Wednesday, November 29, 2006

From Wall Street to the military, the year ends with security undertakings

As the year winds up, IT managers from Wall Street to the military say they've kicked off ambitious projects to bolster security within their organizations.

At New York-based investment firm Goldman Sachs, one project under the direction of Tom Quinn, vice president of information security, entails adding desktop software for digital-rights management to restrict viewing, printing or changing financial data.

Click here for the full story.

Tuesday, November 28, 2006

The 10 Most Overlooked Aspects of Security

Before you hunker down, all comfy and cozy, in front of a crackling holiday fire, hold the fruitcake and eggnog: Feel like you're forgetting something?

Most likely, you are.

Did you post a surveillance camera in your server room? Check the trash can for discarded disk drives that weren't wiped clean of sensitive data? Do a deep background check on that new database administrator you hired? Look into that new third-party security services offering?

Encrypt the backup of the year-end financial data?

Gulp. Maybe you're not quite ready for the holidays.

Click here for the full story.

Friday, November 24, 2006

Study: Almost half of firms late in patching laptops

Organizations, already knee-deep protecting the data in laptops are patching critical vulnerabilities in the mobile devices too slowly, a new study has suggested.

The findings, released Monday by analyst firm Trusted Strategies and patch management provider Shavlik Technologies, revealed that companies largely lack automated solutions to track down vulnerable laptops and apply the necessary patches.

Click here for the full story.

Thursday, November 23, 2006

Oakley rolls out laptop protection software

Oakley's SureFind software lets IT administrators remotely monitor and disable lost or stolen laptops.

Oakley Networks this week rolled out software that lets organizations remotely locate a lost or stolen laptop, determine whether data on the laptop has been compromised, and destroy the data to protect it from exposure.

Click here for the full story.

Wednesday, November 22, 2006

Data That Doesn't Drip... Drip... Drip...

You've heard of data leakage, but what about data seepage?

That's when your desktop applications are set to connect to your internal mail server or shared folders -- for instance, when you boot up your machine -- and your corporate network is then exposed to a targeted attack.

Click here for the full story.

Not Your Grandpa's Microsoft

OCTOBER 31, 2006 | Microsoft's a big target -- the vendor takes a lot of heat for poor products or just a lack of responsiveness. While some of that criticism may have been true and even warranted over the years, let's give credit where it's due: Windows XP SP2 turned out to be vastly better from a security standpoint than previous versions. In fact, Microsoft-based enterprises have improved their security so much that even Symantec reports that the attack vectors have shifted to employees' homes.

Full Article...

Tuesday, November 21, 2006

Small companies ignorant of security?

Small businesses must become more aware that they are the potential victims of cybercrime, former White House security adviser Howard Schmidt has urged.

Speaking at an IT security event at London's House of Lords on Monday, Schmidt said all businesses are at risk through a lack of proper configuration of security equipment, or through not taking proper security precautions.

Click here for the full story.

Monday, November 20, 2006

Laptop loss: How to avoid becoming the next Starbucks

When Starbucks earlier this month revealed it couldn't find four laptops containing data on thousands of employees, IT administrators everywhere once again were forced to ask themselves: What's our policy on protecting data on mobile devices?

Click here for the full story.

Friday, November 17, 2006

SQL Server Is Safest DB

That big spike in Web application vulnerabilities is bad news for your database. And apparently, some databases are more of a target than others.

Eric Ogren, security analyst for Enterprise Strategy Group, has compiled Common Vulnerabilities and Exposures (CVE) data from Oracle, Microsoft's SQL Server, and the open source MySQL database, and found some major differences. In fact, Oracle has 70 vulnerabilities, MySQL has 59, and SQL Server has just two. Sybase has seven, and IBM's DB2 has four, according to ESG's findings.

Click here for the full story.

Thursday, November 16, 2006

Human error, zero-day targeted attacks make up latest SANS Top 20

Few would dispute the powerful link between social engineering and the success of a cyberattack in today's financially-driven threat landscape. So now, for the first time, the SANS Institute has named human error to its twice-annual Top 20 Internet Security Attack Targets list, a line-up that, until now, was reserved solely for technology.

Wednesday, November 15, 2006

Security group ranks human error as top security worry

The SANS Institute has some controversial advice for computer security professionals looking to lock down their networks: spear-phish your employees.

That's what the U.S. Military Academy at West Point did in 2004 to a group of 512 cadets, selected at random for a test called the Carronade.

Click here for the full story.

Tuesday, November 14, 2006

Group Tags More 'Hacker Safe' Sites

Add Ace Hardware, American Red Cross, GNC, HP, Johnson & Johnson, Nike, Northrop Grumman, Petco, Ritz Camera, the Red Cross, Sony, Sports Authority, World Bank, Yahoo, and Yankee Candle to the list of Hacker Safe-labeled Websites identified by as containing cross-site scripting vulnerabilities (XSS). (See 'Hacker Safe:' Safe for Hackers.)

Click here for the full story.

Friday, November 10, 2006

Phishers Pick $2.8 Billion From Consumers' Pockets

Criminals running phishing scams are raking in more money than ever, with the average loss jumping fivefold in the last year and the percentage of money recovered plummeting, according to a survey published Thursday by research firm Gartner.

"Phishing e-mails are getting through, and when they do steal, phishers are getting five times the amount they did in 2005," said Gartner analyst Avivah Litan. "They're getting better, much better, at their schemes." Litan pegged the total loss to phishing in the 12 months ending Aug. 30 at a whopping $2.8 billion.

Click here for the full story.

Thursday, November 09, 2006

Review of Windows Vista final code shows security needs admin attention

Overall, we can't say that we don't like the Vista Ultimate code that was released to manufacturing by Microsoft on Wednesday and will subsequently be available for corporate volume customers by the end of the month. After all, from our testing we can confirm that it contains vastly improved graphics, offers very flexible installation options and gives administrators stronger control over the operating systems's security settings.

Click here for the full story.

Wednesday, November 08, 2006

Let's Party Together

I think it's great that groups have differences -- that's how we learn about our choices and which path we want to take. What really bothers me, though, is when everyone agrees on the general direction, and there's still so much confusion and disjointed activity that nothing gets done. And when it comes to computer security, that sort of confusion seems to happen a lot.

Click here for the full story.

Tuesday, November 07, 2006

How much can a LAN switch protect your network?

Call it NAC (Cisco's Network Admission Control) or, well, NAC (network access control), or even NAP (Microsoft's Network Access Protection). Any way you refer to it, these schemes for shutting out unwanted users at the LAN switch port level are among the most buzzed about network technologies.

Click here for the full story.

Monday, November 06, 2006

Anti-Spam's United Nations

A user in Cleveland sits and deletes multiple bogus emails from Nigeria. A U.K. law enforcement team wants to catch a spammer, but he's hiding in Russia. With so many cross-border spam attacks, are regional anti-spam efforts ever going to be enough?

Six anti-spam groups earlier this week conceded that they need some help, joining forces to hold the first meeting of the StopSpamAlliance during the United Nations Internet Governance Forum in Athens, Greece.

Click here for the full story.

Friday, November 03, 2006

Kicking some brass

Do you ever wonder what the heck is wrong with top management? Why don't they see risks associated with IT security breaches? Why don't they help you do something about it? The U.S. Department of Homeland Security has been asking some of the same questions.

Click here for the full story.

Thursday, November 02, 2006

An alternative view of information security

Thinking about data in terms of its "life" isn't a complicated idea, but it's a powerful one. Acknowledging that information lives, grows and dies can help a company focus its security and business continuity efforts in the right places.

Click here for the full story.

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.