Wednesday, September 4, 2013

No End for Endpoints


In network security, endpoint security is the methodology of protecting the corporate network when accessed  on laptops or mobile devices.
When the system is accessed remotely or through wireless, it becomes a threat to the structure.

Circuit-Board
Image courtesy of [panupong1982] / FreeDigitalPhotos.net
 
Endpoint security is a common concern as employees bring consumer mobile devices to work and allow companies to use these devices on the corporate network. Most endpoint security software provides an antivirus, antispyware, firewall, and host intrusion prevention systems.  Each device with a remote connection creates a potential entry point for security threats.  So endpoint security is designed to secure the endpoints created by these devices on the network.

No End to System Defenders

With the expanded use of mobile devices at work, securing connections can be a challenge.  Endpoints have an allure for computer attackers because they offer multiple attack vectors.  Social engineering attacks, spearphishing, USB infection and compromised WiFi connection networks are all risks.
There are packaged kits that monitor the endpoint’s activity and tailor the attack based on vulnerabilities of the endpoints.
“These types of attacks are very difficult to detect and cannot necessarily be discovered with an endpoint agent,” James Kawamoto, director of product management at Zscaler, told TechNewsWorld.
Hardening endpoints have become a problem, since endpoints have been overlooked as a security threat.
Endpoints rely on signature-based defenses to spot malware, and there are more than 200,000 new types of malware released daily.

The Targets

Users are aware of the potential spam on Craigslist.  The usual Craigslist spam is targeted on recovering email addresses.  Now researchers are discovering a major scheme to post spam on the Craigslist site.
The scheme is to plant malicious links onto pages or ads.  Then an invite to an add-on or update appears.  When clicking onto it, a Trojan is programed to infect your computer.
Stanford University has been a repeat offender for these data breaches.  In the last four years, there have been six attacks, forcing the school to reset all their password due to the breach.
Strong passwords are highly recommended to prevent these problems.  But the problem lies within the users giving their passwords up.  Emails containing messages asking for a password update wins every time.  The message is from the “IT Department” and as soon as you click onto it, the message redirects you to a malicious website where the account is taken over.
Here are the most recent security breaches being delt with.
  • Aug. 26. Anonymous posts to Internet information gained from its breach of the FBI’s Regional Forensics Computer Laboratory, including 19,329 law enforcement email addresses. Action believed to be in retaliation for FBI claim that it had largely dismantled the hacker organization.
  • Aug. 28. University of Texas Health Science Center at Houston Medical School reports unencrypted laptop computer containing some patient information was discovered missing on Aug. 2 from a locked closet in a physician’s orthopedic clinic and begins notifying 596 patients affected by the breach. Laptop contained hand and arm image data from February 2010 to July 13, as well as patient names, birth dates and medical record numbers. No Social Security Numbers were on the machine.
  • Aug. 28. Manager Magazin Online reports that 25 employees of Deutsche Telekom had unauthorized access to personal data on nearly all the company’s 120,000 employees in Germany for 11 years. An investigation of the breach is currently under way.
  • Aug. 28. Valparaiso, Ind., sends out letters notifying 860 users of the city’s ambulance service that their personal information has been stolen by an employee of billing company ADP who used some of the information to file fake tax returns and collect refunds.
  • Aug. 28. Liberty Mutual Insurance Company files lawsuit against St. Louis supermarket chain Schnuck Markets to limit its liability in data breach that compromised the credit card numbers of some 2.4 million of the food retailer’s customers.
  • Aug. 29. Federal regulators and Illinois attorney general’s office confirm they are investigating data breach at the Advocate Medical Group that could affect more than 4 million patients seen by the healthcare provider’s physicians.
  • Aug. 29. Federal Trade Commission accuses LabMD, a medical lab in Atlanta, of failing to adequately protect its patients’ online records, resulting in leak of Social Security Numbers and birth dates of some 9,000 consumers.
  • Aug. 30. Osprey Packs begins notifying its Osprey Pro customers that their personal information was compromised in an attack of its Pro Deals website. Breach exposed customers’ names, billing, shipping and email addresses, phone and credit card numbers with expiration dates. Although a small number of customers have reported to the company that they believe attempts were made to use their credit card information fraudulently, no credit monitoring services have been offered by the firm to customers yet.

