Beware of a disease called FORWARDITIS

As an organization that is into managing Information Security and Network Security, it is our duty to warn every Email user about the hazards involved in forwarding mails without “cleaning” them up.

Typically people who have the urge to share mails tend to hit the “forward” button without cleaning up the mails.

What we mean is, the email ids of all of the recipients and the mail ids within the mail itself get forwarded to the recipients.

The problem lying herein is that the scamsters capture all these Mail ids and sell it on the internet to other scamsters, Viagra dealers, marketers etc.

When a mail is sent with lots of mail IDs in the CC list, Internet Service Providers’ and the Mail Servers of organizations automatically send these mails to junk folders. And subsequently they have the option to Blacklist the sender.

Also it is very annoying for the receiver to keep scrolling down to reach the actual content.

If you need to send a mail to multiple recipients, then insert their Mail Ids in the BCC column. And remove all the mail Ids from the content, CC field.

Also when a mail arrives,typically you should get suspicious when:

· A mail/greeting comes with an attachment from an unknown sender.

· A mail which says you should forward it to as many people as you can in order to help a cause.

· A mail that asks for help ( Like the one about a long suffering girl who will get funds if you forward mails etc.)

· A mail that says URGENT, IMPORTANT.

· A mail that claims Authenticity by referring to agencies like CNN, BBC, NASA, FBI etc. without furnishing reference links.

If all this is confusing and if you want to find out if a message is true or not, just copy the subject line and Google it or better still, visit dedicated sites like www.snopes.com that maintain an updated database of such scams.

Alternatively, if you would like more technical help, get in touch with us.

Please do communicate and spread this message to your friends so that they too don’t fall prey to the disease called “Forwarditis”.

"The Unified Move"- Embracing a unified approach with UTM

Below is an excerpt from the article " The Unified Move - The security market is increasingly embracing an integrated approach with UTM" by Shanteri Mallaya appearing in the Security Feature section of ChannelWorld.

Enterprises in India are showing willingness to leverage technology at their disposal to protect their most vital corporate assets from external and internal trouble. As a result, IT security has become and will continue to remain de facto. The challenge lies in using the right security component in warding off threats, filtering content, and keeping organizations safe. As companies are in pursuit of the panacea to their security requirements, there is a tilt towards looking at a holistic, cost-effective, durable solution instead of a makeshift approach.

Agrees Venkata Ramana Murthy, prime Mover at 22by7, "the individual, niche component of UtM functionality — say a component filtering mechanism may not necessarily be superior in performance to that of a niche vendor." Nevertheless, the channels are fairly receptive to the UtM idea. This is an emerging technology that throws up new business opportunities for them at a time when conventional technologies are not getting them sufficient margins or giving cross-selling opportunities anymore.

Mr. Murthy of 22by7 adds, "UtM is a successful single point alternative that i can pro-pose to customers."

Venkata Ramana Murthy of 22by7 concludes, “Globally, there is a trend towards the virtual machine, so all security standards have to evolve towards this. Businesses providing security solutions have to look at this seriously and evolve best of breed solutions."

For the full article, please read the issue of ChannelWorld dated Feb 15 2009.

Worried About Handling those numerous network devices...Wish that you had a single window to control them... Hitch on to NAC

What is Network Access Control?
Network Access Control is a set of protocols used to define how to secure the network nodes prior to the nodes accessing the network.
It is also an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.
Network Access Control (NAC) aims to do exactly what the name implies: control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

Benefits of Network Access Control

Some of the key benefits are:
• Automatic remediation process i.e fixing non-compliant nodes before allowing access.
• Allowing the seamless integration of network infrastructure such as routers, switches, back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.
• Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of network worms.
• Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
• Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.

To know more on “The options available”, please contact Ms. Leela on (+91) 97314-00693.
Alternatively you could drop in a word at: leela@22by7.in , sigma@22by7.in and we would be glad to touch base with you.

Storm Warning!!

This summary is not available. Please click here to view the post.

