The Fundamentals of Network Data Loss Prevention

first_imgIt’s important to understand how criminals gain access to systems in order to better manage your organization’s network data loss prevention. While the playbook for network penetrations varies from attacker to attacker, there are some consistent patterns that emerge from each enterprise-level incident. Network penetrations can be broken down into three steps, each with distinct signatures.1. On-Ramp to the Network. Attackers have to get a foothold in the network, and this is most often done by social engineering targets to download malware or submit credentials to a phishing site. Additional on-ramps include watering holes, compromised logins, third-party hacks, and exploiting vulnerable third-party apps, particularly content management systems.2. Navigating the Network. Once inside, attackers will use internal documentation to further their attack, pivoting from corporate user to corporate user via compromises to eventually gain access to documents and databases.- Sponsor – 3. Exfiltration. Data exits the system in surprisingly simple fashions. Sometimes it is hidden in traffic, but more often than not, it is zipped or encrypted and moved off the network to a drop site before detection systems can alert users and data loss can be stopped.Human Error in Network Data Loss PreventionNearly all of the network attacks involve the following failures, oversights, or policy breakdowns:Human error is almost always involved. Whether attackers enter through the front door or move laterally through the network, the attackers need employees to take some sort of action, whether it is entering credentials into a phishing site or opening a malicious attachment.Employees use corporate emails to register for third-party sites that have been hacked and, even worse, reused passwords.Lack of two-factor authentication for access to VPN networks, databases, and shares contribute to many of the breaches and magnify password reuse problems.WordPress plugins are exploited for credentials to access servers or to create phishing pages. In general, servers running CMS applications are hackers’ on-ramp of choice.Once inside networks, reconnaissance is performed through corporate directories, wikis, and share sites. Attackers find targets with desired accesses and move laterally using malware or phishing sites sent from internal email.Network traffic monitors fail or are evaded during exfiltration.This article was excerpted from “Basic Training in Network Security.” Read the article to learn best practices in data loss prevention and discover which components of any corporate network are most vulnerable.  Stay UpdatedGet critical information for loss prevention professionals, security and retail management delivered right to your inbox.  Sign up nowlast_img read more

Of politics and finance in Indian sports

first_imgSharda UgraPolitics, as we understand it, is usually party versus party. Congress vs BJP vs RJD vs LSD vs WMD… you get the drift. Politics, as the Ministry of Sports sees it, is a different, diversionary kind of tactic.Here party lines blur and the only line adhered to is one,Sharda UgraPolitics, as we understand it, is usually party versus party. Congress vs BJP vs RJD vs LSD vs WMD… you get the drift. Politics, as the Ministry of Sports sees it, is a different, diversionary kind of tactic.Here party lines blur and the only line adhered to is one of self-interest. All those in favour of perpetuating self-rule on one side and the befuddled babus on another. If this were a wrestling contest, it would be like sending a 50 kg stick insect up against a 110 kg gorilla. As things stand, India’s leading federation bosses, the er… above mentioned gorillas, first have their cakes bought with public money. Then they get to eat them too with a bunch of bananas-trips to the Olympics and other world events – thrown in as bonus. Suresh Kalmadi, P.R. Dasmunshi, K.P.S. Gill, V.K. Malhotra, Digvijay Singh, K.P. Singh Deo, et al, belong to India’s original Backscratchers Union.They have survived changes of government, ideology, policy and post-Olympics purges because they look after one another. Just as the BCCI lives in mortal dread of a “corporate takeover” and so resists professionalisation, our sports administrators also invoke the bogeys of a “threat to autonomy”.It’s great, this autonomy. It means a freedom from accountability (and actually from accounting) but does not imply demonstrating the dynamism to find independent funding. For that there is always the bottomless pool of our taxes.In the ministry, when faced with this powerful all-party club, they tend to throw up their hands and then do the easy thing – go after tricolours on helmets or what the cricket team is called. In recent months, though, something stirred: elite athletes were told they could bypass their federations and approach the ministry directly for funding.Now a scale for financing sports based not on a fixed priority list of disciplines but on a dynamic performance rating is being formulated. Whether the new sports minister will follow through on this is another matter. A few months ago, a meeting of state sports ministers was to discuss moving sport from the state list to the concurrent list, i.e. putting sport under Central control. Just before the meeting, a senior Indian Olympic Association (IOA) official hosted the ministers for breakfast after which the collective power of persuasion and pakoras had them opting for the status quo.advertisementYes, the government of India is not the world’s most efficient creature and yes it has more important things to do. But when it foots the bill for most Olympic sports, you would think a statement of expenses is the least it is entitled to.last_img read more

Mario Balotelli banned from driving after taking his Ferrari for 109mph spin

first_imgLiverpool striker has also been fined 800 pounds alongside a 28-day driving ban for the offenceLiverpool striker Mario Balotelli has been fined 800 pounds and banned from driving for 28 days after he admitted speeding at 109 mph in his Ferrari.Balotelli was stopped in his Ferrari for driving at 109 mph early on December 3, 2014 on the M62 at Tarbock Island, Merseyside. The 24-year-old had been driving his 240,000 pounds left-hand drive Ferrari, reports espnfc.com.The incident escalated after Balotelli failed to appear in court last week, though his solictor Mike Hogan on Friday said the Italian star never received a summons and was not intentionally ignoring the court.Balotelli was also ordered to pay an 80 pound surcharge and 100 pounds in court costs. Hogan apologised on Balotelli’s behalf but said the footballer has a clean driving record.last_img read more