This is a little tricky usb to read only mode.. but it works..
go run, type regedit ,
then go to hkey_local_machine/ system /current control set/control
right click on that and new key... StorageDevicePolicies in the right pane,
new DWORD Value, name it WriteProtect,
double click on that and give its value to 1, and ok.. logout and login again..
Monday, September 29, 2008
How can I prevent users from using USB removable disks (USB flash drives)?
USB removable disks (also known as flash drives or "Disk on Key" and other variations) are quickly becoming an integral part of our electronic life, and now nearly everybody owns one device or another, in forms of small disks, external hard drives that come enclosed in cases, card readers, cameras, mobile phones, portable media players and more.
Portable USB flash drives are indeed very handy, but they can also be used to upload malicious code to your computer (either deliberately or by accident), or to copy confidential information from your computer and take it away.
Whenever a new USB device is plugged-in to a USB port, the operating system checks the device and hardware id to determine if it's a storage device or not. If it determines that it is indeed a mass storage device it will load the appropriate driver, and will display the device as a drive in the Windows Explorer tree view. This is done by using the usbstor.sys driver.
If the device does not have a drive letter, you will need to assign one to it by using the Disk Management snap-in found in the Computer Management tool.
If you disable the ability of the usbstor.sys driver to run on the computer, you will in fact block the computer's means of discovering the flash drive and loading the appropriate driver.
Note that this will only prevent usage of newly plugged-in USB Removable Drives or flash drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example - 2 identical flash drives made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option.
Note: This tip will allow you to block usage of USB removable disks, but will continue to allow usage of USB mice, keyboards or any other USB-based device that is NOT a portable disk.
You should also read Disable USB Disks with GPO and Disable Writing to USB Disks with GPO.
It's worth mentioning that in Windows Vista Microsoft has implemented a much more sophisticated method of controlling USB disks via GPO. If you have Windows Vista client computers in your organization you can use GPO settings edited from one of the Vista machines to control if users will be able to install and use USB disks, plus the ability to control exactly what device can or cannot be used on their machines.
Block usage of USB Removable Disks
To block your computer's ability to use USB Removable Disks follow these steps:
Open Registry Editor.
In Registry Editor, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
Locate the following value (DWORD):
Start
and give it a value of 4.
Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.
Close Registry Editor. You do not need to reboot the computer for changes to apply.
Enable usage of USB Removable Disks
To return to the default configuration and enable your computer's ability to use USB Removable Disks follow these steps:
Go to the registry path found above.
Locate the following value:
Start
and give it a value of 3.
Portable USB flash drives are indeed very handy, but they can also be used to upload malicious code to your computer (either deliberately or by accident), or to copy confidential information from your computer and take it away.
Whenever a new USB device is plugged-in to a USB port, the operating system checks the device and hardware id to determine if it's a storage device or not. If it determines that it is indeed a mass storage device it will load the appropriate driver, and will display the device as a drive in the Windows Explorer tree view. This is done by using the usbstor.sys driver.
If the device does not have a drive letter, you will need to assign one to it by using the Disk Management snap-in found in the Computer Management tool.
If you disable the ability of the usbstor.sys driver to run on the computer, you will in fact block the computer's means of discovering the flash drive and loading the appropriate driver.
Note that this will only prevent usage of newly plugged-in USB Removable Drives or flash drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example - 2 identical flash drives made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option.
Note: This tip will allow you to block usage of USB removable disks, but will continue to allow usage of USB mice, keyboards or any other USB-based device that is NOT a portable disk.
You should also read Disable USB Disks with GPO and Disable Writing to USB Disks with GPO.
It's worth mentioning that in Windows Vista Microsoft has implemented a much more sophisticated method of controlling USB disks via GPO. If you have Windows Vista client computers in your organization you can use GPO settings edited from one of the Vista machines to control if users will be able to install and use USB disks, plus the ability to control exactly what device can or cannot be used on their machines.
Block usage of USB Removable Disks
To block your computer's ability to use USB Removable Disks follow these steps:
Open Registry Editor.
In Registry Editor, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
Locate the following value (DWORD):
Start
and give it a value of 4.
Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.
Close Registry Editor. You do not need to reboot the computer for changes to apply.
Enable usage of USB Removable Disks
To return to the default configuration and enable your computer's ability to use USB Removable Disks follow these steps:
Go to the registry path found above.
Locate the following value:
Start
and give it a value of 3.
What is 'phishing'?
It's not much of a stretch from its homonym 'fishing' (a 'homonym' is a word that shares the same spelling or pronunciation (or both); each word, however, has a different meaning). In this case, however, it's not fishing in a lake or pond... it's 'phishing' out of your wallet.
In social computing parlance, 'phishing' is a criminal activity where the offenders manipulate people through computer systems and the Internet into divulging confidential information or performing certain actions such as credit card transactions. Throughout this fraudulent interaction, the attacker never approaches the victim face-to-face. At the same time, he gets confidential information about the victim that he can then use for his own benefit.
