Tuesday, 16 February 2016

Malwarebytes Anti-Malware




Malwarebytes Anti Malware


The Malwarebytes Anti-Malware offers three different types of scans – Quick Scan, Full Scan, and Flash Scan. The Quick and Full Scans check the computer for possible threats while the Flash Scan is used for analyzing auto-run objects and memory. After each scan, an option to remove all or selected detected threats. A full report about the threats and what files are affected are also provided. Users can also choose which system to scan (e.g. registry, start-up items, etc). The program also features Chameleon technology. This feature ensures that the Malwarebytes Anti-Malware program runs on your computer without interruptions from malware.
The program also offers Protection Module. This module runs in the background, ensuring that your computer is safe from possible threats. If the Protection Module detects a threat, the file/files will automatically be stored in the quarantine section of the program preventing it from being installed on your computer. The program also offers a scheduler allowing you to manage the scanning schedules. Protection Module, Scheduler and Flash Scans are only available in the Malwarebytes Anti-Malware Pro version. ( press.malwarebytes.org, 2015)

·         Title:Malwarebytes Anti-MalwareFilename:mbam-setup-2.1.6.1022.exe
·         File size:20.55MB (21,546,080 bytes)
·         Requirements:Windows (All Versions)
·         Languages:en-US
·         License:Freeware
·         Date added:2012-10-05 08:25:52
·         Author:Malwarebytes Corporation
·         Homepage:http://www.malwarebytes.org/
·         MD5 Checksum:6cdeac78e5677e304477fb36351c3195

·         Malwarebytes' Anti-Malware is an application for computers running under the Microsoft Windows operating system that finds and removes malware.
·         Attacks relying on Macros haven’t let age dull their ability to wreak havoc on a network, with a variety of tricks designed to convince recipients into enabling them in Microsoft Word, believes Chris Boyd, Malware Intelligence Analyst at Malwarebytes.
·         Malwarebytes  Anti-Malware detects Cryptolocker infections using multiple names, to include Trojan.Ransom and Trojan.CriLock.XL, but it cannot recover your encrypted files due to the nature of asymmetric encryption, which requires a private key to decrypt files encrypted with the public key.( Just last month, antivirus companies  discovered a new ransomware known as Cryptolocker. This ransomware is particularly nasty because infected users are in danger of losing their personal files forever. Spread through email attachments, this ransomware has been seen targeting companies through phishing attacks. Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key. The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other. The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.)
·         While Malwarebytes cannot recover your encrypted files post-infection, we do have options to prevent infections before they start. Users of Malwarebytes Anti-Malware Premium are protected by malware execution prevention and blocking of malware sites and servers. To learn more on how Malwarebytes stops malware at its source. Free users will still be able to detect the malware if present on a PC, but will need to upgrade to Pro in order to access these additional protection options. (filefacts.com, 2015)

Backup:

·         Also, the existence of malware such as Cryptolocker reinforces the need to back up your personal files. However, a local backup may not be enough in some instances, as Cryptolocker may even go after backups located on a network drive connected to an infected PC. Cloud-based backup solutions are advisable for business professionals and consumers alike. Malwarebytes offers Malwarebytes Secure Backup, which offers an added layer of protection by scanning every file before it is stored within the cloud in an encrypted format (don’t worry, you can decrypt these).
·         Malwarebytes will NOT protect you against the AFP ransomware (Australian Federal Police). It will NOT detect it once the HDD is infected. The Malwarebytes "To The Rescue" disk will NOT boot once the machine is infected. (reddit.com, 2015)
·         To be more exact, MB wont protect you from any ransomware. Realtime file access protection is not in the toolset of MB. (evi.com, 2015)
From FBI: “To report potential e-scams, please go to the Internet Crime Complaint Center and file a report.”
(FBI) Cryptolocker …

Unfortunately, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.
Internet Crime Complaint Center (blog.malwarebytes.org, 2015)


References


·         https://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
·         https://press.malwarebytes.org/2015/06/24/six-key-facts-about-malicious-macros-and-the-cybercrime-economy/
·         http://www.filefacts.com/malwarebytes-anti-malware-info
·         https://www.evi.com/q/facts_about__malwarebytes_anti-malware
·         https://www.reddit.com/r/Malwarebytes/comments/2v04ok/the_facts_about_botnets_malwarebytes_unpacked/



Posted by No comments:

Information Security








INFORMATION SECURITY and ATTACK TYPES


A) Using various online resources try to find and document, with suitable sources, other IS security definitions.



