Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How We Can Prevent Another Anthem Breach
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
xmarksthespot
50%
50%
xmarksthespot,
User Rank: Strategist
3/22/2015 | 4:13:34 AM
Re: class action
I predict the market will react appropriately.  There's already a lot of switchover to 2 factor authentication in the consumer area.  It's pretty late, of course, but things will change.  Seems to me like encryption and 2 factor authentication are the big ones which need focus.  Implementation of robust host hardening procedures (not new products, but correct utilization of ones already in place) can help greatly.
chrisbunn
50%
50%
chrisbunn,
User Rank: Apprentice
3/20/2015 | 5:42:46 AM
Context aware access control
Great article Dave. Context aware access control helps protect identity and thus help prevent this type of attack from compromised network credentials. Organizations can - and should - set and automatically enforce access rules that restrict how and when their authenticated users access the network. Employees should be restricted to specific workstations, devices, departments or IP ranges to reduce the attack surface where compromised credentials can gain access. This control must extend across all session types (Wi-Fi, VPN or IIS). 

This type of enhanced access control is not possible with native controls but available with technology solutions such as UserLock (for Windows Server based networks.) 

It's interesting also to know that from IS Decisions latest research, IT professionals cited strong user access restrictions as the top method for helping address user security behavior. Restrictions help protect users from themselves and outrighly restrict some of the careless behavior that leads to these type of security breaches.

 

 
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/24/2015 | 3:25:56 PM
Re: No Two Factor?
Thanks Dave. Yeah, we were one of companies that got new tokens, I had completely forgotten about that. I had missed your article about the backdoor in algorithm, easy to understand your mistrust.

Does it get worse? We have used the Cisco VPN appliance/client software and now have moved to Juniper (Pulse client). Has the certificate protection installed in those clients been compromised, or is it easy to do so? That would have to done along with knowing the SecurId number, along with my user name and PIN. If compromising that client is easy, we are really only protecting ourselves from amateurs with all this spend we have on this.

It's starting to become obvious to me the best thing my company has going for it is being boring. Even if you hacked every bit of intellectual property we have, you'd still need millions and millions of $ in capital investment in land and equipment just to possibly earn 5% return on annual sales you might get. I really feel sorry now for companies whose lifeblood is information itself.
Dunkirk
100%
0%
Dunkirk,
User Rank: Strategist
2/24/2015 | 2:50:22 PM
The dog ate my homework
North Korea and China are now the equivalent of "the dog ate my homework" excuse. Expect every company that has a breach of any magnitude to trot this one out.

To me it is also interesting to read in other coverage that the administrator's password was being used for the SQL queries. An even simpler precaution would have been to protect that obviously valuable password via a privileged account management solution. I don't disagree with strong authentication, behavioral analysis or context-aware access control. However, to me, the key takeaway is multi-layer security. A castle is protected by a moat, and a drawbridge, and high walls, and ramparts, and soldiers with hot-oil cauldrons, arrows and the occasional flying cow launched at the enemy (can't resist a Monty Python aside). Hackers will always find an entree but we want them to get through one door only to see many more.

Good article, Dave.

Jackson Shaw
dak3
100%
0%
dak3,
User Rank: Moderator
2/24/2015 | 2:37:54 PM
Re: No Two Factor?
Go here for all the reasons why I'm not an RSA fan...
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/24/2015 | 12:53:46 PM
Re: No Two Factor?
I remember RSA was hacked awhile ago. But like all things security, never saw any detail of exactly what that hack exposed. Are you saying hackers have capability of discovering the Serial # on my hard token and then predicting my next number because they know the seed/algorithm? Or did somebody just hack RSA servers and see who was using their service?

Even if they stole algorithm, how would they know what seed was being used? From what I read on that stuff, it was pretty solid code? Send me a good resource link on this hack if you have it handy.
dak3
50%
50%
dak3,
User Rank: Moderator
2/24/2015 | 12:30:12 PM
Re: No Two Factor?
And, as I said in the article, it was an admin that was phished...

 

And, if that 2nd factor was SecureID, well, that's been compromised for a while...
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/24/2015 | 11:31:28 AM
Re: No Two Factor?
No @Dak3, not what he said. He said just not effective in INTERNET authentication. He actually confirmed what I suspected, it would be near impossible to pull off in our Corp network.

The reason is clear: For Man in Middle, you'd have to spoof our VPN server. That isn't on our internal network, it has it's own security with this token. Since it uses a certificate before it even gives you signon credentials, you could not get "in the middle". Well, realistically anyway. Given enough inside information and access to tools which created the certificate in first place, along with poisoning DNS enough to redirect you to their VPN server, you could then capture what user typed in. You'd then have about 30 seconds to come in thru the our real VPN server and get IP address foothold in our private, non internet routable network.

Good luck with all that.

His other hack was Chicken or Egg. It depended on already compromising the computer going to signon to VPN in first place. I'll give him part of that one, you could certainly grab the keystokes of the PIN/token combination. But what I don't know is if you could grap the installation of the VPN client which contains the certificate to let VPN server talk to you. As crappy as Windows/Linux computers are, I'd have to believe you probably could, as sad as that is.

But again, lot of inside info needed here, it would have to be an inside attack more than anything else, nothing you are going to sniff out cold from China with internet access and nothing else. Regular users aren't bright enough on all this to phish anything useful. If you find an internal admin stupid enough to give up all that info, well, there is no hope for your security period.
dak3
50%
50%
dak3,
User Rank: Moderator
2/24/2015 | 10:59:47 AM
Re: No Two Factor?
Two-factor authN is better than one, but as Bruce Schneier says "Two-factor authentication isn't our savior. It won't defend against phishing."

Read his blog post ("Two-Factor Authentication: Too Little, Too Late") from 2005 to see why.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/23/2015 | 10:27:56 AM
Re: class action
@psullivan726, It's pretty darn amazing that a healrhcare company the size of Anthem would be so  remiss. i wonder if that's typical for the healthcare insurance industry. 
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7734
PUBLISHED: 2020-09-22
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6566
PUBLISHED: 2020-09-21
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6567
PUBLISHED: 2020-09-21
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.