Category: Network Security

Quick Look at PCI Compliance Regulations

PCI Compliance Regulations

Just got done cleaning up after a security breach (aka hacking) of one of my client’s accounting workstation. They had an older method of remote access called Microsoft Remote Desktop that has known vulnerabilities without additional security measures in place. The hacker did not touch their Quickbooks data (super surprising), but installed software to send SPAM, mine bitcoin crypto-currency, and running fraudulent credit card transactions. Since there was no compromises of Primary Account Numbers (PAN) or customer data there was no need for notifying customers, but the FBI Cyber Crime division was still notified to help share with them the intelligence from the breach. This then lead to me reading through the PCI DSS regulations again and making the requisite recommendations to mitigate the current issues with the client’s network and protect against future attempts. Here is a list of applicable PCI Compliance Regulations:

Requirement 1.1.2 – Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.
Requirement 1.2 – Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.
Requirement 1.3 – Prohibit direct public access between the Internet and any system component in the cardholder data environment.
Requirement 4.1 – Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks, including the following:
•    Only trusted keys and certificates are accepted
•    The protocol in use only supports secure versions or configurations
•    The encryption strength is appropriate for the encryption methodology in use
Requirement 5.1 – Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).
Requirement 5.2 – Ensure that all anti-virus mechanisms are maintained as follows:
•    Are kept current,
•    Perform periodic scans
•    Generate audit logs
Requirement 5.3 – Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period
Requirement 6.2 – Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
Requirement 8.2.3 – Passwords/passphrases must meet the following:
•    Require a minimum length of at least seven characters.
•    Contain both numeric and alphabetic characters.
Requirement 8.2.4 – Change user password/passphrases at least once every 90 days.

If your company has PCI Compliance Regulations that you need consulting for, then contact us for assistance.

CyberSecurity Month – Mobile Device

CyberSecurity Mobile DeviceMobile devices enable Americans to get online wherever they are. Although mobile devices — from smart watches to phones and tables — can be extremely useful and convenient, there are also potential threats users may face with such technology. It’s important to understand how to protect yourself when connecting on the go.

DID YOU KNOW?

• 56 percent of American adults own a smartphone.
• More than half of mobile application (app) users  have uninstalled or decided not to install an app due to concerns about their personal information.

SIMPLE TIPS

1. Use strong passwords.

Change any default passwords on your mobile device to ones that would be difficult for someone to guess. Use different passwords for different programs and devices. Do not choose options that allow your device to remember your passwords. (We recommend LastPass Mobile App to keep track of password, encryption of the phone and fingerprint scanning for unlocking your device.)

2. Keep software up to date.

Install updates for apps and your device’s operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities. (Unfortunately the carrier that you choose is in charge of the OS updates on the phones, but allow auto updates on all other apps.)

3. Disable remote connectivity.

Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can connect to other devices. Disable these features when they are not in use. (Look out for NFC also as this will allow access based on how close someone gets to your phone – think crowded elevator.)

4. Be careful what you post and when.

Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty.

5. Guard your mobile device.

In order to prevent theft and unauthorized access, never leave your mobile device unattended in a public place and lock your device when it is not in use.

6. Know your apps.

Be sure to review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security. (Also do not root your phone or install apps from any place platforms app store.)

7. Know the available resources.

Use the Federal Communications Commission’s Smartphone Security Checker at www.fcc.gov/smartphone-security.

If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

CyberSecurity Month – Small Business Tips

CyberSecurityBroadband and information technology are powerful tools for small businesses to reach new markets and increase sales and productivity. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers, and their data. Visit www.fcc.gov/cyberplanner to create a free customized Cyber Security Planning guide for your small business and visit www.dhs.gov/stopthinkconnect to download resources on cyber security awareness for your business. Here are ten key cybersecurity tips to protect your small business:

1. Train employees in security principles.

Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers, and networks from cyber attacks.

Keep clean machines by having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. (Our managed monthly service contract customers already have this taken care of.)

3. Provide firewall security for your Internet connection.

A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall. (We don’t recommend the free stuff as you always get what you pay for.)

4. Create a mobile device action plan.

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information.

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. (We recommend backup copies in both)

6. Control physical access to your computers and create user accounts for each employee.

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. (Definitely agree with the separate users and least

7. Secure your Wi-Fi networks.

If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi- Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. (Also make sure to segregate public guest traffic from private traffic.)

8. Employ best practices on payment cards.

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, and limit authority to install software.

Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication.

Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain
entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account. (Multifactor should be implemented on all web based applications from third party vendors.)

If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

CyberSecurity Month – Entrepreneur Tips

cybersecurityEntrepreneurs face the same cybersecurity challenges and threats that larger businesses face but with limited resources, capacity, and personnel. Cybersecurity is especially important for entrepreneurs because they have the unique opportunity to integrate cybersecurity practices at the onset of their investments and business development.

DID YOU KNOW?