The definitions of InfoSec suggested in different sources referenced in the wiki are summarised below:
·         "Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2009)
·         "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability." (CNSS, 2010)
·         "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)." (ISACA, 2008)
·         "Information Security is the process of protecting the intellectual property of an organisation." (Pipkin, 2000)
·         "...information security is a risk management discipline, whose job is to manage the cost of information risk to the business." (McDermott and Geer, 2001)
·         "A well-informed sense of assurance that information risks and controls are in balance." (Anderson, J., 2003)
·         "Information security is the protection of information and minimises the risk of exposing information to unauthorised parties." (Venter and Eloff, 2003)
·         "Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organisational, human-oriented and legal) in order to keep information in all its locations (within and outside the organisation's perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats.
·         Threats to information and information systems may be categorised and a corresponding security goal may be defined for each category of threats. A set of security goals, identified as a result of a threat analysis, should be revised periodically to ensure its adequacy and conformance with the evolving environment. The currently relevant set of security goals may include: confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability." (Cherdantseva and Hilton, 2013),(wiki, 2015)
·         The protection of information and information systems against unauthorized access or modification of information, whether in storage, processing, or transit, and against denial of service to authorized users. Information security includes those measures necessary to detect, document, and counter such threats. Information security is composed of computer security and communications security. (freedict.com,2015)
·         Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. (sans.org,2015)
·         "Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms." (Wikipedia, 2015)


B) Comment on the traditional definition of IS security and the definition of Cyber security


The traditional definition of IS security was the protection and prevention of exploitation of information online, today information scalability has increased to such a level that availability, authenticity and privacy have become the main ideals of IS security.                                   Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment.                   

Today a large set of tools, policies, security concepts and safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets can be described as cyber security. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment.                                                                                                                                                                             
The general security objectives comprise of the following:
·          Availability
·          Integrity, which may include authenticity and non-repudiation
·          Confidentiality, the assurance of privacy and personal information protection(itu.int,2015)



References


·         (wiki, 2015). Retrieved from:  https://en.wikipedia.org/wiki/Information_security
·         (freedict.com,2015). Retrieved from:  http://www.thefreedictionary.com/Information+security
·         (sans.org, 2015). Retrieved from: http://www.sans.org/information-security/
·         (itu.int,2015). Retrieved from: http://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx
·          


Bibliography


Posted by No comments:

Friday, 12 February 2016

IS Security Assessment 3




Security best practice & policies


Part 3  9/1/2015



By Conway Maurirere




“Which factors should a firm monitor as part of their security policy”

Factors an organization should consider as part of their security policies depend on many factors, including the size of the organization, the sensitivity of the business information they own and deal with in their organization, and the types of information and computing systems they use. For a large company, developing a single policy document that covers all types of users within the organization and addresses all the information security issues necessary could be impossible. A more effective concept is to develop a suite of policy documents that will cover all information security issues which can be targeted at specific groups within the string of users in the organization, making the policies a more efficient process for all within the organization.
Factors taken into account would include audience type and company business and size, in fact an inventory of the organization may prove useful in determining what are the factors and how they can be addressed, some will be, what kind of data does the organization have, this could include customer data such as account records, transaction and financial information, contact information, history, employee information like salary and income, bank information, email and important business information like marketing plans.
Another factor would be how all this information should be protected, there is a saying that goes “data is most at risk when it is on the move” (cyber security planning guide, p1, 2015) meaning if data were kept in a single place and never touched then that would be the perfect protection but businesses need to move information through their organization, it must be accessed, managed, used by customers and employees and shared, this exposes the information to many forms of danger such as abuse, tampering, wrongful manipulation, theft or corruption.
A just as important factor a firm should monitor as part of their security policy would be access or who has access to their information, for what purpose and under what circumstances. Information is accessed by specific groups and people; the marketing sector needs to access information about their organizations sensitive marketing information but they should not be allowed access to say customer’s private financial information, this is why its necessary to assign access rights to the organizations data and information, this means creating specific access rights to specific groups and people to information relevant to their circumstances and managing those access rights.
One other factor if the organizations life cycle has grown may be the maturity of the policy development process currently in place. An organization which currently has no information security policy or only a very basic one may initially use a different strategy to a company which already has a substantial policy framework in place, but wants to improve it and start to use policy for more complex purposes such as to track compliance with legislation. When starting out it is a good idea to use a phased approach, starting with a basic policy framework, hitting the major policies that are needed and then developing a larger number of policies, revising those that are already in place and adding to this through the development of accompanying guidelines and job aids documents and tool which will help support the policy (www.sans.org, 2015).
To protect an organizations data on the internet policies must be put in place to ensure the safety of that businesses information, the organization may manage their own servers or set policies to manage their information with third parties such as web hosting companies.
Finally, the organizations policies should abide by the governments legislations and laws, a security policy should fulfil many purposes. It should protect people and information, set the rules for expected behavior by users, system administrators, management, and security personnel, authorize security personnel to monitor, probe, and investigate and define and authorize the consequences of violating these polies.



