The Little Geeni

Gone are the days when a dedicated firewall is sufficient to fend off hackers from cooperate networks. Unified Threat Management (UTM) is an emerging trend in the network security appliance market. Always on the cutting edge, ZyXEL’s ZyWALL 5 UTM is capable of outperforming the current ZyWALL 5 by up to 20 times with just a ZyWALL Turbo Card. This new technology introduces a new all-in-one network security device that provides content filtering, anti-virus, anti-spam and intrusion detection services traditionally handled by multiple systems.

Computer Security Appliance, Av+idp, Icard, Security, Silver, Year, Zywall, Zyxel

Successfully venturing and breaking into the vast and diversified technology market means much more than just having a new product. A new network security company must bring revolutionary technology, along with preferably a host of elegant resolutions to otherwise complicated and costly solutions, and at the same time it should naturally integrate well with the web security world around it, so as to distinguish itself from the crowd. Security is a major concern for enterprises and they won’t easily put their money in organizations which don’t have any customers from the fortune 500 list. You want to be the best, when it comes to security. And not many customers would brag that they have the second best security solution. A new security company is without a doubt challenged by the existence of a behemoths like McAfee, Trend Micro, Symantec, KasperSky, just to name a few, from a host of others. Any upcoming security company must provide something better than the best to succeed, is the least that can be said.

More and more important data is stored in web applications nowadays. The number of transactions on the web has also increased tenfold, so proper security testing of web applications has become a necessity. Security testing, in simple terms, is the process which ensures that confidential data remains confidential and that any user can perform only those tasks which he/she is authorized to perform. If the user can alter it in any way, when he is not allowed to, then there is bound to be a weakness in the web application. Causes of such weaknesses include bugs in the application, injection of various malicious SQL or Script codes or the presence of viruses. But, there are neat tools, which can make the task of web application security testing pretty simple. These tools make sure that you are well prepared in advance and know what to look out for.

There is a host of new firms which have come up in the past few years. One such network security company is iViZ Intelligent Vision which is an on demand penetration testing company and which provides a host of solutions for web application security testing, among other security solutions. You can visit their website at http://www.ivizsecurity.com/ to find out more.

Computer Security application, Security, Solutions, Testing

Penetration testing is the active analysis of the system, its network and the entire website for both known and unknown vulnerabilities arising out of inaccurate system configurations, hardware or software defects, inactivity of automatic updates and other flaws while processing and actively evaluating your information security measures. It’s a form of testing by means of which a mock hacking activity takes place and malicious codes are entered by the tester in order to ascertain areas that are more susceptible to such attacks and those that are secure enough. A periodic report is prepared and forwarded to the admin along with full analysis report and technical solutions. The testing procedures therefore involve methods implemented as it would have been done by the potential hacker with active utilization of security vulnerabilities and accessing business losses that can take place in cases where security breach takes place.

User interfaces, network interfaces, APIs and in places where possible input values are entered becomes vulnerable especially when they have a poor design or are implemented incorrectly. Penetration testing is then conducted and inputs under possible threats are identified and interfaces are documented accordingly. Often error messages and unwanted dialog boxes appear that pose a probable threats that transfer information from the software to external sources for hacking to take place. In such a scenario it becomes a necessity to assess sources that make this possible and remove it from its root.

Penetration testing helps in the formulation of information security strategy that involves identifying vulnerabilities and measuring the possible impact and making possible error resolution plans that can be implemented along with budget assessments. It curbs organizational failures caused due to security breach. Disaster scenarios are also prepared that help in judging the effect that a possible hacking can make in the system and network security zone by the help of prior attacks that happened earlier if any or willingly injecting some of the malicious codes to the system, analyzing the effects, creating the scenario and finding solutions to come out of the server or network security threat.

Penetration testing procedures prevents financial losses through lost revenue and data due to unethical processes such as hacking penetration testing help in building good relationship with the clients by regular assessment for vulnerable threats on their website, server and network security as any possible hacking might prove dangerous and may result in losing business, payment of heavy fines, bad online reputation leading to gradual closing. Penetration testing is something that needs to be conducted quite often to secure a website and enabling smooth function so as to generate profits and utmost customer satisfaction.

Computer Security Must, Penetration, Security, Testing, Website

I was just looking through the network security part of an IT Textbook that high schools are currently using and noticed the dodgy security information it was giving. The textbook recommends using WEP encryption to “secure the network” , hiding the network’s name (SSID) and filtering MAC addresses; and goes on to explain why you should use these multiple methods of “security” together.

The textbook writers are clueless, and the information is out of date, even though it was printed only last year.

For my guide “How to recover WEP keys using Backtrack Linux” the test WEP-secured network took a full 8 minutes to crack and gain access to. Now, if that was a WPA-secured network it would be much more challenging. For a start you can’t gather IVs on WPA and you are limited to using a dictionary to try and crack the passwords. If the key isn’t in the dictionary – you won’t be getting in. You will also find other challenges if you Google for it.

Here’s my first update to the textbook: Always use WPA or WPA2, never use WEP, and take advantage of the fact that WPA allows you to have up to 63 characters in the passphrase.

The next point is about how hiding your SSID supposedly improves security. It actually just makes you feel good, giving you a false sense of security, but degrading the network’s performance in the process. When the Wireless Access Point makes the SSID length zero in the network advertisements, “hiding” it, it adds extra work for the network to connect, and ultimately the SSID must be transmitted unencrypted anyway in order for the network to function. Furthermore the active probing from hiding the SSID also leads to worse security, by transmitting more data that is very useful for a hacker. It’s explained in this pdf from 2003 and it’s still true now.

