Tag: Password

10 Cybersecurity Myths

· Leave a comment ·

Myth1.png

A new infographic by Varonis, titled “10 Cyber Security Myths Putting Your Business at Risk” identifies what is the myth and what is the reality. If you are like most small business owners, you probably aren’t a digital security expert. So, having a look at this infographic may be the best way to identify weaknesses in your security protocol.

With small businesses increasingly becoming targets of cyber-attacks, it is extremely important for owners to stay abreast of the latest developments in digital security.

On the official Varonis blog, Senior Director of Inbound Marketing Rob Sobers writes, “The proliferation of high-profile hacks in the news cycle often tricks small- and medium-sized businesses into thinking that they won’t be targets of attack.”

But this may not be the case, Sobers warns. Staying in the know makes it much harder for you to fall victim to the relentless attacks by cybercriminals.

Sobers ads, “If you or your employees believe any of the myths below, you could be opening up your business to unknown risk.”

strong-passwords-myth

The number one myth listed on the new infographic? ‘A strong password is enough to keep your business safe’. Although a strong password is important — and certainly better than ‘Admin1234′ — you need to do more.

Having a two-factor authentication and data monitoring adds another level of protection. And adding this layer of protection is in many cases enough to drive the average hacker to look for easier targets.

small-businesses-hacked-myth

Another myth listed on the infographic? “Small and medium-size businesses aren’t targeted by hackers. This is obviously false because hackers are opportunists who will target anyone as long as they can benefit from it. And small businesses are not excluded from this.

The 2018 Verizon Data Breach Investigations Report has revealed 58 percent of data breach victims are small businesses, so the idea the size of your business might exclude you is definitely a myth.

Cybercriminals hack computer systems for a variety of reasons. Once they breach your security, they could use it to launch a DDoS attack, use your IP address for other nefarious purposes and more.

industries-vulnerable-hacking-myth

Much like some businesses believe they won’t be attacked because of their size, other businesses wrongly assume that they won’t be attacked because of the industry they’re in. This myth also goes hand-in-hand with the belief that some companies don’t have anything “worth” stealing. The reality is that any sensitive data, from credit card numbers to addresses and personal information, can make a business a target.

What’s more, even if the data being targeted doesn’t have resale value on the dark web, it may be imperative for the business to function. Ransomware, for example, can render data unusable unless you pay for a decryption key. This can make attacks very profitable for cybercriminals, even if the data is deemed “low value.”

anti-virus-myth

Anti-virus software is certainly an important part of keeping your organization safe — but it won’t protect you from everything. The software is just the beginning of a comprehensive cybersecurity plan. To truly protect your organization, you need a total solution that encompasses everything from employee training to insider threat detection and disaster protection.

insider-vs-outsider-threats

While outsider threats are certainly a concern and should be monitored extensively, insider threats are just as dangerous and should be watched just as closely. In fact, research suggests that insider threats can account for up to 75 percent of data breaches.

These threats can come from anyone on the inside, from disgruntled employees looking for professional revenge to content employees without proper cybersecurity training, so it’s important to have a system in place to deter and monitor insider threats.

IT-cybersecurity-responsibility

While IT has a big responsibility when it comes to implementing and reviewing policies to keep companies cyber safe, true cybersecurity preparedness falls on the shoulders of every employee, not just those within the information technology department.

For example, according to Verizon, 49 percent of malware is installed over email. If your employees aren’t trained on cybersecurity best practices, like how to spot phishing scams and avoid unsafe links, they could be opening up your company to potential threats.

public-wifi-password-myth

If your business has employees who travel often, work remotely or use shared workspaces, they may incorrectly assume that a password keeps a Wi-Fi network safe. In reality, Wi-Fi passwords primarily limit the number of users per network; other users using the same password can potentially view the sensitive data that’s being transmitted. These employees should invest in VPNs to keep their data more secure.

computer-infected-myth

A decade or so ago it may have been true that you could tell immediately if your computer was infected with a virus — tell-tale signs included pop-up ads, slow-to-load browsers and, in extreme cases, full-on system crashes.

However, today’s modern malware is much more stealthy and hard to detect. Depending on the strain your computer or network is infected with, it’s quite possible that your compromised machine will continue running smoothly, allowing the virus to do damage for some time before detection.

BYOD-security-myth

Employees often assume that their personal devices are immune to the security protocols the company’s computers are subjected to. As such, Bring Your Own Device (BYOD) policies have opened up companies to the cyber risk they may not be aware of. Employees who use their personal devices for work-related activities need to follow the same protocols put in place on all of the network’s computers.