Recall those email messages proudly telling you that you are among a privileged few to have won $ 10,000 in a lucky draw? Or that you have to call this special (costs a fortune a minute) number and stay on the line for a good 10 minutes to realise you have a 50 per cent discount on a ridiculously high priced vacation that no one in his or her senses would pay for.
In social computing parlance, 'phishing' is a criminal activity where the offenders manipulate people through computer systems and the Internet into divulging confidential information or performing certain actions such as credit card transactions. Throughout this fraudulent interaction, the attacker never approaches the victim face-to-face. At the same time, he gets confidential information about the victim that he can then use for his own benefit.
Recall those email messages proudly telling you that you are among a privileged few to have won $ 10,000 in a lucky draw? Or that you have to call this special (costs a fortune a minute) number and stay on the line for a good 10 minutes to realise you have a 50 per cent discount on a ridiculously high priced vacation that no one in his or her senses would pay for.
Friday, September 26, 2008
Wednesday, September 24, 2008
Cochin Technology Consortium
http://groups.google.com/group/cochin-technology-consortium?hl=എന്
We are a group of technology and security evangelist from Cochin that love to share and gain technical and professional knowledge. We are planning to meet once in two months to have an interactive and informative session. Each meet will have two session which will be conducted by either consortium members or by invited specialist.
Apart from technology, the consortium will also concentrate on other professional related subjects like Project Management, Time Management, Personality Development, Soft Skills, Positive Thinking, Career Dev elopement. The Consortium is not industry specific or vendor specific and will address both Commercial and Open Source technologies.
We are a group of technology and security evangelist from Cochin that love to share and gain technical and professional knowledge. We are planning to meet once in two months to have an interactive and informative session. Each meet will have two session which will be conducted by either consortium members or by invited specialist.
Apart from technology, the consortium will also concentrate on other professional related subjects like Project Management, Time Management, Personality Development, Soft Skills, Positive Thinking, Career Dev elopement. The Consortium is not industry specific or vendor specific and will address both Commercial and Open Source technologies.
10 Tips for Wireless Home Network Security
Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive. The recommendations below summarize the steps you should take to improve the security of your home wireless network.
1. Change Default Administrator Passwords (and Usernames)At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.
More Info
2. Turn on (Compatible) WPA / WEP EncryptionAll Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.
More Info
3. Change the Default SSIDAccess points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network.
More Info
4. Enable MAC Address FilteringEach piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
More Info
5. Disable SSID BroadcastIn Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.
More Info
6. Do Not Auto-Connect to Open Wi-Fi NetworksConnecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.
More Info
7. Assign Static IP Addresses to DevicesMost home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.
More Info
8. Enable Firewalls On Each Computer and the RouterModern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
More Info
9. Position the Router or Access Point SafelyWi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
More Info
10. Turn Off the Network During Extended Periods of Non-UseThe ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers. If you own a wireless router but are only using it wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.
1. Change Default Administrator Passwords (and Usernames)At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.
More Info
2. Turn on (Compatible) WPA / WEP EncryptionAll Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.
More Info
3. Change the Default SSIDAccess points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network.
More Info
4. Enable MAC Address FilteringEach piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
More Info
5. Disable SSID BroadcastIn Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.
More Info
6. Do Not Auto-Connect to Open Wi-Fi NetworksConnecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.
More Info
7. Assign Static IP Addresses to DevicesMost home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.
More Info
8. Enable Firewalls On Each Computer and the RouterModern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
More Info
9. Position the Router or Access Point SafelyWi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
More Info
10. Turn Off the Network During Extended Periods of Non-UseThe ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers. If you own a wireless router but are only using it wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.
Tips to protect your WiFi from hackers
It could happen to any one of us. Wake up one morning to discover that the Indian Mujahideen [Images] has hacked into our Internet account and sent out a chilling mail claiming responsibility for a terror attack on the nation.
The e-mails sent out in the aftermath of the Delhi and Ahmedabad blasts reveal that the Indian Mujhahideen hacked into unsecure WiFi networks to send out the terror e-mail.
While this trend may continue thanks to the number of IT professionals on the Students Islamic Movement of India/Indian Mujahideen rolls, it is up to us to ensure that we take utmost care while using the Internet.
Sameer Shekle, co-founder and COO, Aujas Networks, a digital security services provider, says Internet users could adopt the following methods to ensure that s/he is safe.
Disabling the SSID broadcast. To some extent this makes it difficult for the hacker to detect the presence of a WiFi access point.
Enable MAC address filter. Each network interface has a unique MAC address, by filtering it, one can to an extent control which machines can use the access point.
Turn on WPA/WEP encryption. This ensures that traffic between a legitimate machine and an access point is not readable.
Change default admin passwords for access points.
Ensure access points are placed securely. In the centre of a room/office etc to minimise its signal strength outside the office.
Even after following the above precautions, your WiFI account could be compromised and hence, the things to look at are:
Monitor usage of the access point. Have a clear inventory and knowledge about the position of each access point.
Monitor the usage of the Internet link, to know what traffic is going out. For example, some corporate block e-mail providers like yahoo or hotmail. Hence, even if the access point is compromised, the hacker may not be able to use public e-mail systems.
