What is an SSL VPN

      No Comments on What is an SSL VPN

SSL VPNs – DELIVERING VIP VALUE

With heavier demands for access to corporate and personal information – especially when ‘on-the-go’, via a proliferation of mobile devices  – staying safe has never been more challenging or crucial.

Coping with this is something that organisations have to manage in their working environments. As new technology evolves, the challenge is to stay ahead of the game

Virtual Private Networks (VPNs) have become a common and easy way to secure communications over the internet. VPN services are a fundamental part of distributed systems, enabling the creation of secure data tunnels to remote sites or hosts. VPNs use cryptography to scramble data, so that it’s unreadable during its journey across the internet, protecting data security and integrity. Deploying VPNs allows businesses to deliver secure, encrypted connectivity for a workforce on the move, which needs access to critical corporate network resources.

These issues must be considered: What kind of VPN to use? How do you ensure the greatest payback, in terms of simplicity and security? Most common are SSL VPNs (Secure Sockets Layer Virtual Private Networks). It is a form of VPN that can be used with any standard web browser and does not require the installation of specialised client software on the end user’s computer. An SSL VPN consists of one or more VPN devices to which the user connects by using his web browser, with the traffic operating between the browser and SSL VPN device encrypted with the SSL or Transport Layer Security (TLS) protocol.

What an SSL VPN offers is versatility, a low-hassle set up and tight control for a range of users on a variety of computers, who may be accessing resources from any number of locations. Finally, it is attainable for a modest investment.

Symantec has been in the business of securing connection and communication from the beginning, providing solutions that have evolved powerfully over time. In timely fashion, Symantec has unveiled new updates to its Website Security Solutions (WSS) portfolio that have innovative and comprehensive capabilities built in to help meet the ever-expanding security and performance needs for connected businesses. Essentially, the Symantec WSS strategy focuses on bringing maximum protection to companies, meeting compliance requirements, helping to improve performance, and reducing overall infrastructure costs.

Symantec has also just announced the first available multi-algorithm SSL certificates, with new ECC (Elliptic Curve Cryptography) and DSA (Digital Signature Algorithm) options to help further protect your ecosystems and strengthen the foundations of trust online. These algorithm options will be available for all new and existing customers in 2013. The Symantec 256-bit ECC keys are 10,000 times harder to break than an RSA 2048-bit key based on industry computation methods. Symantec ECC certificates offer the equivalent security of a 3072-bit RSA certificate whilst at the same time offering significant improvements in server performance at load, as a server with an ECC-based certificate is able to handle more requests faster and scales well to handle:

  • Traffic spikes – ECC efficiency improves at higher volumes
  • Business growth – allows more simultaneous connections

The end goal, as always, is to deliver solutions that both your business and clients can rely on, which is why we are constantly moving forward to deliver the best possible website security solutions.

 

For more information about how SSL certificates work visit our ‘SSL explained’ infographic

What are My Risks with My Mobile Device?

Mobile technology is the new frontier for fraudsters. Today, there are more wireless devices than American people.[1] Mobile devices connect to the Internet and have much of the same information and capability as a personal computer. Your device and the private data it holds are very, very attractive to thieves. Yet, most of us don’t Read more…

High profile site scares users

      No Comments on High profile site scares users

We come across a plenty of malware reports every day. Sometimes we have to deal with some special cases, where a respected vendor is involved. This time it was the Dell driver download site. The “Download file” link leads to this unexpected screen (our user complained about a false positive): Well, being an average user, […]

Visualizing A DDoS Cyber Attack

      No Comments on Visualizing A DDoS Cyber Attack

As you may recall from earlier posts in my blog, a denial-of-service (DDoS) attack occurs when hackers flood a target website with large amounts of traffic. This traffic is often generated through the hacker’s botnet, or network of infected computers. Usually, when a cybercriminal launches a DDoS attack on a website, there isn’t much for Read more…

How To Remember Your Passwords (And Not Have An IQ of 200!!)

Regardless of your IQ remembering your personal collection of passwords is hard work. With experts telling us we need a different password for each site and that we then need to change them every 6 months, well – it all becomes too hard!! There is absolutely no doubt that a strong and complex password is Read more…

Tracking PDF Usage Poses a Security Problem

Looking back this year’s RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the Read more…

Fraudsters Continue to Show Interest in Football

Contributor: Avhdoot Patil

Phishers have recently gained a lot of interest in football. Various phishing attacks using football were observed in 2012. Phishers have already shown their interest in the 2014 FIFA World Cup, football celebrities, and football clubs. Scam for LIONEL MESSI Fans and Scam for FC Barcelona are good examples of phishers using football celebrities and football clubs. Fraudsters understand that choosing celebrities with a huge fan base offers the largest amount of targets which could increase their chances of harvesting user credentials. In April 2013, the trend continued with phishers using the same strategy. The phishing sites were in French on a free web hosting site.

