Jeff Brown

Why Do You Need Effective Web Content Filtering?

Posted on May 21, 2013 by
 

In the early days of web content filtering it was enough to configure a firewall to block certain sites from being accessed. An SME would maintain a blacklist of forbidden sites and update that list from time to time. This method did not offer deep packet inspection and only filtered Internet access based on a domain name.

A modern and effective web content filtering solution scans more than the domain name. By breaking down and analyzing web traffic, today’s filters are capable of accurately pinpointing portions of a web page that should not be allowed into the internal network. This allows websites to be accessed while blocking the portions of their content that is deemed unsafe by the filtering solution.

Why filter? Because granting your employees unfettered Internet access can open your company up to a host of problems, including:

  • Security risks
  • Legal issues
  • Loss of productivity

Let’s take a look at each of these concerns.

Security Risks

With the advent of Web 2.0 technologies, websites are now mash-ups of content that is aggregated from many other sites. This scenario adds complexity to filtering websites based on domain names alone. In particular, it opens up new avenues of attack for hackers and virus writers who are becoming increasingly successful at compromising syndicated feeds. If just one feed of data is compromised, all the websites that pull in that feed will deliver malicious code to their trusted users.

An effective content filtering solution will judge incoming web data based on its content and not its source alone. Malicious content that is smuggled into trusted sites will still be detected and filtered out, thus protecting the internal network.

web content filter

Legal Issues

Companies can be liable for the data that is transferred into their internal networks and servers. In an ideal world, you should be able to trust that all your employees will only use the Internet for the jobs they do. This is wishful thinking on the part of the employer. And while your employees may access Amazon or Facebook from time to time, there are those individuals who will access anything and everything they can, introducing data that is less than desirable to a company network. One single rogue user’s actions can create serious legal problems if his or her actions are not monitored. Pornography at work and downloading of copyrighted materials are a real and dangerous threat to an SME.

If a good web content filtering solution is in place, an SME is protected against this type of threat. Pornography and copyrighted material is blocked using standard filters. A web content filtering solution from a trusted vendor will also protect you legally because it shows your commitment to stopping this type of crime in your workplace.

Loss of Productivity

A security breach due to lack of web content filtering will undoubtedly affect your employee productivity. By the same token, an ineffective or badly configured web content filter can block legitimate content that is needed by your employees to do their job, affecting productivity in a very different manner.

A good web content filter acts very much like a sieve, allowing legitimate data to come through and bad data to be stopped. This means that a requested web page with some forbidden content will still load, but with some bits missing. This will allow the user to get the parts of the web page that are needed while still remaining protected.

Web content filtering is a crucial part of protecting your business, particularly from the standpoints of system security, legal liability, and employee productivity. Because of the complexity of websites today, content must be constantly monitored and filtered in order to keep your business secure. Having an effective web content filtering strategy that aligns with your internet monitoring software will ensure you are protected legally, boost your data security, and improve your employees’ productivity.

{photo used under Creative Commons from ell brown - flickr}

Posted in Infrastructure | Tagged , , , | Leave a Comment
Jeff Brown

How Secure is Your Email?

Posted on May 14, 2013 by
 

For all of the press out there about hacking and suspicious websites, one important facet of internet security that gets overlooked is email. Most of us know not to click on links in a spam message, and many of us realize that some email attachments harbor unsavory bits of code. Malicious code and viruses get transferred easily with email, often without the knowledge of either the sender or the recipient, via email attachments.

Viruses and malicious code aside, there is another issue of email security that you may be overlooking: the sending of sensitive information via email.

Common sense would dictate that any sensitive information – bank account numbers, credit card information, passwords, social security numbers – is best delivered through a secure channel. If you’re using email to send this type of information, you run the risk of exposing it to virtually anyone.

How?

Well, for starters, email is not secure. Let me repeat that, with emphasis: EMAIL IS NOT SECURE. Think of email as a postcard. Anything written on the back of a postcard can be read by anyone. Would you write your credit card number on a postcard and send it off through the mail? I didn’t think so.

