KRACK Attack – WIFI vulnerability – What does it mean to you?

KRACK Attack – WI-FI vulnerability – What does it mean to you?

 

You may have seen in the press that a vulnerability has been identified against the WPA2 Wireless encryption protocol. So what is this vulnerability and what does it mean to you?

Security researchers have discovered a number of vulnerabilities in the WPA2 (WI-FI Protected Access II) protocol. These vulnerabilities may allow attackers gain access to private transmitted data traversing your wireless network.

KRACK, Key Re-installation Attack, has been able to demonstrate the ability to un-encrypt wireless communication on multiple platforms, including Windows O/S, Apple IOS, Android and Linux.

So far the following protocols are vulnerable to the attack:

  • WPA
  • WPA II
  • WPA-TKIP Cipher
  • AES-CCMP
  • GCMP

The flaw is not in the cryptography underlying WPA2 or its predecessor, WPA. Rather, it’s in the implementation. When communicating with a client device to initiate a Wi-Fi connection, the router sends a one-time cryptographic key to the device. That key is unique to that connection, and that device. This is so that a second device on the same Wi-Fi network can’t intercept and read the traffic to and from the first device to the router, even though both devices are signed into the same Wi-Fi network.

The problem is that that one-time key can be transmitted more than one time. To minimise connection problems, the WPA and WPA2 standards let the router transmit the one-time key as many as three times if it does not receive an acknowledgement from the client device that the one-time key was received.

Because of that, an attacker within Wi-Fi range can capture the one-time key, and, in some instances, even force the client device to connect to the attacker’s bogus Wi-Fi network. The attacker can use the one-time key to decrypt much of the traffic passing between the client device and the router.

 

So what does this mean to you

Many vendors have already issues patches to mitigate this security vulnerability. Users are recommended to update/apply patches to their WI-FI enabled equipment. This includes routers, user devices and smartphones.

Veeam Backup for Office 365 v1.5 beta – First Look

Today Veeam released the beta of v1.5 for Veeam Backup for Office 365. Here is a quick look at Veeam’s new Office 365 protection software

There appears to be no ability to in place upgrade from Veeam Backup for Office 365 V1.0

1

After uninstalling this version, i then re-attempted the installation. I had intended to install this on the same system as my Veeam back:

2

After spinning a dedicated Windows Server 2012 R2 VM, we was rocking and rolling:

34567

Installation of Veeam Explorer for Exchange is also required

Console screen comparison from v1.0 to v1.5

V1.5:

9

V1.0

10

The obvious difference is the inclusion is the ability to multi tenant from the same console. In the previous version one default repository was configured. In V1.5, multiple repositories can be configured with individual retention policies

11

12

13

 

Adding organisations and creation of jobs has also changed:

14

15

16

 

Configuration of backup job:

171819

21

Password’s – An easy ticket into your organisation

With the ever changing security landscape, protection and compliance are high on the radar for most organisations. One area that gets forgotten in the battle against cyber threats, is authentication methodology, and more specifically why removing password authentication should be high on the priority list

Recently Microsoft announced some damning statistics around password authentication. For example, did you know that 63%* of all confirmed data breaches involved weak, default or stolen passwords. In addition to that statistic, did you know in a recent survey more than 25%** of employees would consider selling their password for less than £100

Pretty damning stuff wouldn’t you agree

So what can be done about this?

Multi-factor authentication is something you will start to hear more and more. The ability to authenticate against corporate environments using a multitude of methods will soon become the norm. Rather than enforcing strict password policies at an organisational level, or relying on users to adhere to password policies, utilising facial recognition, bio-metric scanning or token based authentication will enhance your security profile

Microsoft’s Azure AD can enhance this further by providing password management of a number of third-party applications and websites. By authenticating against an Azure AD platform using your chosen method of authentication, this can maintain security to SalesForce, Twitter, SAP and many more. This will prevent users having to maintain password based authentication for their other applications, and allow this security model to be maintained and control by centralised IT. Imaging Single Sign On across workloads using Multi-Factor authentication.

* figures provided by Microsoft at the Microsoft Tech Summit  2017

**figures provided ATLAS Sailpoint 2016 Market Pulse Survey. Survey polled 1000 people of which half work for a company with more than 10,000 employees

#VeeamOn from 4000 miles away

Veeamon2017logo

This week has been full of announcements from the eagerly anticipated VeeamOn event. With over 3000 attendee’s, many of you may have been lucky enough to attend this event. If you’re like me, and have been unable to attend and following online, here is a break down of the announcements so far

 

Tape-as-a-Service:

With recent events, the requirement for truly offline backups is increasing. Air Gapping is something that will crop up more and more in conversations. Veeam has natively supported tape backup in the last few version, but now it has included tape support to the BaaS offering powered by Veeam Cloud Connect. This will allow Veeam Service Providers to offload your Cloud Connect Backups to tape for enhanced protection.

It looks like the IBM Tape Loader attracted lots of attention

Tape.PNG

Microsoft Office 365 with Multi-Tenancy

Another feature primarily aimed at Veeam Service Providers. Veeam Backup for Microsoft Office 365 is currently available to all current Veeam customers for free. This will backup and protect your Veeam Office 365 instances, to provide item level recovery of all mailbox items.

With the announcement of Backup for Office 365 1.5, this will enable multi tenancy to allow service providers to protect Office 365 alongside VMs/Workstations or physical workloads.

office 365

Migrating, Managing and Protecting Public cloud (AWS, Microsoft Azure and other)

With the adoption of cloud computing across organisations growing, the ability to efficiently protect and maintain availability also becomes more challenging. The new Veeam Availability Console, this will deliver everything a service provider or distributed enterprise needs to deploy, manage and monitor Veeam-powered Availability services — no matter where the protected workloads are hosted.