So: Hiding the SSID does not improve security.

The textbook’s last point is about MAC Addresses. MAC addresses are the addresses of a computer’s networking hardware or a Wireless Access Point’s (or router’s) address, and it is possible to restrict which addresses can connect to a network in most routers. For example, the kismet program can give you a list of MAC addresses connected to an access point.  In Backtrack Linux, or any Linux for that matter, you can forge a MAC address with two commands, or alternatively type it into a program like spoonwep as you hack it (refer to screenshots in the tutorial), which means that the restrictions are easily bypassed.

Computer Security network’s, scratch, Security

Computer Network Services Manhattan: Cloud Computing & Security

Cloud computing, as pioneered by the Google Apps suite, is the name of the game for small business computer network services in Manhattan. But what is cloud computing? And what does it mean for your computer network services (http://www.uptimeus.com/Services/systems-integration.html) and IT security?

Cloud-based Network Services Save NYC Companies Money

At its core, cloud computing is all about virtualization—of infrastructure, applications and even security.  This cloud-based NYC IT infrastructure benefits small businesses in particular because it offers consolidation of servers, applications and even operating systems. This translates into IT efficiency and significant IT cost savings: your team can begin working immediately with cutting edge collaboration and presentation tools from diverse locations without investing a lot of money in computer network services.

But cloud computing, in conjunction with social media platforms like Facebook, Twitter, YouTube and the ilk, are also exposing NYC small business computer networks to an unprecedented number of security risks.

Does Virtualization Make Manhattan Computer Networks Vulnerable to Hacking?

At the heart of the issue is the very thing that makes virtualization so attractive to begin with: everything is linked. This means, on the most basic level, that if your employees’ email account is hacked (as was recently the gmail account of Twitter founder Ev Williams), your process and management systems, servers, Docs, Calendar, and Contacts are also compromised.

Unfortunately, while more and more companies are adopting virtual collaboration tools and cloud-based network services, only a portion of these businesses are simultaneously adopting virtualized security measures.

“You can’t simply rely on your existing New York network security infrastructure, although making sure traditional security measures and maintenance plans are in effect before adopting any sort of cloud-based strategies is a good idea, says Einat Aviraz-Sibony, President of Manhattan IT services firm UPTIME. (http://www.uptimeus.com)  “Because in essence, the basic IT security concepts are the same: data protection, identity and access, and business continuity.”

But as you take your team to the cloud, you need cloud-based security measures to protect your NYC-based computer network. And a number of security vendors are reworking their current applications to fill the current gap: Check Point, for example, has a new WebCheck feature that protects browsers from known malicious sites and analyses unknown sites for potential damage.

Virtualization will bring your team’s capabilities to a new level without overtaxing your IT budget, but keeping an eye on web-based security as it emerges warrants your attention. If you outsource your computer network services, make sure your provider performs routine virus detections and inoculations and ask them to check if your Software as a Service (SaaS) vendor—like a Google Apps reseller–offers the Novell Cloud Security Service, the newest in cloud security offerings.

Computer Security Cloud, Computer, Computing, Manhattan, Network, Security, Services

Managed appliances:

security solutions that do more

The complexity of dealing with enterprise security continues to grow, placing increasingly heavy

demands on the IT department. Vendors have attempted to meet the challenge with solutions

that strive to let the IT administrator do more with constrained resources and less time. But these

have turned out to be at best only partial solutions. This paper introduces the concept of the

managed appliance, highlighting how they serve a specific purpose (i.e. email or web security),

and how they free up time while providing improved security, visibility and peace of mind better

than any other type of security solution available today. It explains how managed appliances score

over conventional appliances in the fundamental principles of efficient security management:

reduced daily administration, an enhanced overall user experience, and proactive vendor support.

Managed appliances: security solutions that do more

Managed appliances:security solutions that do more

In today’s increasingly connected world, the challenges to maintaining business continuity

seem never-ending. Shifting operational priorities, complex and evolving networks, and mounting

internal and external security risks have led to an increasingly volatile environment. Nowhere is this

more evident than in the IT department where success is expected despite daunting project

scopes, tight timeframes, and perpetually strained resources – money, staff, and most significantly,

time.

So how are today’s IT administrators addressing the challenge of providing cost-effective, fullscope

security while ensuring that administrators have time for other, more strategic priorities? The answer is that they are increasingly choosing appliance-based security solutions on the assumption (based on vendor promises) that appliances are easier to set up and use than software.

Easily adaptable to any network infrastructure, and built on a maintenance-free operating system,

appliances are, indeed, a natural form-factor for security solutions. But do they actually fulfill the promise of effective security with less effort?

Do they enable better strategic management by providing better visibility and control? Or are they

simply software on a box, offering no realizable benefit beyond a hardened operating system? Are

they, in fact, simply a modern-day version of the emperor’s new clothes?

Appliances defined

According to Gartner, an appliance is “a computing entity that delivers predefined service(s) through

an application-specific interface, with no accessible operating software.”2

True appliances require a high level of integration between the hardware and software on a

dedicated device. An appliance is not simply pre-installed software imaged onto a generic or

re-branded server. It is a single package that is straightforward to acquire and deploy, minimizes

the degree of configuration required during installation, requires minimal IT support and

alleviates the need to manually patch, configure, and maintain the underlying operating system.

Just 7.91% of the overall IT budget in North

American and European enterprises will go

to security in 2007. 48% of respondents

also identified security initiatives as a major

theme for the IT organization.

