NAC – Network Access Control

What is NAC and is it right for your business?

Network access control (NAC), also called network admission control, is a method of bolstering the security of a proprietary network by restricting the availability of network resources to endpoint devices that comply with a defined security policy.

NAC

A traditional network access server (NAS) is a server that performs authentication and authorization functions for potential users by verifying logon information. In addition to these functions, NAC restricts the data that each particular user can access, as well as implementing anti-threat applications such as firewalls, antivirus software and spyware-detection programs. network access control also regulates and restricts the things individual subscribers can do once they are connected. Several major networking and IT vendors have introduced network access control products.
NAC is ideal for corporations and agencies where the user environment can be rigidly controlled. However, some administrators have expressed doubt about the practicality of NAC deployment in networks with large numbers of diverse users and devices, the nature of which constantly change. An example is a network for a large university with multiple departments, numerous access points and thousands of users with various backgrounds and objectives.

Getting started with NAC

To explore how NAC is used in the enterprise, here are additional resources:
Network access control — More than endpoint security: Learn how to gauge if your enterprise is ready for network access control (NAC).
NAC — Strengthening your SSL VPN: This tip explores why and how network access control functions are used to strengthen SSLVPNs, and their relationship to industry NAC initiatives.
Compliance in a virtualized world: Server virtualization and NAC security: Server virtualization presents challenges for network security, particularly NAC and compliance issues. Learn what these challenges are and how to overcome them.

Article Provided By:TechTarget

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

Failing to Prepare is Preparing to Fail with Network Security

Network Security

Network SecurityNetwork security is now a more pressing concern for businesses than ever before. Indeed, the concern around security/compliance has been found to be business’ #1 barrier to deciding to adopt the cloud, and last year, a report from Cisco estimated that one million cybersecurity jobs would appear in 2016, highlighting a level of investment and dedication not yet witnessed.

What, though, can companies do to help ensure that they are protected against enormously damaging breaches? We take a look at how organizations can help ensure their networks, sensitive data and other critical infrastructure are safeguarded from the huge number of threats now in play.

Be sure to automate

How can IT security departments manually detect threats when users, devices and applications generate such an enormous number of network connections, data transactions and application requests? Indeed, it’s like finding a particular needle in a large stack of needles.

Here’s where security information and event management (SIEM) software comes in, allowing businesses to centralise syslogs and events from network devices, servers, applications, databases and users, while also helping to automate threat detection and offering corrective responses to mitigate risk.

Automation is just one of the vital tools in the fight against security threats, with firewalls, anti-malware, and threat intelligence all having a part to play.

Get your framework in place

A comprehensive security framework is an absolute must for helping to ensure the safety of your organization’s IT. With an audit of the available inventory, from the types of transactions to BYOD policies and account roles, your company can get the framework off on the right foot.

An IT security framework is only achievable with a significant degree of cooperation, with management, IT and many other business departments all playing a part. Indeed, it only ends with the technology used, and is comprised of the organization working together to evolve and help ensure better security standards 

Keep an eye on endpoint devices

A flexible workforce is becoming a more pressing need for the modern enterprise, with employers and employees keen to make use of the freedom this approach can offer. Yet such an approach represents a threat. Say an employee with malicious intent and access to confidential data on their laptop decided to share this, how could you stop it? 

By monitoring all endpoint devices, from laptops, to mobile devices to a USB drive, you can help ensure sensitive data is not leaving your environment. For example, if a USB device is ejected/blocked automatically as soon as any nefarious activities take place, and corrective action, such as account blocking, is implemented then you can minimize the impact of an attack.

Keep insider threats at bay

The example used in the previous entry on this list – of a malicious employee – highlights that the most damaging security compromise can sometimes happen from the inside. By monitoring which users attempt to access sensitive data, as well as network traffic, logs and credentials you can identify and combat any insider threats, with monitoring able to flag any user attempting to access something they shouldn’t. 

Analytics are a must

The importance of gaining insights from your data using analytics cannot be overstated. With access to real-time network data, a business can identify and act upon suspicious network activity, seeing whether there are seemingly threatening connection requests from outside sources, or an increase in web traffic activity on a critical router or firewall.

Data-driven analysis can also help investigate the cause of an attack after the fact. If you’re unlucky enough to have been breached, then analytics are vital in discovering how it happened through root-cause analysis, and will help you figure out how to prevent it in the future. 

Be PCI DSS compliant

By being compliant with regulatory standards, your business not only helps to ensure better data protection, but also helps avoid fines or even criminal charges. This is a particular concern in the payment card industry, for example, where data breaches can mean compromising data from millions of credit cards. 

Complying with standards such as PCI DSS can help ensure all of the above. However, being compliant does not mean you can rest on your laurels, so make sure to leverage this obligation to actually increase security, instead of just trying to tick the box for a regulator. There are many ways you can do this, for example, if you are required to produce a report of all admin activity, have your internal security team review it as well. Make sure you get the most out of being compliant. 

While there are a number of other steps businesses can take to help ensure IT security is in the right place, from enabling threat intelligence to practicing knowledge sharing, the above tips should stand your organization in good stead for the threats that lay ahead. 