Hackers get Shot in China

If you thought Bush's Patriot Act was bad news, count your lucky stars that you're not a hacker in the People's Republic of China.

The PRC has an interesting history regarding hackers. If they catch them they shoot them. In the late 1990s some employee at the Bank of China hacked into accounts and embezzled a large chunk of change. The hacker apparently experienced remorse and turned himself in. Bad call. He was summarily tried, found guilty, and shot. Then the hacker's family was sent a bill for the bullets expended.

Source: LiquidMatrix

Beware The Rise of e-Crime

The UK's Serious Organised Crime Agency [1] (Soca) has issued a warning about the increasing number of international online gangs stealing and trading personal details of web users.

A report issued by the agency says that groups of criminals - often comprising of an average of 30 specialists focused on areas ranging from phishing to data trading - are part of a market evolution geared at trading and exploiting data.

Information is often stolen through techniques such as phishing and key logging using malware sent via email. The stolen data is then used by the thieves for fraudulent purposes or sold to other cyber criminals over the web.

"As web-based technologies become increasingly diverse, e-criminals will use these services to access and exploit victims and conceal their activities," says the Soca report.

"Each group will typically have an inner circle of more technically advanced and/or experienced members who control access to the attack tools and are responsible for dividing up the work."

The tactics used by the criminals are constantly updated to keep ahead of protection offered by software vendors, according to Soca.

Last month, Soca completed the first phase of a five-year IT overhaul [2] to help in the battle against organised crime.

But the agency has admitted that it faced challenges in training staff to a level where the improvement will have a material effect on tackling criminals.

Soca's annual reports said the "challenges involved in increasing knowledge to a level that would facilitate a transformation of the impact on organised crime still remained significant."

So far the programme has given overseas staff secure access to IT systems, improved the internal management of information and upgraded software to improve the collection of Suspicious Activity Reports a mechanism allowing the public to electronically report financial crime.

- Angelica Mari

Source:Computing

Protect your identity online

The best ways to protect your identity online
Rosemary Haworth


June 09, 2008 (PC Advisor) With identity theft on the rise and personal information at a premium, it's never been more important to be cautious about what you reveal online.

Social networking sites such as Facebook have largely usurped chatrooms and forums -- at least in the grown-up world -- as fun places to hang around online and engage in harmless distractions. Unfortunately, they've also replaced chatrooms in the tabloid consciousness as the place where pedophiles go to pick up victims.

But while we conscientiously monitor our kids' Internet use and apply restrictions to the sites they can visit and the times they're allowed to go online, we may be putting ourselves in other sorts of danger.
Practice what you preach

Having taught your kids to chat only to people they know and to limit the amount of personal information they give out, consider whether you practice what you preach.

Announcing to the world (via your Facebook profile) that you're bungee-jumping at Victoria Falls tells us you're still game for a laugh. If your profile also states your birth date, hometown, address and phone number, along with a reference to your current and past employers, you've left yourself wide open to someone becoming the new you.

In the past, a tell-tale answering machine message stating that you're on vacation would have been brilliant news for an opportunist thief. The equivalent these days is the careless status update or unprotected online profile that enables a cybercrook to see your personal details.
Limit your exposure

Privacy options at such sites aren't always enabled by default, although Facebook has taken steps to make users' current security settings far more transparent. Even so, you should check who can see what. The Privacy option at the top right of Facebook's home page lets you dictate who can see details about you and who can search for you.

In February, Facebook made a deal to make postings and profiles searchable via search engines. Fraudsters don't even have to be Facebook members to track you down and find out information about you.

Although there was plenty of outcry, the fact remains that Facebook's sign-up terms allow it to do this. Your profile may be all about you and acts as your online identity, but Facebook owns it. The point here is to ensure you read the terms and conditions before signing up.

Allowing friends to see your e-mail address, photo, status and musical tastes is fine, but we suggest you disable the search part. Also, if you allow friends of friends and "anyone in my networks" to see every online move you make, you've opened yourself up to an audience of thousands, if not millions. Anyone in your network could use what they can glean from your profile against you.

