Month: February 2021

It’s time to boost VoIP network security

first_imgBy Bev Robb, IT consultantMore businesses than ever are jumping on the Voice over IP (VoIP) bandwagon today. Aside from significant cost savings (when compared to traditional phone services), VoIP also offers many value-added features such as voicemail-to-email transcription, barge and whisper service, call screening, conferencing, music on hold, find me/follow me call routing, portability, and increased flexibility and mobility for employees that are always on the move or required to travel.Although VoIP’s advantages have plenty to offer the business world, there is also the need for companies to secure voice technology. While the 2015 cyberthreat landscape is beginning to look even more stealth and treacherous than last year, let’s not forget that 2014 was dubbed “the year of the breach.”When it comes to securing VoIP, it is time for businesses to go beyond basic compliance and become proactive in securing VoIP technology from hackers. Since VoIP packets flow over the network (just like data packets do), sensitive corporate information could be intercepted. Some of the same threats that affect data networks can also affect VoIP.Other threats that can affect VoIP systems are:      Conversation eavesdropping/sniffing      Default passwords      Hacked voicemail      Identity spoofing      Man-in-the-middle exploits.      Denial of Service (DoS) attacks      Toll fraud      Web-based management console hacks.The Shodan search engineRecently, I ran a query on Internet-connected devices from the Shodan search engine— I was amazed when I discovered that beyond public-facing servers and devices — banners for voice-over-IP (VoIP) SIP servers were also prevalent. While digging around in search, I discovered a U.S. government agency that is using an out-dated Cisco TelePresence Video Communication Server, and if I was a malicious hacker, I would be thrilled to know that this particular server contains two serious vulnerabilities.If you are wondering what Shodan is — it is an Internet search engine that helps you to find vulnerable device targets. It has been described as a search engine for hackers; an IoT device search engine; a tool for IT pros and hackers; and frequently described as the scariest search engine on the Internet.Null Byte states that “Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it!”If you want to find out if your VoIP system may be vulnerable, you can check out the Shodan search engine here and input net:your.ip.add.ress in the search box.Hackers for hireIdentity theft expert, Robert Siciliano recently wrote about “hackers for hire” who currently operate a website (launched last November) called Hacker’s List. There are also hackers for hire on the Darknet (and plenty of them too), in both the marketplace and on secret forums that offer VOIP hacking services. With so much hacker availability, securing and monitoring your voice network is mandatory.While hackers are continually discovering new ways to attack VoIP systems, there are some established favorite approaches. Also known as ‘footprinting,’ these techniques rely on information that unsuspecting VoIP users make publicly available.1Social media sites (LinkedIn, Facebook), job sites, company websites, web searches, web crawlers (HTTrack), etc. can be used to gather publicly available information about an organization’s business, employees, and network.Company job postings can contain a plethora of information about internal network systems and often can become an asset for a hired hacker. If you are going to write a job description, try to avoid footprinting. As an example:Footprinting: He or she will also be responsible for integrating the SHORETEL VoIP system with CISCO VoIP.No footprinting: He or she will also be responsible for integrating VoIP (SIP) servers, infrastructure, and applications.Let’s get back to VoIP security…VoIP security is a challenge for many companies, but the bottom line is: VoIP security should operate on the same rung as network data security — both forms of data contain valuable information. Remember this: The bad guys never sleep; they are always looking for new and innovative ways to hack into business VoIP systems.Best security practices should include:1-    Separating data traffic from voice traffic by creating two virtual VLANs.2-    Protecting the remote admin interface with a complex password and non-standard port.3-    Encrypting sensitive voice traffic:4-    Using Secure Session Internet Protocol (SIPS) for protection from eavesdropping and tampering.5-    Applying physical and logical protection: The VoIP server should be behind a SIP-aware firewall and intrusion prevention system (IPS).6-    Creating user names that are different from their extensions.7-    Keeping VoIP systems always up-to-date and patched.8-    Limiting calling by device.9-    Using encryption to secure calls.10- Setting strong security policies.11- Utilizing traffic analysis and deep packet inspection (DPI).12- Properly securing VoIP gateways.13- Using a strong voicemail 6-digit passcode or device certificate.14- Deleting sensitive voicemail messages.15- Removing mailboxes when employees leave the company.16- Limiting invalid login attempts.17- Restricting type of calls allowed on the network and implementing time of day policies.18- Disabling international calls by default.19- Security awareness training for employees.20- Requesting that all employees report odd occurrences.With hacking and ongoing data breaches playing a strong lead in the headlines lately, what other security strategies should be implemented?Resources:Are You Vulnerable to Voice over IP Hacking?How to Detect and Guard against VoIP Security VulnerabilitiesSANS: Security Issues and Countermeasure for VoIPVOIP security risks overlookedVoIP vulnerabilities: Why firewall protection is not enoughShodan: The scariest search engine on the InternetNetwork security resources from DellThis post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.1Hadley, J. (2014, Sep. 29). Are You Vulnerable to Voice over IP Hacking? [Web log post]. Retrieved April 15, 2015, from http://www.cloudwedge.com/vulnerable-voice-ip-hacking/last_img read more

