Capitol One Breach

The Capital One Data Breach: How Crisis Could Have Been Averted

Reading Time: 3 minutes

In what is sure to be one of the largest data breaches of 2019, financial giant Capital One confirmed on Monday that sensitive customer data had been breached, affecting around 100 million Americans and 6 million Canadians. A hacker, who is a former Amazon employee, exploited their cloud servers and stole credit card application data, including 80,000 bank account numbers and 140,000 Social Security numbers.

The largest category of information which was accessed is related to consumers and small businesses who applied for credit cards between 2005 and early 2019, according to a statement from Capital One. 

The stolen information included names, addresses, postal codes, phone numbers, email addresses, dates of birth, and self-reported income, as well as other bits of important data that may be used by criminals to carry out fraud. 

Who Let the Data Out?

The cause of the breach was a cloud firewall configuration vulnerability, which Capital One said it has since fixed. The unauthorized access took place on March 22-23, 2019 when the attacker exploited a firewall misconfiguration which permitted commands to reach the impacted server. 

This exploit allowed a hacker to execute a series of commands on the bank’s servers. Once through the perimeter, the intruder commandeered the credentials for an administrator account, gaining access to Capital One’s data stored on their AWS servers. The file contained code for three commands:

The first command obtained security credentials from an administrator account that had access for web application firewalls. The second listed the number of buckets or folders of data in an Amazon Web Services (AWS) database. The final command by the hacker was to copy the data from the Capital One repository. After successfully exfiltrating the data from Capital One’s servers, the hacker posted the stolen data to GitHub for a brief while before dropping a dime on herself on Slack. Despite her use of tools aimed at keeping her anonymous, it created a digital trail for their potential arrest. 

Is Capital One to Blame? 

Data breaches on cloud storage services are occurring more often, primarily because more companies are using the cloud and attackers are seeing this as a fruitful platform. Despite the migration to cloud services, companies are still responsible for their own security even on the cloud. When implementing a cloud storage service there are many financial and logistic benefits but companies must not forget the importance of cloud storage security. 

There is no denying that cloud computing is the way of the future, but when financial institutions that house so much sensitive customer data approach the cloud, implementing the proper security measures is an absolute must. In the case of the Capital One breach, despite being cloud innovators, security wasn’t up to par.   

Capital One has been a major advocate in the banking world for cloud services. The company is migrating more of its applications and data to the cloud and plans to be done with its data centers by the end of 2020. Other financial institutes have been more cautious of implementing cloud services, largely for security reasons.

Cloud-hosting services such as AWS are very appealing to companies looking to cut costs as data centers carry a hefty price tag, often tens of millions of dollars. When it comes to data security, AWS, like most providers, the cloud storage model is the Shared Security Responsibility model. This assures certain layers of infrastructure and software security, but the customer is ultimately responsible for how data is used and accessed.

Clearly, there were mistakes with how Capital One was protecting this AWS bucket as it appears someone was able to access the data it contained pretty easily. The Capital One breach is proof that companies have a lot to learn when it comes to deploying security technology effectively and especially the importance of access to cloud storage must be defended and protected by adopting security strategies.

Stay on Top with Secure Network Access 

Many organizations still rely on outdated hardware-based VPN technology with a distributed management system and other complicated client applications. These systems are complex, costly, require extensive management, and most notably, they are not cloud-friendly.

Access to cloud storage must be defended and protected by adopting security strategies, like the Zero Trust security model, which enforces multiple layers of verification before granting resource access. Furthermore, this breach highlights the need to embrace cloud-compatible cybersecurity solutions. 

To prevent similar risks such as the Capital One breach, organizations should use Software-Defined Perimeter technology and the Zero Trust model to close their cloud environments and SaaS services so that they can only be accessed by authorized devices, users and locations.

The shift to the cloud is inevitable, so it is key that financial institutions also adopt cybersecurity services that are well designed to integrate with major cloud providers. Our solution is based on the Zero-Trust security model and allows direct access to cloud resources and applications while evaluating the user permissions and related metadata. With Perimeter 81, organizations can ensure that only authorized connections are being established while leaving their cloud environments completely hidden from attacks.

To learn more about Perimeter 81’s Zero Trust Network as a Service be sure to request a complimentary demo.

Read More

How to Improve Cloud Security and Productivity Through IP Whitelisting

Reading Time: 4 minutes

Manually whitelisting IP addresses can be a time-consuming process that needs constant management which is why utilizing a service that does this for you can boost employee productivity and improve cloud security.

