On the Defensive with Pwn Pulse

The security landscape is changing rapidly, with rogue devices and complex malware becoming increasingly common attack vectors. The best weapon in this new era is information, and the best way to stay informed about your network is with a distributed security system like Pwn Pulse.

With Pwn Pulse, IT staff can see the entirety of their network at a glance, helping to determine which machines are at risk, where the vulnerabilities are, and even show if they’ve already been victimized. This capability is exceptionally important to organizations with remote locations, as it allows the same level of oversight to be applied to every part of the network, even if it’s a thousand miles away.

 

Detecting Rogue Devices

One of Pwn Pulse’s most valuable functions is the ability to see new devices almost as soon as they connect to the network. Any new device which connects to the network can automatically be immediately flagged as suspicious within Pwn Pulse, which helps staff sort out devices which need to be investigated. Once the device has been verified to be legitimate, it can be marked as such in Pwn Pulse, along with some notes that help describe what it is and why it’s necessary.

The detailed history Pwn Pulse keeps on every device particularly helps in the fringe cases which have traditionally been difficult to effectively deal with. For example, it can make a clear distinction between an approved device which is only on the network infrequently and one that has never been connected before.

 

Scanning for Wireless Threats

More importantly, these capabilities extend beyond the physical network Pwn Pulse is monitoring. By way of WiFi and Bluetooth scanning software in the sensors, Pwn Pulse can even see when new wireless devices have come into range. This can be anything from the Bluetooth on a user’s smartphone to somebody attempting to setup a rogue access point in the parking lot.

Pwn Pulse features historical record keeping that also applies to these more nebulous wireless hits, allowing staff to find trends and associations which may otherwise have been impossible to identify. If somebody suspicious was snooping around one of your branches, you may be able to find out if he’s been around any of the other branches by seeing if the same Bluetooth phone or headset was picked up at multiple locations.

 

Fingerprinting Network Devices

Pwn Pulse does more than just find devices, it can also help identify them. Using a suite of software tools installed on each sensor, Pwn Pulse is able to glean information from devices on the network from high level things like device manufacturer and operating system, all the way down to what services are running on which ports. It can even scan those services for known vulnerabilities and exploits, allowing for the creation of a unique and very specific “fingerprint” for every device detected.

Using these software and hardware fingerprints can help determine what each network device actually is, as well as track their movements throughout the network. If a rogue access point running a specific set of services was detected at one remote branch, Pwn Pulse could tell you if another rogue access point with the same parameters was seen elsewhere.

 

Evaluating Rogue Access Points

Being able to detect a rogue access point attempting to victimize one of your branch locations is incredibly important, but even better is the ability to determine if it has actually been effective or not. To that end, Pwn Pulse has the unique capability to show which wireless clients have connected to which networks over time.

By selecting a suspected rogue access point in Pwn Pulse, a list of clients which have connected to it can be generated. Pwn Pulse can automatically cross reference that with the list of nominal wireless clients which connect to the network, so administrators can see which machines have actually fallen victim to the rogue access point. These devices can then be singled out in an investigation to help determine what information may have been leaked during the attack, or examined for software modifications such as malware installations.

 

Automated Vulnerability Scanning

Rogue devices and access points aren’t the only threat to the modern network. Malware is becoming increasingly sophisticated, with some security researchers now even claiming physical damage resulting from such software isn’t outside the realm of possibility. As more and more hardware becomes connected in the “Internet of Things”, complex malware that can manipulate devices will become a very real threat to the digital as well as physical security of the workplace.

 

With the ability to regularly scan the network for vulnerabilities and exploits with constantly updated industry recognized tools, Pwn Pulse gives the administration peace of mind by giving them the knowledge that all of their software is up-to-date and as secure as it can be. Through its scripting system Pwn Pulse can adapt to new threats, or even perform tests specific to the software running on a particular network. These scripts, both user-defined and provided remotely by Pwnie Express, give Pwn Pulse the exceptional flexibility required to stay relevant in a constantly evolving environment.