Read More

Simple Steps to Maximize the Value of Your Dell EMC IT Investment

first_imgDid you know that the average cost of an unplanned data center outage is $740,357 and may be as high as $2.4M? (Ponemon, 2016).   Additionally, the average security data breach costs $3.62 million (Ponemon, Whitmore, 2017).  For most companies, those could be a significant hit to your IT budget! Not to mention the setbacks to any transformation initiatives that might happen because you have to divert your resources in order to get back up and running or resolve a security issue.So how do you mitigate the potential risk of an outage or security breach? Monitor your systems and stay informed of any potential impacts. Seems rather simple, but with the increasing complexity of IT environments, it can be challenging.At Dell EMC, we are committed to helping you connect with the right expertise, resources, and tools to maximize the value of your IT investment. We recommend these simple steps to help ensure that you are taking advantage of the many support capabilities available.Product Technical and Security AdvisoriesOne of the most impactful tools we offer are Product Advisory Alerts. These email alerts are proactive notifications that help you stay informed of critical issues and avoid potential impact to your environment.Dell EMC Technical Advisories (DTAs – formerly known as “ETAs”) – Knowledgebase solutions to address product-specific issues that may cause a significant negative impact or risk to a production environment.Dell EMC Security Advisories (DSAs – formerly known as “ESAs”) – Knowledgebase solutions to address product-specific security vulnerabilities and risks to a production environment.Wait! Why aren’t I receiving these already? To receive email alerts for your advisories, set up your ‘Subscription & Alerts’ preferences by following the four steps below!Sign in to your Dell EMC Online Support account and select ‘Preferences’.Go to ‘Subscriptions and Alerts’ and select ‘Product Advisories’.Search for and select products to subscribe to alerts.We strongly recommended that you select specific products and not ‘All EMC Products’.Select the corresponding check box to receive Technical Advisories, Security Advisories, or both.We recommend selecting both Technical and Security Advisories.That’s it! You’ll receive an email alert if a new advisory becomes available. And when you add new Dell EMC products to your environment, don’t forget to add them to your Product Advisory Alert subscriptions.Where to see Technical and Security AdvisoriesIn addition to email alerts, you can also easily find advisories using the following options:Go to SolVe Online at https://solveonline.emc.com.  Select one of the product procedure generators, and the first menu item will show advisories for the product.Go to Dell EMC Online Support at https://support.emc.com and visit any of the “Support by Product” pages.  You’ll see recent advisories (and your subscription status) on the left side of the page.  Or you can click on “Advisories”.Search for advisories in Dell EMC Online Support.  For example, search for “DTA Avamar”ReferencesPonemon Institute.  (2016, January).  Cost of Data Center Outages.  Retrieved from https://www.vertivco.com/globalassets/documents/reports/2016-cost-of-data-center-outages-11-11_51190_1.pdf Ponemon, L., & Whitmore, W. (2017, July 31).  Know the Odds:  The Cost of a Data Breach in 2017.  Retrieved from https://securityintelligence.com/know-the-odds-the-cost-of-a-data-breach-in-2017/ Stephanie PirrongDell EMC Services MarketingFollow Us @DellEMCSupportlast_img read more

