Endpoint Security for Distributed Offices, Remote & Branch Offices and Mobile Workforce

IDG news has reported that a Ukrainian national , Sergey Valeryevich Storchark accused of helping to hack into nine US retailers and
making off with data for millions of credit cards has been arrested earlier this week in New Delhi , India.

In January, 2007 TJX  Companies Inc, reported an incident of major breach of CCN and NAA records.  Data Loss DB reported that more than 94 million records were stolen by extremely sophisticated hackers who were able to bypass the data security used by the company.

The detailed news is available on the following link

http://www.theregister.co.uk/2010/05/14/tjx_hacking_suspect_arrested/

Sergey along with 10 other men were charged in August, 2008 for hacking into TJX network and stealing millions of credit card records.

USB rubber ducky is a smart device which can emulate a keyboard or a mouse when connected to a computer and can execute a pre programmed instructions.

An example will be, opening the command prompt on windows and then flushing your DNS cache, within a flick of a second which will be absolutely difficult to notice. The dangerous part is that, it can also be used to format one of your drives in a flick of a second.

Since, we have mentioned about it on data loss blog, we could also give you an example of data loss though this new device. Consider, a modified version of rubber ducky, which also has a flash storage in it. It will take a simple command to copy all you documents on to this flash storage by emulating a keyboard and executing the copy command.

The most concerning thing about this device is, that , since the device has its own small processor, which makes itself a computer which then communicates to your computer through a usb port, it can actually work on different platforms other than windows, like Mac, Linux etc.

Here is how a USB rubber ducky looks like ?

So, be careful if see something like this next time in your office.

uHook USB Disk Security v 2.3.1 has been released with following updates:-

1. Email alerts can be sent in the event of unauthorized device access on the usb ports
2. You can reset your installation password unlike the last version
3. Licensing options have been made more clear and easy

Download your free full version trial copy from here

“uHook Enterprise helped us a lot in solving our problems of data loss. We tried using different kinds of solutions, but none of them were as effective as this product. We are so dependent on uhook that, we do not allow any new machine to go out in the network until we make sure it has got the label of uHook on it. I would also appreciate the kind of support we received from Dataresolve team”
-Tapas Batabyal, IT Administrator, Asbesco India Private Limited

USB ports today are universal gateways for data transfer . If your security policy says , block it completely, this is what is going to happen:-

Gradually you end up opening ports one by one. Sometimes you remember to block it back once you purposed for opening it is solved, and sometimes you just forget about it. What happens when the number of machines in your computer network is huge, something like more than 5000 windows machines or may be 10,000. In case of defense organization it definitely will be more than 25,000.

With the introduction of next generation portable devices, security of data in a computer network is supposed to go even worse. Think about tablet PCs and all sorts of portable devices claimed to be small and a version representing a transition from laptops and PDAs to something between laptops and PDAs.

US defense issued a policy to block all kinds of portable media devices like USB drives, memory sticks, SD Cards, Portable hard drives, thumb drives etc. The ban was issued in November 2008 by the U.S. Strategic Command after a virus, a variation of the SillyFDC worm, was found to be spreading through military networks by copying itself from one removable drive to another.

read more about this story here

uHook USB Disk Security v 2.3.0 has been released with following major updates:-
1. Tray icon shortcut and notifier to keep you informed about the status of your usb security
2. Shorcuts to directly access the control panel and put temporary polcy on your usb ports
3. Better tamper proof and uninstall protection from malicious users
4. New licensing options for easy activation
5. Option for revoking licenses so that you can easily transfer the license if needed to a new machine

With amazing success of the first version of uHook Enterprise, we have recently released a beta version of the product which is based on SaaS model. What this means is that, now you don’t have to maintain a dedicated server for handling device policies or storing reports, you can scale up the installations on demand, this gives you an advantage of controlling multiple offices of a company located at different physical locations of the globe from one single Admin console and this model offers you a cost reduction of 30% in deploying an end point security solution in your office.

Beta signups are already available on the company’s website, which soon would be updated to full version for regular business use. Click here to try the Beta version of the product.

According to an article published by searchsecurity,

“This model allows a company to reduce capital expenditures, scales up or add new networks under end point security protection on demand, and frees up the IT team from getting involved into huge amount of efforts required to maintain the server . The most compelling aspects of SaaS is its lower Total Cost of Ownership (TCO). According to McKinsey & Company, companies realise a 30% lower TCO when using a SaaS-based solution instead of an on premise solution. This value comes from several sources: reduced deployment time, no supporting infrastructure, no application testing, lower training requirements, no ongoing business process change management, all costs are visible in the service fee (no need to aggregate power and data center costs, licenses, pro rata allocations of infrastructure costs, etc …), and no unscheduled downtime.”

