Forum Discussion

Fabiano_Pessoa's avatar
13 years ago

I was invaded, who's to blame?

This paper presents the thoughtful side of some teams after serious mistakes made by those who, after hiring some solutions in order to relax a little more concerned for their jobs, in order to relax so much that tend to change as the only solution claiming guilty unauthorized entry and successful attacks carried out by cybercriminals. After all, who's to blame?

This case deals with the oversight of IT staff in relation to his duties that, when checking the cause of a failure, always tend to blame the security solution. We will treat the most common mistakes with the question that never shuts up, who's to blame?
The greatest demand of a team is to leave everything running smoothly, as the saying goes: Who would not want to see the perfect operation? The problem is that the vast majority proposes to his department managers and the quality of services based on security policies of their solutions, but do not relax to the extreme by creating their own security policies so that together make an effective security for the company.
I often see here that many people asking and / or questioning the use or perfect detection power of Symantec's products, now sometimes wonder if our products have detection for "X" virus, since the solution of the competitor "X" has . But has not the courage to perform the test.
This situation this is a great uncertainty quality technique itself and not of our solution used. We have many doubters who actually have no idea how a computer virus spreads or how it would affect you so much, because we have many doubters who are overwhelmed with advertising competitor.
The most dangerous attackers are those who follow a tutorial, they just want to destroy and quantities, many quantities. They are those who prefer to say that invaded 10 sites spend a week there trying to break into one that has a good security configuration. In fact, these attackers are that most here have questioned whether our award-winning solution for a long time, safe or not an infection that the questioners already have the name of the malicious code. This is easy, detection in this way is too easy.

Now let's see how this solution could behave competition against those of thorough knowledge programmers who create their own exploits and are not disclosed? Does this solution is safe from competition? But, our solution is also safe? We need not push too hard to learn that yes, ours is safe because they are conducted in-depth testing on it and so is winning.
The big reason this article is actually a relief, more than a demonstration, but why not show? Yes, of course, that will be demonstrated and may be able to take many questions before this publication.
The form of demonstration to be held aimed at putting some thoughts for creating a good security policy, so that together we make a 100% protection, but if there is no 100% solution at least 99.9% will be effective.
Many companies promise you competitors worry more about their work than their safety, but political will and your good? Who are the people you trust to open certain links, "jab" pen drive, put media on your machine? How soon do you trust someone and really take this attitude? Did a few years of friendship, could you trust me?

If advertising competition draws attention detection, the title of an e-mail with the intent to install malicious code on your machine, also call your attention to open such a file, right? Of course.
How about opening a PDF file with the description: Please make the price of advice on IT for our company in order to look for possible hiring. What services company, would not open this email?
You respond to this "possible" client to rephrase your quote in email body? Would this "possible" customer waste your time again just because of a possible attack and political vision? What level of detection real competitors to offer new malware? The truth is that all these competitors are strengthened by attacks that only do lammers put more power detection code already "manjados" but do not have a good structure for the detection of new codes.
Let us return to the team "failed" to demonstrate the most common mistakes that are made ​​by the weakest link in security, and in order to blame someone, it has to be someone. And why not blame the solution since it is easier to blame than to take the same error and lose your job?
Data are stored in many parts, flash drives, CDs, external hard drives for enhanced that they will not be lost easily after a disaster, that's a weak point for the team, they should be in a center with a powerful markup where each of them must have a specific job, but build a team, with good protection as our (Symantec) it is possible.

The staffs of this type are more concerned with marketing and false promises, than spend time evaluating a security solution, but lost time to come to the forum and ask about the detection of "X" virus. Impressive? It would be yes, but it would be more impressive if he come here and agree that Symantec is not the best solution by chance.
Does anyone here would be able to ask the director of the company where you work (your boss) that it is with your iPhone using protection for network access? And if they answer no, you would be able to tell him to turn off the device?
The problem is the growing demand for unmanaged devices, in order that some come here to say;
SEP did not protect against "x" plague!

