28
Mar

When Do You Need to Run a PCI Scan

c8The Payment Card Industry Data Security Standards (PCI DSS) requires the merchants dealing with credit card holder data to perform regular vulnerability scans, in order to keep their security flaws covered. Merchants often come with a question, “When do you need to run a PCI Scan?” the answer to this question is quite simple.

What are the Requirements of the PCI DSS for Vulnerability Scans?

In order to know when the PCI Scan is required, we should know about the PCI DSS requirements first. The PCI DSS requires merchants to run both “Internal and External” vulnerability scans, in order to keep the credit card holder information system up to current security standards.

External Scans: External scans should be conducted from the outside of the organization and must include all the external IP addresses. These scans will help you to know about vulnerabilities in your security system that might be breached by the hackers to get hold of the sensitive credit card holder data.

Internal Scans: Internal scans must be performed from inside the organization’s network from multiple locations to know about the security system within the card holder data environment.

These scans will point out flaws and will give you a review of your internal security that might get exploit by attackers, once they get their hands on it.

When is a PCI Scan required?

PCI scan must at least be performed on quarterly basis. To make the system extra secure the quarterly scans should be supplemented with scans in between quarters; other than this, it is necessary to perform scans whenever any changes are made to the card holder data system.

Can I Perform the Scans?

The answer to this question is both yes and no. You might be able to perform all the internal scans to meet the internal scan requirements; but the PCI DSS needs you to use Approved Scanning Vendor (ASV) for external scans. If you want to do internal scans on your own then do make sure that the scans are performed by qualified staff members; who are independent from the staff responsible for your security systems.

Every single merchant, apart from being of any merchant level, having an external IP address must go through vulnerability scans as guided above. This has become quite confusing in the security community and a lot of people believe that level 4 merchants (those processing less than 1,000,000 annual transactions) do not need to go through such scans. This is not true at all as charted in MasterCard’s Site Data Protection program requirements and Visa’s Card holder Information Security Program requirements.

What does PCI DSS Vulnerability Scans include?

Scans conducted by Approved Scanning Vendor (ASV) must have following characteristics:

· Should be non-disruptive and must not include Denial of Service (DOS) or abundance of buffering that might result in trouble in merchant’s business.

· Host discovery element must be included in the scan to search for live systems in the network.

· Service discovery element must be present in the scan to include both UDP and TCP port scans on every live system.

21
Mar

USB Memory Sticks Advantages Over Disc Formats

c7USB sticks, or flash drives as they are also known, are becoming an ever more popular format for the transfer of data between businesses and also to for business promotion to potential customers. At the current time of creating of this article (March 2016), memory sticks that are capable of holding as much as 512 GB of data can be purchased easily on-line at a surprisingly low cost. Amazingly, a USB drive that will hold 1TB of data can also be obtained, but currently, these are expensive. The rate of technological advance will mean that the current high price will tumble over the next twelve months as order numbers grow and manufacturing costs are lowered due to bulk purchases.

A 512 GB USB stick can contain the same amount of information as over 20 regular Blu-ray DVD discs. The format may currently be a little more costly than the Blu-ray DVD discs but there is little to compare in terms of the convenience of the format as opposed to a pile of Blu-ray DVDs. The USB drive occupies little space and can be secured using a keyring or kept safely in a small pocket in a laptop bag or with ease. 20 Blu-ray DVDs, however, occupy a lot more space and would be much more inconvenient to have to transport.

At the other end of the scale, a memory stick with a capacity of 128 MB can be purchased inexpensively if the information files to be held on it are only small.

USB Sticks – Volume Production and Customised Casings

The ever- increasing sales volumes of the format has resulted in many companies, particularly in the far east, producing them in a staggering array of shapes and sizes. These designs can be both useful, such as a torch with a USB stick moulded into it, or any amount of novelty shapes such as a toy supercar shape that can be put onto a keyring. Many businesses using memory sticks to send out data on-site to employees and offsite to existing or potential clients, use flash drives in the form of a business card or a useful pocket sized shape that can be screen printed with the business or brand logo to further promote the company. Mostly, mass produced USB drives are basic shapes about 5cm x 1.5cm x 1.5cm which can be printed onto, or a business card form which, once more, can be printed through a spot colour screen printing technique. There are also a lot of companies which can produce memory sticks in a custom shape specified by the client.

Making Use of USB Memory Sticks To Give Your Business a Boost

The easy transportation of flash drive means that they are ideal for data storage for use by any company with a need for data distribution, particularly where data files are of a significant size. Where many employees need to be able to view large graphic design files or data/code files then USB sticks that hold large files are perfectly suited. This format is perhaps most commonly used, though, for promotion of businesses at exhibitions and business shows. Here, USB drives have two benefits; if you are employed in the marketing department for your business and are tasked with promoting your company at a tradeshow with the aim of raising brand awareness, or just to promote your company’s services, they can be used to distribute sales information, presentations or applications for potential clients to view on their laptops or desktop PCs. Any data space can then be used for information storage by the user. This convenience means that the flash drive is always on hand keeping the brand in mind whenever the memory stick is used. They are popular freebies and business card or stick type forms can receive a print via the spot colour screen printing technique, with up to 4 separate colours. This is great for printing business logos or contact details onto the body of the drive.

The gain for a business, where USB memory sticks are utilised for promotion, can be enormous. As with almost any mass produced product, the larger the quantity you purchase, the lower the unit cost. If your business lands a lucrative contract or sells a high value product after giving away a memory stick with a small cost, then the benefit is very clear.

USB flash drives account for a large proportion of the data distribution and business promotion markets. Their capacity to hold a very large amount of data in such a small package makes them perfect replacements for CD and DVD discs. Along with the fact that their prices are falling as mass production of USB sticks increases, they are now starting to become the choice format for many businesses that need to distribute very large files quickly, to existing clients or potential new ones, and also existing personnel. Just about everyone seems to possess at least one memory stick and they can be obtained in a vast array of shapes, sizes and colours.

USB Duplication – Producing Memory Sticks in Bulk

A great number of companies based in the UK are consistently placing orders for thousands of memory sticks to enable them to promote their businesses. This growing demand means that there are a growing number of USB duplication companies offering their services to UK customers. Units are readily available that can copy large amounts of data rapidly, to over 100 USB sticks, at the same time. If a duplication suite has several of these units working together, they can then transfer data to many thousands of memory sticks, very quickly. Data transfer speeds are constantly on the increase as the technology advances. The USB 3.0 data transfer standard claims a realistic data transfer rate of 400 MB/second meaning that even a 512 GB USB memory stick can reach capacity in around 20 minutes. This is roughly 10 times faster than the older USB 2.0 standard. The ability to transfer such a large amount of data so rapidly means that duplication expenses can be minimised and flash drives are then a financially attractive alternative to Blu-ray DVDs, as they are also much easier to handle.

These duplication units are readily available for purchase online and many businesses who find they have a regular need for a large amount of USB sticks will either outsource the work or obtain a duplication unit for their employees to use. They are easily set up and take up very little room, meaning that they can be tucked into a corner or even a drawer when not in use and taken out when needed.

USB Memory Stick Security

USB flash drives are also a convenient format for the distribution of sensitive data such as:

  • Legal documents
  • Sensitive internal company data
  • Copyright controlled information
  • Sensitive research documents

The files can be secured through encryption using security software such as Truecrypt or similar, and the key for decryption of the data communicated through another means as an added level of security. Where the files contained are particularly sensitive, the USB drive can be concealed as it can be moulded into just about any form such as a pen or a torch. Even a large capacity memory stick can be contained on a very small PCB, so hiding the drive in a place known only to the intended recipient is a good option.

11
Mar

Data Center, Server, Computer and Laptop Hard Drive Destruction

c6An extensive title, but it is all-encompassing none the less. In my 14 plus years of touching devices, I can say that I have seen and felt thousands of pieces of equipment. Though the scenarios in which I am working with the different types of equipment, and the clients certainly do vary. So what are some of the situations that allow for me to handle these various pieces of equipment? Good question, so here is my short list… data center relocations, A/V relocations, data center decommissioning, and green recycling projects.

I would attest that physical security in my field of work is number one, and my clients feel the same way. My thought is the people I work with are so aware (nervous) about chain of custody, CYA, and the end result being nothing less than exceptional. This is no matter the scope of work we are performing. I often find myself hearing clients expressing in a subtle way that they really want to know I care about their project, reputation, and it’s not just about hitting their wallets as hard and fast as I can. My work ethic is such that the part in which I have played in a client’s project makes think I leave a little bit of myself behind each time. So yes I am emotionally involved in each and every client/client project.

Leaving the various scopes of work on hold for a moment, there is one particular aspect often discussed with clients. It’s pretty much standard conversation, and if it isn’t, I am without a doubt going to spark conversation on it. The title of this article says it all, Hard Drive & Media Destruction. I would like to educate you on the simple definition of destruction. Destruction is a noun, pronounced /dYÈstrYkSH(Y)n/; and the definition is the action or process of causing so much damage to something that it no longer exists or cannot be repaired.

