SSL (Secure Socket Layer) comprises encrypted communication protocols that provide secure communication on the Internet.
by Osvaldo Callegari*
Various versions of protocols are distributed in different applications such as browsers, emails, Internet fax, instant messaging and voice over voIP ip.
TLS (Transport Layer Security) gave rise to SSL as a draft of security traces.
These standards generated by IETF (Internet Engineers Group) allow encryptions over network segment connections using the TL transport layer, which use asymmetric cryptography for key exchange and a symmetric encryption algorithm for privacy. The messages carry authentication codes for their integrity.
It is possible to talk more than an hour of SSL, when we thought it was invulnerable it proved otherwise. In today's technological world, the last word is never said, it is clear that the measures one adopts do not always remain unchanged. Security in communications is an exact analogy with antivirus, since we have to be constantly updating it to avoid new threats.
Phishers on the phone!
Cell phone technologies are advancing day by day, so phishers (cyber scammers) are also looking for various means to exploit vulnerable cell phones.
The two key areas in which we can observe this trend are, firstly, the increase in phishing against WAP (Wireless Application Protocol) pages and secondly, the use of domain names that have been registered for mobile devices with dual intent.
Many legitimate brands have designed their websites for cell phones or WAP pages. The difference between a WAP and a normal web page is that the WAP page uses a small size of files and graphics. This is done for the screen compatibility of the phones and also to achieve higher browsing speeds while the user is on the go.
Symantec, for example, identifies phishing or spoofing pages and has closely followed this trend. The tendency to phishing is frequently observed in social networks and information service brands.
In this example shown above, the phishing page consists of nothing more than a form asking users for credentials (This is a typical design created for cell phones). When the victim enters the required information, the phishing page is redirected to the WAP page of the legitimate brand, in the middle he keeps the access information. The phishing site in this case was hosted on a free page hosting site.
Domain names used for websites accessible via mobile devices typically have a top-level domain (TLD) called ".mobi". These domain names are compromised and used by phishers to host various phishing sites.
In the last six months, about 65% of such sites were fake. Its main focus was on companies in the banking sector, while 19% were in the e-commerce sector and the rest were in PSI, social networks, and information services sectors.
The main reason for phishers in these attacks remains identity theft. Manipulating cell phone users is just one part of a new strategy to achieve the same result with the ease of being mobile and is more vulnerable to changes since you have to pay attention and not always outside is possible.
On a large scale, malware attacks use URL shortening services (web page names). Spammers have long been seen abusing URL shortening services on a large scale, for example:
An attack is perpetrated on at least five different short-page sites. The message claimed to be from an interbank transfer of funds, claiming that a transfer had been canceled and the reason was to find out why the transfer was canceled, one of the beneficiaries was encouraged to click on a link that supposedly points to a PDF file, but actually points to a reduced URL page. This address then redirects to a site with hidden advertising and threats.
The process can be seen in the figure below
The explosion of popularity of blogging micro-services and social media updates has led to a huge increase in the number of short-address sites. The simple and anonymous nature of these sites allows spammers (junk generators) to easily create thousands of links that are then included in your spam in an attempt to evade URL-based spam blocking.
Tips and best practices for companies
1. Use defense strategies in depth. Emphasize the implementation of multiple systems to protect against a single point against failures of any technology or defensive method. This should include the deployment of firewalls with regular updates as well as antivirus for Gateways and intrusion detection,
2. Monitor threats and potential vulnerabilities. Monitor network intrusions, propagation and other attempts of suspicious traffic patterns, identify connections that attempted to generate contact with malicious sites. Receive alerts of new vulnerabilities and threats through active platforms.
3 Tracking brand misuse through alert and domain reports of the fictitious site.
4. Antivirus on endpoints. Signature-only antivirus is not enough protection against current threats.
5. Implement additional layers of protection. Endpoint intrusion prevention, which protects against vulnerabilities without the need for patches.
6. Consider cloud-based prevention of malicious software to provide proactive protection against unknown threats and Web-based files.
7. Configuration of control applications that can prevent downloads of unauthorized malicious content from going to the applications. Device control settings that prevent and limit the types of USB devices to be used. Using encryption to protect sensitive data: Apply and enforce a security policy whereby sensitive data is
Encrypted.
8. Access to sensitive information should be restricted. This should include Data Loss Protection (DLP), which is a system for identifying, monitoring, and protecting data. Use Data Loss Prevention to help prevent data threats: Implementing a DLP solution monitors sensitive data and protects it from loss.
9. Implement a removable media policy. When practical, restrict unauthorized devices, such as external laptops from hard drives and other removable media. Such devices can introduce harmful effect, as well as facilitate the damage of intellectual property.
10. On external media devices, virus scanning should automatically be performed when connecting to the network and using a DLP solution to monitor and/or restrict the copy of sensitive data to be encrypted on external storage devices.
11. Update your security measures frequently and quickly. More than 286 malware variants were detected by Symantec in 2011, companies must update virus definitions for security and intrusion prevention, at least several times a day.
12. Be aggressive in your update and patches. Update browser versions periodically.
13. Apply an effective password policy. Make sure passwords are strong, at least 8-10 characters long and include a mix of letters and numbers. Encourage users to avoid reusing the same passwords on multiple Websites and sharing passwords with others should be prohibited. Passwords must be changed
regularly, at least every 90 days. Avoid typing passwords.
Money laundering as a result of phishing
Currently fictitious companies try to recruit teleworkers through e-mails, chats, IRC and other means, offering them not only to work from home but also other juicy benefits. Those who accept the offer automatically become victims who incur a serious crime without knowing it: the laundering of money obtained through the fraudulent act of phishing.
In order for a person to register with this class of companies, they must fill out a form in which they will indicate, among other information, their bank account number. This has the purpose of entering into the account of the worker-victim the money from bank scams carried out by the phishing method. Once hired, the victim automatically becomes what is commonly known as a mule.
With each fraudulent act of phishing the victim receives the large deposit in his bank account and the company notifies him of the fact. Once this income is received, the victim will keep a percentage of the total money, being able to be around 10%-20%, as a work commission and the rest will be forwarded through money transfer systems to accounts indicated by the pseudo-company.
Given the ignorance of the victim (often motivated by economic need) he is involved in an act of important fraud, and may be required by the justice prior complaint of the banks. These complaints are usually resolved with the imposition of returning all the money stolen from the victim, ignoring that he only received a commission.
BOX
Consultations
Fernando writes to us, who read the previous article Remote Access Tools II with a question about Teamviewer.
Subject: Query for the note "Remote Access Tools (II)"
Question: Hello, my name is Fernando and I found very interesting and useful the note that I describe in the subject of the mail. But I have a doubt.
Since it is not necessary to configure ports to allow remote connection. How can I prevent users on my internal network from connecting remotely with this software? It is company policy to restrict remote access, in all its variants, including this one. What do I have to deny in the proxy/firewall to disable access to the internal network? thanks!
Fernando.
Answer: Dear Fernando: By default TeamViewer uses the output port 80 http for which the configuration in the firewall is not necessary, the other port it usually uses is 5938 by TCP for outgoing connections. Best regards.
For secure authentication it is necessary that the applications are signed, this will be the subject of a later chapter.
The brands and products mentioned are registered brands and products of their own companies. Reference sources Symantec, Netscape, Teamviewer, Wikipedia.
* For inquiries or concerns with the author write to: [email protected]
Leave your comment