Read More

When “Good Enough” Isn’t Good Enough

first_img Play VideoPlayMuteCurrent Time 0:00/Duration Time 1:15Loaded: 0%Progress: 0%Stream TypeLIVERemaining Time -1:15 Playback Rate1ChaptersChaptersdescriptions off, selectedDescriptionssubtitles off, selectedSubtitlescaptions settings, opens captions settings dialogcaptions off, selectedCaptionsen (Main), selectedAudio TrackFullscreenThis is a modal window.Caption Settings DialogBeginning of dialog window. Escape will cancel and close the window.TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaqueFont Size50%75%100%125%150%175%200%300%400%Text Edge StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall CapsDefaultsDoneClose Modal DialogThis is a modal window. This modal can be closed by pressing the Escape key or activating the close button. In our opinion, along with a growing list of happily protected customers, PowerProtect Cyber Recovery provides the “best” protection against cyber attacks vs. many vendors who offer their “Good Enough” solutions.Understanding these three cyber recovery pillars will help you make an informed cyber recovery decision that meets your company’s needs when you’re comparing solutions from different vendors. “Good Enough” might be acceptable when it comes to shopping at the grocery store, but not when it comes to deciding on cyber protection that impacts your company’s most valuable asset – data.For more details on PowerProtect Cyber Recovery Solutions:See PowerProtect Cyber Recovery video hereSee PowerProtect Cyber Recovery vault analytics video hereVisit the PowerProtect Cyber Recovery page here As we’ve stated in previous blogs, cyber recovery is arguably the most critical capability any IT decision-maker must evaluate when looking to modernize and transform their data protection to address today’s threats. It has become table stakes for data protection vendors to offer some cyber recovery features within their products, but not all cyber recovery protection is created equally.Let’s be crystal clear about this. Settling for “Good Enough” is not an acceptable approach when it comes to protecting your company’s most critical data from a cyberattack. Would you settle for “Good Enough” safety in your automobile? Would you settle for “Good Enough” homeowner’s insurance to protect your house or family against a personal loss? If the answer is no, then when it comes to the data and applications that keep your business running and alive, why is “Good Enough” acceptable?Some vendors claim that certain features or strategies are good enough in the face of a cyberattack, but they won’t be the ones left to answer the hard questions after an attack that leaves you unable to recover critical data. That will be you, your CEO, CFO, and CISO. That’s why if I were evaluating cyber recovery solutions, I would focus on the three cyber recovery pillars below to see which vendors truly help protect my company’s most critical asset.Retention Lock in ProductionRetention lock prevents specified files from being overwritten, modified, or deleted for a user-defined retention period and is an excellent first step for companies looking to improve their cyber resilience. Most vendors, including Dell Technologies, offer this hardening feature; but we take this protection even further. The Dell EMC PowerProtect DD retention lock feature, which has been attested to comply with the SEC 17a-4(f) standard, is a standard feature that comes in two flavors: Governance and Compliance mode. With Governance mode, data is retained for a specific time period, but can still be overridden or modified by an administrator with account credentials – this is valuable in certain use cases such as legal hold. Compliance mode, on the other hand, is stricter, and not even an administrator with (advanced) credentials can edit or delete data during the retention period. PowerProtect DD also includes Compliance Mode, for data protected within the cyber recovery vault, as a standard feature; there is no extra cost or performance penalty for being better protected!At Dell Technologies, we’re advocates of Retention Lock, and that’s why we offer two modes. It’s a helpful first step in data hardening, but it’s still only one step of your cyber recovery strategy.“Off-network” Air Gap IsolationCybercriminals’ techniques are continually evolving and becoming more advanced. In most cases, they will penetrate networks long before they launch their attack. Once inside the corporate network, they ensure that when they do strike you won’t be able to recover. They do this by disabling backups, changing NTP clocks, encrypting CIFS and NFS backup shares, and so on. This is why it is so necessary to have an off-network air gapped copy of your mission-critical data, ensuring you have a protected copy available in the event of an attack.If you search for air gap solutions online, you will see most vendors in the market claim to offer some sort of a solution, but the devil is in the details. Everyone has a different definition of an air gap, including simply sending data offsite with tape. While it is correct that sending a tape off site provides an air gap copy, it comes with multiple tradeoffs. Minutes count in the event of a ransomware attack, and the time spent retrieving tapes from an offsite facility and then restoring your entire backup environment from tape will be costly. Another risk is that the backup catalog and tape media catalog may be compromised as part of the attack, rendering the offline tapes useless for recovery or needing to be re-indexed, which adds significant recovery time.Moreover, depending on how old the tape is you need to recover, will you even be able to restore it? We all know tape degrades over time. Why would you want to risk putting your company’s most critical data on media that you know is susceptible to failure?Recently, some vendors have even been positioning the idea of sending immutable copies, or data that is unable to be changed, to a public cloud as an air gap cyber recovery solution. The data sent to the cloud might be immutable, but your cloud account certainly isn’t. All it takes is an administrator with the right credentials (which a cyberattacker is likely to have since they already compromised the network) to delete your cloud account, not necessarily the files or content contained within that account, and that air gap copy in the cloud is gone.Dell EMC PowerProtect Cyber Recovery, on the other hand, provides an automated off-network air gap to provide complete network isolation. PowerProtect Cyber Recovery moves critical data away from both the production and backup environments attack surface, physically isolating it within a protected part of the data center (or offsite) and requires separate security credentials for access. This isolated environment, separated by the air gap, is what we call the PowerProtect Cyber Recovery vault, which is the centerpiece of our solution. The PowerProtect Cyber Recovery vault provides multiple layers of protection to provide resilience against cyber-attacks, even from an insider threat. PowerProtect Cyber Recovery automates the synchronization of data between the primary backup system and the vault, creating immutable copies with locked retention policies. If a cyberattack occurs, you can quickly identify a clean copy of your data and recover your critical systems to get your business back up and running. We can also support third party software paired with PowerProtect DD, which provides customers and partners flexibility and choice.PowerProtect Cyber Recovery AnalyticsWhile many vendors in the market provide integrated analytics within their data protection solution, it’s important to understand what those analytics offer. As I have previously stated, most vendors only take a high-level view of the data and use analytics that looks for obvious signs of corruption based on metadata. Metadata-level corruption is not difficult to detect, and if a solution leverages this kind of analytics only, it will miss changes within the file itself that often indicate a compromise. Some vendors will also use a multi-pass approach that uses on-prem metadata analytics on the first pass, and then sends suspicious data to the cloud for a second pass of full content analytics. This approach, however, still has multiple challenges, including the delayed discovery of potential threats which forces the customer to send business-critical data offsite to a cloud provider, which is inherently less secure than performing these operations within the security of an on-premises vault environment.PowerProtect Cyber Recovery not only provides full-content analytics but also operates inside the vault, where an attacker cannot compromise them. Running analytics on the data in the vault is a critical component to enable quick recovery of “known good data” after an attack. Our analytics are particularly powerful because they can read through the backup format. Hence, there is no need to restore data and PowerProtect Cyber Recovery can evaluate the full contents of the file, not just its metadata. To truly understand how powerful our analytics is, it’s essential to know how it works.Data is first scanned in the format it was stored in the vault, typically this is a backup file format. Analytics then conduct over 100 observations per file. These observations are collected and evaluated by a machine learning tool that has identified patterns indicating data has been corrupted. Since we are looking for patterns and not signatures, the analysis is more effective and does not need to be updated as frequently. This process is repeated each time a new data set is brought into the vault. Data can be compared daily to provide a complete picture of changes that might be occurring very slowly and that other tools would likely miss.last_img read more

Read More

Dominion Voting System sues Giuliani over election claims

first_imgWASHINGTON (AP) — Dominion Voting Systems has filed a defamation lawsuit against Donald Trump’s personal lawyer Rudy Giuliani, who led the former president’s efforts to spread baseless claims about the 2020 election.,The lawsuit filed Monday seeks more than $1.3 billion in damages for the voting machine company, a target for conservatives who made up wild claims about the company, blaming it for Trump’s loss, alleging without evidence that its systems were easily manipulated.,The suit is based on statements Giuliani made on Twitter, in conservative media and during legislative hearings where the former mayor of New York claimed the voting machine company conspired to flip votes to Democrat Joe Biden.last_img read more

Read More

Pets are back: Biden’s 2 dogs settle in at White House

first_imgWASHINGTON (AP) — Pets are back at the White House. President Joe Biden’s German shepherds Champ and Major moved in over the weekend. They are the first dogs to live at the executive mansion since the Obama administration. Biden and his wife, Jill, adopted Major in 2018 from the Delaware Humane Association. They got Champ after the 2008 election. Major burst onto the national scene late last year after Biden broke his right foot while playing with Major at his home in Wilmington, Delaware. The Bidens also plan to add a cat.last_img read more

Read More