Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How We Can Prevent Another Anthem Breach
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
xmarksthespot
50%
50%
xmarksthespot,
User Rank: Strategist
3/22/2015 | 4:13:34 AM
Re: class action
I predict the market will react appropriately.  There's already a lot of switchover to 2 factor authentication in the consumer area.  It's pretty late, of course, but things will change.  Seems to me like encryption and 2 factor authentication are the big ones which need focus.  Implementation of robust host hardening procedures (not new products, but correct utilization of ones already in place) can help greatly.
chrisbunn
50%
50%
chrisbunn,
User Rank: Apprentice
3/20/2015 | 5:42:46 AM
Context aware access control
Great article Dave. Context aware access control helps protect identity and thus help prevent this type of attack from compromised network credentials. Organizations can - and should - set and automatically enforce access rules that restrict how and when their authenticated users access the network. Employees should be restricted to specific workstations, devices, departments or IP ranges to reduce the attack surface where compromised credentials can gain access. This control must extend across all session types (Wi-Fi, VPN or IIS). 

This type of enhanced access control is not possible with native controls but available with technology solutions such as UserLock (for Windows Server based networks.) 

It's interesting also to know that from IS Decisions latest research, IT professionals cited strong user access restrictions as the top method for helping address user security behavior. Restrictions help protect users from themselves and outrighly restrict some of the careless behavior that leads to these type of security breaches.

 

 
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/24/2015 | 3:25:56 PM
Re: No Two Factor?
Thanks Dave. Yeah, we were one of companies that got new tokens, I had completely forgotten about that. I had missed your article about the backdoor in algorithm, easy to understand your mistrust.

Does it get worse? We have used the Cisco VPN appliance/client software and now have moved to Juniper (Pulse client). Has the certificate protection installed in those clients been compromised, or is it easy to do so? That would have to done along with knowing the SecurId number, along with my user name and PIN. If compromising that client is easy, we are really only protecting ourselves from amateurs with all this spend we have on this.

It's starting to become obvious to me the best thing my company has going for it is being boring. Even if you hacked every bit of intellectual property we have, you'd still need millions and millions of $ in capital investment in land and equipment just to possibly earn 5% return on annual sales you might get. I really feel sorry now for companies whose lifeblood is information itself.
Dunkirk
100%
0%
Dunkirk,
User Rank: Strategist
2/24/2015 | 2:50:22 PM
The dog ate my homework
North Korea and China are now the equivalent of "the dog ate my homework" excuse. Expect every company that has a breach of any magnitude to trot this one out.

To me it is also interesting to read in other coverage that the administrator's password was being used for the SQL queries. An even simpler precaution would have been to protect that obviously valuable password via a privileged account management solution. I don't disagree with strong authentication, behavioral analysis or context-aware access control. However, to me, the key takeaway is multi-layer security. A castle is protected by a moat, and a drawbridge, and high walls, and ramparts, and soldiers with hot-oil cauldrons, arrows and the occasional flying cow launched at the enemy (can't resist a Monty Python aside). Hackers will always find an entree but we want them to get through one door only to see many more.

Good article, Dave.

Jackson Shaw
dak3
100%
0%
dak3,
User Rank: Moderator
2/24/2015 | 2:37:54 PM
Re: No Two Factor?
Go here for all the reasons why I'm not an RSA fan...
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/24/2015 | 12:53:46 PM
Re: No Two Factor?
I remember RSA was hacked awhile ago. But like all things security, never saw any detail of exactly what that hack exposed. Are you saying hackers have capability of discovering the Serial # on my hard token and then predicting my next number because they know the seed/algorithm? Or did somebody just hack RSA servers and see who was using their service?

Even if they stole algorithm, how would they know what seed was being used? From what I read on that stuff, it was pretty solid code? Send me a good resource link on this hack if you have it handy.
dak3
50%
50%
dak3,
User Rank: Moderator
2/24/2015 | 12:30:12 PM
Re: No Two Factor?
And, as I said in the article, it was an admin that was phished...

 

And, if that 2nd factor was SecureID, well, that's been compromised for a while...
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/24/2015 | 11:31:28 AM
Re: No Two Factor?
No @Dak3, not what he said. He said just not effective in INTERNET authentication. He actually confirmed what I suspected, it would be near impossible to pull off in our Corp network.

The reason is clear: For Man in Middle, you'd have to spoof our VPN server. That isn't on our internal network, it has it's own security with this token. Since it uses a certificate before it even gives you signon credentials, you could not get "in the middle". Well, realistically anyway. Given enough inside information and access to tools which created the certificate in first place, along with poisoning DNS enough to redirect you to their VPN server, you could then capture what user typed in. You'd then have about 30 seconds to come in thru the our real VPN server and get IP address foothold in our private, non internet routable network.

Good luck with all that.

His other hack was Chicken or Egg. It depended on already compromising the computer going to signon to VPN in first place. I'll give him part of that one, you could certainly grab the keystokes of the PIN/token combination. But what I don't know is if you could grap the installation of the VPN client which contains the certificate to let VPN server talk to you. As crappy as Windows/Linux computers are, I'd have to believe you probably could, as sad as that is.

But again, lot of inside info needed here, it would have to be an inside attack more than anything else, nothing you are going to sniff out cold from China with internet access and nothing else. Regular users aren't bright enough on all this to phish anything useful. If you find an internal admin stupid enough to give up all that info, well, there is no hope for your security period.
dak3
50%
50%
dak3,
User Rank: Moderator
2/24/2015 | 10:59:47 AM
Re: No Two Factor?
Two-factor authN is better than one, but as Bruce Schneier says "Two-factor authentication isn't our savior. It won't defend against phishing."

Read his blog post ("Two-Factor Authentication: Too Little, Too Late") from 2005 to see why.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/23/2015 | 10:27:56 AM
Re: class action
@psullivan726, It's pretty darn amazing that a healrhcare company the size of Anthem would be so  remiss. i wonder if that's typical for the healthcare insurance industry. 
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-44093
PUBLISHED: 2021-11-28
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVE-2021-44094
PUBLISHED: 2021-11-28
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...