With the right preparation, people, strategy and tools, your company can be confident that it is ready to overcome the new challenges it is likely to face.

Article Provided By: Info-Security Magazine

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

How to Quantify the Risk of an Insider Threat

Insider Risk

risk

Never before have there been so many platforms that let a growing number of people touch, manipulate, download, and share sensitive data.

But there’s a dark side to all that access: It exposes a company to malicious intent and theft of information worth thousands, sometimes millions, of dollars. More alarming is the fact that less than half (42 percent) of all organizations have the appropriate controls in place to prevent these attacks, according to the Insider Threat Spotlight Report.

How do you get a handle on this threat? Mitigation begins with assigning risk levels to employee roles. Who has access to sensitive information, intellectual property, trade secrets, customer lists, and any other proprietary data? That’s the foundation of your risk model. Many companies use a simple numerical scale of 1-10, with 10 as the highest risk. Others may prefer simpler categories like Low, Medium, and High or yellow, orange, and red alerts.

It turns out that nearly 80 percent of employee fraud takes place in accounting, operations, sales, senior management, customer service, and purchasing. But it’s critical to establish a risk profile for everyone in the company, no matter which department. Take into account employees’ current roles, levels of privilege, and required access to proprietary information. Senior IT people and C-Suite executives obviously have more privilege and access than mid-level managers and clerical workers. And, of course, the higher the risk in a potential disaster, the greater the need to monitor an employee’s activities.

Prepare to update the risk profile of an individual. Organizations are dynamic, and employees regularly make lateral moves or get promoted. Someone who doesn’t touch sensitive information in one role may very well have access and new privileges in a different assignment.

Employees’ personal lives change constantly, too. A traumatic event, like a death in the family or divorce, psychological problems, or a shift in financial circumstances for the worse—any of these can cause behavioral changes in people. And they all may require re-evaluation of an individual’s level of risk.

Once you’re committed to the process, we recommend taking the following steps:

  1. Create an insider-risk team. While IT and its security team may oversee the monitoring of user activity, the process really requires support from the most senior ranks, as well as other departments. Your legal department help can help decide how to monitor while complying with the law and act as a critical liaison between executives and the security group. Human resources can help support the need and processes for monitoring, as well document employee cases—and put a “human” face on the operation.
  2. Designate risk levels. This, of course, is what I’ve been discussing in this post all along: using job titles to assign a scale of risk, depending on levels of privilege and access.
  3. Pinpoint inappropriate conduct. Just because you’ve assigned someone a high-risk level doesn’t necessarily mean that he’s committing an offense. Conversely, an employee’s inappropriate behavior can sometimes be misread as performance of normal job-related tasks. That’s why it’s critical to develop ways to identify truly improper conduct through changes in an individual’s communication and behavior. You can do that through software that is known as user-behavior analytics and, less technically, by means of procedures your employees can follow to report troublesome behavior.
  4. Set up a system of insider monitoring. When you’re establishing a system to keep an eye on employee activity and behavior, it helps to decide what level of monitoring goes along with the different risks they may pose to your organization. For example, someone in a low-risk category probably can’t interact with sensitive information and therefore needs little more than the less-technical sort of monitoring suggested above. Medium-risk employees do have access to proprietary data and, so, may require monitoring additionally with user-behavior analytics. So, too, with those high-risk individuals who should probably be subject to the most active monitoring and review.

Quantifying risk is just the start of mitigating insider threats. But if you develop the initial baseline—starting with job title and access to privileged information—you can get a better handle on which employees you will have to monitor during such critical periods as hiring, job title and personal changes, and the high-risk exit period.

Article Provided By: Info-Security Magazine

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

4 information security threats that will dominate 2017

Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2017, information security professionals must understand these four global security threats.

Security Threats

As with previous years, 2016 saw no shortage of data breaches. Looking ahead to 2017, the Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management, forecasts businesses will face four key global security threats in 2017.

“2016 certainly lived up to expectations,” says Steve Durbin, managing director of the ISF. “We saw all sorts of breaches that just seemed to get bigger and bigger. We lurched from one to another. We always anticipate some level of it, but we never anticipate the full extent. I don’t think anybody would have anticipated some of the stuff we’ve seen of late in terms of the Russians getting involved in the recent elections.”

The ISF says the top four global security threats businesses will face in 2017 are the following:

  1. Supercharged connectivity and the IoT will bring unmanaged risks.
  2. Crime syndicates will take quantum leap with crime-as-a-service.
  3. New regulations will bring compliance risks.
  4. Brand reputation and trust will be a target.

“The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of trusted organizations,” Durbin says. “In 2017, we will see increased sophistication in the threat landscape with threats being tailored to their target’s weak spots or threats mutating to take account of defenses that have been put in place. Cyberspace is the land of opportunity for hacktivists, terrorists and criminals motivated to wreak havoc, commit fraud, steal information or take down corporations and governments. The solution is to prepare for the unknown with an informed threat outlook. Better preparation will provide organizations of all sizes with the flexibility to withstand unexpected, high-impact security events.”

The top four threats identified by the ISF are not mutually exclusive. They can combine to create even greater threat profiles.

