Rogue Wi-Fi Hotspots

October 17, 2017

India offers two types of Wi-Fi access free metered access which requires the users to register and second are those hotspots which do not have any password.

Some of these are Government initiatives like the one in Mumbai is “Aaple_Sarkar_Mum-WI-FI”, while Google in conjunction with Indian Railways is offering free Wi-Fi services at Railway stations across India. Furthermore, Coffee Shops, Bookstores and Hotels have also been providing free Wi-Fi access.

The common factors are:

  1. These services require registration and authentication
  2. Located at Public Places.

Providing Free Wi-Fi has been the best move by the Government for this social networking crazed generation, which has been using it for accessing Facebook, Instagram, Whatsapp etc However, it shouldn’t take a long time for the cyber criminals to realize the huge potential of gaining access to the network traffic by implementing Rogue Wi-Fi hotspots.

Rogue Wi-Fi Hotspots could be turned into surveillance systems and could also be used to inject malicious / advertisements into the network traffic. It’s not just the researchers who have demonstrated but Organizations too have injected traffic into the network in the past and what would stop the criminals from using the same technology to monetize this craze of accessing Free Wi-Fi.

Privacy concerns are raised by the elite few while most of the others turn a blind eye as long as they don’t have to pay a dime for Internet Access and has been aptly proved by the 4G boom with the free offerings by all the Telcos, and ultimately resulted in market consolidation vis’a’vis data pricing.

In these trying times when every bit of data can help build up your personal profile, it would pay in the longer run for everyone to exercise caution while accessing Internet. Moreover caution is just not limited to accessing Internet but also the Apps and their system level permissions do play an important role in securing your privacy.

Rogue Wi-Fis are very difficult to detect since there is very little information that they leak and it is very much possible that SSID will be replicated by these criminals in order to lure unsuspecting victims into their trap. It is also very much probable that the Rogue Wi-Fi wouldn’t ask for registration / authentication and should alert the users that something is amiss.

How to user Free Wi-Fi:

  1. Implement VPN on your devices / laptops
  2. Keep a separate Cell Number for accessing the Wi-Fi as most of them rely on OTP sent as an SMS to the registered number. It should be different from the one used for Banking Transactions.
  3. Verify the App Permissions before installing them on your device.
  4. Never conduct banking transactions through Free WI-FI; one may never know who is sniffing your traffic.
  5. Always keep you Phone Antivirus updated to ensure maximum efficiency.
  6. When in doubt about a particular SSID, do ask the owner of the shop who is providing this service and you may always choose to disconnect immediately.

 

Advertisements

Krack Attack – Wi-Fi Vulnerability Affecting WPA

October 17, 2017

WEP has been considered to be a flawed encryption and Wi-Fi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure Wi-Fi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.

The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks (KRACK).

This weakness in the protocol allows the attackers to sniff the traffic traversing between the devices and access-points while the worst case scenario is injection of malware into websites. The vulnerability affects all devices running on Windows, MacOS, iOS, Android and Linux. Due to the devastating implications of this vulnerability, Vendors have been quick to respond and made available patches to mitigate these vulnerabilities.

Identifiers:

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

More can be read about this research over here https://www.krackattacks.com/

Vendors:

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Ubuntu:

https://usn.ubuntu.com/usn/usn-3455-1/

Redhat:

https://access.redhat.com/security/cve/cve-2017-13080

Intel:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Advisory:

  1. Patch your devices as and when the patches are made available
  2. Since this is protocol-level vulnerability, changing password wouldn’t help in mitigating the attacks.

 


Infortrend Completes its EonStorGSe Pro Family by Introducing 4 and 8-bay Storage Systems for Entry Level Users

October 13, 2017

NEW TAIPEI CITY, Taiwan / MUMBAI, IndiaOctober 13, 2017 –  Infortrend® Technology, Inc. (TWSE: 2495) has launched their new EonStor GSe Pro 1000 series with a small 4 or 8-bay rack mount design. Even with such a small space, it fully supports data storage, file sharing, cloud integration, and all RAID functions to easily run local SAN/NAS applications. SMBs and SMEs that want entry level storage systems now have a complete product line to choose from.

The new EonStor GSe Pro 1000 series provides a compact 1U 4-bay or 2U 8-bay NAS system with a quad-core processor and four embedded 1GbE ports to boost productivity. It also supports AES-NI hardware encryption engine to lower CPU loading, maintain system performance and security, while redundant power supplies increase service continuity, making it the ideal choice for surveillance, backup, file sharing, and email servers.

The EonStor GSe Pro family features two rack mount series, and is designed for SMBs with easy storage management and complete data services. The small rack mount designed EonStor GSe Pro 1000 series is entry level storage, while the EonStor GSe Pro 3000 series offers higher performance and a capacity of up to 436 drives.

We are pleased to launch the new small rackmount EonStor GSe Pro series to further complement our product line. With its compact design and affordable price, the EonStor GSe Pro is the ideal storage choice for SMBs with budget and space concerns,” said Thomas Kao, Senior Director of Product Planning at Infortrend.

The high speed 2U 8-bay EonStor GSe Pro 3008 is available for those that demand faster performance. For more information about the EonStor GSe Pro 1000 series, click here. For the EonStor GSe Pro 3000 series, click here.

# # # 

About Apical

Apical is a leading name in Value Added Data Storage Solutions. Established in 2005 Apical is a trusted name owing to their strong Solution Centric approach and is known for its partner focused Distribution pan India.

For past seven years the teams in Apical have dedicated themselves to create Quality, Robust yet Cost Effective solutions serving all industry verticals and applications, for their partners who cater to SMB, Enterprise and Government Customers. Based out of Mumbai the Promoters of Apical have an aggregated experience of over 25 years.

In a constant endeavor to Delight Customers and with understanding to market dynamics and sensitivity Apical team is continuously working with multiple brands and adding new products in portfolio. Apical today is the Distribution house for Surveillance, Data Storage and Home Control brands like Thecus, Infotrend and Toshiba.

With a good spread in the IT Channel, Apical wishes to create a strong business relationship with the SI and SMB community by providing them with profit rich products and at the same time satisfy the end user with Quality and Technology, to know more please visit www.Apical.in

About Infortrend

Founded in 1993, Infortrend Corporation (Public TPE:2495) is a leading provider of high performance networked storage solutions focusing on quality, reliability, choice and value. Fueled by a depth of technological expertise and system level knowledge, Infortrend storage solutions have been widely deployed on a variety of demanding applications by multiple users across commercial and industrial markets. Its core brands include the ESVA, EonStor DS, EonStor, EonNAS product families. For more information, please visit www.infortrend.com


eScan Launches New TSPM Technology to Block RDP Hacking Attacks

October 3, 2017

MUMBAI, IndiaOctober 3, 2017 – With the growing complexity of cyber-attacks, enterprises are spending millions to avoid cyber-crime. However, due to bad security practices such as usage of elementary passwords for system access creates most vulnerable opportunity for cyber criminals. In such scenarios cyber criminals use brute force attack to take control of network. Based on “National Exposure Index” report by Rapid7, 73% of Indian RDP servers are exposed to bruteforce attacks, and ranks 18th on the Global Index.

In the last 2 months, eScan has noted that most ransomware attacks could be contributed to cyber criminals using rogue RDP sessions to take control of servers & injecting ransomware in order to extort ransom from unsuspecting companies.  The methodology to do this is being smartly executed by taking all possible steps to pro-actively disable real-time monitoring technology and/or uninstalling any anti-malware products installed on the said end-points.

IT Administration and management of assets for every Organization is a tedious task, and in order to simplify this process of troubleshooting / maintenance, IT Administrators make use of various Remote Access Technologies viz. Remote Desktop Protocol (RDP) so as to access the graphical interface of another computer over a network connection.

It is to be noted that the security of RDP is limited to strong passwords and a secure connection by way of implementing TLS so as to mitigate various forms of brute-force / password guessing attacks or MITM attacks.

Due to various reasons not every organization implements password policies, and in many cases it is the user who has to choose their own password. Furthermore, password reuse is another area of concern which has to be addressed.

Usage of RDP

To facilitate Centralized Management of computers, organizations implement RDP and access these systems either through LAN or Internet. In order to protect RDP enabled systems from outsiders, VPN might be implemented but in majority of cases, Administrators configure the firewall to open up RDP for the systems they would want to manage remotely.

RDP Attacks

Pen-testing platforms such as Kali offer RDP Bruteforce and Exploit tools which are being specifically used for targeting systems with Internet facing RDP systems. Bruteforce attack would generate large numbers of Failed Login Notifications and are logged. Furthermore, the users are not even aware of the on-going Brute Force attack, since it is not imperative that the attack would take place when the user would be logged in and working on the system.

  • Failed RDP Authentications although are subjected to Log Audits, but users are never alerted whenever they succeed in breaching the security. This has resulted in the rise of Brute Force of RDP sessions.
  • Due to the fact that users were never aware of the on-going RDP authentications, the perpetrators in all the cases were able to gain complete control of the system.
  • Attackers upon successful exploitation would implement backdoors or pivot to other systems and in some cases infect the systems with Ransomware.

TSPM Terminal Services Protection Module

eScan’s Terminal Services Protection Module (TSPM) not just detects these brute force attempts but also heuristically identifies suspicious IP Addresses / Hosts and blocks any access attempts from them and in order to safeguard the systems from future attacks, the IP addresses and Hosts from future attacks are banned from initiating any further connections to the system.

As mentioned earlier, it has been known that attackers would try to uninstall security applications from compromised systems in order to cover up their tracks and stop the administrators from getting alerted about the breach.  eScan TSPM detects and stops these attempts too, moreover the administrators are also alerted about the preventive measures initiated by TSPM.

In the present landscape where attackers are trying to exploit every known weakness be it unpatched systems or inability of the users / administrators to maintain password hygiene, eScan’s TSPM would protect the systems/organizations from such attacks.

# # #

About eScan

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24×7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues. For more information, visit www.escanav.com


eScan recognized as the fastest growing Youth Brand

September 29, 2017

MUMBAI, India – September 29, 2017 – eScan IT security solution received the 6th Brand Slam Award as the fastest growing youth brand in India, at the 6th Indira Brand Slam 2017, annual marketing gathering. The 6th Indira Brand Slam is presented by Indira Group & CMO Asia and endorsed by World Federation of Marketing Professionals & World Sustainability. The event every year attracts stalwarts from corporate world like Cisco Systems India, Panasonic, India, Bajaj Corporation Ltd. Viacom 18 Pvt. Ltd. etc. from various sectors and attended by over 1500 Management students of IGI.

6Brand-slam-Awards-2017Shree Chanakya Education Society’s “Indira Group of Institutes”, Pune is recognized as one of the leading educational institute imparting science, technology, management Brand-Slam-2017studies etc since the last 25 years. The World Federation of Marketing Professionals is an independent, not-for-profit networking body to effectively promote the interests of marketers in general. The CMO Asia is an organization dedicated to high level knowledge exchange through leadership & networking amongst CMOs across industry segments.

Purposeful Purpose – Towards Sustainability for Sustenance was the theme of the event which discussed the innovations in branding that have led to greater market penetration and reach to the customer. The event recognized various brands representing from across sectors that have by reinvented themselves & iconize brand leadership. eScan was one of the corporates who were recognized for their futuristic products and solutions in the field of technology.

The award reinstates eScan as the preferred brand of security solutions for the new age millennial who have been at the fore front, due to its global quality standards and ease of use.

On this occasion, Mr Sunil Kripalani, Sr. Vice President Global Sales and Marketing, eScan said, “We are humbled to receive this award at the 6th Indira Brand Slam 2017. The award reiterates our efforts in providing quality and innovative products at par with global standards for safeguarding our users from the growing cyber threats.

# # # 

About eScan

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24×7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues. For more information, visit www.escanav.com


%d bloggers like this: