The Best Home Security Cameras of 2017

security cameras

Security Cameras 2017

One of the biggest benefits of a smart home is being able to know what’s going on when you’re not actually there. Whether you’re checking in on your kids, pets, or an exotic jewel collection, a home security camera is a great tool for keeping an eye on things from afar.

Although capabilities vary from device to device, surveillance cameras allow you to monitor what’s going on in your home through live or recorded video. But not all cameras are created equally. Some have alarms or can send you notifications when they detect activity, some offer two-way audio, some are meant to monitor your baby, and some even double as full-on home automation hubs.

We’ve tested lots of home surveillance cameras over the last few years, so we know what’s important to look for. For instance, you want a camera that’s simple to set up and use. Additionally, one of the very first qualities we notice is an attractive—though discreet—design. It’s important that the camera looks like something you actually want in your home, but depending on your needs, you may not want it to stand out too much.

Device support is critical as well. Our favorite cameras allow you to check in from anywhere, whether it’s an app on your phone or a Web browser. Additional features vary from camera to camera, and each of our top picks offer just enough variety to set them apart from the rest of the competition.

Here are some other important factors to consider when buying a home security cam:

The View

Even though 1080p is generally the standard resolution for cameras we’ve tested, and you won’t find any that stream or record in 4K any time soon, there are benefits to cameras with higher resolution sensors. Few home security cameras have optical zoom lenses, but almost all have digital zoom, which crop and enlarge whatever the camera is recording. The more megapixels a camera sensor has, the more you can digitally zoom in and still be able to see things clearly.

Besides resolution, consider the field of view as well. All security cameras have wide-angle lenses, but not all angles are created equal. Depending on the lens’ field of view, it can see between 100 and 180 degrees. That’s a big range in terms of the camera’s vision cone. If you want to watch a large area, you should consider a camera with a very wide field of view.

Placement

If you want to keep an eye on the rooms of your home, there are plenty of options. If you want to keep an eye on your driveway, backyard, or front porch, you need to be more choosy. Not all home security cameras are rugged enough to be mounted outdoors. You need a camera that’s waterproof and can stand up to rain, snow, and sun, and survive the extreme temperatures of summer and winter. The Nest Cam Outdoor and Netgear Arlo are two models built specifically for use outdoors, while the Nest Cam Indoor and the Netgear Arlo-Q might not survive the next rainstorm if you mount them over your garage door.

Connectivity

Most security cameras use Wi-Fi, but not all rely on it exclusively. Some add Bluetooth for local control and easier setup through your smartphone, while others incorporate separate home automation networking standards to interact with other devices, like ZigBee or Z-Wave. For most cameras, all you need to do is follow instructions on an app to connect them to your home network.

Once your camera is connected, you’ll almost certainly be able to access it through your smartphone or tablet. The vast majority of home security cameras today have mobile apps, and many focus entirely around those apps for doing everything. Some have Web portals as well, which add flexibility for accessing your videos and alerts from anywhere.

Cloud Storage

The videos your camera records probably won’t be stored on the camera itself. Most home security cameras use cloud services to store and offer remote access to footage. Some models have microSD card slots so you can physically pull the video from them when you want to review footage, but this is a rare feature.

Keep in mind that not all cloud services are alike, even for the same camera. Depending on the manufacturer, your home security camera will store different amounts of footage for different lengths of time. This service is often a paid subscription on top of the price of the camera itself, though some cameras offer free cloud storage to varying degrees. Cloud storage service is usually offered in tiers, letting you choose between keeping footage for a week, a month, or more.

Price

As you can see from our picks, most of the top-rated home security cameras on the market are roughly in the $200 range, but some of them also require an additional fee to store recorded video in the cloud. We break down any extra fees in our reviews, so it’s worth taking a look at each to find out which one fits your budget. Then again, you can’t really put a price on peace of mind.

Featured in This Roundup

  • Icontrol Networks Piper nv

    $279.00
    $279.99 at Amazon The Icontrol Networks Piper nv is a unique security camera that doubles as a home automation hub. This time around it offers night vision, a more robust camera sensor, and a faster processor.

  • LG Smart Security Wireless Camera LHC5200WI (With ADT Canopy)

    $199.99
    $199.99 at Amazon LG’s Smart Security Wireless Camera LHC5200WI doubles as a home automation hub and offers contract-free professional ADT monitoring at a reasonable price.

  • Nest Cam Outdoor

    $199.00
    $189.99 at Amazon The Nest Cam Outdoor security camera offers sharp 1080p video, crisp night vision, and motion detection alerts in a stylish weatherproof enclosure.

  • Canary All-In-One Home Security Device

    $199.00
    $149.99 at Amazon The Canary All-In-One Home Security Device keeps tabs on your dwelling with 1080p video capture and sensors for air quality, humidity, and temperature.

  • Logi Circle

    $199.99
    $149.99 at Best Buy The Logi Circle is an attractive and easy-to-use home security camera that lacks a few of the more powerful scheduling and programming features of its competition.

  • Nest Cam Indoor

    $199.00
    $192.75 at Amazon The Nest Cam Indoor is a dual-band Wi-Fi surveillance camera that offers crisp 1080p video, motion and sound detection, and integration with other Nest devices. It’s a snap to install, but you have to pay to view recorded video.

  • Netgear Arlo Q

    $219.99
    $161.66 at Amazon The Netgear Arlo Q is a pricey home security camera that delivers sharp, colorful 1080p daytime imagery and clear night vision video.

  • Netgear Arlo Security System (VMS3230)

    $349.99
    $269.99 at Amazon With Netgear’s Arlo Security System, you can place wireless cameras just about anywhere to keep tabs on your home, but you’re trading some functionality for battery power.

  • Petcube Play

    $199.00
    $179.00 at Amazon The latest security camera from Petcube, the Play, solves all of the issues we had with the original by adding a 1080p camera, night vision, cloud storage, and alerts.

  • Zmodo Pivot

    $149.50
    $99.00 at Amazon Want to keep tabs on what’s happening at home when you’re not there? The Zmodo Pivot camera gives you a 360-degree view, delivers crisp 1080p video, and goes one step further by including multiple security and environmental sensors.

Article Provided By: PC Magazine

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

How to Quantify the Risk of an Insider Threat

Insider Risk

risk

Never before have there been so many platforms that let a growing number of people touch, manipulate, download, and share sensitive data.

But there’s a dark side to all that access: It exposes a company to malicious intent and theft of information worth thousands, sometimes millions, of dollars. More alarming is the fact that less than half (42 percent) of all organizations have the appropriate controls in place to prevent these attacks, according to the Insider Threat Spotlight Report.

How do you get a handle on this threat? Mitigation begins with assigning risk levels to employee roles. Who has access to sensitive information, intellectual property, trade secrets, customer lists, and any other proprietary data? That’s the foundation of your risk model. Many companies use a simple numerical scale of 1-10, with 10 as the highest risk. Others may prefer simpler categories like Low, Medium, and High or yellow, orange, and red alerts.

It turns out that nearly 80 percent of employee fraud takes place in accounting, operations, sales, senior management, customer service, and purchasing. But it’s critical to establish a risk profile for everyone in the company, no matter which department. Take into account employees’ current roles, levels of privilege, and required access to proprietary information. Senior IT people and C-Suite executives obviously have more privilege and access than mid-level managers and clerical workers. And, of course, the higher the risk in a potential disaster, the greater the need to monitor an employee’s activities.

Prepare to update the risk profile of an individual. Organizations are dynamic, and employees regularly make lateral moves or get promoted. Someone who doesn’t touch sensitive information in one role may very well have access and new privileges in a different assignment.

Employees’ personal lives change constantly, too. A traumatic event, like a death in the family or divorce, psychological problems, or a shift in financial circumstances for the worse—any of these can cause behavioral changes in people. And they all may require re-evaluation of an individual’s level of risk.

Once you’re committed to the process, we recommend taking the following steps:

  1. Create an insider-risk team. While IT and its security team may oversee the monitoring of user activity, the process really requires support from the most senior ranks, as well as other departments. Your legal department help can help decide how to monitor while complying with the law and act as a critical liaison between executives and the security group. Human resources can help support the need and processes for monitoring, as well document employee cases—and put a “human” face on the operation.
  2. Designate risk levels. This, of course, is what I’ve been discussing in this post all along: using job titles to assign a scale of risk, depending on levels of privilege and access.
  3. Pinpoint inappropriate conduct. Just because you’ve assigned someone a high-risk level doesn’t necessarily mean that he’s committing an offense. Conversely, an employee’s inappropriate behavior can sometimes be misread as performance of normal job-related tasks. That’s why it’s critical to develop ways to identify truly improper conduct through changes in an individual’s communication and behavior. You can do that through software that is known as user-behavior analytics and, less technically, by means of procedures your employees can follow to report troublesome behavior.
  4. Set up a system of insider monitoring. When you’re establishing a system to keep an eye on employee activity and behavior, it helps to decide what level of monitoring goes along with the different risks they may pose to your organization. For example, someone in a low-risk category probably can’t interact with sensitive information and therefore needs little more than the less-technical sort of monitoring suggested above. Medium-risk employees do have access to proprietary data and, so, may require monitoring additionally with user-behavior analytics. So, too, with those high-risk individuals who should probably be subject to the most active monitoring and review.

Quantifying risk is just the start of mitigating insider threats. But if you develop the initial baseline—starting with job title and access to privileged information—you can get a better handle on which employees you will have to monitor during such critical periods as hiring, job title and personal changes, and the high-risk exit period.

Article Provided By: Info-Security Magazine

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

5 Emerging Data Security Technologies Set to Level The Battlefield

data security technologiesThe war between data defenders and data thieves has been described as a cat-and-mouse game. As soon as the white hats counter one form of black-hat malicious behavior, another malevolent form rears its ugly head. How can the playing field be tilted in favor of the infosec warriors? Here are five emerging security technologies that may be able to do that.


 

1. Hardware authentication

The inadequacies of usernames and passwords are well known. Clearly, a more secure form of authentication is needed. One method is to bake authentication into a user’s hardware. Intel is moving in that direction with the Authenticate solution in its new, sixth-generation Core vPro processor. It can combine a variety of hardware-enhanced factors at the same time to validate a user’s identity.

Intel has built on previous efforts to dedicate a portion of the chipset for security functions to make a device part of the authentication process. Good authentication requires three things from users: what they know, such as a password; who they are, such as a username; and what they have, such as a token. In the case of Authenticate, the device becomes the what-you-have.