“Which business processes are most likely to impact upon that policy”



Information security policies


This allows policies for best practice that can be followed by all employees. They minimize risk and ensure that any security incidents are effectively responded to. Information security policies can also employ staff to participate in the company’s efforts to protect its information assets, and the process of developing these policies can also help define these assets (www.sans.org, 2015).



Online security and access rights to users and employees

It's important to create a corporate policy on Internet and for device usage that makes rights and responsibilities clear to everyone. Employers should define their risks and security needs and measures should be put in place to ensure that these measures are abided by.
Set rules for acceptable use of email, instant messaging, social networks, blogging and Web surfing, as well as for downloading software and apps. Also, consider establishing an electronic code of conduct for employees to sign such as a login password that will keep track of the employee’s history for security purposes, if the need were to arise then information pertaining to that employee’s history can be easily accessed.
Policies must be in place to protect the organization from improper use of digital assets, the organizations digital policy and to set limits on employee privacy in the workplace, the fact that monitoring will occur as well as informing the organization, the customers and employees of the policies intentions ensures and requires their fully informed consent, this is to protect the organization from morale or legal issues, this monitoring is because the organization is obligated to maintain a compliant workplace.



IT security and encryption


Encryption is a security tool that an organization would employ to keep sensitive information confidential, there are two ways to encrypt data. Asymmetric PKI (public-key infrastructure) encryption, based on a pair of cryptographic keys, one is private and known only to the user, while the other is public and known to the receiving party. PKI provides privacy and confidentiality, access control, proof of document transmission, and document archiving and retrieval support, the other method of encrypting data is symmetric key protection, its faster than PKI but less secure, symmetric encryption uses the same key to both encrypt and decrypt messages. Symmetric technology works best when key distribution is restricted to a limited number of trusted individuals. Since symmetric encryption can be fairly easy to break, it's primarily used for safeguarding relatively unimportant information or material that only has to be protected for a short period of time (itsecurity.com, 2015).

IT security protects the organization from multiple forms of danger, these attacks and problems usually effect and can be identified and controlled through the monitoring and management or defense against these systems and circumstances,

Access Control, Email Security, Firewalls, Intrusion Detection Systems, Malware systems, software and management, Network Access Control, Vulnerability Scanning, Security Audit, Spyware systems, software and management, VPN Security.






“Discuss the impact of cloud computing on an organization’s security policy”

Cloud computing has ushered the beginning of a new model concerning security policies, especially for larger infrastructures. Security policies must now take into account the advantages and disadvantages Cloud has brought to the table like the advantages computer and storage resource sharing have on reduced cost. Such features would not only have a direct impact on an organizations budgeting agenda but also have an effect on how these new security policies would affect traditional security, trust and privacy policies. These policies may no longer be as feasible as they were pre cloud integration so may have to be revamped to fit the newer models, many of these systems are no longer adequate, so would need to be rethought to fit these new models.

When employing the services of the cloud to protect your data an organization should firstly categorize their information by importance then find the suitable cloud storage service provider for that level of information (pandasecurity.com, 2015).

For an organization to evaluate and manage the security of their cloud environment with the goal of mitigating risk and delivering appropriate support for that information, the organization should consider policies for the following,

1. Ensure effective governance, risk and compliance processes exist by establishing security and compliance policies.

2. Audit operational and business processes which hosts their applications and data to assess effectiveness in enforcing the organizations policies.

