 |
Track
issues, software defects, enhancements
and change request - FREE
Trial |
WebProWorld IT Forum |
Am
I safe?
I have just been attacked by a hacker who has succesfully planted the w32.gael
virus on my system. Here's how it happend. A few days ago, a friend came around
to play some network games. I had recently upgraded my Zone Alarm Pro Security
Suit and he was unable to see my system. Since I was not online, I shut down the
firewall and off we went gaming.
hits
stat question
Say another site is accessing an image that resides on YOUR site. This other site
gets a visitor. Is this visit to the other site counted as a pageview on your
stats. (since technically it was an unique visitor request - just not on your
site. I hope this makes sense.
Best
hardware for online business?
I run a one man on-line business and I want to know the options for upgrading
my hardware. The essence of my query is this. I HATE to lose valuable precious
time. The amount of time spent waiting for the computer to load applications,
to boot up, to hang, etc is unecessarily lost time.
|
 |
| Recent
Articles |
System
Downtime
Downtime can disrupt your business, customers, and damage your company's reputation.
Hackers
Saw Plank, Microsoft Ship Drops
Within hours of the release of Microsoft's Windows Genuine Advantage (WGA), hackers
decided to flip off Microsoft with a single, simple line of javascript that promptly
turned off the WGA and turned on laughter in hacker circles ...
Network
Forensics is Affordable for Most Businesses
Regulatory requirements such as Sarbanes Oxley or HIPPA along with cyber crime
have heightened the interest in computer security.
Key
Benefits of a Single Intranet or Public Website
A single website is more connected and credible. It is more consistent and cost
effective. It is easier to manage and measure.
PassMark's
SiteKey - Answering The Wrong Question
In my article "Spear-Phishing - New Angles On An Old Game" (http://www.cafeid.com/
art-spear.shtml), I wrote about a variation on "traditional" e-mail phishing that
has proved to be more effective than random casting of stink-bait into a vast
pool of random e-mail addresses.
IT
Career Error! Click Here to Repair
Two years ago Jeff was a discontented software developer. His work left him frustrated
and mentally drained each day.
Microsoft
Getting FrontBridge Hookup: Secure Messaging
Microsoft announced yesterday they will acquire FrontBridge Technologies Inc.,
a company that provides managed services for corporate email security, compliance
and availability requirements...
Remote
Reboot Power Management Guide
Implementing a remote reboot power management solution is a required procedure
for assembling a true lights-out data center or co-location facility.
Environmental
Monitoring Reference Guide
Creating a safe and secure lights-out co-location or remote data center facility
ensues by incorporating environmental monitoring devices to remotely detect and
resolve unwarranted server room conditions.
|
|
08.15.05
Get
Control Of Endpoint Security
 By
Steve Hanna
While you're on a business trip, you use the hotel or conference room wireless
network to check news and request an upgrade. A hacker exploits a new and un-patched
operating system vulnerability to install a rootkit (a virtually undetectable
infection).
You do a web search and end up on a web site that is malicious or has been invisibly
hacked. The site uses a browser vulnerability to install a keystroke logger, capturing
all your activities including passwords.
A co-worker tells you about a great new stock ticker, weather alert, or other
cool doodad. Download it and try it out. Why not? It's free! But it comes with
a pack of spyware.
Something isn't working right. You ask Larry, the computer "expert" in the next
office. He suggests that you turn off your firewall. That did it. Thanks, Larry!
Of course, now you're totally exposed to attacks…
Multiply these scenarios by hundreds or thousands of users and you have an idea
of the risks malware poses for corporate networks today.
Bringing
Infections Back to the Office
Employees can access corporate networks and applications from any place at any
time through a variety of devices and access methods. The network perimeter now
includes endpoints at locations around the world, from branch offices to hotel
rooms.
Hackers and attackers no longer need to penetrate a corporate network's tough
perimeter defenses to spread infections. All they need is to find one poorly protected
endpoint roaming outside the corporate firewall. Attackers can then use this machine
as a software version of "Patient Zero" - an ignition point for the spread of
viruses, worms, spyware, Trojan horses, and other infectious agents into a corporate
network. Infected through insecure hotspots, Internet downloads, or other means,
the user carries his infection back to his corporate network when he reconnects,
typically through a secure, trusted connection. This infection then rapidly spreads
to other vulnerable systems within the corporate network, causing a cascade of
infections.
The security of a system on a corporate network is ultimately up to the user.
Even the best user occasionally skips past corporate security procedures, fails
to maintain his system, or otherwise breaks corporate security policies. These
users may be their corporation's next "Typhoid Mary", unknowing carriers for unseen,
incredibly destructive forces that, once they reconnect to their corporate network,
could bring it and their corporation down.
Integrity Checks for Every
Device
Traditional perimeter defenses provide strong access control security based on
user and endpoint identification. However, they are unable to shield a corporate
network from infections accidentally spread by authorized users with infected
endpoints.
Write
10,000 lines of code in 10 minutes!
Iron Speed Designer – Free
Evaluation |
|
Endpoint integrity solutions provide critical additional protection. Before a
system or device (an endpoint) can connect to the corporate network, it must pass
an integrity check verifying that it complies with the company's security policies.
This check occurs before the endpoint is allowed to access the corporate network
or even receive an IP address.
Endpoint integrity solutions provide two benefits for networks:
1.
They identify, quarantine, and heal "sick", non-secure endpoints
2.
They improve the defenses of healthy, compliant endpoints by ensuring that endpoints
connected to the network always have up-to-date and properly configured security
software
Integrity checks should not be restricted to remote access or other "external"
connections. Employees may bring their infected mobile devices into the network
and connect them through any wall jack or access point. So all network access
points should be protected.
How Endpoint Integrity Works
Endpoint integrity solutions work in a variety of ways but the basics are the
same. When a user attempts to connect to a corporate network, the endpoint integrity
solution checks the integrity of the user's endpoint. Some endpoint integrity
solutions also monitor endpoints after network connection to detect any change
in their security status. The endpoint integrity check typically involves checking
the status of the endpoint's security software (anti-virus, anti-spyware, patch
management, personal firewall, and other security products) against the company's
pre-set security policies for those products. Some endpoint integrity checks are
more extensive, verifying all the hardware on the endpoint to make sure it's valid.
In any case, if the endpoint is found to be compliant with the corporate security
policies the endpoint integrity solution allows the endpoint to access the company's
production network.
However, if the endpoint integrity solution detects a deficiency in the security
software on an endpoint, it can immediately quarantine the endpoint, restricting
it to a secure "quarantine network" until this deficiency is cured. Some companies
skip this quarantine step, simply warning non-compliant users. This avoids employee
inconvenience but reduces the security benefits.
A simple corporate security policy might state that all endpoints must have their
virus definitions updated at least once a week. If a particular endpoint's virus
definitions haven't been updated in two weeks, then the endpoint could be quarantined.
Read
the Rest of the Article.
About
the Author:
Steve Hanna, senior engineer for leading network access security solutions provider
Funk Software, helped develop the open endpoint integrity industry standard created
by the Trusted Computing Group’s Trusted Network Connect (TNC) Subgroup. Mr. Hanna
is active in many networking and security standards groups such as IETF and OASIS.
He is the author of several IETF RFCs and published papers, and an inventor or
co-inventor on 21 issued U.S. patents. Mr. Hanna holds an A.B. in Computer Science
from Harvard University.
For more information on endpoint integrity, visit www.Funk.com,
or visit www.TrustedComputingGroup.org |
|