Be wary of seemingly "mutual" friends attempting to add you to their friends list. They may simply want to outdo their friends in how many online friends they have. Or they may want to be your friend to acquire further personal details via your profile.

Although this may sound far-fetched, there are plenty of reported instances of publicly and semipublicly posted personal information being exploited in this way.
Knowing me, knowing you

Similarly, assuming someone is trustworthy because they appear to know one of your friends can be a mistake. Last year, three teenage girls ended up being "groomed" and then stalked in person by a middle-aged man they met on the Bebo message boards. Each had trusted him because of his apparent online friendship with the others.

As one of the girls said after his arrest, the fact that he continued to be friendly to one of her friends led her to overlook his odd behavior -- including his comments on their shopping trips and other events that they had discussed together online.

The cyberstalker was eventually caught when he showed up at the Tate Modern gallery in London. He'd learned the girls were going there for a school trip and was recognized while covertly photographing one of the girls he'd met online. They were able to alert security and the police before he escaped.

Although this was a particularly nasty and dramatic case, it demonstrates another point. Reputation and the trust implicit in the apparent approval of someone by your peers is a powerful element of both our face-to-face and online interpersonal relations. It's also something that business networks such as LinkedIn and Plaxo trade on.

At LinkedIn, reputation ranking and feedback have now overtaken in importance the original goal of such sites: to build a circle of business associates and stay in touch with them as they flit from employer to employer. Be sure you keep tabs on who's saying what about you.

And reputation is all-important when convincing someone to buy goods from you online. Our own PC Advisor forums show that it's now de rigueur to find out what customers think of a company before buying from it online -- and it's even more important for small retailers.

Visit Broadband Advisor for the latest news and reviews about the Internet and Internet tools.
Romantic interludes

Let's return to our original warning about giving away your personal information freely, and the Internet acquaintances who have more than friendship in mind. This is something adults need to worry about just as much as kids and teenagers.

Internet dating is notorious as a means of disguising your true age, occupation, weight, gender and intentions -- that's why it's so popular. If you want to use the Web to meet people, then do so safely. Use a legitimate agency that's regulated and recognized, research what others who have used the service have to say about it and find out how the agency checks people before taking them on.

Expect some in-depth personal questions and to be asked for proof that you are who you say you are. A passport, driver's license, proof of address, and birth and divorce certificates were routinely asked for at the bricks-and-mortar dating agency where we used to help out.

Online agencies of good repute should insist on similar assurances. If they don't check you out thoroughly, what's to say they're checking up on your next date?

Acting on impulse and simply taking information supplied by potential dates at face value is more than foolish. It's dangerous in every sense.

Source: Computer World

22by7 shares its expertise in Benefit IT magazine

Sr. Architect Mr. Bharath shares his expertise in Benefit IT Mabazine article


You’ve Got Mail
So Archive It!

Managing e-mails is every organisation’s nightmare.
However, there’s no way around it given the need for
seamless communication, regulatory compliance and
legal purposes. With archiving solutions in place, you
can rest in peace regarding the efficiency of your server
and flow of e-mails. Go ahead and get one for that
smooth, hassle-free flow of communication.

Key BenefITs
No e-mail overload clogging server
No duplication of e-mails in archive
Ensures compliance with laws
Easy and quick retrieval of e-mails

You’ve got mail!

And a flood of it. Imagine your
inbox inundated with hundreds of messages
that you need to spend hours clearing each
morning? Or, what if a critical mail is lost
perhaps in the maze of your global network
or swallowed by your server? Unthinkable,
because the loss of a single e-mail may spell
the loss of a precious business contact,
contract, appointment, or may be a monetary
setback to your company.E-mail, an otherwise
efficient communication tool for companies or
college students, can be a nuisance, if not taken
care of expertly. In today’s global village, e-mail is
the most critical business communication tool in
over 93 per cent of the organisations in the world
today. Business firms receive a few hundred critical mails
everyday. Each mail is precious, for the communication it brings in
and the part it plays in the global business network.
A company’s progress is linked to it, and hence it needs to be preserved.
In the current business environment, organisations are under constant
pressure from the government, legal and regulatory bodies to store more
data and for longer periods ranging from five to
seven years. A lost mail may open the Pandora’s box of troubles from
loosing credibility in the eyes of potential customers to legal hassles
from suing clients. Enterprises, no doubt,understood this long back and to
maintain e-mail servers’ efficiency,the following steps were taken by
most systems managers:
• Adding more primary storage
capacity.
• Limiting the end user
mailbox size.
• Deleting messages from
message servers at regular
intervals, and
• Relying on back-up tapes for
long-term retention.

But these methods bypass the necessity to store e-mails for
regulatory compliance and legal requirements.
The client suing you for unfinished work as per the
contractual agreement, may very well get away with it and
many of your hard earned crores while making a huge dent in your
credibility unless, of course, you fish out the two-year old mail
regarding the transaction which was completed two years ago.
Herein e-mail archiving plays a crucial role allowing you to search
and reuse an old mail at your convenience.
Searching and retrieving the data when needed is the tricky bit.
Storing, archiving, and searching an old mail are the few challenges
we must tackle to safeguard against any potential business losses.
Where’s the space?

Today, most of the company information and record systems
are digital on at least one computer system (and probably multiple
systems, including online and offline storage). E-mails with all
kind of attachments (ppt, doc, jpeg, mpeg, mp3, etc) are taking up
almost 40 per cent of the storage capacity in organisations today.
What's more, even the e-mail attachments end up getting
stored in multiple places such as the inbox, sent folder and different
folders in a single computer, thus occupying more precious space.

A PR firm sends a 2 MB presentation to 100 companies. This
right away creates a 200 MB storage requirement for 200 recipients of
the press release. Many of those receiving the mail may open and
save the attachment or just let it lie in their inbox The organisations
whose employees do not open the mail add to the ‘unread’ bulk;
while those who ‘read’ but do not bother to delete the mail add to the
‘read’ bulk. Research has shown that after 30 days, 80 per cent of the
people do not access their e-mails but they do not delete it either. It is
just being kept for future reference while eating into a lot of expensive
storage space.

This makes e-mail storage a challenging job that is expensive to
manage and difficult to back-up, additionally with personal archives,
risk exposure, and inconsistent retention, message retrieval is like
searching for a needle in a haystack.

The key challenges according to Atul Gupta, product manager,
Select Technologies are:
• Reducing the primary storage
requirement for the messaging
storage environment by 60 to
80 per cent
• Improving performance of the
message servers
• Automating retention and
disposition policies
• Searching and retrieving
messages in seconds instead of
days, weeks or months
• Confidently producing all emails
for legal discovery.
There’s a solution though!

The most popular solutions in India are EMC’s E-mail Xtender
and Symantec’s Enterprise Vault,informs Atul.
EMC EmailXtender is a centralised data storage and
retrieval system. It automatically moves data off the e-mail
message server into the storage system, capturing and indexing all
incoming and outgoing e-mails. EMC EmailXtender
archive edition helps to reduce storage costs and increase
message server performance in Microsoft Exchange and Lotus
Notes/Domino environments by automatically migrating e-mail
messages and attachments into a centralised message archive. It
also removes duplicate messages while compressing them for a
compact message archive. “Good e-mail archiving solutions do
something called de-duplication of messages, so any message archived
will not be archived again,” adds
Bharath Kumar, senior architect,
22by7 Solutions Pvt Ltd.
This can also be combined with networked storage and help
organisations achieve increased operational efficiencies for dayto-
day e-mail management. For fixed content archiving, corporate
governance and regulated storage environments, EMC Centera,
a content addressed storage (CAS) system, provides unique
self-healing and authentication features.
Storing, archiving, and searching an old mail are the few challenges we
must tackle to safeguard against any
potential business losses.

ManageIT
productivity.

