5G Networks - Is 2019 Too Early To Hop On?

This last weekend saw a flurry of early-bird announcements ahead of CES 2019 (Jan 8-11) in Las Vegas. And the incoming 5G cellular network is certainly catching a fair share of attention. One question we are asked more-and-more often is: “Should I get a new 5G phone this year?”

We are fairly comfortable in recommending that people not get too excited about the 5G rollout in our area. Why? Because the technology will start in just a handful of the biggest Metro areas, and it will not be “full fledged” 5G anyway.

From all the marketing we have seen during the last year this advice may seem conservative, but the reality of the situation is quite different from the marketing.

5G is a very short-range technology and will require many, many more towers than are currently in place to give coverage to the same geographic area.

5G is actually a “suite” of technologies, which will not be fully rolled out in the beginning. Some areas will see services sooner than others, and service will suffer as a result. (not just the perception of service)

5G will be expensive to implement, and that cost will be passed on to the consumer. As with any advance in service, it is always hoped the consumer will be willing to pay “a little more” for the improvement. That, coupled with the extra cost for the electronics in the mobile phone (maybe $200 over the equivalent 4G LTE capable phone), will mean more than just getting a new phone to enjoy the benefit of the new service.

So our advice is to sit 2019 out unless you are spending a lot of your time in the prime locations for the initial rollout. And if you are going to bite the bullet, be sure to do a little research on interoperability between carriers in your area. It looks as if each carrier is implementing their own flavor of 5G, which will limit your service even further.

Apple’s Mojave Released This Week

For those of us that use the Mac platform, this week sees the release of the newest version of the Mac operating system - Mojave.   While the Mac hardware platform enjoys a 7 year support term from the OS, this most recent upgrade narrows the range slightly to 6 years (2012 models and newer).  This has more to do with hardware release cycles and supported hardware rather than a purposeful shortening of the support term.

This upgrade focuses more on under-the-hood improvements rather than introducing a slew of newest features across the board.   Having said that, one of the new features receiving attention is “Dark Mode.”  Many users have requested the feature for years, and other platforms have employed it in their own ways. Third-party apps will need updates to take advantage of the mode, so check for updates regularly.

The Finder has a new addition, once reserved only for the Dock: Stacks.   This feature should go a long way toward helping us to keep our desktop a little less cluttered.  Just as we tend to create piles of papers on our physical desk and know exactly where something should be in the pile, Stacks will keep files in similarly organized piles on our desktop.  There are several default ways to customize how the files are stacked.

Marzipan is a completely new addition, starting to bridge the span between iOS and macOS.  Launching with a small handful of apps (Home, News, Stocks, and Voice Memo) Apple has enabled the initial use of these iOS apps on the desktop platform.  

For users running High Sierra or Mojave, booting into Recovery Mode has an added perk often overlooked:  if you install an update that causes instability, you can boot to Recovery Mode and enter Time Machine to select a previous snapshot you know is stable.  This is one of the benefits of moving to the newer APFS file system.

As always there are a few not-so-good changes for some users.  Notably, 32-bit app support and Apple Server.  For 32-bit apps you will be reminded at their first start, and on regular monthly intervals, about their lack of compatibility. (Encouraging you to find updates, or newer apps that are supported)  

For the fans of Apple Server and it’s GUI interface for many services… the list has considerably shrunk down to only 3;  Profile Manager, Open Directory, and XSAN.  Several of the other services have already migrated to the standard OS and are not lost.  But some will require command line use, or a complete move to third-party products if you prefer a GUI interface.  (Mail, DNS, Calendar, Wiki, etc…)

Fortunately, most current applications used on today’s Macs are very well supported in Mojave if you have already been using them under High Sierra.  

Smart Devices In The Workplace

Smart Devices are making their way from homes into the workplace.   Universities and corporations have already had to make rules and restrictions early on, because those devices are more ‘open’ to the network and interaction.

As a small-to-medium sized business you might find some products very attractive; connected thermostats you can remotely control and monitor for instance.  But, even inside your workplace network, they could be a source of problems.  Here are a few steps you can take to help minimize risks.

Wireless Networks

Many of these devices connect wirelessly, which is a great convenience since many locations will not have an ethernet cable close.  But you want to make sure you create a separate, segregated wireless network (SSID) for those devices.  Segregating them from the rest of your network and your more sensitive data.  And make sure not to share that password with anyone.  By not giving out the password nobody can inadvertently connect their laptop/phone to that network.

For larger companies which have access to professional I.T. support, further segmentation through switches and routers can easily be achieved.  They often don’t need much bandwidth either, so meter them accordingly just in case. 

