WebProWorld IT Forum

Am I safe?
I have just been attacked by a hacker who has succesfully planted the w32.gael virus on my system. Here's how it happend. A few days ago, a friend came around to play some network games. I had recently upgraded my Zone Alarm Pro Security Suit and he was unable to see my system. Since I was not online, I shut down the firewall and off we went gaming.

hits stat question
Say another site is accessing an image that resides on YOUR site. This other site gets a visitor. Is this visit to the other site counted as a pageview on your stats. (since technically it was an unique visitor request - just not on your site. I hope this makes sense.

Best hardware for online business?
I run a one man on-line business and I want to know the options for upgrading my hardware. The essence of my query is this. I HATE to lose valuable precious time. The amount of time spent waiting for the computer to load applications, to boot up, to hang, etc is unecessarily lost time.



Recent Articles

System Downtime
Downtime can disrupt your business, customers, and damage your company's reputation.

Hackers Saw Plank, Microsoft Ship Drops
Within hours of the release of Microsoft's Windows Genuine Advantage (WGA), hackers decided to flip off Microsoft with a single, simple line of javascript that promptly turned off the WGA and turned on laughter in hacker circles ...

Network Forensics is Affordable for Most Businesses
Regulatory requirements such as Sarbanes Oxley or HIPPA along with cyber crime have heightened the interest in computer security.

Key Benefits of a Single Intranet or Public Website
A single website is more connected and credible. It is more consistent and cost effective. It is easier to manage and measure.

PassMark's SiteKey - Answering The Wrong Question
In my article "Spear-Phishing - New Angles On An Old Game" (http://www.cafeid.com/ art-spear.shtml), I wrote about a variation on "traditional" e-mail phishing that has proved to be more effective than random casting of stink-bait into a vast pool of random e-mail addresses.

IT Career Error! Click Here to Repair
Two years ago Jeff was a discontented software developer. His work left him frustrated and mentally drained each day.

Microsoft Getting FrontBridge Hookup: Secure Messaging
Microsoft announced yesterday they will acquire FrontBridge Technologies Inc., a company that provides managed services for corporate email security, compliance and availability requirements...

Remote Reboot Power Management Guide
Implementing a remote reboot power management solution is a required procedure for assembling a true lights-out data center or co-location facility.

Environmental Monitoring Reference Guide
Creating a safe and secure lights-out co-location or remote data center facility ensues by incorporating environmental monitoring devices to remotely detect and resolve unwarranted server room conditions.

08.15.05


Get Control Of Endpoint Security

By Steve Hanna

While you're on a business trip, you use the hotel or conference room wireless network to check news and request an upgrade. A hacker exploits a new and un-patched operating system vulnerability to install a rootkit (a virtually undetectable infection).

You do a web search and end up on a web site that is malicious or has been invisibly hacked. The site uses a browser vulnerability to install a keystroke logger, capturing all your activities including passwords.

A co-worker tells you about a great new stock ticker, weather alert, or other cool doodad. Download it and try it out. Why not? It's free! But it comes with a pack of spyware.

Something isn't working right. You ask Larry, the computer "expert" in the next office. He suggests that you turn off your firewall. That did it. Thanks, Larry! Of course, now you're totally exposed to attacks…

Multiply these scenarios by hundreds or thousands of users and you have an idea of the risks malware poses for corporate networks today.

Bringing Infections Back to the Office

Employees can access corporate networks and applications from any place at any time through a variety of devices and access methods. The network perimeter now includes endpoints at locations around the world, from branch offices to hotel rooms.


Hackers and attackers no longer need to penetrate a corporate network's tough perimeter defenses to spread infections. All they need is to find one poorly protected endpoint roaming outside the corporate firewall. Attackers can then use this machine as a software version of "Patient Zero" - an ignition point for the spread of viruses, worms, spyware, Trojan horses, and other infectious agents into a corporate network. Infected through insecure hotspots, Internet downloads, or other means, the user carries his infection back to his corporate network when he reconnects, typically through a secure, trusted connection. This infection then rapidly spreads to other vulnerable systems within the corporate network, causing a cascade of infections.

The security of a system on a corporate network is ultimately up to the user. Even the best user occasionally skips past corporate security procedures, fails to maintain his system, or otherwise breaks corporate security policies. These users may be their corporation's next "Typhoid Mary", unknowing carriers for unseen, incredibly destructive forces that, once they reconnect to their corporate network, could bring it and their corporation down.

Integrity Checks for Every Device

Traditional perimeter defenses provide strong access control security based on user and endpoint identification. However, they are unable to shield a corporate network from infections accidentally spread by authorized users with infected endpoints.

Endpoint integrity solutions provide critical additional protection. Before a system or device (an endpoint) can connect to the corporate network, it must pass an integrity check verifying that it complies with the company's security policies. This check occurs before the endpoint is allowed to access the corporate network or even receive an IP address.

Endpoint integrity solutions provide two benefits for networks:

1. They identify, quarantine, and heal "sick", non-secure endpoints

2. They improve the defenses of healthy, compliant endpoints by ensuring that endpoints connected to the network always have up-to-date and properly configured security software

Integrity checks should not be restricted to remote access or other "external" connections. Employees may bring their infected mobile devices into the network and connect them through any wall jack or access point. So all network access points should be protected.

How Endpoint Integrity Works

Endpoint integrity solutions work in a variety of ways but the basics are the same. When a user attempts to connect to a corporate network, the endpoint integrity solution checks the integrity of the user's endpoint. Some endpoint integrity solutions also monitor endpoints after network connection to detect any change in their security status. The endpoint integrity check typically involves checking the status of the endpoint's security software (anti-virus, anti-spyware, patch management, personal firewall, and other security products) against the company's pre-set security policies for those products. Some endpoint integrity checks are more extensive, verifying all the hardware on the endpoint to make sure it's valid. In any case, if the endpoint is found to be compliant with the corporate security policies the endpoint integrity solution allows the endpoint to access the company's production network.

However, if the endpoint integrity solution detects a deficiency in the security software on an endpoint, it can immediately quarantine the endpoint, restricting it to a secure "quarantine network" until this deficiency is cured. Some companies skip this quarantine step, simply warning non-compliant users. This avoids employee inconvenience but reduces the security benefits.

A simple corporate security policy might state that all endpoints must have their virus definitions updated at least once a week. If a particular endpoint's virus definitions haven't been updated in two weeks, then the endpoint could be quarantined.

Read the Rest of the Article.

About the Author:
Steve Hanna, senior engineer for leading network access security solutions provider Funk Software, helped develop the open endpoint integrity industry standard created by the Trusted Computing Group’s Trusted Network Connect (TNC) Subgroup. Mr. Hanna is active in many networking and security standards groups such as IETF and OASIS. He is the author of several IETF RFCs and published papers, and an inventor or co-inventor on 21 issued U.S. patents. Mr. Hanna holds an A.B. in Computer Science from Harvard University.

For more information on endpoint integrity, visit www.Funk.com, or visit www.TrustedComputingGroup.org

About ITManagementNews
ITmanagementNews answers questions for IT managers. Our experts offer real-world advise and cutting edge technology for the enterprise. ITmanagementNews is focused on Delivering IT Solutions

ITManagementNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com DevWebPro.com


-- ITManagementNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2005 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article
Delivering IT Solutions ITManagementNews News Archives About Us Feedback ITManagementNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact