Originally posted on People and Computers

“The combination of changing work patterns due to the coronavirus, with the increasing migration to cloud environments, creates a new and significant challenge for corporate information security managers,” said Ofer Amitai, one of the founders and CEO of Portnox, explaining how it can be answered at the identification stage.

“One day, a food supplier from abroad called me. One of the company’s employees, who was fired, connected to the organization’s operating systems, changed the temperature of the meat refrigerators and caused damage and loss of goods worth millions of dollars. That’s how they understood that more vital identification is needed on the network and contacted us, “Ofer Amitai, one of the founders and CEO of Portnox, told People and Computers.

“The coming period will be characterized by hybrid work. This format makes remote work an integral part of all workers’ activities, and those who have not yet dealt with a remote work method will do so today or tomorrow. It will enable regular work alongside the protection of the organization and its resources. The combination of changing work patterns due to the coronavirus, with the growing migration to cloud environments, creates a new and significant challenge for corporate information security managers, and is a winning combination for hackers,” continued Amitai.

What is the main challenge for information security managers?

“Above all the challenges facing the information security manager, there is a major challenge, and that is that he must understand who and what threats he is facing,” Amitai noted. “One of the most difficult challenges for the organization is the migration to the cloud – how the systems and data will be kept secure in this new environment on the one hand, and that all systems will work on the other. Israel is slightly behind cloud adoption compared to the US market. It will be like the main headquarters so that one day everything will be connected to the cloud, and the services will be consumed from it, without the need to join the offices to the branch. ”

He added that “when setting up secure access control to the corporate network, make sure that application-level privileges are managed – whether via remote connection (VPN) or user management (VDI), which allows remote, virtual access to the desktop. Connection security must also be ensured via MFA – multi-step authentication of the user. Then the end station must be handled, including personal devices that employees bring from home. The goal is to maintain a consistent level of information security, regardless of the identity of the end device.”

A significant promise – but also risky

Portnox was established in 2007 to help organizations protect their corporate networks through the use of technology that allows them to see all devices connected to the network and to perform preventative and corrective actions that defend it from risk-prone devices. “This is a technology that makes life easier for information security managers in their day-to-day work,” Amitai explained.

“When someone accesses the network – via a remote, local connection or cable – Portnox knows how to make a strong identification of the device and the user. We do not manage the end component, but its risks,” said Amitai. “Our product in the cloud, Portnox CLEAR, enables organizations to protect the enterprise network via the cloud. The solution complements the security layer for VPN and VDI solutions. Through continuous risk monitoring capabilities on end stations and devices, information security principles are maintained and enforced – regardless of physical location. The end station, whether inside or outside the organization, and owned by it, or whether it belongs to the company or the employee, thus, all stations become secure and authenticated devices, which comply with the organizational security policy – all through enforcement, by the policy definition The organization, which changes according to its needs. ”

In conclusion, Amitai stated that “all the trends in the market bring with them a great promise – but also risks. They expose organizations to more hacks into their network, which makes them look for security solutions like ours – smart, easy to manage, and those who make sure the corporate network is secure. We have a wide range of enterprise and SMB clients who come from many sectors, including the medical, banking, and high-tech sectors. In the past year, we have experienced a 30% increase in revenue, and I estimate that the growth trend, which continues this year, will continue in 2022.”

This kind of digital extortion – increasingly viewed as terrorism – would be impossible without the ability to move money around anonymously

Last month, a cybercriminal group penetrated the Colonial Pipeline. This wasn’t just “another” hack, with privacy consequences and threats on personal information. The severe results were shown instantly. Gas supply to millions of Americans was disrupted leading to a spike in gas prices and panic buying causing local fuel shortages in the southeast, and resurfacing old memories of the infamous gas crisis in the US in the late 1970s.

It becomes evident, and not for the first time, that ransomware has the potential to affect the personal lives of innocent citizens tremendously. The problem is worsening by the day as groups improve their ransomware code and collect easy money.

The US authorities responded – a national cyber investigative task force was formed and last night, DOJ told Reuters that US authorities will “give ransomware hacks similar priority as terrorism”. This begs the question, however: will it be possible to stop ransom hacks without treating its originator?

The fact is we’re not looking at this problem holistically. There is one factor making this problem possible, and systemic: cryptocurrency. Ransomware hacks thrive due to the possibility to transfer cryptocurrency easily, rapidly and without leaving traces. The criminals are not required to deal with complex transfers. Gone are the days where hostage-takers demand one million dollars in small-unranked-paper-bills, with a jet on the runway ready to take them to some foreign land where there’s no extradition agreement. All they need is a Bitcoin address, Monero, or ZCash, and a few command lines – and voila – the money lands safely at the hands of the criminals. It’s almost a sterile crime.