Passwords

We all cringe when the topic of passwords comes up in a conversation like this, because we all know we have been (or are) lax in in following the sound advice we repetitively hear.

When creating passwords for our connected devices (and wireless networks) it would be best not to reuse or recycle passwords.  

Create a whole new set for these devices, that belong to them alone.  At one time it was thought that a password of reasonable length (8-12 characters) with symbols/numbers/Caps was very good.  Now we know that a password that is more of a phrase, or a memorable list of common words put together, has all the good qualities of the non-memorable complex password… and is far easier to recall. 

On a final note:  you MUST change the factory default password.  Not changing is practically an open invitation for access.

Password Managers

Whether you develop your own password, or let a random generator give you something good, using a Password Manager can really simplify the process of accessing your device when you need to.  There are a handful of paid and open-source managers in wide use which are very secure.  Sure, some have had issues in the past, but they get patched when found.   They are still better than keeping your passwords on a scrap of paper under your keyboard, in your desk drawer, written on the underside of your mouse, etc.

**Keeping Software/Firmware Up-To-Date**

This may be the most often overlooked practice for any and all devices at your company.  Printers seem to work just fine with years-old firmware.  Wireless access points often do too. Your switches never seem to drop a packet since they were installed 5 years ago.  The BIOS for your computer…"wait, what exactly is the BIOS?”, you ask.  “Doesn’t Windows update that?” 

The list goes on.   And even then, since devices need a reboot after the update, there never seems an easy time to do it and not interfere with workers and the network.

Set a reminder in your calendar to check on these periodically.  How often? 

I’d recommend that for these newer connected devices, checking every 3 months would be a good idea.  Likely there will be several updates  in the first year since they are new to the market, and many may revolve around security as well as features.   Switches and printers can be less often due to their long history of production.  Save the links to the respective support sites so you can easily get back there with only a click.  The easier you make it on yourself the first time will help you keep on top of it in the months to come.  Same advice goes for your mobile phones.  When the app notifies you of an update, do it right then.  We all forget to go back an hour later when we tell ourselves it’ll be more convenient. 

 

In closing I might offer that that best intentions don’t translate to best practices.  Intending to do something just doesn’t get the job done in the end.

The New WPA3 Protocol

To answer a question posed by a client and probably of interest to many: WPA3 was announced recently by the Wi-Fi Alliance. And while this enhanced protocol is a great step forward for security, it will be a year or two before we start seeing it widely rolled out.

The new protocol is in line with the highest security standards and is fit for use by the average consumer, all the way up to government/defense levels. 
An additional feature in the protocol will give us robust security even when 'weak' passwords are used. 
This isn't meant to be an excuse for using weak/common passwords, but for those who do there is now additional protection.
**This last feature will be especially useful for those who travel and use public internet. (coffee shops for instance)**

The long used WPA2 protocol will still be in place for years to come, updated and enhanced as vulnerabilities are found. 
Unfortunately, it isn't likely existing equipment will be/can be updated to support the protocol. The capability probably isn't there for the vast majority of devices, and manufacturers will focus on the certification for new equipment.

U.S.A. To Consider GDPR Style Privacy

U.S.A. version of GDPR may be in the works according to a report by AXIOS. A member of the White House National Economic Council has met with industry groups to discuss possible ways to implement protections for personal data. Among the options being discussed are: An Executive Order directing Agencies to develop a framework and guidelines. And/Or a set of policies/laws endorsed by the White House and Congress.
Regardless of the implementation, it is clear that Europe's GDPR rollout has triggered this conversation Nationwide with some States considering various rules and Acts of their own. 
While we wait to see if Congress chooses to create laws governing privacy, it seems that a majority of Americans are in favor of protections similar to GDPR.

Windows 10 "April Update" Feature of Interest: High DPI Displays.

Users with high DPI displays (4K for instance) have found it a challenge for the last couple of years. Scaling of windows and fonts was hit or miss, and using an external display with a different resolution could be aggravating for laptop users. Now, with the April Update, Windows 10 helps find solutions for these problems. When developers of apps have yet to update their apps, Windows will now prompt you and assist you in adjusting settings to hopefully resolve the issue.

The Internet's Fastest, Privacy-First DNS Resolver

"Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads.", says Cloudflare.

Starting April 1st, Cloudflare has a new, open,  offering:  a new DNS service that promises fast resolution as well as private requests.  Never selling your data, or logs of your information.  Going even a step further, they have retained a third party to audit their system, helping to ensure our trust in their service. 

Check out more here:  https://1.1.1.1

 

 

SOPHOS's own James Lyne was featured on the NBC Today show.