Consider a specific security policy for wireless networks. For example, most companies primarily use wired networks in the office as the primary media. Access points are used in common areas like conferences rooms etc. Hence, strict policies can be deployed on wireless networks as compared to wired networks.
The e-mails sent out in the aftermath of the Delhi and Ahmedabad blasts reveal that the Indian Mujhahideen hacked into unsecure WiFi networks to send out the terror e-mail.
While this trend may continue thanks to the number of IT professionals on the Students Islamic Movement of India/Indian Mujahideen rolls, it is up to us to ensure that we take utmost care while using the Internet.
Sameer Shekle, co-founder and COO, Aujas Networks, a digital security services provider, says Internet users could adopt the following methods to ensure that s/he is safe.
Disabling the SSID broadcast. To some extent this makes it difficult for the hacker to detect the presence of a WiFi access point.
Enable MAC address filter. Each network interface has a unique MAC address, by filtering it, one can to an extent control which machines can use the access point.
Turn on WPA/WEP encryption. This ensures that traffic between a legitimate machine and an access point is not readable.
Change default admin passwords for access points.
Ensure access points are placed securely. In the centre of a room/office etc to minimise its signal strength outside the office.
Even after following the above precautions, your WiFI account could be compromised and hence, the things to look at are:
Monitor usage of the access point. Have a clear inventory and knowledge about the position of each access point.
Monitor the usage of the Internet link, to know what traffic is going out. For example, some corporate block e-mail providers like yahoo or hotmail. Hence, even if the access point is compromised, the hacker may not be able to use public e-mail systems.
Consider a specific security policy for wireless networks. For example, most companies primarily use wired networks in the office as the primary media. Access points are used in common areas like conferences rooms etc. Hence, strict policies can be deployed on wireless networks as compared to wired networks.
Thursday, September 18, 2008
Hackers infiltrate Large Hadron Collider systems and mock IT security
Calling themselves the Greek Security Team, the interlopers mocked the IT used on the project, describing the technicians responsible for security as "a bunch of schoolkids."However, despite an ominous warning "don't mess with us," the hackers said they had no intention of disrupting the work of the atom smasher.
"We're pulling your pants down because we don't want to see you running around naked looking to hide yourselves when the panic comes," they wrote in Greek in a rambling note posted on the LHC's network.
The scientists behind the £4.4 billion "Big Bang" machine had already received threatening emails and been besieged by telephone calls from worried members of the public concerned by speculation that the machine could trigger a black hole to swallow the earth, or earthquakes and tsunamis, despite endless reassurances to the contrary from the likes of Prof Stephen Hawking.
The website - www.cmsmon.cern.ch - can no longer be accessed by the public as a result of the attack.
advertisement
.prWrap,.prWrap DIV,.prWrap IMG{margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;border:0px 0px 0px 0px;overflow:visible;direction:ltr;background:none;background-color:transparent;}
Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12500 tons, measuring around 21 metres in length and 15 metres wide/high.
If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."
Fortunately, only one file was damaged but one of the scientists firing off emails as the CMS team fought off the hackers said it was a "scary experience".
The hackers targeted the Compact Muon Solenoid Experiment, or CMS, one of the four "eyes" of the facility that will be analysing the fallout of the Big Bang.
The CMS team of around 2000 scientists is racing with another team that runs the Atlas detector, also at Cern, to find the Higgs particle, one that is responsible for mass.
"There seems to be no harm done. From what they can tell, it was someone making the point that CMS was hackable," said James Gillies, spokesman for Cern. "It was quickly detected."
"We have several levels of network, a general access network and a much tighter network for sensitive things that operate the LHC," said Gillies.
"We are a very visible site," he said, adding that of the 1.4 million emails sent to Cern yesterday, 98 per cent was spam.
The hacking attempt started around the time that the giant machine was about to circulate its first particles, under the spotlight of the world's media.
"We're pulling your pants down because we don't want to see you running around naked looking to hide yourselves when the panic comes," they wrote in Greek in a rambling note posted on the LHC's network.
The scientists behind the £4.4 billion "Big Bang" machine had already received threatening emails and been besieged by telephone calls from worried members of the public concerned by speculation that the machine could trigger a black hole to swallow the earth, or earthquakes and tsunamis, despite endless reassurances to the contrary from the likes of Prof Stephen Hawking.
The website - www.cmsmon.cern.ch - can no longer be accessed by the public as a result of the attack.
advertisement
.prWrap,.prWrap DIV,.prWrap IMG{margin:0px 0px 0px 0px;padding:0px 0px 0px 0px;border:0px 0px 0px 0px;overflow:visible;direction:ltr;background:none;background-color:transparent;}
Scientists working at Cern, the organisation that runs the vast smasher, were worried about what the hackers could do because they were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12500 tons, measuring around 21 metres in length and 15 metres wide/high.
If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."
Fortunately, only one file was damaged but one of the scientists firing off emails as the CMS team fought off the hackers said it was a "scary experience".
The hackers targeted the Compact Muon Solenoid Experiment, or CMS, one of the four "eyes" of the facility that will be analysing the fallout of the Big Bang.
The CMS team of around 2000 scientists is racing with another team that runs the Atlas detector, also at Cern, to find the Higgs particle, one that is responsible for mass.
"There seems to be no harm done. From what they can tell, it was someone making the point that CMS was hackable," said James Gillies, spokesman for Cern. "It was quickly detected."
"We have several levels of network, a general access network and a much tighter network for sensitive things that operate the LHC," said Gillies.
"We are a very visible site," he said, adding that of the 1.4 million emails sent to Cern yesterday, 98 per cent was spam.
The hacking attempt started around the time that the giant machine was about to circulate its first particles, under the spotlight of the world's media.
The Top 5 Internal Security Threats
What are the top internal security threats – and how can you avoid them? Read on to find out.
1. Your Employees Are Selling You Out, Part 1
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization in an effort to gain unauthorized access to confidential data. While not exactly a new phenomenon, attacks are becoming increasingly sophisticated, according to Paul Stamp, a Forrester Research senior analyst.
“A phishing attack used to be a request from the deposed governor of Nigeria,” says Stamp. “These days, a phishing attack is almost indistinguishable from the real thing.”
The result: unwitting employees disclosing confidential information, from passwords to financial data, to ill-intentioned intruders. Unable to identify fraudulent websites and counterfeit email messages, these internal workers are essentially opening a company’s closed doors to criminals.
No wonder spear phishing attempts are exploding in number. The Symantec Probe Network detected a total of 166,248 unique phishing messages, a six percent increase over the first six months of 2006. And Symantec blocked over 1.5 billion phishing messages, an increase of 19 percent over the first half of 2006.
The remedy: Phishing-fighting strategies include implementing anti-phishing toolbars that display a Web site’s real domain name, as well as maintaining a roster of well-known phishing sites for employee reference. But companies should forget about training IT personnel and staging corporate awareness campaigns, says Alan Paller, director of research at The SANS Institute. Rather, he suggests running “benign spear phishing exercises against your own employees ...There’s no other way to solve it.”
2. Laptops on the Loose
Accidentally bequeathing your forgotten laptop to a hotel’s cleaning staff is more than an inconvenience. According to software security firm Symantec, the theft or loss of a computer or other data-storage medium made up 54 percent of all identity theft-related data breaches in the second half of 2006.
But that’s not all. The theft or loss of a laptop can cost a company big bucks. The 2006 CSI/FBI Computer Crime and Security survey reveals that laptops and the theft of proprietary information are the third and fourth-greatest sources of respondents’ financial losses. Nevertheless, a startling 47 percent of respondents detected laptop/mobile theft last year.
Laptops aren’t the only security risk. Boasting unprecedented disk storage capabilities, portable devices such as iPods, the BlackBerry and flash memory sticks also present dangers. Not only do these pocket-sized tools allow users to bypass perimeter defenses such as firewalls, but they also allow workers to remove proprietary information from a company’s premises. What’s worse, Gartner estimates that only about 10 percent of enterprises have any policies dealing with removable storage devices.
The remedy: Companies should require employees to protect their laptops with a startup password so that if they are stolen, at least the data is unusable. Make a practice of deleting old e-mails, text messages, call logs and unwanted files from all portable devices. And it’s always a good idea for employees to take advantage of a device’s built-in encryption capabilities and password protection features. Kingston’s Data Traveler Elite Privacy Edition, for example, is a USB Flash drive that secures 100 percent of data on-the-fly via 128-bit hardware-based AES encryption, and locks out potential users after 25 consecutive failed password attempts.
3. Unintentional Access and Disgruntled Ex-Employees
One of the many perks of working for a company is the access one gains to multiple computer systems, from e-mail messaging to HR payroll. Yet it’s precisely this access that can endanger the security of mission-critical applications. Despite today’s sophisticated user provisioning systems, many IT administrators are simply too time-strapped to actively update users’ access and privileges.
In fact, research has revealed that it can take upwards of 4 months to remove the user rights of a former employee. Within that time-span, there’s no telling what havoc a disgruntled employee can wreak on a company’s critical business systems.
The remedy: There’s no shortage of vendors promising to simplify the user provisioning process. Entrust, for example, offers solutions that automate policy enforcement and delegate administration for user provisioning which helps maintain security levels while managing large numbers of users. Another example is Courion. Courion’s AccountCourier is an automated user provisioning solution that instantly grants, revokes or modifies access to any operating system, application, Web portal or other IT assets without manual intervention.
4. Missing Security Patches
It’s an unfortunate reality. Vendors aren’t always quick to produce the necessary protection in the face of a newfound security hole. In fact, Symantec reports that in the second half of 2006, all the operating system vendors that were studied had longer average patch development times than in the first half of the year.
Further complicating matters, however, is the fact that many IT administrators are simply too overburdened to ensure that they have the latest updates and most recent patches in place. The result: well-known viruses succeeding at penetrating some of today’s largest enterprises.
Says Oliver Friedrichs, a Symantec Security Response director: “If you’re not up-to-date with the latest security updates and the latest anti-virus detections, you’re clearly at risk for some of the latest threats.”