Supercharged connectivity and the IoT bring unmanaged risks

Gigabit connectivity is on the way, and it will enable the internet of things (IoT) and a new class of applications that will exploit the combination of big data, GPS location, weather, personal health monitoring devices, industrial production and much more. Durbin says that because connectivity is now so affordable and prevalent, we are embedding sensors everywhere, creating an ecosystem of embedded devices that are nearly impossible to secure.

Durbin says this will raise issues beyond privacy and data access: It will expand the threat landscape exponentially.

“The thing for me with 2017 is I describe it as an ‘eyes-open stance’ we need to take,” Durbin says. “We’re talking about devices that never ever had security designed into them, devices that are out there gathering information. It’s relatively simple to hack into some of these things. We’ve seen some moves, particularly in the U.S., to encourage IoT manufacturers to engineer some level of security into their devices. But cost is an issue, and they’re designed to link.”

Durbin believes many organizations are unaware of the scale and penetration of internet-enabled devices and are deploying IoT solutions without due regard to risk management and security. That’s not to say organizations should pull away from IoT solutions, but they do need to think about where connected devices are used, what data they have access to and then build security with that understanding in mind.

“Critical infrastructure is one of the key worry areas,” Durbin says. “We look at smart cities, industrial control systems — they’re all using embedded IoT devices. We have to make sure we are aware of the implications of that.”

“You’re never going to protect the whole environment, but we’re not going to get rid of embedded devices,” he adds. “They’re already out there. Let’s put in some security that allows us to respond and contain as much as possible. We need to be eyes open, realistic about the way we can manage the application of IoT devices.”

Crime syndicates take quantum leap with crime-as-a-service

For years now, Durbin says, criminal syndicates have been operating like startups. But like other successful startups, they’ve been maturing and have become increasingly sophisticated. In 2017, criminal syndicates will further develop complex hierarchies, partnerships and collaborations that mimic large private sector organizations. This, he says, will facilitate their diversification into new markets and the commoditization of their activities at the global levels.

“I originally described them as entrepreneurial businesses, startups,” Durbin says. “What we’re seeing is a whole maturing of that space. They’ve moved from the garage to office blocs with corporate infrastructure. They’ve become incredibly good at doing things that we’re bad at: collaborating, sharing, working with partners to plug gaps in their service.”

And for many, it is a service offering. While some organizations have their roots in existing criminal structures, other organizations focus purely on cybercrime, specializing in particular areas ranging from writing malware to hosting services, testing, money mule services and more.

“They’re interested in anything that can be monetized,” Durbin says. “It doesn’t matter whether it’s intellectual property or personal details. If there is a market, they will go out and collect that information.”

He adds that rogue states take advantage of some of these services and notes the ISF expects the resulting cyber incidents in the coming year will be more persistent and damaging than organizations have experienced previously.

New regulations bring compliance risks

The ISF believes the number of data breaches will grow in 2017, and so will the volume of compromised records. The data breaches will become far more expensive for organizations of all sizes, Durbin says. The costs will come from traditional areas such as network clean-up and customer notification, but also from newer areas like litigation involving a growing number of partners.

In addition, public opinion will pressure governments around the world to introduce tighter data protection legislation, which in turn will introduce new and unforeseen costs. Reform is already on the horizon in Europe in the form of the EU General Data Protection Regulation (GDP) and the already-in-effect Network Information Security Directive. Organizations conducting business in Europe will have to get an immediate handle on what data they are collecting on European individuals, where it’s coming from, what it’s being used for, where and how it’s being stored, who is responsible for it and who has access to it. Organizations that fail to do so and are unable to demonstrate security by design will be subject to potentially massive fines.

“The challenge in 2017 for organizations is going to be two-fold,” Durbin says. “First is to keep abreast of the changes in regulations across the many, many jurisdictions you operate in. The second piece is then how do you, if you do have clarity like the GDP, how do you ensure compliance with that?”

“The scope of it is just so vast,” he adds. “You need to completely rethink the way you collect and secure information. If you’re an organization that’s been doing business for quite some time and is holding personally identifiable information, you need to demonstrate you know where it is at every stage in the lifecycle and that you’re protecting it. You need to be taking reasonable steps even with your third party partners. No information commission I’ve spoken to expects that, come May 2018, every organization is going to be compliant. But you need to be able to demonstrate that you’re taking it seriously. That and the nature of the information that goes missing is going to determine the level of fine they levy against you. And these are big, big fines. The scale of fine available is in a completely different realm than anyone is used to.”

Brand reputation and trust are a target

In 2017, criminals won’t just be targeting personal information and identity theft. Sensitive corporate information and critical infrastructure has a bull’s eye painted on it. Your employees, and their ability to recognize security threats and react properly, will determine how this trend affects your organization.

“With attackers more organized, attacks more sophisticated and threats more dangerous, there are greater risks to an organization’s reputation than ever before,” Durbin says. “In addition, brand reputation and the trust dynamic that exists amongst customers, partners and suppliers have become targets for cybercriminals and hacktivists. The stakes are higher than ever, and we’re no longer talking about merely personal information and identity theft. High-level corporate secrets and critical infrastructure are regularly under attack, and businesses need to be aware of the more important trends that have emerged in the past year, as well as those we forecast in the year to come.”