Since this is a a one time cost on software products and
disk storage solutions where the mails will be archived,
taking the compliance and SLAs (service level agreements) into
consideration, the ROI (Return on Investment) can be achieved
in a year, adds Kumar. However, Atul adds that the cost depends
on the archival policy and compliance and there are two
major components—archival software and hardware. Software
has unique features that lower the TCO (total cost of ownership)
and gives quick ROI. E-mails need to be archived as
a record of business transactions.At the same time there must be
ease of use for people to work with efficiency.

The art of archiving

An e-mail server’s performance can deteriorate
exponentially when storing vast amounts of old e-mail and as a
result, users have to suffer e-mail quotas. Archiving helps to keep
the messaging server sizes small, while improving performance
and reducing back-up time. With archiving, an organisation can
establish a pro-active e-mail management system. Moreover, a
single, centrally managed e-mail archive would help
improve operational efficiency and storage management in
your company as also reduce time, cost, and the risk of legal
hassles. It will also provide a seamless end-user experience
while enabling compliance with regulatory and corporate
governance requirements.

Digging deep

When we archive so many mails every day, we end up
storing millions of mails. So how do you hunt for one specific mail
in this mass? According to Kumar there are two ways to search for
mail from archives: Web search (By using a URL to connect to
the e-mail archival server) and second by using client software
which will get integrated with a mail client like Outlook, Notes,
etc. Thus, it can be retrieved through a simple search.
“Since every archived mail has an icon and this reflects as any
other mail in the mailbox minus the size of the mail. Once the
user clicks on the icon, the e-mail gets retrieved with a minimal lag
time,” says PK Gupta, director— APJ (Back-up, Recovery and
Archive solutions), EMC Global Services.

The legal angle

The compliance regulation ideally ranges between five
to seven years. So for legal purposes a company needs to
preserve its mails. Again, each company has its own policies
and systems of meeting its regulatory obligations. “The
time span for which we need to store an e-mail varies to a huge
extent from one organisation to the other. Different companies
have different strategies and policies. For example, one of the
customers keeps all the e-mails for 30 days on primary storage
after that it moves it to ATAbased cheaper disks for one year
but leaves shortcuts so that users can retrieve their e-mails quickly,
and at the same time save a lot of space by de-duplication.
After a year, it moves to content addressed storage (CAS) for five
years to meet the compliance requirements and then gets
deleted after five years,” adds Gupta.

Cost is a constraint

Companies need to invest on storage products so that the
servers’ efficiency is maintained, which indirectly impacts the
efficiency of employees. This improves user satisfaction and
Archiving for accessibility
• Increases the processing power of
the mail server
• Gives control on mails within the
organisation.
• Enhances e-mail retention efficiency
• Assists compliance with e-mail
retention requirements and
regulations to preserve corporate
records
• Deploys complete e-mail
management with assured
authenticity and easy accessibility to
the archived messages
• Increases end-user productivity by
reducing time spent managing e-mail
folders
• Accelerates Microsoft Exchange
and Lotus Notes software upgrades
and migrations by archiving e-mail in
advance
• Reduces storage costs and improves
message server performance
• Lowers the costs and risks of legal
hassles

-by Jesus Milton Rousseau S.
BenefIT Bureau

“Good e-mail archiving solutions do
something called de-duplication of
messages, so any message archived
will not be archived again.”
Bharath Kumar, senior architect, 22by7 Solutions Pvt Ltd.

Wireless Security

WHO = World Hackers Organization?

Hackers jack thousands of sites, including U.N. domains

by Gregg Keizer


April 23, 2008 (Computerworld) Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked and are serving up malware, a security researcher said today as massive JavaScript attacks last detected in March resume.

"They're using the same techniques as last month, of an SQL injection of some sort," said Dan Hubbard, vice president of security research at Websense Inc., referring to large-scale attacks that have plagued the Internet since January.

Among the sites hacked were several affiliated with either the U.N. or U.K. government agencies, said Websense.

The exact number of sites that have been compromised is unknown, said Hubbard. He estimated that it's similar to the March attacks, which at their height infected more than 100,000 URLs, including prominent domains such as MSNBC.com.

