From NewScientist:
EMAIL logs can provide advance warning of an organization reaching crisis point. That’s the tantalizing suggestion to emerge from the pattern of messages exchanged by Enron employees.
The Florida Institute of Technology analyzed Enron’s emails and found a correlation between the frequency of emails and their source and destination to the contiuied decline of the company. I love this type of research! Human interaction always seems to increase when “something is going down”.
This community of people asking questions and communicating more is a main reason why we recommend people to use Security Awareness as a mechanism to detect the internal “bad apple”, especially when layoffs or key employees will be let go.
With these new email analysis techniques, perhaps analyzing odd patterns of communication may be another indicator that a problem may be forming with a bad employee…
According to the article:
They examined the number of emails sent, and the groups that exchanged the messages, in the period around these events. They did not look at the emails’ content.
which is something any business can do by working with their mail server admin. Maybe someone will write an open source application that can do this for any business.
Too bad email information is not public for companies that trade on the stock exchanges as this would be a great technical analysis tool!
The folks over at countryipblocks.net bring up an interesting question: Does your local network really need to allow access to hackers located 12,000 miles away from you?
Nearly 80% of all harmful or malicious Internet traffic comes from “The Big Ten.” These are countries that include China, Brazil, Russia, India, Korea, Viet Nam, Ukraine, Turkey, Italy, and Argentina. These are countries where great computer engineering talent is produced, but at the same time lack the local jurisdiction to respond to cybercrimes quickly and adequately.
Thanks to hackers from The Big Ten, you need to have a great deal of money, knowledge, and resources to protect your websites from the malicious traffic that originates in these countries. Firewalls, encryption, antivirus, and security guarded systems are all part of the ongoing struggle to keep your enterprise safe.
But maybe there is an easier way. As countryipblocks.net and other sites like it advocate, you could just block all visitors from The Big Ten by blocking the IPs of those countries. If they can’t access your local network or your website, then they can’t cause any trouble.
It’s not that hard to do and there are several websites that instruct you how to create .htaccess files that will block IPs from countries of your choosing for your webserver (if you are running apache) or you can simply block them at your firewall. Whatever works for you.
This may be a simple and ideal solution for companies that have no reason to do business with The Big Ten, are not global companies, or that simply deem any business generated by those countries to be not worth the expense in IT security it requires to allow their traffic.
But it does seem a little unfair to “punish” an entire country because of the misdeeds of a few sordid cyber criminals, doesn’t it? Some consider blocking countries by IP overkill when it’s better to understand the attacks made by these countries and work out a solution from there.
Also, blocking The Big Ten cannot be an alternative to an effective security policy. Attacks can still come from that remaining 20%, and even right here in the US where your biggest market exists (Many botnet servers are actually located WITHIN the US). Absent security would make your website a sitting duck in the face of inevitable attacks.
I’m often astounded by how frequently company networks, with otherwise good security practices, completely neglect their network printers. Usually, they are simply installed and, as long as they work, nobody pays any attention to them until its time to reload the paper or replace the toner cartridge. But most of these printers are sitting ducks, ripe for any simple attack by even the most novice hacker.
Gone are the days of just toner and paper, now printers take on computer-like characteristics with internal storage, FTP uploading, SNMP, etc. Heck, some printers are loaded with vulnerable applications. Some have embedded Windows systems that are interfacing with the network. Yet, almost no risk management or oversight is used to protect the printers from attacks. At the very least, hackers can access classified information sent to the printer. At worst, they can be turned into remote-controlled bots and be used as a launching pad for further attacks.
Why am I bringing this up? We broke into a client’s external network through a printer. Yes, full network access because of a single printer.
I’ve seen printers used to catch passwords, change passwords, capture valuable documents, and grab print jobs. I once heard of college students who rerouted an exam print job to their dorm room printer so they could get an advanced copy of the exam. (Why didn’t I think of that!)
Conferences are showing examples of how easy it is to bypass authentication, inject commands at the root level, and create shell code to take over printers. By exploiting the printer’s Internet connection, hackers can use it as a proxy to attack other sources, while concealing their own location. Printers were one of the devices utilized in the Blaster worm that disabled systems at multiple offices at McCormick and Co. in a matter of hours.
Printers have hard drives that store extremely sensitive data about print jobs and who is issuing them so think about your printers like laptops. These hard drives are vulnerable to theft or can be read during a repair. It is recommended to clean hard drives weekly or at least monthly but that is much too frequent for printers. The best route to defend against pritner attacks is to create an image/standard configuration for printers just like you do for servers, workstations, and laptops. Try not to buy the cheapest printer available and go with a more business class or enterprise printer that will have more security features such as proper domain authentication. Lastly, LOG all prints. Yes, use a real print server such as one running Linux or Windows, and log when print jobs are submitted.
Updating passwords, cleaning hard drives, and checking network configurations of printers are among the considerations that should be clearly identified in a security policy and that applies to your pritners too!