While most information security professionals will point to people as the weakest link in an organization’s security, that doesn’t have to be the case. People can be an organization’s strongest security control, Durbin says, but that requires altering how you think about security awareness and training.

Rather than just making people aware of their information security responsibilities and how they should respond, Durbin says the answer is to embed positive information security behaviors that will cause employees to develop “stop and think” behavior and habits.

“2017 is really about organizations having to wake up to the fact that people do not have to be the weakest link in the security chain,” Durbin says. “They can be the strongest link if we do better about understanding how people use technology, the psychology of human behavior.”

Successfully doing so requires understanding the various risks faced by employees in different roles and tailoring their work processes to embed security processes appropriate to their roles.

Article Provided By: CIO

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

Canary Flex is a small, weatherproof security camera

Canary Flex

Canary Flex

Security cameras are slowly making their way out of your house and onto your porches and yards. Canary Flex is following the footsteps of rival Nest by launching a new, smaller weatherproof camera called the Flex that can be plugged into an outlet or powered by batteries. It’s available for pre-order today for $199 and will be in stores by the holidays. Canary is also introducing a new pricing model that is pretty different from what’s on the market, but we’ll get to that in a bit.

Rated IP65, the Canary Flex can withstand splashes of water, and thanks to the included weatherproof cord, it can remain plugged in even when it’s wet. If you’d like to go wireless, you can use the bundled rechargeable battery, which should last two to three months of average use, the company said. When it’s running on batteries, the Flex runs on a low power WiFi state to stay connected to the servers without sucking up juice, and also uses a passive infrared (PIR) sensor to detect incidents before triggering the rest of the system. Otherwise, the Flex uses the camera (or “computer vision,” as Canary called it) to monitor activity when plugged in. When triggered, the Canary Flex will record HD video to the cloud.

Unlike its predecessor, the Canary Flex is compact, and fits comfortably in your hand so you can easily move it around should you need to. It also has a magnetic base that lets it swivel 360 degrees in its companion mount. However, you’ll lack the siren that the original camera had, as well as what Canary called the home health sensors. The latter relay feedback on your house’s temperature, humidity and air quality. Those who already own the older Canary camera can use the same app with the new device, and no hub is required.

To make it easier to place the Flex around your house, Canary is also launching a series of accessories, such as a secure mount, a stake mount to stick your camera in your flower pot, and a fun twist mount to wrap your Flex around almost anything.

For those who want complete peace of mind, Canary  is also launching a 4G LTE mount with Verizon that will let your Flex switch to cellular data in the event that your WiFi network drops out. The 4G mount can be plugged in, but also has enough onboard battery to last as long as the Flex’s power pack will. This would be great for those who want to prepare for power outages. It’ll be available shortly after the Flex hits store shelves.

One of the coolest things about this launch is Canary Flex ‘s new pricing model that does away with the industry’s conventional tiers system altogether. Instead of making you pay more to store more of your footage like competitors do, Canary is letting you access the last 24 hours of your timeline for free. That’s twice the 12 hours it previously let nonpaying customers have.

The company is also removing its previous limits on features such as saving and downloading clips, as well as sending them to other contacts. Those who want more support can pay $9.99 a month for one device ($15 for two to three cameras), and that membership will come with up to $1,000 in homeowners deductible reimbursement (for qualifying incidents), as well as dedicated agents who will follow you through your your incident report process. Members also get extended warranties and access to footage from the prior 30 days.

That’s quite a big bump from the free version, and could give Canary Flex a serious edge over its competitors. Both Nest and Canary’s devices cost $199, but the latter says it is working on a more personable approach to security that could make its outgoing alerts more meaningful. Some of these upcoming improvements include refined object, people and animal recognition, as well as better understanding of new versus repetitive motions. These changes will soon roll out to the Canary app as well. In the meantime, you may want to finetune your security camera settings so you’re not getting buzzed for every time your neighbor’s dog jumps, or for random tree branches smacking against your window.

Article Provided By: engadget

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

Cost of data breaches increasing to average of $3.8 million

data breaches

Data Breaches

The cost of data breaches is rising for companies around the world as sophisticated thieves target valuable financial and medical records, according to a study released on Wednesday.

The total average cost of a data breach is now $3.8 million, up from $3.5 million a year ago, according to a study by data security research organization Ponemon Institute, paid for by International Business Machines Corp.

The direct costs include hiring experts to fix the breach, investigating the cause, setting up hotlines for customers and offering credit monitoring for victims. Business lost because customers are wary after a breach can be even greater, the study said.

Data breaches are becoming more common and significant, with high-profile attacks on Sony Corp, JPMorgan Chase and retailers Target Corp and Home Depot Inc in the past year and a half.

“Most of what’s occurring is through organized crime,” said Caleb Barlow, vice president of IBM Security. “These are well-funded groups. They work Monday to Friday. They are probably better funded and better staffed than a lot people who are trying to defend against them.”