In fact, those money transfer machines enable the prosperity of a global crime industry, fueled by corporate extortion funds. For instance, in the case of the Colonial Pipeline, despite the involvement of the FBI and the law authorities, a five million dollar ransom was paid in order to free the systems. Some of the funds were recovered, in an unprecedented operation, and yet, the damage remained.

This is not pocket change. Each win – no matter how financially lucrative – builds on itself and gives these cybercriminals more confidence to fuel the next attack. For example, in dark web forums the phenomenon of “ransomware hack as a service” is gaining popularity, and criminals are offering ransomware for rent. The thieves have become so contented, that they are allowing others to use their tools, while they’re resting safely as ordinary software vendors.

In order to stop terror, we have to stop its funding. However, when it comes to ransomware hacks there is still no internalization of the fact that strict limitations should be put on its primary funding source – cryptocurrencies. The promise for liberty and freedom from censorship made by theoreticians in this field are shattered daily, and instead of a paradise for innocent civilians, we’re left with the opposite – a utopia for criminals. In fact, untraceable cryptocurrencies are the swamp in which the disease of ransomware flourish.

This swamp must be dried up. If governments around the world seriously intend to stop the phenomenon of ransomware hacks, they have to put strict limitations on money transfers via crypto currencies. They must supervise cryptocurrencies the same way they do with cash, bank transfers, diamonds or weapons. Countries should demand users to expose their money sources and prevent them from doing major deals not conducted through the supervised international banking system.

Governments should also implement methods of tracking cryptocurrencies and sound the alarm when illegal activity is detected. If they cannot decide on or implement a system to administer this, governments should consider the unpopular step of complete prohibition of holding and trading cryptocurrency. Drying up of the funding sources for these attacks may be the only viable approach to stop their continued proliferation. If we do not take immediate action to dry those swamps, we will find ourselves in the near future too weak and too ill to recover.

Originally posted on Times of Israel

Understanding RADIUS Authentication

Remote Authentication Dial-In User Service (RADIUS) is a protocol that was historically designed to authenticate remote users to a dial-in access server. Today, RADIUS authentication is used across an array of scenarios and is well known for it AAA capabilities — authentication, authorization, and accounting. By centralizing AAA capabilities, organizations give themselves improved security and greater efficiency. RADIUS servers provide each business with the ability to preserve the privacy and security of both the system and each individual user.

A basic RADIUS accounting process includes:

1. The process starts when the user is granted access to the RADIUS Server.
2. The RADIUS Client sends a RADIUS Accounting-Request packet known as Accounting Start, to the RADIUS Server. The request packet comprises the user ID, network address, session identifier, and point of access.
3. During the session, the Client may send additional Accounting-Request packets known as Interim Update to the RADIUS Server. These packets include details like the current session duration and data usage. This packet serves the purpose of updating the information about the user’s session to the RADIUS Server.
4. Once the user’s access to the RADIUS Server ends, the RADIUS Client sends another Accounting-Request packet known as Accounting Stop, to the RADIUS Server. The packet includes information such as total time, data, and packets transferred the reason for disconnection, and other information relevant to the user’s session.
5. Ultimately, RADIUS authentication prevents your organization’s confidential data from being leaked. It also allows easy depreciation capabilities and enables individual users to be assigned with unique network permissions based on their location, role, etc.

RADIUS Authentication in the Cloud

It’s well known today that RADIUS authentication is an effective way of enhancing network security, visibility and control. Just as more and more organizations move their enterprise software stack to the cloud, so too are they demanding flexibility and ease of deployment as it relates to RADIUS. This has given rise to the cloud RADIUS, a modern take on the traditional on-premise RADIUS server.

Standing up a cloud RADIUS offers several benefits for your organization, including:

• Built-in redundancy
• Ease of deployment
• Cost efficiency
• Auto-scaling
• ..the list goes on…

For these reasons, network engineers are turning cloud RADIUS solutions in droves. And as vendors like Portnox continue to make advances in machine learning, the reliability and feature sets of cloud RADIUS options become more and more appealing.

Portnox CLEAR’s Cloud RADIUS

Securing your network will always be a priority – no doubt one of many priorities your IT team is faced with – but it doesn’t need to be a drain on time and resources. With Portnox’s RADIUS-as-a-Service solution, companies can now efficiently and affordably authenticate to wifi, VPN, switches and network devices, while simplifying administration and enabling long-term scalability.

Tired of all the heavy lifting when it comes to standing up RADIUS servers? We feel your pain, that’s why we’re making it easier than ever to securely authenticate and control wired and wireless network access for all your users and devices.

How it Works