Articles by 'Michael Hawkins'

By Michael Hawkins, Posted in Security

In recent days, it has been widely reported that Uber suffered a significant intrusion into their network. While the extent of the damage is unknown, we do know about the sequence of events that allowed the breach to be successful. Below is a discussion of some of the known facts along with our own commentary on the situation. Most importantly, we provide lessons for others to break the chain of events, which can help businesses to avoid these types of attacks. 1st Link: An Uber employee configured an... read more.

• September 29, 2022

By Michael Hawkins, Posted in Infrastructure, Security

In Part 1 of this series, we began talking about best practices for firewall policy rules that are applied to outbound access to the Internet. In Part 2, we’ll briefly discuss the human element and then circle back to actual policy prescriptions.  Effort vs Risk – The Human Element The firewall administrator is the person (or team) responsible for maintaining a secure firewall policy including the “outbound to Internet” rules. Sometimes the firewall admin role falls to a less... read more.

• July 11, 2022

By Michael Hawkins, Posted in Security

This is part 1 of a discussion around wide open outbound Internet access policy. We encounter many clients that have no outbound restrictions in place on their firewall policy. Their firewall is essentially wide open to the Internet, because they allow any machine on the internal network to make connections to any explicit Internet host on any service port. Essentially, they have a rule (or rules) that says “allow my entire internal network to reach all Internet destinations for any application for a... read more.

• April 15, 2022

By Michael Hawkins, Posted in Security

 All organizations have edge firewalls. Alas, they also operate firewall policies that are usually far too open and permissive. Current world events being what they are, now is an urgent time to check your edge security. Accordingly, Gotham Technology Group has prepared a ten step program to help you achieve a fully secured edge. Do not allow the Internet to access dangerous protocols in your environment. Close ports that are not needed and seriously consider closing ports that may seem to be needed... read more.

• March 02, 2022

By Michael Hawkins, Posted in Security

It is that time of the year when the festive spirit comes out of all of us and we spend additional time with our families and friends. At the same time though, hackers and criminals become more focused on finding ways to wreak havoc or extort ransom money from unprepared victims. It is for that reason that we are taking a quick look at three key security technologies that are a crucial part of any ransomware strategy. Data Loss Prevention (DLP) Data that is exfiltrated from an organization and falls into... read more.

• December 20, 2021

By Michael Hawkins, Posted in Security

It is worth revisiting some of the basics of ransomware in order to remind ourselves of why we need so many security controls to protect against it. How does ransomware get into our computers? The most common path is through an email that contains attachments that are infected with the malware. In this scenario, infected PDF files are very common, but Microsoft Word and Excel files and other types are seen also. Another common infection path is browsing to an infected web site. These sites will usually pop... read more.

• September 13, 2021

By Michael Hawkins, Posted in Security

This is part two of our two-part Ransomware Readiness series. Click here to read part one. Ransomware has recently had several high profile cases, including attacks on Fujifilm, JBS, and the Colonial Pipeline. These attacks continue to highlight the importance of the security controls that help to stave off or limit the damage. Gotham Technology Group has developed a ransomware remediation assessment service that analyzes your current technology state and staff training while making recommendati... read more.

• June 23, 2021

By Michael Hawkins, Posted in Security

The SolarWinds hack provides an interesting insight into how the supply chain can be used as part of a multi-pronged attack. The ingenuity of the bad actors was on full display as they successfully infiltrated, compromised, and manipulated the SolarWinds software update service. With that manipulation in place, the bad actors had the perfect attack vector for bypassing traditional security controls. Inbound firewall rules provided no protection, since the SolarWinds servers reached outward to reach the upda... read more.

• March 15, 2021

By Michael Hawkins, Posted in Security

  Organizations continue to suffer significant financial losses and reputational damage as a result of ransomware attacks that invade their networks and encrypt valuable data. These attacks continue to occur for several reasons, including that organizations are simply ill prepared, they do not understand their security posture in the first place, or they fail to allocate sufficient funds for the needed protections. Compounding this is the scarcity of seasoned cybersecurity professionals. There simply... read more.

• December 07, 2020

By Michael Hawkins, Posted in Security

Recent events have compelled companies to support staff members working from home. Some aspects of working from home have similarities to mobile remote staff. But there are distinct differences that need to be taken into account due to the elevated risks that working from home networks present. The risks are human and technological in nature. Let’s review some of each. SECURING THE HOME NETWORK Severe vulnerabilities exist in low-cost consumer routers. Therefore, it is necessary to examine the make... read more.

• April 10, 2020