“This isn’t new,” said Scott Crawford, research director for information security at 451 Research. “We’ve seen this in other manifestations, such as licensing technologies and tokens.”

Hardware authentication can be particularly important for the Internet of Things (IoT)where a network wants to ensure that the thing trying to gain access to it is something that should have access to it.

However, Crawford noted, “The most immediate application for the technology is for authenticating an endpoint in a traditional IT environment — laptops, desktops, and mobile devices using Intel chipsets.”

2. User-behavior analytics

Once someone’s username and password are compromised, whoever has them can waltz onto a network and engage in all kinds of malicious behavior. That behavior can trigger a red flag to system defenders if they’re employing user behavior analytics (UBA). The technology uses big data analytics to identify anomalous behavior by a user.

“There’s a lot of interest in this in the enterprise,” 451′s Crawford said.

“User activity is the number one concern of security professionals.”

He explained that the technology addresses a blind spot in enterprise security. “Once an attacker gains entry into an enterprise, what happens then?” he asked. “One of the first things they do is compromise credentials. So then the question becomes, Can you differentiate between a legitimate user’s activity and an attacker who has gained entry, compromised a legitimate user’s credentials and is now looking for other targets?”

Visibility into activity that does not fit the norm of the legitimate user can close a blind spot in the middle of the attack chain. “If you think of the attack chain as initial penetration, lateral movement, and then compromise, theft, and exfiltration of sensitive data, the middle links in that attack chain have not been very visible to enterprise security pros, and that’s why the interest in user behavior analytics today,” Crawford said.

Comparing a user’s present behavior to past behavior isn’t the only way UBA can identify a malicious actor. “There’s something called ‘peer analysis’,” explained Steven Grossman, vice president for program management at Bay Dynamics, a threat analytics company. “It compares how someone is behaving compared to people with the same manager or same department. That can be an indicator that the person is doing something they shouldn’t be doing or someone else has taken over their account.”

In addition, UBA can be a valuable tool for training employees in better security practices. “One of the biggest problems in a company is employees not following company policy,” Grossman said. “To be able to identify those people and mitigate that risk by training them properly is critical.”

“Users can be identified and automatically signed up for the training appropriate for the policies they were violating.”

3. Data loss prevention

A key to data loss prevention is technologies such as encryption and tokenization. They can protect data down to field and subfield level, which can benefit an enterprise in a number of ways:

  • Cyber-attackers cannot monetize data in the event of a successful breach.
  • Data can be securely moved and used across the extended enterprise — business processes and analytics can be performed on the data in its protected form, dramatically reducing exposure and risk.
  • The enterprise can be greatly aided in compliance to data privacy and security regulations for protection of payment card information (PCI), personally identifiable information (PII) and protected health information (PHI).

“There’s been a lot of security spending over the last several years, and yet the number of records breached in 2015 went up considerably over the prior year,” noted 451′s Crawford. “That’s contributing to the surge in interest in encryption.”

However, as John Pescatore, director of Emerging Security Trends at the SANS Institute, points out, authentication plays an important role in data loss prevention.

“There can’t be strong encryption without key management, and there can’t be key management without strong authentication.”

4. Deep learning

Deep learning encompasses a number of technologies, such as artificial intelligence and machine learning. “Regardless of what it’s called, there a great deal of interest in it for security purposes,” 451′s Crawford said.

Like user behavior analytics, deep learning focuses on anomalous behavior. “You want to understand where malicious behavior deviates from legitimate or acceptable behavior in terms of security,” Crawford explained.

“When you’re looking at activity on the enterprise network, there’s behavior that’s not user behavior but is still malicious. So even if it’s looking at behavior, it’s looking at a slightly different application of behavioral analytics.”

Instead of looking at users, the system looks at “entities,” explained Brad Medairy, a senior vice president with Booz Allen. “Exact business analytics and recent developments in machine-learning models mean we are now able to look at the various entities that exist across the enterprise at the micro to the macro levels. For example, a data center, as an entity, can behave a certain way, similar to a user.”

Use of machine learning can help stamp out the bane of advanced persistent threats, added Kris Lovejoy, president of Acuity Solutions, maker of an advanced malware detection platform. “With its ability to decipher between good and bad software, at line speed, machine-learning technologies will offer a significant boon to security practitioners who seek to decrease time to advanced threat detection and eradication,” she said.

Crawford said he expects investments in deep learning for security purposes to continue. He added, however, that “the challenge for enterprises is there are a lot of companies coming to market with similar approaches for the same problem. Differentiating distinctions from one vendor to another is going to be a major challenge for enterprises in the coming year and beyond.”

5. The cloud

“The cloud is going to have a transformative impact on the security technology industry generally,” Crawford said.

He explained that as more organizations use the cloud for what has traditionally been the domain of on-premises IT, more approaches to security that are born in and for the cloud will appear. On-premises techniques will be transitioned to the cloud. Things such as virtualized security hardware, virtualized firewalls, and virtualized intrusion detection and prevention systems. But that will be an intermediate stage.

“If you think about what an infrastructure-as-a-service provider can do on a very large scale for all of its customers, there may not be the need to pull out all the defenses you need on-prem,” Crawford said. “The infrastructure-as-a-service provider will build that into their platform, which will relieve the need to do that for the individual cloud customer.”