James shows how data breaches take place through the eyes of the attacker and how businesses of all sizes and types can improve their protection.   Follow this link to view the video.  https://www.today.com/video/anatomy-of-a-hack-cybersecurity-expert-shows-how-it-s-done-1171553859582?elqTrackId=fde2096c82db43f0a60816931b2149d2&elq=7aea53f2a69942f4bf0dc0c5b3b384ab&elqaid=3579&elqat=1&elqCampaignId=27989

Remedium Systems endorses and employs the SOPHOS suite of security products.   Contact us for additional information and to setup a demonstration. 

New Home Protection Product from SOPHOS

In the next few days SOPHOS will officially announce the new Home Premium product.  This will allow home users to enjoy the same protection at home, with the same trusted Sophos security they receive at the office, with Sophos Home Premium. 

SOPHOS has offered a free version of their product line for home users for many years.  This Premium version will offer advanced capability, at an extremely low cost, for up to 10 users. 

Benefits will include:

  • Parental web filtering to protect children from unwanted content
  • Advanced real-time protection from the latest ransomware
  • Privacy protection to block access to webcams, mics, and keystrokes
  • Easy remote management for up to 10 devices: Mac and PC

Keep watching our site for updated information as this product becomes available.

Adobe Flash Player Zero-Day Exploit Spotted in the Wild

Another reason to uninstall Adobe Flash Player—a new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers.

South Korea's Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea.
Simon Choi of South Korea-based cybersecurity firm Hauri first reported the campaign on Twitter, saying the North Korean hackers have been using the Flash zero-day against South Koreans since mid-November 2017.
Although Choi did not share any malware sample or details about the vulnerability, the researcher said the attacks using the new Flash zero-day is aimed at South Korean individuals who focus on researching North Korea.

Adobe also released an advisory on Wednesday, which said the zero-day is exploiting a critical 'use-after-free' vulnerability (CVE-2018-4878) in its Flash media software that leads to remote code execution.

The critical vulnerability affects Adobe Flash Player version 28.0.0.137 and earlier versions for:

  • Desktop Runtime (Win/Mac/Linux)
  • Google Chrome (Win/Mac/Linux/Chrome OS)
  • Microsoft Edge and Internet Explorer 11 (Win 10 & 8.1)

Adobe said in its advisory that the company has planned to address this vulnerability in a "release planned for the week of February 5," though KR-CERT advises users to disable or completely remove the buggy software.

Source: The Hacker News

Firefox Browser - Critical Update To Fix Remote Exploit

January 31, 2018  Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser.

The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities.

This could allow an attacker to install programs, create new accounts with full user rights, and view, change or delete data.

However, if the application has been configured to have fewer user rights on the system, the exploitation of this vulnerability could have less impact on the user.

Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0). The vulnerability has been addressed in Firefox 58.0.1, and you can download from the company's official website.

Cloud Based Password Manager Hacked

OneLogin, a cloud-based password manager, revealed it an unauthorized intrusion on June 1st. While there are constantly breaches, even at security companies, this one pushed me to consider outlining pitfalls of password managers.

Password managers have been around for years and are heavily utilized for their convenience.  It is important to remember how they work.  In short, they are a small groups of encrypted hashes either within a database or a set of registry keys that are only protected via a single password.

Some corporations have moved to syncing their active directory credentials with services such as OneLogin so that their users only have to change and remember one set of credentials throughout a varying ecosystem of cloud based applications. Convenience often comes at the price of security.

The most common password managers such as those built into Firefox and google chrome are convenient, but even they have pitfalls.  Browser password managers are synced across multiple devices and thus are only as secure as the weakest of those devices.  Furthermore, the hashes are stored in each company's cloud, making them susceptible to breach there as well.

While I don't expect everyone to quit using password managers, I encourage you to consider choosing one that mitigates some of these security flaws.  Most notably, the top feature to look for in a password manager: Two-factor authentication.  Whether it is a bio-metric scan or an integration with a mobile  security app, two-factor authentication makes it much more difficult for an intruder to harvest all your passwords via a single password.

A list of a few password managers to consider:

  • LastPass: Can implement two-factor authentication through usb devices, google authenticator and others. It makes you audit your passwords. You can chose to store your passwords online or locally only.  Supported on nearly every platform.
  • KeePass: Open source, integrates directly with many sites and services, pushes unique, strong passwords. Local, but can be exported; can protect the database through multiple password layers.
  • 1Password: Suggests strong passwords when creating and changing your password, can separate your passwords into different vaults. An easy piece of software to use.