The remedy: Patch management software and services can greatly ease the burden on today’s administrators. Ecora’s Patch Manager automates system discovery, patch assessment and patch installation on workstations and servers. Ideal for heterogeneous IT environments, Novell ZENworks Patch Management notifies administrators of exactly what patches and security holes reside on each server, desktop and laptop. And then there’s SecureCentral PatchQuest, automated patch management software for distributing and managing security patches, hotfixes and updates across networks comprising Windows, Red Hat and Debian Linux systems.
5. Your Employees are Selling You Out, Part 2
That joke email message that just landed in your inbox may not be so funny after all. “A lot of the security threats that we’re seeing involve email somewhere along the line,” warns Stamp. Data leakage stemming from outbound e-mail is among the primary concerns. According to the Ponemon Institute, 69 percent of organizations reported serious data leaks caused by either malicious employee activities or nonmalicious employee error. But even the most innocent of correspondences can result in trouble. For example, an email message that causes one employee to chuckle may greatly offend another, leading to legal liabilities. Not to mention email’s ability to serve as incriminating evidence. For example, internal emails contributed to pharmaceutical giant American Home Products Corporation being fined $3.5 billion as a result of a class-action lawsuit concerning its manufacturing of the diet drugs Fen-Phen and Redux.
The remedy: Strict usage policies can prohibit employees from sedning sensitive information via insecure e-mail. E-mail content scanning technology can also help. IBM Expresses Managed Security Services for example, scans and monitors e-mail before it ever reaches a network, ensuring that it's free from harmful or damaging content. And MessageLabs' Boundary Encryption service lets businesses set up a secure private email network between themselves and their partners to ensure the end-to-end delivery of encrypted communications.
1. Your Employees Are Selling You Out, Part 1
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization in an effort to gain unauthorized access to confidential data. While not exactly a new phenomenon, attacks are becoming increasingly sophisticated, according to Paul Stamp, a Forrester Research senior analyst.
“A phishing attack used to be a request from the deposed governor of Nigeria,” says Stamp. “These days, a phishing attack is almost indistinguishable from the real thing.”
The result: unwitting employees disclosing confidential information, from passwords to financial data, to ill-intentioned intruders. Unable to identify fraudulent websites and counterfeit email messages, these internal workers are essentially opening a company’s closed doors to criminals.
No wonder spear phishing attempts are exploding in number. The Symantec Probe Network detected a total of 166,248 unique phishing messages, a six percent increase over the first six months of 2006. And Symantec blocked over 1.5 billion phishing messages, an increase of 19 percent over the first half of 2006.
The remedy: Phishing-fighting strategies include implementing anti-phishing toolbars that display a Web site’s real domain name, as well as maintaining a roster of well-known phishing sites for employee reference. But companies should forget about training IT personnel and staging corporate awareness campaigns, says Alan Paller, director of research at The SANS Institute. Rather, he suggests running “benign spear phishing exercises against your own employees ...There’s no other way to solve it.”
2. Laptops on the Loose
Accidentally bequeathing your forgotten laptop to a hotel’s cleaning staff is more than an inconvenience. According to software security firm Symantec, the theft or loss of a computer or other data-storage medium made up 54 percent of all identity theft-related data breaches in the second half of 2006.
But that’s not all. The theft or loss of a laptop can cost a company big bucks. The 2006 CSI/FBI Computer Crime and Security survey reveals that laptops and the theft of proprietary information are the third and fourth-greatest sources of respondents’ financial losses. Nevertheless, a startling 47 percent of respondents detected laptop/mobile theft last year.
Laptops aren’t the only security risk. Boasting unprecedented disk storage capabilities, portable devices such as iPods, the BlackBerry and flash memory sticks also present dangers. Not only do these pocket-sized tools allow users to bypass perimeter defenses such as firewalls, but they also allow workers to remove proprietary information from a company’s premises. What’s worse, Gartner estimates that only about 10 percent of enterprises have any policies dealing with removable storage devices.
The remedy: Companies should require employees to protect their laptops with a startup password so that if they are stolen, at least the data is unusable. Make a practice of deleting old e-mails, text messages, call logs and unwanted files from all portable devices. And it’s always a good idea for employees to take advantage of a device’s built-in encryption capabilities and password protection features. Kingston’s Data Traveler Elite Privacy Edition, for example, is a USB Flash drive that secures 100 percent of data on-the-fly via 128-bit hardware-based AES encryption, and locks out potential users after 25 consecutive failed password attempts.
3. Unintentional Access and Disgruntled Ex-Employees
One of the many perks of working for a company is the access one gains to multiple computer systems, from e-mail messaging to HR payroll. Yet it’s precisely this access that can endanger the security of mission-critical applications. Despite today’s sophisticated user provisioning systems, many IT administrators are simply too time-strapped to actively update users’ access and privileges.
In fact, research has revealed that it can take upwards of 4 months to remove the user rights of a former employee. Within that time-span, there’s no telling what havoc a disgruntled employee can wreak on a company’s critical business systems.
