Tag Archives: Cyber Security

How Free Web Filtering Software Can Protect You System?

Update

On August 1, 2016, Blue Coat, Inc. (K9’s parent company) was acquired by Symantec™. As can be imagined Blue Coat and Symantec had a handful of similar products and unfortunately, it didn’t make sense to maintain two competing products. it was decided to “end-of-life” K9 Web Protection.
Effective immediately, K9 Web Protection is no longer available for purchase or download. Technical Support for K9 will end on June 30, 2019.

It is unfortunate to see K9 Web Protection go. I am not aware of an alternative free software that provides the same level of protection at a premium quality. However, for those interested in alternatives to K9 Web Protection, I would recommend you can start with Quad9 and OpenDNS Home. While neither of them provides everything that K9 did, but they still protect your system against most common online threats.


“We may think one layer of security will protect us – for example, antivirus. Unfortunately for that approach, history has proven that, although single-focus solutions are useful in stopping specific attacks, the capabilities of advanced malware are so broad that such protections inevitably fail.” – Jerry Shenk, Layered Security: Why It Works.

Making use of layered security for personal use is of the utmost importance as I have covered a couple of times in the past: here, here, and here. Just as I have done in the past, I will use this post to share another tool that you can explore to support your personal layered security strategy.

My never-ending curiosity to explore and test new technologies can sometimes lead me to stumble upon genuinely impressive solutions. Fortunately for you, I believe this tool falls into that category.

K9 Web Protection is the software that I have been testing for some months now, and I must say, I’ve been truly pleased with its results. The software falls under the Web Filter category, which places a restriction on websites that you can visit. Web Filtering is used in two major cases. The first is to permit parents to control the sort of content accessible to their children, offering their kids a safe environment to learn and explore online. The second is for businesses who wish to prevent their employees from accessing websites that do not pertain to their jobs.

However, in addition to the above-mentioned, from my experience using this software on a daily basis, I have come across other benefits:

  • Real-time malware protection“helps identify and block illegal or undesirable content in real time, including malware-infected sites. You also benefit from the WebPulse cloud service, a growing community of more than 62 million users who provide more than six billion real-time Web content ratings per day.”
    • You can learn more about web filtering and intelligence here.
  • Automatic content ratings“New websites and web pages are created every minute, and no one person can possibly rate or categorize all of them. To ensure protection against new or previously unrated websites, Blue Coat’s patent-pending Dynamic Real-Time Rating™ (DRTR) technology automatically determines the category of an unrated web page, and allows or blocks it according to your specifications.”

Another advantage of the K9 Web Protection is that it is backed by Blue Coat (acquired by Symantec in 2016),  the leader in Web Security “with an impressive portfolio of integrated technologies serving as a trusted platform to deliver Cloud Generation Security to more than 15,000 customers worldwide.”

This solution is truly an “enterprise-class security software designed for home computers.” Also, did I mention that it’s free! “As part of the Blue Coat Community Outreach Program, K9 Web Protection is free for home use. You can also purchase a license to use K9 Web Protection for business, government, non-profit, or other use.”

I will do a quick overview of the installation and usage of the software, but you can find a well-documented quick start guide and user manual here:

Installation and Usage Overview:

installk9

  • The installation process should take a couple of minutes to complete as it is self-explanatory.
  • Upon completion, the application’s interface will open in your browser:

K9_Browser_admin_page

  • To view or modify any of the configurations, you will be prompted to enter the password you created during installation.
  • Here are some of the options and details you can access from the Setup page:

k9_block_categories.PNG

  • Web Categories to Block: choosing one of the available levels allows you to block selected categories of websites.
  • Time Restrictions: 3 options are available to block web access depending on the time of day. Unrestricted places no restrictions on web access. NightGuard blocks all web access during contiguous blocks of time every day. Custom enables you to choose days of the week and time periods to block all web access.
  • Web Site Exceptions: Allows you to create lists of websites to “always block” or “always allow.” Blocking Effects: “Bark When Blocked” plays a barking sound when a web page is blocked. Make sure the sound is enabled and not muted. Show Admin Options displays options on blocked web pages which enable administrators to view the blocked web page. Enable Time Out allows you to block all web access if too many web pages are blocked in a given period of time
  • URL Keywords: Allows you to enter keywords which, if found in a URL, cause a “block page” to display. Safe Search: “Redirect to K9 Safe Search” will redirect searches to various search engines through K9’s Safe Search. This provides a safer search experience than other search engines provide. Force Safe Search will prevent users from disabling Safe Search functionality provided by various websites.
  • Other Settings: “Update to Beta” enables you to get advance copies of new K9 Web Protection software undergoing development. Blue Coat distributes Beta versions so that K9 gets used in “real world” environments before being released as a final version. Please note that Beta versions might be incomplete and less stable than final versions. “Filter Secure Traffic” enables K9 to block secure websites (i.e. sites that use the HTTPS protocol).
  • Password/Email: Allows you to change your K9 administrator password or e-mail address.
  • K9 Update: Installs software updates if available.
  • View Activity Summary: This tab shows a summary of all “Web Activity” on your computer: To view more details, click the “Category” or “Requests” links. On these pages, you have the option of grouping the data by month or by day. To view Administrative Events details, click the “View All” link. (Some of these activities are as a result of automatic browser and toolbar updates, for example, and might display URL formats with which you are not familiar.) By selecting “Clear Logs”, all your activity data will be cleared; however, three days’ worth of administrative events will be retained.k9_activity_summary

As you can see from the above, the information provided here is extremely granular and it allows you to not only get an easy view of your browsing behavior but also the behaviors of the various system and application components. I have been using this solution in conjunction with other traditional protective mechanisms, such as anti-virus, and the benefits have been massive.

For instance, sometimes, while surfing the internet, I would see a certain URL get blocked or a visit history to a certain category in a website without a recollection of visiting that website. However, after investigations, I found that some components of a software installed on my computer or an extension in my browser is the reason behind that activity.

“The malware ecosystem has changed drastically in the past 10 years, to the point that the old precautions are just no longer enough” – Malwarebytes LABS. I have been using K9 Web Protection on many of my personal computers because I have been impressed with it, so I thought to share it here. I believe it provides that extra layer of protection that we can all appreciate in a world where cyber threats are on the rise. In addition, I believe this solution is a wonderful option for those that are less familiar with common cyber threat vectors (i.e. parents) and can easily fall for phishing emails or click on an adware as they browse the internet.

As we have known for some time, “there is no single solution for the information security problems we face today. A combination of many different kinds of security tools is required to protect you from modern threats…” and I believe K9 Web Protection is among the best tools we have today, so you should definitely equip yourself with it if you are going to create a safe web environment for yourself, your kids, your employees, and everyone around you!

 


Tagged , , , , , , , , ,

Start-up Security Guide – DIY Style no

photo-1585144499819-651e1c1c97ec

Inspired by this blog by Isaiah Sarju and this presentation given during the 2017 Denver Startup Week, I am sharing my own version: A DIY (do it yourself) Cybersecurity Guide for Startups!

This guide includes some of my favorite resources that I believe can serve as a great starting point for founders to use and build a strong security foundation for their startups.

Please make sure you check-out Isaiah’s post and the Denver presentation above; both of these are extremely thoughtful and valuable pieces!

Category Resources
Start Here Security Planner, DIY Cybersecurity, Take-Five (financial fraud focus), APWG, SSD
Multi-Factor Authentication Availability TwoFactorAuth
Password Manager Quick Guide, Password Strength Test, Identify Compromised Account
Browser Extensions Privacy Badger, HTTPS Everywhere,
Application Security OWASP, Checklist/EBooks, Secure Coding Course, DIY Hack
Sensitive Info Sharing Wire, Wire’s Audit, Signal, Signal’s Audit
System Encryption PC, MAC: Src1, Src2 Portal Media: Src1, Src2
OS Update PC, MAC
VPN Background, Comparison
Separate Work & Personal on a Budget VirtualBox, VMWare Player, Workstation Pro, MAC Fusion, Trial Virtual Machines, Live OS
The principle of Least Privilege Windows 10, Windows 7, MAC OS
Backup Everything PC, MAC
Who’s Watching Privacy Screens, Webcam Covers
Prevent Accidental Data Exchange SyncStop
Report Abuse / Take Down Request AWS, Azure, Google Cloud, Salesforce, Cloudflare
Check/Request Domain Category Google, Windows Defender, Norton, Symantec, McAfee, Palo Alto, Web of Trust
Internet Crime Complaint Center IC3
Public Security Page Security Page
Phishing Report APWG
Security Education/Awareness Stop.Think.Connect, Interactive Game, Safe Online,
Sector-based Information Sharing and Analysis Centers ISACs
Cyber Readiness Index by Country CRI

Report Google: to report an incorrect marked page as phishing to Google: https://safebrowsing.google.com/safebrowsing/report_error/?hl=en

If you found this helpful please let me know by sending me your comment and feedback below!

