Posts Tagged ‘network’

Stepping up Security

Posted on: April 30th, 2012 by jiml | No Comments

In today’s digital age, securing your critical information – whether it be personal information or business information – is increasingly difficult. Threats are increasing both in number and in complexity and sophistication. Threats can come from individuals, groups, companies, or even governments.  In January, a Venezuelan diplomat launched a cyber attack here in the United States, aimed at disrupting our nuclear industry.   

U.S. authorities probing alleged cyberattack plot by Venezuela, Iran

Many customers have asked us about the real risk to their network.  “Why would a hacker target my business?” they ask.  Our answer is that hackers probably are not specifically targeting your business, but hackers will scan IP address ranges for weaknesses; when they find one, they attempt to exploit it to see what information they can get.  Prior to the scan, they may have no idea it is your business they are targeting, but nonetheless, hackers are an opportunistic bunch. If your business happens to have open ports on its firewall , unpatched servers or workstations, or even workstations with weak passwords, it is a matter of time before those weaknesses are exploited. According to the Department of Homeland Security, an unprotected computer connected to the Internet will become infected in a matter of minutes – not hours or days or weeks. You don’t have to be surfing the Internet to become infected; you just have to have a weakness through which your computer can become infected.

As you can see, security is paramount.  Last month we spoke about the need to protect your smartphones. A layered approach to security is required to protect your business.  Firewalls are a must, preferably hardware firewalls that do not rely on users’ input (allow or disallow access) for configuration like many software firewalls.  Additional layers of protection are necessary since most firewalls will have open ports (which need to be properly secured) for typical business traffic.  Hackers understand this as well, so it is important to have additional layers of protection such as anti-spam and anti-virus protection and software firewalls.  Strong password policies are also critical for protection. Don’t allow your business users to have local administrator privileges; is it is not necessary. Have policies in place to prevent infections or breaches and also with how to deal with those breaches of security.

Colden Company Inc. offers our customers services where we can help detect hacking attempts, perform penetration testing to ensure your network is locked down from the Internet, be notified immediately of virus infections (even for laptops out in the field), and be notified of patching deficiencies for Microsoft and third-party software. We can backup your critical data to a secure off-site location to protect you from losses. We can provide you with best-of-breed anti-spam solutions and email continuity solutions. These services are becoming a necessity as the digital age will continue to become more dangerous.  Ask us how we can help your business protect itself from the ever-increasing threats. Please contact us at (888) 600-4560, email us at info@coldencompany.com or see us on Facebook or Twitter.







U.S. Outgunned in Hacker War – Make Sure Your Business is Secure!

Posted on: March 30th, 2012 by billp | No Comments

No matter if your business is big or small (or even one person), you need to take your computer and network security very seriously. Colden Company can help you by installing a simple but secure firewall or a more robust Unified Threat Management (UTM) system. Discuss your needs with us and we’ll help you secure your critical business assets.

U.S. Outgunned in Hacker War (The Wall Street Journal; March 28, 2012)

Protect Your Business – The Evolution of Hackers

Posted on: February 28th, 2011 by billp | No Comments

If computer security is not among the primary concerns you have for your business networks and information assets, it should be. Perhaps you simply want to protect your critical business information and digital assets from viruses, malware, etc. Maybe you want to prevent misuse of the Internet by employees, thus reducing the chance that malware can enter your network in the first place. If you’re in a regulated industry, you may be required to ensure certain levels of audit-proven protection against network security vulnerabilities.

Regardless of your security needs, Colden Company can help. Colden Company recently partnered with Astaro Internet Security, makers of the Astaro Security Gateway, a unified threat management (UTM) appliance. UTM appliances go far beyond traditional firewalls, offering hardened edge-of-the-network protection against viruses, malware, spam, Internet misuse or abuse, VPN access, bandwidth control, etc. Taken a step further, the Astaro Security Gateway offers unique solutions for plug-and-play branch office VPN connections (Astaro RED) and wireless networking (Astaro Wireless Security).

Simply your network security by using a state-of-the-art purpose-built solution from a solutions provider dedicated to nothing but Internet security – Astaro Internet Security. Let Colden Company and Astaro help you protect your business. Astaro offers attractive trade-in deals for your less-effective security appliances and will perform a silent business security audit in cooperation with Colden Company. Find out more by contacting us at 518-885-2857, toll-free at 888-600-4560, via email at info@coldencompany.com, or on Twitter.

