We’ve Got Your Back!

We all tire of the daily COVID-19 emails from dozens of organizations; but we know that functional IT and telecommunications systems, allowing our teams to work from home where possible, are crucial to getting us all through this crisis. 

In that spirit, Citon, TLX, NetGuard and NetTel have implemented multiple steps to ensure both continued service, and to support of the health and safety of your and our employees:

  • Our teams are rapidly deploying both voice and data remote access solutions so employees can work from home.  If you do not already have remote work systems in place please contact your sales rep today so you are prepared.
  • If you are a managed service customer, we will continue to support your teams as they work from home.  If your employees are working from home computers rather than company owned computers, anti-virus, windows patching and other security measures must be considered. Please consult with your sales rep to ensure your data remains secure.
  • Engineers will be dispatched for on-site work only for issues that cannot be resolved remotely.
  • When on-site, our team will observe the social distancing, hand washing and other guidelines issued by the CDC.
  • Engineers will have cleaning wipes with them to clean surfaces before and after they work on them.
  • Engineers are also being supplied with nitrile gloves that will be routinely changed.
  • Most of the Citon and TLX teams are now working remotely and are providing full service to you.  We expect no disruption of service during this time.
  • Our emergency response teams are meeting daily to remain agile in this constantly changing situation.

You can have confidence in our ability to secure and support you through this crisis.  We’ve got your back!

Sincerely,

Citon, TLX, NetTel and NetGuard

Steven M Dastoor

Firewall: 101

How well do you know your firewall?

Do you know how your firewall works? Firewalls are an essential part of your infrastructure’s defense. It decides which network traffic to reach your computer. The two layers that are involved from the OSI model are 3; Network layer, and 7; Application Layer. Layer 7 interacts directly with the software applications, while layer 3 transfers data.

Firewall Layers

When it comes time to tell your firewall which types of traffic are OK to admit and which ones it should block, there are multiple ways to categorize traffic into “OK” and “not OK” categories. Each approach corresponds to a different firewall “layer,” as defined by the OSI model.

Layer 3 Firewalls (Network Firewalls)

One way is to categorize traffic according to IP addresses. You could tell your firewall to accept traffic from certain IP addresses while blocking all other traffic. Alternatively, you could blacklist IP addresses that you know to be sources of abuse.

If you categorize traffic in these ways, you’re operating on layer 3 of your firewall. You’re essentially allowing and blocking individual network packets depending on where they originated and which ports they want to talk to.

Layer 7 Firewalls (Application Firewalls)

The other common approach to firewall configuration involves layer 7, which is also known as the application layer.

Layer 7 lets you sort traffic according to which application or application service the traffic is trying to reach, and what the specific contents of that traffic are. Rather than simply blocking all traffic on a certain port, you could use an application firewall to accept traffic on that port in general, but block any traffic that contains a known vulnerability.

Layer 3 vs. Layer 7

If layer 7 provides the greatest opportunity for advanced firewall configuration, why would we talk about layer 3 at all? The answer is that they’re different tools that mitigate different kinds of risks and it’s not an either/or question. In most cases, you’d use both a L3 and an L7 firewall and the two complement each other.

L3 firewalls make decisions based on a much more narrow set of variables (IPs and ports) than L7 firewalls, which look at a literally infinite amount of unique requests. Thus, L3 firewalls are generally able to have much greater throughput than L7 firewalls. Further, because they address a lower level of the stack, L3 firewalls cover a wider variety of scenarios than an L7 firewall.

The lack of protocol awareness, though, is a significant blind spot the L7 firewalls address. Especially as HTTP has become the universal app protocol, attackers are more likely to probe and exploit weaknesses within the app layer. So, if you have just an L3 firewall that allows all traffic to port 80, you’re blind to those risks. An L7 firewall is able to look within the app layer and make decisions regarding whether to allow a request based on what it contains—not just the port it’s trying to reach.

Because of these trade-offs, the best model for most scenarios is to use multiple layers of defense in depth; specifically, have an L3 firewall at the edge that only allows inbound traffic on the specific ports your apps use.

Conclusion

Ideally, then, you’ll have the ability to use both layer 3 firewall filtering and layer 7 filtering as needed. By being able to filter both at the network level and the application level, you have maximum ability to protect your infrastructure and services against intruders.

Article written by John Morello at Security Boulevard.

 

Here at CITON, we believe knowledge is power. We hope this article provides you some insight as to how important our firewall software is to your business. Call us for more information (218) 720-4435.

What do your employees know about social engineering?

Have your employees been informed about the safety of phishing through social engineering? There are numerous ways to fall victim to this attack. Be prepared to protect your data with software that can protect against this.

Social engineering is a technique used by criminals and cyber-crooks  to trick users into revealing confidential information. The data obtained is then used to gain access to systems and carry out actions to the detriment of the person or organization whose data has been revealed.

This practice basically exploits the trust that the user unwittingly places in the criminals, who often pose as a company employee, colleague, friend or boss. Under the guise of checking or protecting the user’s information, the criminals ask for confidential information which can then be used to steal the victim’s identity, money, etc.

How does social engineering work?

Social engineering is still one of the most common means of cyber-attack, primarily because it is highly efficient. To criminals, the user is the ‘weakest link in the security chain’.

Users are normally targeted in two ways: either over the phone or online.

– By phone, criminals pose as employees of a company or organization, say a bank or ISP, and after going through some typical questions and statements in order to gain the trust of the potential victim, they will then ask for login credentials and passwords.