Forrester Research, Jan 20071

Managed appliances: security solutions that do more

Conventional appliances: a promise broken

In response to the growing demand for simpler security solutions, vast numbers of appliances have

flooded the market. However, most are not fulfilling the promises of overall time and resource savings.

Further, not all devices marketed as appliances are actually appliances. They fall short of Gartner’s

definition offering neither the predefined service(s) through an application-specific interface nor the

vendor-maintained infrastructure – in many cases, the vendor simply pastes the software onto the

hardware. These appliance-like solutions in reality require substantial time to install, configure and

manage.

Those solutions which try to solve non-specific

problems or pull together non-integrated fragments

of solutions, frequently lack simplicity. As vendors

work to get product to market quickly, they invest

little thought in developing solutions that will

reduce administrator effort, bringing together

disparate functionality, delivering it on a single

server and calling it an appliance. The absence of

integrated design impacts the manageability of the

device and usability suffers dramatically.

However, the ultimate criticism of today’s

appliances is their failure to build confidence that

they are doing what they should. So although the

burden of installation might be reduced to some

degree, and although some appliances do offer

some flexibility if traffic, quarantining, or archiving

requirements change, this does not constitute a

promise fulfilled. Unless the administrator can also

have confidence in the appliance’s performance

and availability, it has not delivered its true

potential.

The managed appliance: the ideal solution

Into this field of incomplete solutions enters the managed appliance, bridging the entire spectrum

of IT concerns and delivering clear benefits in measurable time savings and peace of mind.

It adds value in critical areas such as system health monitoring, tracking of and assisting with

anomalous traffic behavior, and one of the most time-consuming administrative tasks – internal

help desk support.

The ‘managed’ part of a managed appliance becomes apparent when one looks at two

aspects of its design: how it reduces day-to-day administrative overhead and saves time, and how

it is supported by the vendor both proactively and reactively.

Day-to-day administration

Determining the time saved in any IT process

can be difficult to measure. Yet such assessment

becomes important when evaluating the added

value of a security solution. All aspects of an

appliance’s design contribute toward its overall

impact on administration and an experienced

security vendor’s insight into the latest network

security issues can translate into more effective

policy creation and deployment and better overall

user experience.

Streamlined installation

An appliance should be ready to perform within minutes of being taken out of the box, without the administrator having to read tomes of documentation. A well-designed managed appliance provides easy access to an array of

features that makes this possible. For example:

Configuration wizards can save a great deal of time and effort, minimizing data entry and

offering access to targeted help topics when relevant.

Automatic verification of network settings will ensure that the appliance is configured

correctly the first time.

Automatic detection of user authentication systems such as Active Directory® servers

help pre-configure the appliance for the local environment and reduce the amount of time

needed for installation and configuration.

Finally, many administrators want clear confirmation that the appliance is indeed in

regular, scheduled contact with the vendor’s security and software update services.

Instant policy set-up

Security policy optimization is a balance between efficiency and control. Achieving the right

balance should be the vendor’s challenge, not the administrator’s. Vendors with extensive expertise in

dealing with threats and who truly understand the challenges currently faced by IT departments will

offer the optimal combination of powerful default settings and easily accessible (but not excessive)

customization options, available through a wizard-based interface.

Task automation/elimination

There are myriad tasks and events that

administrators should never have to do manually:

download threat definition updates, back up

configuration data, archive logs, upgrade software,

synchronize with LDAP servers for authentication

and policy enforcement, and many more. Yet

most security solutions, including appliances,

fail to deliver even these most basic time-saving

functions. One of the key differentiators of

managed appliances is that they are designed

to reduce or eliminate as many of these tasks as

possible, without forcing compromises in other

areas, such as acceptable use policies, protection

of confidential business data and overall visibility

and control.

Easier access to information

Easy access to relevant, actionable information is the critical foundation to any appliance interface.

The administrator should only require a single graphic user interface (GUI) to manage all

functions of the appliance, and should never need command line access for any task. Frequently

accessed information – such as protection status, traffic patterns, throughput and system health –

should be visible from a central dashboard. When more detail is required, the administrator should

also be able to navigate the interface quickly using as few clicks as possible, regardless of the starting

point or desired destination.

By providing quick, intuitive access to information, through a point-and-click interface with drill-down

capabilities, and separate off-box archiving, a managed appliance makes it easy to carry out

in depth investigation.

Managed appliances do more than simply

cut down on administrative overhead – they

engender the sense of confidence that comes

from knowing that they are operating as

expected and will continue to do so.

Managed appliances: security solutions that do more

Better reporting and visibility

When done properly, a good reporting system helps paint a clear picture of network traffic and

enables better enforcement of security policies. A good reporting system also helps administrators

plan for the future, by watching and predicting the impact of traffic on the overall network, not just

the appliance. A managed appliance goes beyond the narrower scope of functionality addressed by

traditional appliances by providing visibility into how it is affecting or being affected by upstream

and downstream components.

Ongoing vendor support

A key area in which managed appliances score over other solutions, whether hardware- or

software-based, is in the redefinition of the role of the vendor as an extension of an organization’s IT

department. Managed appliances do more than simply cut down on administrative overhead – they

engender the sense of confidence that comes from knowing that they are operating as expected

and will continue to do so. This is achieved by the vendor committing to both local and remote monitoring, and offering high standards of proactive and reactive support – offering an

agreed service level that provides the clearest differentiation between a traditional appliance and

a managed appliance.

Local monitoring and alerting

In order to focus valuable time on other more

mission-critical activities, administrators should be

able to avoid interacting with non-strategic systems

such as security appliances unless a condition exists

that cannot be resolved automatically.

