Got Antivirus? Next Step: IRP

Leverage An IRP to Protect Your Assets

IRP announcer

Congratulations for your proactive focus on protecting yourself against cyber threats! You've already taken the first steps by joining us to learn about and discuss cybersecurity.

With fundamental awareness and by taking the simplest steps you'll be major strides ahead of most. Just recognizing that obscurity is not security, and that hackers are happy to infect and use ANY computer they can find is huge.

But today's focus is on what happens when you recognize something fishy seems to be going on in your system. How do you react? What are your first steps, and how do you control the damage that occurs when symptoms turn into a full-fledged infection?

Let's begin with the understanding that—in terms of risk—operating a computer system is much like driving a car on a busy road. I'm sure we're all aware that being distracted behind the wheel greatly increases our chances of a crash. Whether tuning the radio or texting, taking our eyes off the road isn't good for safety.

So what's the opposite of distracted driving? It's defensive driving. Defensive driving is anticipating what could happen next and being ready for it. If that car in front of you hits the brakes suddenly, you'll be much less likely to rear-end it if you're anticipating their stop.

The same sort of preparedness in your computer system operation can save you hours of grief and BIG money when things go south. Seconds count!

Being prepared for the appearance of symptoms of hacking starts with preparation of an Incident Response Plan (IRP). Once completed, it's important to refresh your memory on the IRP every six months or at least annually.

A good IRP anticipates seven categories of activities:

  1. Preparation and Planning
  2. Detection and Analysis
  3. Containment and Mitigation
  4. Eradication and Recovery
  5. Post-Incident Analysis
  6. Communication and Collaboration
  7. Continuous Improvement

Of course, these parts of an IRP change in size commensurate with the number of people and systems it protects. Preparation of an IRP for a large organization can involve cross-functional teams of people and end up consisting of multiple volumes of information, whereas an IRP for an entrepreneur can be as short as a few pages. Individuals may have just one summary page of instructions they tack up on their bulletin board.

Regardless of size of the official IRP, having a concise one- or two-page set of instructions means you can act quickly to control the impact of a malware attack.

Don't forget—it's important to print out the IRP because an incident can often bring down computer systems from which you'd ordinarily read!

When It Happens

In simplest terms, isolation of the threat should be your primary concern. Disconnect the affected computer from your network immediately.

The next step depends on whether you're interested in forensic analysis of the issue—determining the source and nature of the infection—or not. For individuals and small businesses, this is normally less of a concern simply because the funds to hire a forensic specialist aren't there. In this case, the next step would be to simply do an orderly shut down of the computer, followed by taking whatever steps are possible to reinstate normal operation with recovered files. This is where a good backup can make all the difference.

Isolating the affected computer from the rest of the network can prevent the spread of malware and greatly reduce the effort required to return to normal.

More about preparing an IRP in coming articles.

Cyber Security 101

Take Care of the Basics

Let's cover some fundamentals of cyber security. By understanding a few concepts and taking a few simple steps, you can make your system much more secure.

Here, the 80/20 rule applies in a big way. By expending 20% of the total effort to make your system ultra-secure, you can improve your security by approximately 80%. That's to say it only takes a little time and effort to make huge strides in security!

The rank and file PC/tablet/phone user isn't protecting national security, so these first simple steps go a long way towards making you the kind of target a hacker will pass up to move on to easier systems.

First you should understand one fundamental principle that applies to all cyber security efforts.

The Cyber Security Triangle

There is a long-standing precept in cyber security illustrated by this image. The triangle represents a continuum with three points: security, functionality, and convenience (or ease of use). Any given computer system designed with security in mind falls somewhere on this continuum. The red ball represents where on the continuum the system lies.

Consider making a system more secure, represented by the red ball moving toward security. When you do that, you're forced to lose some convenience and/or functionality. An example of this would be to make your password more complex. This makes your login less prone to cracking (more secure), but makes it harder to remember and enter (less convenient).

On the other hand, if you make the system more capable by adding more programs, you move the ball toward functionality, but security and ease of use are affected. Security is diminished because you've created more opportunities for a hacker to find a vulnerability, known as increasing the attack surface. More programs also mean the system is more complex, and therefore more difficult to use and master.

Why is this important?

If you make changes which improve your security, you can expect to make your system a little less convenient, and sometimes a little less capable. This is the price we pay for better security.

Most Common Exposures

So what are the ways we commonly expose ourselves to hackers?

Phishing (pronounced fishing)

Estimates vary, but somewhere around 90% of successful cyber attacks on personal or corporate systems are by phishing.