The remedy: There’s no shortage of vendors promising to simplify the user provisioning process. Entrust, for example, offers solutions that automate policy enforcement and delegate administration for user provisioning which helps maintain security levels while managing large numbers of users. Another example is Courion. Courion’s AccountCourier is an automated user provisioning solution that instantly grants, revokes or modifies access to any operating system, application, Web portal or other IT assets without manual intervention.
4. Missing Security Patches
It’s an unfortunate reality. Vendors aren’t always quick to produce the necessary protection in the face of a newfound security hole. In fact, Symantec reports that in the second half of 2006, all the operating system vendors that were studied had longer average patch development times than in the first half of the year.
Further complicating matters, however, is the fact that many IT administrators are simply too overburdened to ensure that they have the latest updates and most recent patches in place. The result: well-known viruses succeeding at penetrating some of today’s largest enterprises.
Says Oliver Friedrichs, a Symantec Security Response director: “If you’re not up-to-date with the latest security updates and the latest anti-virus detections, you’re clearly at risk for some of the latest threats.”
The remedy: Patch management software and services can greatly ease the burden on today’s administrators. Ecora’s Patch Manager automates system discovery, patch assessment and patch installation on workstations and servers. Ideal for heterogeneous IT environments, Novell ZENworks Patch Management notifies administrators of exactly what patches and security holes reside on each server, desktop and laptop. And then there’s SecureCentral PatchQuest, automated patch management software for distributing and managing security patches, hotfixes and updates across networks comprising Windows, Red Hat and Debian Linux systems.
5. Your Employees are Selling You Out, Part 2
That joke email message that just landed in your inbox may not be so funny after all. “A lot of the security threats that we’re seeing involve email somewhere along the line,” warns Stamp. Data leakage stemming from outbound e-mail is among the primary concerns. According to the Ponemon Institute, 69 percent of organizations reported serious data leaks caused by either malicious employee activities or nonmalicious employee error. But even the most innocent of correspondences can result in trouble. For example, an email message that causes one employee to chuckle may greatly offend another, leading to legal liabilities. Not to mention email’s ability to serve as incriminating evidence. For example, internal emails contributed to pharmaceutical giant American Home Products Corporation being fined $3.5 billion as a result of a class-action lawsuit concerning its manufacturing of the diet drugs Fen-Phen and Redux.
The remedy: Strict usage policies can prohibit employees from sedning sensitive information via insecure e-mail. E-mail content scanning technology can also help. IBM Expresses Managed Security Services for example, scans and monitors e-mail before it ever reaches a network, ensuring that it's free from harmful or damaging content. And MessageLabs' Boundary Encryption service lets businesses set up a secure private email network between themselves and their partners to ensure the end-to-end delivery of encrypted communications.
Wednesday, September 17, 2008
Internet Explorer 8
Accelerators
Accelerators let you efficiently complete your everyday browsing activities like mapping directions, translating words, emailing your friends, and more in just a few mouse clicks. Learn more.
Common accelerator showing driving directions
InPrivate Browsing
Browse the web without saving your history with Internet Explorer 8's InPrivate Browsing. Now you can shop for that special gift with confidence knowing your family won't accidentally find out or use a shared computer without leaving a trace. Learn More.
The InPrivate button on the Address Bar
Web Slices
Keep up with changes to the sites you care about most. Add a Web Slice and you won't have to go back to the same website again and again for updates on news, stock quotes, online auctions, weather, or even sports scores. Learn more.
A common Web Slice
Search suggestions
Search smarter with detailed suggestions from your favorite search providers and browsing history. See visual previews and get suggested content topics while you type in the enhanced Instant Search Box. Learn more.
A search showing visual content
SmartScreen Filter
New security features help to protect you against deceptive and malicious websites which can compromise your data, privacy and identity. Learn more.
A blocked website because reported as unsafe
Print E-mail
Experience Internet Explorer 8 Beta 2, our new, improved and free web browser.Download now
Accelerators let you efficiently complete your everyday browsing activities like mapping directions, translating words, emailing your friends, and more in just a few mouse clicks. Learn more.
Common accelerator showing driving directions
InPrivate Browsing
Browse the web without saving your history with Internet Explorer 8's InPrivate Browsing. Now you can shop for that special gift with confidence knowing your family won't accidentally find out or use a shared computer without leaving a trace. Learn More.
The InPrivate button on the Address Bar
Web Slices
Keep up with changes to the sites you care about most. Add a Web Slice and you won't have to go back to the same website again and again for updates on news, stock quotes, online auctions, weather, or even sports scores. Learn more.
A common Web Slice
Search suggestions
Search smarter with detailed suggestions from your favorite search providers and browsing history. See visual previews and get suggested content topics while you type in the enhanced Instant Search Box. Learn more.
A search showing visual content
SmartScreen Filter
New security features help to protect you against deceptive and malicious websites which can compromise your data, privacy and identity. Learn more.
A blocked website because reported as unsafe
Print E-mail
Experience Internet Explorer 8 Beta 2, our new, improved and free web browser.Download now
Windows server 2008
The new look & feel of Windows Server 2008
The first thing that new Server 2008 users will notice is the new look and feel of Windows Server 2008. If fact, if you have used Windows Vista, you will notice how similar it is to Windows Server 2008.
