Security Advisory: Zerologon, a level 10 Critical Vulnerability

Security Advisory: Zerologon, a level 10 Critical Vulnerability

It was recently discovered that a new Critical vulnerability, named Zerologon, has been found for windows which is so severe that the Common Vulnerability Scoring System (CVSS) has given it a score of 10 out of 10 and Microsoft itself has rated it as a severe vulnerability.

What is Zerologon?

The vulnerability was found in Netlogon which is the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. The vulnerability in Netlogon allows for attackers to:

  • Impersonate the identity of any of computer on your network during an authentication attempt on a domain controller
  • Disable security features in the Netlogon authentication process
  • Change a computer’s password on the domain controller’s Active Directory

The only limitation for the vulnerability is that the attack can only be done if the threat actors already have gotten into your network.

What can I do?

Firstly, it is highly recommended that you update your Microsoft security to avoid this vulnerability. This is the most important step into making sure that your network is not affected by this critical vulnerability. You can find the Microsoft security advisory CVE-2020-1472 here.

If patching cannot be done immediately, one way to help mitigate an attack is to prevent attackers from getting into the network. As stated above, the limitation of this attack is centered on them getting inside the network, however, once they do, it means that they will be able to take control of your whole network.

Trend Micro Solution

For our Trend Micro customers, Deep Security or Apex One can be used to do virtual patching to help mitigate the attacks to help ensure that your network is safe. Below are the IPS rules that may help you strengthen your defense if patching cannot be done immediately:

IPS Rules

Deep Security and Cloud One – Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP)

  • Rule 1010519 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
  • Rule 1010521 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability Over SMB (CVE-2020-1472)

Please note that both rules are already set to Prevent.


Other Inspection / Detection Rules

Deep Discovery Inspector

  • Rule 4453: CVE-2020-1472_DCE_RPC_ZEROLOGON_EXPLOIT_REQUEST
  • Rule 4455: CVE-2020-1472_SMB2_ZEROLOGON_EXPLOIT_REQUEST

For those interested in learning more about the attacks, Trend Micro is also hosting a webinar this coming September 29, 2020 to talk more in detail about the vulnerability. You can register for the free webinar here.

If you have any questions with regards to either Zerologon or the Trend Micro solution to help prevent the attacks, please just contact us via email (rcruz@ctlink.com.ph) or through our landline 88939515 and we would be happy to answer your inquiries!


Texture vector created by macrovector

Zero Trust Security: 6 reasons Why Companies are Adopting it

Zero Trust Security: 6 reasons Why Companies are Adopting it

As we are more than halfway through the year, we have seen that the Covid Pandemic has accelerated the need of many companies to provide a better remote access solution not just for sales, but for many other divisions. Although many have been concerned with performance of their applications with this new setup, many are also starting to see the need to improve their security for these solutions as well.

A global study was done by Cybersecurity Insiders which showed that many are already looking into incorporating it into their Secure Access Architecture. Below are a few key findings from the study:

  • Over 60% of participating organizations find the Zero Trust tenets of continuous authentication and authorization, trust earned through entity verification, and data protection as most compelling for their organization
  • Over 40% of participating organizations expressed privilege management, insecure partner access, cyberattacks, shadow IT risks, and vulnerable mobile and at-risk device resource access as top challenges to secure access to applications and resources
  • 45% of participating organizations are concerned with public cloud application access security, and 43% with BYOD exposures
  • 70% of organizations plan to advance their identity and access management capabilities
  • 30% of organizations are seeking to simplify secure access delivery including enhancing user experience and optimizing administration and provisioning
  • 41% of participating organizations are looking to re-evaluate their secure access infrastructure and consider Software Defined Perimeter (SDP) – with the majority requiring a hybrid IT deployment and a quarter adopting a SaaS implementation.

On a global scale, we can see that the trend of remote access solutions is becoming the new norm for many organizations. While we move forward, our IT Security team has to deal with the increased security risks as we open new security flaws with unauthorized and non-compliant devices.   