From Bedroom to Underground – The Evolution of Hackers

In its original meaning, the term “hack” stood for the re-configuring or re-programming of a system so it worked in ways not meant by the owner, administrator, or designer. More generally, a hack is a quick and clever solution to a problem. One of today’s most famous pieces of malware inherited its name from an invention that could be considered the very first hack: The Trojan Horse that was created by the Greeks to breach the impregnable Trojan city walls. Moving to more modern times, in 1822 Charles Babbage began working on what he called the difference engine, made to compute values of polynomial functions – the first computer. And in 1939, British cryptologists worked on a device called the Bombe in order to help decrypt German Enigma-machine-encrypted signals during World War II. These examples demonstrate that the original meaning of the term hack had little to do with Internet security and was not always tied to malicious activities. Later on, with the birth of the Internet, the possibilities for system hacking increased – and so did the number of people dedicating their time to this activity.

The term hacker is difficult to describe as it has so many different meanings and connotations. It was first used at MIT (Massachusetts Institute Technology), which held the first courses in computer programming and computer science. A group of students started to call themselves hackers because they were able to create code that made computer programs perform actions that were not originally intended. In the beginning, hackers were driven by something like a spirit of adventure. There was this new technology, this World Wide Web evolving quickly, and people wanted to discover what was possible. They wanted to test their own limits, create chaos or simply destroy property. The reason to do something was “because I can”. The first malwares crashed PCs, deleted hard disks and let Pacman appear on the screen. Their victims helplessly watched as the hackers demonstrated their abilities by inflicting damage while staying incognito, at least outside the hacker scene. This was the era of script-kiddies using simple malware coded by others in their bedroom.

But soon, the motivation for hackers started to change. What began as a recreational activity was then and still is driven by commercial goals as hackers realized that they could actually make money with their abilities and knowledge. A real market had developed, offering several ways of making money. Depending on which way they chose, hackers can be classified in several categories. The best known classification refers to classical western movies: the white and black hat.

A white hat hacker uses his know-how for non-malicious purposes, for example by working as a penetration tester within a contractual agreement or by searching for vulnerabilities in operating systems or applications and selling them to the vendor. On the other hand, black hat hackers break computer security or use technology like a computer or a mobile phone for credit card fraud, identity theft, piracy, or other types of illegal activities that earn them money. Or they offer their method for renting or leasing, e.g. if they “own” a strong botnet and have others pay for spam floods or targeted denial of service attacks, which is also often preceded by blackmailing.

The most important difference between the money earning hacker of today and the script kiddie in the past is that the former does not want to be noticed. Back then, hackers wanted fame (for their hacker alias). They felt their capabilities should be recognized or even feared. Today, hackers attempt to stay invisible and want their hacks to remain unnoticed as well. Often weeks or even months go by until their victims realize something is wrong. Modern malware is installed unnoticed and works in the background of a system. The reason is: The longer it takes to detect an infection, the more money can be earned.

We are now at the edge of a third evolutionary step. In summer 2010, the term cyberwar became popular in the media, and the discussion was fueled by the discovery of Stuxnet, the first known worm that spies on and reprograms industrial systems. The actions of hackers now have a new motivation besides the longing for fame or money: political motivation. There are hackers that follow their own political interests and views, like the hacker Jester, who claims to be responsible for the DDoS attacks on wikileaks that brought down their Internet connection – Jester stated that wikileaks endangered “the lives of our troops, ‘other assets’ and foreign relations”.

Other hackers sell their abilities and resources like botnets to political players, whether they are political organizations or even governments. Some nations are suspected to have set up dedicated departments for cyber espionage or sabotage, while other nations are known to have set up dedicated departments to defend themselves against this new threat, e.g. the Pentagon’s Cyber Command (Cybercom) that is responsible for safeguarding the American military network. It is easy to imagine that those departments hire hackers– hackers, who see themselves as kind of cyber mercenaries, working for the political party that pays the most, or who dedicate their skills to a cause in which they believe, and operate in stealth. It is rumored that Stuxnet was a first shot in the dark by an unknown party, aiming at sabotaging not only production plants, but even nuclear power plants.

But still, there are also the good guys: The security industry, engaged software vendors, white hats and non-profit organizations like CERT, SANS or MITRE and more. There are and always will be hackers that deliberately put on the black hat, for fun, money or politics, but there are and always will be those wearing the white hat. As the bad guys develop, so do the good guys. This is a cat-and-mouse game, with no model or theory telling us that there will be a final winner instead of an ongoing race.

Republished with permission from Astaro GmbH & Co. KG. This article originally appeared at the Astaro Blog.