Category Archives: Cyber Security

Security Series Part 2: World Cup Photo Proves Importance of Network Security Once Again

One of the most difficult challenges in managing networks is their inherent vulnerability to human error. No matter how robust an organization’s security policies or how dedicated its IT staff, a silly oversight by one or more employees can render many precautions meaningless.

A startling example of just how quickly and thoughtlessly network security can be compromised occurred recently when the Wi-Fi network name and password for the security center at the World Cup in Brazil were accidentally posted online.

A newspaper photo of Luiz Cravo Dorea, head of International cooperation for the Brazilian Federal Police, was taken inside the center, run by Israeli security firm Risco, in front of a bank of computer screens, one of which showcased the sensitive information. Soon after the photo was posted, it was re-tweeted repeatedly for the entire world to see. Once the newspaper was made aware of the photo it was taken down and presumably, the network name and password were changed. But it is impossible to know if any intrusions occurred in the interim.

While businesses should make every effort to avoid these kinds of blunders, the unfortunate fact is that they do sometimes happen despite network engineers’ best efforts. When these mistakes occur, it’s imperative that businesses have network monitoring and security solutions in place that keep a simple oversight from turning into a total disaster.

Best-in-class network forensic appliances can be used to monitor compliance with security policies and to intercept and analyze unauthorized attempts to access a network. These products can automatically respond to security threats in a variety of ways, meaning that even if a password is leaked, intruders can’t freely enter a system and steal or compromise data. Continue reading

The Network Breaches Just Keep Coming

Today, WildPackets is introducing a 5 part series on security initiatives as it relates to network monitoring, analysis, and forensics. As part 1 of the series, we’d like to give you a feel for the seemingly non-stop security attacks that are occurring to companies regardless of size, industry or prominence.

Most of us remember the massive 2013 holiday Target security breach which served as a rude awakening to the general public.  Retailers have been unable to stop a seemingly continuous onslaught of network intrusions and nearly half of the American population has now been affected by these crimes according to researchers at the Ponemon Institute. In the past couple of months alone, the market has been hit with additional high-profile hacks including eBay and P.F. Chang’s.

The online auction site revealed in May that hackers broke into a database containing user information such as names, passwords,  email addresses, physical addresses, phone numbers and birth dates. While eBay claims that its encrypted passwords are nearly impossible to decode, the company notified its customers to reset their passwords as an extra precaution.

The company states that it has not experienced any increase in fraudulent activity yet, but the potential danger may come through the release of the compromised personal information.

This month, P.F. Chang’s China Bistro confirmed that it is investigating a potential security breach that may have led to the theft of customer credit card information. In early June, thousands of newly stolen credit and debit cards were discovered on Rescator, an illicit site that became notorious for selling payment information in the Target security disaster. The recent release of information represented the first large-scale appearance of data from stolen credit cards since March, when information from 282,000 cards was tied to a possible breach at Sally Beauty.

Several banks reported that this new Rescator cluster included cards that were previously issued to customers, and all had been used at P.F. Chang’s locations in spring 2014. As of yet, P.F. Chang’s has not tied fraudulent activity on customers’ credit cards to the possible breach.

If the breach is confirmed, P.F. Chang’s will be the fifth major retail chain to acknowledge that its network infrastructure was recently compromised. In these cases, criminals installed malware on retailers’ systems, which fed customers’ payment details back to their computer servers. Continue reading

Security Attack Analysis for Finding and Stopping Network Attacks

The bad guys are winning.

No, this is not a review of the latest superheroes movie. It is the plain and simple truth when it comes to network security attacks. We’re all too familiar with the names of big, formerly trusted organizations who have recently suffered breaches. And we’ve all been affected, both professionally and personally, by these breaches.

So rather than rehash these attacks once again, let’s take a brief look at an approach that can help make sense of the barrage of alerts from security systems, which instead of adding awareness, are merely hiding the needle in the haystack.

Current security systems do their job well – nowadays most would argue much too well. For fear of missing a critical event, security systems err (heavily!) on the side of caution. In doing so, they produce false-positives – a lot of them. The volume of these alerts can quickly become overwhelming, rendering them almost as useless as no data at all. Remember, this is exactly what Target admitted. They did see alerts when the initial hack happened, well before any data was taken, but those alerts went uninvestigated.

On the positive side, false positives can be reduced, and sometimes pretty quickly. Many false positives are a result of some routine activity on your network that may be classified as out-of-the-ordinary for a general network. And because it’s routine on your network, it generates lots of security alerts. Armed with detailed information at the time of the alert, quick analysis will indicate whether or not this condition is normal for your network, and if it is, you can retune your security solution to ignore this condition. Every time you are able to do this you make your security solution more and more effective – a lot less hay and more needles.

This approach is called attack analysis, and it relies on network recording and network forensics to supply detailed, network-based information that can be used to unequivocally determine whether or not a security alert is the real thing. And if it is, you have a complete recording of the network activity from before, during, and after the attack so you can quickly stop the attack and assess the damage.

Interested in learning more? Check out our complete webinar on this topic, including detailed use cases, at http://www.wildpackets.com/resources/ondemand_webcasts.