It’s a shocking but true statement.

But then if the vulnerabilities and misconfigurations are known, why are steps not taken to correct them?

Well, the answer lies in the question itself. The vulnerabilities are known but which ones exist in your system’s network need to be identified.  The first step towards protection against security breaches is identification of these vulnerabilities. This is achieved through security audits and vulnerability scans.

A number of people question the need for security audits and few people even dismiss them as unnecessary. Some people believe that their anti-virus software can take care of all such security concerns. And it’s astonishing to know that a lot of people either have obsolete anti-viruses that are not updated as frequently as they should be or their anti-virus software has poor virus detection rate.

The need for protection varies from business to business. Though a powerful anti-virus software might suffice one business’ security needs; other businesses might require a more sophisticated security solution that comprises protection against malware of all types (malware is the short for “malicious software” and includes viruses, Trojans, worms, spyware, and adware).

Security audits involve a thorough analysis of the systems/network and security practices in order to determine the security solution that would best suit the organization. Security audits involve a lot of tests to identify misconfigurations, firewall vulnerability (e.g. due to exposed workstations), password policy, suitability of current anti-virus software, network component (modems, dial pools etc) vulnerability, vulnerability of web services, mail databases, etc. You must ensure that your security auditors perform all the relevant security tests and give you a complete and comprehensive security solution

Author: Christopher

(No Ratings Yet)

 Loading ...

US Hackers

1. Internet Explorer 6 Buffer Overflow
2. Internet Explorer HTML help Remote Code Execution
3. Internet Explorer redirect to local file
4. SomeFool.p
5. Zone Spoofing

Foreign Hackers

1. HTTP overflow attack
2. Generic File Inclusion
3. WebDAV Overflow Attempt
4. Mambo register_globals Emulation Layer Overwrite
5. phpBB Activity Module File Inclusion

Source: SecureWorks

Author: Christopher

(No Ratings Yet)

 Loading ...

“Dave gets into work after a good night’s sleep. A few hellos later, he is at his workstation. He is the top finance guy and recently got a high speed computer that he uses to conduct various high value financial transactions every day. He also holds critical and confidential information about company’s financial position on his computer. He is generally quite energetic and is known to be very efficient. But today, he seems dull and has missed his status report deadline, which is very unlike him. Missing a deadline annoys him and he appears unusually temperamental and over-stressed today. He screams at his computer. As the day progresses, similar behavior is observed across the office. Some people are even popping pills to beat their headaches.”

This is a typical scenario at an office that is hit by a computer virus which has not been detected yet. And that shows that computer viruses infect humans too (in a way)….Just check what happens next…

“Dave tries to open a couple of files on his computer. But he cannot access them. His computer is too slow. It’s been 7 hours since he got into office and no work has been done yet. IT department has been informed but nothing has been found wrong. There are no back-ups for his file either”

No backups, low detection rate and slow response to virus outbreak. This is a complete lapse of information security and protection.

“The losses are mounting by the minute and it sends a shiver down your spine. You regret the compromise you made in selecting a proper information security solution “

Lesson Learned: ‘Treating Information security as a secondary thing can cost you your business’

Author: Christopher

(No Ratings Yet)

 Loading ...

According to a recent study by Mcafee and NCSA 92% of Americans believe they are protected with Anti-Virus with definitions that have been updated within the last week.   But according to the paper, only 51% had current definitions within the last week.  They also found 36% had a disabled firewall and 45% didn’t have anti-spyware installed, and finally only 12% of Americans had anti-phishing software installed.  Anti-Spam protection came in around 21% of the users sampled.  Overall they mention less than one in four Americans are fully protected against viruses and malware.  Of the people sampled, 87% of them store important personal data like financial information, health records, resumes, and personal emails on these computers.  Yet 88% of those sampled go online for their their bank, stock trading, or personal medical information.

Author: Christopher

(No Ratings Yet)

 Loading ...