3. Manage people, roles and identities. The organization must ensure their provider has access processes to their data showing their environment is suitably managed.

4. Ensure proper protection of data and information, security considerations must be defined for cloud computing services.

5. Enforce privacy policies for laws and regulation relating to the storage and use of the organizations information for example requirements to tag the data appropriately.

6. Assess the security provisions for cloud applications means the organization must protect the business critical applications from threat.

7. Ensure cloud networks and connections are secure, allow legitimate traffic and protect from malicious traffic.

8. Evaluate security controls on physical infrastructure and facilities.

9. Manage security terms in the cloud service level agreement.
10. Understand the security requirements of the exit process e.g. Is it clear what legal and regulatory controls apply to the provider's (cloud-council.org, 2015).

References
·      cyber planner, p1-p5, 2015. Retrieved from: Cyber Security Planning Guide, Federal Communications Commission


·      itsecurity.com, 2015. Retrieved from: http://www.itsecurity.com/features/encryption-101-010308/


·      cloud-council.org, 2015. Retrieved from: http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf
































Posted by No comments:

IS Security Assessment 2








Disaster recovery plan

Assessment 2 – Semester 2 2015



Conrad Maurice Maurirere  |  ITSY&.660 INFORMATION SECURITY SYSTEMS  |  September 1, 2015


    
    



Contents
Introduction.. 2
BCP and DR relationship. 2
Points to consider when creating a DRP for a small business. 3
Alternate data storage facilities. 3
Back up. 3
Vendor recovery. 4
Creating the DRP.. 4
Implications of not updating or following through with the DRP when an incident occurs. 5
References. 5

Introduction


In this assessment I will describe how the Business Continuity Plan (BCP), also call an Emergency Plan, relates to the Disaster Recovery Plan (DR), describe the necessary components, and the contents of a DR suitable enough for a small business and comment on the implications of not updating the DR or following through with the DR in the event that an incident occurs.

BCP and DR relationship


When a company or business suffers from a disruption, be it an unplanned disaster or other disruptive encounter that interferes with the normal processes of the business, the business loses a segment of their worth, this is usually in the form of customers, resources, materials, value, presence, integrity or even time but ultimately all this can be defined as a loss in money because lost revenue and increased expenses equals reduced profits.
Enter the Business Continuity Plan, the BCP is essential in ensuring a business continues its normal performance, the BCP is a document that contains critical information designed specifically with the sole purpose of ensuring that a business stays in optimal form covering any contingencies that may occur that can cause business disruption.
When creating a business continuity plan these four steps must be adhered to:
·         Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
·         Identify, document, and implement to recover critical business functions and processes.
·         Organize a business continuity team and compile a business continuity plan to manage a business disruption.
·         Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.
The Business Continuity Plan would typically look like this.


Fig 1 (ready.gov, 2015)


A disaster recovery plan (DRP) is a set of procedures normally in written form that a company or business can use to recover from a disruption that can cause the business to suffer negative consequences and/or financial loss, the DRP can also protect a business infrastructure in the event of a disaster or business disruption, it does this by identifying business disruptions and replying by correctly responding to the disruption, by following its procedures the business can recover as quickly as possible.
 "The DRP is a comprehensive statement of consistent actions to be taken before, during and after a disaster." (Wikipedia.org, 2015)
The link between the BCP and DRP is that the BCP stipulates the best practices in ensuring the consistent operation and continuous maintenance of the business while the DRP is set in place to correctly identify all problems a business may face and allocate the correct response to these problems, a Business Continuity Plan without a Disaster Recovery Plan will lack feasibility in applying its purpose.