I plan to keep this a live list so if you know of a resource that is not already listed but will benefit others, feel free to share and I will make sure to include it!

Also, as you may know, Phishing remains as the most common tactic used by attackers to compromise both companies and individuals.
“Three out of ten people will open a phishing email while one of those will proceed to click on the link, possible infecting not only their own computer but the whole firm”. – Ref.

As part of this post, I am offering a practical, hands-on training on how you can triage and respond to Phishing attacks to protect yourself, your employees and ultimately your company.

Complete the form below and let me know if you would like to learn more!

Tagged , , ,

Meltdown and Spectre

I am sure by now you have heard/read/watched about these two security vulnerabilities: Meltdown and Spectre. However, if you have not, here is a good place to start: A Simple Explanation of the Differences Between Meltdown and Spectre

In a nutshell, almost all of the major technologies are affected: Apple, Microsoft, Intel, Amazon, ARM, Google, RedHat, VMware, SUSE and more.

What you need to do:

  • Identify the affected technologies in your environment and if you have not already received advisories from those vendors, contact them for updates and guidance.
    • Start with the anti-virus (AV) vendor. The reason you need to start with them is that due to the special nature of these vulnerabilities, your anti-virus (AV) technology needs to be updated before Microsoft patches can be applied. Microsoft is pushing updates to only those systems that are running a compatible version of anti-virus.
    • You can check the status of your AV using this Google Doc thanks to @GossiTheDog https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
  • Applying these patches will impact the performance of the CPU. The level of impact varies based on your system configuration and capacity, however, there have been reports of 15-30% performance impact. For this reason, it is important that you accommodate for the performance hit before pushing updates.
    • To limit the performance impact of unplanned patching, Microsoft has added a manual step. After the patch is installed, you need to manually enable a registry key. Without updating the registry key the system remains vulnerable; Reference.
  • Microsoft has released KB4056892 patch for Windows 10. Patches for Windows 7 and 10 are expected to be released on January 9th.
  • All of the commonly used browsers are also affected. However, patches for some of these are already available and are expected to be released for others soon: Firefox, Safari, Chrome.
    • In case of Chrome version 63 (released in Decmber 2017), there is the option to enable Site Isolation feature. This feature can be enabled by entering the following in Chrome: chrome://flags/#enable-site-per-process; Reference.

In summary, here are the steps:

  1. Contact technology vendors and review their advisories
  2. Plan in advance for any performance impact
  3. Apply patches in the development environment first and test!
    • it is important to deploy patches in accordance with your AV’s recommendation. There are public reports of the system crash (BSOD) due to incompatible AV.

As of this writing, following CVE identifications have been assigned: CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. These can be used to track remediation efforts.

This is a developing story and it is advised that you closely monitor communications from your technology vendors.

Additional references:

Tagged , ,

Physical Drive Image With Plugable USB Hub

The other day I was trying to image a physical 250GB desktop hard drive using FTK Imager but I continued to get the following error under status: Failed: The specified network name is no longer available. This was the first time that I received this error so first I was not sure what caused it. Here was my setup:

The error was little random in that it would fail at different places – anywhere between 2% – 13%. My first thought was that the docking station was bad; so I took out my WiebeTech write-blocker and attempted to image the drive again. But I received the same error at 6%. At this point, I knew that the docking station was fine and that the problem had to be with either the FTK Imager software, Windows Server 2012 (my first time using Server 2012 during imagining) or the USB hub. I decided to start with the hub; I unplugged the docking station from the hub and connected it directly to the server’s USB port – skipping the hub completely. I started FTK Imager and began the imagining process – and to my surprise, the imaging completed without any errors!

From the 7 ports provided by the hub, only one port was being utilized (connected only to the docking station) eliminating the possibility of the overwhelmed hub. In fact, the hub worked fine when I copied large operating system .iso files from an external hard drive to the server. So, I am not sure where the problem is the hub but in this situation, I was unable to image a relatively small hard drive due to this hub.

Tagged , ,
Advertisements