About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

I sometimes get asked if it is safe to do banking on phones. Keep in mind that there is no such thing as 100% security. It is always good to assess risks in any activity on a computer, be it a desktop computer or a phone. There are three main threats I can think of when it comes to online banking from your phone: keystroke loggers, man-in-the-middle attacks, and shoulder-surfers.

Keystroke logger

The risk is that an attacker has managed to get malware installed on your computer and they are tracking every keystroke you enter—including your account number and password—as you log onto your banking site.

Note that the risk is not unique to phones. It exists whether you are on a desktop, laptop, tablet, or phone. From Microsoft’s 10 Immutable Laws of Security: Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore. The best way to mitigate this risk is to do everything reasonable to prevent a keystroke logger from being installed. I recommend people only obtain phone apps from approved stores (Play Store for Android, App Store for iOS), and only install apps that have been around for more than a couple of months. While not a guarantee that an app is malware-free, it certainly helps.

And—preaching to the choir here—use a program like GlassWire on your Windows PC. Set the firewall section to Ask to Connect and turn on Automatically analyze all apps with network activity with VirusTotal. When a new program tries to access the network, you can see if the dozens of anti-malware programs at VirusTotal think it is clean.

Man-in-the-middle (MITM) attack

In a MITM attack, the attacker hosts a Wi-Fi hotspot with the same name as the hotspot run by a legitimate organization such as your favourite coffee shop. If you connect to the attacker’s access point, all your traffic goes through their computer and is then automatically passed on to the destination server you are communicating with. End-to-end encryption normally prevents the attacker from seeing the traffic, but it is possible for the attacker to establish an encrypted session between you and them and re-encrypt the data under a separate encrypted session between them and the destination server. In this manner, they can see all the unencrypted traffic.

This is one area where using a bank’s app is probably more secure that using your web browser to do online banking. It is far easier for the bank to build defences into their app to guard against man-in-the-middle attacks.

You can also mitigate MITM attacks by ensuring you are not connected on Wi-Fi and use the mobile network instead. While a malicious IMSI-catcher could intercept your phone signal, that only intercepts texts and phone calls, not data streams.

Another mitigation against MITM attacks is to use a VPN. By using a VPN, you establish an encrypted tunnel between your computer and the VPN server. The MITM attacker has no access to the unencrypted data. You are transferring your trust to the VPN operator, who is presumably more worthy of trust than someone who sets up a rogue WiFi hotspot!

Shoulder surfers

In this risk, someone nearby watches as you log onto your bank site and notes the account number and password as you type them in.

This is probably the easiest to guard against. Simply looking around is often enough. But it is possible for cameras to be watching as well, and these may not be as easy to spot.

Some password managers can automatically logon to sites for you, removing the need to manually enter your account number and password, and foiling a shoulder surfer.

Multi-factor authentication is also a good defence. In that case, simply knowing your account number and password is not enough; you also need your device or your biometrics. Your bank’s app may also have safeguards tying it to your phone.

Bottom line

Overall, I think the risk of banking on phones is pretty low. You can probably minimize the risk by using your bank’s app and—as always—keeping your phone free from malware. And don’t forget to have strong authentication to access your phone and always keep it under your control.

I would be happy if anyone has other ideas when it comes to any of my articles. I consider myself knowledgeable, but I don’t claim to be an expert. Please add your thoughts through the comment field.

A firewall for your network

Why installing a firewall for network? The global business world is spending hundreds of billions of dollars every year on acquiring and evolving their assets to digital. Figures say the rate is rapidly growing and will quickly reach 3 trillion dollars per year by 2025. 

With digital assets at the core of most businesses, sound network infrastructure is key to avoiding nasty surprises while keeping your revenue stream high.

A firewall is a fundamental security measure that creates a barrier between your network of devices and the external network. In doing so, it protects you against external threats such as malware and hackers trying to gain access to your data and system.

Adopting one is ultimately the first quick win for your network to be safe.

What can a firewall do for your network safety?

Firewalls come with a set of perks and enhance your network health and security.

Find below a list of major benefits of adopting a firewall solution.

1. Monitor data flow

Trojans and other malware silently sit on the back of your computer, exchanging data with malicious actors through your wi-fi. The first action a user can take is to monitor where the data goes and comes from and its volume, in real-time. 

GlassWire is working on a brand new feature able to compare the single user data for each app with a benchmark average obtained from its user base.

This will highlight suspicious activity such as anomalies in the volumes of data exchanged, and let the user block the jeopardizing piece of software with a single click.