The phishing sites prompted users to enter their Facebook login credentials on pages designed to highlight Lionel Messi, FC Barcelona, or Cristiano Ronaldo. The phishing pages contained images of Lionel Messi, FC Barcelona, or Cristiano Ronaldo and tried to create the false impression that they were the official Facebook page for either Messi, FC Barcelona, or Ronaldo. Some of the fake sites were titled, “first social networking site in the world”. Users were prompted to enter their Facebook login credentials in order to connect to the Facebook page. After a user’s login credentials have been entered, users are redirected to a legitimate Lionel Messi, FC Barcelona, or Cristiano Ronaldo community page to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
 

Fraudsters Repeatedly 1.jpeg

Figure 1. Fake Facebook phishing page featuring Lionel Messi
 

Fraudsters Repeatedly 2.jpeg

Figure 2. Fake Facebook phishing page featuring FC Barcelona
 

Fraudsters Repeatedly 3.jpeg

Figure 3. Fake Facebook phishing page featuring Cristiano Ronaldo
 

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, “https”, or the green address bar when entering personal or financial information
  • Use comprehensive security software such as Norton Internet Security or Norton 360, which protects you from phishing scams and social network scams
  • Exercise caution when clicking on enticing links sent through email or posted on social networks
  • Report fake websites and email (for Facebook, send phishing complaints to phish@fb.com)

2012 Threats in Review – Part 2

      No Comments on 2012 Threats in Review – Part 2

In my last blog, I talked about how the 2012 Internet Security Threat Report points out the vulnerabilities common for small- and medium-sized businesses, and because of their mistakes for the larger enterprises that do business with them. So let’s talk about some good practices to address these risks.

First and most important is education. Employees need to understand what the company rules are on how to be secure, and understand each of their individual roles in the process. In turn, the roles and responsibilities need to support good security policies including separation of duties, access controls, and the idea of ‘least privilege’. For anyone new to the concept, least privilege is illustrated most simply that a temporary secretary shouldn’t have access to the same databases at the same level of information sharing as the head of HR. People need information, but they only need data required for them to function in their everyday duties. Consumers and customers also need to be trained on the many vectors of attack, including social media, links, and the possibility of malware in attachments via email. Buyers are also increasingly looking for indications of security like the green URL bar for Extended Validation certificates, the padlock, HTTPS:// and trust marks. Have a good security policy, then follow up by telling everyone what it is and how you are protecting their data.

Second is doing business securely. While true that a small business may not be able to defend against the newest zero-day attack, or even be able to spell APT, it is the old attacks that are still the bulk of the vulnerability.  Communication and data flowing in and out of a network needs to be encrypted. If the company creates apps or proprietary code to distribute, the code should be signed with a digital shrink-wrap to assure end users that it wasn’t tampered with en route. The PCI’s eCommerce Guide recommends SSL to secure your payment information, and recommends EV wherever possible for transactions.

Third is to protect your customers, your partners, and your employees by securing your websites. Review the results of all the malware scans and vulnerability assessments of your website that can be conducted by third parties. Symantec enabled malware scanning and vulnerability assessments as part of our SSL certificates, because we believe strongly that it’s a basic security measure for any organization securing their website. Make sure your security policy includes deadlines for patching critical vulnerabilities.

The online security ecosystem is doing its part to code a better internet: Protocols are constantly under revision to remove vulnerabilities as they are found. Browsers have enabled the green bar to show where a company chose a higher level of SSL authentication for their identity, and they display warnings when content is served up insecurely on an encrypted page. Social media sites are leading some of the way toward an always on SSL approach, where the connection is encrypted from user log on through the entire site experience. App stores are joining the always on movement for SSL too. 

The Threat Report doesn’t paint a bleak picture. More people are living and doing business online, and the world of eCommerce is growing annually. But the attackers are getting smarter, and no one can afford to say, “It’ll never happen to MY Company.” Because that’s exactly what the bad guys want you to think. Lock your doors.

Rise of .pw URLs in Spam Messages

      No Comments on Rise of .pw URLs in Spam Messages

Symantec has observed an increase in spam messages containing .pw top-level domain (TLD) URLs.  While it was originally a country code top-level domain for Palau, it is now available to the general public through Directi, who branded it as “Professional Web”.
 

pw tld blog 1.png

Figure 1. .pw TLD URL spam message increase
 

Looking back at the last 90 days, .pw ranked #16 on our TLD distribution list:
 

pw tld blog 2_0.png

Figure 2. TLD distribution list – last 90 days
 

However, the .pw URL jumps to the fourth spot when looking at the last 7 days:
 

pw tld blog 3.png

Figure 3. TLD distribution list – last 7 days
 

Examining messages found in the Global Intelligence Network, Symantec researchers have found that the vast majority of spam messages containing .pw URLs are hit-and-run (also known as snowshoe) spam. 

These are the top ten subject lines from .pw URL spam over the last two days:

  • Subject: How to sell your Timeshare
  • Subject: Reusable K Cup for Keurig or single-brew coffee maker
  • Subject: Reusable single-brew coffee cup you can fill with your coffee blend.
  • Subject: Are your home possessions covered in case of a  catastrophe?
  • Subject: Elmo’s Learning Adventure Gift Package
  • Subject: Make Learning Fun – With Elmo & the Sesame Street Gang!
  • Subject: Are your appliances and home systems covered?
  • Subject: Refinance Today, Save Tomorrow
  • Subject: Nothing is more EFFECTIVE for High Blood Pressure
  • Subject: Mortgage Rates

pw tld blog 4.png

Figure 4. .pw URL spam message example
 

Symantec will continue to monitor this trend and create additional filters to target these attacks.  In addition, Symantec also advises enterprises and consumers to adopt the best practices found in the Symantec Intelligence Report.