We will soon be the target for major attacks.
David Hobson, MD of Global Secure Systems (GSS), talks about the forthcoming threats to head our way.
The Olympics is one of the largest global events staged by any individual country yet, unfortunately, the headlines often have little to do with the athletes’ performance on the field - The Munich massacre of 1972; the Atlanta bombing of 1996 and this year’s games haven’t even begun in Beijing yet they’ve been making headlines. And soon it will be our turn.
The recent issues and protests surrounding the torch on its journey through the streets of London, Paris and San Francisco have highlighted some very serious security issues we will face in the run up to, and during, 2012. Once the UK steps into the limelight, with the baton passed to London during the closing ceremony at this year’s event on the 24th August, the focus will be redirected and we will become the next major target of attacks driven by political and religious beliefs – believe it or not, not everyone in the world loves the UK and our culture. These attacks are more than likely to be both physical and digital and will, undoubtedly, be a magnificent smokescreen for organised crime to hide behind. The security community faces a tremendous challenge of educating organisations about the threats to their business.
At the end of 2007 the Times newspaper had a front page story disclosing details of an unprecedented warning issued by CPNI – Centre for Protection of National Infrastructure to major businesses in the UK accusing China of carrying out state-sponsored espionage against vital parts of Britain’s economy, including the computer systems of big banks and financial services firms. The Government alleges that British companies doing business in China are being targeted by Chinese State Organisations using the internet to steal confidential commercial information (a touch ironic with them hosting this years Olympics!). And we’re not alone, while I was in the USA, recently, it was publicly confirmed that the US Defence Department acknowledged that their systems have also been compromised by China and they have no idea to what extent and depth. So what are the threats to your organisation and why would the Government issue notices to anyone?
As the dependence on IT continues to grow, so does the realisation of how much sensitive or critical information is held within IT environments. As more and more sensitive data is digitised, and regulatory requirements become increasingly stringent, organisations face the challenge of securing and protecting their data against unauthorised access, tampering and loss. An enterprise's network is an inherently complex entity including a myriad of devices, platforms, applications and operating systems. Because of increased employee mobility and the growing number of end-user network-capable devices, tracking and controlling network access has become essential to maintaining data security in corporate networks. Organisations must balance access to these resources, whilst protecting valuable assets and ensuring customers' privacy. Failing to get the equilibrium right proves to be a costly business issue.
The sheer number of threats and intrusions to corporate IT systems has grown phenomenally in the past few years and today's security risks are complex. Threats to an organisation range from external threats to internal threats as well as passive threats. Networks and personal computers need to be protected from vandals (malicious mobile code, Trojans, worms, VB/JavaScript), viruses, data exposure and inappropriate content. To better deal with the rapidly evolving threats, organisations are moving towards combining proactive and reactive security measures both within the existing network and at the boundaries where the network may interface with external and unknown devices. Historically associated with protecting a network against attack from the Internet, firewalls are increasingly becoming more important for securing a network against internal threats.
So where to start? Even thinking about dealing with the number of security vulnerabilities that your organisation faces is enough to cause a migraine. Finding and prioritising the sheer volume of network's vulnerabilities, and then ensuring that they are fixed, is a nearly impossible task that can leave your organisation exposed. Implementing ongoing vulnerability management to discover and assess vulnerabilities, and to implement and maintain system configurations, will ensure secure environments saving time and money in the long run.
The threat to business is increasing as we rely upon the data within an organisation. The good news is that UK plc finally seems to be waking up to the threat to their business. The information we have suggests that, after many high profile data losses, boardrooms are finally giving security a bigger piece of their IT budget. Is this because no CEO wants to see himself or herself on the front page of the nationals, and have to explain to their shareholders how they lost all their customer data? Or is it because the threats are finally being given proper airtime?
Either way, one of the issues the security industry faces is that if it does its job well, it will never be able to prove that the money was well invested because incidents have been prevented before they happened! I had the good fortune to sit next to Richard Walton, former Director of Communications and Electronic Security Group, GCHQ at a couple of events recently. He rightly pointed out that had legislation been passed before 9/11, making it compulsory for airlines to fit locked armour doors to a plane cockpit, 9/11 would not have happened. Well, not in the form that it did. In my opinion the industry would have been up in arms over the extra expenditure calling it unnecessary. Perhaps in hindsight this is something that should have been done, after all there had been plenty of hijackings of aircraft before but hindsight is a wonderful thing.
