Internet Security

Report Uncovers Cloud Security Concerns and Lack of Security Expertise Slows Cloud Adoption

Crowd Research Partners yesterday (28th March 2017) released the results of its 2017 Cloud Security Report revealing that security concerns, lack of qualified security staff and outdated security tools remain the top issues keeping cyber security professionals up at night, while data breaches are at an all-time high.

Based on a comprehensive online survey of over 1,900 cyber security professionals in the 350,000-member Information Security Community on LinkedIn, the report has been produced in conjunction with leading cloud security vendors AlienVault, Bitglass, CloudPassage, Cloudvisory, Dome9 Security, Eastwind Networks, Evident.io, (ISC)2, Quest, Skyhigh, and Tenable.

“While workloads continue to move rapidly into the cloud, security concerns remain very high,” said Holger Schulze, founder of the 350,000-member Information Security Community on LinkedIn. “With a third of organizations predicting cloud security budgets to increase, today’s cloud environments require more than ever security-trained, certified professionals and innovative security tools to address the concerns of unauthorized access, data and privacy loss, and compliance in the cloud.”

Key takeaways from the report include:

  • Cloud security concerns top the list of barriers to faster cloud adoption. Concerns include protection against data loss (57 percent), threats to data privacy (49 percent), and breaches of confidentiality (47 percent).
  • Lack of qualified security staff is the second biggest barrier to cloud adoption, and more than half of organizations (53 percent) are looking to train and certify their current IT staff to address the shortage, followed by partnering with a managed service provider (MSP) (30 percent), leveraging software solutions (27 percent), and hiring dedicated staff (26 percent).
  • As more workloads move to the cloud, organizations are realizing that traditional security tools are not designed for the unique challenges cloud adoption presents (78 percent). Instead, strong security management and control solutions designed specifically for the cloud are required to protect the new, agile paradigm.
  • Visibility into cloud infrastructure is the single biggest security management headache for 37 percent of respondents, moving up to the top spot from being the second ranking operational concern in the previous year.

Download the complete 2017 Cloud Security Report here.

Linux Patch Management

The Importance of Linux Patch Management

In recent news there have been a number of serious vulnerabilities found in various Linux systems. Whilst OS vulnerabilities are a common occurrence, it’s the nature of these that have garnered so much interest. Linux patch management should be considered a priority in ensuring the security of your systems.

The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones, with an ever-growing desktop user base as well.

Open-source software is typically considered to increase the security of an operating system, since anyone can read, re-use and suggest modifications to the source code – part of the idea being that many people involved would increase the chances of someone finding and hopefully fixing any bugs.

With that in mind let’s turn our sights on the bug known as Dirty Cow (CVE-2016-5195) found in October – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system.

What makes this particular vulnerability so concerning however isn’t the fact that it’s a privilege escalation bug, but rather that it was introduced into the kernel around nine years ago. Exploits already taking advantage of Dirty Cow were also found after the discovery of the bug by Phil Oester. This means that a reliable means of exploitation is readily available, and due to its age, it will be applicable to millions of systems.

Whilst Red Hat, Debian and Ubuntu have already released patches, millions of other devices are still vulnerable – worse still is the fact that between embedded versions of the operating and older Android devices, there are difficulties in applying the updates, or they may not receive any at all, leaving them vulnerable.

Next, let’s have a look at a more recent vulnerability which was found in Cryptsetup (CVE-2016-4484), which is used to set up encrypted partitions on Linux using LUKS (Linux Unified Key Setup). It allows an attacker to obtain a root initramfs shell on affected systems. At this point, depending on the system in question, it could be used for a number of exploitation strategies according to the researchers whom discovered the bug, namely:

  • Privilege escalation: if the boot partition is not encrypted:
    — It can be used to store an executable file with the bit “SetUID” enabled. Which can later be used to escalate privileges by a local user.
    — If the boot is not secured, then it would be possible to replace the kernel and the initrd image.
  • Information disclosure: It is possible to access all the disks. Although the system partition is encrypted it can be copied to an external device, where it can be later be brute forced. Obviously, it is possible to access to non-encrypted information in other devices.
  • Denial of service: The attacker can delete the information on all the disks, causing downtime of the system in question.

Whilst many believe the severity and/or likely impact of this vulnerability has been exaggerated considering you need physical or remote console access (which many cloud platforms provide these days), what makes it so interesting is just how it is exploited.

All you need to do is repeatedly hit the Enter key at the LUKS password prompt until a shell appears (approximately 70 seconds later) – the vulnerability is as a result of incorrect handling of password retries once the user exceeds the maximum number (by default 3).

The researchers also made several notes regarding physical access and explained why this and similar vulnerabilities remain of concern. It’s generally accepted that once an attacker has physical access to a computer, it’s pwned. However, they highlighted that with the use of technology today, there are many levels of what can be referred to as physical access, namely:

  • Access to components within a computer – where an attacker can remove/replace/insert anything including disks, RAM etc. like your own computer
  • Access to all interfaces – where an attacker can plug in any devices including USB, Ethernet, Firewire etc. such as computers used in public facilities like libraries and internet cafes.
  • Access to front interfaces – usually USB and the keyboard, such as systems used to print photos.
  • Access to a limited keyboard or other interface – like a smart doorbell, alarm, fridge, ATM etc.

Their point is that the risks are not limited to traditional computer systems, and that the growing trends around IoT devices will increase the potential reach of similar attacks – look no further than our last article on DDoS attacks since IoT devices like printers, IP cameras and routers have been used for some of the largest DDoS attacks ever recorded.

This brings us back around to the fact that now, more than ever, it’s of critical importance that you keep an eye on your systems and ensure any vulnerabilities are patched accordingly, and more importantly – in a timely manner. Linux patch management should be a core consideration for all IT systems, whether they are servers or workstations, and of course regardless of the operating systems used.

This article was provided by our service partner ESET

managed storage

Advantages of Managed Storage for Business

Cloud service and managed storage providers offer valuable IT solutions for businesses of all sizes. Originally thought of as more for personal and less for business, cloud and managed storage for business is following in the footsteps of many personal technolgies adapted for business. Many businesses can benefit from comprehensive cloud services – hosted applications, Infrastructure as a Service and more – and the transition often begins with data storage needs.

COST SAVINGS

The first benefit, and perhaps most important in the minds of many business owners, is the cost advantage. Cloud storage is generally more affordable because providers distribute the costs of their infrastructure and services across many businesses.

Moving your business to the could eliminates the cost of hardware and maintenance. Removing these capital expenditures and the associated service salaries from your technology expenses can translate into significant cost savings and increased productivity.

SIMPLIFIED CONVENIENCE

All you will need within your office is a computer and an internet connection. Much of your server hardware will no longer be necessary, not only saving you physical space but eliminating the need for maintenance and employee attention. Your managed storage provider will maintain, manage and support your business. This frees up employees who would otherwise cover the tasks necessary for keeping your data safe and your server(s) up and running.

ENHANCED SECURITY

Instead of having hardware within your office, cloud storage is housed in a data center, providing enterprise level security, which is cost prohibitive for most individual businesses. There is also no single point of failure in the cloud because your data is backed up to multiple servers. This means that if one server crashes, your data stays safe because it is stored in other locations. The potential risk of hardware malfunction minimizes because your data is safely stored in redundant locations.

MOBILITY OPPORTUNITIES

The mobility benefits provided by the cloud are rapidly increasing for businesses of all sizes. In today’s world of connectivity, we are able to work (and play) whenever and wherever. While you’re waiting for a flight at the airport or at home with a sick child, you can still work – and work efficiently. Before cloud storage came along, working outside the office was problematic and more time consuming than it needed to be. Remember having to save your files on your laptop and then returning to work and needing to transfer your updated files to ensure others have access to the latest version?

This example highlights another one of the advantages of cloud storage – enabling mobility. If you work from multiple devices – i.e. phone, tablet and desktop computer – you won’t have to worry about manually adding the latest file onto each device. Instead, the newest version of your document is stored in the cloud and will be easily accessible from any of your devices.

SCALABLE SERVICE

With cloud storage, you pay for what you use, as you use it. You do not need to anticipate how much storage space you will need for the year and risk paying for unused space or running short. You can adjust the resources available through cloud storage providers and pay based on your current needs, modifying as they change.

veeam

Five considerations when searching for an off-site backup solution

For a number of years now, Veeam has been talking about the 3-2-1 rule of backups, whereby you keep three copies of your backup data on two different media types with at least one of those backups held off-site. Traditionally, most organizations have been able to put this into play by taking advantage of on-premises storage and media hardware along with multiple data center locations to cater for the off-site backup solution. This is where off-site data backup services can come into play to satisfy the off-site backup services requirement.

 
Off-site backup solutions offer numerous benefits to organizations, including increased efficiency and reliability based upon features and capabilities that not many companies may afford. There’s also no need to worry about infrastructure maintenance as that burden lies with the service provider, and the scalability of service providers can be leveraged without an upfront CAPEX spend. Another advantage of off-site backup solutions is accessibility, as the data is accessible from any internet-connected location and device.

 

Since Veeam Backup & Replication v8, Veeam has offered Cloud Connect as a means for the Veeam Cloud & Service Provider (VCSP) partners to provide off-site data backup services. With Veeam Cloud Connect, they can give their customers the ability to leverage cloud repositories to store virtual machines in service provider facilities. By leveraging Veeam Cloud Connect Backup, a number of VCSPs around the world have built off-site backup solutions. The Veeam Cloud & Service Provider directory lists out VCSP partners in your region of choice… but how do you choose between them?

 
Below are five considerations when searching for an offsite backup solution:

1. Data locality and Availability

Data sovereignty is a still a major concern for organizations looking to back up off site to the cloud. With the VCSP network being global, there is no shortage of locations to choose from to have as an off-site repository. Drilling down even further, some providers offer multiple locations within region, which can increase the resiliency and Availability of off-site backups and let you choose multiple repositories to further extend the 3-2-1 rule. It’s also a good idea to do some research into the service providers uptime and major event history, as this can tell you either way if a provider offering the off-site backup service has had any history of Availability issues.

2. Recoverability and restore times
It’s hard to defeat the laws of physics, and in searching for an off-site backup solution you should think about how long the data you have in a cloud repository will take to restore. This goes beyond the basics of working out recovery time objectives (RTOs) in that taking backups off site means that you are at the mercy of the internet connection between you and the restore location and in the restore capabilities of the service provider. When looking for a suitable off-site backup solution, take into consideration the roundtrip time between yourself and the service provider network and also the throughput between the two sites making sure you test both, upload and download speeds to and from each end.
Note that Veeam-powered off-site backup services can improve recovery times compared to those that rely on tape-based backup due to Cloud Connect repositories at the service provider end being housed on physical disk.

3. Service provider certifications and SLAs

As with data locality, more and more organizations are looking for offsite backup solutions that meet or match their own certification requirements. This extends beyond more common data center standards such as ISO 9001 and 27001, but also now looks at more advanced regulatory compliance to do with data retention and goes as far as service providers abiding by strict security standards. If your organization is in a specific vertical, such as Healthcare’s HIPAA standard, then you may look for an off-site backup solution that is compatible with that.
It’s also worth noting that service providers will offer differing service level agreements (SLAs) and this should be taken on board when searching for an off-site backup service. SLAs dictate the level of responsibility a service provider has when it comes to keeping to their promises in terms of services offered. In the case of off-site backup, it’s important to understand what is in place when it comes to integrity and security of data and what is done to guarantee access to your data when required.

4. Hypervisor support

Multi-hypervisor support does come into play when looking forward towards extending off-site backup and looking at recoverability in the cloud. For example, Veeam Cloud Connect works with both VMware and Microsoft hypervisors, and VCSPs have the ability to offer one or both of these platforms from a replication point of view. However, with Cloud Connect Backup, the off-site backup repository is hypervisor agnostic; cloud repository is acting as a simple remote storage option for organizations to back up to. With Veeam Backup & Replication 9.5, you can now replicate from Cloud Connect Backups and choose a provider that has one or the other, or both hypervisors as platform options.

5. Cost

Cost might seem obvious, but given the variety or services offered through the service providers it’s important to understand the difference in pricing models. Some service providers are pure infrastructure providers (IaaS) offering Backup as a Service (BaaS), which means you are generally paying for a VM license, storage and there might be additional charges for data transfer (however, this is fairly rare in the IaaS space). These service providers don’t cover any management of the backups — generally this is handled by managed service providers that wrap service charges on top of the infrastructure charges offering end-to-end off-site backup solutions.

The five tips above should help you in searching for an off-site backup service. You need to remember that each service provider offers something slightly different, which means your organization has choice in terms of matching an off-site data backup service that suits your specific requirements and needs. My recommendations will also help you navigate through Veeam Cloud & Service Provider partners that leverage Veeam Cloud Connect for their off-site backup offerings.


This article was provided by our service partner. Veeam

Network Security : OpenDNS

Why Firewalls and Antivirus are not enough in our fight for the best network security ?