Another serious problem is the concern about costs, costs more to pay the cheapest. The proof is the support of competition that is not offered in real format, leaving the team panicked when it is needed some help when experiencing an attack.
In fact it should be placed a strong security policy for both the enterprise network and for use of devices, the courage to get to your head and say: You are with our trusted security application? If the answer is no, then tell him: Turn it off immediately, because it is based on our standard. Who would have that courage? But it is easier to let the head and then use the solution to blame? Of course!
USB devices must be inspected immediately outside the context of security, or USB device plugs into one machine in the network, there is a desktop just for this, but finding a USB thrown to the ground by "social engineer" did not think anyone in espetaria your computer? Of course you do, and say more, espetaria in business and at home too, because thinking is this: We have a good solution, nothing passes through it, but when it passes, it is the fault of their own solution, even though this employee aware that nobody is 100%.
News, news and more news, see the outside of the building or in front where you have lunch, look how beautiful ad: Your phone used more than one (1) dollar and replace the new Smartphone. For those who like it comes to advertising and the Symantec forums questioning this or that, because the competitor announces that it has against "X" new virus, would be perfect in this advertisement that asks you to visit the site "X" to find the nearest point and carry out its exchange your used cell phone that with only 1 (one) dollar, you would go with the new Smartphone. Certainly at lunchtime, in fact, after he'd at least 100 hits and more than this depending on the size of the company.

Social networks are here to stay, and with them, all are on or want to stay connected to people they know or would like to know, is also a very strong point for an attack, because there, any attacker would have some of the necessary information you need to make their invasion. Simply register on this network is done with the corporate e-mail, I doubt that many people say no, and soon after, said and done, this e-mail on the Internet is the victim of spam and social engineering attacks. Each of these networks have become business tools and actually a lot of staff and is not prepared for it, but leaves, because the solution will solve, and if we are attacked by a new exploit? Oh is simple, we switch solution because it was not good enough. This is absurd.
Many people do not stop saying social networking company that works, do not make a profile for yourself but for your life, endangering the security of your company. I have watched corporate executives even put photos of the place where he works, and sometimes a picture on the back of the photo would have a necessary information for an attack, and have seen it happen.
The total number of incidents malware and infections continues to grow, more effectively be given a detection and response active against such that not all solution has as locking and identification.
In the same article, I have attached a video testing the protective capability of the bidder that it is not difficult to imagine who's reading here knows very well that I'm talking about McAfee. I think I got tired of seeing here some citing their protection and questioning our great Symantec.
Lack of promoting a culture of awareness, ie, the end user awareness is key to a good level of security. In fact, this team should train their employees so that everyone knows to act before an incident, as if panic across the enterprise, is that this same team will know how to be on the desktop or laptop computer for each employee? Ih Fabiano, but robust and our security from Symantec? Goes very well thank you and defending, but like the others, it is not scheduled to defend himself does not know you actually have a policy of good manners and safety awareness for your company, for there is life and what we call "breadwinners."

The reality is that the Web usage policies should be clearly communicated, monitored and
applied. Awareness of threats, their impact and methods of proliferation vigilant and help keep users
prevents them from making poor decisions that can infect the business.
Safety awareness campaigns on a recurring basis is vital to keep employees informed and protected. But they must be well trained to take right decisions at certain applications.
In the attached video, we will test only one thing to steal information such as, username and passwords used in a way that could be a social engineering. Willing to see how competition behaves in front of it? Ok then!

The test was performed based on a fictional story that says the following;
A disgruntled employee sees a team setting up the wireless router company, he knows the external IP and has the same steps and vague inspection, but it is only necessary because he just wants to go.
Based on actual fact, I've seen many large companies configure routers for client companies in order to leave their port 23 (telnet) open and do not change their logins and passwords default. Result? Easy access to the same router, and you can see the wireless password. Then this same employee gets the password and the next day go with your laptop to the company where he works. Even though this staff has a policy not to allow their employees access to social networks, and that if it is done only in a controlled way to get in touch with customers, this same employee could use a social engineering technique warning his co-worker that if he enter a specific IP he can get into this social network. The former co-worker and ready access, were copied your logins and passwords, as this practice can watch the video, can be made on any site that has the login page and password, and can easily be captured in any browser, whether IE9 , Chrome, Firefox. The show is based on providing security service in browsers and even then it is possible to capture data, note that no application has not been installed, and no malicious software has been installed, a simple cloning. But Fabiano, you are testing the solution of the competition and still managed the data in this test? Yes, as you can see, easily!
Manjados attacks are easy to spot, and it is also easy to say that the competitive solution takes "X" virus, but in practice and it ensures you?
Do not just be good. But understand that Symantec is the best.

I hope you enjoyed.

Big hug to everyone.

 

 

Fabiano Pessoa – Partner Symantec

Analista de Sistemas

E-mail: Fabiano.pessoa@peritocriminal.org

  • Ah no problem, until then I think I've finished the other (laughs)
    I am preparing a staff that will catch the competition that comes here talking nonsense, by surprise.

    hugs

  • Hi CraigV,

    Thanks again for the comment, glad that's actually a good thing to post.
    I put as article and blog, but not yet approved. But since that time, I followed your advice lol
    I hope it's ok!
    big hug