What’s the first thing a hacker will do?

What’s the first thing a hacker will do?

Step one to breaking into any system and causing havoc is reconnaissance. An attacker will gather as much information about your environment as possible. They’ll look for security software, and make extensive lists of anything that your systems will tell them about themselves.

Then they’ll start to look at your users. Social engineering is one of the most common ways to get into a secure network. Why break in when you can get someone to let you in? This is why training and vigilance are so necessary.

Not too far into a targeted attack, they start to access your Active Directory system. Why? Because Active Directory knows where everything is. It’s precisely what it’s designed to do.

It knows:

  • Users
  • Groups
  • Network Shares
  • Endpoints
  • Servers
  • Domain Controllers
  • Routing Tables

Once they get this information, looking for places that are good to attack becomes easy. As they gain access to more systems, this process snowballs.

You are owned.

Those are words that you do not want to hear.

Now stealing information and documents becomes easy.

What are you doing to protect your active directory? Are you monitoring your Active Directory and actively securing it?

We can help.

It’s intern time

It’s intern time

As longtime security leaders and innovators, we can say categorically that while you can learn concepts in school, that’s never enough to actually perform real-world security tasks.

We’re into our second year of the intern program at Assurance Data “University”.  Every Friday our Chief Strategy Officer Chuck Sirois leads an intensive training program online to a select group of up and coming security experts.

This month we’re covering topics like:

  • Attack Vectors
  • Keeping up with the daily changes in security threats
  • How to mitigate security problems.

Interested in becoming the next security leader? Email us at md@assurancedata.com.

 

 

Tips and Tricks Tuesday: Two tips for keeping yourself secure

Tips and Tricks Tuesday: Two tips for keeping yourself secure

Security depends very much on your actions as an end user. The more secure you are personally, the more secure you organization can be.

Let’s start with a simple things you can do right now to make yourself more secure.This week we’ll focus on passwords and authentication.

Use a password manager AND a different password for EVERY account

Data breaches happen. But it’s easy to mitigate the damage if you use completely different passwords for EVERY login. Managing this is easy with apps like Lastpass and 1Password (there are many others). You remember one login, and the app helps you generate secure passwords you don’t even have to know for every service.

Surely you can see how “!D4sL@nN1pJRbG” is a better password than your kids birthday right?

Turn on 2 factor everywhere it’s available

Most major services, from Facebook to Flickr offer a free way to get a text or use an authentication app like Lastpass authenticator to give you a second layer of password protection. This isn’t perfect, especially if you use text messages for this, but it’s better than your password alone. Check with your help section in the app on how to enable this and do it for EVERYTHING.

These two simple things can help make you dramatically more secure in your day to day internet interactions. Need a solution for enterprise password management or authentication? Let us know.

 

 

AssuranceData Meltdown/Spectre Security Alert

AssuranceData Meltdown/Spectre Security Alert

Spectre and Meltdown Overview and Mitigation Details

Overview: As of January 3rd, 2018, multiple vendors started publicly releasing patches for CRITICAL security flaws related to modern CPU architecture vulnerabilities “Spectre” and “Meltdown”.

  • Spectre: Exploits speculative (predictive) execution to allow user process to see Kernel memory
  • Meltdown: Exploits a Kernel process flaw that runs rogue data (out of order execution) when a process is faulted from a user process

Updates:

Windows has updates [MANUALLY DEPLOYED] in some cases.

The patches can conflict with certain Antivirus products and cause a blue screen. o To get the patches, a registry key must be set
Some AV vendors are setting the registry key automatically
Other hardware firmware updates are often required

Mitigations:

  1. Update Firmware on all devices when related patches are released
  2. Update all Operating systems when related patches are released
  3. Provide layered security protections, behavioral analytics, and data transmission monitoring and control
  4. Spectre/ Meltdown system health checks
  5. Spectre/ Meltdown exploit detection tools