruct staff to not plug in lost USB keys which may have been found on the premises, they may have deliberately been left there!
• Educate staff on the email phishing, checkout our guide How To Spot Phishing Emails

Regularly Perform An Audit

Inspecting your premises and checking to see if staff are following the correct procedures on a regular basis is core part of maintaining a secure environment.
At-least on a monthly basis you should be checking that:

• Check all external windows, doors, locks  lights and security measures are in good condition
• Check all cameras are recording correctly and producing a good image
• Inspect all computers and networking equipment for tampering
• Review staff compliance of security policies: Leaving computers unlocked, sensitive information on desk, correct completion of visitor logs<
• It’s also a good time to check your backups, including your offsite one

Does your organisation need help improving or reviewing their security?
Drop us a line on 1300 733 240 or send us message to get in contact

What ways do you keep your premises secure? Leave us a comment below

The post Improving your organization’s physical security first appeared on Air-Gap.

Increasingly fraudulent emails have become very deceptive with some being almost indistinguishable to genuine emails, this guide will help teach you some tricks to spot phishing .

1) Look at the email address

The easiest way to weed out the worst of the scam messages is looking at the email address its common from. If it ends in an unfamiliar domain like ‘.ru, .online, .store’, looks a little strange or has a spelling mistake like service@paypall.com with two L’s it’s almost certainly a scam as the address is taking you to a different site. Just note that email address its appearing to come from can be faked!

2) Different Reply address

An attacker almost always wants the ability to receive an email back from you, even if they appear to appear to have sent it from a fake email address. Click reply and see if the address changes.
If the new email is not identical to the alleged sender, especially if it goes to a free email account like Gmail or a strange email addresses its most likely fake.

3) Spelling Mistakes

Very rarely do large companies make obvious spelling mistakes in their emails. Spam and phishing messages may have poor spelling due to having a poor understanding of English or may even be added intentionally so all but the most gullible targets fall for it, making it more efficient for the attacker.

4) Hover over links

As a rule you should never click on links in emails as they may sneakily lead to a different website than what they display. Hover the mouse pointer over the link with your mouse and look at the URL in the box below. If it doesn’t match exactly match the above text its almost certainly a scam.

5) Urgent sounding

Most malicious messages want you to react urgently and perform a task such as verifying sensitive information, logging into an account, sending money or to click on a link to claim a parcel. While not evidence any urgent sounding or bizarre email should raise suspicion.

6) Is the email personalised with your personal details?

It’s unlikely your Bank or Colleagues have forgotten your name! Important emails should be personally addressed with your Full name and if applicable account number. Generic titles such as ‘Dear Sir’, ‘Dear Madam’, ‘Dear Friend’ is good warning size.

7) Verify the contact details in the signature field

If you have doubts about the email, check the name, job title and look at the log. Does the name sounds overly generic, is that person who you normally talk too and does the contact number match your the details you have on file?

8) Call the company

If your still not completely convinced there is no shame in giving the company a call and confirming if they sent the email. Make sure you call the company by visiting their official website or through the Yellow Pages and do not use the contact details from the email. Emails requesting you change the banking details of a organisation should always be confirmed with a phone call.

9) Unusual Attachments

You should always be careful opening attachments, especially if they have unusual file extensions like ‘.js’, ‘.vbs’, ‘.exe’ hidden inside of a zip file. Many new attackers are no longer sending these attachments due to spam filters stopping them, its becoming common now to send a pdf with a shortened URL linked to a phishing site.

10) Trust your instincts

Sometimes you will just have a gut feeling something isn’t right but you can’t just put pinpoint exactly what is. Don’t ignore this feeling, often its normally right! When in doubt treat it as suspect and get someone else to look at it. Its always better to play it safe.

11) Take the Test

Are you ready to see how good your skills are?
Click on the link below and see if you can spot the difference between genuine and phishing emails!

https://phishingquiz.withgoogle.com/

If you think you think you may have accidentally fallen a phishing email don’t panic and don’t try to ignore it. The faster you act the less damage can be caused.
Take a screen shot of the email or the website you visited, note down what information may have been compromised (ie bank credentials) and contact the organisation to alert them. If something was possibly downloaded or an attachment clicked, immediately contact your IT Support.

Do you need assistance or obligation free advice with phishing emails, spam filtering or IT support? Please feel free to give us a call on 1300 733 240 or send us a message .

Know any more tricks to identifying and fighting suspicious emails?
Leave us a comment below

The post How To Spot Phishing Emails first appeared on Air-Gap.

In 2011 ICANN (the organisation responsible for managing domain naming on a global scale) slowly phased in additional ‘generic top level domains’ (gTLDs) such as ‘.biz’ and started to allow organisations to create their own if they have a spare US$185,000.

Predictability and for the most part these new domain extensions have been heavily abused for spam, malware and phishing due to their dirt cheap cost and lack of regulatory oversight from who they were issued by. Symantec have been tracking this issue in their ongoing blog ‘Top Shady Top-Level Domains‘. Alarmingly they have found some TLD’s such as ‘.country’ have reported abuse rates of 99.96% of all sites using that extension! Similarly Spamhaus (who track spam) report that TLD’s like ‘.loan’ are at a 91.1% risk of sending spam.

One of the biggest risks of the new domain extensions is it greatly increasing the risk of phishing due to the infinitely more combinations an attacker can make, for example ‘air-.gap’ or ‘westpac.melbourne’ which are valid domains but not linked to their respective owners. Traditionally high-profile brands would buy common combinations to reduce the risk of attackers using similar URL’s to trick their users, at the time of posting there are well over 1200 gTLDs making this tactic impossible.

While ICANN insists part of the expensive evaluation fee is is for a panel of independent experts to  to review each name and registrar, it’s hard to come to any other conclusion that the new gTLD’s are nothing but a quick cash grab at our expense. Evidence of this are TLD’s such as a ‘.sucks’ being set up and sold by the private registrar purely to extort high profile companies and individuals out of thousands of dollars a year to protect their trademarks. A responsible managing body like ICANN should have shut this down as soon as it became apparent that the operators intentions were sinister.

What can we do about it?

From an organisational point of view, consider starting to aggressively block the worst of the new generic top level domains. Realistically the vast majority of them serve no legitimate purpose with exception to a few setup for novelty purposes.

Here is a short list of the worse offending TLD’s which can be safely blocked on your spam and web filters.
List: gtld_short.txt

-If you are considering buying a new domain, don’t fall into the trap of buying one of the new generic domain names. While they can sound cool for 10 minutes, the vast majority users may starting questioning the sites trustworthiness. It may be a little old fashioned but a ‘.com.au’ domain carries allot of credibility.

These two actions combined will hopefully pressure ICANN and it’s directly related bodies to draw up smarter more accountable policies less prone to systematic abuse.

What are your thoughts on the new Domain Names? Leave a comment below

The post Scammy Top level Domains, what to do about them first appeared on Air-Gap.

1. Use a Modern Web-browser

There is a lot of debate on which is the best internet browser, however the overwhelming consensus is it’s not the default Internet Explorer that comes pre-installed on your computer.

For the majority of people, we recommend using ‘Google Chrome’ due to it automatically updating itself, contains inbuilt phishing and malware protection, ‘sandboxing’ to prevent malicious webpages infecting the operating system and it having great plugin support.
This is on top of it being regarded as the fastest most compatible browsers ever built

Get Google Chrome Here: https://www.google.com/chrome/

Google has come under fire by privacy advocates due to the interconnectedness of their services which can track your browsing habits and sync it back to your Google Profile. While this can be perceived as both a good thing for convenience and a privacy risk some users may prefer to use a more neutral browser.
Firefox is a fantastic alternative and may run faster on older computer with minimal amounts of RAM.