  • Approximately 77 percent of small firms believe their company is safe from a cyber attack, even though 83 percent  of those firms do not have a written security policy in place.
  • Unlike larger firms that can absorb the cost of a cyber attack, the consequences can be catastrophic for smaller ventures and entrepreneurs.

SIMPLE TIPS

  1. Use and regularly update anti-virus software and anti-spyware on all computers. Automate patch deployments to protect against vulnerabilities. (Our monthly maintenance takse care of this.)
  2. Secure your Internet connection by using a firewall, password protecting your Wi-Fi network, and changing default passwords for your wireless network and router. (Most businesses who buy a router from a local office supply store don’t take the time to change the default password and don’t know these devices are rarely updated by vendors.)
  3. Establish security policies and practices (e.g., using encryption technology) to protect sensitive data, including customer information and intellectual property.
  4. Use strong passwords and change them regularly. (Minimum recommended password length is 10 characters with upper and lower letters, numbers and symbols. Changing passwords should be monthly or quarterly if possible.)
  5. Protect all pages on your public-facing websites, not just the sign-up and checkout pages.
  6. Invest in data loss prevention software and use encryption technology to protect data that is transmitted over the Internet.If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

Received Hacker Email

Hacker Email

Here is a recent email that I received from a “hacker” that was threatening to expose some secrets. It was an obvious fake email, but I wanted to take the time to educate on how to know a fake when you receive one:

Hacker Email Exposed

Strange Email Address: This email comes from “auf@cesco.com.br” which is an address unknown to me and the domain itself ends in BR which stands for Brazil which again I don’t do business in Brazil so why would someone from there be emailing me.

Poor English: It starts out with the over-friendly greeting and continues with “I hack your computer” then just doesn’t stop. This was likely something typed into Google Translate then pasted into an email.

They Have Everything: Unless you really have something to hide, then this should not scare you. You need to assume that anything that you post online is public information anyways – there are no secrets on Facebook.

Invalid Help: They offer to help with acquiring Bitcoin to pay them in then offer a site to find local ATMs that have this feature. They have no understanding of the area or what local banking services are available. If they know everything about me then they know where I live and could easily look up the local economic structure.

Internet Extortion: They are using extortion tactics to try and scare me into action. They are trying to “sell” me information security for $120, but if I gave into their demands then my email address would become an even more valuable asset as they would have someone they could regularly extort for funds.

What To Do

  1. Unless you have something to hide, ignore the threats. If you do have something to hide then I suggest you quit so that no one can have anything against you.
  2. Forward these emails to me. Include the “header” information by copying it from the File > Properties menu in Outlook as this will help to track down where they are from.
  3. Farmhouse Networking will alert the proper authorities about the malicious activity to help shut these scammers down.

If your company is receiving tons of SPAM or hacker email, then contact us for assistance.

Compliance Demands Managed Antivirus

computer virusIt continues to astound me how many businesses have a free version or home version of antivirus installed on their workstations at the office. There is no central management for the antivirus software to enforce the company security policy creates an infrastructure where each workstation can have a different level of protection or none at all. Leaving security up to the end-user is never a good idea that could easily lead to a virus infection. For those effected by HIPAA or PCI compliance having managed antivirus is a must.

PCI Compliance Regulations

Section 5.1 Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).

Section 5.1.1 Ensure that anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.

Section 5.2 Ensure that all anti-virus mechanisms are maintained as follows:

  • Are kept current,
  • Perform periodic scans
  • Generate audit logs which are retained per PCI DSS Requirement 10.7

Section 5.3 Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period

In order to comply with all of these regulations there is no other choice than to use managed antivirus as it automatically updates, regularly scans and keeps logs in a central place.

HIPAA Compliance Regulations

45 C.F.R § 164.306 (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

45 C.F.R § 164.308 (a)(5)(ii)(B) Protection from malicious software. Procedures for guarding against, detecting, and reporting malicious software.

These regulations are a bit more cryptic, but they do require antivirus to be installed, fully capable of protection and able to report. The best way to achieve this is to use managed antivirus.

If your company is using standard or free antivirus to protect your business workstations, then contact us for assistance.

DNS Filtering for Security & Productivity

DNS filteringAny Human Resources department manager will attest to the need for an Acceptable Use Policy as part of the Employee Handbook. It should clearly state the proper use of business-owned workstations and what traffic is allowed on the company network. Monitoring this policy is next to impossible for small businesses, yet ignoring it leads to infections, security breaches, and huge losses to the bottom line by wasted employee productivity. How does a company stay safe from the big, bad Internet?

Policy Creation

This may sound boring, but before any monitoring and enforcement can take place legally, there must be a clearly defined policy in place with consequences for violations. This policy must be signed by each employee. Only when signed policies are in each employee’s file, can measures can be taken to monitor and enforce the new written policy.

No Administrator Access

There is no reason for the average employee to need Administrator access to a workstation once it is setup properly for business use. Most employees do not need to install any software or make any major setting changes without first consulting management and/or network support personnel. Software and operating system updates should also be handled by network support personnel or by an automated process. Installation of additional hardware should be cleared with management and implemented by network support personnel. Workstations are a company-owned tool to be used by the employee only for the best interests of the company, not for personal file storage or entertainment purposes.

DNS Filtering

The Internet is an invaluable tool for business purposes. There are, however, many threats out there, and the common user has no idea how to avoid them. There are also innumerable distractions ranging from time wasters to those that are downright illegal. DNS Filtering inspects every internet request against a database of known sites and blocks bad traffic before it goes anywhere on the internet. This keeps your internal network assets safe from malicious sites and content that is inappropriate for business or bad for productivity. This is accomplished without interrupting or slowing down the normal flow of good traffic around the Internet.

If your company is looking to add layers of security to your network or increase productivity by limiting Internet time wasters, then contact us for assistance.

CIA hacking home routers with Cherry Blossom since 2007

CIA Cherry Blossom

In the latest dump of purportedly top secret CIA cyber exploits from WikiLeaks, dubbed “Vault 7”, there is evidence of a home router firmware modification called Cherry Blossom. (The CIA has never publicly acknowledged the programs nor the leaked Vault 7 documents.)

What is Cherry Blossom?

“The Cherry Blossom (CB) system provides a means of monitoring the Internet activity of and performing software exploits on targets of interest,” the WikiLeaks documents state. “In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points…to achieve these goals.”

Among the companies whose wireless routers have reportedly been compromised are Motorola, Linksys, Dell, Netgear, US Robotics, Belkin, Asus, Buffalo, DLink and Senao. Cherry Blossom relies on implanting altered versions of the products’ firmware remotely posing as wireless upgrades. An implanted device is known as a “FlyTrap” and communicates via beacon with a CIA-controlled server known as CherryTree (CT).

If your company is a consumer grade home router instead of a business grade router, then contact us for assistance.

WannaCry Ransomware Spread Halted by Webroot

Webroot & WannaCry Ransomware

WannaCry Ransomware: Webroot protects you.

Ransomware attacks continue to spread around the world this weekend, after the initial damage inflicted on healthcare organizations in Europe on Friday.

The criminals responsible for exploiting the Eternal Blue flaw haven’t yet been identified, but up to 100 countries have hit with WannaCry ransomware, with Russia, Ukraine and Taiwan among the top targets.

The ransomware first appeared in March, and is using the NSA 0-day Eternal Blue and Double Pulsar exploits first made available earlier this year by a group called the Shadow Brokers.  The initial spread of the malware was through email, including fake invoices, job offers and other lures with a .zip file that initiates the WannaCry infection.  The worm-like Eternal Blue can exploit a flaw in the Server Message Block (SMB) in Microsoft Windows, which can allow remote code execution.  This flaw was patched in Microsoft’s March 2017 update cycle, but many organizations had not run the patch or were using unsupported legacy technology like XP.

What’s New

Today, Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows, including XP and Server 2003.

Overnight and today, it has become clear that a  kill switch was included in the code.  When it detects a specific web domain exists—created earlier today—it halts the spread of malware.  You can learn more at The Register.

As a Webroot customer, are you protected?  YES.

Webroot SecureAnywhere  does currently protect you from WannaCry ransomware.

In simple terms, although this ransomware is currently causing havoc across the globe, the ransomware itself is similar to what we have seen before.  It’s the advanced delivery mechanism that has unfortunately caught many organizations off guard.

In addition to deploying Webroot SecureAnywhere as part of a strong endpoint control strategy, it is essential you continue to keep your systems up-to-date on the latest software versions, and invest in user education on the dangers of phishing, ransomware, social engineering and other common attack vectors.

If you have any questions about your Webroot deployment, reach out to our Support Team now.

And, if you are not a Webroot customer, we encourage you to trial Webroot SecureAnywhere now.

Webroot Incident

Dear Webroot Customers,
You are a critical part of our business. Our Managed Service Providers have asked us to write you to explain why our Webroot SecureAnywhere Business Endpoint Protection experienced performance issues, and what we are doing to resolve those
issues as quickly as possible.
Yesterday, Webroot released a rule that categorized some legitimate files as malware. As a result, multiple legitimate business applications were quarantined and unable to function. This rule change was in effect for 13 minutes on Monday, April 24. To be clear, this rule change was caused by Webroot and not your Managed Service Provider.
Webroot is continuing to work diligently with our partners to restore functionality for our mutual customers. While the false positives that caused the incident have been stopped, we are still working on an automated fix to reverse the files affected. Any
resolution will be released immediately.
Webroot is a trusted partner of many Managed Services Providers and this incident is not representative of our high standards. We always strive to be open and transparent, and we are working tirelessly to fix the issue. Once Webroot has identified the root cause, we will ensure further controls are in place to prevent an
incident like this from happening again.
We apologize for the pain this has caused you. Webroot appreciates your business, and our entire team is dedicated to being your most trusted Partner.
Thank you for your patience as we work through this incident.
Yours sincerely,
Mike Malloy
Executive VP of Product & Strategy

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2025 - Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

Error: Contact form not found.

And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10