IBM, which sells cyber-security services to companies, has a vested interest in highlighting the costs of data breaches.

The cost of a data breach is now $154 per record lost or stolen, up from $145 last year, according to the study, based on interviews with 350 companies from 11 major countries that had suffered a data breach.

The study’s authors said average costs did not apply to mega-breaches affecting millions of customers, such as those suffered by JPMorgan Chase, Target and Home Depot, which cost the companies far greater sums. Target alone said last year its breach cost $148 million.

The study found that the healthcare was most at risk for costly breaches, with an average cost per record lost or stolen as high as $363, more than twice the average for all sectors of $154.

That reflects the relatively high value of a person’s medical records on the underground market, said IBM, as Social Security information is much more useful for identity theft than simple names, addresses or credit card numbers.

Article Provided By: Reuters

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

How to prevent potential HTTPS URL hijacking

It’s an easy fix for the consumer, but enterprise customers may need IT’s help to mitigate the risk of issues like URL hijacking

url hijacking

When a computer connects to a public Wi-Fi network or an untrusted LAN, a malicious actor could potentially compromise a browser’s HTTPS connection and eavesdrop on URLs such as Dropbox, Google Drive URLs or Password reset URLs.

The fix is easy for a consumer: un-checking the automatic detect setting. But an enterprise user might need to ask the IT department to eliminate this risk. Windows, Mac and Linux computers are all at risk.

Windows: How to reduce the risk of URL hijacking

To prevent this HTTPS URL hijacking on a Windows computer, open the Control Panel and select Internet Properties. Then select the Connections Tab, and in it the LAN settings button. Un-check Automatically detect settings.

 

URL HijackingSteven Max Patterson 

Mac: How to reduce the risk of URL hijacking 

On a Mac select the Apple menu then System Preferences, then Network. Select the network service from the list, for example, Ethernet or Wi-Fi. The select Advanced, then finally deselect Proxies.

How the URL hijacking works

Itzik Kotler and Amit Klein of SafeBreach presented a proof of concept at the Black Hat conference yesterday that demonstrated how a web browser can be exploited to exfiltrate (extract) URLs from HTTP, HTTPS and FTP traffic. Users are reassured seeing https:// preceding the URL in their browser bars after the internet industry campaign two years ago to force websites to move from the clear text HTTP protocol to bidirectional SSL/TLS encrypted HTTPS. According to Kotler and Klein, this may not always be true, especially on public Wi-Fi and untrusted LANs

The LAN settings explained above turn on Web Proxy Auto-Discovery (WPAD) that automatically looks for a proxy auto-config (PAC) file that chooses the proxy server that is the intermediary through which the browser traffic flows. Many enterprises use this method to point web browsers and other user agents to the proxy server designated for a group of users. Alternatively, malware could insert a PAC file (proxy.pac) onto a computer with WPAD disabled to accomplish the same hijack. The researchers said it would be difficult for antivirus software to detect this type of attack.

When the infected computer connects to a malicious proxy server, the URLs can be exfiltrated. The collection of URLs extends beyond a violation personal privacy. The researchers said password reset URLs could also be intercepted, which could be initiated by a malicious actor who has some information about a user found on the internet, such as an email address or account information acquired through social engineering.

Although the HTTPS traffic between the user’s browser and the website can’t be read, the exploit could open up a two-way channel between the malicious proxy server, placing the computer at risk of further harm if the malicious actors were able to drop additional malware on the infected computer. This malware could be used in a denial of service attack or to steal data.

Avoiding untrusted networks is the best protection. Connecting to a MiFi or smartphone hotspot or using a VPN to connect through an untrusted network will protect from this threat.

Article Provided By: NetworkWorld

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

Home Automation: A Beginner’s Guide

What if all the devices in your life could connect to the Internet? Not just computers and smartphones, but everything: clocks, garage doors, speakers, lights, doors, windows, window blinds, door bells, hot water heaters, appliances, you name it. And what if those devices could all communicate, send you information, and take your commands? It’s not science fiction; it’s the Internet of Things (IoT), and it’s a key component of home automation.

Home automation is what it sounds like: automating the ability to control items around the house—from window shades to pet feeders—with a simple push of a button (or a voice command). Some activities, like setting up a lamp to turn on and off at your whim, are simple and relatively inexpensive. Others, like advanced surveillance cameras, may require a more serious investment of time and money.

Still, imagine monitoring your home using an interface on your computer, tablet, or smartphone, or even panels mounted around the house. It’s like going from using the Clapper to beaming up to the U.S.S. Enterprise.

Home automation is going mainstream. Your house is going to get smart, no matter what. Get in on the ground floor and become the family home automation expert. Here’s how to get started.

Home-Automation Technologies

Before you buy a bunch of home-automation products, it helps to understand the technologies involved in setting up and using them. These products use many different communication protocols. Some are wired, some wireless, and some are a combination. Try to stick with one protocol when buying products, or get a hub/gateway that supports multiple protocols.

X10
x10This granddaddy of home automation protocols dates back to the 1970s and has gone from power line-based to wireless. X10 is not known for robust speed or great communication between units on the home automation network. It is, however, typically inexpensive.


ZigBee
ZigBee is a wireless 802 standard from the IEEE, which is to say, a bunch of gearheads came up with it before an outside group (the ZigBee Alliance) made up of vendors created products that use it. One of the key elements in IEEE 802.15.4 (its real name) is that it makes a mesh network so that most of the devices communicate equally. It’s also very low power. (You may also hear about Thread, a new wireless protocol that uses the same radio chips and frequency at ZigBee, and connects up to 250 devices in a home to the cloud.)


Z-Wave
Another wireless home automation protocol, Z-Wave is owned by one company, Sigma Designs, which makes all the chips for other vendors to make Z-Wave-capable products, known as the Z-Wave Alliance.


Insteon
This may be the best of all protocols because it combines a wired power line-based protocol with wireless. Both work as a mesh; all nodes on an Insteon home automation network are peers that can communicate when in proximity. If one fails, the other mesh can take over. You can buy Insteon devices at Smarthome.com, which is run by SmartLabs, the developers of Insteon. It’s compatible with X10.


Wi-Fi
This is the networking protocol we’re all used to for sharing an Internet connection among laptops, game consoles, and so much more. It’s super-fast and ubiquitous. So, of course, it’s inevitable that some vendors would make home automation products to take advantage of it. The other protocols use less power and bandwidth but Wi-Fi’s reach can’t be understated, even if it is overkill to use it to turn a lamp on and off.


Bluetooth
A staple of every PC, smartphone, and tablet, Bluetooth is better known for connecting items at a short range like keyboards, mice, headphones, and earbuds. But a lot of new products use the Bluetooth 4.0, aka Bluetooth Low Energy, aka Bluetooth Smart. It doesn’t require purposeful re-connection all the time, making it a good solution for select IoT items.


Top-Rated Home Automation Products

Just as there are many home automation protocols, there are many product categories, so you can control everything from lights and temperature to locks and security in your home. Here’s a quick rundown of our favorites.

 

Hubs

Samsung SmartThings Hub

Samsung SmartThings Hub / Home Automation


Our current Editors’ Choice for home automation hubs, the Samsung SmartThings Hub$99.00 at Amazon box works with devices that use Z-Wave, Zigbee, Bluetooth, and Wi-Fi. It got major improvements after Samsung bought SmartThings, including support for video surveillance cameras. Get it as a standalone box or as a $249 starter kit with monitors for temperature and vibration. There are 200 products that work with SmartThings.

 


 

Surveillance Cameras

Icontrol Networks Piper nv

Icontrol Networks Piper nv Security Camera

Piper nv$272.98 at Amazon is surveillance camera you can watch remotely from an iOS or Android device, perfect for keeping an eye on the house, the pets, even as a baby monitor. But it’s a lot more than that. It’s also a Z-Wave controller, monitoring all sorts of sensors to give you household control no matter where you are. The camera is excellent, with pan, tilt, and zoom functions plus sharp night vision and two-way audio.

 


 

Controllers

Amazon Echo

Amazon Echo

Is this Bluetooth speaker really all that when it comes to home automation or controls? It can be, and will only get better. Echo$179.99 at Amazon, Amazon’s voice-controlled audio concierge, pair with Web automation service IFTTT to control home devices like a thermostat or lights, via recipes you can create yourself. It might take a little work, but soon your house could be entirely controlled by the sound of your voice.

 

Logitech Harmony Ultimate Home

Harmony Ultimate Home

Don’t like talking and prefer to push buttons? Our review calls the Logitech Harmony Ultimate Home$215.99 at Amazon the “ultimate universal remote” for a reason. It controls a lot more than just TV and stereo. The pricey unit connects with the included Harmony Home Hub that talks via Bluetooth, Wi-Fi, or infrared (you pay a little more to add ZigBee and Z-Wave connectivity).

 


 

Heating and Cooling

Nest Learning Thermostat

Nest Thermostat

The Nest Learning Thermostat $195.99 at Amazon is like a piece of digital art that controls your temperature. It was, after all, designed by the guys who created the iPod. It has built-in Wi-Fi so you can remotely control the temperature from phone, tablet, or PC. It’s not cheap, but Nest will look right at home in any smart house. Plus, Nest Labs (owned by Alphabet, parent company of Google), also makes networkable smoke and carbon monoxide (CO) detectors$99.99 at Best Buy that talk to you rather than blare alarms.

 

Ecobee3 Smart WiFi Thermostat

Nice as the Nest is, it’s not our top pick. The Editors’ Choice goes to theEcobee3$249.00 at Amazon. It’s a stylish device you can control remotely. Best of all, it’s not dependent on just monitoring home temperature from one spot—it checks multiple sensors in multiple rooms.

 


 

Lighting

Philips Hue Connected Bulb

Philips Hue Lux

Want complete wireless supremacy over the lights in your home? Philips Hue $154.99 at Amazon delivers with bulbs that you control not only the intensity of the light, but also the color. It’s expensive to be sure, but the Hue ecosystem has been around long enough that it works with just about every other system out there, from Amazon Echo to IFTTT (If This Then That) to Siri (using the Philips Hue Bridge 2.0). If you want a cheaper price of entry, try the off-white-light only Philips Hue Lux Starter Kit $79.99 at Dell for half the price. The Hue apps can even control third-party smart bulbs. Philips sells a number of other Hue products, including table lamps, a suspension lamp, and the interest Philips Hue Go portable smart light.

 


Locks and Home Security Systems

Schlage Sense

Schlage Sense

There are a lot of smart locks/deadbolts on the market now, but our favorite is the newSense$209.99 at Amazon from longtime lock maker Schlage. It’s pricey, but easy to install, works with iPhones (via Siri voice control), and will let in only who you specify. You can also just use the touchpad on the front to unlock the door.

 

Vivint

Vivint Line Up 2016

Vivint used to be APX Alarm Security Solutions, but now has a cool name to go along with expanding beyond security into home automation. We gave four stars to its Vivint Sky$49.99 at Vivint, which includes subscription-based remote monitoring by pros that costs from $50 to $70 per month and a panel in your home for controlling it yourself. It doesn’t beat our favorite self-installed home security system (the iSmartAlarm Premium $299.00 at Amazon), but if you want pro-installation and an extra set of eyes, Vivint is an excellent choice. It can even be controlled with the Amazon Echo.

 

SimpliSafe Home Security System

SimpliSafe Home Security System Keypad

If you prefer to stick to a DIY approach to smartening up the home, check out the SimpliSafe system $259.95 at Amazon. While it lacks a camera, it makes up for that with reasonable prices with monthly monitoring of a wide range of sensors. It comes in five different packages, so you can get exactly what’s right for your home.

 


Outdoors

Rachio Iro Smart Sprinkler Controller

Rachio Monitor

It’s not much to look at, but the Rachio Iro Smart Sprinkler Controller $249.00 at Home Depot can make sure you water your lawn only when needed—even if you’re not home. It works with IFTTT to make sure the droplets only come out when the weather calls for it.

Article Provided By: PC

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

So you’re caught in a data breach. Now what?

data breach

Reacting to a data breach can feel like you’re shuffling deck chairs on the Titanic or slamming the barn door after the horses have bolted. But there are some concrete steps you can take to minimize the harm from breaches and make yourself safer in case it happens again.

Last week, we found out when a hacker started selling a massive database of LinkedIn customer information that a 2012 data breach affected 167 million accounts, 161 million more accounts than originally reported. Other major breaches include those of Target in 2013JPMorgan Chase in 2014, and the U.S. government’sOffice of Personnel Management in 2015.

Many of the steps you can take after learning that your data has been involved in a breach might feel ineffective, says Paul Stephens of the Privacy Rights Clearinghouse, a consumer advocacy organization. But consumers are not as powerless as they might feel, he adds.

“Consumers need to get in the mindset that you assume that you’ve been breached and [are] proactive to begin with,” he says. “If you go with that premise, then I think a lot of the breach fatigue will be eliminated.”

Think of having your personal information stolen in a data breach like getting sick. You don’t (or at least shouldn’t) just roll over and moan until it goes away: To prevent it from getting worse as your body recovers, you take some medication or homeopathic remedies. If you find that your data is part of a breach, you can do certain things to recover faster and make it harder for hackers to harm you after future breaches.

A Data Breach, also known as security breaches, take on various forms. Someone could have stolen your credit card information from a point-of-sale terminal through a scheme known as skimming. Someone could have stolen information about you from a computer, phone, or hard drive. Or, more commonly, someone could have hacked into a massive customer database containing information about you.

Responding to  a data breach is complicated, in no small part because of the patchwork of state and federal laws governing how companies that have been breached are required to notify you. In the United States, 47 states require varying degrees of notification. You may not immediately or even directly learn that your data has been involved in a breach. You might receive a notification via email or a physical letter, or read or listen to a news report about it.

“Often, consumers aren’t given accurate information by the entity that was breached,” Stephens says. “Checking your credit report is not going to do a thing if the only thing that was in the breach was your credit card number.”

Taking the correct action for the kind of breach you’re involved in, and making sure that your accounts are as secure as possible before another breach occurs, can go a long way. Here are five things to do, if you hear that your information has been involved in a data breach.

DETERMINE WHETHER IT’S LEGIT

Make sure that the breach actually happened, and that you’re not falling prey to a phishing attack or other scam to get you to hand over your vital data. Contact the organization, which can include looking for a message about the breach on its website, looking up its phone number (not the one in the email sent to you) and calling it directly, or keeping an eye out for media reports of the breach.

Do not respond to the email, call the phone number included in the email, or click any links in the email, as the email could be an attempt to steal your personal information known as phishing. If you’re concerned about the veracity of the breach notification, we’ve compiled some tips to avoid phishing scams and phone call scams.

FIGURE OUT WHAT WAS STOLEN

The actions you take depend on the information stolen. Was it a credit or debit card number? A username or password? Or was it something more closely related to your identity, such as your date of birth, Social Security number, driver’s license number, or passport number? Your next actions depend on what’s been pilfered.

UPDATE YOUR AUTHENTICATION METHOD

Don’t let accounts with potentially compromised passwords linger. Compromised accounts can lead to more fraudulent activity in your name, and they can be used to send even more phishing spam. Wherever possible, choose new passwords at least 16 characters in length that include uppercase and lowercase letters, as well as numbers, symbols, and spaces. Do not reuse passwords.

Also, wherever possible, take advantage of two-factor authentication, which provides an extra layer of security to your accounts. So even if someone steals your password, he or she can’t access your account. Here’s our regularly updated guide to two-factor authentication.

And when answering identity verification questions such as, “What is your mother’s maiden name?” or “What was your first car?” you should lie. Make the lie easy for you to remember and hard for others to guess—the answer to the question about your mother’s maiden name could be something like, “Donald Trump is scary.”

REPLACE YOUR CARD(S), AND MONITOR YOUR CREDIT

If the breach involves your bank or credit card information, contact the financial institution immediately. It will guide you through fraud protection, a process that most likely will place a hold on your account until it can issue you a new card or account number.

Ask the institution to watch for fraudulent activity on your account, and ask a major credit-reporting agency (Equifax, Experian, or Trans Union) to monitor your account for fraud. If you’ve been offered free credit monitoring as part of a breach notification, take advantage of it.

CONTACT THE GOVERNMENT

If the stolen data includes government-issued identification, such as your Social Security number, or identity numbers that can’t be changed, such as your birth date, get in touch with the authorities. The U.S. government has a site dedicated to helping people who need to change their government-issued identification numbers at IdentityTheft.gov.

There are pre-emptive steps you can take too. For example, the IRS offers residents of some states a unique identification number to cut down on tax return fraud.

REGISTER FOR FUTURE DATA BREACH NOTIFICATION

Security expert Troy Hunt runs a free subscription site called Have I Been Pwned, which will notify you by email if your information has been stolen as part of a data breach.

If your email has been part of a breach, and you’re using the same password as before the breach, it’s likely been compromised and you need to change it immediately.

Although it can be easy to slip into “breach fatigue,” it’s not enough for consumers to presume they’ve been breached. “Why wait for the breach to happen?” asks Stephens, who encourages consumers to take action “before it occurs.”

Article Provided By: The Paralla

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com

 

Hackers Are Tapping Into Mobile Networks’ Backbone, New Research Shows

Hackers

Hackers

Hackers have been known to use all manner of remote access tools to break into mobile phones, often by finding vulnerabilities in an operating system like Android or even in SIM cards. It’s more rare to try and tap into the network infrastructure that routes these calls for mobile operators themselves. Yet new research shows that one nefarious kind of network surveillance is happening too, across the world.

A survey of a handful of large mobile operators on each continent showed that hackers have been exploiting a key signalling protocol for routing cellular calls known as SS7, to track the location of certain mobile users and in some cases, listen in on calls.

Across a range of operators, 0.08% of SS7 packets being sent across a network in Africa were deemed suspicious. In Asia the rate was 0.04% and in the Americas it was 0.025%, according to research by Dublin based research firm Adaptive Mobile.

While these are low percentages they relate to the millions of SS7 packets being sent every day.

“That can add up to tens of thousands a day which can mean someone being tracked or some fraud transactions,” says Cathal Mc Daid, head of Adaptive Mobile’s cyber security unit. “These are low-volume, high-impact events.”

Location tracking is the most popular reason for exploiting the SS7 protocol, says Mc Daid. His team recorded 1,140 separate SS7 requests to track 23 unique subscribers over a two-day period, with some subscribers tracked many hundreds of times.

There are a handful of known players in the market for selling SS7 vulnerabilities.

One three-person startup called CleverSig was recently selling access to their “remote SS7 control system” for $14,000 to $16,000 a month. Their price was divulged when emails from the Italian information surveillance company Hacking Team were posted on the web.

Other network surveillance companies with names Circles (based in Bulgaria, according to Adaptive Mobile) and the Rayzone group, also operate within the grey area of selling access to their SS7 exploitation platforms to governments and other surveillance companies like Hacking Team.

The going rate for looking up someone’s physical location through the SS7 network, as advertised on the dark web, was about $150 about two years ago, according to Mc Daid. He expects that price hasn’t changed much since. “A lot of those offers have gone underground.” That is partly due to relatively recent press on SS7.

In late 2014 security researchers were reported by the Washington Post to have initially discovered the security flaws that could let hackers, governments and criminals intercept calls through the global SS7 network. Adaptive Mobile conducted its research through 2015 to show that the exploit wasn’t just theoretical but actually being carried out by hackers.

“The news is yes, we are seeing exploits in every operator in every part of the world,” says Mc Daid – though it should be stressed that his team partnered with just one operator per continent to get a representative sample.

Africa and the Middle East seemed to have to highest rates of exploitation, Mc Daid says, adding that he couldn’t name the operators who took part in the research due to agreements with the carriers. Mobile operators have been “surprised this is actually occurring within their networks,” he adds.

“It’s very serious,” says Mc Daid. “The SS7 networks is the cornerstone of how carrier operators work and tens of billions of dollars have been invested in network architecture around the world. It’s not going to be replaced overnight.”

Article Provided By: Forbes

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access Control, Fire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com