News and Articles | Breathe Technology

 

Cambridge : 01223 209920

London : 08456 219920

News and Articles

Are their Kracks in your Wireless Network

As a SonicWall Gold Partner, we delighted to share the following update from SonicWall:

Network Security

Are there KRACKs in Your Wireless Network Security?

By John Gordineer

Information and recommendations on protecting your wireless deployment

On October 16, 2017, Belgian security researchers made public their findings that demonstrated fundamental design flaws in WPA2 that could lead to man-in-the-middle (MITM) attacks on wireless networks.

Named KRACKs, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the WiFi standard. Based on their research, CERT issued a series of CVEs to address this flaw, and most vendors affected have issued patches as of this writing.

More details on these vulnerabilities are available on the researchers’ website at www.krackattacks.com.

Are SonicWall wireless solutions vulnerable?

SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable. No updates are needed for SonicWall wireless access points or firewalls with integrated wireless.

What can I do to protect my wireless network?

Whether or not you are a SonicWall wireless network security user, we do recommend that you take immediate action to minimize the risk presented by these vulnerabilities.  We advise the following:

  • Patch all of your WiFi clients, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from your client vendors. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
  • If you are not a SonicWall wireless customer, check with your vendor to determine if you need to patch your wireless access points and/or routers. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources. Again, if you are a SonicWall wireless customer no updates to the access points are needed.
  • Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall. For SonicWall customers, we recommend the following:
    • For SSL encryption on mobile devices, use the SonicWall Mobile Connect client, which is available on the Apple App Store, Google Play, Windows Phone Store or Chrome Web Store.
    • For IPsec encryption, use the SonicWall Global VPN Client.
  • Advise your users to transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
  • The new SonicWall SonicWave series includes a dedicated third radio for scanning.  For SonicWave wireless users, we recommend that you turn on the wireless intrusion detection feature that allows you to block traffic from rogue access points (specifically in this case an evil twin).  This will ensure that the third radio is continually scanning for these types of attacks in real-time.
  • Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
  • One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.

SonicWall believes that IT must be able to provide secure, high-speed access for the organization across both the wired and the wireless network, especially as Wi-Fi becomes more of a necessity and less of a luxury. However, cyber criminals are racing to leverage wireless to initiate advanced attacks.

SonicWall can help you extend breach prevention to your wireless network. SonicWall’s wireless network security solution provides deep packet inspection for both unencrypted and TLS/SSL-encrypted traffic along with a cloud-based, multi-engine Capture sandbox and a complete lineup of centrally managed SonicWave 802.11ac Wave 2 wireless access points.

FacebookTwitterGoogle+LinkedIn

John Gordineer
Director, Product Marketing | SonicWall
John Gordineer is the director of product marketing for SonicWall products.  In this role, he is responsible for technical messaging, positioning, and evangelization of SonicWall network security, email security, and secure remote access solutions to customers, partners, the press and industry analysts.  John has more than 20 years of experience in product marketing, product management, product development and manufacturing engineering at Verilink and SonicWall.  John earned a bachelor’s degree in Industrial Engineering from Montana State University.
Featured KRACK Security WiFi wireless network security

How IT steals your staff’s time and productivity

What happens to your staff when an IT problem stops them from getting on with their work?

In our new guide, we look at the most common IT problems that waste your staff’s time, and how to prevent most problems from happening in the first place.

Click here to view and download

Wannacry, Petya ~ What’s the next threat?

We wanted to share the latest Blog post by our partner SonicWall, in relation to recent ransomware attacks:

Locky, Then WannaCry, Now Petya. Is This The New Normal in Cyber Security?

News reports continue to roll in about yet the latest massive global ransomware attack. This time, the payload appears to be a ransomware called Petya. SonicWall Capture Labs identified the original Petya variants in 2016. However, this time it appears to be delivered by Eternal Blue, one of the exploits that was leaked from the NSA back in April. This is the same exploit that was used in the WannaCry attack.

Infected systems will initially display a flashing skull, followed by a lock screen:

Once again, the cyber arms race continues to evolve. If I were to boil this down to its essence, what we are now seeing is that cyber criminals are combining exploits and attacks in creative ways that are not necessarily new, but still quite effective. Like mixing cocktails, the ingredients are all well known, but the exact mix can be completely new.