– The most common fraud technique on the Internet is phishing. In this technique, users reveal data because they think they are on a trusted website. Another way that social engineering is used online is using attachments to emails from people known to the victim. Malware is used to attack users’ address book sand send emails –with the attacker’s file attached- to all their contacts.

How to avoid falling victim to social engineering

First and foremost, to prevent data theft through social engineering be wary and use common sense:

– Never reveal your passwords or login credentials to anyone. If a legitimate technician needs to access your account or information, they should be able to do this without needing you to give them your details.

– When you enter your details on a website, make sure the URL is correct.

– Never open strange-looking files or attachments, even if they come from someone you know.

 

Thank you Panda Security for the article.

Call CITON to find out how we can help defend your business’ data and hardware. (218) 720.4435.

Protecting against Ransomware

Ransomware attacks can happen to any business of any size. Usually the target of these attacks are individual computers, but recent attacks on weak IT infrastructures have been on the rise. Here at CITON we pride ourselves in protecting our customer’s data. Ask us about our Aardvark software to assist in defending your business.cloud2

How Ransomware Attacks Typically Work

In a previous post from BackBlaze.com, they described the common vehicles used by hackers to infect organizations with ransomware viruses. Most often, downloaders distribute trojan horses through malicious downloads and spam emails. The emails contain a variety of file attachments, which if opened, will download and run one of the many ransomware variants. Once a user’s computer is infected with a malicious downloader, it will retrieve additional malware, which frequently includes crypto-ransomware. After the files have been encrypted, a ransom payment is demanded of the victim in order to decrypt the files.

What’s Changed With the Latest Ransomware Attacks?

In 2016, a customized ransomware strain called SamSam began attacking the servers in primarily health care institutions. SamSam, unlike more conventional ransomware, is not delivered through downloads or phishing emails. Instead, the attackers behind SamSam use tools to identify unpatched servers running Red Hat’s JBoss enterprise products. Once the attackers have successfully gained entry into one of these servers by exploiting vulnerabilities in JBoss, they use other freely available tools and scripts to collect credentials and gather information on networked computers. Then they deploy their ransomware to encrypt files on these systems before demanding a ransom. Gaining entry to an organization through its IT center rather than its endpoints makes this approach scalable and especially unsettling.

SamSam’s methodology is to scour the Internet searching for accessible and vulnerable JBoss application servers, especially ones used by hospitals. It’s not unlike a burglar rattling doorknobs in a neighborhood to find unlocked homes. When SamSam finds an unlocked home (unpatched server), the software infiltrates the system. It is then free to spread across the company’s network by stealing passwords. As it transverses the network and systems, it encrypts files, preventing access until the victims pay the hackers a ransom, typically between $10,000 and $15,000. The low ransom amount has encouraged some victimized organizations to pay the ransom rather than incur the downtime required to wipe and reinitialize their IT systems.

The success of SamSam is due to its effectiveness rather than its sophistication. SamSam can enter and transverse a network without human intervention. Some organizations are learning too late that securing internet-facing services in their data center from attack is just as important as securing endpoints.

What all the organizations successfully exploited by SamSam have in common is that they were running unpatched servers that made them vulnerable to SamSam. Some organizations had their endpoints and servers backed up, while others did not. Some of the victims chose to pay the ransom — a strategy that in the past hasn’t guaranteed that the hackers will decrypt the hijacked files.

Article written by Roderick Bauer from Backblaze.com

Call CITON today to have your IT infrastructure assessed (218) 720-4435.

 

What do you know about Phishing?

Keep yourself up-to-date with the latest facts on Phishing and how it can impact your business.

Phishing is still a prevalent form of attack that can be avoided with the proper defense precautions. This article from KnowBe4 provides relevant information on how to keep your information safe, and up-to-date facts. Contact CITON to find out how we can help you and your business protect your data through anti-malware and ransomware. (218) 720-4435.

Phishing is a core tactic in the cybercriminal’s arsenal. It’s the basis for the majority of social engineering, CEO fraud, and malware infection. The Anti-Phishing Working Group (APWG) just-released 3rd Quarter Phishing Activity Trends Report provides insight into the current state of phishing.

Some of the highlights this quarter include:

  • Phishing Attacks Remain Constant – The number of unique phishing reports has remained relatively steady from Q2 to Q3
  • Phishing Focuses on the Money – Payment processing firms remained the most-targeted companies, followed by the banking sector
  • Encryption is on the Rise: Phishing attacks hosted on secure sites continues its steady increase since 2015
  • Redirection is Key to Avoid Detection: phishing attacks are using redirectors both prior to the phishing site landing page and following the submission of credentials to obfuscate detection via web server log referrer field monitoring

The data collected by APWG provides some key insight on how organizations need to protect themselves:

  • Expect phishing to continue – there are zero indications that phishing is declining at any point in the near future.
  • Focus on the Phish – Before malware, ransomware, or social engineering can have an impact, the email needs to get to the Inbox, be opened, and have a malicious action taken first. So, your greatest protection is found in stopping the phishing from being successful.
  • Take a Layered Approach – Put proactive security measures like endpoint protection email and web scanning, and Security Awareness Training in place in order to both spot and stop phishing emails from either ever reaching an Inbox, or ever being engaged with by a user.

Article written by Stu Sjouwerman.

Keep this information in mind when opening your next unknown email, and if you do, keep us in mind. We’re here to help.