Category Archives: Security

A Basic Evolution of the Virus

In the early days of networking computers, viruses were little more than proof of concept bits of code. Can I write a program or exploit a function where I can remotely open a CD drive on another computer or cause some other strange behavior?

These prank style antics grew bigger in scope and power and quickly began to spread around the Internet. Then the environment took a more sinister turn, by bulking up the things these viruses could do. Viruses became punishing programs that would eat up CPU speed, bloat up free hard drive space, spin drives faster than they were designed for and even delete user or operating system data.

They were deployed by people to punish others and destroy property and data. Without tangible rewards creating viruses start to get a bit bland. Viruses then started evolving to an end game or reward. Viruses that previously may have taken a computer offline either by design or by unmitigated spread of the infection fell out of favor. It was becoming more and more important to not have the target go offline or notice the infection. If the target went offline, the attacker wasn’t able to reap the benefits of the infection.

And what were those benefits? In that generation, most of the time it was stealing address book entries to sell to spammers. Personal information was rarely targeted, but corporate data was ripe for the picking.

This is the era of BotNet. Many viruses infect, spread and lay totally dormant. These infected computers are now slaves to the whims of the attacker. If an attacker wants to take down a large site with a DDOS attack, they can wake up 1,000’s of these sleeping infections to begin slamming a site with traffic. Each computer sending out just enough traffic not to be noticed but when combined as a whole their effects can be devastating. These “Bots” can also be put to task to sneak out little bits of Spam here and there. Not enough to get flagged by the normal detection practices of a modern ISP, but combined with the sheer numbers of those infected can wreak a lot of junk mail havoc.

The virus/malware industry has gone thru a major transformation over the years. Viruses have evolved from simple pranks to a hacker’s tool with which to make money, create mass damage or capture information. Viruses don’t say “Happy 1999!” on your screen anymore and stop there. These new viruses like to hide, wait and use the power of their combined infection numbers to make the criminals involved a lot of money.

HOW I GOT ON YOUR WIFI: WPS FAIL!

Router manufacturers have been developing ways to make their routers more secure but at the same time still easy to connect to. This led to the development of WiFi Protected Setup (WPS).

WPS allows you to connect to a router in two ways, either by providing an 8 digit pin code (that is printed on the router) or by pressing the WPS button on the router and opening up a short connection “window”. Both of these methods require physical access to the router and
thus should be secure from “drive-by” hacking. However, that is not the case.

While I would need physical access to push the WPS button, the pin code method is the default and first available under the standard. The biggest issue with this is that the router authenticates the pin in two 4 digit parts. There are 10,000 combination of 4 digit numbers
and since most routers, don’t time-out or ban me for hammering attempts they are extremely easy to run a brute-force attack on. Once I have the first 4 digit number, then I brute-force the second 4 digit number and I’m on your network. We highly recommend setting the connection passphrase setup to WPA2-PSK (pre-shared key) and setting that key to something long and randomized. To be even more secure, make sure you disable the WPS function on your router.

The End of Windows XP

Twelve years ago, Microsoft released Windows XP. After 3 Service Packs and well over 300 updates, Microsoft ended their official “Mainstream Support” for Windows XP on April 14, 2009 and it entered the “Extended Support” cycle for Windows XP. On April 8, 2014, Microsoft will end their “Extended Support” cycle for Windows XP closing the final chapter on one of the most successful operating systems in the history of computing.

Windows XP was so successful that it took nearly 30 months for their Windows 7 operating system to overtake the global Windows XP install base. Today Windows XP still enjoys an install base of ~35% or roughly 800 million of the world’s computers.

What  does  the  end  of  the  “Extended  Support”  cycle  for  Windows  XP  mean  moving forward?  The  Mainstream  Support  life  cycle  allowed  Microsoft  to  release  “hotfixes”, security  updates  and  provide  direct  commercial  and  end-user  support.  The  “Extended Support”  cycle  moved  the  product  into  only  receiving  security  updates  to  the  product and ended all other support. While Microsoft has made some allowances in the past for profound security-related issues for products outside of their Support Lifecycle system, on April 8, 2014, Microsoft will no longer be providing any new updates to Windows XP, including “hotfixes”, service packs or security updates.

This will expose Windows XP users to a myriad of new and evolving security, malware and virus threats. Microsoft Security Intelligence Report volume 14 (PDF) reports the following infection rates by operating system and service pack for the fourth quarter of 2012. While Windows XP Service Pack 3 has made a significant reduction in the amount of security vulnerabilities and infections on the XP platform, XP still leads the pack in infection rates across all Windows operating systems. The combination of large user base with lack of security patches leaves a large target on the venerable operating system.

To mitigate the risk moving forward, users must begin the transition from Windows XP when and where possible. The best option would be moving towards the latest operating system, Windows 8, as it is the most secure and reliable system Microsoft has yet to produce. That might not be an option for many people, so the next best option would be Windows 7. Between Windows XP and Windows 7 was Windows Vista, however, Vista is not an option as it is also nearing the end of its support life cycle.

Infection Attack Vectors Q4 2012

Infection Attack Vectors Q4 2012 by Operating System

If Windows XP must be used, for whatever reason, then a hardened security presence on the system must be maintained and updated regularly. There are many anti-virus, anti-malware and firewall software options available from Microsoft and third party vendors – both free and paid. The number of unprotected or under-protected Windows XP systems moving forward could create a ticking time bomb if left unchecked and unprotected.

We are urgently recommending the following actions be taken when and wherever possible:

  • Upgrade. Windows Vista and 7 will still be supported for a few years and Windows 8 even longer.

If you must continue to use Windows XP:

  • Make sure your copy of Windows XP is running Service Pack 3.
  • Stop using Microsoft’s Internet Explorer entirely. Use only a currently updated and supported web browser like Mozilla Firefox. Access to Internet Explorer can even be fully removed via the “Windows Components” feature in Add/Remove Programs.
  • Stop using Microsoft’s Outlook Express entirely. Use only a currently updated and supported email client like Mozilla Thunderbird or better yet a web-based email client.
  • Uninstall the Java runtime environment from your computer unless you absolutely cannot live without it.
  • Install a supported anti-virus client. Keep it updated and do a full system scan weekly.
  • Make sure Windows Firewall is enabled or use the one that comes with your 3rd party security software.
  • Limit your installation of programs off the internet to only trusted sites from trusted companies.

Red Condor E-mail Security

redcondorlogo“First Network Group, with EdgeWave’s Red Condor product, provides e-mail security for ISP’s and businesses…”

E-mail security is a necessity these days. However, preventing viruses, trojans, and spam from getting to the inboxes of your users can be difficult. Many solutions rely on your email server to do filtering.This can consume valuable resources on your server, and can eat up costly bandwidth on your internet connection. The filtering rules can also be very difficult to maintain and update, leading to malicious mail making it through your filter, or legitimate mail getting trapped by the filters.

First Network Group, with EdgeWave’s Red Condor product, provides e-mail security for ISP’s and businesses without having to install anything on local servers. A hosted solution is available that prevents unwanted email from even entering your network. Or, if you prefer, appliances are available that can be hosted inside your datacenter, but still separate from your mail servers. Both offer the same protection, which is backed by a team of EdgeWave engineers that continually update the systems to defend against new attacks. Many First Network Group customers are already usingRedCondor, and it has proven to perform betterthan alternatives, while still maintaining an attractive price.

Contact Randy Carpenter VP of IT Services at 1-800-578-6381, option 1 if you have any questions, or would like to order.