Get Mozzila FireFox Here: https://www.mozilla.org/en-US/firefox/new/

2.Install the ‘Ad-Block Plus’ Plugin

Internet ads and popups are one of the most common ways to get malware on your computer, either by injecting bad code into the webpage or trying to trick the user into downloading an infected file often posing as a required ‘Software Updates, Video Codec or font-pack’.

The practice of blocking ads is often frowned due to it depriving content creators of potential ad revenue, but even Google who’s primary income is online advertising has admitted “intrusive” ads are a real problem who subsequently integrated a basic adblocker into Chrome.  As a compromise most ad-blockers have a ‘acceptable advertising’ option which allows validated advertisements through the filter which has been seen as a win-win for both security and content creators.

For additional privacy, Adblock Plus can also be set to block tracking scripts. This helps protect you from being tracked across the internet by advertisers and by social media companies.  

Link to Adblock Plus: https://adblockplus.org/

3.Install ‘HTTPS Everywhere’

You’ve probably been bombarded over the years to always look for the padlock icon when doing sensitive tasks like online banking to ensure the connection is encrypted. ‘HTTPS Encryption’ is now the de-facto standard and an expectation for all sites on the internet.

The ‘HTTPS Everywhere’ plugin forces websites you visit to use encryption if possible, even if the website doesn’t default to the securer version. This increases your privacy when browsing and ensures sensitive information isn’t exposed to anyone monitoring your connection.

Link to ‘HTTPS Everywhere Plugin: https://www.eff.org/https-everywhere

4.Use a password manager

Weak and reusing passwords on multiple sites are two of the leading causes of accounts been compromised. Remembering unique and strong password for each of online account is near impossible, which is the main reason so few actually do use secure passwords.

Password managers have come along way in recent years and take the stress out of remembering passwords. A good manager will automatically generate a complex password, securely save it, sync it on all your devices and even auto-fill it back into the website when required. You just only need to remember one strong password.

Many different brands exist, we use and recommend the following managers:

Lastpass: online password manager built into the browser and syncs to mobile devices.

Keepass: Opensource offline password manager

5.Setup 2 factor authentication

For important accounts like banking and social media, 2 factor authentication can be enabled to give another layer of protection if your password gets compromised.

This means if an attacker has your username and password or access to your emails to perform a password reset, they will also need access to your mobile phone to get a login code. While a seemingly simple extra step, it greatly increases the difficulty for the attacker as they need to compromise your phone which typically is much harder to do.

Guides to setup 2 Factor Authentication on popular services
AppleID: https://support.apple.com/en-au/HT204915
Google: https://support.google.com/accounts/answer/9096865
Dropbox: https://www.dropbox.com/help/security/enable-two-step-verification
Xero: https://central.xero.com/s/article/Set-up-or-disable-two-step-authentication

Facebook: https://www.facebook.com/help/148233965247823
Twitter: https://help.twitter.com/en/managing-your-account/two-factor-authentication
Instagram: https://help.instagram.com/1582474155197965
Reddit: https://www.reddit.com/r/announcements/comments/7spq3s/protect_your_account_with_twofactor_authentication/

6.HaveIBeenPwned

An important step in keeping yourself secure online is knowing if your credentials have been compromised. ‘HaveIBeenPwned’ allows you to enter your email address to check if your account details have been publicly exposed by a databreach.

If your details have been leaked, the service will tell you what site was breached, and what details may have been exposed. For example Adobe’s breach in October 2013 which exposed the ‘Email addresses, Password hints, Passwords, Usernames’ for over 153 million users.

Should you unfortunately find yourself on the list you should immediately change your passwords, particularly if you use them in more than one place. For additional protection you can subscribe to ‘HaveIBeenPwned’ and they will send you an email if your account is ever exposed.  

Link to HaveIBeenPwned: https://haveibeenpwned.com/

What things do you do to stay safe online?
Let us know in the comments below

The post Top 6 easy ways to boost your internet security for free first appeared on Air-Gap.

Organisations put considerable resources into buying and installing new equipment, however the often neglected side of the story is what happens old equipment. For some businesses it’s just a matter quickly deleting any sensitive files before throwing it into the skip or simply dragging it out onto the nature strip never to be seen again.
But is this really enough?

Identity and intellectual property theft is a very real risk in today’s modern age with malicious hackers frequently combing through disposed equipment to find valuable information. Even if equipment is formatted, files and configuration may still be recovered posing a serious security risk.

Where does this waste E-Waste end up?

Initially old equipment is sent to central processing stations out in the open such as at local tips. Quite frequently individuals will sift through this gear looking for anything that appears valuable. After this the remaining equipment is often sent to developing countries where it is broken down by hand into working components which can be re-purposed and sorted raw materials.

If the equipment hasn’t been properly sanitised it could end up living a second life with your data fall into the wrong hands!

What equipment is at risk?
If it stores data, ever was connected to the organisations network or holds a configuration you should be mindful of how its disposed.
This may include;

• Removable Media: CD’s & DVD’s, old USB keys, portable hard-disks, memory cards
• Servers, Desktops, Laptops, PDA’s
• Phones: Deskphones, Mobile Phones, Pagers, Sim Cards
• Printers and print servers
• Networking Equipment: Routers, Network Switches, Wireless Access Points
• Old ID Cards

Tips

• Storage devices such as USB Keys,memory cards hard disks and solid state disks should be securely formatted and overwritten with zeros if they are planned to be returned to service internally within the company.
• If a storage device is to be disposed of, we suggest physically destroying the device as opposed to lengthy format times with wiping tools such as DBAN. This removes all doubt that the data could ever be recovered or an error occurring where the data wasn’t actually fully wiped before it was disposed.
• Large photocopiers and large network printers may contain inbuilt hard disks which can save a copies of all scanned and printed documents. Before disposing printers you should first check to see if it has inbuilt storage and if so it should be securely formatted. For sensitive environments the hard disk should be removed and destroyed.
• Remove all identifying stickers, tags from the equipment to make the device harder to track back to the organisation or who used it.
• Devices configuration should be wiped from the device by performing a factory reset and re-flashing the device. Information like saved WiFi credentials, file paths and hard coded network settings can be extremely valuable for a hacker.
• Simcards and memory cards should be removed from the phone before disposal

E-Waste Recycling

Manufacturing computer components requires a substantial amount resources which has an environmental impact. We encourage the reuse of equipment where possible and recycling once it has reached the end of its life. Many E-Waste organisations will pick up your old equipment for free and dispose of it responsibility.
We recommend always formatting your equipment first and researching how they will ensure your privacy is maintained.

Does your business need helping managing your network or have any questions?
Give us a call on 1300-733-240 or leave a comment below

The post What Secrets Are You Giving Away With Your Old IT Equipment? first appeared on Air-Gap.

When most organisations think of keeping their infrastructure updated, their response is usually keeping the operating systems of their desktops and servers current, as-well as updating their firewalls firmware on an occasional basis. Very frequently these 7 network devices slip through the gaps creating potential security vulnerabilities.

Network Printers
Every organisation has them and quite often they are the nemesis of the IT department who are just happy to keep them working! As these printers become more complex and perform more tasks such as directly saving scanned documents into computers, the need to keep them updated is vital. Recently HP was forced to patch its OfficeJet range of printers after it was discovered a maliciously crafted fax sent to the printer could allow an attacker to completely take control of it.

Cameras
This is a device that slips the minds of most administrators and can pose a critical threat depending on how its configured, particularly if they are directly exposed to the internet. Threats can range from an intruder viewing the camera stream live without a password to being completely controlled by a hacker and used to gain access to the internal network.