"The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack," Websense said in an alert posted yesterday to its Web site. "We have no doubt that the two attacks are related."

Although the malware-hosting domain has changed, it's located at a Chinese IP address, just like the one used in March, Hubbard said. "It also looks like they're using just the one [hosting] site, but changing the link within the JavaScript," he added, talking about an obfuscation tactic that the attackers have used before.

When a visitor reaches one of the hacked sites, the malicious JavaScript loads a file from the malware-hosting server, then redirects the browser to a different page, also hosted on the Chinese server.

"Once loaded, the file attempts eight different exploits," noted the Websense warning, including one that hits a vulnerability in Internet Explorer's handling of Vector Markup Language (VML) that was patched in January 2007.

Another security researcher, Giorgio Maone, who also develops the NoScript Firefox add-on, said late Wednesday that although the U.K.-based sites appeared to have been cleansed of the malicious JavaScript, the U.N. sites had not.

Maone also said "I told you so" in his blog post yesterday. In an August 2007 entry, he had said that rather than fixing the underlying security problems on the U.N. site, the agency had simply deployed a "pretty useless" firewall that masked the most obvious attack surface.

However, even the disinfected sites could fall victim again, Maone maintained. "The sad truth, though, is that even those 'clean' sites are still vulnerable, hence they could be reinfected at any time," he said.

"Web site owners have to start securing their code," Hubbard noted.

Source: Computer World

Did Chinese hack MEA server for Tibet policy?

 

 

THE CHINESE hacked the servers of the Ministry of External Affairs (MEA) on Friday (April 11). Highly placed sources in the ministry state that sources of hacking were clearly linked to China.

 

Were the hackers trying to sniff into the Tibet policy related data in the MEA servers? Without disturbing anything they quietly came and left. What were the hackers looking for?  

 

The Chinese hackers cracked the security code of a computer network in Beijing. The saving grace, according to MEA sources, was that the hacker(s) could not get any classified information. Thus, no valuable data were stolen.

 

Initially, the government was not forthright with mentioning the name of China into the Friday hacking. There were oblique hints. India's soft attitude towards China should be shed and the government should call spade a spade.

 

Sample a GoI communiqué that states it's not only China that is trying to hack into the MEA server from around the world. In fact, hackers from all over the world, including those in UK and the US constantly try to break in and filch sensitive information. 

 

It was further stated that each official has in MEA has a backup computer. All sensitive material is in the offline computer.

 

 by   Aniruddha Roy   11 April 2008, Friday

 

Source: http://www.merinews.com/catFull.jsp?articleID=132322

 

 

Hack Whack!

| View | Upload your own

Is your site safe?

| View | Upload your own

Know what's happening in your wireless network?

Network Scanning: Find Out What’s Really on Your Wireless Network
By John Edwards

If you've never used a wireless network scanner, you may be surprised by what it can tell you about your network and the data that lies within its reach.
A growing number of businesses are deploying 802.11 wireless networks for both internal use and public access. Regardless of the network's purpose and configuration, a wireless network scanner is necessary for assuring its continued operation and security. Popular open-source wifi network scanners include NetStumbler and Kismet. These products, and most other network scanners, can help you learn the following things about your wireless network.

Overall Vulnerability: Network scanners are often used in conjunction with a laptop or other portable computer to sniff out wireless networks from a moving vehicle — a practice known as wardriving. Performing the same activity while strolling down a street or through a business site is called warwalking. There's also warbiking, warskating and probably war-go-karting happening as well. In any event, while you yourself may never use a network scanner for wardriving or similar activities, you can be certain that other people are doing so in order to test your network's availability, size and configuration, as well as its potential vulnerability.

NetStumbler and some other network scanners work actively, sending messages that are designed to probe any encountered access point for information, such as its SSID (service set identifier), MAC (machine access code) numbers and the name of the network it's connected to. If your network is secure, you have nothing to worry about. If, on the other hand, you suspect that your network may be vulnerable to intruders through the lack of security measures, you may want to perform your own wardrive in order to check for potential soft spots (such as improperly configured access points that allow unrestricted network access or those that spew too much identification information). Vendors such as AirMagnet Inc. and Aruba Networks Inc. offer technologies that are designed to lock down wireless networks.