2. Local access control

Adopting a firewall for the home network is the first-tier security line against cyber attacks. Monitoring wouldn’t be enough if not matched with the capability to control single app behaviors and secure your endpoint. A firewall should provide you with the ability to allow or deny your apps from exchanging data. Taking control over all the hosts and services that want to access your computer is underrated but is actually among the most powerful features in terms of security. 

A firewall allows you to customize a rule set for content filtering, thus allowing you to lock down the internet connection against unwanted packets of data. The simplest yet the most effective anti-malware.

3. Remote access control

Taking care of security is pretty straightforward when you own just a single computer or a local network. It’s indeed as simple as installing a firewall for the internal network and a malware detector. Things get way more complicated if you own remote-connected devices. 

In fact, one of the best features a firewall can provide is the ability to track the apps and services running on a number of devices connected remotely. You could then block those services individually and have control over the data flows they exchange.

4. Prevent virus attacks and hacking

Threats in the digital ecosystem are basically everywhere. Tuning your firewall for network security may prevent a virus from entering your computer and hackers from forcing your defenses. It may seem simplistic, but the very first line of defense comes from technology as simple as a filter, a firewall. 

By only admitting the desired data, you could drastically improve your level of security. It’s no news that the concept of a firewall applies also to humans, where a person himself acts as a filter in disclosing certain information.

The 5 Types of Firewall

If every firewall has its own architecture, is important to highlight the 5 main technologies on which they build.

1. Packet filtering firewall

This technology acts at the junction points between devices, such as modems and computers, and filters data packets according to certain rules. If a packet doesn’t pass the rules (IP address, packet type, port number, etc…) is simply blocked. 

2. Circuit-level gateway

The circuit-level gateway acts at the very beginning of a TCP connection, allowing only legitimate sessions. They filter out traffic that doesn’t respect established network protocols such as TCP handshakes and session initiation messages.

3. Application-level gateway (aka proxy firewall)

An Application-level gateway constitutes the only entry and exit point between the network and the device. It filters data by a number of characteristics such as the service for which they are intended, the destination port, and the HTTP request string.

4. Stateful inspection firewall

More complex technology is one of the so-called stateful inspection firewalls, not only matching each packet with a set of rules but also checking whether the packets are part of a certain network session or not.

If on the one hand, this is way more effective in terms of security, on the other hand, it requires more computational resources, resulting in less network performance.

5. Next-generation firewall (NGFW)

Next-generation firewalls are powerful software leveraging a variety of deep packet inspection (DPI), antivirus, and malware filtering. Moreover, they validate the packets after being assembled over a web browsing session, filtering out packets that don’t constitute a legitimate HTML-formatted response.

New cybersecurity challenges

New habits like remote working and cyber threats raising at large pose new cyber security challenges. Working remotely from home with a company device, for example, creates a new vulnerability scenario, that a malicious actor could take advantage of.

A home network may easily constitute a vulnerable company entry point and this is the reason for an endpoint cybersecurity solution on both personal and company devices.

Adopting firewall software for the home network will result in better protection for personal and business computers.

Introduction

In today’s hyper-connected world, cybersecurity is a hot topic. Maintaining and improving the security of data and sensitive information is becoming increasingly important for individuals and organizations.

In a fully connected digital environment, trending aspects of our life, like the Internet of Things (IoT), cloud computing, or the use of online banking, demand now more than ever a high level of protection: a robust endpoint security solution is essential to guard the digital lives of people and organizations.

There are many different components that make up an endpoint security solution, including antivirus and antispyware software, firewalls, intrusion detection and prevention systems, and data encryption. Each of these components plays a vital role in keeping your data safe.

However, managing multiple endpoints can be a challenge, as can ensuring compliance with various security requirements. And the BYOD trend introduces new challenges, such as ensuring that corporate data is not compromised on personal devices.

In this blog post, we’ll explore all of these topics in more detail and provide some practical tips for keeping your data safe.

What is endpoint security

The need for endpoint security

In the business world, data is everything. It’s what helps you make decisions, connect with customers, and drive revenue. So it’s no surprise that businesses are constantly looking for ways to protect their data. Endpoint security is one way to keep your data safe.

This is a type of cyber security that focuses on protecting single devices connected to a network. These devices can include laptops, smartphones, and tablets. Typical solutions include a combination of software and hardware that work together to protect your data.

The need for endpoint security has grown in recent years as more and more businesses allow employees to use their own devices (known as Bring Your Own Device or BYOD) for work purposes. This can increase the risk of data breaches, as personal devices are often less secure than corporate-owned ones.