This new look and feel is something that will take some getting used to. As Windows system admins, we are used to going to the same place, over and over, to accomplish the same task. Because of this, initially, you may feel a little lost in Windows Server 2008.
For example, one of the first things I noticed is that the Run command was missing from the Start Menu. Now you just have to click on the Start Search area of the Start Menu and type in the command that you need. (Figure 1)
Figure 1: The new look and feel of Windows Server 2008
They have also removed the add/remove programs icon in control panel. These are just some of things that you will need get used to when using Windows Server 2008.
Is it better or worse? In my opinion, it is “just different”.
Enhanced Security Features of Windows Server 2008
As Microsoft says that Windows Server 2008 is the “most secure” server OS they have every created, I want to take a minute to touch on the security features of Server 2008. Here is my list:
Active Directory Federation Service – allows administrators to easily set up trust relationships with federation partners.
Read-Only Domain Controllers - these domain controllers will be used in environments where you need a domain controller but you cannot guarantee the physical security of the server.
Server Core Installation - a new type of install of Windows Server 2008 that will allow you to only install the typical Windows network infrastructure services – DHCP, DNS, file sharing, and domain controller functions. What is a big change for most admins is that if you choose to use the “server core” installation, there will be no local GUI interface to the OS.
Password and account lockout policy improvements – offers the ability to have multiple password and account policies in a single domain.
Windows BitLocker Drive Encryption - allows you to encrypt all of the hard drives on a server. This will prevent the data from being viewed if a hard drive or the server is stolen.
You can view more Windows Server 2008 features and benefits at the Server 2008 Product Overview.
The New & Improved Server 2008 Web Server - IIS 7.0
We have to keep in mind that there are so many other applications included in the Windows Server 2008 OS. One of those is Internet Information Server. With Windows Server 2008, IIS has been upgraded to version 7.0. With this upgrade, IIS 7.0 is easier to manage due to its improved interface. The interface offers the ability to perform common tasks faster, security enhancements, web server health information, delegation of administration, and more. With IIS 7.0, your access to diagnostic and troubleshooting information is much easier and quicker (Figure 2).
Figure 2: The new IIS 7.0 Management Interface
Speed Client Operating System Deployment with WDS
Windows Deployment Service (WDS) is a new Server 2008 feature that allows you to deploy Windows client machines over the network. The new WDS is faster because it uses TFTP. WDS offers client installs performed with either ScheduleCast or AutoCast.
ScheduleCast is a scheduled deployment whereas AutoCast is an “always available” deployment using Multicast. Because AutoCast uses Multicast, you can save on bandwidth by all clients sharing the same streaming data over the network.
Secure your network from unsafe PC clients with Network Access Protection
Microsoft’s Network Access Protection (NAP) is a new policy that can be put into place, requiring clients to meet certain requirements before they can connect to a Windows 2008 server.
If they do not meet the requirements that are set, the client can be quarantined or can be denied access. Even better, if the computer does not meet the requirements, the Windows 2008 Server can deploy the necessary updates that are needed.
By using NAP, you can secure not only local PCs but also home computers or roaming computers that attempt to connect to your network from your LAN or via the Internet with a VPN.
Figure 3: Network Policy Server Interface
Windows Terminal Services Improvements
Windows Terminal Services has been greatly improved in Windows Server 2008. Here are some of the new key features:
RemoteApp - similar to published applications in Citrix, RemoteApp will allow you to share an application with a workstation instead of the entire Windows desktop. It is supposed to have seamless integration with the client PCs so that clients will just see an icon in their start menu or desktop and click on it to run the application.
Terminal Services Gateway - allows remote users who are working away from the office to connect to terminal services. This will help remove the need for remote VPN access for some users.
Terminal Services Web Access – offers the ability for remote users to connect to terminal services with just a web browser. By using this, remote PCs attempting to connect to terminal services do not need to have the remote desktop client or VPN.
All three of these features are very similar to existing Citrix Metaframe features.
One Stop Server Management with Server Manager
Windows Server 2008 Server Manager is a new console that will put all the snap-ins you need to manage your server in a single place, making it easier and faster to for administrators to manage Windows 2008 Servers.
Figure 4: Server Manager Console
New Windows Server Virtualization Features
Windows Server Virtualization is a new feature that allows you to virtualize any operating system onto one server. This feature will also allow you consolidate many servers into one server. This will allow you to easily create test and development environments without having to use too many resources.
With this feature, Microsoft is hoping to take away a great deal of the virtualization marketplace from VMware. While Microsoft certainly lags far behind VMware in the maturing of their virtualization offerings, by Microsoft offering virtualization already built into the Windows OS, they are going a long way to getting their version of virtualization in the hands of the end user.
As we are just now getting a look at Microsoft’s version of Hypervisor virtualization in the recently released Windows Server 2008 RC0, it is too soon to say how good of a virtualization feature set Microsoft will offer. I encourage you to take a look at it for yourself.