There are many reasons email isn’t secure. Most people assume that since they work on a secure network, with a firewall in place, and antivirus software running, that everything they do online is protected. But a secure network doesn’t equal protection for your email. First of all, email, once created and sent, is hard to destroy. Most electronic documents are backed up and recoverable. They live forever in backup. If someone were to access backed up information with the intention of scouring it for sensitive information, backed up email would be a great place to start.

Secondly, the recipient of your email could store your email indefinitely on their computer. Anyone with a motive to access someone else’s computer could access their email and your information.

But wait, there’s more. Your email, once sent, could be intercepted and redirected. And even if it arrives at its intended destination, there is no rule to say your email couldn’t be forwarded without your permission.

The Limitations of Encryption

“Aha,” you may be thinking, “I have encryption on my email.”

Even if you’re one of the lucky ones whose email program encrypts everything sent out, don’t assume that you’re safe. Encrypted emails, once they arrive at their destination and are unencrypted in order to be read, can be forwarded without re-encrypting them. Sort of defeats the purpose of encryption, doesn’t it?

While this is not to say that the recipients of your (encrypted) messages are anything other than trustworthy, you just can’t be sure how secure their email environment is. A number of things are out of your control once you press “send” and one of those is what happens to your information once it’s been received. If your recipient leaves their computer to take a lunch break and doesn’t log off, anyone could scan their emails in the interim.

Another concern with encrypted email is this: if your email is received and unencrypted on an open Wi-Fi connection (such as at a coffee shop, airport, hotel, or public library), then the information is out there for anyone and everyone who might be interested.

Bottom line: encryption only works up to a certain point.

How do I send sensitive information online, then?

Put simply: don’t use email.

However, if you absolutely must do so, you need to take some additional steps in order to provide a little more security for your information.

  1. Put your information into a document or spreadsheet
  2. Encrypt the document so that it can’t be viewed without a password
  3. Email the encrypted document as an attachment
  4. Communicate the password to the recipient by means other than email (text, phone, carrier pigeon, etc.)

The recipient will not be able to view the encrypted document without the password, and neither will anyone else who might have access to the email and attachment. However – and I can’t stress this enough – your password needs to be as un-guessable as possible. That means no real words that could be found in a dictionary, no personal information (such as your pet’s name), and no recycled passwords.

Realize that even with these precautions, it might still be possible for someone to view your sensitive information. Know the risks, and be prepared to take responsibility.

Most of us live under the assumption that those we have contact with and conduct business with are good and honest. And for the most part, this is true. However, there are those individuals out there, unknown to you or me, who are actively seeking information from any and all sources for less than honest reasons. Don’t play into their hands. Don’t use email to send sensitive information.

Posted in Infrastructure | Tagged , | Leave a Comment
Jeff Brown

Is Your Home Network Putting Your Company Network at Risk?

Posted on May 7, 2013 by
 

If you’re one of the lucky ones using a wireless network to work from home, you know the particular joys of drafting a major presentation from the comfort of your own couch. But while wireless networking makes time spent online a little more enjoyable, it can also open up a host of issues if your home network isn’t properly secured. Even if you only use your home network for business activities, there are likely others in your home who are online for other reasons. Social networking, gaming, personal email accounts, search engine results – all have the potential to introduce security issues to your laptop, and by extension, to your office network.

home network

What kinds of security issues? Viruses, malware and spyware, identity theft, and data breaches are just a few of the issues you may have to deal with if your home Wi-Fi isn’t secured. And any one of these issues could be introduced into your company’s network if it manages to take up residence on your laptop. At the very least, your personal productivity could be affected; at the worst, the entire company network could be compromised.

Hackers have discovered that one of the most effective ways to breach networks is via unsecured home Wi-Fi, where they can capture credentials, passwords, and other personal information. Maybe it’s just your neighbor siphoning off your service for a free internet connection, and maybe it’s a total stranger looking for an opportunity to hack into personal information wherever they can access it. Either way, don’t make it easy for them to do so – secure your home Wi-Fi.