The Presence of Rogue Access Points: This is perhaps the most useful network-scanner application. A rouge access point is an access point that exists without permission of the wireless network's administrator. Rogue access points are often installed by employees to create stealth wireless networks that circumvent security measures installed on the company wireless network. A network scanner lets you sniff out, pinpoint and eradicate unauthorized access points.

Criminals can also install a rogue access point within the range of a company wireless network to hijack the connections of legitimate users. The crooks can then use the connections to eavesdrop on transmitted information and potentially even gain entry to the company's main internal network.

Hardware Problems: A network scanner is indispensable for checking the state of wireless network hardware, particularly access points. By measuring signal strength, the scanner can help you quickly identify access points that are inoperative or performing poorly.

The Location of Weak and Dead Spots: Network coverage can be impaired by walls, trees and a variety of other man-made and natural objects. A network scanner can help you locate poor coverage areas, which can then be bolstered with additional access points.

The Sources of Wireless Interference: Wireless networks are subject to interference from neighboring 802.11 installations, as well as from a variety of consumer and business technologies, including cordless phones, motors and various types of industrial equipment. By showing signal strength as you move about, a network scanner can help you track down interference sources that generate signals on the same frequency as the wireless network.

Improperly Aimed Directional Antennas Used for Long-Haul Connections: Many companies use point-to-point wireless connections to link together 802.11 hotspots across a business campus or other geographical site. Aiming directional antennas requires precise adjustments to ensure continuous connectivity and maximum performance. By measuring signal strength, a network scanner makes antenna aiming a faster, more exact and less troublesome task.

Source: ITSecurity

Indian Govt plans to tackle Hackers

Hackers attempts @gov.org

Date:   Tuesday, March 11, 2008 

New Delhi: Nowadays, government departments are facing big threats from some hitherto unfamiliar elements. Remote injection, authorization bypass and Cult of the Dead Cow are those that make up a wider nightmare of departments of Railways, TRAI, Customs, among others, reported The Economic Times.

Website hacking has attained critical momentum in India. The last few months have seen hackers attacking the website of TRAI, Indian Railways, Department of Telecom, Air Cargo Customs, National Institute of Social Defence, Forward Markets Commission, National Institute of Health and Family Welfare and BSNL, among others.

The hackers even disfigured the website of department of information technology, the nodal agency that is supposed to solve the very issue of hacking. Hackers have also tampered with the website of the wireless planning and coordination wing of the Department of Telecom, the body which handles the sensitive issue of spectrum allocation.

To stop the menace, the DIT says it is in the process of hosting all the servers of the key ministries in the country itself.

"We have entrusted the National Informatics Centre (NIC) with this task and the servers of most of the ministries have been moved to the government body," a DIT official said. The Indian Computer Emergency Response Team (CERT-IN), a DIT body, is in the process of implementing a high-end attack detection solution to make the systems, especially government-owned ones, safer. CERT-IN is also installing a network flow-based threat assessment solution to check the vulnerability of a particular website.

Despite all these efforts, the number of security-related incidents (of hackers crashing Indian websites) has been growing steadily. In January, 87 security incidents were reported as compared to 45 in December 2007. Out of all the incidents, 47 percent were related to phishing, 21 percent unauthorized scanning, 25 percent incidents related to virus under the malicious code category and seven percent incidents were related to technical help under other categories, government data reveal.

In January, only 30 incidents of defacement were reported compared to 509 in December and 305 in November. According to industry sources, the government sector now accounted for 30 percent of all defaced Indian websites in 2007, when compared to about 27 percent in 2006.