This is where security vendors with Zero Trust Security products and solution providers like us can help your organization. We have been helping many clients throughout the lockdown to find the right solution for them whether it has been for improving remote access performance or security.

The Zero Trust Model can be summarized by the following questions: Can the user prove their identity and of the device they are using? Are they allowed to access this application? Is the network they are using secure? If they cannot answer yes to either of these questions, they should not gain access to the network.

If you are interested to learn more about the solution, you may read more here, or you may contact us directly at 88939515 for us to better assess your situation and find the right solution for you!


Image Provided by Vecteezy

WFH/BCP Challenges: Improving VPN Firewall Security Concerns

WFH/BCP Challenges: Improving VPN Firewall Security Concerns

Before the Covid-19 pandemic, many companies did not provide their workforce with client VPN access due to the concern on the security of data. However, most companies were caught flat-footed when the government suddenly announced the Enhanced Community Quarantine (ECQ). This forced many companies to adopt a short-term remote access solution by enabling the Client VPN feature that came with their firewalls. As the quarantine extended, many have come to realize that their Client VPN firewall feature would not be enough as a long-term solution.

Holes in traditional VPN Firewall Solutions  

Existing Firewall solutions were used by majority of companies here as a band-aid fix to their BCP/WFH needs during this crisis. They quickly realized that after enabling this feature, that their firewall was not equipped to accommodate the large amount of client VPN users. This is either due to the limitation on the number of concurrent users, or the hardware has a limited throughput for VPN users leading to a poor user experience.

Another concern with traditional firewall-based VPN is that it provides full access to remote users with minimal control and visibility on what the users are doing, which leaves the IT team unaware if most users are accessing the corporate network with security compliant devices. In fact, with an increase of varying location, time of access, and device used, it makes it even harder to spot malicious activity. This can increase the chances of your company from suffering a data breach or experience data leakage.

In fact, even malware residing on the user’s home PCs can traverse over the VPN and arrive to your corporate network if not properly secured. VPNs are used more to encrypt your data so that outsiders are not able to view your data or hijack it. It does not mean that infected files from unsecured endpoints will be scanned through a VPN.

Zero Trust Secure Remote Access Solutions

Companies need to fortify their security capabilities to prevent and contain cyberattacks and data leakage. With the help of more advanced remote access solutions like Pulse Connect Secure, your company can solve beyond the traditional dilemmas while ensuring future scalability.

With Pulse Connect Secure, it always enforces the strategy of verification before trust to ensure that only authenticated users with compliant devices can connect to authorized applications and corporate resources at any time, from any location, over any network. By always verifying, it is ensured that:

  1. The user trying to access the network is who they claim to be to keep the wrong people out, through a multi-factor authentication in place
  2. The device used to connect to the network is an authorized device (i.e. company-issued laptop) or has met the specific corporate security requirements to decrease the possibility of malware infiltration and data loss
  3. Users can only access authorized resources based on their roles to limit access to confidential information and reduce chances of data leakage

To learn more about secure remote access solutions, send an email to rcruz@ctlink.com.ph or contact your CT Link Account manager today!


Images were provided by Vecteezy (1, 2)

Reducing Business storage costs with vSAN and Dell EMC

Reducing Business storage costs with vSAN and Dell EMC

Technology is growing at a fast pace. When you consider the situation, many are going through now, many have to adapt to new technology to ensure their place with their consumers. Adapting to new applications are key now. This means that those that adopt new technology are also starting to feel the growing data requirements that come with it.

Maximizing storage efficiency is becoming more difficult as new applications are added into your network. This can become problematic as it can start slowing down your systems infrastructure, affecting the user experience.

To fix the issues traditionally, means upgrading your current infrastructure to match with the growing needs of the company. This however can become costly as you move forward without considering the future needs of your organization. So how do you properly scale your business infrastructure while keeping your costs at a minimum?

This is where solutions like software defined storage solution can help, vSAN in particular. With its simplistic approach to a complicated architecture, you can ensure that your company will be able to scale its infrastructure optimally and securely through its virtualized shared storage model.

As a software defined solution, you are also able to pair your vSAN solution with hardware that you choose. Deciding on a hardware to run vSAN is also an important step to your growth when considering future directions of your company. This is why partnering with a reliable hardware vendor is key to ensure that your solution is running optimally for your present and future needs.

This is where Dell EMC’s vSAN ready nodes excel in. They are pre-configured and validated building blocks that reduce deployment risks, improve storage efficiency while allowing you to scale storage quickly and easily as needed. Below are a few key considerations to note on to consider Dell EMC hardware when using vSAN:

Reduce project risk

Dell EMC vSAN Ready Nodes are jointly validated solutions in tested and certified server configurations for accelerating vSAN deployment. Dell EMC and VMware have collaborated on vSAN for more than five years, putting the technology through thousands of hours of testing.

Improve storage efficiency

Dell EMC vSAN Ready Nodes improve storage efficiency while reducing capital expense (CapEx) with server‑side economics, affordable flash and grow‑as‑you‑go scaling. Reducing the time and effort it takes to deploy and manage compute and storage infrastructure reduces operational expense (OpEx).

Scale quickly

Dell EMC vSAN Ready Nodes enable easy deployment with factory‑installed, pre‑configured and pre‑tested configurations for a range of needs. Faster configuration, fewer update steps, and reduced time for maintenance, troubleshooting and resolution all add up to a solution that scales quickly.


To learn more about Dell EMC and vSAN, contact your CT Link account manager or email us at marketing@ctlink.com.ph

ECQ Success Stories: CT Link Managed Services Remotely Secures Client’s WFH setup

ECQ Success Stories: CT Link Managed Services Remotely Secures Client’s WFH setup

With the suddenness of the declaration of the ECQ, most companies were unable to give their workforce the tools that they may have needed to work effectively at home. This left many employees to find their own ways to complete the tasks that they do on a daily basis at home. Many of which ended up using their own devices and installing the apps from work or apps and connecting to thru the company VPN.

Client Challenges: Unsecured Personal Devices connecting to Corporate VPN

One of our customers from the Public Sector encountered this dilemma during the start of the ECQ. They have about 500 employees who need to Work From Home (WFH). They were unable to give all employees resources in which to accomplish their tasks so opted to allow employees to use their personal devices. However, the Infosec Team is concerned that malwares from the personal devices could enter thru the VPN connections.

Solution: CT Link Managed Endpoint Security

As a CT Link managed service customer, we deployed Trend Micro’s Worry-Free Business Security Services (WFBSS), which is a cloud-based Endpoint Security Solution. We provided the link for installing of Trend Micro Agents to end users and assisted them in deploying this on their endpoint devices.

As a cloud-based solution, we were able to be with them every step of the way during this process and helped with problems that occurred during installation of some devices while also monitoring the threats found by WFBSS. This has proved as an effective measure for them as presently WFBSS has detected over 3,000 suspicious and malicious activities from the endpoints.

Security as a Service

Having Managed Services for security helped our client worry less about the security from personal devices connecting into their network and freed up their time to concentrate on other important tasks at hand during the ECQ. This meant that we handled the troubleshooting of the installations of the endpoint devices and monitoring of malicious activities reported by WFBSS. This service is also not reserved for only enterprise accounts as our services are actually very beneficial as well to small and medium businesses that do not have their own dedicated IT team.  Below are a few key features in which you can expect to get when subscribed to our managed services:

  • Keep outside threats like malware from getting in and sensitive data from going out
  • Filtering potentially dangerous or inappropriate websites
  • Preventing phishing and social engineered attacks from getting to your users
  • As a cloud-based solution, support is done remotely
  • Supports WFH setups to ensure your network is safe
  • Ease of deployment with little to no IT skills required
  • Centralized monitoring through one dashboard accessible through the cloud

If you are interested in learning more about our CT Link managed services or WFBSS, contact your CT Link AM or reply to this email and we will get back to you as soon as possible!