About the Product

uHook enterprise is a state of art DLP product for computer networks having enterprise data distributed in a WAN (Wide Area Network). uHook uses its ACTIVE EPS (End Point Security) technology, which was used in the first personal version of the award winning product, uHook Personal..

What is Active EPS?

ACTIVE EPS is the name give  to the core DLP engine in the agents which helps uhook detect and block any kind of malicious device which can be used to steal data. Besides, having its unique detection mechanism uHook Enterprise agents uses very low memory footprint, supports almost all windows versions including Vista and Windows 7 and interestingly communicates with the server without opening any port on your system making it less vulnerable unlike other desktop based application which communicates in the network. The product is based on both SaaS and non SaaS versions, which offer you limitless possibilities like controlling multiple office from one single admin console accessible from anywhere in the world, having unlimited capacity of storing your reports as long as you want and allowing you to scale up the control to over 2000 PCs with one single server license of uHook Enterprise.

Business Benefits:-

1. Control and monitor device access activities at different location of the globe sitting in one place
2. Protect your data and prevent malicious users with strong ACTIVE EPS technology
3. Scale up to thousands of machines within a very short time
4. No complex deployments and server installations are required
5. Unlimited storage of reports and policies
6. Regular updates of server and agents

Features:-

1. Easy to use device control over network
2. No port is opened on the agent thereby reducing the risk of other vulnerabilities
3. Password protected uninstall of the agents
4. Fast workflow of device control and policy implementation
5. Both SaaS based as well Dedicated Server support
6. SSL secured access of admin console
7. 128 bit encryption is used for client server communication
8. ACTIVE EPS technology ensures identification of a device uniquely out of millions of devices
9. Unlimited backup & storage of reports and policies
10. Regular updates of agents and servers
11. Flexible reporting
12. Email alerts and warnings of malicious activities on the end points

Dataresolve Technologies emerged as one of the top 2 startup companies  in a Business Plan Competition called Navkriti, organised by NITIE in association with top Venture Capital firms and organizations like NEN and TIE , Mumbai during Empresario 2009. During the pre-selection process, Dataresolve was initially  selected amongst the top 8 startups  out of all the entries submitted from all over the country and finally under top 2 in the final presentation of the business plan.

The B-Plan Event Navkriti 2009

The major advantages in winning, as the Dataresolve team feels were having a really innovative approach along with technology to solve the problem of enterprise data theft from large number of small storage devices coming in the market and expected to keep on increasing in coming years. Fully automated sales system, targeting international customers and being able to bag 9 international deals in last 8 months were also felt to be important.

The jury members consisted of Anand Lunia from, Seedfund Advisors,Mr Sameer Guglani from Morpheus Ventures, Mr Rahul Chaudhri from Helion Ventures etc. Some  of NITIE’s  esteemed associates also included TIE Mumbai, NEN, and  Nexus India Capital.
Winners of this competition have the opportunity of being considered by Seedfund for a potential seed fund upto 5 crores INR.

Dataresolve was founded and incubated in August,2008 from IIT Kharagpur,one of the the elite institutes of the country,  under an incubation program called TIETS. The company was  founded by IIT Kharagpur Alumni with the support of institute’s professors and industry experts with a vision to build one of the strongest product based technology company in Information Security. With most IT companies in India being service based, Dataresolve proudly claims itself to be one of the very few software product companies from India and probably the only company in DLP.

The Dataresolve Team receiving the trophy for the event Navkriti

The first and free home version product of the company called uHook USB Disk Security have already generated a lot of good response from internet community with over 20,000 users worldwide and the product being graded by PC QUEST under top 55 security products of 2009, helped the company build an appealing profile to market the enterprise version of the product.

Here is a youtube video to help you understand, how to install uHook USB Disk Security. Please note that you need to have .net framework installed for using this application.

As the prices of laptops have come down heavily and the consumer liking is drastically shifting towards mobile devices, the laptop sales in India have hit a 114% per year growth in 2008 with a total of 1.8 million units sold. This growth rate is far ahead of that of desktop PCs which are lagging behind more and more in sales to personal users.

According to India’s Manufacturer Association for Information Technology (MAIT), laptops accounted for 25% of total PC sales in India in 2007-2008. The current ratio of laptops to desktops in India is 20:80 and is predicted to reach 50:50 in the next 3 years.

Accelerating the rising demand for laptops are their sleek & attractive designs, enhanced security functions & modules and various built-in accessories. The enterprise sector particularly favors faster processors, increased portability and connectivity, according to industry analysts.

But the major pitfall of this growth in laptop sales would also most likely boost another dangerous aspect of the PC industry – Laptop Theft. Keeping your information in highly portable devices like laptops and PDAs is bound to trigger a huge security issue revolving around data & hardware thefts.

Here are some ways how you can increase security of your laptop and minimize chances of data loss.

The security of laptops is a huge field which can be broadly divided into two main segments:

1. External Security or what is more commonly called Physical Security
2. Internal Security or what is more commonly called Software Security

External Security tends to address issues like Laptop Thefts while Internal Security is more oriented towards protecting it from Data Thefts.

Elements of External Security

i. Get custom Engraving done on the Laptop

Permanently marking (or engraving) the outer case of the laptop with your company name, address, and phone number may greatly increase your odds of getting it returned to you if you happen to forget it somewhere carelessly. Websites like www.engraveyourtech.com and www.razorlabs.com do custom engravings.

ii. Get your Laptop registered with your manufacturer

This not only helps you to track your laptop if it arrives at any maintenance shop but also helps you get regular updates and support.

iii. Use a Cable Lock

Using a custom Cable Lock will help you secure your laptop to an immovable object beside the place where you keep your laptop. This ensures that nobody just walks in and then walks away with your laptop. You can get a cable lock for $15-$30. Cable Locks can be purchased from sites like www.securitykit.com, www.computersecurity.com , etc.

iv. Use a Chain/Cable Lock while in Car

Using a cable lock while using your laptop in the car ensures that nobody can steal your laptop even when you are outside the car.

v. Use a Docking Station

While in office always place your laptop to a docking station where you can fix your laptop. 50% of laptop thefts occur from offices because of poorly screened housekeeping staff and disgruntled employees.

vi. Use third party devices like Hard Drive Locks, Motion Detectors and Trackers

Hard Disk Locks are great to lock in your hard disk inside your laptop so that no one can just open your laptop and walk away with your hard disk. Remember, your hard drive is the main storehouse of all information.

You can also have special Motion Detectors like Caveo installed in the PCI bay of your laptop that trigger an alarm whenever the laptop is moved without your permission.

Laptop Trackers inform the authorities about the whereabouts of the laptop whenever a stolen laptop is connected to the Internet or the telephone. Nowadays GPS trackers have the ability to track your laptop using satellite data but they are more costly.

vii. Get a Laptop with biometric identification

Biometric Identification reads your thumb finger print and unlocks your system. Without the thumb impression of the authorized individual, the laptop cannot be unlocked. In this way your laptop is safe from prying eyes trying to steal your account password.

viii. Use Handy Laptops backpacks which you will always carry wherever you go

Laptops backpacks are better in the context that you can always place it on your shoulder comfortably and go anywhere thereby eliminating the worries of losing or forgetting your laptop. Be it washroom or conference room or transport station, your laptop goes with you everywhere.

Elements of Internal Security

i. Get a secure Operating System with the Latest Updates

Always try to get a genuine copy of your operating system with the latest updates. For Windows XP users, get the XP Service Pack 3 installed on your laptop for maximum security. Every Service pack eliminates past vulnerabilities and incorporates greater security features in your OS.

ii. Always use the NTFS file system

The NTFS file system is far better than the FAT32 file system in the sense that it is more secure and more crash-proof. The data corruption rates is very low and even if you lose your data through format or partitioning or deleting, you can still recover it through special Hard Disk Recovery or File Recovery softwares.

iii. Disable Guest Account

The Guest account is hacker’s golden gateway. Check from you User’s Panel if it is On. The best possible thing to do is disable your Guest Account. Otherwise, you can keep it on but make sure, you protect it with a password by making use of the Computer Management Panel (to access this, type compmgmt.msc in Start>Run) of Windows.

iv. Disable Administrative Shares

Windows by default keeps all the partitions in your Hard Disk shared in the form of hidden administrative shares like C$, D$, E$, etc. This is a big security risk for your laptop specially when it is connected to a Wireless/Wired Network.  Go to the Computer Management Panel and Disable sharing them permanently.

v. Rename the Original Administrator Account

A hacker is always on the lookout for an account named administrator that Windows creates by default while being installed. Take the essential step of renaming your Administrator account from Computer Management Panel to some other name. This would delay the hacker’s intrusion attempt by some time.

vi.Create a dummy Administrator Account

While this is not so effective, but it can stop amateurs hackers from compromising your system. Delete your old Administrator account and make a new account with the name Administrator and assign limited privileges to this account.