The first thing that new Server 2008 users will notice is the new look and feel of Windows Server 2008. If fact, if you have used Windows Vista, you will notice how similar it is to Windows Server 2008.
This new look and feel is something that will take some getting used to. As Windows system admins, we are used to going to the same place, over and over, to accomplish the same task. Because of this, initially, you may feel a little lost in Windows Server 2008.
For example, one of the first things I noticed is that the Run command was missing from the Start Menu. Now you just have to click on the Start Search area of the Start Menu and type in the command that you need. (Figure 1)
Figure 1: The new look and feel of Windows Server 2008
They have also removed the add/remove programs icon in control panel. These are just some of things that you will need get used to when using Windows Server 2008.
Is it better or worse? In my opinion, it is “just different”.
Enhanced Security Features of Windows Server 2008
As Microsoft says that Windows Server 2008 is the “most secure” server OS they have every created, I want to take a minute to touch on the security features of Server 2008. Here is my list:
Active Directory Federation Service – allows administrators to easily set up trust relationships with federation partners.
Read-Only Domain Controllers - these domain controllers will be used in environments where you need a domain controller but you cannot guarantee the physical security of the server.
Server Core Installation - a new type of install of Windows Server 2008 that will allow you to only install the typical Windows network infrastructure services – DHCP, DNS, file sharing, and domain controller functions. What is a big change for most admins is that if you choose to use the “server core” installation, there will be no local GUI interface to the OS.
Password and account lockout policy improvements – offers the ability to have multiple password and account policies in a single domain.
Windows BitLocker Drive Encryption - allows you to encrypt all of the hard drives on a server. This will prevent the data from being viewed if a hard drive or the server is stolen.
You can view more Windows Server 2008 features and benefits at the Server 2008 Product Overview.
The New & Improved Server 2008 Web Server - IIS 7.0
We have to keep in mind that there are so many other applications included in the Windows Server 2008 OS. One of those is Internet Information Server. With Windows Server 2008, IIS has been upgraded to version 7.0. With this upgrade, IIS 7.0 is easier to manage due to its improved interface. The interface offers the ability to perform common tasks faster, security enhancements, web server health information, delegation of administration, and more. With IIS 7.0, your access to diagnostic and troubleshooting information is much easier and quicker (Figure 2).
Figure 2: The new IIS 7.0 Management Interface
Speed Client Operating System Deployment with WDS
Windows Deployment Service (WDS) is a new Server 2008 feature that allows you to deploy Windows client machines over the network. The new WDS is faster because it uses TFTP. WDS offers client installs performed with either ScheduleCast or AutoCast.
ScheduleCast is a scheduled deployment whereas AutoCast is an “always available” deployment using Multicast. Because AutoCast uses Multicast, you can save on bandwidth by all clients sharing the same streaming data over the network.
Secure your network from unsafe PC clients with Network Access Protection
Microsoft’s Network Access Protection (NAP) is a new policy that can be put into place, requiring clients to meet certain requirements before they can connect to a Windows 2008 server.
If they do not meet the requirements that are set, the client can be quarantined or can be denied access. Even better, if the computer does not meet the requirements, the Windows 2008 Server can deploy the necessary updates that are needed.
By using NAP, you can secure not only local PCs but also home computers or roaming computers that attempt to connect to your network from your LAN or via the Internet with a VPN.
Figure 3: Network Policy Server Interface
Windows Terminal Services Improvements
Windows Terminal Services has been greatly improved in Windows Server 2008. Here are some of the new key features:
RemoteApp - similar to published applications in Citrix, RemoteApp will allow you to share an application with a workstation instead of the entire Windows desktop. It is supposed to have seamless integration with the client PCs so that clients will just see an icon in their start menu or desktop and click on it to run the application.
Terminal Services Gateway - allows remote users who are working away from the office to connect to terminal services. This will help remove the need for remote VPN access for some users.
Terminal Services Web Access – offers the ability for remote users to connect to terminal services with just a web browser. By using this, remote PCs attempting to connect to terminal services do not need to have the remote desktop client or VPN.
All three of these features are very similar to existing Citrix Metaframe features.
One Stop Server Management with Server Manager
Windows Server 2008 Server Manager is a new console that will put all the snap-ins you need to manage your server in a single place, making it easier and faster to for administrators to manage Windows 2008 Servers.
Figure 4: Server Manager Console
New Windows Server Virtualization Features
Windows Server Virtualization is a new feature that allows you to virtualize any operating system onto one server. This feature will also allow you consolidate many servers into one server. This will allow you to easily create test and development environments without having to use too many resources.
With this feature, Microsoft is hoping to take away a great deal of the virtualization marketplace from VMware. While Microsoft certainly lags far behind VMware in the maturing of their virtualization offerings, by Microsoft offering virtualization already built into the Windows OS, they are going a long way to getting their version of virtualization in the hands of the end user.
As we are just now getting a look at Microsoft’s version of Hypervisor virtualization in the recently released Windows Server 2008 RC0, it is too soon to say how good of a virtualization feature set Microsoft will offer. I encourage you to take a look at it for yourself.
Subscribe to:
Posts (Atom)
