The Best Practices for Securing Your Printer

Printer Security, Printers, Security, Security Threats, , ,
31
Jul 2018

A printer may seem like a fairly innocuous piece of hardware, but it’s this assumption that makes it a major security risk. Therefore, it needs securing.

In a business, it’s likely that every single printer is networked. And, if something’s networked, then it represents a way into your network. Printers have been being hacked for decades, but it’s not as common as other threats such as malware and viruses. Accordingly, the average PC user in your organization is likely to be unaware of any security risks relating to that printer in the corner of the office.

However, there are plenty of risks and you need to understand what these are and how you can secure your printer and protect your network.

What are the Security Risks Associated with Printers?

When you’re working with printers, you need to be aware of the following security risks:

  • Back Door Access: Any piece of hardware on your network presents an opportunity for hackers to get a foothold in your network; printers are no different.
  • Print Data is Stored: A significant amount of print data is stored on internal memory within the printer and this can compromise the security of confidential data.
  • Susceptible Settings: Print settings can easily be manipulated to print to different locations and alter content during transmission to the printer.
  • Unsecure Documents: Printed documents can easily sit on printer trays for hours in a busy office and this is a major security risk as anyone can access them.

As you can see, there are myriad security issues related to printers, but how do you go about solving these threats?

Making Your Printer More Secure

Thankfully, there are simple and easy to action steps you can take to make your printer more secure:

  • Always Install Updates: As with all hardware, installing updates is one of the most crucial steps to take when it comes to securing hardware. All it takes is for one update to be missed for your printer to suddenly become vulnerable to new threats. It may seem fiddly and time consuming to install security patches, but it’s a lot easier to deal with than a compromised network.
  • Use Swipe Cards to Print: The best way to ensure that the correct people are picking up the correct documents from the printer tray is to employ swipe card authorization. For example, if one person in the office sends a spreadsheet to the printer, then it will only be printed once their card is swiped at the printer. This ensures that documents will not sit on the print tray for long periods.
  • Decommission Printers Correctly: When it comes to decommissioning printers, it’s vital that internal memory and hard drives are wiped. Once wiped, they should be destroyed to maximize the security of any data stored on them.
  • Limit Access to Settings: Access to printer properties and access settings should be tightly restricted to minimize disruption to the print network. A receptionist, for example, should have no need to install new drivers or disconnect printers from the network. All they’re likely to need access to is whether something is printed in color or black and white. Only IT professionals should have access to more complex, operational settings.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Improving WiFi Security for Your Business

Network, Security, Security Threats, WiFi, wireless network, , , ,
11
Apr 2018

Wireless networks are crucial for organizations to operate in the modern business landscape, but it’s critical that your wireless network is secure.

Increased mobility, production and scalability are the three main reasons why your organization will have embraced WiFi. Allowing you to remain competitive, WiFi is a service that you simply can’t be without. Therefore, security is more crucial than ever when it comes to wireless networks.

To help you get a better understanding of how to defend your network, we’re going to look at improving WiFi security for your Business.

How to Protect Your WiFi Network

There are many ways that you can secure your WiFi network, keep hackers out and ensure that productivity remains at an all-time high:

  • Keep on Top of Updates: Your router and associated hardware will regularly receive firmware updates that improve performance and, more importantly, patch any potential security issues. Unfortunately, many people put these updates on the back burner as the install processes are considered a little fiddly. However, while the install time and necessary reboots are irksome, they pale in comparison to your WiFi network being compromised.
  • Change Default Login Credentials: In order to access WiFi devices for the first time, these devices will come with default login credentials to allow the owner to configure them for their network. These default credentials, however, represent a major security risk as they rarely differ between devices. And that means that anyone with a list of default credentials – freely available online – can log on to your WiFi devices if they haven’t been changed.
  • A VPN Can Hide Your Network: A virtual private network (VPN) is a useful service which provides additional security to your WiFi network. A VPN server will hide all the connection details of PCs and devices on your network, so this makes it significantly harder for hackers to find a flaw in your defenses.
  • Keep Guest WiFi Networks Separate: Most organizations provide a guest WiFi network for visitors or staff to access with their own devices. While this is a generous offering, you need to make sure that guest WiFi networks are kept separate to the rest of your networks. Surrounding the individual networks with firewalls also helps to ramp up the defenses between your sensitive data and external breaches.
  • Secure Ethernet Ports: Network peripherals are always at risk of being compromised by unsecured ethernet ports. By simply plugging a cable into an ethernet port, a hacker can gain a foothold into your wireless network. The solution to this problem is, thankfully, relatively simple: enclose network peripherals within locked cases and limit key ownership.
  • Enable WPA2 Encryption: If your WiFi network is not encrypted then it means that the data being transferred over it is open to external parties. As a business, it’s a certainty that the data transferred over your network will be sensitive e.g. customer details, payroll information and emails. However, by enabling WPA2 encryption on your network, it will guarantee that your data will be scrambled as it’s transmitted. As a result, anyone ‘listening in’ will be unable to exploit the data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Infected Websites Are Mining Cryptocurrency

bitcoin, cryptocurrency, Hacking, Security, Security Threats, , ,
06
Apr 2018

Hackers are now infecting websites in order to take control of your PC’s processor and help power the resource heavy activity of cryptocurrency mining.

Cryptocurrencies, such as Bitcoin, have been generating countless headlines in the last year due to the huge values being attributed to them in the financial world. Now, despite cryptocurrencies being purely digital, they still need to be mined to help produce new coins. Naturally, this isn’t a simple task or, otherwise, everyone would be doing it and making millions. Instead, you need plenty of time and even more computing power to carry out the mining process.

For a hacker, of course, harnessing such huge amounts of computing power isn’t exactly rocket science, so it’s no surprise that this is their latest enterprise. And, to make this task a little easier, they’ve started infecting websites to help steal your processing power and power their cryptocurrency mining.

Mining for Cryptocurrency

While leaching off the CPU of innocent users to facilitate cryptocurrency mining is nothing new, the use of websites to help capture this valuable resource is a new one on security experts. And the manner in which it’s being done is ridiculously simple.

Hackers are setting up malicious adverts on websites that run a JavaScript file directly in the browser whenever that site is opened. There’s no need for the hacker to have direct access to the victim’s PC, everything takes place in the victim’s browser. And, if the victim has JavaScript enabled, then the malicious code will automate and hand over a significant amount of their processor power to the hacker’s mining activities.

There are certainly more sensitive hacks – such as those which exploit or encrypt your data – but the real bugbear of having your CPU taken advantage of is the impact it has on your computer’s performance. Mining cryptocurrency requires significant processing power to power through the labor intensive tasks involved, so this drain on resources is going to cause your system to grind to a halt.

Is a Website Hacking Your Processor?

Organizations, in particular, do not want to see their productivity affected by a slowdown in performance, so it’s crucial that you understand the warning signs of these infected sites. If the internet is in use and your system starts slowing down then you should check the performance of your CPU by:

  • Right clicking the taskbar on your PC and selecting Task Manager. This will allow you to access the Performance tab where you can see which resources are taking up your processor’s usage.

If opening a webpage is causing your PC’s performance to rocket, then there’s a chance that this could be down to an infected webpage. The simplest way to deduce this is by closing individual webpages and monitoring the effect within your Performance tab in Task Manager.

Final Thoughts

These infected websites are not going to cause major damage to your organization, but they are going to put a drain on your resources. Understanding that any potential reductions in processor speed could be caused by this new method of hacking is vital to stay on top of your digital security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Hide ‘N Seek Botnet Threatens the Internet of Things

Cyber Attack, Hacking, Internet of things, IOT, malware, Password Security, Security, Security Threats, , ,
08
Mar 2018

The Internet of Things (IoT) has a new security threat and this time it uses peer-to-peer communication to spread, infect and compromise devices.

In January 2018, security researchers working for Bit-defender discovered a new botnet which, although not related, has similarities to the Reaper botnet. Originally infecting just 12 IoT devices, the Hide ‘N Seek botnet had soon amassed over 32,000 IoT devices by the end of the month. With the ability to steal data, take control of the device and run malicious code, Hide ‘N Seek represents a serious threat.

Understanding new and emerging threats to IoT devices is crucial if you want to protect your organization’s network, so it’s time to investigate Hide ‘N Seek a little closer.

Hide ‘N Seek is No Game

A brand of IP camera manufactured in South Korea appears to be the initial infection source for Hide ‘N Seek, but the botnet is actively attacking other IoT devices. Using randomly generated IP addresses, Hide ‘N Seek attempts to connect to any devices listed against these addresses. If the botnet succeeds in connecting then it either uses default login/password combinations to gain access or performs a brute force attack using a dictionary list to crack the login credentials.

With access obtained, Hide ‘N Seek analyses the device to discover any potential vulnerabilities such as the ability to download malware or launch DDoS attacks. The remote botnet hacker also has the option of executing any command they wish on the infected device; this option provides them with the chance to steal any files they wish. The capabilities of Hide ‘N Seek are clearly advanced and innovative, but what’s even cleverer is that it appears to be constantly redesigning itself to minimize detection.

Communication between the infected devices is made possible by the peer-to-peer network at the heart of Hide ‘N Seek. Using peer-to-peer software for hacking is nothing new, but previous methods have always involved modifying existing torrent software. Hide ‘N Seek is taking hacking to a new level by using completely custom built peer-to-peer software which has no central command unit; therefore, closing this network down is virtually impossible.

Combating Hide ‘N Seek

The advanced design of Hide ‘N Seek is proof that it’s the work of highly skilled hackers, but, once again, the vulnerability being exploited is the use of default passwords. Let’s face it, giving a hacker a key to a locked door is the worst form of security you can imagine, but this is exactly what default passwords are. And this is why password security remains the number one priority for any devices within your network, whether they’re connected to the IoT or otherwise.

By changing these default passwords while devices are on isolated networks, your organization can seriously increase the strength of their defenses. Otherwise, you’re leaving your networks at the mercy of malicious botnets such as Hide ‘N Seek. And, believe me, just as Reaper wasn’t the last IoT botnet, neither will Hide ‘N Seek be the final word in hacking in this new IoT landscape.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Hacking the Internet of Things For a Few Dollars

Company Updates, Cyber Attack, Hacking, Internet of things, IOT, Security, Security Threats, , , , ,
06
Mar 2018

The Internet of Things (IoT) has many security concerns, but perhaps one of the most pressing worries is that IoT devices can be easily hacked for just a few dollars.

A group of elite hackers have recently demonstrated the ease with which a hardware hack can be unleashed to take control of IoT devices. All they require to carry out the hack is an SD card reader, the ability to solder and a length of wire – all in all, this should come to around $10. And once they’ve taken control of the device they can not only exploit any data on there, but also use it as a stepping stone to get further into the network it’s on.

With the number of IoT devices expected to hit the 20 billion mark by 2020, the risk of attacks on these devices is only going to get greater and greater. And, for a business, where nearly every employee will have access to an IoT device, perhaps it’s time to get acquainted with this low cost and easy to deploy attack.

Hacking on a Budget

The hack in question is a flash memory attack and, as such, targets IoT devices which have a flash memory – in particular a form of memory known as eMMC flash. It’s likely that you’ve never heard of eMMC flash, but it’s built into a wide range of devices such as smart TVs, cell phones, tablets and even refrigerators. Just think about how many of those devices are in your organization and connected to your network – that’s right, it’s pretty scary. What, though, is this $10 hack?

Well, the hackers – who go under the group name of exploitee.rs – have revealed that they can gain read/write access to devices by taking a flash memory card and soldering wires to five specific places:

  1. Data line
  2. Clock line
  3. Command line
  4. Power line
  5. Ground

This access allows the hackers to start stealing data and to issue commands to the device before taking complete control of it. Once the flash memory card in question is put into an SD card reader, it can then be connected to a PC to glean complete copies of that device’s data inventory. And it’s at this point that the hackers are able to identify zero-day vulnerabilities in the device, vulnerabilities which can be applied to that specific device and any other unit of the same product.

With this information to hand, the hackers are then empowered to launch remote attacks against said device and, potentially, use these infiltrated devices to gain access to the networks they’re connected to. And all of this is possible because hardware manufacturers fail to secure flash memory on their devices, they’re only concerned with creating a front line defense with nothing behind it.

Managing IoT Security Concerns

Hardware manufacturers are slightly off the pace as demonstrated by this budget hack, so for the consumer it’s particularly troubling. As ever, the best advice is to install patches and firmware upgrades as soon as possible. However, when a hardware vulnerability is found it means that it has the potential to leave huge numbers of the same devices – if not all of them – at the risk of being hacked. Therefore, identifying the form of flash memory present in devices may become a major buying point for consumers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 8 9 10 11 12