IP whitelisting allows IT administrators to assign any team member a single, static outgoing IP address. This capability enables new types of cloud and on-premises configurations that are only possible with static IP addresses.

Instead of blocking access to identified risks and threats, such as in the case of blacklisting applications, web pages or IP addresses, IP whitelisting allows you to identify and permit access to trusted resources. By whitelisting IP’s, you are granting only trusted users within a specified IP address range permission to access specific domains or network resources such as emails, applications, URLs or more.

However, manually whitelisting IP addresses can be time-consuming and requires constant management. Here’s how you can automatically whitelist IPs so that you can boost employee productivity and improve cloud security for your entire network.

Whitelisting Usage and Benefits

Implementing IP whitelisting not only improves security but also promotes a more productive workforce by providing a secure and easy way for users to access private network resources from both personal and corporate mobile devices.

  • Improve Cloud Security
    By implementing IP whitelisting, you can improve system security by preventing unauthorized access to your account. If someone tries to access your network with an IP address that isn’t whitelisted, they will be denied access. With Perimeter 81, we provide IT administrators and owners the ability to define user access for every employee in the network, group them with users of similar access limits, and automatically whitelist the group’s IP address.
  • Increase Productivity
    Without a service like Perimeter 81 to whitelist IP addresses for you, IT administrators are left to manually whitelist IP addresses for users, websites, and other gated resources which can take a significant amount of time. With whitelisting, businesses can also limit access to unsecured or distracting sites that can reduce productivity and cut into profits. In fact, 50 percent of businesses take whitelisting very seriously because of these reasons.
  • Secure Remote Access
    Whitelisting enables organizations to secure remote access to the network, including BYOD (Bring Your Own Device) that allow employees to utilize their own devices. With remote access security, businesses can mitigate both cloud and on-site risks that could negatively impact your company’s projects or profits.

How to Whitelist IPs with Perimeter 81

Utilizing Perimeter 81’s secure network access service, all Internet traffic is fully secured and encrypted. Using the unified management portal, IT administrators can easily block out threats, grant user access to approved resources and automatically whitelist specific IP addresses.

How it Works

Perimeter 81’s private gateway feature provides IT administrators with the power to whitelist IP addresses, thereby enabling all team members to share a single, static outgoing IP address accessible by your organization or partners. For example, remote users can always connect to the Perimeter 81 private gateway first, then have their IP address whitelisted.

With Perimeter 81, you can give each user access to the necessary resources they need from any IP address by assigning users to groups. Each user signs in via Identity Provider integration, username and password, and/or two-factor authentication and is then able to access resources according to the roles and permissions assigned to them. This keeps IT administrators from having to manually whitelist every user’s IP address.

After the whitelist is configured with users and permissions, the user list should be audited on a routine basis as employees are hired and leave companies on a regular basis. In addition, partners that access IP whitelisted resources come and go and IT administrators should have full user access visibility through IP whitelisting.

Perimeter 81 IP Whitelisting in the Cloud

Because remote users can always connect to a gateway first and then have their IP address whitelisted to a security group, cloud service platforms including AWS, Azure, Office Firewall, SalesForce, or Zendesk can all be configured to work with Perimeter 81.

Using AWS, for instance, inbound traffic from Perimeter 81 to AWS can be authorized by whitelisting the Perimeter 81 Private Network IP address to your Security Groups (AWS Virtual Firewall).

AWS Security Groups enable the control of IP traffic to your instance, including traffic that can reach instances and services both in the cloud and on-premises. To whitelist IPs, you can allow computers from only your Perimeter 81 Private Server to access your instance using SSH, or use a web server that allows all IP addresses to access your instance using HTTP or HTTPS, so that external users can browse the content on your web server only once connected to Perimeter 81.

Example: How to Whitelist IPs in AWS

Following is a walkthrough of how to use AWS Security Groups to enable the control of traffic to an AWS instance, including traffic that can reach both instances and services:

  • Step 1: Create a Private Network IP Address
    First, create a Perimeter 81 Private Server and then obtain its static public IP address by following this guide.
  • Step 2: Add an EC2 Security Group Rule  
    Add an EC2 Security Group Rule for Inbound Traffic from Perimeter 81 to the required resources by whitelisting access to the Perimeter 81 Private Network to other instances, databases and related security groups.