Pwn Pulse 30 Day Free Trial



Google Tackles BYOD with Android for Work

People love their mobile devices; between gaming, social media, and simply browsing the web, more and more people are turning to a smartphone or tablet for their personal computing needs. For many, work now represents the most time they spend on a traditional desktop or laptop computer. This shift in personal computing is only going to get more pronounced as mobile devices get cheaper and more capable; why even bother purchasing a home computer for web browsing and light work when your tablet or even phone is already more than capable of it?

It’s only natural that those same personal computing habits start to bleed into working hours. Users have started bringing their smartphones and tablets onto the work network and whether the administration likes it or not, it’s inevitable. Pushing back against users bringing their own devices, or actively trying to block them, adds aggravation and stress for everyone involved. Workplaces today seem to be faced with a simple choice: adapt to the changing times and institute a well thought out Bring Your Own Device (BYOD) policy, or waste valuable time trying to fight a coming tidal wave.

To help workplaces cope with the changing landscape of personal computing, Google has unveiled “Android for Work,” which the search giant hopes will reign in the billions of Android devices and get them ready for their new part-time jobs as business tools. While it still won’t be easy to balance BYOD and overall security, standardizing a framework for the world’s most popular mobile operating system is definitely a step in the right direction.

 

Work Profile

“Android for Work” builds on the multi-user support included in Android 5.0 by adding a dedicated profile on a user’s phone or tablet that separates business related applications and data from the user’s day to day profile (older releases of Android will require the installation of a special Android for Work application). When a user is under their personal profile they can use the device as they would normally, but once they switch over to the work profile, there is a completely different set of applications which are visually set apart by a small briefcase overlay on their icons.

Google has also included “Google Play for Work”, which allows administrators to whitelist applications that can be installed while users are running their work profiles. Businesses can use this to not only control what applications are being run on their network, but to distribute their own internal applications without having to put them up on the main Google Play market or sideload them manually onto every users’ device. Applications can even be silently installed or removed remotely, so internal applications required for work can be automatically installed, or previously whitelisted applications which have found to be troublesome can be purged.

It’s even possible to remotely wipe just the Android for Work profile without interfering with the rest of the files and applications installed. So if a user is no longer with the company or decides to stop using their personal device, the work profile can be remotely wiped and everything will go back to the way it was.

 

Half the Equation

Android for Work is definitely a big improvement to how mobile devices integrate into the business environment and will certainly help many businesses which are looking to strike a balance between convenience and security; but it still doesn’t solve the BYOD problem. The most glaring issue is, of course, users who bring in their devices without telling anyone. Android for Work can only control the devices which have been registered by the administration, it does nothing to control personal devices which users simply bring in and connect to the network without permission.

Users sneaking in their personal devices without permission of the administration is arguably the crux of the BYOD issue to begin with. A complete BYOD solution still requires vigilantly protecting the network against incursions from any and all unknown devices. Deploying Android for Work won’t mean much if a user can freely connect their device to the network without anyone knowing about it.

The Easiest Way to Get Hacked: Use Phone at Phone Show

Bloomberg Business

The Easiest Way to Get Hacked: Use Phone at Phone Show

March 1, 2015

By Cornelius Rahn and Gwen Ackerman

 

(Bloomberg) — If anyone attending the Mobile World Congress in Barcelona this week doubts how easy it is to hack smartphones and tablets, Filip Chytry and his team plan to set them straight. By hacking into their devices.

Chytry’s company, Prague’s Avast Software s.r.o., is setting up a faux-fraudulent wireless hotspot at its booth that will let the company’s staff and onlookers track the online activity of any device that connects.

The site will let Avast capture passwords, messages and other information people type on the websites, and Chytry can even create dead ringers for Gmail or Facebook sign-in screens – – down to the little green padlock icon that indicates a secure connection — that lull people into a sense of safety. While the data will not be stored, Chytry said, the experiment demonstrates how vulnerable mobile devices are to cybercrooks.

“People can see what can happen if they use free networks in pubs, restaurants or elsewhere,” said Chytry, a security researcher at Avast who helped design the exhibit. “It will show them that this is a real problem.”

Mobile devices have long overtaken personal computers as the main gateway to the Internet, but few consumers or even companies have given much thought to securing them. They’re always on, constantly used, and weakly protected, inviting hackers to find ways of exploiting their vulnerabilities.

(Original Article)