DNS-changing malware in the news this week

/in /by

A well-publicized, DNS-changing malware was detected and temporarily thwarted by the FBI late last year.  The FBI will remove its temporary fix at midnight on Monday, July 9th, which could cause any remaining infected machines to lose their Internet connection.

 

Windows-based PCs managed by Bryley Systems under our Comprehensive Support Program are not at risk.  The risk to all other PCs exists, but most carriers of the DNSChanger malware had been notified previously.

 

To determine if your PC might have this malware, please visitwww.DNS-OK.us, a US site created to check the DNS settings on your computer.  If infected, the banner on this site will be red in color and will alert you.  (A Canadian version of this same test is available athttp://www.dns-ok.ca/. in both English and French.)

 

There are tools to remove this infection, but please feel free to contact us at 978.562.6077 if you require assistance.

 

 

See DNS-Changer Malware for additional information.

Protect your mobile device – Part 1

/in , , /by

The need to secure newer mobile devices (smartphones, tablets, etc.) has grown since they now meet the basic criteria for malicious, cyberspace-based attack:

  • Developer kits are readily available
  • Mobile devices are in widespread use throughout the world
  • Motivation is increasing since usable/saleable data live on these devices

 

In addition, BYOD (Bring Your Own Device) has introduced related, security-oriented concerns and complexities:

  • How can we accommodate personal equipment in the workplace, particularly when two-thirds of 20-something workers in a recent survey from research firm Vision Critical state that “they, not the company, should be responsible for the security of devices used for work purposes”?1
  • How do we manage the large variety of mobile devices, many with differing operating systems, processing capabilities, and user interfaces?
  • How do we structure our security offerings to permit broad access to low-risk functions while restricting high-risk activities on a need-to-have basis?

 

Protecting a smartphone (or tablet) gets easier if you take the perspective of Garin Livingstone, one of our technical staff, who pointed out: “It is just a small computer; all of the same security concerns and rules that apply to PCs also apply to smartphones.”

 

As described in a recent InformationWeek article2, corporate response from the IT department should consist of these three stages:

  • Set policy for mobile device use
  • Train users
  • Enforce

 

Mobile-device-use policies should protect company data, while enabling employees to do their jobs efficiently.  The policy should protect, but not inhibit, the use of data from a mobile device; this usually requires the protection of the device itself with a strong focus on what data is available and where it will reside.

 

Some policy suggestions:

  • Device:

o   Deploy an anti-malware utility set to scan automatically

o   Set continuous updates of operating system and anti-malware utility

o   Encrypt company data (if stored on the device itself)

o   Backup data to a secure site (preferably daily)

  • User:

o   Require passwords and make them complex

o   Set an auto-lock period of five minutes or less

o   Set browsers to high-security mode

  • Remote access:

o   Access data/applications securely via SSL, HTTPS, or VPN technologies

o   Provide virtualized access to data stored at the corporate site

In our next article, we will review training and enforcement, highlight some tools, and wrap-up with first-step suggestions.

 

 

References:

 

1. Visit Network World athttp://www.networkworld.com/news/2012/061912-byod-20somethings-260305.htmlto review the article “Young employees say BYOD a Right not Privilege” by Ellen Messmer.

 

2. Please review the May 12, 2012 InformationWorld article “Mobile Security Gaps Abound” by Michael Finneran.