 

Protecting Enterprise Mission-Critical Applications with NEW Veeam CDP 

Veeam Continuous Data Protection allows service providers to help customers to protect and recover business critical applications during a disaster. Veeam Cloud Connect uses vSphere APIs for I/O Filtering (VAIO) to offer continuous replication to private or managed clouds.

CDP

Built-in management for Veeam Agent for Linux and Veeam Agent for Microsoft Windows.

Currently Veeam Agent for Windows and Veeam Agent for Linux are manual, silo’d installations, with no over arching management. Now with the announcement of Veeam V10, built in management of those agents can now done via the Veeam Console. This will allow installation, monitoring and reporting of workloads where VAW or VAL are required

 

NAS backup support for SMB and NFS shares

An exiting feature, Veeam V10 will now incorporate the ability to protect availability of NAS/CIFS shares. If you’ve been using storage devices to provide CIFS workloads, but struggling to maintain the same level of availability as your virtual infrastructure, this feature will resonate with you.

cifs.PNG

 

Veeam – Free Cloud Services

You may have recently seen that Veeam have been advertising a huge $200 million giveaway.  This promotion is to help Veeam customers leverage cloud resources from service providers for free! Each Veeam customer is now entitled to $1000 of free cloud resources, or £640 in the UK.

So how do you get your hands your $1000 worth of free services?

First Step, head to  https://go.veeam.com/promo-free-cloud-services

cloud_services_landing.PNG

Fill in your details using the same email address that your Veeam licenses are associated with.

Veeam will now check your details and provide you with a unique code.

Next choose your Cloud Service Provider. Head to https://www.veeam.com/find-a-veeam-cloud-provider.html to find your preferred service provider. Please note you can also contact Enquiries@tctg.co.uk to receive these services

service_provider_landing.PNG

Now your chosen Cloud Service Provider will contact you with the details to set you up, and you’re good to go!

Using Veeam Cloud Connect to protect your backups from Ransomware

Ransomware (Shudder). Many of you will know someone who has been affected by some form of Ransomware or other. Many of you may have had to deal with this issue or even rescue businesses from the dreaded plight of the plethora of encrypted files.

You need to be ready to protect yourself from these attacks. Education and prevention are certainly key area’s, but ensuring that your backups are protected should also be high on the agenda. As these attacks get more sophisticated, stories are emerging of businesses finding their online backup data has also been encrypted or even deleted. So how do you protect yourselves from this? Veeam has written seven top tips to help you protect your backups. This can be found here: LINK

7 tops.PNG

Whilst all seven tips are important, I want to focus on why Veeam Cloud Connect can be used to protect your backups from Ransomware.

First , lets look at a simple example of a Randsomware attack. One of your users receives a targeted email, detailing that the attached invoice/order/schedule requires their urgent review. Your user opens said attachment, and they’re in. Immediately the Trojan starts accessing remote shares using the user’s credentials and starts encrypting files. For the purpose of this document, let’s also assume the affected user has Domain Admin access across the domain. Now, lets break that process down a little.

File share access. If your online backup repository is sitting on a CIFS/SMB share that is accessible via the network, this can be susceptible to Ransomware attack. If this share can be browsed from a networked machine, the Trojan can also potentially access it.

Veeam Cloud Connect is not accessible as remote share. The access is completed using propitiatory ports that can only be accessible from the Veeam Management Console. To further protect, you can create a rule on your external firewall to only allow communication to your service provider from your Veeam Management System. For information on ports required, please see here: LINK

Authentication. The Trojan uses the compromised user credentials to remotely access systems and file shares. With Veeam Cloud Connect, the Service Provider gives your defined credentials which have no reference to your internal AD/LDAP/Other authentication means. These credentials are stored within the Veeam Management Console and are encrypted. As only these credentials can access the Cloud Connect Repository, this further protects your offsite backups.

As a more general rule, ensure that access to the Veeam Management Console is also completed using another account. If you allow Domain Admins to access the Veeam Management Console, there is potentially a further risk that remote PS commands can be sent to delete backups opposed to encrypt. This information is again noted in the Veeam Article above.

If you’re interested in taking a free 30-day trial of Veeam Cloud Connect, contact Enquiries@TCTG.co.uk

 

This information is provided as is and correct at time of writing. The author of this post holds no responsibility for the security or protection of your backups. For further advice regarding protecting Veeam Backups see https://www.veeam.com/blog/tips-to-prevent-ransomware-protect-backup-storage.html

Veeam Cloud Connect

Back in 2014, Veeam released the Cloud Connect feature as part of their V8 update to Veeam Backup and Replication. This feature was a catalyst for businesses to extend their data availability strategy to Veeam partners offering Backup-as-a-Service. This model was heavily consumed by large numbers and three years on, the Veeam Cloud Connect possibilities are growing with the current iteration, Veeam Backup and Replication V9.5

If you’re not already familiar, Veeam Cloud Connect allows customers to connect to cloud based repositories to store backup data offsite. This connection is completed over the internet with no requirement for site-to-site VPN’s or any direct comms. This connection is encrypted over the internet to your service provider, and secured via logon credentials.

On the customer side, it couldn’t be easier to connect to your preferred service provider. From your Veeam Backup and Replication Management Console, navigate to ‘Service Providers’ and ‘Add Service Provider’

add service provide

service provider creds

Once confirmed, a new Cloud Repository will appear allowing you to configure Backup, Backup Copy or replication jobs to the repository.

Veeam Cloud Connect Design.PNG