IP Phones
They sit on our desk often without any thought of exactly how they work. No longer are they straightforward devices that only activate when picked up, but rather full fledged computers with always on microphones and now even cameras. In 2015 it was reported that Cisco Small Business IP Phones had a bug where remote attackers could eavesdropped in on which reinforces the need for organisations to have a proactive approach to security.

Wireless Access Points
Due to the nature of broadcasting access to your organisation, its critical. From time to time Wireless Access Points receive patch’s to improve performance and patch security issues such as KRACK which was discovered in late 2017 compromising WPA2.

Network Switches
Like with Wireless Access Points, managed network switches are at the heart of the network and often the first piece of infrastructure a device will communicate with. Due to their ability to run unhindered for years and inconvenience in updating rarely are the kept upto date. Despite their reliability they do have flaws, such as was discovered in early 2018 when automated bots searched the internet looking for vulnerable Cisco switch’s and deleted their configurations.

Motherboard BIOS
While most organisations do a good job keeping operating systems and software upto date, rarely is the BIOS which controls the underlying hardware ever update on desktops, laptops and servers. Very few machines will notify the administrator a update is available unless the motherboard vendors software is installed. Many manufacturers have released updates to patch against the recently identified Meltdown and Spectre CPU vulnerabilities affecting most Intel machines all the way back to 1995!

Emerging IoT Devices
As time goes on, the importance and difficulty of ensuring infrastructure up-to date will become more complex due to the Internet of Things turning unconventional devices into full fledged computers. One of such is the growing uptake of ‘Smart’ products including TV’s, lightbulbs, doorbells and automation products which are network enabled.

Keeping track of all the devices in your organisation needing to be updated can be challenging. Our suggestion at the minimum is that if your device has a network IP-address it should be documented in ideally an asset register and checked at-least once a year. If you register the device with the manufacture when you purchase it, you may receive notification if an update is ever available.

Does your business need assistance or advice keeping everything ticking away?
Give us a call on 1300 733 240 or send us a message to see how we can help

Have you come across any unusual products requiring an update, let us know in the comment below.

The post 7 devices your probably forgetting to update first appeared on Air-Gap.

Wouldn’t it be nice if there was an easy way to block known bad websites and threats across the whole of your network without the need for expensive software packages install on every device?

Pi-Hole is an open-source DNS based filtering solution focused on blocking ads and malicious domains before your devices can even connect to them.

Unlike reverse proxies and networking filtering appliances, Pi-Hole does not route all traffic through the device potentially impacting performance, but rather acts as a local DNS server filtering requests through the use of configurable black and white lists which are regularly updated.

This helps block malicious phishing & virus links, increase privacy, restrict undesirable sites through the use of custom block lists and act as a excellent network monitoring tool.

Not only does Pi-Hole dramatically improve the security for every device on the network regardless of operating system, it also increases performance by caching common DNS entries and blocking unneeded advertisements decreasing websites loading times.

Thanks to countless hours of tireless work by its developers you don’t need to be a Linux guru to manage it. Pi-Hole’s web interface is modern and intuitive which most users will be able to master in minutes.

Implementation of Pi-Hole based filtering solution is straightforward and can be run on either a Raspberry pi or Linux based VM. The Pi-Hole appliance is then set as the primary DNS server through your existing DHCP server (often on the router) or assigned statically.

In cases where there is already a DNS server on the network such as a domain controller, Pi-Hole can be used to populate it. High-availability can be achieved by using a second PI-Hole appliance set as the secondary DNS or using root hints.

Pi-Holes DNS approach to filtering while very effective can be circumvented and does not provide active protection against network threats. As with any signature or blocklist based filtering solution, it can only protect you against known threats and is always one step behind the ever growing number of attackers.

Nevertheless Pi-Hole is a great way to quickly improve the security of your home and business networks still reliant on public unfiltered DNS servers.

Think this could work for you or have any questions, We’d love to Chat

Pi-Hole Homepage: https://pi-hole.net/

 

The post Boost your network security with Pi-Hole first appeared on Air-Gap.