To achieve this goal, the role of the managed

appliance is clear:

Keep track of what’s going on – a comprehensive array of built-in sensors will monitor system

performance and availability and should cover traffic anomalies, security updates and hardware

performance (e.g. temperature or capacity), and more.

Try to fix the problem if one arises – e.g. initiate an FTP backup of logs or quarantine to make

space for new traffic.

Alert the administrator to take some action if necessary – e.g. investigate downstream mail

servers for queue delays, or isolate a spywareinfected client computer for cleanup.

Proactive support

Where managed appliances really stand apart from the crowd is in the domain of proactive support.

With alerts being sent to the vendor as well as the administrator, the vendor is able to confirm that

appliances are being updated on schedule and remotely monitor the health and performance of the

appliance.

In addition, the ability to initiate contact and offer high-quality technical support even before the

customer is aware there might be a problem, means that the vendor is able to prevent costly service

interruptions, stop important data from being lost and avert critical failures that might occur at a

later time if the condition were to go unnoticed. For example, if the FTP server that archives log and

configuration data becomes unavailable, the vendor can contact the administrator directly.

appliances: security solutions that do more

Similarly, if a condition occurs that can fatally interrupt system performance or availability (e.g.

failing hard drive or defective power supply), the normal operating environment can be

rapidly restored with the vendor dispatching a replacement part or unit as soon as possible.

Reactive support

As well as looking for proactive support, appliance

users will have many occasions where they look

to the vendor to react quickly to specific requests.

Changes to the network infrastructure, evolution of

policy, or training a new administrator unfamiliar

with the appliance, might lead the administrator

to want help and guidance from the vendor and it

is in the response to this type of request that the

vendor of a managed appliance again differs from

other appliance vendors.

Traditional support can come in different forms: built into the appliance and accessible via the

GUI, in an online knowledgebase on the vendor’s website, via email, or via live online or telephone

contact with support engineers. But for a managed appliance vendor, there is an additional layer of

reactive support that surpasses the speed and quality of support associated with traditional

appliances and represents the responsibility assumed by the vendor for ensuring appliance

uptime and availability.

This extra layer involves on-demand remote assistance, through which the vendor can log

onto the customer’s appliance and troubleshoot it remotely. Naturally, this service should be heavily

guarded by security, leaving the customer with ongoing control over the remote session and giving

them access to detailed logs of any modification made by the vendor.

Summary

The challenges faced by organizations in maintaining network security while protecting

business information and client confidentiality have become increasingly complex and timeconsuming.

Dealing with emerging security issues while trying to accomplish more strategic

initiatives is an increasingly fine balancing act for IT administrators. Organizations that seek reduced

administrative effort without compromising security or business practices now have a new

choice: managed appliance solutions. Retaining insight and control, avoiding costly down-time,

and ensuring efficient, effective and reliable security can only be achieved by working with

vendors that understand the challenges facing IT departments, and offer solutions that add real

value beyond security.

The Sophos solution

Sophos managed appliances for email and web

security provide the performance, reliability,

insight and support that IT administrators need,

freeing up time to focus on their business and not

on their infrastructure. Every Sophos appliance

is built on a robust, easy-to-install platform

that features a highly intuitive, easy-to-use

management console for quick access to relevant,

actionable information. They include timesaving

features such as automated installation

and configuration, automatic updates to threat

definitions and software every five minutes, an

advanced alerting system, remote heartbeat

monitoring and on-demand remote assistance. In

addition, all appliances come with 24/7 proactive

technical support.

This article was provided by Sophos and is published here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware protection.

Computer Security appliances, Managed, More, Security, Solutions

Windows 7 security: A great leap forward or business as usual?

The public release of Windows 7 is approaching fast. Debates and discussions have been raging on the security improvements in the new platform, and some potential problems have also emerged. In this white paper, we run through the most significant changes and additions, and look at what they might mean to users and administrators.

by Chester Wisniewski, Senior Security Advisor, Sophos

Can Windows 7 succeed where Vista didn’t?

The much-heralded Windows Vista had a mediocre reception on its initial release, and never really took off despite great efforts from Microsoft to encourage hardware vendors to use it. Many businesses, wary of numerous issues, opted to stick to the tried and trusted XP until the new platform stabilized with service packs and upgrades.

But Microsoft took a different course – it rushed to create a replacement platform.

The upgrades included with Vista focused on visuals and certain speed improvements. But the platform introduced a number of new or improved security features, most notable of which was the User Account Control (UAC) system, which was designed to prevent unauthorized execution of code. UAC was widely criticized for its intrusive popups, and its reliance on the understanding of a largely untrained user base that is more likely to ignore or disable the alerts than to take the time to decipher their meaning.

Some other minor additions, such as encryption software BitLocker and the Address Space Randomization system, provided a little extra security, while some items such as the one-way firewall and the Security Center remained largely unchanged.

With Windows 7, Microsoft showed that it is paying attention to its critics and has attempted to deal with a number of these issues.

Some of the changes are largely cosmetic, with further upgrades to the desktop look and feel that continue the direction taken by Vista, following the lead of a certain rival operating system with a far better reputation for glossy visual appeal and user-friendly design.

Under the hood, there are new additions and serious upgrades to previous security measures that offer the promise of greater security as well as ease of use. Microsoft overhauled the interface between users and Vista’s security controls with the Vista Security Center becoming the more fun-sounding, if a bit ambiguous, Action Center. In addition, the company redesigned the UAC, expanded the firewall into a more complete feature and extended encryption. Microsoft also promises a new user-friendly VPN system.