We need Finance Directors to recognise the real benefits from an investment in security that is necessary not only for today but to protect us into the future. As a result of this outlay, when they see fewer breaches, that should be recognised as money well spent instead of down the drain. The threats will be growing, with UK plc becoming a major global target in the run up to 2012. There’s no time to be wasted as it’s pointless to secure the door after the horse has bolted.
London’s Olympics will definitely be reported on and subsequently be remembered in history, let’s just hope for all our sakes it’s for the right reasons.
www.gss.co.uk
BE WARNED – THE OLYMPICS ARE COMING!
Bye, Bye Standby – A Warning!
by Michael Smith (Veshengro)
While I am a great fan, ever since I was given one of the sets of this device for review on a trade show that I attended some time back (see my product review), I must now issue here a small little warning, though an important one.
DO NOT USE LCD Flat Panel computer monitors with the “Bye, Bye, Standby” units in order to turn the monitor(s) remotely on and off. The power surge into the monitor on turning it on via a “Bye, Bye, Standby” unit at the socket can cause serious damage to the monitor and its circuitry. The spike of power on switching such a monitor on in such a way is very noticeable and even audible; a very distinct “tchunk” noise can be heard and a flash can be seen on the screen . This spike can and will damage the monitor's circuitry.
This just has happened to me after having used the “Bye, Bye, Standby” units with the PC and its monitor for a couple of months now day in and day out. Now the monitor will not “hold” the picture for the first three minutes or so when starting the PC; it flickers off and on until it finally, when it is warm enough I guess, come to rest and settles. It would appear that, as I said, it needs to war up first now ever since it started behaving in this manner. All I can put it down to is the spike from the switching on of the monitor via the “Bye, Bye, Standby” unit.
So, let the user beware!
My serious recommendation is to have the monitor, any LCD monitor (and even CRT, for those that still use them), plugged into a socket separate from the “Bye, Bye, Standby” units and turn the monitor off and on – to conserve power and energy – manually by means of its own power button. This is, generally, located in the center of the buttons on the monitor surround itself, and the power button is, normally, the bigger of the buttons. This should protect the monitor form any such surges while at the same time giving you, the user, the same energy savings as would be by using the “Bye, Bye, Standby” units.
What most people do not realize is that it is the monitor, even an LCD monitor, that takes the greatest amount of energy, more than the PC (as long as it is NOT processing anything) and even in standby the monitor still draws a considerable amount of electricity and is quite an energy guzzler. All you have to do is actually remember to turn the monitor(s) off manually; that is to say each and every one individually.
While, as I said, I do very much like the “Bye, Bye, Standby” units and must say that it helps not having to crawl under the desk every time in oder to turn off devices, had I known the impact it could have on a LCD monitor I would have done as I now advise here.
Using the “Bye, Bye, Standby” units, however, has made it possible, for the first time in years, to, without having to, as said, crawl under the desk, to turn off my “old” scanner. The latter does not have an on/off button which, I must say, I find rather daft.
So, while, all in all, I am very happy with the “Bye, Bye, Standby” set up this is just a little warning to users to beware as regards to their monitors being connected to this system and that the spike caused by the turning on of the supply to the monitor at the socket via the “Bye, Bye, Standby” unit can cause damage to the monitor.
Once again, just beware, and turn monitors on and off manually at their individual power buttons.
© M Smith (Veshengro), May 2008
Storage Expo 2008, A Date for your Diary
Storage Expo, the UK’s definitive event for data storage, information and content management, provides visitors with the opportunity to compare the most comprehensive range of solutions and services from all the leading suppliers whilst addressing today’s key issues in an unrivalled education programme. Organisations increasingly have to look at how they store, manage and protect all kinds of information and data, from its creation, through to archiving and final destruction.
The show is now in its 8th successful year and in addition to more than 100 exhibitors the education programme features over 60 experts on data storage and information management. Visiting Storage Expo at the National Hall Olympia London from 15th - 16th October 2008 will help organisations discover their most effective tools and methods to meet your storage, information and content management needs.