Attack details: SonicWall customers are protected

Today, June 27, SonicWall Capture Labs began tracking a high number of Petya ransomware attacks against SonicWall customers. Petya as a malware payload is not new. In fact, we reported in the 2017 Annual SonicWall Threat Report that it was second only to Locky in the number of infections we noted last year. The good news for SonicWall customers that are using our security services is that we have had signatures for certain variants of Petya since March 2016. Then, in April 2017 Capture Labs analyzed and released protection for the Eternal Blue exploit that Shadow Brokers leaked from the NSA. Also, on June 27, the Capture Labs Threat Research Team issued a new alert with multiple signatures protecting customers from the new Petya Ransomware Family.

Recommendations for SonicWall customers

As a SonicWall customer, ensure that your next-generation firewall has a current active Gateway Security subscription, in order to receive automatic real-time protection from known ransomware attacks such as Petya. Gateway Security includes Gateway Anti-virus (GAV), Intrusion Prevention (IPS), Botnet Filtering, and Application Control. This set of technology:

  • Includes signatures against Petya (part of GAV)
  • Protects against vulnerabilities outlined in Microsoft’s security bulletin MS17-010 (part of IPS)

Since SonicWall Email Security uses the same signatures and definitions as Gateway Security, we can block the emails that deliver the initial route to infection. To block malicious emails, ensure all Email Security services are up to date. Since 65% of all ransomware attacks happen through phishing emails, this also needs to be a major focus when giving security awareness training. Additionally, customers with SonicWall Content Filtering Service should activate it to block communication with malicious URLs and domains, which work similar to the way botnet filtering disrupts C&C communication.

Because more than 50% of malware is encrypted, as a best practice, always deploy SonicWall Deep Packet Inspection of all SSL/TLS (DPI SSL) traffic. This will enable your SonicWall security services to identify and block all known ransomware attacks. Enabling DPI SSL also allows the firewall to examine and send unknown files to the SonicWall Capture Advanced Threat Protection (ATP) service for multi-engine sandbox analysis. We recommend that you deploy Capture ATP in order to discover and stop unknown ransomware variants. Because of the rapid proliferation of malware variants, SonicWall leverages deep learning algorithms to provide automated protection against both known and zero-day threats. The combination of the SonicWall Capture Threat Network and SonicWall Capture ATP sandboxing provides the best defense against newly emerging hybrid attacks such as Petya. As always, we strongly recommend that you also apply the Windows patch provided by Microsoft to protect against the Shadow Brokers leaked exploits as well.  And it is always a good idea to maintain current backups of all critical data to allow recovery in the event of a ransomware event.

 

Click here to read the full report and past blog posts by SonicWall

So what’s the difference between antivirus and anti-malware?

What’s the difference between antivirus and anti-malware?

By Wendy Zamora | September 11, 2015

It’s the $64,000 question. The ultimate question of life, the universe, and everything. (And no, the answer isn’t 42.) Whenever someone begins their search for online security, they ultimately discover there are two major types of protection: antivirus and anti-malware. Which leads them to the inevitable query:

What’s the difference between antivirus and anti-malware?

Virus vs. malware

Before we can answer that, we need to first unveil what, exactly, are viruses and malware. A virus is a piece of code that is capable of copying itself in order to do damage to your computer, including corrupting your system or destroying data. Malware, on the other hand, is an umbrella term that stands for a variety of malicious software, including Trojans, spyware, worms, adware, ransomware, and yes, viruses. So the logic follows: all viruses are malware. Not all malware are viruses. Ya dig?

Unfortunately we can’t stop there because it’s a little more complicated than that. Viruses are considered to be legacy threats. By this we mean: they’ve been around for a while and haven’t changed all that much. They aren’t used very often by today’s cyber criminals, which is why many antivirus companies have evolved to fight more than “just” viruses. This can include infectious malware like worms, web threats like keyloggers, or concealment malware, such as rootkits.

So why do antivirus companies still call themselves antivirus? Since viruses made headlines in the 90s, security companies focused their efforts on fighting them. Thus the term antivirus was born. It all boils down to marketing. Most people are familiar with computer viruses and what they do. Not a lot of people know what malware is.

Compare and contrast

Still, there are key differences between antivirus and anti-malware software that go beyond semantics. What differentiates antivirus and anti-malware companies are the types of malware they specialize in and how they deal with them.

