Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
'Backoff' Malware: Time To Step Up Remote Access Security
Newest First  |  Oldest First  |  Threaded View
JulietB730
50%
50%
JulietB730,
User Rank: Apprentice
10/20/2016 | 2:45:24 AM
Remote access
Security breach during remote access occurs because of easily hackable remote support tools. However, there are tools like on premise R-HUB remote support servers who provide better security as compared to hosted services and cannot be hacked easily as they work from behind the firewall.
Bprince
50%
50%
Bprince,
User Rank: Ninja
8/10/2014 | 10:35:13 AM
Re: Posture assessment is a must
I agree. Hackers are going to find ways to circumvent security, so it would be foolish for someone to contractual agree that if there is a breach they will be fired. But if you look at Target, this is kind of what happens anyway. If the higher ups feel you didn't do enough, or there is a need for the company to publicly save face, that executive is going to get the ax most likely.

BP
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/10/2014 | 9:01:54 AM
Re: Posture assessment is a must
I couldn't agree more!  Executives need to feel the heat and until then nothing will change.

The Target breach got some attention since it was the first time an executive felt the heat but, once is not enough.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/4/2014 | 2:42:02 PM
Re: Posture assessment is a must
That is a smart idea but no Executive tie his/her own salary to the breaches that their company faces. They know they do not have control over security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/4/2014 | 2:40:15 PM
Re: Way past time, actually
 

I basically agree with bot points, I would think we should not assume any OS is secure. We have been experiencing breaches in all OS available today, some more secure than others but no one is exceptional. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/4/2014 | 2:37:18 PM
Guidelines
Thanks for sharing this article. Quite informative. I was thinking, Department of Homeland Security guideline is something we should be folllowing by default, however, black hats still find a way to compromise remote desktop functionalities. Better approach is always limit the number of remote administrative connections and constantly changing authentication method and monitoring authorization.
macker490
50%
50%
macker490,
User Rank: Ninja
8/3/2014 | 9:13:39 AM
Way past time, actually
1. use a secure o/s,-- one which does not allow itself or its apps to be modified without authentication.

2. insist on authentication for all software installs and updates as well as for transactions and e/mail

the internet evolved from a small, close knit family of technicians into a world-wide phenomenon.   during the evolution we havn't given security the attention we need in order to use this huge network for business purposes.

the tools exist.   all applications don't need to migrate onto more secure platforms. weaker platforms can be isolated behind firewalls and intranets.  
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/1/2014 | 6:29:00 PM
Re: Posture assessment is a must
> IT JUST NEED MORE FUNDING!

How about tying executive pay to lack of security problems? Then you'd get your funding.
theb0x
50%
50%
theb0x,
User Rank: Ninja
8/1/2014 | 4:01:52 PM
Account Lockout fail
The Department of Homeland Security fails to mention that creating an Acount Lockout GPO in Windows does affect the Administrator account.
anon5710889055
50%
50%
anon5710889055,
User Rank: Apprentice
8/1/2014 | 3:15:23 PM
Posture assessment is a must
Relying on a generic remote access method is not gonna cut it.  Your connection must be encrypted, but the problem is when an infected machine connects via a VPN, it's tough to monitor encrypted traffic.  SSL VPN's have a posture assessment tool native that can do things like check the AV is up to date.  Now you need more, make sure anti phising is installed, firewall config is accurate, OS is up to date.  There are tools to increase secure remote access like GEARS and more.  IT JUST NEED MORE FUNDING!

 

-Disgrunted sys admin


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5226
PUBLISHED: 2020-01-24
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapp...
CVE-2019-1517
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-1518
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-1519
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-1520
PUBLISHED: 2020-01-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.