    • In the navigation pane of the Amazon EC2 console, choose Security Groups.
    • For every security group you’d like to allow secured access over your Perimeter 81 Private Network, add an Inbound Rule:
      • Specify the related Type (ALL TRAFFIC, SSH, HTTP/HTTPS etc..).
      • Under the Source, enter the Perimeter 81 Private Network IP address including the subnet mask. For example, for IP address 129.42.24.22, enter 129.42.24.22/32 (CIDR notation).
      • Click Save.

Whitelist IP - Perimeter 81

Add access from Perimeter 81 Private Network to your AWS Environment, Instances or databases

Whitelisting Isn’t the Full Solution

For most businesses, whitelisting IP addresses can be overwhelmingly beneficial. However, even though whitelisting can improve cybersecurity, boost productivity and benefit your bottom line, it’s important to remember that each line of security is important. Whitelisting should not replace other security measures, but instead, be used as a complementary piece of a comprehensive security solution.

We hope you found this post helpful! Feel free to let us know if you have any questions and follow us on social media if you’d like to continue receiving all the latest business security news.

 

Read More
HIPPA Compliance - Perimeter 81

How a VPN Can Help with HIPAA Compliance

Reading Time: 3 minutes

HIPAA compliance affects healthcare organizations, insurance agents and more. In this recent podcast, we’ve outlined the easiest way to secure your data so that you can meet HIPAA compliance obligations easily and cost-effectively.

Public Wi-Fi is dangerous for both people and businesses, especially for those dealing with confidential and sensitive data. Due to a lack of encryption and open passwords, unsecured networks can be hacked in a matter of seconds.

We’ve already seen many significant healthcare data breaches this year. The HIPAA Journal reported that there were 29 breaches in May of 2018 alone with unauthorized access being the most numerous type of breach with an incident of 51 percent.

Introducing the Cloud VPN

With a Virtual Private Network (VPN), organizations can easily protect data transmission, secure data with strong encryption and meet other compliance requirements to secure electronic Protected Health Information (ePHI).

When you connect to a VPN, you create an encrypted tunnel that protects your data from hackers and third parties. This allows you to set up a completely private and secure connection to another network, enabling remote employees to securely access the network while they’re outside of the office.

Our service actually takes this one step further with Automatic Wi-Fi Security – a patent-pending feature that automatically activates military-grade encryption the moment an employee connects to an unsecured Wi-Fi network. This keeps all data being transferred over the network hidden from hackers – even if their mobile device is locked and inside their pocket.

How Does a VPN Supplement HIPAA Compliance?

Majority of ePHI breaches result from compromised mobile devices or networks that contain unencrypted data which can result in loss of trust, substantial fines, criminal charges, and even civil action lawsuits.

To secure confidential data, organizations can implement a VPN to encrypt all transmitted data over the network, securing protected health information both on-site and remotely. Cloud VPNs integrate seamlessly with major cloud providers and can ensure that sensitive data located in cloud environments are fuly protected and secured.

The Benefits of Using a Cloud VPN

  • Lockdown Confidential Data and Databases to a Specific IP Address

    When you deploy a private server, you essentially restrict access to certain resources using a specific IP address. This allows you to designate certain team members to have access to only that server or IP address, limiting data access and segmenting the network.

  • Nonstop Security with VPN Kill Switch

    A VPN kill switch ensures that if the VPN disconnects for any reason, the Internet connection is stopped and no data is transferred. That means that no data will ever be transmitted over the network without encryption so that no third party can see your data in plain text.  

  • Full Visibility with a Unified Management Platform

    Not all software based VPN services offer advanced visibility and management features. With our VPN service, you can easily invite team members, deploy private servers and view all network activity in one unified place.

  • Two-Factor Authentication and Identity Provider Integration

    Two-factor authorization is key to security because it prevents hackers from accessing your account even if they were to obtain your login credentials. By requiring an additional layer of security via SMS push notifications or Google Authenticator, user access can be easily maintained.

Achieve HIPAA Compliance with a Full-Service Security Solution

At Perimeter 81, we’re highly aware of data storage and logging privacy because it’s critically important in both the business and consumer spaces. Even before GDPR came into effect, we were ready to address these security issues for our customers.

Cloud-based VPN technology offers much-needed scalability, affordability and increased compatibility with cloud storage environments. We are GDPR compliant, SOC-2 compliant and ISO 27 001 compliant so that we can offer a highly effective solution for any organizations’ HIPAA compliance needs. 

If you’d like to learn more about using a VPN for HIPAA compliance, please don’t hesitate to request a demo at www.perimeter81.com/demo or contact our sales team at [email protected].

Read More