Upcoming Security Events

There are many security events taking place to help educate in Cybersecurity and Endpoint Security
  • Sept. 10. AT&T Cyber Security Conference. New York Hilton Midtown Hotel, Avenue of the Americas, New York City. Free with registration.
  • Sept. 11-13. 4th Cybersecurity Framework Workshop. The University of Texas at Dallas, 800 West Campbell Road, Richardson, Texas. Free with registration.
  • Sept. 12. Inside the Mind of a Hacker, 9:30 a.m. ET. Webinar sponsored by WatchGuard. Free with registration.
  • Sept. 12. Mobile Work Exchange Fall 2013 Town Hall Meeting. Walter E. Washington Convention Center, Washington, D.C. Registration: government, free; non-government, US$495 (Aug. 16-Sept. 11), $595 (Sept. 12).
  • Sept. 17. The Size and Shape of Online Piracy. 9 a.m.-10:30 a.m. Room 485, Russell Senate Office Building, Constitution Ave. NE and 1st Street NE, Washington, D.C. Sponsored by The Information Technology & Innovation Foundation. Free with registration.
  • Sept. 18-20. Gartner Security & Risk Management Summit 2013. London. Registration: 2,325 euross + VAT; government, 1,800 euross + VAT.
  • Sept. 24-27. ASIS International 59th Annual Conference. McCormick Place, Chicago. Registration: Before Aug. 21, $895 member, $1,150 non-member. After Aug. 20, $995 member, $1,295 non-member.
  • Oct. 1-3. McAfee Focus 13 Security Conference. The Venetian /The Palazzo Resort-Hotel-Casino, 3325-3355 Las Vegas Blvd., South Las Vegas. Registration: Early Bird to July 31, $875/$775 government; Standard to Oct. 3, $995/$875 government.
  • Oct. 2.Visa Global Security Summit — Responsible Innovation: Building Trust in a Connected World. Ronald Reagan Building and International Trade Center, Washington, D.C. Free with registration.
  • Oct. 5. Suits and Spooks. SOHO House, New York City. Registration: Early Bird, $395 (July 5-Aug. 31); $625 (Sept. 1 and after).
  • Oct. 8-9. Cyber Maryland 2013. Baltimore Convention Center., Baltimore, Md. Registration: $495; government, free; academic faculty, $295; student, $55.
  • Oct. 17-18. 2013 Cryptologic History Symposium. Johns Hopkins Applied Physics Laboratory’s Kossiakoff Conference Center, Laurel, Md. Registration information to be announced.
  • Oct. 29-31. RSA Conference eurospe. Amsterdam RAI. Registration: Early Bird to July 26, 895 euros+VAT delegate/495 euros+VAT one day pass; Discount from July 27 -Sept. 27, 995 euros+VAT delgate/595 euros+VAT one day pass; Standard from Sept. 27-Oct.27, 1,095 euros+VAT delegate/695 euros+VAT one day pass; Onsite from Oct. 28-31, 1,295 euros+VAT.
  • Nov. 18-20. Gartner Identity & Access Management Summit. JW Marriott at L.A. Live, 900 West Olympic Boulevard, Los Angeles, Calif. Registration: Early Bird to Sept. 27, $2,075; Standard, $2,375; Public Sector, $1,975.
  • Dec. 4-5. MENA Business Infrastructure Protection 2013 Summit (Risk Management and Security Intelligence for companies in the Middle East and North Africa). Dubai.
  • Dec. 9-13. Annual Computer Security Applications Conference (ACSAC). Hyatt French Quarter, New Orleans.
For business owners, it is highly recommended to attend Security Events.  Technology is changing and the number of Cybercriminals are growing.  Keep yourself and your company safe, it’s worth it!
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

References:
No End to the Headaches Endpoints Give System Defenders – Tech News World
http://www.technewsworld.com/story/No-End-to-the-Headaches-Endpoints-Give-System-Defenders-78869.html
September 3, 2013
Endpoint Security – Webopedia
http://www.webopedia.com/TERM/E/endpoint_security.html

No comments:

Post a Comment