There are many different types of solutions available, but not all of them are equal. To find the right solution for your business, you’ll need to consider your specific needs and objectives. But with so many options out there, how do you know where to start?

Different types of endpoints

Different types of endpoints require different levels of protection. For example, a laptop will require more protection than a smartphone because it contains more sensitive data, especially if used for business. Similarly, an employee who works remotely will need a different level of protection than someone who works in an office.

Here are some common types of endpoints:

• Laptops: Laptops contain sensitive business data and connect to public networks, making them vulnerable to attack. The best way to protect laptops is with a comprehensive endpoint security solution that includes antivirus and antispyware software, a firewall, and an intrusion detection and prevention system (IDS/IPS). Data encryption can also help safeguard business data in the event of a lost or stolen laptop.
• Smartphones: The usage of smartphones for work purposes is increasing. This makes them potential targets for attackers seeking to gain access to corporate data. The best way to protect smartphones is with a mobile device management (MDM) solution that can remotely wipe lost or stolen devices and enforce password policies.
• Tablets: Tablets have many of the same vulnerabilities as laptops. They are often used in public places such as coffee shops and airports, making them even more susceptible to attack. The best way to protect tablets is with the same type of comprehensive endpoint security solution that you would use for laptops.
• Remote workers: Remote workers are often the most vulnerable to attack because they’re not physically protected by a corporate network. The best way to protect remote workers is with a virtual private network (VPN) that encrypts their data and allows them to access corporate resources remotely.

The components of an endpoint security solution

Antivirus and antispyware software

An antivirus program is a computer program that detects, prevents, and removes malware. Antivirus software is designed to protect your devices from viruses, which are malicious programs that can infect your system and damage or delete your files. Antispyware software is designed to protect your devices from spyware, which are programs that collect information about you without your knowledge or consent.

Firewall

A firewall is a network security system that controls the incoming and outgoing network traffic based on predetermined security rules. A firewall can be hardware-based, software-based, or a combination of both. Hardware-based firewalls are typically used to protect corporate networks, while software-based firewalls are typically used to protect individual computers.
We’ve recently written about different types of firewalls if you want to dive deeper into the subject. 

Intrusion detection and prevention system

An intrusion detection and prevention system (IDPS) is a network security system that monitors network traffic for suspicious activity and blocks or alerts the administrator in the event of an attack. IDPS systems are various and can be host-based or network-based.

Data encryption

Data encryption is a process of transforming readable data into an unreadable format using a key or password. Encryption main purpose is to protect data from unauthorized access and ensure its confidentiality. Data encryption can be performed at rest (i.e., when it is stored on a disk) or in transit (i.e., when it is transmitted over a network).

The challenges of endpoint security.

Managing multiple endpoint security solutions

As the use of mobile devices and BYOD policies become more prevalent in the workplace, managing multiple endpoint security solutions can be a challenge for IT departments. There are a number of considerations that need to be taken into account when implementing and managing multiple endpoint security solutions, such as:

• The different types of devices that need to be secured (laptops, smartphones, tablets, etc.)
• The various operating systems that are in use (Windows, iOS, Android, etc.)
• The different security requirements of each type of device and operating system
• The different levels of security required for each type of device (basic protection for laptops, more comprehensive protection for servers, etc.)
• The need to ensure compatibility between the different security solutions
• The management overhead associated with multiple endpoint security solutions

Ensuring endpoint security compliance and policies

Another challenge faced by IT departments is ensuring compliance with corporate endpoint security policies. This is because employees are often using their own devices or mobiles for work purposes and may not be aware of or compliant with the company’s security policies. There are a number of ways to overcome this challenge, such as:

• Developing clear and concise corporate endpoint security policies that are easy to understand and follow
• Training employees on the importance of complying with corporate endpoint security policies
• Implementing technologies that allow IT departments to remotely monitor compliance with corporate endpoint security policies

Addressing the BYOD challenge

Over the previous paragraphs, we’ve mentioned BYOD. The acronym stands for Bring Your Own Device and constitutes one of the biggest challenges for IT departments today. With more and more employees using their own personal devices for work purposes, it can be difficult to manage and secure these devices.
There are a number of ways to address this challenge. The first and most important step is to have a clear and concise BYOD policy that outlines what types of devices an employee can use and what restrictions apply. The standard could be a simple procedure and set of rules to access the Internet via personal devices. It may include the use of a VPN to access corporate data or the adoption of certain security software, like GlassWire. Less popular but definitely effective, is letting the IT department remotely access and secure BYOD devices. 