These rules aren’t limited to cell phones and laptops. BYOD policies should cover all devices that access the internet, including wearables and any IoT devices.

cybersecurity-preparedness-myth

Cybersecurity is an ongoing battle, not a task to be checked off and forgotten about. New malware and attack methods consistently put your system and data at risk. To truly keep yourself cyber safe, you have to continuously monitor your systems, conduct internal audits, and review, test, and evaluate contingency plans.

Keeping a business cyber safe is a continuous effort and one that requires every employee’s participation. If anyone at your company has fallen victim to one of the myths above, it may be time to rethink your cybersecurity training and audit your company to assess your risk.

cybersecurity-business-myths-inforgaphic

Source: Varonis, Smallbiztrends

FortiGate Firewall Admin Credentials lost

· 5 Comments ·

Resetting a lost admin password:

Periodically a situation arises where the FortiGate needs to be accessed or the

Admin account’s password needs to be changed, but no one with the existing

password is available. If you have physical access to the device and a few other

tools then the password can be reset.

Warning:

This procedure will require the reboot of the FortiGate unit.

You need:

• Console cabel

• Terminal software such as Putty.exe (Windows) or Terminal (Mac OS)

• Serial number of the FortiGate device

 Step-1: Connect the computer to the firewall via the Console port on the

back of the unit.

In most units this is done either by a Serial cable or a RJ-45 to

Serial cable. There are some units that use a USB cable and

FortiExplorer to connect to the console port.

                                                       Console cable

Virtual instances will not have any physical port to connect to so

you will have to use the supplied VM Hosts’ console connection

utility.

Step 2: Start your terminal software.

Step 3: Connect to the firewall using the following:

Step 4:

The firewall should then respond with its name or hostname. (If it

doesn’t try pressing “enter”)

Step 5:

Reboot the firewall. If there is no power button, disconnect the

power adapter and reconnect it after 10 seconds. Plugging in the

power too soon after unplugging it can cause corruption in the

memory in some units.

Step 6:

Wait for the Firewall name and login prompt to appear. The

terminal window should display something similar to the following:

FortiGate-60C (18:52-06.18.2010)

Ver:04000010

Serial number: FGT60C3G10016011

CPU(00): 525MHz

Total RAM: 512 MB

NAND init… 128 MB

MAC Init… nplite#0

Press any key to display configuration menu

……

reading boot image 1163092 bytes.

Initializing firewall…

System is started.

<name of Fortinet Device> login:

Step 7:
Type in the username:
maintainer

Step 8:

The password is
bcpb + the serial number of the firewall (letters of

the serial number is in UPPERCASE format)

Example:

bcpbFGT60C3G10016011

 Note:

On some devices, after the device boots, you have

only 14 seconds or less to type in the username and

password. It might, therefore, be necessary to have the

credentials ready in a text editor, and then copy and paste

them into the login screen. There is no indicator of when

your time runs out so it is possible that it might take more

than one attempt to succeed.

Step 9:

Now you should be connected to the firewall. To change the admin

password you type the following…

In a unit where vdoms are not enabled:

config system admin

edit admin

set password <psswrd>

end

In a unit where vdoms are enabled:

config global

config system admin

edit admin

set password <psswrd>

end

Warning:

Good news and bad news. Some might be worried that there is a backdoor into

the system. The maintainer feature/account is enabled by default, but the better

news is, if you wish, there is an option to disable this feature. The bad news is

that if you disable the feature and lose the password without having someone

Else that can log in as a superadmin profile user, you will be out of options.

If you attempt to use the maintainer account and see the message on the

console,PASSWORD RECOVERY FUNCTIONALITY IS DISABLED“, this

means that the maintainer account has been disabled.

Disabling the maintainer feature/account

Use the following command in the CLI to change the status of the maintainer

Account

To disable

config system global

set admin-maintainer disable

end

To enable

config system global

set admin-maintainer enable

end

Source: Fortinet

McAfee ePO not allowing administrator login after password change

· 2 Comments ·
In our organization, McAfee ePO server has been running fine until a couple of days ago. We’ve experienced a turnover in IT personnel and I have been changing different administrator names\passwords as part of security practice. After required changes done, restarted all the servers. Everything was fine except McAfee ePO web portal; I was not able to login.

It’s throwing below given errors:

DataChannel – Dependency scheduler had initialization error

LYNXSHLD1510 – dependency EPOCore had initialization error

AvertAlerts – Dependency scheduler had initialization error

Image- 1
Image- 1

All the errors were initialization errors.

SOLUTION:

Check the SQL DB connectivity with McAfee ePO; open your browser and type https://ServerName:8443/core/config

Log on with ePO credentials. (See Image-2)

epo-1
Image- 2

Type new user name and passwords, click “Test Connection”

Click Apply, if the test is successful.

Restart your ePO server, that’s it.

