by Teknita Team | Aug 10, 2022 | Security
Ransomware is Malware that commonly uses encryption to hold a victim’s data for ransom. An organization’s data in encrypted so that they cannot access. Ransom is then demanded to unencrypt and make it available again. Ransomware is usually designed to spread across a network and target database and file servers.
An attacker can gains access to the environment through a targeted attack, via email spam or phishing or an existing vulnerability they discover. Once access is established, the malware encrypts data using a key pair generated by the attacker. Once specific goals are met the ransomware prompts the user for a ransom to be paid to decrypt the files. If the ransom is paid then the attacker would promise to deliver the private key to the organization so they can decrypt their data. Unfortunately even if the ransom is paid, some organizations never hear from their attacker again and they are not provided the key.
How it Happens?
Ransomware often starts through a phishing email that contains an infected or malicious attachment. Other attacks can start by someone downloading a file that was infected or unknowingly allowing an application to be installed by a website. Another possible entry point is through a vulnerability in a particular application or OS. In many cases these vulnerabilities are identified with patches provided by the software vendor. WannaCry was an example of a ransomware attack that took advantage of a vulnerability in the Windows OS. The vulnerability was identified with a patch provided before the attack, but infected computers had not applied the patch or were running a version of the Windows OS that was out of support.
How to Protect Yourself?
Patching
The best and easiest defense is to make sure that all laptops, servers and network devices are kept up to date with the latest patches and firmware. In many cases, vulnerabilities are identified by the vendor or other Whitehat hackers and reported to the vendor so they can correct the problem. This usually happens before the vulnerability can be exploited.
Patching has become straightforward with several ways to automate including:
- OS Settings – Automatic download and installation of patches can be configured within the OS though sometimes reboots are not automatic and require attention.
- Azure Update Management – Used to manage operating system updates for Windows and Linux VMs in Azure or Physical or virtual machines in on-premises environments.
- AWS Systems Manager Patch Manager – Similar to Azure Update Management, AWS Patch Manager allows for cloud and on-prem patch application and updates.
- WSUS/SCCM – Microsoft offerings provided to automate and report on patching of Windows machines.
- Third party patching tools – Some 3rd party patch automation tools exist that improve on or simplify the features within SCCM.
Network Segmentation
Many malware packages including Ransomware spread to new machines from infected machines on the same network. If an organizations network is completely open then 1 infected machine can be used to infect everything. Segmentation improves security by dividing a network into segments to control how traffic flows across the network. This segmentation limits traffic to where it needs to go and can limit the damage and spread of malware. A related best practice is to isolate access from third parties via dedicated access portals.
Security
Make sure to keep current on recommendations for updates to protocols and best practices. Organizations should also consider encrypting their data. This will ensure that even if there is a data breach, the attacker is not able to use the data as part of a ransom threat. That said, Ransomware can re-encrypt data so this is not a protection against a Ransomware encryption attack.
Another area to review is the organizations authentication practices. If an attack is started due to a password obtained through a 3rd party breach then it is very easy for an attacker to place malware anywhere that the breached account has access. With 2 factor (or multi-factor) authentication this becomes much less likely as the attacker would also need to be in possession of the account owners’ phone or have access to their secondary email account.
Training
Educate the user community on what Phishing looks like and proper etiquette for content from unknown sources. The best defense is to make sure that staff are not clicking on unsafe attachments, browsing to unknown website, or downloading unsafe content.
Backups
Every organization should have a backup process in place though most have focused on recovering from equipment failure. Many backup processes simply make sure that the data is backed up onto a device other than the one being protected. With ransomware this is not enough as many impacted organizations discover that their backups are also encrypted and useless for a recovery effort. For proper protection organizations must incorporate multiple copies of data, use different storage media and keep at least 1 copy offline or otherwise inaccessible by the source network. Cloud backup solutions can also achieve this using multi-factor authentication and network segmentation in addition to minimum retention range checks which ensure at least one recovery point in case of attack.
You can read more about Ransomware Attack here.
Teknita has the Cyber Security experts to support all your technology initiatives.
We are always happy to hear from you.
Click here to connect with our experts!
by Teknita Team | Aug 8, 2022 | Microsoft SharePoint
For years SharePoint has been known as a tool to improve communication and collaboration. Most people are familiar with sharing and versioning documents, checking out, editing, then checking back in. This has always given SharePoint a leg up over the old “shared drive” approach and is how SharePoint achieved a foothold in many organizations (that and the foundation edition is free with Windows).
Here are some uses for Microsoft SharePoint that you might not have thought about:
• Document and Records Management
Many people see that you can store and search for documents in a document library but there doesn’t seem to be much structure, taxonomy, or governance to these documents. This is certainly no longer the case. With the introduction of SharePoint 2013 Records Center, you can now apply retention policies to your content types and enforce your Document Management and Retention policies. Additionally, document libraries can hold many more documents than in previous versions of SharePoint.
• Application Development
SharePoint has always allowed for the development and integration of custom application using core SharePoint features utilizing .Net, ASP.Net, HTML, JavaScript and CSS. These capabilities continue to exist with the added dimension of developing SharePoint Add-ins that take advantage of standard web technologies and that can extend on-premise as well as hosted SharePoint environments. This concept is further expanded in SharePoint 2016 and Office 365 allowing for faster development and easier deployment to a wider audience.
• Data Modeling and Business Intelligence
Along with complete integration into the Microsoft SQL Data Warehouse stack, SharePoint offers Power View as an interface for Data Modeling. Power View is an interactive data exploration, visualization and presentation experience that allows for ad-hoc reporting. Data, rich graphics and visualization tools can be included in easy-to-build reports that can then be published for others to use, or as a baseline for additional modeling.
• Search
SharePoint Enterprise Search is a powerful tool for finding data both inside and outside of SharePoint. Internal content can be searched and refined through new and powerful web parts. Content outside of SharePoint can now be indexed and referenced within search results allowing for a true enterprise search feature.
• Mobile Optimization
SharePoint automatically generates a mobile friendly version of every page for phone and tablet users. The Mobile Browser View feature allows for expansion to tablet and smartphone devices with little effort required from developers or system administrators.
Some of these capabilities have been around for a while but just aren’t as well known by SharePoint users. Ask your IT department about these features or contact us and we can help you maximize your SharePoint experience.
by Teknita Team | Aug 3, 2022 | Security
Logs are critical when you are attempting to detect a breach, investigating ongoing security issues, or performing forensic investigations. These five must-know Cloud Logging security and compliance features can help customers create logs to best conduct security audits.
1. Cloud Logging is a part of Assured Workloads.
Google Cloud’s Assured Workloads helps customers meet compliance requirements with a software-defined community cloud. Cloud Logging and external log data is in scope for many regulations, which is why Cloud Logging is now part of Assured Workloads.
2. Cloud Logging is now FedRAMP High certified.
FedRAMP is a U.S. government program that promotes the adoption of secure cloud services by providing a standardized approach to security and risk assessment for federal agencies adopting cloud technologies. The Cloud Logging team has received certification for implementing the controls required for compliance with FedRAMP at the High Baseline level. This certification will allow customers to store sensitive data in cloud logs and use Cloud Logging to meet their own compliance control requirements.
Below are the controls that Cloud Logging has implemented as required by NIST for this certification:
- Event Logging (AU-2)
- Making Audits Easy (AU-3)
- Extended Log Retention (AU-4)
- Alerts for Log Failures (AU-5)
- Create Evidence (AU-16)
3. “Manage your own Keys,” also known as customer managed encryption keys (CMEK), can encrypt Cloud Logging log buckets.
For customers with specific encryption requirements, Cloud Logging now supports CMEK via Cloud KMS. CMEK can be applied to individual logging buckets and can be used with the log router. Cloud Logging can be configured to centralize all logs for the organization into a single bucket and router if desired, which makes applying CMEK to the organization’s log storage simple.
4. Setting a high bar for cloud provider transparency with Access Transparency.
Access Transparency logs can help to audit actions taken by Google personnel on content, and can be integrated with existing security information and event management (SIEM) tools to help automate your audits on the rare occasions that Google personnel may access your content. While Cloud Audit logs tell who in your organization accessed data in Google Cloud, Access Transparency logs tell if any Google personnel accessed your data.
5. Track who is accessing your Log data with Access Approval Logs.
Access Approvals can help you to restrict access to your content to Google personnel according to predefined characteristics. While this is not a logging-specific feature, it is one that many customers ask about. If a Google support person or engineer needs to access your content for support for debugging purposes (in the event a service request is created), you would use the access approval tool to approve or reject the request.
You can read more about Cloud Logging here.
Teknita has the expert resources to support all your technology initiatives.
We are always happy to hear from you.
Click here to connect with our experts!
by Teknita Team | Aug 1, 2022 | Uncategorized
Document management systems are basically electronic filing cabinets an organization can use as a foundation for organizing all digital and paper documents. Any hard copies of documents can simply be uploaded directly into the document management system with a scanner. Often, document management systems allow users to enter metadata and tags that can be used to organize all stored files.
Choosing the right document management system starts with accurately assessing your organization’s needs. The first choice you’ll make is whether you want an on-premises or cloud-based solution. Each type of system offers the same functionality, but there are several key differences in the way maintenance is performed and data is stored.
TYPES OF DOCUMENT MANAGEMENT SYSTEMS
When choosing a document management system, you will have the choice between on-premises and cloud-based software.