A survey by Storage Expo has found the top data storage challenges facing organisations are:
- How to implement the right disaster recovery strategies (48%)
- The management of increasing volumes of data (48%)
- Ensuring data security of the business (46%)
- How to store data cost effectively and justify ROI (42%)
- Ensuring compliance with the latest legislation (32%)
- How to centralise data access (29%)
- Achieving interoperability across existing storage solutions (17%)
Education Programme Overview:
Storage practice has traditionally been driven by the push of legislation rather than the pull of sound business practice; but increasingly business efficiency, utilization of intelligence, process management and productivity benefits are pulling storage strategy. The Storage Expo 2008 keynote programme looks at the latest business advantages that sound application of storage protocols can deliver for your organisation. The Keynote speakers will include senior executives and storage experts from the government, banks, Formula one team teams and industry analysts. Issues they will be discussing include Efficiency, Data Classification, Virtualisation, De-duplication, Thin Provisioning, Email Management and Archive, Back-up Strategies and Clustered Storage.
For further information on Storage Expo, please visit www.storage-expo.com
Anyone for a Free Beer?
By Calum Macleod, European Director of Cyber-Ark – The Digital Vaulting specialists
What would you consider the value of your company’s data to be? Consider your organisation’s research and develop data, marketing strategies, client database, and all your financial data. What would it be worth to you to have that data returned if you discovered that the only up to date copy had “left the building”? Would you consider offering a public reward to anyone who could supply any information relating to apprehending the people responsible for the theft of every piece of valuable and confidential data that your organisation possess? Would you actually still have a job? Would you know if it happened? The reality is that in many organisations senior management are totally oblivious to the extent to which sensitive information is being leaked outside.
Would you know if your head of finance is so paranoid that he or she keeps all the company’s financial data on his company notebook just to be sure that no one can access it? And yet recently a multi-national, publicly traded company discovered this to be the case when the hard disk crashed on the notebook!
The reality is that most of you are sitting on a ticking bomb and are totally oblivious to the risks being taken with your business by your employees, and frequently it is those in the most responsible positions that represent the biggest risk.
The area that represents one of the major risks to your well being is your IT department. Everything that your organisation does today will use IT in one way or another. In fact the operation of your business is effectively in the hands of your IT department, and in some cases in the hands of staff working for some company to whom you outsourced your IT services. Outsourcing has become a very popular approach because it allows you to reduce your costs and in many cases reduce head count by moving your IT staff to your outsourcer. Attractive as this might be, it frequently is resented by staff who are forced to move and these same staff undoubtedly are still doing the same job as they were when they were your employees, with the same access to your confidential information. Investigations over the past year by a number of independent bodies have identified that as much as 90% of business sabotage is perpetrated by IT staff.
Who Is Looking After Your Infrastructure?
Behind every successful use of your PC or connection to your email, or access to some application that gives you critical data about the state of your business there’s an IT person who is making it all possible. And to make it possible it means that they can access any of your systems, including your PC at any time and look at anything that might be on that system. In fact not so long ago I met with a company where a director was exposed for using his notebook to visit porn websites after one of the IT staff connected to the director’s PC during the day without the user’s knowledge. After all in order to do his job, the IT administrator had the administration password for every PC in the company! Unless there are proper controls such as Privileged Password Management, everything you have on your PC including your email, saved passwords in your browser, and even files that you have opened in your PC are fair game to the person with the Administrator account – and this is while you’re working and you wouldn’t even know it was happening!
Every system and application has at least one privileged account. And these accounts are shared by many people. The privileged account, in the form of administrator accounts and operator accounts are a requirement for every system and application, and this is what makes it possible to keep your systems running. And it is the privileged account that provides the largest exploit opportunity in today’s enterprises. A compromise of the right privileged account, or set of accounts, may create an unknown “puppetmaster” atmosphere where a third party has total control over a computing environment – unfettered access to programs, services, and data. And you can’t just “turn off” privileged accounts because they perform critical functions. Deleting or disabling a privileged account would lead to computers running themselves (or not running) with no human control and no possibility of management. A complete rebuild of these systems becomes a likely consequence.
For Your Eyes Only
It may be for “your eyes only” but if it’s on a company computer system then you can be sure that there are others who are able to use their IT privileged status to have a look. In the banking world, payment files are usually exposed to system administrators. And since these files are used between applications they are not secured. So as a result a systems administrator can easily access a payment file, make a “slight adjustment” and you’d probably never know until the postcard arrives from Paraguay!
The day to day needs of information transfer with users who are not part of the enterprise are growing. Distributing data from back-end systems to customers, or sharing information with partners and other 3rd parties - these types of communications are becoming vital for e-Business.
Financial reports need to be distributed to business customers; legal and financial information needs to be shared with lawyers or board members who are located out side of the enterprise; highly-sensitive Clinical trial information is shared among research laboratories, medical professionals and federal institutions. Payment or salary wire-transactions are also examples of day-to-day file transfer needs, as well as contracts, patents and other types of sensitive information that is exchanged or shared on a regular basis with external entities.
It could also affect the party with whom this information is concerned, and damage the organization's reputation. For example, imagine the results of an M&A agreement exposed before the deal is closed, or a sensitive design file shared with a manufacturer or supplier that has leaked. Other than the implications on the organization itself, there are also regulation issues of personal liability for mismanaging sensitive information.
You can use digital vaulting to eliminate this risk using a unified solution to secure both privileged access and highly sensitive data. It means you can put all your sensitive documents under a virtual lock and key, only making the information accessible to those who have permission to access that information. It’s a product the auditors and IT security people love because you know exactly who has access to the information and when. It also means that the IT department no longer have total control over every person’s computer systems! So unless you’re like Croucher Brewing Company in New Zealand that is offering Free Beer for Life for the return on their corporate secrets, then its time to take control otherwise the monkey will continue to be the organ grinder!
www.cyber-ark.com
Open Source Operating Systems – Fighting the MS Monopoly
No, this is not board game of selling streets and houses...
by Michael Smith (Veshengro)
Linux and other Open Source Operating Systems offer the only legal way for poor countries and poor people and the latter not only in poor countries to use and utilize computers and the Internet.
Microsoft is also a prohibiter of recycling and reusing older PCs, which no longer work with the latest versions of Windows, as their very obsolescence is indeed caused by the demands the new Microsoft Windows versions make on computer hardware, e.g. memory size, hard drive size, etc.
Only the use of OS operating systems and Open Source software makes it possible to – legally – use secondhand PCs properly and efficiently and to save them from the “slaughterhouse” and waste.
Most so-called “obsolete” PCs are nothing of the sort, except that they are no longer “powerful” and “capable” enough to run certain new Microsoft operating system. Vista here is the prime example and culprit, as it requires new hardware left, right and center.
The greatest barrier against the uptake of Open Source software as operating systems and fpr PC applications is the very fact that even many government sites, even e-government sites, are not (fully) accessible (if at all) by Open Source operating system and other Open Source software.
Microsoft does rather have a severe stranglehold on enterprise and especially in government when it comes to computers and software.
While the European Union, and its bodies, is going up against Microsoft as regards to a number of things and in some aspects it, the EU, itself, has websites, for instance, that citizens using only non-proprietary software and Open Source operating systems cannot (fully) access and make use of.
However, the only way forward to free computing and a free Internet can be Open Source software rather than proprietary software, especially in the field of operating systems.
Free Libre Open Source Software (FLOSS) and especially FLOSS operating systems is the only way to stop premature (no, not what you think) obsolescence of computers and the only way for the poor to join the computer age.
PCs and Laptops, as far as hardware goes and is concerned, are relatively cheap, comparatively; it is the forced upon MS operating system that makes a computer expensive.
In addition to that, Microsoft, basically, forces you to buy an individual copy of the operating system for every individual computer that you wish to install it upon (OK, I know you can install it on three, theoretically, but then you have used up the three lives that you get for the OS). Not so with Open Source software, such as Linux (and the same holds true for applications as well).
In the latter case most, if not indeed all, versions are free to download (if you want them on disc and want support with it in the form of 24/7 help then you have to pay) and free to use and your are also free to install the operating system and other Open Source software on one PC/Laptop or on thousands; this is entirely up to you. No license fee. All is free.
I know where I put my money...