What is phishing? It's including a link in email that leads to an exploit if clicked. When you click on the exploit link, it takes you to a website location where malware is instantaneously downloaded to your computer. Once this has been done the malware executes, completing the infection and giving the hacker access to your system.

The perpetrator will do everything he can to make the infection invisible to you. Often, the infecting page won't display anything, but will quickly redirect you to a legitimate page. All you would see is a brief flash of the infecting page URL in the address bar before the legitimate page is loaded.

Solution: Don't click the link.

The best protection against phishing is prevention. Just don't click links which lead to the infection.

How do you avoid the bad links? The simplest way is to never click links included in emails at all. Of course, this is hardly a workable solution. We rely on email links to get things done--to see a friend's Facebook post, correct account details, make payments, etc.

So what can you do to avoid trouble?

  • Hover over the link. All common email programs show the destination URL when you hover:
    Hover to see the URL Examine the link closely, especially the spelling of the domain. If the link isn't a domain you recognize as appropriate, don't click it. In this example, since the link is to facebook.com, you shouldn't have to worry about it, but if the domain were, for example, faceboook.com (notice the extra 'o'), you'd avoid it.

    Special note: Phishing schemes are becoming much more sophisticated. The email often looks legitimate based on theme colors and images. The perpetrator may even conduct some research on you via online searches to make the email appear to be coming from a friend.

Secure Your Passwords

You've heard it before. There's a reason it's important. Passwords are often cracked by use of brute force algorithm. A program is run which repeatedly tries common password variations and word combinations to break into a system.

Generally, the classic guidelines for passwords still apply. They are more secure if they:

  • Are long - the longer the better, but practically speaking, around 10-16 characters will suffice when the other characteristics listed here are employed.
  • Use combinations of upper- and lowercase letters.
  • Include numbers.
  • Include random punctuation marks.
  • Include special characters, like ']' and '@'.
  • Are changed regularly.

But these types of passwords are beginning to fall out of vogue in favor of pass phrases that are easier to remember. Such a password can often be brought to mind without using a cheat sheet.

An example would be: camel-antlers,Aren't>c0mm0n.

Test your password creativity by using a website like How Secure Is My Password. Enter a password like the ones you like to use, and it will tell you how long it would take to crack using a brute force attack. (Note: don't enter actual passwords you use, only passwords similar to the ones you like to use.)

Because passwords should be changed regularly and should be unique for each login, employing these guidelines can still be daunting unless you use a password database like Keepass.

For more information about things you can do to protect yourself online, check out this list of top 10 things you can do to harden your systems!

Throw Out Your Passwords!

That's right. Toss 'em!

Bill Burr, the analyst who conceived the original password guidelines for the National Institute of Standards and Technology (NIST), has expressed his regrets he ever spelled out using complex passwords with letters, numbers, and special characters, and changing them every 90 days.

Cyber Lock

It just drives people bananas and they don’t pick good passwords no matter what you do, he reported in a recent Wall Street Journal article.

The new advice? Use a string of words that's easier to remember, and don't worry so much about changing them every 90 days. The total length of the password makes them more secure.

Of course, it's still a bad idea to use the same password in multiple locations, so you'll need a lot of different combinations of words. Therefore, it's still advisable to use a secured password database like KeePass or Dashlane to store them all.

In addition, it still makes sense to use another secure layer for accounts which would have a high impact should they be breached. Two Factor Authentication (2FA), in which a unique code is transmitted to your phone, or using a special encrypted device for this purpose, is advised.

Summing Up:

  • Use a combination of words
  • Store passwords in an encrypted database with excellent master password
  • Sprinkle in a few non-alphabetic characters
  • Use Two Factor Authentication for added security
Example
bottle*score-high;brittle

Ready to Cope with Ransomware?

Ransomware

When I was a kid, it was skeletons under my bed. Nothing scared me more than the vision of the things lurking there ... so close ... waiting for a hand or foot to stray over the edge. I would lie there at night, not moving a muscle, listening for any little sound that might betray their position.

It was hard to sleep that way.

There are some benefits to growing up. Now I don't think twice about things under my bed. (It helps to have boxes jammed under there occupying every inch.) But of course that doesn't mean I don't fear anything, only that new fears have taken flight. I try not to think about the ones I have no power over, such as that rare perfectly aimed solar flare permanently killing the power grids and plunging us all into a new stone age. The ones that have my attention now are a bit less apocalyptic but just about as awful to consider.

What happens if someone weasels into some account or data store where my personal data is stored? Steals my identity and cleans out my bank account and savings, lays waste to my credit?

