>

Leaking Data on Open Networks

May 30, 2017

While sitting in a waiting area at a business in Dallas, TX I started looking at my phone. As time went by I started looking for a wifi connection so I wasn't using all of my data surfing the Internet. There were two open networks. So, I clicked on one, brought up Safari, and I landed right at the business's fax/scanner. You can't imagine the type of data pertaining to the business I saw. However, here is the real big no...no.

They had, mixed in with other documents, faxes of customer orders. Complete with credit card data (all of it...and it was still valid). The following is a sample that I smudged out pretty much everything that might get me into trouble.

leakingdata

Lesson's learned.

  1. When was the last time your company had a vulnerability test?
  2. Do you perform internal audits to ensure you are following the standards your company should be following?
  3. When connecting new devices to the network are you changing the default settings in order to make it secure?

Encrypting Secrets with Ansible

May 29, 2017

ansible

I'm seeing more people use Ansible as their deployment and configuration management tool. A while back, Ansible created a way to encrypt playbooks so that they can't be read when they are in a stored state. This is important if you have passwords incorporated into variables or maybe even proprietary code in your playbooks.

Now with your playbook being encrypted, the contents are secured from those that don't have the need to know. Or in the event of a hack, and the hacker gets your playbooks, they won't have all of your secrets.

Ansible makes this very simple by using the ansible-vault command to create, view, and edit an encrypted playbook.

The password that encrypts the playbook can be supplied at runtime in a couple of different ways.

See the full documentation for examples and keep your code secure.


How to defend against Ransomware

May 26, 2017

ransomware

This style of attack isn't going away anytime soon. There is a long history of criminals gaining profit from encrypting individual hosts and holding them for ransom. While the large companies have been talked about in the news in respect to how to defend, it is the home user that I'd like to address here.

There are several things that you should be doing:

  1. Ensure your systems are patched.
  2. Backup your data.
    • I use a paid program called Arq5. This works on Windows and MacOS but is a program that's not free. However, I feel it's worth it. It produces incremental encrypted backups of folders that you pick to a selection of destinations (Google Drive, AWS, SSH destination, etc). I have my backups going to my Google Drive.
  3. Perform a full disk backup.
    • I use AOMEI Backupper Standard for Windows (free). It's fast... Only takes about 6 minutes to backup or restore my system.
    • For my MacOS machines, I use Carbon Copy Cloner (not free but worth it). It even backs up the MacOS restore partition.

Now, if you get hit by a nasty bug that encrypts all of your files, just restore your computer and retrieve the latest backups of your files.


HIPAA Compliance

How is your business doing in regards to HIPAA compliance?

May 2, 2017

hipaa-compliance

HIPAA is like so many other compliance initiatives where companies perform what's required, check all the boxes, and move on with their everyday business. I find that a lot of companies maybe setup a program and did the initial investment to become compliant but many have slipped since and are no longer doing what they should. The truth is that we should be doing so much more than just complying with HIPAA.

Some recent news articles point out issues with maintaining a secure environment for healthcare data:

Some things to think about:

If you feel like you should be doing more, then maybe it's time for a 3rd party to come in and take a look. AgileSecOps can assist in performing a gap analysis of your HIPAA compliance and of your operational environment. Call or email us today so we can discuss next steps.