 Happy computing!!

Source: McAfee

Where You’ll Get Hacked [infographic]

· Leave a comment ·

Where You’ll Get Hacked [infographic]

People complain that they want privacy, and then they put all their information up on Facebook. Thus, hacking is ultra-easy. I have seen teenagers post pictures of their first credit card, then a month later their new college student I.D. These kids are so excited to have signs of growing up, but as we grow up our lives need to be more private to guard from hackers. Now I am a culprit of being very relaxed about my online privacy, meaning, I have the same password for multiple sites, I use my high school name as my clue, and the name of my high school is on Facebook somewhere. We may not worry about identity theft as much as physical property theft because it isn’t as scary and face to face as an actual robbery, but it is a digital robbery, identity theft can be life damaging. 

According to the  Global Security Report, cyber-security threats are increasing as quickly as we can implement measures against them. Hackers have lots of different ways to steal your private data and information. And the main reason why hackers go after your personal information is identity theft! Over the past year, there have been roughly 12.6 million victims of identity theft – or, to put it into perspective, one victim every three seconds.  No matter how safe you think you’re being online, chances are you’re making at least a few mistakes that compromise the integrity of your personal information.

To protect yourself, check out the “Where You’ll Get Hacked” infographic for more information on how hackers get a hold of your data, how you can detect their attempts and how to protect yourself and your financial future.

To see the enlarged version, click on the graphic.

where-you-will-get-hacked-infographic8001

Source: hotspotshielddailyinfographic

Safer Internet Day 2014

· Leave a comment ·

Safer Internet Day (SID):

Safer Internet Day (SID) is organized by Insafe in February of each year to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.

Safer Internet Day 2014 was celebrated on 11 February 2014, with the strapline of “Let’s create a better internet together”.  The day was a great success.

Like any observance day, Safer Internet Day also promises lot of opportunities to making the cyber space a very positive and creative tool for each Netizen.

Safer Internet Day was initiated by the European commission and in due time the whole world has embraced the concept and stated observing globally. DISC Foundation (Developing Internet Safe Community) is the formal committee to observe this event in India.

SID-2014

ABOUT SAFER INTERNET DAY:

Over the years, Safer Internet Day (SID) has become a landmark event in the online safety calendar. Starting as an initiative of the EU SafeBorders project in 2004 and taken up by the Insafe network (www.saferinternet.org) as one of its earliest actions in 2005, Safer Internet Day has grown beyond its traditional geographic zone and is now celebrated in more than 100 countries worldwide, and across all continents.

From cyber bullying to social networking, each year Insafe aims to be at the forefront of emerging online issues and chooses a topic reflecting current concerns. For SID 2013 we focused on online rights and responsibilities, as we encouraged users to ‘connect with respect’. For SID 2014, the focus will be on “Let’s create a better internet together“.

Insafe, a network set up within the Safer Internet Programme

In 1999, the European Commission (EC) created the Safer Internet Programme, with the aim of promoting safe, responsible use of the internet by children and young people, and protecting them from illegal and harmful content and conduct online. The programme is managed by the Directorate General for Information, Society and Media and highlights the shared responsibility of NGOs, educational establishments, law enforcement bodies, industry and families in online safety initiatives across the European Union member states. In 2004, the Insafe network was set up to spearhead awareness activities within the Safer Internet Programme.

View the 2014 SID video spot here…

To find out more about Safer Internet Day and how it started, watch this video: 

How to protect yourself:

  •        Don’t use your personal information like birth date as your password or user ID
  •        Don’t use, easy security question others can be guessed for password recovery option.
  •        Don’t leave passwords for plain view like notebooks, or on the desktop of your computer.
  •        Don’t use the same password for multiple sites.
  •        Do create a strong password which is more than 8 characters long with a mix of capital letters, numbers and signals.
  •        Do check for the address of the website before you enter your financial information. Often crooks use fake sites with a slightly different domain name to cheat people.
  •        Do stay away from illegal activities like watching pornography. Watching child pornography will invite swift action from the authorities that may land you in prison.
  •        Do not install free unknown software in your computer. The software may be useful for all the purposes it was intended, but it can be a spyware too. Your personal information and data can be sent to distant                  servers by this kind of spyware.
  •        Above all, be a responsible Netizen. Remember that all the laws which are applicable in the real world are applicable in the cyberspace too. There is no real anonymity for your actions in the internet.

And while SID 2014 have now passed, Safer Internet Day 2015 date is now set for Tuesday, 10 February 2015 – mark the date in your diaries, and keep checking for the latest information.

 Wish you all the best and hope

 Enjoy your life online, Stay safe, and Stay in control

Source: saferinternetdaysaferinternet, saferinternetday.indiscfoundation