The implementation and completeness of these new ideas will be significant factors in Windows 7 gaining traction with users and IT departments that have resisted upgrading their systems. For the many that have waited so long, upgrades are no longer a choice. Microsoft hopes to avoid a repeat of the Vista experience—so marketing and sales will be pushing hard on customers to upgrade to Windows 7. It is almost certain that Windows 7 will push XP aside. Therefore, the safety level of the new platform will have a massive influence on computer users worldwide, whether they like it or not.

Action stations: Windows Security Center rebadged but not replaced?

Microsoft introduced Windows Security Center with XP and it has remained largely unchanged ever since. With Windows 7 it has been given a major revamp. The new Action Center combines the existing management and control of the firewall, updating and anti-malware protection with a selection of additional system maintenance tasks, including backup, troubleshooting, anti-spyware, UAC and the general state of network security settings.

Windows Vista Users accustomed to the constant stream of alert popups and the old system tray shield badge will experience the biggest change. Windows 7 presents more detailed listings of potential issues, which often come with useful information and advice. Integration with anti-malware solutions is much more granular, enabling products to inform the operating system when they need updating. In Vista, the only information the Security Center could provide was “out of date” or “more than 30 days out of date.” Products can also feed their own customized information to users, enabling them to make more informed choices, and users gain a level of customization (e.g., they can disable functions they are not interested in monitoring).

The new Action Center icon looks like a waving flag; it features a small red mark when something important needs fixing. At first glance it seems like a good idea to do away with the popups, which became almost invisible for many users thanks to their frequent appearance. But the flag icon could be a step too far: The new alerting system may be so obscure as to be rendered useless.

The improved integration and control, and more granular messaging, will help most users and security solution developers. However, striking the right balance between keeping users informed and flooding them with irritating alerts remains tricky.

Access denied: UAC simplified, but still ruined by pester power?

As part of the Action Center lineup (and therefore a core security feature of the platform), the UAC system has also had a radical revision to minimize its impact on the user. In Vista, where it first appeared, the system quickly became notorious for presenting an excess of intrusive alerts and demands for confirmation, which quickly turned off users who consequently turned off the system. Changes to system settings were the main cause of these—rather than new software installations or installed programs trying to adjust a setting (when alerts are more expected and in some cases even appreciated). The new system has a finer level of controls than the simple on or off of the earlier version; it defaults to prompting only when third-party programs try to make changes and allowing changes initiated by the user. A simpler slider system enables a user to set more or less strict data protection with ease. In addition, the occasionally rather scary dimming (and often brief blacking out) of the screen that accompanies the alerts by default can also be disabled. Microsoft also redesigned popups to be more informative.

Microsoft promised a significant decrease in the number of popups, and, indeed, the popups in Windows 7 now have improved information on exactly what is being permitted—so it should make the system more effective. However, it is unclear whether many users will use the system correctly— that’s because most users lack the understanding required to make informed calls, and many are unlikely to think beyond simply making the popup disappear. On a standard desktop running with the “protected administrator” default user, making the popup disappear is as simple as clicking yes or no; the default selection is no, so users who have trained themselves to simply hit the Enter key will find themselves protected from unwanted changes and most likely frustrated by non-functional software.

Another issue with these default settings is that malware could bypass the system by injecting itself into a trusted application and running from there. Indeed, some malware has been observed spoofing UAC-style prompts to obtain user permission to operate unimpeded.

The system is improved from its previous, barely usable state. But it still lacks the features of platforms with more ground-up security models, where such alerts generally provide adequate context and detail so users can grasp exactly what is being asked and require an administrator password even from a logged on administrator— which forces users to consider what they are allowing and take responsibility for their own safety. The UAC concept is user-driven rather than expert-driven, so it is a questionable approach in a world where end-user expertise is rare. Although personal files and tools will require user approval and operation, core system assets should be more rigorously protected.

Border control: Windows Firewall finally fully functional?

One of the most significant security improvements introduced in the XP era was the Windows Firewall. Initial off-by-default versions proved entirely inadequate, so with SP2 Microsoft made a major step change in the security of users worldwide by providing firewalling as a standard feature.

Of course, with only inbound protection rather than the bidirectional control provided by proper firewall solutions, it was far from ideal. Although the basic stateful packet-filtering provided some protection from common exploits, it lacked any advanced features like a full-fledged antivirus; and without central management, policy enforcement and auditing were unsuitable for serious business networks. For most well-informed administrators, it was just another thing to disable before rolling out more comprehensive protection. If nothing else, though, it gave the inexpert, or just lazy, everyday home user a bare-bones level of protection from many forms of attack.

With the new OS, Windows Firewall finally comes of age. The new version provides appropriate inbound and outbound port and protocol filtering including IPv6 support and a raft of features. Detailed user-level configuration is available, but at the corporate network level the improvements are even more significant, with complete management and reporting well integrated into the group policy subsystem.

This all sounds like a major boon to home and business users, but it depends on how broadly it’s adopted, which in turn depends on how willing people are to adapt long-standing security practices. Home users—again, all but the most ill-informed—are using their internet security suites to provide both anti-malware and firewalling, generally with specialist firewall design and integration with behavioral anti-malware providing a much higher level of protection. At the business level, similar practices will apply in most cases, with providers of corporate security solutions bundling desktop firewalling with their other protective layers and providing their own centralized management and reporting systems. Security admin specialists will be charged with monitoring and maintaining all protection in bigger networks. In addition, they will still have to control anti-malware, NAC and other security implementations that are not so well integrated into Microsoft’s own control systems. Security specialists may also face a steep learning curve with the Group Policy Object management style (although it’s familiar to user-level software and policy administrators, and suited to their needs) because it’s so unlike standard workflow patterns in existing security management systems, which are specifically designed to cope with the complex needs of firewall configuration.

For most home and work users, splitting the task of security management between multiple tools, usage layouts and support systems will be a pretty obvious timewaster. The use of firewalls from existing, trusted providers seems likely to remain the norm for the foreseeable future.

Tunnel ahead: DirectAccess, a simple VPN for all?

For corporate administrators, one of the most interesting new security features in Windows 7 is likely to be the new DirectAccess system, which is essentially a built-in VPN client designed to allow users to “simply and more securely access corporate resources when out of the office” (source: Microsoft Windows 7 main page). It is intended to be fully integrated, always on and compatible with firewalls and NAT setups, and to allow both remote access to corporate networks and remote management of logged-in systems by network admins. Remote users are growing ever more commonplace and the issues they present to network security administrators expand in complexity along with their numbers and requirements. Microsoft has recognized the need for major improvements in remote connectivity, so it appears that it will make it very simple and easy to stay safe on the road.

However, there are some major implementation and security issues here. The first big stumbling block an admin will hit when trying to implement DirectAccess is its complete reliance on IPv6. Although theoretically a much superior and more scalable technology to IPv4, IPv6 has yet to make much if any headway in the real world. This means that admins will need to implement IPv6 both on workstations and on the corporate networks, with the inevitable associated learning curve and security lapses when implementing complex and unfamiliar technology for the first time. The alternative, as recommended by Microsoft, is to implement translation technologies at both the workstation and server sides, likely to require different tools and systems for the two, with the associated additional overhead and several more levels of complexity for the administrator – and of course the additional security risk that complexity brings.

Those persuaded to bite the bullet and become early adopters of IPv6 should remember the lessons of the IPv4 introduction – when large numbers of severe vulnerabilities were discovered. It seems inevitable that similar issues will be found with IPv6 when the user base has built up and stumbled across them, and early adopters will be embroiled in a taxing cycle of firefighting and patching until the bugs are ironed out.

There are also some potential dangers in the way Microsoft recommends using the system, which is intended to tunnel traffic securely into corporate networks but allow other activities such as web browsing to use the machine’s typical (usually wireless) connection, presumably to save on corporate resources. This approach will immediately sound alarm bells with security-conscious admins who see such a setup as an open bridge between their carefully protected networks and the threat-riddled frontiers of the internet. In other words, this approach should be avoided at all costs.

When IPv6 finally becomes the norm, this system will be a great leap forward. But it is premature and somewhat lacking in completeness of vision, so serious network admins will stick with their existing VPN providers for some time to come.

Locked out: BitLocker, a business-ready encryption system?

BitLocker disk encryption, which was introduced in Vista, has been somewhat extended and improved in Windows 7. Again, it is included only in the Enterprise and Ultimate editions. It has some hardware requirements as well, including a compatible BIOS and a separate unencrypted boot partition from which to access the encrypted system drive. For optimum performance, a trusted platform module that provides a range of services like tamper protection to allow trusted boot, key storage and basic cryptographic functions, is recommended. In its Transparent Operation Mode, it provides little more than integrity checking on boot, with decryption failing, or at least requiring additional confirmation before proceeding, if unauthorized modifications have been made. The User Authentication Mode offers a more secure level of encryption, requiring a user password or a key stored on a USB drive before the protected system or other volumes are decrypted.

Windows 7 includes an additional set of functionality for encrypting USB removable drives, which should be compatible with Windows Vista without changes. XP users will require a new plugin to access data stored on encrypted key drives, which will at least allow read access. The plugin will only provide protection when the drive is disconnected from the machine; when plugged in, all data on the drive is vulnerable to harvesting if the machine is compromised by malware.

Similar to its improvements in the firewall, Microsoft appears to have done a good job of providing a quality encryption system built in to its operating system. But, again, similar to the situation with its firewall, it remains to be seen if the company, which still has long-standing problems inspiring trust on security matters, will persuade admins to migrate from their existing, well-known and trusted expert cryptography providers. Management remains a key issue, with the implementation of centralized key management and disaster recovery lagging well behind the solid implementation at the local level.

Related to BitLocker in name only, AppLocker provides a basic whitelisting system designed to allow only approved software to run on Windows 7 systems. Available only in the Enterprise and Ultimate editions, it is manageable via the Group Policy model.

More or less: Other security benefits and potential pitfalls

Admins considering implementing Windows 7 in a corporate environment should review a number of other areas where they’ll encounter some good points and some hazards.

Some have highlighted the built-in XP mode virtualization system, which provides full compatibility with older software, as a great benefit to users. Others have pointed out the potential security drawbacks – with good reason. There is little centralized management available for XP mode virtual systems. Moreover, as with any virtual machine, the guest system will require all the usual patch management and client security software to keep it safe. Many inexperienced users think virtual guest systems are protected by the security of the host – not subject to their own patching and anti-malware requirements. Therefore, these users tend to leave these virtual guest systems open to attack and infestation, so significant use of such systems by home users may lead to the growth of infected machines attacking the rest of the world.

In a corporate setting, there appears to be little need for XP mode because most professional software runs without difficulty on native Windows 7. The main target of XP mode appears to be gamers clinging to aged favorites. Most admins should simply disable XP mode in the corporate desktops; and those who must allow it should follow the usual requirements for virtualization, with all the extra work of patching and client-side security conducted as scrupulously as possible.