Images were provided by Vecteezy (1,2,3,4,5)

ECQ Success Stories: CT Link Managed Services Remotely Sets up Audio Conferencing for Customer Board Meeting

ECQ Success Stories: CT Link Managed Services Remotely Sets up Audio Conferencing for Customer Board Meeting

Right now, there are little to no physical meetings happening due to the need for us to practice social distancing. This has caused a spike into companies looking to put their meetings in the virtual space where they can be safely conducted. To others, however, video conferencing is not feasible for various reasons.  One of our clients fell under one of those reasons.

Customer Challenge

With the extension of the ECQ, our client would not be able to carry out their scheduled board meeting at their office.  This meant that they needed to find an alternate way to carry out the meeting which was scheduled in four days. One consideration they had was to use Microsoft Teams video conferencing capabilities. However, the attendees were not tech savvy individuals and asked their team if it was possible to join the board meeting using landlines.

Our Solution: Set up Audio Conferencing on Microsoft Teams

As they are currently a CT Link Managed Services customer for Office 365, our team set up an audio-conferencing facility using our own tenant to let them try and see if this met their needs.

Within a few hours, the environment was ready and a dedicated bridging number was provided.  Our engineer taught the customer how to use the Audio Conferencing facility. They tested the facility the following day and confirmed that is what they needed, especially because it is easy for non-tech savvy individuals to connect. They only had to dial the bridging number on their landline phones and provide a conference ID for them to join the conference. With this, we recommended the most cost-effective subscription that needs to be added to their Office 365 tenant.

Upon confirmation by the customer on the availment of the additional subscription, the Audio Conferencing was set up in their Office 365 tenant. The board meeting was scheduled and was held using the Microsoft Teams Audio Conferencing Facility. A CT Link engineer was on standby on the day of the meeting to assist with any connection issues.

Audio vs Video

Although video conferencing is now steadily growing in popularity, audio conferencing still has many advantages over its video counterpart. One would be what our client encountered, it is easier for users to connect to and can hold more participants (up to 250 concurrent users).  It is as simple as dialing the number to the join the conference. 

Audio conferencing is also more viable to those who have limited access to the internet, whether it be due to remote locations where connectivity is limited or if the user is currently roaming. Quality of audio is also much better when done through audio conferencing, so if your meeting requires no video aspect, it is usually much better to hold it as an audio conference.

Microsoft Makes Teams Available for Everyone in Light of Covid-19

With the flexibility of Microsoft Teams, there are many ways to collaborate with your colleagues remotely during the ECQ. We have been working closely with many of our clients during the ECQ to set up their Microsoft Teams’ journey remotely. Whether their interest be in a free messaging app, a better tool to share documents, or even to set up video conferences, it has been helping many of our clients improve their operations and productivity.

If you would like to learn more about Microsoft Teams or if you would like to try it for yourself for free, please get in touch with your CT Link account manager or you can send an email to sales@ctlink.com.ph / marketing@ctlink.com.ph and we would be happy to help you!


Images were provided by FreePik (1, 2, 3, 4) and Vecteezy (1, 2, 3, 4)

ECQ Success Stories: CT Link Managed Services restores Client’s Web Services from Failed Physical Server

ECQ Success Stories: CT Link Managed Services restores Client’s Web Services from Failed Physical Server

Disruption to your business can happen without any notice. This was felt by everyone when the enhanced community quarantine (ECQ) was suddenly implemented last March 2020. Companies were forced to adopt a Work From Home program where servers are expected to be always available even when unattended.

Client Challenge

A couple of days into the ECQ, one of CT Link’s customer’s web server became inaccessible. The server hosts the web portal of the company, which runs on a physical server. They have an appliance deployed on-site to back up some of the customer’s servers which are replicated to a private cloud to serve as a Disaster Recovery (DR) site. However, despite no one is in their Data Center, they must bring the web portal back up running as soon as possible, without anyone going on-site.

