KRACK Attack

On Monday October 16th, 2017, researchers disclosed major weaknesses in WPA2. This link is a full website that has both layman’s details and technical details regarding the vulnerability. US ProTech has learned that “Krack” has been known by key industry players since June of 2017 despite having just been disclosed to the public this week. Called a KRACK attack (which stands for key reinstallation attacks), this software vulnerability permits an attacker to decrypt WPA2 traffic. In some cases, it goes further by permitting injection or data modification before traffic reaches its intended destination. The attack targets the 4-way handshake that establishes encryption between a client device and the access point. As a result, virtually all Wi-Fi client devices were impacted upon the release of KRACK. The following CVE identifiers are associated with this vulnerability: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless...

Attention Government and Defense Industry Contractors

SUBJECT / NIST 800-171 Deadline Approaches Required Attestation of Competency Due by December 31st (See 252.204-7008.) As referenced within your Contract: “(1) By submission of this offer, the Offeror represents that it will implement the security requirements specified by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” that are in effect at the time the solicitation is issued or as authorized by the contracting officer not later than December 31, 2017.”   Also see http://dx.doi.org/10.6028/NIST.SP.800-171 How will this impact your company? The mandate for Defense Contractors to achieve NIST 800-171 compliance before the end of the year is fast approaching.  Without an accredited Statement of Facts and Attestation of Competency, your organization may lose all access to future government contracts.  To solve this crisis, US ProTech is validated by the U.S. Dept. of Commerce under the High-Impact Baseline Standard NIST 800-53 R4 to provide third-party attestation of competency for NIST 800-171 and NIST 800-53. To simplify the process and save both time and money: We’ll produce the required documentation for the regulation, US ProTech offers a proven-successful Four-Step process.  1. The NIST 800-171 Risk & Compliance Assessment 2. Itemized Remediation Plan (Corrective Action Plans) 3. A Standardized set of Comprehensive Policies and Procedures 4. US ProTech’s Attestation of Competency, Certificate & Plaque Contact us today to receive a complimentary consultation   About US ProTech, Inc.: Founded in 1999, US ProTech is a nationally recognized Cybersecurity software development and Managed Security Services Provider whose focus is building their clients security fortitude and enabling them to conduct business with higher levels...
What’s in Your Technology Budget Next Year?

What’s in Your Technology Budget Next Year?

Many companies start their budget this time of year. As you are thinking about strategic investments, consider how you can leverage technology to improve customer service, make your employees more productive, and possibly save money. Here are a few considerations for next year’s technology budget. Network Upgrade Your network is the backbone of your technology infrastructure. Growing demand for high bandwidth activities including Communications and Collaboration, Call Center and Cloud Backup all require a bullet-proof network. What’s more, a number of advancements in Software Defined Wide Area Networking (SD-WAN) could save you a bundle. Consider having a network assessment or Telecom Expense Audit to see if you can save on your communications and networking costs next year. Fixed Priced IT If you haven’t deployed Managed Services to augment your technology infrastructure, you might consider how you could benefit from this model. By proactively monitoring and managing your infrastructure, your systems will work better and your cost of systems updates and support will be fixed. Cloud Computing The economic model of Cloud Computing allows companies to avoid unnecessary capital expense (CapEx) and use operating expense to subscribe to a range of Cloud Services.  Software as a Service (SaaS) provides the latest version of your popular productivity applications, and Infrastructure as a Service (IaaS) offers a consumption model for scalable computing power. Data Protection Cyber threat, privacy data breach, human error and natural disasters can put your business at risk. Having a solid data protection plan helps businesses avoid the unnecessary downtime, fines, legal fees, and loss of reputation associated with data loss. There are many ways to invest in the...
What you Need to Know to Comply with  Global Data Protection Regulation

What you Need to Know to Comply with  Global Data Protection Regulation

You don’t need to be based in the European Union to be subject to the new Global Data Protection Regulation (GDPR) scheduled to take effect in May of 2018. These broad standards for compliance protect the data of any EU citizen regardless of where the data resides. You will want to know how to avoid fines as high as 4% of your total global revenue. In fact, reading this article may help you demonstrate compliance by educating yourself. Even if your company may not need to comply, GDPR enforces best practices in data protection, so read on. What is the Global Data Protection Regulation? General Data Protection Regulation (GDPR) provides a uniform standard for data protection for individuals of the European Union (EU). Proposed by the European Commission, it is expected to go into effect in May of 2018. Not only does it protect privacy information for EU residents, but it also addresses the export of personal data outside the EU. Does My Business Need to Comply? If you store email addresses and other personal information of EU residents, you might be subject to GDPR. In our ever-shrinking global economy, it is not uncommon to have EU individuals’ privacy information. The GDPR standard includes health information, marketing databases, and commercial information, among others. For example, you may have personal information in your email databases; companies that sell via e-commerce may also have personal information subject to GDPR.   How to Comply with GDPR Start by understanding the compliance requirements. Taking steps to educate yourself not only helps you comply, it may also lessen fines if you are in breach....
What’s in Your Data Center?