vii. Disable the IR Port

The Infra Red Port is one of the deadly information leak channels in your laptop. Anybody could connect to your laptop through an unsecured IR port and copy your data. With the task bar notification turned off, it won’t even ever strike you how your data was stolen and who connected to your laptop.

viii. Switch on the Bluetooth Port only when required

The Bluetooth high speed transfer port is another communication medium through which data can be accidentally lost. Be careful to choose which incoming Bluetooth connections to accept and which to reject. Never connect your laptop to an unknown Bluetooth device.

ix. Always install Antivirus and Antispyware in your laptop

Any good antivirus with regularly update databases and bundled with an antispyware is a must for your laptops. A great deal of security concern arises from Viruses, Malware, Spywares, Trojans and Rootkits in your laptop that would otherwise get installed in your system in the absence of an antivirus without your knowledge. Remember, the main purpose of these malicious programs are not to corrupt your laptop OS or bug you or freeze your system but to manipulate the system in such a way that you unintentionally and forcefully expose your vital information to these programs which then happily transmit it to their owners sitting in different countries through the Internet. Antivirus like AVG, QuickHeal, NOD32, CA , Symantec are professional software providers in these fields.

x.  Switch on firewalls for Wired and Wireless Connections

Firewalls control the information that is sent to and fro across your Network connections. It has the ability to stop malicious programs from stealing sending vital information from your laptop to another computer outside. With the good configurable policies, firewalls really add good value to your security of your laptop. Keep firewall always enabled for all your connected Wireless/Wired Connections. Komodo, ZoneAlarm, SonicWall, ESET Firewall, etc. are great firewalls to start with initially.

xi. Store your important files and documents in a single place and keep them encrypted

The greatest loss that is realized after a laptop is stolen is not the price of the laptop but the price of the information it had been carrying. If you are always weary about the sensitivity of the information that you carry in your laptop then make sure you keep these documents organized properly in a particular partition of your hard drive and then encrypt the whole partition with strong 128 bit encryption.

This way even if the stolen laptop gets into the hands of your enemies or competitors, it will take them more than a lifetime to decode the information even with very powerful computers. By that time, that information would have lost its face value.

The industry standard encryption programs are TrueCrypt, Jetico, CryptoForge, DeltaCrypt, etc. that can offer 128 bit encryption level and even military grade encryptions.

xii. Implement more control over removable Storage Devices and CD/DVD Drives

Use special Data Loss Prevention softwares that implement a higher level of access control over your laptop which the Windows is otherwise unable to provide. You can set permissions for different devices and different users in your laptop thus controlling storage devices access to your laptop. You can even maintain a file log audit and session audits for each file transfer. This can help you a lot to trace where your information is going and how to stop it.  Some well know personal DLP softwares are Devicelock, myUSBonly, uHook USB Disk Security and other End Point Protection softwares.

xiii. Be careful when connecting to a new Wireless Network

When connecting to a Wifi hotspot in a place, first make sure about the security of the network from the local authorities. Cross check the name of the network and then connect carefully to the network. You can easily confuse one Wi-fi Network with the other and end up connecting to a high risk network instead of the secured one.

xiv. Use firewalls effectively on USB Modems which you use to access Internet

With the arrival of the new High Speed Internet Access (HSIA)  and 3G Network connectivity, portable USB Modems and mobile Internet access have become successfully connected to the lifestyle and requirements of a major section of Internet users. But these modems are highly insecure unless well monitored and controlled using Information Flow control softwares and Firewalls.

xv. Lock your Laptop whenever you are away

Whenever you leave your laptop and go somewhere for even a second, make sure you that you press the Windows Key+L  key combo to lock your computer and bring up the login screen, in which all the user accounts show up. Make sure all the accounts are password protected. This prevents just anybody from accessing your computer whenever you are afk.

xvi. Always keep backup of your files in another central computer or server or external Hard Disk

It is imperative to always keep a mirror image of your hard disk data in another central company server or another fixed computer. You can also use an external hard disk with which you can periodically synchronize your data to keep a ready backup of your most important files.

xvii. Protect your PC with a good BIOS password

The easiest way to penetrate a stolen laptop is to just format it instantly. Sometimes all the data is lost or otherwise anyone can format one partition of your laptop and then get unauthorized data from another partition just by overwriting your OS. So it is better that you lock your BIOS settings and at the same time disable booting from anywhere other than the  Hard Disk Drive. This partly prevents your system from being formatted.

The most Important step amongst the above steps is to show greater vigilance and concern for your laptop and your data that is preserved in your laptop. Being self-aware while being dynamic is the ultimate solution to Data Loss problems.