nGran, LLC

Granular Network Security Solutions


nGran is a software and data security consulting  firm specializing in End-Point protection from and blocking solutions for malicious websites, user data privacy protection, security awareness training, networking, and security services to the Banking and Financial Services Industries.
nGrans principals have successfully designed and implemented secure network implementations for many global financial trading firms, large mortgage security underwriters, the largest futures and options trading firm along with other commercial banking and insurance firms. 


Providing internet security to clients around the world.




nGran products and services secure a variety
of clients, from Large Banks and Financial
Services corporations
to small, private companies.

MD5's for downloadable PDFs are found on
Products and Services page of this website.

Find out what we can do for you:

> PII Risk Reviews
>
IoT Security Reviews
>
Malware Behavior Testing
>
Web Application Intrusion Prevention
> Cyber-Security Weakness Assessment
> Security Awareness Training
> Vulnerability Risk Assessments
> Spear Phish Simulation Testing
> TAS-Block Security Product
> Web of Trust Inquiries

Connect with us:
We are here to help you implement a more secure 
environment on your systems and for your
customers
. Please contact us at info@ngran.com
for Product and Service PDF passwords.


For more information, contact:



Office Phone: 978.241.4681
eMail: info@ngran.com



 



IoT and Ransomware Security Problems Increasing

The Internet of Things (IoT) and Ransomware continue to expand their unsecured reach into the Internet due largely to vendor and management lack of awareness with relevant security standards. It is not a valid argument to state that "accepted industry standards do not include security" when in fact there are multiple standards which apply for all Internet connected devices in all industries and in all parts of the globe as of January 01, 2017.

The same shortsitedness exists when it comes to protecting assets from "weaponized" ransomware attacks. And yes, there is no excuse for avoiding updates or upgrades on targeteted Internet accessible platforms. There is equally no excuse for limiting IT resources needed to perform "safe" backups and supported upgrades that compensate for advanced ransomware attacks, including those using IoT devices. Preventive maintenance is clearly a better approach to remediation than hoarding unregulated Bitcoins! Unfortunately, the "penny wise and pound foolish" model of many management groups, exascerbates and contributes to the ease of IoT and ransomware attack campaigns!

A recent study looked at 10 varied IoT device and sensor types, showing that over 70 percent of the IoT devices and sensors examined were susceptible to one or more of the vulnerabilities in the Open Web Application Security Project (OWASP) Internet of Things Top 10. The latest sets of Distributed Denial of Service (DDoS) attacks on companies like Dyn have been using unprotected Small Office & Home Office (SOHO) modems as well as Digital Video Recorders (DVRs), Internet Protocol Cameras and other IoT devices delivered in an insecure state by the vendor. A forensic analysis of malware running the attacks (NetWire,Mirai,Bashlight,Kaiten/STD) reveal an extensive list of available attack vectors along with the ability to execute arbitrary commands and take full control over any weak security configured IoT system.

Unfortunately, the security on many deployed IoT systems is effectively non-existant, using lightweight and clear text protocols, primitive to easily guessed basic authentications, the use of unnecessary ports and protocols that allow the attack surface of each simply configured IoT device to be a zombie in a botnet. Again, vendor lack of awareness for current security standards are unacceptable excuses for any manufacturer who adopts and deploys insecure IoT devices that violate accepted Privacy and Security standards, including those from IETF, OWASP, NIST, ISO/IEC, the Cloud Standards Customer Council, the Industrial Internet Consortium Reference Architecture, and the Online Trust Alliance’s IoT Trust Framework.

Prior to deploying any IoT set of systems, a full design review must include that for "Best Practices" conforming to appropriate and existing security and privacy standards. The goal of such a review should be to evaluate the delivered IoT device configuration, use of system resources, security monitoring and the ability to disable or modify IoT platform components that violate existing security "Best Practices". If you are seriously considering an IoT deployment project, you should contact us at info@ngran.com for further consultation.



nGran Research
Prevention, Protection, & Awareness


nGran has added more real time information feeds from industry leaders and links to the Federal Trade Commission (FTC) IDTheft web site to help raise awareness to the growing spyware and identity theft problems in the marketplace. Click on the Alliances link for more information. Also, visit our Research page to see our site threat lists, whitepapers, and products that are currently available.


Finally, we recommend that users contact the Internet Crime Complaint Center (IC3) for their latest information about protecting your PII and means of lodging complaints against malicious websites. IC3 can be contacted at the following link;


http://www.ic3.gov/default.aspx




This Web site is designed to work best when using version 3.0 or higher of Mozilla Firefox or version 6.0 or higher of Microsoft's® Internet Explorer. nGran, LLC believes that the information posted on this website is accurate as of its publication date; such information is subject to change without notice. nGran is not responsible for any inadvertent errors. All trademarks and registered trademarks are property of their respective owners. Copyright 2002-2017, nGran, LLC. All rights reserved.