There have been rumors that European anti-trust regulations may force Microsoft to provide a so-called “E Edition” for the European marketplace. This edition will enable users to select from a range of leading browsers during installation, with the operating system opened up somewhat to allow it to function without Internet Explorer. Although this may be of interest to home users intrigued by the perceived added security and usability of some browsers, corporate software management is generally better served by Microsoft’s regular, if often rather tardy, patching system. Moreover, few businesses will be prepared to fully trust the relatively under-supported open-source alternatives for the time being. For most, using IE as a default and alternatives available as secondary browsers if required is likely to remain the standard.

Microsoft has been heavily criticized for some time for stubbornly clinging to the default setting in most Windows releases to hide file extensions, which has been exploited by malware authors for many years to disguise their wares as something other than what they are. The issue has been around since Windows NT, and is widely regarded as one of the simplest moves Microsoft could make to show it is serious about keeping its users away from malware.

The password authentication model presents a major stumbling block to Microsoft’s highly valued usability, and the company seems to have recognized that the model also has flaws as a security system. One addition to Windows 7 that seems likely to be universally welcomed is the built-in support for biometric devices. It handles fingerprint readers and comes with API access for developers of other types of biometric identification.

A growing number of devices now have integrated fingerprint readers. Although the readers have been implemented with varying degrees of success, this could move authentication away from the easily cracked or stolen password model toward more personal, unique and certain ways of confirming identities. The success or failure of this new model will depend greatly on the close integration of devices with platforms, software and web services, and Microsoft has taken an important step toward providing its end of this package.

With all these new features, will Windows 7 keep me safe?

Whether its motivation arises from a genuine desire to do things better or simply a sensible business case for appearing more credible on security issues, Microsoft has attempted to move closer to an appropriate security model. The company has provided some interesting and useful tools to assist its users and network admins in maintaining control over their systems and data. However, many of these new tools have flaws of one kind or another – and some show serious shortcomings in completeness of vision and thoroughness of implementation. Still others seem like excellent and complete packages waiting only for the rest of the world to be in a position to use them.

Of course, we never expected the new platform to do away with the need for anti-malware and other security and control solutions. But at least Microsoft will be covering most of the security issues for its wide user base of under-educated, under-motivated home users once its new Security Essentials free desktop anti-malware arrives.

Most businesses will stick to third-party expert security software providers. But it’s possible the decrease in numbers of easy targets elsewhere will reduce the numbers of zombies, spam bots.

Computer Security Business, forward, Great, leap, Security, usual, Windows

It is imperative for all business organizations to exercise discretion in their operations and safeguard all the data pertaining to these operations. Leakage of crucial information can be detrimental for the organization in many ways. Competitors will make use of such vital data. There could be danger to the business even leading to dissolution of the business. Hence, it is very essential to keep confidential facts of every business inaccessible, and under layered safeguards. Fear of misuse or destruction of data is the most pressing concern. Seeking such protection is both lawful and moral.

These threats are posed not only by individuals or competitors, but also by the information systems themselves. By this we mean, the operating systems of an enterprise stand to lose critical facts and figures to malfunctions in the system like viruses, spyware, spamming, etc. The application and usage of the internet cannot be undermined or under-rated in today’s world. So every information and operating system functioning today faces the risk of irreparable damage.

Threats come from all corners such as, unencrypted data in various office locations, new day to day application-level attacks, mismanagement of key infrastructures, poor user authentication, authorization and management, and human configuration errors.

Multi-national corporations, hospitals, defense services, governments, banks and other financial institutions generate volumes of statistics which ought to be protected. To secure such critical and vital records it is important to hire professional services of security providers. State and federal laws are more complex and require constant review for a company to be compliant. For example, following high-profile data security breaches in 2005 at ChoicePoint (where 163,000 records were compromised) and CardSystems (where 40,000,000 records were compromised), many other states used California SB 1386 as a model for developing their own data security breach disclosure laws. Today, 40 states in the country have passed data security breach disclosure laws, each with their own distinct notification requirements.

With different industries, threats can be more or less important. For example, Healthcare companies are responsible for 11% of all data breach incidents in the U.S. between 2000 and 2007. Although educational institutions have a greater number of incidents/records lost, healthcare ranks number two. Government came in 3rd. Education ranks quite high in total number of incidents but only accounts for 2% of all records compromised. Healthcare has a similar number records compromised, but accomplishes it with one third the incidents. So if your industry is under regulations such as HIPAA, you may have to dedicate more resources to information security management.

There are many security services providers one will come across while browsing the internet. It is essential to choose a service provider who will cater to the specific needs of the organization, as the security concerns of a bank will be different from that of hospital or a municipal corporation.

www.kraasecurity.com provides security for all groups seeking to safeguard fundamental and crucial information. KRAA Security is managed by professionals and experts who use their expertise in identifying and framing security solutions, and continuously updating them as per advancements in technology. They offer all this at very economically viable rates, wherein, a company has to part with very low monthly fees after an investment in the beginning.

The purview of services of KRAA Security broadly includes:

Network Security Operating System Security Application Security Compliance Testing.   Managed Security Services, Intrusion Detection/Prevention systems, Firewall management, Managed VPN Service, Content Filtering, Website monitoring, Virus scanning, Spam filtering, Vulnerability scanning, Phishing and Pharming defense and Host Intrusion Detection are some of the aids to facilitate the above services.   Visit the site of KRAA Security  www.KRAAsecurity.com for updates on information security. Contact us at info@kraasecurity.com

Computer Security Management, Security, Services

Information Security means to give protection to the confidential materials of any organization and to restrict the availability of all information, be it the electronic, print or other types.

Everyone will agree to the fact that information assets are critical to any business and paramount to the survival of any organization in today’s global market. As there has been a rise in the cyber crimes, such as hacking, data thefts, data losses and virus attacks in the networking and software related jobs, the need of information security is growing by leaps and bounds.

Components of Information Security

Typically information security comprises of five components, such as:

1. Confidentiality

Information security ensures that information is shared only among authorized persons, within or outside the organization. Breaches of confidentiality happen due to improper handling of data through printing, copying, e-mailing or creating documents, etc.

2. Integrity

With proper information security, there is also the assurance of the information being authentic and complete. The term ‘integrity’ is regarded as the indicators of information security or lack of it. The integrity of data is not just restricted towards the correctness of data but it also verifies whether the data can be trusted and relied upon.

3. Availability

In information security, the person in charge of it makes sure that the systems can be accessed by authorized people whenever needed. It helps in delivering, storing and processing data in a responsible manner.

4. Accountability

Since there are different departments in an organization, confidential information needs to be protected and secured with utmost care. Most organizations build a culture of confidence in their employees, and all employees, particularly in senior and responsible positions understand that internal information and data is not to be shared or divulged to unauthorized persons. Some organizations also have specific departments where the people are entrusted with the responsibility of protecting the assets and confidential data .

5. Audit-ability

This component of information security has got two parts. Firstly, any system must be able to backtrack as that one can determine the positioning of the system during any emergency. Secondly, with auditing it becomes sure that the systems have all the necessary documented requirements.

Role of Information Security in Indian IT market

Over the past few decades, the information technology industry has placed India amongst the fastest growing IT exporters IT-Enabled Services (ITES) providers in the world.

According to a survey conducted by the National Association of Software and Services Company (NASSCOM), the Indian IT software and services sector showed a growth of 31.4 percent during 2005-06, and by 2010, it is believed that the IT and ITES sector will touch US$ 60 billion in exports. Looking at the phenomenal growth in IT jobs, the need of information security and network security experts is growing everyday in India.

According to market estimates, the IT Security market is worth $100 billion today and India itself is facing a shortage of over 1,88,000 security professionals. Recognizing the growing need for information security management, reputed IT training institutions are providing regular and distance learning courses in information security training and network security training.

 

Computer Security About, Everything, Information, Know, Security

It’s strange how the network security policies in place at a company can actually damage, rather than enhance their security. Security measures which are too stringent can lead to employees going around security for convenience’s sake. Employees can actually create security vulnerabilities which your IT department may not be able to protect against; because they may be unaware that they exist!

Not long ago, I spoke with the business director of a large company (I’ll call her Susan). Her company’s IT department requires employee passwords for their network be at least eight characters in length and be comprised of a random mix of letters, symbols and numbers. She also must change her passwords every sixty days. While Susan goes along with the security policies put in place by her IT department, if you were to walk into her office, she has her logon password written right there on her desk – “Password: 1jy^hndT”.

The work environment in many companies these days involves understaffing, tight deadlines and long workdays. When you add yet another complication into the lives of already overworked employees, it is only natural that they choose convenience over security. You see everyone doing this; from the CEO on down to the temps. While it sounds like a good idea to have employees remember complex passwords, what happens in practice is that it slows things down and leads to security being circumvented.

The real problem isn’t the security policy; it’s actually a very sound one – it’s the way that it is implemented which makes it a problem. IT departments are prone to ignoring the human factor when they design security policies. Most people can’t remember two complex passwords; and many can’t even remember one! By making employees change their passwords every two to three months, they further complicate the situation and practically force employees to engage in insecure practices in order to get their work done while still complying with corporate security policies.

This gives management a false sense of security when it comes to network security, since they don’t even know where to look for potential problems. Let’s say that someone copies down Susan’s password and logs in as her – the network monitoring software simply accepts as fact that she is working at 3 am. These security systems will not be able to prevent these attacks until the damage has already been done.

Password security which does not offer convenient implementation is not something which comes without a cost. Resetting passwords can take anywhere from 20% to 50 % of an IT departments time – this translates into about $70/incident. This time and money could be better used by your IT department. There are other costs; lost productivity when employees are unable to access the network.

A rule of thumb to keep in mind is that the greater the level of password security without a convenient management system in place, the more often you’ll need to do password resets. Smartcard security tokens offer a solution which balances productivity, security and technical support.

Smartcard based security tokens allow employees to manage network and computer security themselves without compromising the security of your corporate network. They do this by:

1. Offering double, two factor authentication – the user has the card (something they have) and the PIN (something they know). The computer has the card (something it has) and stored complex passwords (something it knows).

2. Being portable to other machines.

3. Having no information is stored on the computer for prying eyes to find and use.

4. Convenience – the user only needs one password.

5. Employees always have possession of their passwords.

6. Token data is securely stored and protected in the event that the token is stolen or lost.

7. The token can store passwords for many accounts.

Smartcard based security tokens prevent data thieves from merely looking over someone’s shoulder to learn passwords or look for notes taped to desks or inside drawers bearing this information. If each account is set with its own unique password, even if a data thief somehow gets one password, all other accounts are still protected. Smartcard based security tokens allow employees to stay within IT security policies and keep corporate networks better protected while offering the convenience employees want and need. This can make even the most careless employee a security conscious one.

Computer Security Breaches, Cause, Data, Network, Policies, Security