© M Smith (Veshengro), May 2008
Backup, Backup, Backup
Backup, backup and backup again must be the definite rule for safety in data retention, including your browser bookmarks.
by Michael Smith (Veshengro)
I am speaking here rather from bitter experience having recently had a crash of Firefox – during the installation of the latest update/new version, e.g. 2.0.0.14 – where none of the settings were retained and all bookmarks therefore were wiped. Please no one ask me how and why this happened and what happened. But, each and every single bookmark of mine was lost when Firefox restarted. It was like if this Firefox was a complete new and clean installation and in fact it behaved just like such.
And no, before you now all ask, I had not exported the bookmarks, as I indeed used to do some years ago. Why not? Because, I must have thought that nothing would happen and it also was one of those “I'll do that later” things. The “later” never happened.
Suffice to say, and you all will have guessed that by now, that I was not a happy bunny when I found out what had happened. The sad fact is that I lost thousands of website links, amongst those many that I used to visit and to a degree have to visit on a regular, even daily, basis. Now I must slowly rebuild those most important ones before I can even begin to think about finding the others again that I lost. Some, in fact, will be irretrievably lost as I cannot even remember what they were.
One of the most annoying parts of this story is that I have yahoo My Web 2.0 and Yahoo Bookmarks where I have a great number of pages stored, but none of those important ones that I lost in the “crash”, though a lot of the pages that are store online were also on my browser on the PC. So, some little restoration is possible that way.
I had always intended to put all my bookmarks for online access onto Yahoo Bookmarks but never have gotten around to it. Why I never did it beats me as many others were saves to My Web 2.0 on a regular basis.
While this is a hard and painful lesson to learn this incident has more than definitely taught me the importance of back up my data but not just all documents, photos; that is to say, all general work, which I keep stored off the main drive of the PC and on a secondary USB network drive in case of a PC crash, but every bit of data including all my browser bookmarks. I do not want to lose those ever again.
Your settings are not as important as the like of important links, you address book (this reminds me that I have not backed that one up for a while either) and your work.
Settings can be relatively simple and easily be rebuilt in a few minutes to maybe an hour or so at the maximum but the rest can take a lot, lot longer to restore and reestablish and some stuff may never be gotten back.
I feel utterly devastated – or at least felt thus – having lost all my web links, some of which were very important indeed in business terms and are a loss that cannot even be estimated. But there is nothing that can be done ofter such an even except making sure that it cannot happen again, that is to say that backups are being kept, off-line and online, if possible.
The most annoying part, as I have indicated already is that (1) I have bookmarks, for instance, stored online with Yahoo Bookmarks where all could have been and which can so easily be exported and then reinstalled into the browser and (2) that with Firefox it is so simple to do regular exports of bookmarks that can be saved on the hard disk.
Lesson learned, however. So, take heed and always back up your data, including your bookmarks.
© M Smith (Veshengro), May 2008
MASON HAYES+CURRAN INTRODUCES SOLSEARCH
Another top 10 Irish law firm, Mason Hayes+Curran, has appointed Solcara to provide an integrated search solution across its business, bringing together all primary legal resources in the Irish, UK and EU jurisdictions, as well as Interwoven’s document management system.
Mason Hayes+Curran has implemented SolSearch to search internal and online legal content. SolSearch reduces the time to find information and improves productivity across the firm. The SolSearch integrated search solution is a favourite in Ireland, used by four of the top five legal firms.
Tony Burke, a Senior Partner at Mason Hayes+Curran said:
“Fast and effective access to the right information is critical to delivering a high quality and consistent service to our clients. With this in mind we reviewed the options for effective searching across both internal and online information resources and selected Solcara SolSearch. The feedback since implementing SolSearch has been excellent. Our lawyers can now search across nearly 40 internal and external sources simultaneously. Solcara’s reputation in the legal market, the fact that they are already integrated with essential Irish and UK content providers and their solutions have been successfully deployed in other leading law firms made them the obvious choice for Mason Hayes+Curran.”
Solcara’s Managing Director, Rob Martin said:
“We are delighted to be working with Mason Hayes+Curran and this new partnership reflects what we are seeing in the market - legal firms who are keen to take advantage of new technology and software to improve their service delivery to clients, and to develop wider capabilities, to be able to make swift business decisions based on readily available information. SolSearch gives legal firms unprecedented abilities to search resources in real time and offers clear benefits to firms wishing to have the best tools available to service their clients.”
Seed Newsvine