Our Solution: CT Link’s Managed DR as a Service

With a subscription to CT Link’s Managed DR as a Service, a teleworking CT Link Engineer was assigned to the case after the customer contacted CT Link Customer Service. By accessing the BCDR Orchestrator, a working backup from the previous night was identified. However, with the physical server not accessible remotely, how can the back-up be restored to the original server?

CT Link’s Managed DR as a Service used a two-part solution:

Restore Even Before Repairing via Local Virtualization

The on-prem appliance being used for CT Link’s Managed DR as a Service has a capability called local virtualization which allows the appliance to host virtual machines restored from the backups. This feature was used to restore the most recent backup of the web portal into the appliance. This enabled the web portal to be accessible to users once again. The web portal was hosted on the backup appliance for 4 weeks until the systems administrator was able to visit the Data Center.

Easily Move Over to a New Physical Server via Bare Metal Restoration (BMR)

Once the systems administrator was able to replace the physical server, the web portal had to be moved back from the backup appliance into the physical server. Manually reinstalling the operating system, installing the web server software and patching and hardening the server would take a couple of days.

Instead of reinstalling the operating environment, CT Link engineer used the Bare Metal Restoration technique to quickly restore from the backup appliance into the new server. Bare Metal Restoration removes the need to reinstall the OS or applications prior to restoration, making the transition smooth and easy.

Commendation

Customer sent a commendation to the engineer assigned to their case, for having their web portal back up running and accessible in just two hours after contact. Having seen the benefits of CT Link’s Managed DR as a Service, the customer is now considering enrolling more servers into this service.

Keeping BCDR in mind

Business Continuity and Disaster Recovery plans are investments into keeping your operations running. Our client experienced this first hand, having faced two disruptions simultaneously from the ECQ and having their server go down when no one could service it physically. However, they came out of this ordeal with minimal downtime, reaping the benefits of their investments.

If you are interested in learning more about CT Link Managed Services, you may email us at sales@ctlink.com.ph / marketing@ctlink.com.ph.


Images were provided by Vecteezy and Freepik

Working Amid Enhanced Quarantine: Protect your Business from Disruptions and Keep Workforce Productivity

Working Amid Enhanced Quarantine: Protect your Business from Disruptions and Keep Workforce Productivity

With the Covid-19 impacting almost everyone, companies are reviewing their business continuity strategy during this unplanned disruption. To keep the business up and running, organizations must take a more comprehensive approach encompassing both organizational measures and technologies to minimize disruption, maintain security, and support uninterrupted productivity for users and teams. Best practices for a complete business continuity strategy should address business continuity team structure, business continuity planning, disaster recovery and business continuity testing, crisis communications, and employee safety and awareness programs.

Providing users with the experience they need, a secure digital workspace can grant seamless access to business apps and data on any device, over any network, hosted on-premises or in a public cloud. Contextual awareness allows just the right balance of security and flexibility for their current situation, without compromising corporate resources. Analytics and insights help IT maintain security, compliance, and threat protection wherever and however people work.

With Citrix, companies can be protected from consequences such as financial loss, damaged reputation, weakened customer and partner relationships, and lost productivity. The same secure digital workspace technology lets people connect with apps and data in both routine operations and emergency situations, using any device, network, or cloud. This makes it simple for people to do whatever their priorities dictate – whether to continue working normally, perform new tasks required by the event, or focus on the needs of their families and themselves, then resume work as circumstances allow.

Below are some ways that Citrix can help you improve your BC efforts:

Secure Access from Anywhere on Any Device

Allow your workforce to access their workspace from anywhere on any device using whatever available connection.

Data Stays in the Data Center

Through application virtualization, data is managed and stays in your data center. It also gives your IT the ability to limit user’s access to your network as well.

Provide IT Help Desk Support to WFH Users

Give your IT team full visibility, so that they can provide real-time analytics and resolve issues faster. Connect to your user’s session to help them resolve their IT issues.


To learn more about Ctirix’s solutions, you may send an email to sales@ctlink.com.ph or marketing@ctlink.com.ph!

