17 Aug Android 4.3 and SELinux Stefano Ortolani
01 Aug Security policies: non-productive use of resources Kirill Kruglov
10 Jul Security policies: misuse of resources Kirill Kruglov
03 Jun Security policies: portable applications Kirill Kruglov
25 Apr Security policies: remote access programs Kirill Kruglov
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Not many weeks ago Google released a new revision of its flagship mobile operating system, Android 4.3. Although some say that this time updates have been quite scarce, from a security perspective there have been some undeniable improvements (among others, the "MasterKey" vulnerability has been finally patched). One of the most prominent is SELinux. Many cheered the event as a long-awaited move, while others criticized its implementation. Personally, I think that the impact is not that easy to assess, especially if we were to question the benefits for end-users. In order to shed some light we can't help but analyze a bit more what SELinux is, and what is its threat model.
In the first part of this article we told you about targeted attacks and about how cybercriminals penetrate corporate networks, attacking the computers of employees who use their desktops for social networking and other cyber-skiving.
Along with targeted attacks there are other threats. Intentionally or by chance employees may be guilty of disclosing confidential data or breaking copyright laws, which might result in law suits against the company.
We will tell you about some incidents related to the storage and transfer of corporate documents via a personal mailbox or a cloud service and the use of software for P2P file sharing. We will explain what technologies and security policies allow system administrators and IT security specialists to prevent such incidents.
Reputation is an important corporate asset that is worth protecting - and not only from criminals. Employees who send professional correspondence to their personal mailboxes, download illegal content or use pirate software on corporate computers, never even think they might damage their company's reputation.
According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. By multiplying the hours spent on non-business-related things by the average cost of the working hour, the analysts estimate the costs to companies amounting to millions of dollars a year. Indirect losses may be even higher. If these employees – inadvertently or otherwise – assist hack attacks or identity theft, cause reputational damage or infringe copyright, the costs could be even greater.
The fact is that employees often use office computers to communicate on social networking sites, share links to online entertainment, or download files from suspicious resources. At the same time cybercriminals are actively using social networking sites for phishing and the distribution of malware. Many personal blogs, entertainment sites, file sharing services, torrent trackers, and files downloaded from them are infected. Passwords to email accounts are regularly hacked or stolen.
This article describes some problems which may arise from the improper use of office computers and demonstrate how to prevent similar incidents in the corporate network.
The threats that users face every day usually target mass audiences so the antivirus solution on their computers is enough to prevent most accidents. Targeted attacks are different: they are performed secretly, often using a non-standard approach; they are highly sophisticated and well organized. To achieve their goals the fraudsters use the most effective weapon to exploit any available software or social vulnerability.
Everyone has their own preferences in choosing applications: a favorite browser or instant messenger, media player or email client, etc. Many users are so accustomed to them in everyday life that they feel uncomfortable without access to their favorite programs at work or in college. As a result, they come to use the portable applications which we will discuss in this article.
Portable applications, stored on removable media, are very convenient: they need no installation and can be used in almost any environment. For users, this means their favorite tools are always at hand, and ready to do anything from playing movies and music to analyzing and restoring the system.
However, such applications can also pose a threat to information security. Users who do not have local administrator rights cannot install software on the PC, but they can bypass this restriction by taking advantage of portable applications that do not require installation. Since these applications are mobile and are stored on removable media, they often go undetected by auditing applications on the LAN. This makes it more difficult to investigate incidents related to the use of portable applications as the information about removable media and software installed on it is often unavailable to the IT security specialists.
An analytical company engaged in processing large amounts of personal information offered part-time work to students and non-IT-specialists: a couple of days a week they would transfer data from paper into electronic forms, recheck the available data for errors and contact people for further information.
The experience of many information security officers shows that only a small portion of security incidents take place as a result of meticulously planned and sophisticated targeted attacks, while most incidents are due to a lack of effective security and control measures. This post begins a series of publications about IT security threats associated with the use of legitimate software.
Hugely popular, easy-to-use and practical, remote access tools have been appreciated by system administrators and developers alike, as well as by anyone who has ever needed to log on to a work computer from a remote location, whether traveling on business, working from home, or caught out by an emergency while on vacation. However, unregulated use of this software poses a threat to corporate security and may lead to security incidents.