Wednesday, January 31, 2007

Three fundamental guidelines for determining backup health

A high backup success rate doesn't mean a risk-free environment
In previous columns, I've emphasized the need for backup reporting and metrics to ensure that data is protected appropriately. However, even with the benefit of regular, successful backup reports, the fact remains that the devil is in the details. It is important to go beyond a raw statistic, like the percent success or failure, to properly analyze and interpret the actual meaning. To that end, here are three fundamental guidelines to apply when attempting to determine backup health.

Click here for the full story.

Tuesday, January 30, 2007

FBI Faces Fresh Cyber Threats

From dirty bombs and high-tech spies to teenagers planning DOS attacks with Sony PlayStations, the F.B.I. has its hands full with a growing number of cyber-threats, according to David Thomas, deputy assistant director of the agency's science and technology branch.

The official, a keynoter at a conference here today, warned that the Internet is more important to U.S. national security than ever before. "We know that terrorists would like to create a dirty bomb," he said, explaining that his agency has to keep this know-how within the U.S. "Spying is changing -- whereas before people had to travel to the U.S., now they don't have to."

Click here for the full story.

Monday, January 29, 2007

Cybertrust Enters EV SSL Fray

Cybertrust today launched its Extended Validation SSL certificate offering, joining VeriSign and other certificate authorities in supporting the new browser security standard. But some experts are still skeptical that the emerging specification will really hinder serious hackers.

Click here for the full story.

Tuesday, January 23, 2007

Company Cuts Privileges to Cut Malware

One way to minimize your exposure to malware is to reset your Windows client machines to run without system administrator rights, a.k.a. least-privilege user. But is a least-privilege user underprivileged? (See The Truth About User Privileges.)

"Ideally when they come in and use their machine, they shouldn't see any difference," says Keith Brown, network administrator at Gwinnett Health Systems, which has eliminated systems admin rights on over 2,700 of its Windows XP clients. Gwinnett is an Atlanta-area nonprofit healthcare system with over 4,000 employees and 750 physicians.

Click here for the full story.

Monday, January 22, 2007

New secure VPN tunneling protocol in the works at Microsoft

SSTP intended for remote accessMicrosoft is working on a remote access tunneling protocol for Vista and Longhorn Server that lets client devices securely access networks via a VPN from anywhere on the Internet without concern for typical port blocking issues.

The Secure Socket Tunneling Protocol (SSTP) creates a VPN tunnel that travels over Secure-HTTP, eliminating issues associated VPN connections based on the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) that can be blocked by some Web proxies, firewalls and Network Address Translation (NAT) routers that sit between clients and servers.

The protocol, however, is only for remote access and will not support site-to-site VPN tunnels.

Click here for the full story.

Friday, January 19, 2007

Five Unsolved Mysteries of Security

Ever wonder what happened to a once-hot security revelation that went from the radar screen to near-obscurity -- or to so much exposure that it became passé -- with no apparent resolution? What was really behind big blow-ups like the defunct Week of Oracle Database Bugs (That Never Was)?

Some security issues remain a mystery, even to the experts, either because they're too tough to fix right now (think cross-site scripting), or because we want to know what's really going on behind the scenes among the players involved.

Click here for the full story.

Thursday, January 18, 2007

Retail breach may have exposed card data in four countries

TJX discloses network intrusion, says full extent of info theft not yet known

The credit and debit card data of a large number of shoppers in the U.S., Puerto Rico and Canada, and possibly in the U.K and Ireland, may have been compromised as the result of a hacking incident at The TJX Companies Inc. last month.

According to a statement issued today by the Framingham, Mass.-based retailer, the network intrusion took place in mid-December and involved systems used to process credit, debit, check and merchandise-return transactions at its TJ Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S and Puerto Rico.

Click here for the full story.

Wednesday, January 17, 2007

Spam Hidden in Email Newsletters

Careful what you read -- spammers are now hijacking legitimate newsletters and electronic advertisements from big-name brands such as the NFL, Amazon, Wal-Mart, eBay, ESPN, US Airways, Kohls, Verizon, and 1-800-Flowers.
Click here for the full story.

Tuesday, January 16, 2007

Worldwide IT spending to hit $1.5 trillion by end of decade

Global IT spending is expected to reach $1.5 trillion by 2010, according to new research.
Worldwide IT spending will grow by six percent each year until 2010, according to a newly-published IDC report. Global spending last year totaled $1.2 trillion.

Click here for the full story.

Monday, January 15, 2007

Two universities disclose data breaches

Personal data on more than 331,000 people may have been exposed in one breach

The University of Idaho in Moscow yesterday began sending letters to more than 331,000 people warning them about the potential compromise of their personal data following the theft of three desktop computers in November.

Meanwhile, in a separate incident, officials at the University of Arizona in Tucson are investigating a computer break-in that disrupted several school services this week and continued to keep an online procurement system offline even today.

Click here for the full story.

Friday, January 12, 2007

Canadian IT starting salaries to rise 3.5 per cent

A recruiting firm's compensation guide shows demand in several positions. CIOs lament their hiring woes as desparate employers troll for "passive candidates".

Canadian IT professionals will see a starting salary boost of 3.5 per cent this year, with operations managers and data security analysts enjoying the highest raises in base compensation.

Click here for the full story.

10 Ways to Get Users to Follow Security Policy

It's official: Users are the weakest link in the IT security chain. You can have firewalls, encryption, and NAC up to your ears, but it still won't save you from the guy who gives all of his access information to the members of his fantasy football league.

What does it take to get end users to follow company security policy? How can you ensure they understand the rules and respect them?

There are no easy answers, but after interviewing security pros and our crack team of industry experts, we came up with 10 that are pretty good. Is your organization employing all of these enforcement techniques? Take a look and see if there's more you and your managers can do to make security happen in your organization.

Click here for the full story.

Thursday, January 11, 2007

PayPal hopes it's got the key to thwart phishing

$5 gadget delivers a new numeric password every 30 seconds
Over the next few months, Ebay Inc. will be offering its PayPal users a new tool in the fight against phishers: a $5 security key.

The PayPal Security Key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.

Click here for the full story.

Wednesday, January 10, 2007

Data Demolition

The IT manager for a multi-site law firm was stumped. As part of a companywide security crackdown, he'd been given orders to ensure any disk drives that were replaced in his data center got destroyed. Overwriting disks with software would not be sufficient. Baffled but eager to please, he asked two of his technicians to bring in hand-drills and sledgehammers. An afternoon's hard work outside the company loading docks, and the job was done.

Sound extreme? Think again. A growing number of IT pros are faced with replacing NAS gear, tape drives, or storage arrays without risking the loss of sensitive data. And depending on their company's position on the matter, they may be going to the shed -- the garden shed -- for the solution.

Click here for the full story.

Monday, January 08, 2007

2007: Trouble Ahead

One thing's for sure about the security threat landscape in 2007: It'll get a lot more personal.

Everybody has an opinion about what the key security threats will be for next year. But the common thread among the plethora of punditry is that security is getting more of a human face, whether you're the victim of an identity theft scam or corporate espionage, or whether you're the double-agent bad guy behind the attack on your own company.

Click here for the full story.

Friday, January 05, 2007

Four Sure-Fire Spam Reducers

Is holiday spam bloating the inbox? Even if you haven't seen quite as much holiday-themed spam as expected sneaking by your email server -- hey, even spammers need a holiday once in a while -- you're probably ready to trim the fat from your email traffic.

But that isn't always so simple. The most frustrating thing about spammers is they keep getting smarter in their quest to evade detection. And spam volume is exploding: Spam-watchers at Symantec say they've witnessed a 55 percent increase in spam over the last six months.

Click here for the full story.

Wednesday, January 03, 2007

The Six Dirtiest Tricks of 2006

Since the dawn of humanity, man has taken pride in his achievements of days past. The courageous defense of his cave from long-toothed predators. A fruitful hunt of the elusive wildebeest. The successful programming of his complicated BlackBerry.

In ancient times, these great achievements were told and re-told in tales, in song, in poetry. Today, journalists have evolved this retelling to a higher art form: the annual "year in review" story. This story is done and re-done each year by virtually every publication in existence, from Sports Illustrated to Hog Monthly.

As a new, innovative Web destination, we thought about not doing one of those stories. Break the mold and all that. But it's the end of the year. The drums are beating. The fire is burning high. The smell of roasted wildebeest hangs pungent in the air. The ceremonial conch shell is passed to us -- it's our turn to, uhh, blow.

So, what the hell. Who are we to argue with evolution?

The following is Dark Reading's look back at six of the most clever and devious IT security exploits of 2006, which we call "The Six Dirtiest Tricks of 2006."

Click here for the full story.

Tuesday, January 02, 2007

Banks Ready for Compliance Deadline

Dec. 31, 2006 will bring out an array of party hats, confetti, and noisemakers across the globe. But in the recesses of data centers in many banks and financial institutions, that date may give IT workers another reason to pop the champagne cork.

New Year's Eve is the final deadline for financial organizations to meet multifactor authentication requirements outlined by the Federal Financial Institutions Examinations Council (FFIEC), which helps to govern security requirements for banks and other organizations that handle consumer funds. The FFIEC guidelines, which were issued in October of last year, require financial institutions to deploy a second form of user authentication by Dec. 31 or face fines of $10,000 and up.

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.