SANS’ Pescatore added that government agencies and private industry have increased the security of their data centers by using IaaS services such as Amazon and Firehost. “The GSA FedRAMP program is a great example of ‘certified secure-enough’ cloud services that make it easier for the average enterprise to have above-average data center security,” he said.

These five should help out the infosec warriors get the upperhand. Any we missed? Which technologies do you suggest will move the needle on information security? Weigh in via the comments below.

Article Provided By: TechBeacon

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

The Cyber Risk of Mixing Business with Pleasure

Cyber Risk – Technical and Process Controls for the Enterprise Must Extend to Employees and How They Engage in Personal Services

Cyber RiskThe ubiquitous use of social media has blurred the lines between business and personal lives. A lot has been written about the importance of keeping the two separate, with an emphasis on the potential risk to an individual’s reputation. A photo or casual comment meant for a friend can have a detrimental effect when viewed by a business associate or employer. But there’s another important reason why separating business from pleasure should be a concern – the potential for increased cyber risk to your business stemming from credential compromise to social media accounts.

Barely a week goes by without reports of a leaked database. At the same time, dumps of stolen credentials are regularly sold, traded and shared online across paste sites, file-sharing sites and online marketplaces. Credential compromise is not new, but how these credentials become available is often directly related to the lack of separation between business and pleasure.
The LinkedIn and MySpace databases were recently exposed by threat actors using the names “Peace of Mind” and “Tessa88”. Breaches of dating services like Ashley Madison and Adult Friend Finder also were the source for credentials. And although proportionally low, even gaming services have been responsible for leaked credentials. It may be surprising but many of the credentials used for these sites were corporate accounts. That’s right. Many employees reuse their corporate emails for other services and, when these services are breached, it also reveals their credentials.

Cyber Risk

Employees who have reused corporate emails and passwords for personal use can put their employers at risk of account takeovers, credential stuffing and extortion attempts.
Account takeovers
On May 23, 2016, OurMine Team reportedly compromised a number of social media profiles for various business personnel and celebrities. The accounts that were affected included Twitter, Tumblr and LinkedIn profiles. The group initially claimed the use of zero-day exploits to compromise accounts, but later confirmed access was secured through the use of information from the recently exposed dataset from LinkedIn. More recently, it was reported that the alleged Dropbox leak also occurred from password reuse of the LinkedIn breach. The likelihood is that people have neglected to change their passwords since 2012, and proceeded to recycle the same password for multiple services.
Credential stuffing
Threat actors can automatically inject breached username and password pairs in order to fraudulently gain access to user accounts. This technique, known as credential stuffing, is a type of brute force attack whereby large sets of credentials are automatically inputted into websites until a match with an existing account is found. An attacker can then hijack that account for a variety of purposes, such as draining stolen accounts of funds, the theft of personally identifiable information, or to send spam. According to the Open Web Application Security Project (OWASP), credential stuffing is one of the most common techniques used to take-over user accounts.

Extortion attempts
Hundreds of thousands of corporate email addresses were leaked as part of the Ashley Madison breach. Following the breach of online dating site Ashley Madison in July 2015, extortion attempts were directed against specific individuals identified within the compromised dataset. Users received extortion emails threatening to share the exposed information with the victim’s partner, unless one Bitcoin was paid into a specified Bitcoin wallet. A number of automated post-breach extortion services also emerged including one site that reportedly spammed users with unsolicited bulk emails that suggested their spouses or employers may find out their details were exposed.
By better understanding that corporate credentials are being reused for personal services and how threat actors may exploit credentials, security teams can better prepare for and mitigate instances of credential compromise. Here are a few tips.
Set policies

• Establish a policy for which external services are allowed to be associated to corporate email accounts.
• Understand and monitor approved external services for password policies and formats to understand the risks and lowest common denominators.
Monitor activity

• Proactively monitor for credential dumps relevant to your organization’s accounts and evaluate these dumps to determine if the dumps are new or have been previously leaked, in which case you may have already addressed the matter.
 • If you have any user behavior analytics capabilities, import compromised identity information and look for any suspicious activity (e.g., accessing resources that have not been accessed in the past.)
Educate employees

• Update security awareness training to include the risks associated with password reuse.
• Encourage staff to use consumer password management tools like 1Password or LastPass to also manage personal account credentials.
The number of compromised credentials that are available online is staggering, providing a goldmine for attackers. In fact, Verizon’s 2016 Data Breach Investigations Report found that breached credentials were responsible for 63 percent of data breaches. As the lines between personal and professional become blurred, so too must the approach that organizations take to deal with cyber risk. Technical and process controls for the enterprise must extend to employees and how they engage in personal services.
Article Provided By: SecurityWeek

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

Drones Doing Bad; Drones Doing Good (Part 2)

Drones

Drones (continued) – Innovative User-Defined Fields

According to Wydner, the system, which was installed by security systems integrator Steve Murphy of Chown Security, Portland, Oregon, had to not only work with existing HID Global identification cards used by students across campus; it also had to have an easy-to-access user repository. “A key feature that really helped us was the ability to add in user-defined fields because we needed to have our own unique key,” Wydner says.

The innovative charm of the access system’s technology, however, is its hand- shaking with other software platforms for a completely interoperable access and room reservation system. To accomplish this, Wydner and his team installed the data management engine (Pinwheel DME from SwiftData Technology). Pinwheel integrates data from the access system along with several other enterprise software solutions employed at the facility, including sophisticated room scheduling, Web calendar and online event registration software (from Dean Evans & Associates) and an enterprise resource planning platform from higher education software provider Ellucian.

However, there were several significant hurdles that had to be overcome by both the OSU IT group and others involved to help make these interoperability goals a reality. An integration of this magnitude had never been done before, so much of the project was uncharted water, comments Murphy. “We didn’t know quite where to begin,” Wydner adds. “We knew that we needed to get all of the user data – our faculty, staff members, and students. We needed some way of defining who is taking a college business class and which system we were going to pull that out of, whether that’s going to be our central student repository, Active Directory or if we were going to go off of Salesforce.”

Wydner said the university eventually decided the best way to bring this information together was to enter it into Salesforce, the San Francisco, California-based firm known for its Web customer relationship management system and its strength in application programming interfaces or APIs. He started a separate project focused on integrating the identification numbers from the campus HID cards into their Salesforce database. Aside from that, the team also had to figure out a way to format the data from Salesforce so that it would be recognized by the access and Dean Evans event management software solutions.

By using the Pinwheel data management engine or DME platform, students are now enrolled automatically based upon the information entered into the Ellucian enterprise resource planning system. The successful integration of these systems would not have been possible, however, without some of the unique features provided by the access control platform with its innovative way of combining the access levels of students and staff members with their respective rights and privileges through a process known as nesting.

Austin Hall also uses an automated lock system which saved significantly on time and manpower.

Door Access and Meeting Scheduling

“The main thing that our faculty and students enjoy about the integration is that they can just walk up to a project room or a meeting room [and] tap their OSU ID on the lock (AD-400 wireless networked locks from Schlage). It then opens up, lets them in, and it also gives them an automatic one-hour reservation on the room,” observes Wydner.

“Multi-tech locks are future-proof and access panels can handle up to 16 locks,” points out Murphy, who believes the project took system integration capabilities to new and innovative heights.

There are other tech trends embedded in such an approach, according to Mitchell Kane, president, Vanderbilt. As compared to security video, it may seem that advances in electronic access control emerge and evolve more slowly. From a hardware perspective, technology moves at a snail’s pace, says Kane. What is more innovatively important is the trend of interoperability with other systems and big data. Until recently, most data integration with access management was through HR or IT databases. Kane sees a trend toward integration with workflow applications, working with data on an automated level, based on logic and analytics.

The multifunctional ability can be viewed as innovative.

That’s the bottom line for Guy Grace, manager of security and emergency planning for the Littleton, Colorado, Public Schools, and who is installing a network-based communication and security system (the IX Series from Aiphone) featuring video entry security, internal communication, emergency stations, and paging. All units and apps in the systems can unlock doors remotely on a network, assist onsite visitors from an offsite location, broadcast emergency announcements and communicate using Power over Ethernet (PoE).

Among the “cool things we get from the technology is the intercom’s ability to record audio and video of visitors on our network digital video recorders or NDVRs. So now we have an extra camera, the ability to record all the transactions at the door in voice and video, the ability to talk to the door from the school and the security office miles away. And also these now can be used as a call for help stations 24/7,” says Grace.

Check Out Part 1

Article Provided By: Security

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

Labor Day

History of Labor Day

Labor Day: What it Means

Labor Day, the first Monday in September, is a creation of the labor movement and is dedicated to the social and economic achievements of American workers. It constitutes a yearly national tribute to the contributions workers have made to the strength, prosperity, and well-being of our country.

Labor Day Legislation

Through the years the nation gave increasing emphasis to Labor Day. The first governmental recognition came through municipal ordinances passed during 1885 and 1886. From these, a movement developed to secure state legislation. The first state bill was introduced into the New York legislature, but the first to become law was passed by Oregon on February 21, 1887. During the year four more states — Colorado, Massachusetts, New Jersey, and New York — created the Labor Day holiday by legislative enactment. By the end of the decade Connecticut, Nebraska, and Pennsylvania had followed suit. By 1894, 23 other states had adopted the holiday in honor of workers, and on June 28 of that year, Congress passed an act making the first Monday in September of each year a legal holiday in the District of Columbia and the territories.

Founder of Labor Day

The father of labor day

More than 100 years after the first Labor Day observance, there is still some doubt as to who first proposed the holiday for workers.

Some records show that Peter J. McGuire, general secretary of the Brotherhood of Carpenters and Joiners and a cofounder of the American Federation of Labor, was first in suggesting a day to honor those “who from rude nature have delved and carved all the grandeur we behold.”

But Peter McGuire’s place in Labor Day history has not gone unchallenged. Many believe that Matthew Maguire, a machinist, not Peter McGuire, founded the holiday. Recent research seems to support the contention that Matthew Maguire, later the secretary of Local 344 of the International Association of Machinists in Paterson, N.J., proposed the holiday in 1882 while serving as secretary of the Central Labor Union in New York. What is clear is that the Central Labor Union adopted a Labor Day proposal and appointed a committee to plan a demonstration and picnic.

Article Provided By: U.S. Department Of Labor

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

Don’t Become a Cybersecurity Big Data Pack Rat

Enterprise Security Teams Must Think More About How to Reduce Big Data Into Real-time Answers

Security teams are always looking for new and efficient ways to find threats, and the emerging field of security analytics is proving to be one of the most promising areas of innovation. Security analytics encompasses a wide range of analytical techniques which can be performed on an equally diverse set of data sources, such as network traffic, host-based indicators, or virtually any type of event log.

In many ways this description sounds like a version of big data analytics – the analysis of very large data sets to find unexpected correlations. However, while big data is obviously a powerful tool, it is not a silver bullet for every problem. When it comes to finding active attacks, too much data can actually overwhelm staff to the point that threats get lost in the noise. Without a clear notion of how to use the data, a big-data security analytics project can turn IT teams into the cybersecurity version of pack rat, with data piled up to the point that it becomes unusable and paralyzes the organization.

A few lessons from the past and present

We don’t have to look back very far for a lesson on how more data doesn’t always mean more value. Since the 1990s SIEM and log management vendors posited that a central collection point for all enterprise logs could be used to answer virtually any enterprise question. And while SIEMs obviously have proven essential to many organizations, they have fallen well short of becoming the all-knowing oracle of IT. Organizations have learned the hard way that mountains of data don’t magically turn into insight.

Human expertise is typically at the heart of a successful SIEM project. Specialists are required in order to understand the different types of data and to build highly complex rules to interpret the data. Human analysts are typically required to ask the SIEM the right set of questions. This often leads to highly bespoke operations that can be very brittle and hard to change, and heavily dependent on human care and feeding. In short, simply collecting the data is the easy part. Making use of that mountain of data can be far more challenging.

Security teams actually need data reduction

Big DataThe big data approach to security analytics is poised to replicate many of the same things that plagued SIEMs for years, albeit with much more data, and by extension, much more complexity. To avoid the pitfalls of the previous generation, we need to avoid the magical thinking that says, “if we just collect enough data, the answer will reveal itself.” The burden of this thinking almost invariably falls on the shoulders of human analysts, who must sift through the many alerts and anomalies in search of the point that matters.

The fundamental issue is that the more data we collect, there is parallel requirement for automated data reduction. By data reduction I mean the ability to quickly reduce the many figurative haystacks down to the few points that matter. Today, we are creating a situation where the generation of haystacks is automated, but the process of finding the needles remains manual. Staff can spend all of their time investigating events that are “unusual”, but may not be an actual threat. This can lead to the pack rat scenario where everything is kept in the hope it will be useful, but actually makes normal operation impossible.

As a result, security analytics projects need to be evaluated in terms of how does the data get turned into intelligence. How is analysis automated? When an issue is detected, how conclusive is it? How much additional investigation and verification is required by staff, and how much time does it take? Once again, collecting the data is relatively easy – the value of security analytics solutions will rest in how well they reduce that data into answers.

Of course, keeping a repository of all data is not a bad thing in itself. In fact, it can prove to be very valuable when used in a forensic context. In such a case, the security teams have a very good sense that something has gone wrong, and a complete data set can allow them to go spelunking for answers. However, this is a very different use case than proactively finding and stopping an active attack in progress. Both approaches have their place. But frankly, the industry is not lacking in forensic tools that can verify and analyze a known attack. The piece that most organizations are missing is the ability to reveal the attacks that they don’t already know about. This requires us to think more about how we reduce big data into real-time answers.

Article Provided By: Security Week

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

DOT and FAA Finalize Regulations for Small Unmanned Aircraft Systems

Regulations will create new opportunities for business and government to use drones

 New Drone Regulations

WASHINGTON – Today, the Department of Transportation’s Federal Aviation Administration has finalized the first operational rules (PDF) for routine commercial use of small unmanned aircraft systems (UAS or “drones”), opening pathways towards fully integrating UAS into the nation’s airspace. These new regulations work to harness new innovations safely, to spur job growth, advance critical scientific research and save lives.

“We are part of a new era in aviation, and the potential for unmanned aircraft will make it safer and easier to do certain jobs, gather information, and deploy disaster relief,” said U.S. Transportation Secretary Anthony Foxx. “We look forward to working with the aviation community to support innovation, while maintaining our standards as the safest and most complex airspace in the world.”

According to industry estimates, the rule could generate more than $82 billion for the U.S. economy and create more than 100,000 new jobs over the next 10 years.

The new rule, which takes effect in late August, offers safety regulations for unmanned aircraft drones weighing less than 55 pounds that are conducting non-hobbyist operations.

The rule’s provisions are designed to minimize risks to other aircraft and people and property on the ground. The regulations require pilots to keep an unmanned aircraft within visual line of sight. Operations are allowed during daylight and during twilight if the drone has anti-collision lights. The new regulations also address height and speed restrictions and other operational limits, such as prohibiting flights over unprotected people on the ground who aren’t directly participating in the UAS operation.

The FAA is offering a process to waive some restrictions if an operator proves the proposed flight will be conducted safely under a waiver. The FAA will make an online portal available to apply for these waivers in the months ahead.

“With this new rule, we are taking a careful and deliberate approach that balances the need to deploy this new technology with the FAA’s mission to protect public safety,” said FAA Administrator Michael Huerta. “But this is just our first step. We’re already working on additional rules that will expand the range of operations.”

Under the final rule, the person actually flying a drone must be at least 16 years old and have a remote pilot certificate with a small UAS rating, or be directly supervised by someone with such a certificate. To qualify for a remote pilot certificate, an individual must either pass an initial aeronautical knowledge test at an FAA-approved knowledge testing center or have an existing non-student Part 61 pilot certificate. If qualifying under the latter provision, a pilot must have completed a flight review in the previous 24 months and must take a UAS online training course provided by the FAA. The TSA will conduct a security background check of all remote pilot applications prior to issuance of a certificate.

Operators are responsible for ensuring a drone is safe before flying, but the FAA is not requiring small UAS to comply with current agency airworthiness standards or aircraft certification. Instead, the remote pilot will simply have to perform a preflight visual and operational check of the small UAS to ensure that safety-pertinent systems are functioning property.  This includes checking the communications link between the control station and the UAS.

Although the new rule does not specifically deal with privacy issues in the use of drones, and the FAA does not regulate how UAS gather data on people or property, the FAA is acting to address privacy considerations in this area. The FAA strongly encourages all UAS pilots to check local and state laws before gathering information through remote sensing technology or photography.

As part of a privacy education campaign, the agency will provide all drone users with recommended privacy guidelines as part of the UAS registration process and through the FAA’s B4UFly mobile app. The FAA also will educate all commercial drone pilots on privacy during their pilot certification process; and will issue new guidance to local and state governments on drone privacy issues. The FAA’s effort builds on the privacy “best practices” (PDF) the National Telecommunications and Information Administration published last month as the result of a year-long outreach initiative with privacy advocates and industry.

Part 107 will not apply to model aircraft.  Model aircraft operators must continue to satisfy all the criteria specified in Section 336 of Public Law 112-95 (PDF) (which will now be codified in Part 101), including the stipulation they be operated only for hobby or recreational purposes.

Article Provided By: Federal Aviation Administration

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

So you’re caught in a data breach. Now what?

data breach

Reacting to a data breach can feel like you’re shuffling deck chairs on the Titanic or slamming the barn door after the horses have bolted. But there are some concrete steps you can take to minimize the harm from breaches and make yourself safer in case it happens again.

Last week, we found out when a hacker started selling a massive database of LinkedIn customer information that a 2012 data breach affected 167 million accounts, 161 million more accounts than originally reported. Other major breaches include those of Target in 2013JPMorgan Chase in 2014, and the U.S. government’sOffice of Personnel Management in 2015.

Many of the steps you can take after learning that your data has been involved in a breach might feel ineffective, says Paul Stephens of the Privacy Rights Clearinghouse, a consumer advocacy organization. But consumers are not as powerless as they might feel, he adds.

“Consumers need to get in the mindset that you assume that you’ve been breached and [are] proactive to begin with,” he says. “If you go with that premise, then I think a lot of the breach fatigue will be eliminated.”

Think of having your personal information stolen in a data breach like getting sick. You don’t (or at least shouldn’t) just roll over and moan until it goes away: To prevent it from getting worse as your body recovers, you take some medication or homeopathic remedies. If you find that your data is part of a breach, you can do certain things to recover faster and make it harder for hackers to harm you after future breaches.

A Data Breach, also known as security breaches, take on various forms. Someone could have stolen your credit card information from a point-of-sale terminal through a scheme known as skimming. Someone could have stolen information about you from a computer, phone, or hard drive. Or, more commonly, someone could have hacked into a massive customer database containing information about you.

Responding to  a data breach is complicated, in no small part because of the patchwork of state and federal laws governing how companies that have been breached are required to notify you. In the United States, 47 states require varying degrees of notification. You may not immediately or even directly learn that your data has been involved in a breach. You might receive a notification via email or a physical letter, or read or listen to a news report about it.

“Often, consumers aren’t given accurate information by the entity that was breached,” Stephens says. “Checking your credit report is not going to do a thing if the only thing that was in the breach was your credit card number.”

Taking the correct action for the kind of breach you’re involved in, and making sure that your accounts are as secure as possible before another breach occurs, can go a long way. Here are five things to do, if you hear that your information has been involved in a data breach.

DETERMINE WHETHER IT’S LEGIT

Make sure that the breach actually happened, and that you’re not falling prey to a phishing attack or other scam to get you to hand over your vital data. Contact the organization, which can include looking for a message about the breach on its website, looking up its phone number (not the one in the email sent to you) and calling it directly, or keeping an eye out for media reports of the breach.

Do not respond to the email, call the phone number included in the email, or click any links in the email, as the email could be an attempt to steal your personal information known as phishing. If you’re concerned about the veracity of the breach notification, we’ve compiled some tips to avoid phishing scams and phone call scams.

FIGURE OUT WHAT WAS STOLEN

The actions you take depend on the information stolen. Was it a credit or debit card number? A username or password? Or was it something more closely related to your identity, such as your date of birth, Social Security number, driver’s license number, or passport number? Your next actions depend on what’s been pilfered.

UPDATE YOUR AUTHENTICATION METHOD

Don’t let accounts with potentially compromised passwords linger. Compromised accounts can lead to more fraudulent activity in your name, and they can be used to send even more phishing spam. Wherever possible, choose new passwords at least 16 characters in length that include uppercase and lowercase letters, as well as numbers, symbols, and spaces. Do not reuse passwords.

Also, wherever possible, take advantage of two-factor authentication, which provides an extra layer of security to your accounts. So even if someone steals your password, he or she can’t access your account. Here’s our regularly updated guide to two-factor authentication.

And when answering identity verification questions such as, “What is your mother’s maiden name?” or “What was your first car?” you should lie. Make the lie easy for you to remember and hard for others to guess—the answer to the question about your mother’s maiden name could be something like, “Donald Trump is scary.”

REPLACE YOUR CARD(S), AND MONITOR YOUR CREDIT

If the breach involves your bank or credit card information, contact the financial institution immediately. It will guide you through fraud protection, a process that most likely will place a hold on your account until it can issue you a new card or account number.

Ask the institution to watch for fraudulent activity on your account, and ask a major credit-reporting agency (Equifax, Experian, or Trans Union) to monitor your account for fraud. If you’ve been offered free credit monitoring as part of a breach notification, take advantage of it.

CONTACT THE GOVERNMENT

If the stolen data includes government-issued identification, such as your Social Security number, or identity numbers that can’t be changed, such as your birth date, get in touch with the authorities. The U.S. government has a site dedicated to helping people who need to change their government-issued identification numbers at IdentityTheft.gov.

There are pre-emptive steps you can take too. For example, the IRS offers residents of some states a unique identification number to cut down on tax return fraud.

REGISTER FOR FUTURE DATA BREACH NOTIFICATION

Security expert Troy Hunt runs a free subscription site called Have I Been Pwned, which will notify you by email if your information has been stolen as part of a data breach.

If your email has been part of a breach, and you’re using the same password as before the breach, it’s likely been compromised and you need to change it immediately.

Although it can be easy to slip into “breach fatigue,” it’s not enough for consumers to presume they’ve been breached. “Why wait for the breach to happen?” asks Stephens, who encourages consumers to take action “before it occurs.”

Article Provided By: The Paralla

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

Why is everyone covering up their laptop cameras?

Stickers and slides serve to ease concerns that spooks could be watching our every move, as even the FBI director says he puts tape on his cameras

cameras

For the past half decade, the technology industry has been racing to build better cameras into the hardware we use every day.

Yet the surveillance age has inspired an odd cottage industry battling against this trend: a glut of cheap stickers and branded plastic slides designed to cover up the front-facing cameras on phones, laptops, and even televisions.

For years, security researchers have shown that hackers can hijack the cameras to spy on whoever is on the other end. To put that in perspective, think of all the things your devices have seen you do.

Such warnings have finally caught on. Last month, the FBI director, James Comey, told an audience: “I put a piece of tape over the camera because I saw somebody smarter than I am, had a piece of tape over their camera.”

The corporate swag company Idea Stage Promotions describes its Webcam Cover 1.0 as “the HOTTEST PROMOTIONAL ITEM on the market today”. The cable channel USA Networks sent journalists a “Mr. Robot” webcam cover for the popular hacker thriller’s upcoming season.

Covering cameras isn’t new for those who know that the internet is always watching. Eva Galperin, a policy analyst for the Electronic Frontier Foundation, says that since she bought her first laptop with a built-in camera on the screen, a MacBook Pro, in 2007, she’s been covering them up.

EFF started printing its own webcam stickers in 2013, as well as selling and handing out camera stickers that read: “These removable stickers are an unhackable anti-surveillance technology.”

“People purchase these regularly,” a spokesman said.

The fear over web cameras has penetrated deep into popular culture. The trailer for Oliver Stone’s forthcoming biopic Snowden, on the US spy contractor, features a clip of actor Joseph Gordon-Levitt, who plays the title character, looking nervously at his laptop camera during an intimate moment with his girlfriend.

So are we all being paranoid? Well, it’s not science fiction. Researchers in 2013showed how they could activate a Macbook’s camera without triggering the green “this-thing-is-on” light. One couple claimed a hacker posted a video of them having sex after hacking their smart TV. And federal court records shows that the FBI does know how to use laptop cameras to spy on users as well.

So, naturally, where there’s fear, there is money to be made.

The DC-based CamPatch describes itself as “the Mercedes Bens [sic] of putting tape over your webcam”. Its founders started the company in 2013 after hearing a briefing from Pentagon cybersecurity experts on how webcams were a new “attack vector”, said Krystie Caraballo, CamPatch’s general manager.

Caraballo wouldn’t disclose financials other than to say the company has had “six-figure revenues for the last several years” and that it has distributed more than 250,000 patches. The company advertises bulk pricing “as low as $2.79”.

Yet not everyone is on the camera-covering bandwagon. Brian Pascal, a privacy expert who has worked for Stanford and Palantir Technologies says a cost-benefit analysis led him to conclude he’d rather have a usable camera, which he can use to record his son. But he acknowledged such stickers are a way for people signal that they too worry about Big Brother.

“Security actions without threat modelling are just performative,” said Pascal.

Others just haven’t gotten around to it yet.

“Because I’m an idiot,” replied Matthew Green, an encryption expert at Johns Hopkins University when asked why he doesn’t cover his cameras. “I have no excuse for not taking this seriously … but at the end of the day, I figure that seeing me naked would be punishment enough.”

Of course, webcam paranoia is likely to be only the first of many awakenings as consumers bring more devices into their lives that can be turned into unwitting spies. Amazon.com has had enormous success with its Echo smart speaker that, by default, is always listening for its owners’ commands. Google plans to release a similar product this year called Google Home.

In a hearing on Capitol Hill in February, the US director of national intelligence,James Clapper, acknowledged how the so-called “internet of things” could be used “for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials”.

Article Provided By: theguardian

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com