Ouch.

Thankfully, much of this risk is avoidable. Not only are there things to do that will help prevent it, they're relatively easy to do and mostly quite inexpensive.

The real hurdle to be overcome is the willingness to take the first steps.

Prevent. Control impacts. Finally, if required, rebuild.

Do you know what steps to take? Here are some tips to get you started.

Reduce Risk & Exposure

Partner with Your Professional Colleagues & Merchants
  • Don't give your information out without getting assurances they keep it secured.
  • Question the need for those who ask for your social security number.
  • Ask merchants for their public statement of information security.
  • Read about PCI DSS compliance (Payment Card Industry Data Security Standard), and question your merchants about their certification.
  • Don't store credit card information on web sites unless required, and if required, find out why.
  • Educate & train all users of your systems, or limit their abilities and access. Don't forget that EVERY system that uses your WiFi or wired network is a node that's an exposure.
  • Reduce personal information exposed on social media. Some friends may want to know your birthdate, but that doesn't mean the world needs that information.
Close the Open Barn Doors ... NOW!
  • Uninstall unneeded applications.
  • Make sure your applications get new updates as soon as they're available. You should be able to set your system configuration to automatically update as soon as new versions become available.
  • Get periodic port scans and keep unused ports closed. We offer periodic port scans for common ports as a part of our Bronze Membership!
  • Check the settings on your modem/router, or find a pro - let us know if we can help!
  • Prevent applications from starting when you log in or when your computer starts unless justified.
  • Turn off your computer when it's not in use, at least disconnect from the network. If you leave it on at night to run antivirus scans or complete a backup, you can update the virus definitions and then unplug from the network.

Be Ready for the Midnight Knock at the Door

  • Be sure you have antivirus protection running at all times.
  • Assure your home network effectively uses Native Address Translation (NAT). Don't think you have a network? Think again. Do you have a router? Do you use WiFi to attach to your home Internet? Then, yes, you have a home network.
  • Consider installing an Intrusion Detection and/or Prevention System (IDS/IPS).
  • Assure your firewall is in play.

Ready to Rebuild?

Exposure and risk around ransomware comes from 1) not using safe practices resulting in an infection, and 2) not having an effective backup. If your first line of defense fails, you need to be ready to write off your old system and start over from scratch.

  • Keep your backups running, and stored offline unless they're being updated.
  • Test the restore periodically.
  • Keep more than one backup. Sometimes malware hides quietly for awhile to try to beat this solution, so it gets saved away as a part of your backup. Store away several months of backups, don't just overwrite your previous backup with the new one.
  • Assure you have a system recovery disk or thumb drive. Windows provides the ability to create this backup of your Windows OS that will make your disk like new, but without your personal data. (You'll need a separate backup of your data, but you won't have to keep backing up your Windows OS all the time.)
  • Be aware that evolving exploits are becoming better at surviving your attempts to clear them out, and may survive a system restore.

Finally, DON'T FORGET YOUR PHONE AND TABLET ARE COMPUTERS THAT ARE ONLINE ALL THE TIME! All the above precautions apply to these mobile devices as well.

Being Online Is Risk, Highness

You've read the headlines. Heard the talk. The US used cyber warfare to destroy equipment being used by Iran to purify Uranium for bombs. Russia hacked systems in the US to get information that could be used to influence the 2016 election.

Those are the big guys. Their goals are political and defense oriented. But we all know there are a ton of operations out there - petty thieves and syndicates out there who just want to steal money.

"Some 15.4 million consumers were victims of identity theft or fraud last year, according to a new report from Javelin Strategy & Research. That's up 16 percent from 2015, and the highest figure recorded since the firm began tracking fraud instances in 2004."
- CNBC, 2017

The highest increase is in card not present transactions - those in which anyone with credit card information can make a purchase without presenting a card. These crimes increased by 40% from the prior year.

Are you playing a numbers game? Hoping to be obscure and safe by hiding among the millions online?

Of course we can't. The hackers use very effective scanning and searching tools to find vulnerable systems. It's no longer a matter of not being discovered, it's about being able to be invisible as well as hardening our systems.

Are you and your systems up to the challenge? Take a look at this quick quiz to see if you're up-to-date on some of today's threats.
  • What's phishing?
  • Can you be hacked if you use antivirus software?
  • What's an IPS?
  • Can you name 5 characteristics of safe password practice?
  • Would your systems pass a port scan?
  • What's a credential dump?
  • Are you protected against ransomware?
  • Have an automated backup for each of your systems?