Conclusion

Endpoint security is a critical concern for any organization that wants to protect its data. There are many different types of endpoints and each has its own security requirements. It’s important to carefully select and configure the right components of an endpoint security solution, to provide the most effective protection possible. Managing multiple endpoint security solutions can be a challenge, but it is necessary to ensure the safety of your data.

The Exe File Extention

Most people who use the Windows operating system have run into .exe files before, but not everyone appreciates their potential for hazard. Although most of the .exe files you rely on every day tend to carry minimal risk of harm, this rule doesn’t hold for all similarly-named files you’ll find online – or even those lurking in folders on your PC.

What makes unknown .exe files such a potential danger? Here’s a quick primer.

exe files in Windows

The EXE file extension is most commonly used for files that contain executable code. These files are typically used to run programs or start applications.

What’s inside a .exe file? If you were to open one with a regular text editor, you’d see massive chunks of seeming gibberish, but this doesn’t mean your computer is buggy. It’s just that these files aren’t intended to be read by humans because they contain mostly machine code.

Machine code includes the low-level instructions that tell a computer’s CPU how to store and move data, perform crucial arithmetic operations, and “jump” to other instructions. You can think of it as the cues that let your operating system know how to run a program by handling user input, displaying visuals onscreen, and performing other common tasks.

Windows Executable Files

Although .exe files only run on Windows (and formerly DOS), they haven’t historically been the only type of executable files these operating systems supported. Although the latest 64-bit editions of Windows no longer support them, older variants could run executables ending in “.com” and “.mz”. This may be worth noting if you’re running outdated software at home or in high-risk settings, such as a business.

The other point to bear in mind is that not all .exe files contain the same types of data. For one thing, specific programs include different instructions for your computer to follow. Also, there are a few different ways to encode those instructions in a Windows executable file, which gives rise to a range of format types including NE, PE, LE, DL, MP, P2, P3, W3, and W4.

The reasons for there being so many different formats make sense from a historical standpoint. It’s only natural that developers would improve on the old versions to deliver better performance and leverage new computing features – After all, Windows executable files and their predecessors have been around for decades!

The problem from a security perspective is that this can make things way more confusing for ordinary users.

Remember how we mentioned that opening a .exe file in a text editor would just show you a bunch of gobbled characters? There’s really no way for most people to tell at a glance whether a .exe file might contain a harmful payload. The confusing state of .exe files means that you’ll typically need to take more advanced steps, like using Windows Security or a third-party virus scanner, as we describe here.

EXE files and other executable extentions

Complex operating systems like Windows rely on hundreds of programs running in the background in addition to the applications you specifically launch from the menu. Although there’s no exhaustive list, you might see names like:

• svchost.exe
• lsass.exe
• igfxem.exe
• mrt.exe
• msascuil.exe
• gfxdownloadwrapper.exe
• tiworker.exe
• hxtsr.exe
• ntoskrnl.exe
• video.ui.exe
• localbridge.exe
• fingagent.exe
• werfault.exe
• backgroundtaskhost.exe
• spoolsv.exe
• msedge.exe
• olicenseheartbeat.exe
• cleanmgr.exe
• compattelrunner.exe
• mpcmdrun.exe
• sihclient.exe
• sdxhelper.exe
• msmpeng.exe
• apphostregistrationverifier.exe
• dashost.exe
• systemsettings.exe
• winstore.app.exe
• yourphone.exe
• microsoft.photos.exe
• Winword.exe
• rundll32.exe
• wermgr.exe
• pingsender.exe
• mousocoreworker.exe
• mpsigstub.exe
• dmclient.exe
• waasmedicagent.exe

File Extensions Explained

Why bother with file extensions at all? Don’t make the mistake of thinking you can just change a file extension to protect yourself. Doing so has no bearing on the contents of the file and will actually make your life harder.

File extensions consist of the characters after the final dot (‘.’) at the end of a filename, such as the “.exe” in “my_cool_program.exe”.

These suffixes serve a few different purposes: For instance, they make it easier for human users to tell which of their files contain which types of data. They also serve a similar function for machines.

When a computer operating system, like Windows, sees a document with an extension, it relies on this information to know which program it should use to open that file. For instance, a Microsoft Word document usually has a “.doc” or “.docx” extension, while an Excel spreadsheet document will have a “.xls” or “.xlsx” extension.

Above all, remember that you can’t afford to take extensions for granted. Any user with the appropriate permissions can rename a file to have whatever name or extension they like, even if that file contains something malicious, such as a virus or malware. If you’re not sure what you’re dealing with, consider equipping yourself with better protection by installing GlassWire’s Endpoint Security Solution.