Steps to secure your home Wi-Fi:

  1. If your router also functions as a wireless access point, connect to it by inputting your Gateway IP Address into your browser. If your wireless access point is a separate device, you will need to enter the IP address that it was assigned during setup. (How do I find my Gateway IP Address?)
  2. Enable encryption on your access point, using either a WPA or WPA-2 encryption scheme.
  3. Set your router access password, changing from the default to a secure password. (How do I setup a secure password?)
  4. Change the SSID (aka your network name) and DO NOT disable the SSID broadcast
  5. Enable MAC address filtering on your access point or router. The MAC address is a uniquely identifying network address assigned to network interfaces. (How do I find my MAC address?)
  6. Disable remote login
  7. Disable wireless administrating

Keep in mind that all wireless routers ship from the manufacturer with a default name and password, and it’s up to the purchaser to change these when they put the equipment into service. Changing this is the first step toward home network security.

And while we’re discussing home network security, let’s not overlook the importance of these additional security measures:

While it’s true that keeping your home network connection safe from prying eyes takes a bit of effort on your part, doing so helps to keep security issues at bay in the workplace, as well. Imagine if the information on your laptop were laid bare for the world to see. Exposed personal information, including banking and credit card numbers, and business information including login credentials and passwords, could spell trouble on many levels. By securing your home network, not only do you protect your personal information, you also keep your company’s information from being exposed. Trust me; your network administrator appreciates that.

For more information: http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf

Posted in Infrastructure | Tagged , , | Leave a Comment
Jeff Brown

How To Protect Your Wi-Fi Network

Posted on April 30, 2013 by
 

Wi-Fi networking is common in today’s business environment, allowing for greater flexibility in establishing workstations and giving guests access to the Internet while on the office premises. how to protect your wifi Because of the broadcasted nature of the Wi-Fi signal, however, it’s essential to secure your Wi-Fi network. Just as an unsecured Wi-Fi network is one that is susceptible to hacking, a Wi-Fi that isn’t properly secured leaves your company information vulnerable to attacks.

Wi-Fi devices are shipped from the manufacturer with security disabled, which makes it easy to set up your network. Once you’ve gotten your network up and running, however, taking the following steps will help to secure your network from all manner of threats.

  1. Change the default network name (SSID) and credentials (username and password)
    In order to make accessing your Wi-Fi device’s configuration settings easy, Wi-Fi equipment ships with a default network name and credentials. Changing these will make your system easy to identify and will deter unauthorized users from accessing your network.
  2. Enable WPA2 security
    WEP security isn’t secure. In order to maximize the security of your Wi-Fi, you must use WPA or WPA2 security.
  3. Strong encryption
    An encrypted password for your WPA should be long and varied – ten characters or more, consisting of upper and lowercase letters, digits, and symbols. Since this password will not be entered on a regular basis, creating something easily remembered isn’t necessary. Make it complicated, and avoid using real words or phrases. And as an added measure of security, change the password on a regular basis.
  4. Implement 802.11i
    The extensible authentication protocol (EAP) mode of WPA and WPA2 security uses 802.1X authentication instead of pre-shared keys (PSKs), allowing each user to access the network via a login consisting of a username and password. The advantage of this is that the actual encryption takes place in the background, and in order to change or revoke user access all that needs to be done is to modify the login credentials on a central server.
  5. Use a Wireless Intrusion Prevention System
    Direct access to your network isn’t the only way hackers attempt to gain entry. Other methods of disruption include the setup of rogue access points or denial of service attacks. A wireless intrusion prevention system (WIPS) monitors and detects this type of activity.
  6. Update your firmware
    Firmware is the software that runs on the wireless access point. Firmware manufacturers regularly update this software, mostly to address security issues, making it especially important to install these updates as they become available.
  7. Physically secure your equipment
    While a large portion of Wi-Fi security is concerned with technology and encryption, don’t overlook the physical security of your wireless access points. Equipment that is easily accessible can be reset to factory settings, undoing all your security measures and leaving your network open and vulnerable.

While Wi-Fi networks have become the norm for business environments today, it’s difficult to make a network ironclad. At the root of network security is the idea that network access should be more trouble than it’s worth for unauthorized users. Remember, a secure network helps to protect company and client data from unwanted access, and any breach exposing this sort of information can seriously compromise financial health of your business.

{photo used under Creative Commons from 47941176@N00 - flickr}

Posted in Infrastructure | Tagged , , , | Leave a Comment