An on-premises document management solution requires you to use your own servers and storage, which means you need to perform your own maintenance. You’ll also be responsible for the security of all your data, so you’ll need to back everything up. This option typically makes sense for larger companies with dedicated IT resources because of its higher technical demands, but it also places you in direct control of the system. Technical support and software updates from the vendor are usually contingent on whether you continuously renew an annual subscription package.
Cloud-based document management software is hosted by your system’s provider and accessible to your organization online. Typically, cloud-based solutions have a monthly or annual fee, which includes all maintenance and software updates. Depending on the system you choose and the features you require, pricing for cloud-based platforms can range from a few dollars to more than $100 per user per month.
DOCUMENT MANAGEMENT SYSTEM FEATURES.
- Document storage: The most basic and critical function of a document management system is the ability to store your company’s documents safely and in an easily searchable manner.
- Keyword search: A sound document management system has a broad keyword search option so you can easily access any document based on specific keywords.
- Permissioned access to certain documents: By creating tiered permissions, you can provide certain employees access to specific documents and bar everyone else from viewing or editing them.
- Document access monitoring tools: These tools allow you to monitor who in your company is accessing what documents.
- Document edit history and restoration: A document management system should have edit history and restoration options so you can see who has edited a given document.
- Auto-delete on outdated documents: Document management systems come with regulation controls for automatic saves and deletion to free up storage space.
- Mobile device access: You should be able to access your company documentation through your mobile device.
BENEFITS OF USING A DOCUMENT MANAGEMENT SYSTEM
- Saved time: By using a document management system, you can devote the time you previously spent organizing and managing your documents to more critical parts of your business.
- Security: By backing up your documents in the encrypted cloud or a secure on-premises server, you can protect important and sensitive company information and protocols.
- Scaling: One of the major benefits of document management software is its ability to scale up and down to meet your company’s ever-changing needs.
- Easy document management: Keyword searches allow you to find your company’s important information quickly and easily.
- Collaboration: Document management software can improve workplace collaboration by allowing multiple people to work on the same file at once, tracking who makes what changes and retaining your access to older versions of documents.
You can read more about Document Management System here.
Teknita has the expert resources to support all your technology initiatives.
We are always happy to hear from you.
Click here to connect with our experts!
by Teknita Team | Jul 21, 2022 | Security
A spam filter is an email service feature that filters and quarantines spam emails from a user’s inbox. It ensures a clean and spam-free mailbox for the user that saves productive energy and provides a high level of work efficiency. A spam filter has become a necessity in recent times as cyber adversaries rigorously work to find and exploit vulnerabilities. Sending spam and phishing emails is one of the most preferred and lucrative ways which they can use to lure users into falling into their trap.
A spam filter service detects unsolicited and unwanted email and wipes them out from a user’s mailbox. Different spam filters have various mechanisms for segregating spam from legitimate emails; however, they all strive to attain a common goal – making sure that only genuine and informative emails reach the end-user.
Spam Filtering Techniques And Usage:
Blacklist filter: This is a relatively easy way of identifying spam email. In this system, the filter has been pre instructed to avoid emails sent from specific senders or addresses – known as a blacklist. Any mail from a blacklisted person or email address gets auto marked as spam.
Content filter: A spam filter might work by following a content filtering system, whereby it will review the content of every email sent to the user. By doing so, it tries to determine if it is a spam email or not.
Rules-based filter: This is very similar to the blacklist filter but contains an added feature. In this filter, a user can not only blacklist users but can also blacklist words. In case an email has any of the blacklisted terms or happens to be sent by a blacklisted user, it gets auto marked as spam.
Header filter: Another way a spam filter works is by reviewing the header of every email sent to the user, searching for falsified information, or other signs that could confirm whether the email is spam.
Permission filter: This spam filter makes it mandatory for any email sender to be pre-approved by the recipient. This way, only known persons can reach out to you. Although the permission filter is a great way to ensure security from spam, it kills the prospect of authentic and genuine business or academic emails reaching you by becoming a barrier in communication.
Challenge-response filter: This filter is similar to the permission filter and requires a sender to enter a code to gain permission to send an email to the recipient.
The primary task of a spam filter is the segregation of spam emails from genuine ones. It is done by enabling a user to distinguish between the approved and unapproved email addresses. Approved addresses or white addresses are the ones that have been marked as safe by the user. On the other hand, the unapproved or blacklisted addresses are the ones that have been marked as dangerous, unimportant, or spam. Any email from an approved address goes straight to the user’s mailbox. In contrast, all emails from blacklisted sources get auto blocked or deleted based on the instructions that the user feeds into the system.
You can read more about Spam Filters here.
Teknita has the Cyber Security experts to support all your technology initiatives.
We are always happy to hear from you.
Click here to connect with our experts!
