|The Agile Security Plan: Social Engineering
By admin | January 30, 2009
In an ever-changing financial landscape, corporate agility in multiple areas is the key to longevity. Computer and network health and security is one area where you don't want your company to get stiff and old - protecting data and other network resources is critical. Keeping the company security-fit means a proactive security plan that embraces both technology and management practices designed to thwart any would-be interlopers, as well as continuing review and assessment of that technology and those practices.
There are many ways to attempt to gain access to a corporate computer network; unsecured wi-fi and Internet based attacks like port scanning, for example. However, among the most insidious is a technique known as "social engineering." This is where an attacker uses social methods, not technological, to gain access to your computer network by gaining a user's trust and exploiting that trust, often gaining a valid user name and password in the process. Now that's a security hole no administrator wants on their network! What's really needed to stay on point with regards to overall security is a third-party audit by someone who has no interest in anything other than your security status.
Redspin is one company that can help you define and mitigate the possible weaknesses in your corporate security. Not only are they well versed with the technology at their disposal to test your digital defenses, they will test your company in other ways as well - just like the bad guys. We regularly read their Security Management Advisories as part of our own ongoing process of integrating new threats and protections into our own Internet Security Manager, and we've worked with them in the past to help evaluate and improve our own security practices.
Redspin currently has an excellent SMA on the basics of social engineering posted on their site. Check it out at the link below to get a better insight into what social engineering might mean to your business and what Redspin can help you do about it.
Redspin - Penetration Testing and Security Assessment
Redspin article on Social Engineering
ISM Now Protects Against Conficker/DownandUp Worm
By admin | January 19, 2009
For the past several day, the Conficker/DownandUp worm has spread to over 9 million Windows PCs. This worm spreads by exploiting weak passwords, open file shares, USB drives, and other means of infecting a network "from the inside out".
The Internet Security Manager Team updated the ISM on Friday to prevent connections from PCs infected with the Conficker/DownandUp worm to the servers that are hosting and controlling the virus. This action will greatly limit the chances of the virus being completely installed on a PC, and will prevent the spread of the worm.
We also recommend that you immediately install Microsoft Patch MS08-067 on all of the Windows PCs in your network to close the security hole that allows this worm to spread.
The try this
wide variety of single-player and multiplayer modes allows you to race anyone, anytime, anywhere
Rogue DHCP Server Detection Enhancement
By admin | January 15, 2009
If you've run a network for any length of time, you've probably run into this once or twice: someone plugs in a WAP so that they can roam with their laptop, and all of a sudden people start complaining about not being able to connect to network resources. Sometimes, you don't even get the information about a new WAP being plugged in. If it's happened to you, you are probably already thinking, "rogue DHCP server."
The ISM has just been enhanced to detect any internal network segment that has one or more DHCP servers making offers. A new line item has been added to the bottom of the Network section of the firewall overview on the web interface called "DHCP Servers." This line will display all DHCP servers detected by the ISM, and which segment they appear on. If more than one is detected on a single segment, something that is always undesirable, the line will be highlighted in red. Additionally, it raises an alert and you will recieve a call from the security desk.
This enhancement has been added to every ISM at no additional cost. Just another way we try to help you manage your network!
But the move is now raising questions about whether write my paper for me
the district will be out of compliance with a federal court order to bring racial balance to its schools