Security Advisory: Malicious Attacks using COVID 19 are becoming more widespread

Security Advisory: Malicious Attacks using COVID 19 are becoming more widespread

Due to recent events, many of us have had to do significant life changes be it personal or work related. This has affected many of us globally and even created a trend that many are using to their advantage, such as people making profit off shipping masks to other countries. So, it comes to no surprise that many cyber criminals are also using this to their advantage. According to Trend Micro, there has been a surge of malicious attacks being detected that have been using the COVID 19 as a lure to infect unsuspecting users.

From the duration of January 1, 2020 – March 27, 2020, Trend Micro’s Smart Protection Network blocked more than 300,000 threats using the COVID 19. They found that 65% of the attacks were in the form of spam emails while other 35% were malware related or malicious URLs. Around 56% of malicious URLs are phishing attacks, so making sure your workforce is properly educated on how to spot these attacks is crucial in keeping your company safe. Around 80,000 files used in spam that had the keyword COVID were mostly Trojan files, the others were in different malware families, only a handful were ransomware related.

Defending your Workforce from COVID related threats

Below are a few tips in which your workforce can follow to help minimize the risk of falling for COVID related scams:

Use a company device for remote work if possible

If possible, use company issued devices. Personal devices may not have as much security controls then company owned devices. Do not use company devices for anything unrelated to work.

Prepare a backup solution at home

Preparing a backup with what you have on hand (USBs, external hard drives, etc.) is better than not preparing in case anything goes wrong.

Be wary of online scams

Unfortunately, there will be people using this crisis to scam or make money of people who are currently on high alert. Let us remember to always be vigilant and look out for suspicious emails or URLs, especially if they are unverified and currently using COVID in their filename or URL.

For those who wish to add more security to their current mobile workforce, Trend Micro’s Smart Protection suite and Worry-Free Business Security can help you detect and block these malicious threats.

As an added layer of defense, Trend Micro™ Email Security thwarts spam and other email attacks. The protection it provides is constantly updated, ensuring that the system is safeguarded from both old and new attacks involving spam, BEC, and ransomware.


To learn more about how to better protect your workforce with Trend Micro solutions, you can send an email to marketing@ctlink.com.ph and we would be happy to answer your inquiries!

Five tips from Microsoft Detection and Response Team to minimize Advanced Persistent Threats

Five tips from Microsoft Detection and Response Team to minimize Advanced Persistent Threats

Microsoft’s Detection and Response Team (DART), in an effort to encourage the use of better security practices, is planning on sharing its experiences wit customers to let others know the methods of hackers.  One particular customer story just shows how some organizations are still lax when it comes to security as they had 6 different groups hacking their network in the same time period.

In the first report that they gave, there was details of an advanced persistent threat (APT) that was able to steal administrator credentials to steal sensitive data.  This attack persisted for 243 days, this was when DART was called in to help the customer.

One thing to note, this attack could have been prevented if a multi-factor authentication (MFA) was in place.  Microsoft says that almost 99.9% of compromised accounts do not use MFA, and only 11% of enterprise accounts use MFA.

When DART was in the process of removing the attacker on the system, that was when it discovered the other 5 intruders within the network.  The attackers were not coordinating the attack together, the main attacker used a password-spraying attack to get the credentials of the Office 365 admin.  They then searched the mailboxes for confidential emails that contained intellectual property in certain markets.

The company tried its best to resolve the attack in the first month, but then needed to call in an incident-response vendor to help.  It proved to become a lengthy investigation and after 7 months, Microsoft’s DART was called to help with the investigation.  They were able to eject the threat on the day they were assigned the task.

Below are a few Microsoft recommended ways in which to avoid the risk of APT attacks:

  • Enabling MFA
  • Removing legacy authentication
  • Giving enough training to first responders
  • Logging events properly with a security, information and event management product
  • Recognizing attackers use legitimate administrative and security tools to probe targets

To learn more about how you can keep your systems safe from APT attacks or other major attacks like ransomware, you can contact us at 8893 9515 or email us at sales@ctlink.com.ph and we would be happy to help you!