Don’t Look now you’ve been hacked – part 2 (useful tools for awareness)!

The thought of people being concerned that NSA is listing and monitoring their activities is a hysterically funny concept to me. Whatever you think of Edward Snowden, know that he is a day late and a dollar short. Most of these very same people that worry about the NSA, have a “Tracebook”, Twitter, Instagram or a half a dozen other social media accounts that should be significantly reducing the NSA operating budget. In fact, let’s just disband the NSA and hire Google! It seems that most of us have no issue publicly posting our most intimate details on Facebook including everything short of our Social Security numbers. Posting our current location and “checking in” so that the entire planet knows not only where we are, but what we are doing seems to be an absolutely essential public service and should also include pictures of the meal I am about to eat. How many of these same individuals are aware that every picture posted contains Meta Data that also memorializes the GPS co-ordinates and the camera type used to take the picture? I know you want to share picture of the family, but do you really want ISIS to know exactly where they live?

As everyone is so willing to publicly disclose these personal details, it explains why so many remain ignorant of the data mining that goes on that you do not knowingly consent to. I assume we all know that Google is in the business of selling digital user profiles to advertisers? Every type an email to a friend about planning a trip to the Italy only to find your inbox now populated with travel agency “hot deals”? If your email does not fill up with travel deals to the Italy, you can bet your internet browser will now display a travel agency advertisements, “learn to speak Italian” and top Italian Restaurants on every page you view fin! Now ask me what we think about using Google Docs! We suggest that you consider DoNotTrackme extensions to your Chrome and Firefox browsers. We also recommend that you install “self-destructing cookies” and watch how many cookies are exchanged with your browser each use. Remember, we really don’t need your username and password, we need your cookies all of which are transmitted in clear text over that Starbucks wireless you have been using! All available using FireSheep!

Now if this is a vulnerability that effects individuals, what vulnerability effects enterprise level environments? Forget the notoriously leaking Windows Operating system and your hopelessly porous laptop, in the wake of the 55 Million credit card numbers stolen from Home Depot and the 45 million stolen from Target, we now have to worry about the credit card machines at the checkout counter. Actually the TJ Maxx heist was in many ways much larger! You might be considering how did the hackers get through the Firewall? As we have pointed out before, most computer network security exploitations are not executed through the firewall, they are executed by “social engineering” with the assistance of an ignorant employee or paid hit man. It is suspect that at least one of the above break ins was assisted by a third party trusted partner like the heating and air conditioning service company. Nothing like a starving janitorial night service crew to earn a few extra bucks plugging a USB device into any desktop computer releasing a new and improved malware version of BlackPOS ! Most of these stolen credit card numbers can be purchase here or on the Darknet using a Tor browser to reach silk road type websites.

It seems you can’t turn on an electronic device today without it alerting you that a software update is available for download. From the TV set, to the mobile phone, tablet and now even your car, all are subject to software updates. Do you even question what is being downloaded to your device when you do a software update? You just assume you are connecting with Apple, Amazon or Samsung? What if some evil doer was really just spoofing a software update and you just willingly downloaded a super basket of spy goodies that turn on your phone camera, activate your microphone and email snapshots to back to the mother ship. NSA, are you kidding? You would never know if it was your spouse, or employer would you? Yet millions of people do this without care, day after day and think nothing more about it. If you want to be tracked everywhere you go, risk having your most intimate communications published (just ask Jenifer Lawrence and the other celebrity Nude hack victims) just carry your Smartphone with you at all times!

Cyber-crime, next to the Ebola virus and violent terrorism is the single most economically destructive phenomenon to threaten the American way of life since the Cuban missile crisis. Yet the average business owner winces at the cost of engaging a computer network security audit and thinks that penetration testing is lovemaking foreplay. When the IT team asks for a Firewall upgrade or an increase in budget to cover a subscription to virus, spam and bot net filtering they somehow can’t justify the added expense. Educating your employees on the safe use of the Internet over WiFi should be part of the healthcare preventive medicine program, but most business will ignore “social engineering” vulnerabilities until a major data thief publicly embarrasses them.

(DrVoIP provides VoIP network readiness assessments and is a certified Network Security consultancy providing penetration testing, firewall and related security services. If you contact DrVoIP@DrVoIP.com we recommend that you use Ipredator and remember that there is a difference between being anonymous online and untraceable on online! We can help you with both.)

Looking for a UCCX Wall Board? – VSR2 has the vision!

If you have ever considered adding a Wallboard to your CISCO UCCX based Contact Center deployment, you know that the selections are slim.  There is a wealth of unsupported “freeware”  solutions on the net, generally the failed  result of someone trying to “roll there own” wallboard.   Clearly,  you always have that option if you have the time, talent and ongoing commitment to support Cisco’s follow on versions and upgrades.  To assure ongoing compatibility with CISCO, you need a dedicated development team!  Finding a vendor supported wallboard that does not cost as much as the UCCX itself, however, has been very difficult until now.   We recently had the opportunity to work with VSR2, a UK based  CISCO partner who has been building software based solutions since 2007.   The VSR2 UCCX Wallboard product offering is both an astonishing accomplishment and a must have product for any serious call center deployment.   Not only is the product exceptional, but the entire team behind the product is a real joy to work with!

The VSR2 installation is very simple, but it is generally done by a factory engineer over a remote desktop or TeamvViewer type remote connection.  The VSR2 solution runs on a Windows Server under IIS and interconnects with the UCCX over an Informix database connector.   Simply provide the usual UCCX database credentials and if there is network connectivity between your Windows Server and your UCCX server the install will be completed in less than 30 minutes, most of which is spent waiting for Microsoft!   We worked with an excellent engineer, Victor Spirin, who was very helpful in answering questions and also provided an initial over view of the systems capabilities.

We successfully tested the VSR2 on both UCCX Version 8.5 and Version 9 with no problems, or show stoppers to report.  The Wallboard is easy to customize and there is a great deal of flexibility in every aspect of the configuration.  Your can select your columns, content, color and triggers.  You can create multiple CSQ  wallboards, or Agent based wallboards.  In fact you can create a library of  wallboards and you can send supervisors links to previously created wallboards.   VSR2 has also developed other tools that are effective for Call Centers including a call recording capability, but it is the VSR2 wallboard that brings this company to the forefront!   They offer a 30 free trial and if installed, it would be hard for us to predict that it would ever be removed!   Take a look!

 

Don’t look now but you have been hacked!

Hackers at the Front Door?

Most every home and business office now has a firewall that separates your internal computer network from the wild west of the world wide internet. The good news is that firewalls have become increasingly more sophisticated and properly configured can do an excellent job in securing your internal computer network devices.  Modern firewalls now include intrusion detection and prevention, email spam filtering, website blocking and most are able to generate reports on who did what and when. They not only block evil doers from outside your network, but they police the users on the inside from accessing inappropriate resources on the outside internet. Employees can be blocked from visiting sites that can rob your business of valuable productivity time or violate some security compliance requirement.  Prime business hours is really not the time to update your Facebook page! Nor do we want our medical and financial service folks using an instant messaging service to chat with and outsider!

The Firewall is the electronic equivalent of the “front door” to your computer network and there is an endless parade of potential evil doers spray painting your doors and windows, relentlessly looking for a way in. A properly configured, managed, and regularly updated Firewall can be very effective in protecting your computer network, both in the office and at home. Behind the firewall, must desktop computers and office servers have local software based firewalls installed that also provide virus protection.  Hopefully if something does get past the firewall, the internal virus and desktop firewall solutions will provide an additional level of security.

What is a Firewall Anyway?

Firewalls are both reasonable and appropriate but here is the bad news. Most of the hacking you now hear and read about is not done by evil doers coming through your firewall! The real damage is done by those inside your network! Malicious users and dishonest employees will always a treat. There is always the treat of the unscrupulous employee swiping credit card data or passing security information for money. The real danger, however, is from users who are just ignorant of today highly sophisticated security vulnerabilities. The most honest employee can unwittingly become the source of a major security breach resulting in the loss of their own personnel data, or the personal and financial data of your customers.

Take your average laptop user as a perfect example. How many times have you gone down to Starbucks and setup shop?  Beautiful day, open air, sun and a high speed internet connection, wireless phone and it is business as usual! If I told you how easy it is to setup a “man in the middle” attack at Starbucks you would give up coffee for the rest of your life. You think you are on the Starbucks WiFi, but actually that kid in the back of the Starbucks with the Wireless Access Point attached to his USB connector, has spoofed you into thinking he is your door to the Internet. He has been monitoring every key stroke on you laptop since you logged in. In fact he now has your log in, password and most everything else on your computer.  Now when you head back to the office and plug in,  you just unleashed a bot on the company network and he will be back later tonight!

If laptops were not enough, everybody is now walking around with a Smartphone!  Did you know that your Smartphone keeps a list of all the WiFi networks you have used recently? Remember when you were down at Starbucks checking your email while waiting for that cup of coffee? Now everywhere you go your phone is sending out a beacon request that sounds like “Starbucks WiFi are you there?” hoping it will get a response and auto connect you to the internet. Remember that kid we were just talking about?  He decided to answer your beacon request with a “yeah here I am, hop on!” Just another “MITM” attack and what he can do to your Smartphone, especially those Androids makes your laptop look like Fort Knocks!