Points to consider when creating a DRP for a small business


There are many different types of DRPs, some that can take a long time to create improving it over time, a DRP that a business chooses can vary from the simplest aspects to the more complex points but  it mainly depends on the size and resources of that business but even a small business would prosper with an efficient plan, once the plan has been created it should be tested at least twice a year to ensure it is still successful, a small business if able should apply this testing regularly to keep up with larger businesses and  competition, after the plan has been made at least 2 individuals must take the responsibility of being on call 24 hours a day so that if needed are able to be contacted immediately to be informed of the extent of the damage sustained, the person who is in charge of the DRP will usually identify the scale of the problem, such as, does it prevent usage or service, if this disruption occurs through to the business normal working hours then the DRP must be initiated. The relevant players in this plan would then meet and start to implement the DRP recovering as efficiently as possible so as to prevent as much a financial loss as possible, some points to consider for a small business when creating their DRP could be,

Alternate data storage facilities


Information is important so measures to protect business information as well as protect the services that pull out and capture that information must be taken, this can be done by incorporating some redundancy and resiliency to the systems so if a problem does occur, then not only can the business recover their information but also recover the systems that the business provides.
Prioritize and evaluate the business systems to determine which system should be needed first then test them to ensure they are ready when needed
Information security is the most important part of a business, even a small business would consider the security of its information taking measures such as these to protect it.

Back up


·         Back up information to the cloud at regular intervals
·         Alternate offline storage facility
·         Data mirrored between 2 sites
·         Stored data at alternative site

Vendor recovery


·         Vendor may provide alternate primary business location until business has recovered

Creating the DRP


If a small business was to follow their Disaster Recovery Plan then that business would have a document that would help them recover from all disruptions by addressing and correcting problems, these problems vary over an enormous range of occurrences but can be defined down to disruptions caused by human-generated threats, environmental disasters, internet threats and theft.
When making a DRP firstly a thorough inventory of all resources and materials should be taken, the plan must have a detailed understanding of the threats and their impact on the business and should include strategies to recover, replace and correct the disruption as quickly and efficiently as possible, a small business should consider every problem that may occur, also being a small business these measures should also be considered.

·         Preventative and protective measures identify every disruption that may occur and set in place contingencies to prevent them, e.g.

               Access controls, e.g. processes put in place to protect against insecure access like passwords, firewalls, ID swipe cards
               Policies in place to ensure the safety of the business, its resources, information and customers, these policies detail aspects such as,

o              Information
o              Security
o              Usage
o              Backup
o              Capital expenditure big dollars
o              Operational expenditures
o              Contacts
o              Insurance

·         Contingencies to detect everything that may occur that can cause business disruption e.g. risk assessments
Consolidation is a small businesses friend for example one important constraint a small business may encounter may be costs, the financial status of a small business may hinder its ability to invest into an effective DRP but for the BCP to be applicable, investment into the DRP should be of the upmost importance, depending on the size of the small business the DRP should be considered the businesses lifeline and treated as such when determining the investment that should be put into it, if costs are a problem, then the DRP should cover only the most feasible disruptions that may occur as it would be pointless investing resources into a tornado contingency plan in a country that never has tornados, but maybe invest into more realistic disruptions and even lessen the costs more by categorizing the disruptions rather than investing into each one separately such as a natural disaster plan rather than a plan for every natural disaster there is.
While making an efficient DRP requires small businesses to make a significant investment of time, resources and money, the DRP is critical to the continued success of the small business, as the old adage says, hope for the best and prepare for the worst (smallbusinesscomputing.com, 2015).


Implications of not updating or following through with the DRP when an incident occurs.


The DRP should be tested regularly as this improves redundancy and its ability to prioritize the level of the disruption, as well as the response necessary by each line of service to address problems that can occur, the plan is tested by assessing its ability to perform against disruptions, some tools can be used to help in these assessments such as the risk assessment
The DRP should always be improved upon, updated and revised over as this keeps the plan current and more thorough, this allows it to incorporate any new disruptions that are identified thereby giving the opportunity of implementing new contingencies to address those disruptions making the plan more robust and giving the plan more integrity.
If the plan is not updated, then when an occurrence does happen outside of the expectations of the plan, resources, time and costs to a business are increased, a disruption with no contingency plan or plan to address and recover can cause dramatic and even for a small business irreparable damage.

References


     ·         ready.gov, 2015. Retrieved from: http://www.ready.gov/business/implementation/continuity
·         Wikipedia.org, 2015. Retrieved from: https://en.wikipedia.org/wiki/Disaster_recovery_plan
·         ready.gov, 2015. Retrieved from: http://www.ready.gov/business/implementation/continuity
·         smallbusinesscomputing.com, 2015. Retrieved from: http://www.smallbusinesscomputing.com/News/ITManagement/5-tips-to-build-an-effective-disaster-recovery-plan.html
























Posted by No comments:
Subscribe to: Comments (Atom)