Understanding Malicious Attacks to Stay One Step Ahead

Network (firewall) and endpoint (antivirus) defenses react to malicious communications and code after attacks have been launched. OpenDNS observes Internet infrastructure before attacks are launched and prevent those malicious internet connections happening in the first first. Learning all the steps of an attack is key to understanding how OpenDNS can bolster your existing defenses.

Each step of the attackers operation provides an opportunity for network security providers to find the attack and defend the intrusion.

Network security - Example malware attacks

High level summary of how attacks are laid out. 

—> RECON: Many reconnaissance activities are used to learn about the attack target
—> STAGE: Multiple kits or custom code is used to build payloads. And multiple networks and systems are staged to host initial payloads, malware drop hosts, and botnet controllers
—> LAUNCH: Various Web and email techniques are used to launch the attack
—> EXPLOIT: Both zero-day and known vulnerabilities are exploited or users are tricked
—> INSTALL: Usually the initial payload connects to another host to install specific malware
—> CALLBACK : Nearly every time the compromised system callbacks to a botnet server
—> PERSIST : Finally, a variety of techniques are used to repeat through steps 4 to 7

We do not have to understand each tool and technique that attackers develop. The takeaway from this is to simply understand how multiple and often repeated, steps are necessary for attackers to achieve their objectives undermining your existing network security tools.

Compromises happen in seconds. Breaches start minutes later and can continue undetected for months. Operating in a state of continuous compromise may be normal for many. but no one should accept a state of persistent breach.

Existing defenses cannot block all attacks. 

Firewalls and AntiVirus stop many attacks during several steps of the ‘kill chain’, but the volume and velocity of new attack tools and techniques enable some to go undetected for minutes or even months.

Network security - Firewall AntiVirus view of malware attacks

Firewalls know whether the IP of a network connection matches a blacklist or reputation feed. Yet, providers must wait until an attack is launched before collecting and analyzing a copy of the traffic. Then, the provider will gain intelligence of the infrastructure used.

Antivirus solutions know whether the hash of the payload match a signature database or heuristic. Yet providers must wait until a system is exploited before collecting and and analyzing a sample of the code before gaining intelligence about the payload used.

The OpenDNS Solution

Stop 50 to 98 percent more attacks than firewalls and antivirus alone by pointing your DNS traffic to OpenDNS.
OpenDNS does not wait until after attacks launch, malware install, or infected systems callback to learn how to defend against attack. By analyzing a cross-section of the world’s Internet activity, OpenDNS continuously observe new relationships forming between domain names, IP addresses, and autonomous system numbers (ASNs). This visibility enables us to discover, and often predict, where attacks are staged and will emerge before they even launch.

Network security - OpenDNS view of malware attacks

Why keep firewalls and antivirus at all?

Once we prove our effectiveness, we are often asked: “can we get rid of our firewall or antivirus solutions?” While these existing defenses cannot stop every attack, they are still useful—if not critical—in defending against multi-step attacks. A big reason is threats never expire—every piece of malware ever created is still circulating online or offline. Signature-based solutions are still effective at preventing most known threats from infecting your systems no matter by which vector it arrives: email, website or thumbdrive. And firewalls are effective at defending both within and at the perimeter of your network. They can detect recon activities such as IP or port scans, deny lateral movements by segmenting the network, and enforce access control lists.

“One of AV’s biggest downfalls is the fact that it is reactive in nature; accuracy is heavily dependent on whether the vendor has already seen the threat in the past. Heuristics or behavioral analysis can sometimes identify new malware, but this is still not adequate because even the very best engines are still not able to catch all zero-day malware.”

Your Solution:
Re-balance investment of existing versus new defenses:
Here are a couple examples of how many customers free up budget for new defenses.

• Site-based Microsoft licenses entitle customers to signature-based protection at no extra cost. Microsoft may not be the #1 ranked product, but it offers good protection against known threats. OpenDNS defends against both known and emergent threats.

• NSS Labs reports that SSL decryption degrades network performance by 80%, on average. OpenDNS blocks malicious HTTPS-based connections by defending against attacks over any port or protocol. By avoiding decryption, appliance lifespans can be greatly extended.

“OpenDNS provides a cloud-delivered network security service that blocks advanced attacks, as well as malware, botnets and phishing threats regardless of port, protocol or application. Their predictive intelligence uses machine learning to automate protection against emergent threats before your organization is attacked. OpenDNS protects all your devices globally without hardware to install or software to maintain.”