I have such a deep emotional tie to the services I am involved in, and look/prepare for worst case 100% of the time. The simple reason (not really) is that I have been performing tech services for over a decade and have seen/heard most of it. To be honest I still see many new things, but this is off topic.

So in keeping this article to the point and direct, there is only one way to create a safe end of life solution for your data storage, BY DESTROYING IT (then green recycle). Companies and people alike take our environment into consideration more now than in the past with green recycling the massive amounts of e-waste. Far more people in the past (and now) did not consider the data held on hard drives, and would call the recycling guy to come down and “haul” their junk to be “recycled”. Like anything in life, all business and work ethic are not created equally. Some of that “recycled” equipment and hard drives that were supposed to be “junked” in fact ended up on online auction sites, and sold locally. This, then and now is a PR nightmare, and can often times never be undone. Especially if the data on the hard drives was extracted by someone who shouldn’t have it. Remember that your companies name is attached to the equipment as well, so we wouldn’t want to hear reports of “junked” equipment being found with your asset tag or serial number down by the local river.

Some fly by night “recyclers” were found not even attempting to remove the data from hard drives, or they were using “formatting” software to “erase” the hard drives. The problem is, if you are a targeted company or person; there are a multitude of people that have the abilities to recover data from a “erased” hard drive. This is one scenario from the past, and it is just as relevant today! Change the story line just a little, and it applies no matter.

IBM sponsored the 11th annual Cost of Data Breach Study, which is the industry’s gold-standard benchmark research, independently conducted by Ponemon Institute. 2016’s study found the average consolidated total cost of a data breach grew from $3.8 million in 2015 to $4 million dollars! In addition to the data breach cost data, Ponemon Institute’s global study puts the likelihood of a material data breach involving 10,000 lost or stolen records within the next 24 months at 26%. These numbers will make you lose your breath, and I hope it doesn’t make you lose sleep because of your last hard drive, media, and recycling pickup.

The entire point of this article is to raise your awareness on data breaches, and theft of data. Unless you plan to keep and redeploy not in use hard drives internally, please mechanically shred all hard drives and media storage! In my opinion the risk in using 3rd party applications to delete drive prior to disposing, or trusting someone to take your intact hard drives away isn’t worth your reputation or your companies.

4
Mar

LI-FI An Economical and Eco Friendly Alternative

c5With the advances in technology, every day a new idea is being nurtured in some one’s mind that might change the way we function. One such ground breaking idea popped in the mind of a brilliant Professor in University of Edinburg, UK, Harald Haas back in 2003. His idea was to use Light Emitting Diodes as a medium to transfer data from one system to another. This topic became widely popular after his TED Talk in 2011.

Now, the question of the hour is what exactly is LI FI?

LI-FI is a short hand representation for Light Fidelity. Fidelity as per a dictionary is being faithful. As per its name, it can be safely said that this technology functions on light.

In simple terms, it is a possible alternate to Wi-Fi. While Wi-Fi uses radio signals wirelessly, LI-FI is the concept of using visible Light Spectrum.

Getting into details, LI-FI works with the LED lights that are turned into wireless transmitters. To receive data from these lights, we need a dongle of sorts, that acts like a modem. This dongle can be connected to a laptop or a tablet. They can be connected to the tablets or laptops through USB Ports. There is a sensor in the modem that catches the light coming down, and then an infrared component that sends the signal back to the light source.

The LED Lights have a networking component that allow multiple users to get connected to a single light source and give the ability to move from one light source to another without losing the connection.

The long term aim of the innovator is to get this technology inside various devices and lighting grids. In order to make this technology widely adaptable, it is necessary to compress the dongle into an ASIC (Application Specific Integrated Circuit) or SoC (System on a Chip), to make it easily incorporated into various devices like smartphones, laptops, tablets, accessories and many more.

Advantages of Adopting LI-FI

  • As light doesn’t penetrate through walls, this technology allows the users to create secure networks with much higher security.
  • The strength of the network can be enhanced with increasing the number of light sources. This can lead to a much efficient network.
  • Once these sensors and dongles become more adoptable, we can use a low cost, low power consuming and environment friendly technology in our day-to day lives.
  • LI-FI has the calibre to boost its capacity to transfer the data at a rate that can be roughly 100 times of Wi-Fi technology by the usage of laser LEDs.
  • The LI-FI network allows the users the roam around the room or anywhere in the installed lightning grid.
  • LI-FI adoption can reduce the strain from the existing networks and free the bandwidth for outdoors.