Sometimes for fun and entertainment, while sitting at a gate in an airport waiting room, I will net scan the WiFi to identify how many phones, computers and ipads are online and connected. Not saying that I would do this, but I think you could execute a Netbios attack in less the five minutes?  It is amazing how many people leave their printer an network sharing options on when they travel.  Even more people leave their “Network Neighborhood” settings  in the default configuration!  The drill is always the same:  map the network to see what hosts are connected; port scan for know vulnerabilities; out the exploit tool kit and the rest is actually getting relatively boring for the ethical hacker.  Now credit card thieves on the other hand…….

Chances are your Internet browser is worst enemy when it comes to securing your privacy.  Every website you visit, every email you send and every link you follow is being tracked by hundreds of companies. Don’t believe me?  If you are using Firefox, install an add in extension named DoNotTrackme and study what happens.  Assuming you are an average internet surfer, in less that 72 hours you will have a list of over 100 companies that have been tracking your every move on the internet!  These companies don’t work for the NSA,  but they do sell your “digital profile” to those willing to pay for the information.  Where has your GPS been? What sites did you visit, what movies did you watch, what products did you buy, what search terms did you select – all of this dutifully reported back by you and your unsuspecting employees.  Ever wonder if your competitors want to know what your viewing on line?

Voice Over IP phone systems offer an entirely new range of vulnerabilities waiting to be exploited by the unscrupulous evil doer!  We recently illustrated to a client Law Firm (as a paid intrusion detection and penetration testing consultant and with the clients permission) just how easy it is to covertly switch on a conference room based speakerphone and broadcast the entire conference to a remote observer over the internet! In fact, capturing voice packets for replay is the first trick script kiddies learn in hacking school!

VoIP, Bluetooth, WiFi, GPS, RFid, file and print sharing and even the “cloud” all add up to a list of vulnerabilities that can be easily exploited. What can you do? You need to educate yourself and develop your own “best practice” for safe computing.  You need to educate your employees and co-workers about the various vulnerabilities we all face every day as we become more “wired” and more Mobile.  Hire a competent Computer Network Security professional to do “penetration testing” on your corporate network and firewall.  It would be better to pay a professional to “hack” you, then pay to  fix it after you have been hacked!  Remember if we can touch your network, we will own your network!

(DrVoIP provides VoIP network readiness assessments and is a certified  Network Security consultancy.   If you contact DrVoIP@DrVoIP.com we recommend that you use Ipredator to do so!)

ShoreTel Virtual Trunk Switch – Configuration and License impact!

ShoreTel currently has three virtual appliances that can be used in place of the Orange ShoreGear voice gateways and conference servers.  These three virtual appliances are shipped within the ShoreTel core Server Software and consist of OVA files and ISO images.  The tree appliances consist of the phone switch; the trunk switch and the Service Appliance, a virtual replacement for the SA-100 and SA-400 conference servers.   Once they are virtualized, they install exactly like the hardware versions of the Orange ShoreGear boxes.   The only noticeable difference, is that the configuration page in the ShoreWareDirector does not seem to offer up the image of the switch as it does with the hardware version.    There are no drop down boxes for configuration of switch feature options in large part because each option is defined by the OVA file.    We note only two ISO images in the FTP root of the HQ server, so we have concluded that  the same ISO is used for the phone switch as is used for the trunk switch, the differences being set by the OVA file.

Each of the virtual devices install in a very similar manner, with little difference as it relates to the bring up under VMware.    Open the proper OVA file and the hardware is appropriately configured.  Launch the machine and you will be required to provide the normal Network configuration data and identify the location of the ShoreTel HQ/FTP server.   After the machine is configured you can log in as root, run Ifconfig to check your network card settings and note the MAC address for configuration in the ShoreWareDirector.    Then bring up the cli interface using “stcli” and you will be greeted with the familiar and easy to navigate ShoreTel Switch menu system.  You will need to add the FTP, NTP and DNS address information.   Having a primary NTP source is of critical importance especially when configuring the Service Appliance used for conferencing applications.

Now that the virtual machine is configured and running you can add it in the ShoreWareDirector.   Again aside from the lack of an orange switch image on the configuration page, it installs like any other ShoreGear device.  From a license perceptive, no harm done until you actually configure a SIP trunk.   In addition to the normal SIP trunk licenses you will need for any of the hardware gateways, the vTrunk switch will require licenses as you add trunks to the virtual appliance.   All in all this is sweet stuff and you should have a ball playing with virtual switches!  The video walks you through the entire setup! – DrVoIP@DrVoIP.com