What’s the latest in the Information Security space?
This Tuesday Microsoft released six patches to address seven vulnerabilities across its product line, and bulletin MS12-020 is the only one that is rated “critical,” and it patches two privately reported bugs in Remote Desktop Protocol (RDP), a tool commonly used by administrators to remotely connect to systems they manage.
The more severe of the two flaws, which affects all versions of Windows, enables an attacker to remotely access and install malicious code on a machine running RDP without credentials, if it does not have network-level authentication enabled.
Due to the appeal of this vulnerability to attackers (gain remote access to systems with a quick exploit), experts anticipate that an exploit for code execution will be developed in the next month.
The threat of a worm spread is particularly high for small and midsize businesses, which often lack protections, such as a VPN for employee endpoints that remotely connect to the corporate network.
I would recommend that these organizations in particular and all organizations in general should immediately apply the patch.
Additionally, users with RDP-enabled mobile laptops that will connect to unsecure networks or other public Wi-Fi networks (with a weak connection policy) will be exposed to attack risk. Once infected, they will bring back the laptop within the corporate secure network and infect other connected systems from within the network.
So what can you do to protect your system, especially if you have RDP enabled on your system when connecting to “Unsecured” Wi-Fi networks, such as the “Free” Wi-Fi at your preferred coffee shop?
First verify your Wi-Fi/general security settings when connecting to unsecured networks. For best protection the firewall should be on (any flavor, Operating System or third Party), Antivirus configured, updated and active, and you should attempt to connect to Wi-Fi networks that preferably have some type of encryption.
Authentication and Encryption for Wi-Fi networks, what is that?
Here are some steps that you can take to secure your home Wi-Fi network that also provide details around best practices for Encryption and Authentication in Wi-Fi networks.
ADMINISTRATION
- Many Wi-Fi access points the default administrator login and password is well known. In fact, these default accounts can often be found listed on the Internet. So be sure to change the default administrator login and password to something that only you know.
- For administrative access to your Wi-Fi access point, you should disable wireless access and instead require a physical network connection, such as using an Ethernet cable. If you must have wireless administrative access, then at a minimum disable HTTP access and require HTTPS, which supports encryption.
WI-FI NETWORK NAME
- Another option you will need to configure is the name of your Wi-Fi network (often called SSID). This is the name your devices will see when they search for local Wi-Fi networks.
Change your default Wi-Fi network name giving your network name something unique so you can easily identify it, but make sure it does not contain any personal information.
- There is little value in configuring your Wi-Fi network as hidden (or non-broadcast).
Today most Wi-Fi scanning tools or any skilled attacker can easily discover the details of a hidden network. The recommended option is to leave your Wi-Fi network visible, but secure it using the details in the next step.
ENCRYPTION & AUTHENTICATION
- This step is to ensure that only people you know and trust can connect to and use your Wi-Fi network and that those connections are encrypted. You want to be sure that neighbors or nearby strangers cannot connect to or monitor your Wi-Fi network. Fortunately, these dangers are easily mitigated by simply enabling strong security on your Wi-Fi access point. Currently one of the best options is to use the security mechanism WPA2. By simply enabling this you require a password for people to connect to your Wi-Fi network, and once authenticated, those connections are encrypted. Be sure you do not use older, outdated security methods, such as WEP, or no security at all, which is called an open Wi-Fi network. An open network allows anyone to connect to your Wi-Fi network without any authentication.
The recommended encryption method for WPA2 is AES only, versus other options such as TKIP or TKIP+AES.
- When configuring the password people will use to connect to your Wi-Fi network, make sure it is different from the administrator password and that the password cannot be easily guessed; it is recommended using a password at least 15 characters long. This may sound like a very long password, but remember you most likely have to enter it only once for each of your devices, as they will store and remember the password for future network access. If your Wi-Fi access point is in a physically secure location and only trusted members of your family have access to it, one option may be to tape the user password to the bottom of the Wi-Fi access point for easy recall. Remember that anyone you have given the password to will have access to your Wi-Fi network, so from time to time you may want to change it.
One final note, I recommend you turn off or disable WPS (Wi-Fi Protected Setup). WPS is a specification designed to ease the process of securely setting up your Wi-Fi access point. Recent vulnerabilities were found that may allow an attacker full access to your wireless network if WPS is enabled.
Yes, after you follow the steps described above to secure your home Wi-Fi network, you might upset some neighbors that were using your free Wi-Fi (and you were wondering how you used 60GB last month eh?)
Thinking Outside the Box With Kinnect in Retail
The Kinect has already taken living rooms around the world by storm and is rapidly changing the way consumers interact with gaming systems. This begs the question: Could Kinect change the way businesses interact with consumers and how consumers choose interract with businesses?
With the introduction of Kinect for Windows, we’ve only just begun to see how businesses are utilizing this exciting new tool. While trolling my Twitter feed I came across a blog post from Next at Microsoft highlighting how FaceCake has harnessed the power of the Kinnect in order to expand retailers’ e-commerce shopping revenues as well as in store options by allowing consumers to try out clothes using their Swivel virtual fitting room application.
Take a look at Steve Clayton talking to Tom Chamberlin from FaceCake about the possibilities of Retailers using the Kinect on the next level and what it means for Retailers.
To learn more about Second Foundation, click here to visit our website.
As 2011 Closes…
As the year comes to a close we begin to wonder what 2012 will bring and reflect on the events of 2011. It’s always interesting to try to remember the predictions, resolutions and desires that were made as 2011 was right around the corner and look back over the year to see what really came to fruition, especially in business.
While meandering through LinkedIn the other day, I came across a blog called Why Microsoft? More importantly, a specific post caught my attention and I thought I would share it with you.
Enjoy!
What mattered?
As they have for the past 10+ years, Google recently released their compiled list of 2011′s 10 fastest-rising global queries. So, what mattered in 2011?
This year the top 10 included a rising star, some fancy new technology, a shocking murder trial, a nuclear scare, and the passing of some very memorable people… for the list in full, click here.
Accompanied with this year’s list is a powerful video that captures a worldwide look at 2011 in just under 3 minutes.
2011… a year of adversity? Resolution? Crossroads? Inspiration?
A Holiday Wish for You
Christmas is right around the corner! We wanted to take the time to wish you a holiday season filled with laughter, love, and light. We hope you and your family have a safe and happy time together and an excellent start to the fantastic things 2012 has in store for all of us – both professionally and personally.
Merry Christmas from Second Foundation.
Where is your 10x focus?
While perusing a few business blogs I stumbled across a gem of a post that is a great take on team building within an organization – but not just building any team, building a 10x team.
At Second Foundation we build our project teams in a similar method to help you achieve the best results from every project you entrust us with – from the sales process right to your go-live, the team assigned to you is built based on a carefully selected balance of team members to help you complete your project goals.
Although this post is business focused, it made me think of how to this 10x theory can be applied in all areas of life. What team member are you? How would you apply this method to your team? Do you think there is value in this approach?
SonicWALL: The Next Generation in Firewall Security
Next generation Firewalls are already here! Is your company covered?
With today’s cyber-threats and distractions for your employees online with social media, now more than ever you you need to have all the security to fight these external threats, yet be able to control your applications internally for productivity sake as well.
Want to know more? Watch the video below!