 

Source:

 

http://www.siliconindia.com/shownews/40258

 

 

      

Best Practices for Preventing Security Risks

1. Configure systems, from the first day, with the most secure configuration that your business functionality will allow, and use automation to keep users from installing/uninstalling software
2. Use automation to make sure systems maintain their secure configuration, remain fully patched with the latest version of the software (including keeping anti-virus software up to date)
3. Use proxies on your border network, configuring all client services (HTTP, HTTPS, FTP, DNS, etc.) so that they have to pass through the proxies to get to the Internet
4. Protect sensitive data through encryption, data classification mapped against access control, and through automated data leakage protection
5. Use automated inoculation for awareness and provide penalties for those who do not follow acceptable use policy.
6. Perform proper DMZ segmentation with firewalls
7. Remove the security flaws in web applications by testing programmers security knowledge and testing the software for flaw

Source: http://www.sans.org/top20/#prevent

How to choose a firewall

There are several different types of firewalls on the market today. Choosing one for your organization can be a daunting task – especially in an industry filled with buzzwords and proprietary trademarks. Let's take a look at the basics of firewall technology and five questions you should ask when choosing a firewall for your organization. Why are you implementing a firewall? Sure, this sounds like a simple question. You're probably thinking to yourself, "Because we need one!" But it's important that you take the time to define the technical objectives that you have for firewall implementation. These objectives will drive the selection process. You don't want to choose an expensive, feature-rich firewall that's complicated to administer when your technical requirements could be met by a simpler product. How will the firewall fit into your network topology? Will this firewall sit at the perimeter of your corporate network and be directly connected to the Internet, or will it serve to segment a sensitive LAN from the remainder of the organization? How much traffic will it process? How many interfaces will it need to segment your traffic? Performance requirements such as these contribute a significant amount to the total cost of new firewall implementations, making it easy to under- or over-purchase. What type of traffic inspection do you need to perform? This is where the buzzwords start to come into play. Every vendor out there has a different trademark for their traffic-inspection technology, but there are essentially three different options (listed in order of increasing complexity and cost): Packet-filtering firewalls use simple rules to evaluate each packet they encounter on its own merits. They maintain no history from packet to packet, and they perform basic packet header inspection. The simplicity of this inspection makes them speed demons. They're the most inexpensive option, but they are also the least flexible and vulnerable. There's a good chance you already own equipment capable of performing packet filtering – your routers! Stateful-inspection firewalls go a step further. They track the three-way TCP handshake to ensure that packets claiming to belong to an established session (i.e., the SYN flag is not set) correspond to previous activity seen by the firewall. Requests to open the initial connection are subject to the stateful-inspection firewall rulebase. Application-proxy firewalls contain the highest level of intelligence. In addition to stateful inspection, they broker the connection between client and server. The client connects to the firewall, which analyzes the request (including application-layer inspection of packet contents). If the firewall rules indicate that the communication should be allowed, the firewall then establishes a connection with the server and continues to act as an intermediary in the communication. When combined with Network Address Translation, both hosts may not even be aware that the other exists – they both believe they are communicating directly with the firewall. Is your organization better suited for an appliance or a software solution? Appliances are typically much easier to install. You normally just plug in the appropriate Ethernet cables, perform basic network configuration and you're ready to configure your firewall rules. Software firewalls, on the other hand, can be tricky to install and require tweaking. They also lack the security that's often built into the hardened operating systems of firewall appliances. What's the tradeoff? You guessed it! Appliances are more expensive. What operating system is best suited for your requirements? Even appliances run an OS and, chances are, you'll need to work with it at some point in your firewall administration career. If you're a Linux jockey, you probably don't want to choose a Windows-based firewall. On the other hand, if you don't know ⁄dev⁄null from ⁄var⁄log, you probably want to steer clear of Unix-based solutions. While I can't recommend a specific type of firewall to you without knowing your needs, the process of answering these questions can help you solidify your thoughts and put you in the right direction. With these answers in hand, you should be able to intelligently evaluate the cost/benefit tradeoff for the various products available on the market today. - Mike Chapple Source: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1113533,00.html

Managing Corporate Infosec Risk

| View | Upload your own