Antivirus usually deals with the older, more established threats, such as Trojans, viruses, and worms. Anti-malware, by contrast, typically focuses on newer stuff, such as polymorphic malware and malware delivered by zero-day exploits. Antivirus protects users from lingering, predictable-yet-still-dangerous malware. Anti-malware protects users from the latest, currently in the wild, and even more dangerous threats. In addition, anti-malware typically updates its rules faster than antivirus, meaning that it’s the best protection against new malware you might encounter while surfing the net. By contrast, antivirus is best at crushing malware you might contract from a traditional source, like a USB or an email attachment.

If antivirus and anti-malware were dances, antivirus would be the waltz and anti-malware would be hip-hop.

So which one should you choose?

No one tool can catch everything, which is why security experts recommend a layered approach. It’s better to have more than one set of eyes looking at threats from different angles. “I’m sure you’ve heard the old saying ‘jack of all trades, master of none,'” says Samuel Lindsey, Malwarebytes user advocate. “That’s how I see all-in-one security suites; they just can’t detect everything on any given day.”

Your best bet is to use an antivirus program to catch the classic threats and an anti-malware program, like Malwarebytes Anti-Malware Premium, for the newer, more advanced dangers. And you needn’t worry about the impact of running two real-time scanners at the same time on your machine’s performance—most anti-malware software is lightweight, easy-to-run, and designed to work alongside antivirus.

So there you have it. Your questions have all been answered. You may now be at peace…

Is your network security at risk?

Security is an issue that affects all organisations, regardless of their size and the days where hackers penetrated companies to steal specific information has evolved to a risk far greater. Even small 5-person companies can become part of a bot network and be used for mass spamming purposes.

Failing to install appropriate antivirus software on individual machines or to protect your network with a firewall can result in networks being used as a base for proxy attacks, sensitive information being stolen and sold in and your entire network crashing because of virus damage.

Read More »

Desktop Virtualization

With organisations constantly tightening their belts and austerity measures becoming more commonplace, it is becoming increasingly difficult for IT personnel to provide high levels of service without compromising on performance, reliability and security. This is particularly true of big companies with large user bases such as schools, colleges and universities.

However, maintaining high standards of service and providing employees with the latest software versions is not as expensive as you might think, as a number of our clients have discovered by investing in our desktop virtualization solution. Unlike other solutions, it offers cost savings from the outset as well as ongoing reduced maintenance and energy bills.

Read More »

Company News September 2012

We’ve had a busy year to date and have started working with a number of new clients. We have been awarded ICT and managed services contracts from local companies, KJ Architects and IDTechEx as well as from St Mary’s Primary School (Suffolk) and Sir Robert Pattinson Academy (Lincolnshire), St Christopher’s Primary School and Prince William School. We look forward to developing long-lasting relationships with all these organisations.

We would also like to introduce Jason Platt, Paul Thomson and Francisco Janes. Jason and Paul have recently joined our technical team and their main responsibilities are to provide onsite support to larger clients as part of their managed service agreement. Collectively they have more than 30 years’ experience in ICT support and we hope you will find their technical experience useful and beneficial.

Read More »

Recent NComputing Deployment in Education

West Row Community Primary School (Cambridgeshire) was previously using desktop computers to provide pupils and teachers with an enhanced learning and teaching experience. However, these computers were approaching their end of life.

A cost-effective desktop refresh was therefore under consideration

Read More »

Government is giving back to small business, we can help you get your Internet upgrade and £3000 grant!

The next question is, do you qualify? The following criteria applies:

  • You are a SME, registered charity, social enterprise or sole trader
  • Is Your business is within an eligible area one of the 22 cities taking part in the scheme.
  • You are currently on 30Mbps or less
  • Installation of your new broadband connection will cost over £100
  • The connection is for your business premises. You can apply for a connection at home if this is your main work base, but this does not apply if you work from home occasionally
  • You are willing to sign up to a minimum 6 month contract with your broadband supplier
  • The broadband service you select delivers a speed or performance improvement on your current connection. There are some detailed requirements on speedthat you should check before applying
  • You have not received more than around £120,000 in grants in the last 3 years
  •  The grant will only cover the initial installation cost of the connection. No on-going revenue charges will be included. The minimum grant amount available is £100.

Read More »

E-Mail Archiving

Here’s the reason why you should archive all your email

According to the Data Protection Act, anyone has the right to ask for details of personal information held relating to them by an organization. The Act also requires businesses to ensure that they take appropriate technical measures to protect any data they hold from being misused, lost or damaged, and all this data must be searchable and quickly made available on request.

Breathe Technology “CleneMail” cleans, archives and indexes all your emails – in the Cloud.

Read More »