What’s in Your Data Center?

Most experts agree we will create more Data this year than in all prior years combined. According to research firm IDG the world will create 163 zettabytes of data a year by 2025. It is no surprise IDC forecasts worldwide spending on public cloud services and infrastructure to reach $122.5 billion in 2017, an increase of 24.4% over 2016. What is driving this growth and what do you need to know to manage what’s in your data center? What is Driving Data Center Growth? While businesses are drowning in data they find themselves starved for information. Trends in mobility, social media, and customer analytics can create an exponential explosion of data in your business. Business applications, email archives, file sharing and more all drive us to hoard and store data like never before. Regulatory compliance requires many industries to archive data. Additionally, low-cost storage allows businesses to easily accumulate data on a range of devices including desktops, laptops, and on-premise services. Many companies turn to economical options including Infrastructure as a Service for Application Hosting and Failover to store and protect this data. How can a Business Benefit from Infrastructure as a Service? Infrastructure as a Service (IaaS) is a way for businesses to use cloud computing to tap into computer resources over the Internet. The Cloud Computing model allows businesses to avoid the Capital Expense (CapEX) of investing in infrastructure. The business owner only pays (rents) the portion that is consumed. This utility computing model is adopted by most businesses today and helps alleviate some of the concerns related to managing your own data center. How to Avoid...

The IoT Security Challenge

The internet of Things (IoT) is much-talked-about technology. Driven by low-cost sensors, ubiquitous connectivity and updates to the Internet Protocol (IP), IoT is rapidly being adopted. Research firm Gartner expects over 8 billion devices connected in 2017. Cities use IoT to relieve parking congestion by collecting data on open parking spots; farmers can measure moisture in soil; and manufacturers use this technology to track inventory in their supply chain. Because these devices may use machine-to-machine connectivity without human intervention, this can increase the IoT Security Challenge. Here are some security considerations for IoT. IoT Network Security IoT Network Security goes beyond traditional network security requirements for connecting PCs, Laptops, Tablets and servers together. Networks supporting IoT will need to support a wider range of devices using a wider range of protocols for connectivity. Not surprisingly, Markets and Markets forecast IoT network security as the largest segment of a market expected to grow to over $29 billion by 2022. IoT Encryption One of the primary business benefits of IoT is the data that can be collected and analyzed from these devices. Using IoT encryption technologies to protect this information at rest or in transit is an IoT Security Challenge for businesses adopting IoT technologies. Standard encryption technology is stretched to its limits by IoT encryption requirements. Specialized IoT encryption technologies are needed due to the wide range of devices used for IoT deployments. IoT Security Reporting and Analytics IoT applications are not immune to hackers and security breach attempts. Due to the volume of devices, monitoring and analyzing IoT security will become increasingly challenging. Artificial intelligence and big-data analytics are...

Disaster Recovery and Data Protection –Now More Than Ever

Recent Hurricanes Harvey and Irma, along with major earthquakes in Mexico, remind us how vulnerable we can be to disasters, and underscore the importance of data protection. As businesses depend on access to a range of systems–including call center, communications and collaboration application, customer management, and more–having a solid data protection plan can help you in a disaster recovery scenario. Now more than ever, a range of options exist to help maintain business continuity. Here are a few options to consider.   Review Your Data Protection Plan Key to your data protection plan is identification of mission-critical systems. The most important systems should be redundant, with the ability for failover in the event of a disaster. Your data centers and failover options should be geographically dispersed and on different network backbones. This can minimize downtime and get you back up and running sooner. Having your data backup available in Cloud Storage can help you recover other important files and application data if you lose access to your on-premise systems. SD-WAN for Business Continuity Software-defined wide area networks (SD-WAN) can also provide you a highly reliable and redundant network. Having the ability to switch Wide Area Networks using SD-WAN as an alternative to more costly MPLS solutions can ensure connectivity during a natural disaster. What’s more, Software-Defined Wide Area Networking can save you money in the long run by giving you the flexibility of a multi-carrier solution. Software as a Service for Disaster Recovery More businesses are turning to the Cloud for a range of applications–hosted email, Voice over IP (VoIP), Call Center, and others–to keep communications flowing during a...

Considering Cloud Security

According to a recent research report “Assessing the Cloud Security Landscape” by the Computing Technology Industry Association (CompTIA), 85% of business owners and IT professionals participating in a survey responded that they are Confident in their Cloud Service Provider. No wonder research firm IDC predicts the market for public and private cloud security to more than double over the next few years. What Cloud Security Concerns are top of mind with business owners, and what can you do to reduce your risk? Read more to find out… Cloud Security Concerns According to the CompTIA research, the biggest security concerns are: system downtime and business interruptions; exposure or loss of data during file transfers to the cloud; and concerns over encryption of data (either transactional or at rest). Rounding out the top five concerns from the research are physical security of cloud service provider data centers, and shared technology vulnerabilities in a multi-tenant environment. Many of the risks related to these issues can be avoided with appropriate technologies, and by adhering to industry compliance regulations. Questions to Ask About Cloud Security To help you sleep at night, there are a number of questions you can ask your Cloud Service Provider to better understand security considerations. You may want to know where your data resides. Understanding data residency could help you navigate standards related to regulatory compliance or specific country requirements on data residency. Consider asking your Cloud Service Provider about their encryption policies, business continuity and disaster recovery plans, and their data integrity and retention policies. Is the Cloud Right for All of My Data? Data that is strictly regulated...

How is Your Network Health?

Your network is the backbone of your IT Infrastructure. Your network health is also an integral part of your defense against Cyber threat. Cloud Computing, Communications and Collaboration, Data Protection, and Digital Transformation put more reliance on your network.  This begs the question, how is your network health? Ask yourself these three questions to find out the answer… How Well Does Your Network Perform? You rely on your network to communicate with your employees, customers, prospects, and suppliers. What’s more, your network links your company to public and private cloud services and applications that are critical to your business operations. Performance bottlenecks from social media, streaming applications, faulty hardware, and lost connections can impact your employees’ productivity. Offsite backup and other IT functions also rely on your network. Ensuring network health keeps systems running smoothly and available when you need them. How Secure is Your Network? Network security is an imperative for businesses of all sizes. Your business may face additional compliance requirements–for example, Payment Card Industry Data Security Standard (PCI DSS). Data protections standards are rapidly evolving, which could increase your responsibility and exposure to fines and penalties. General Data Protection Regulation (GDPR), the European Union’s data protection rules, could apply to your business regardless of your location. Keeping your network in compliance through monitoring, endpoint protection, content filtering, and other network security detection and protection technologies is a good start. Train your employees on the implications of phishing emails and how to identify one. Teach them to avoid malicious links in unsolicited scam emails. Underscore the importance of a strong password and steps to take to keep...

Can A Business Continuity Plan Save Your Reputation?

Reputation Management is a hot topic in the boardroom these days. Having a solid business continuity plan could make or break your company’s ability to survive a data breach or other systems failure that could tarnish your hard-earned reputation. Company news about data loss, systems downtime and other unplanned interruptions occur with regularity. According to technology research firm Gartner, a business that has a catastrophic data event has a two-year survival rate of just 6%. Surprisingly, your company can avoid these scenarios by having a solid BC/DR Plan. It is no surprise that recent research by MarketsandMarkets forecasts the spend on DR as a Service (DRaaS) to grow from $1.68 Billion in 2017 in revenue to $11.11 Billion by 2020. Read on to find out how a Business Continuity Plan could save your business. Understand Your Business Continuity Risk and Exposure A great place to start with Business Continuity planning is a review of your company policies and procedures. Your business continuity policies should — in addition to identifying the technical standards for managing your company’s applications, data, and related infrastructure — should identify acceptable risk, what your employees will do in a disaster recovery scenario, and identify any compliance requirements. It is important to understand what information is most important and to consider the risks of suffering a data loss. What would be the impact to your revenue, productivity and reputation? If you could not access your information, or it was subject to data breach, how may that impact your customers’ trust and your business’s reputation? An Ounce of Planning is Worth a Pound of Cure Ensure you...
Page 1 of 1712345...10...Last »