Archive for the ‘Technology Advice’ Category

What happens when your upgrade your computers, replace broken computers, or decide to get rid of any outdated data devices such as disk drives or PDAs? How do you dispose of them? Are your practices ensuring that data is destroyed?

NetworkWorld has published a piece on how to properly handle end-of-life IT assets. Their article indicates that many companies do not know what to do with their outdated equipment and, as a result, often place those items into storage. However, this does pose a security risk if data has not been wiped and can be quite costly given the continued cost of software licenses and the lost resale value of that equipment.

In an age where environmentally friendly disposal is encouraged, companies have their choice between recycling or refurbishment and resale. The latter now being encouraged in order to get still-viable equipment into the hands of those who need it.

An asset recovery provider can help you handle the disposal process, including data destruction, refurbishment and resale. The article provides a set of questions that you could ask potential IT asset recovery companies, to know if they are qualified to manage your assets. Such companies should, for example, be able to deal with equipment of varying ages. You should ensure they can wipe your data, and can confirm it with forensic analysis; any data that cannot be erased should be destroyed. The company should be able to refurbish your computers for maximum return and should provide you with the reporting you need for a proper IT asset audit trail.

Tags: it assets, it asset recovery companies, it disposal, computer disposal, refurbishment, recycling, it security, data security

The Virtual Hosting Blog created a list of resources a while back that I’ve been meaning to share. They provide 12 Resources to test your PC weaknesses – a list of tools to help you identify (and sometimes fix) system vulnerabilities.

The list includes:

1. Audit My PC helps you find free security tests
2. Qualys FreeScan checks server weaknesses
3. Proxy Way looks at your privacy settings and how much of your information can be accessed online
4. Test My Firewall advice on web security
5. Hijack This searches your system for hackers
6. GFI Email Security Testing Zone tests your email security against viral threats
7. WindowSecurity.com works as per #6
8. The PCman Website Virus Test plants a fake virus to gauge your computer’s ability to notice real viruses
9. Sophos Threat Detection Test tests your anti-virus software strength
10. Symantec Security Check free security scan and virus detection test
11. Nmap (Network Mapper) audits security on large networks
12. PC Security Test 2007 scans for viruses, spyware, and hacking threats

Continue reading the details of this list here.

Tags: security, computer security, pc security, it security, vulnerability check

Here is another great list of back-to-school technology essentials for high school or college students. The Vancouver Sun’s top 10 list of techno-savvy gear includes:

1. Laptop computer – as low as $399. Back-to-school bundles often include extra software or price reductions.
2. Software – A good Office set, anti-virus (set to auto-update), locking cables, and a product such as Absolute’s Lojack
3. Printer – consider just black & white to save on ink costs
4. Communications – cell phone, Skype account
5. Music & Entertainment – iPod with speakers
6. Memory Drives – flash drives.
7. Backpacks – suited for laptops
8. Camera – to capture memories of a once-in-a-lifetime school experience
9. Flat-Panel Monitor – can double as a tv
10. Extras – wireless mouse, keyboard

All of this technology should come with security education. It is important to teach teens about Internet Safety, about protecting personally identifiable information, and preventing laptop theft.

Tags: technology, student technology, school, back to school

Portable data devices – from laptops to flash drives – pose one of the greatest threats to data security. These devices are stolen or are known to go missing on an all too frequent basis.

Security Policies often focus on the issue of laptop security, but with software to assist with this concern (including Absolute’s products) it is often flash drives that get missed.

The first step that every security policy should address is a clear definition of what data can be accessed & removed from a company network and what cannot.  Given the prevalence of security breaches caused by portable data devices, perhaps the appropriate use of laptops and flash drives is a logical second step. Regardless of where these policies start, it is important to remember that policy alone is not a strong enough safeguard against data loss.   

A new physical safeguard has come on the market in the form of the IronKey hardware-encrypted USB flash drive. The IronKey is designed to be the most secure flash drive on the market. It uses military-grade hardware-based encryption and the encryption keys are stored on the drive itself. In order to access and decrypt files, a password is required alongside the encryption keys.

The IronKey has a built in back-up against theft. If the password is incorrectly entered 10 times, the IronKey will internally self-destruct and completely erase everything on the drive.

In addition to this, the IronKey website can provide secure web browsing. When logged in – via the password and plugged-in USB device – the service turns FireFox into a malware-protected application.

IronKey’s hardware-encrypted flash drives and online protection services are ideal for companies who want to secure their endpoints and protect their data from leaking into the hands of unauthorized people. Equip your employees, sales people and your best customers and partners with IronKey devices, and enjoy the peace of mind that always-on hardware encryption can bring. – IronKey Enterprise

IronKey is $79 for 1GB and $149 for 4GB.

Via gizmodo ; Tags: ironkey, usb, flash drive, usb flash drive, flash, encrypted flash drive, data security, it security, business security

CA Security has released a new report exposing the risk of identity theft for Gamers. Online games often have their own form of virtual money, which can equate to real cash. This puts online gamers at risk, as online gaming accounts/identities will become as profitable as a real bank account.

The report indicates that online gaming is becoming as risky as online banking, and that identity theft and malware exploits are going to be increasing in this area. The second most common malware of 2007 was designed to steal gaming passwords. Character identities and virtual money are sold in underground websites - websites that rival the same marketplace behaviors as standard identity theft rings.

Social networks, of which gaming sites are included alongside others such as Facebook and MySpace, are large security risks because of their design. They are subject to the same weaknesses as websites, but with greater ease. Malicious code can easily be inserted into web pages – which any user can create – and the interconnectedness of social networking sites will spread it very quickly.

The report recommends, in addition to standard security measures, to set up your personal firewall for safer online gaming, use an anti-phishing toolbar, and to avoid use of peer-to-peer networks.

You can download the full report, which covers Internet Threats of various sorts, here [PDF].

Via Smarthouse Tags: id theft, identity theft, online gaming, online gamers, online games, online security, computer security, identity security

We recently referenced an education technology piece on Absolute’s website, and I wanted to highlight it over here. The article by Westchester1 is called “High Tech Checklist for A-plus Students” and covers all the latest back-to-school technology for high school and college students – and what you need to keep it all safe.

All the latest technology (and what you need to protect it) for back-to-school:

1. Laptop Computer - for homework, research, and social networking.
   • Laptop Tracking & Recovery Software - such as Absolute’s LoJack for Laptops
   • Security Software & Hardware – includes the other basics like anti-virus, anti-spyware, encryption and firewall software, and a good cable lock
2. MP3 Player - one with good audio recording for recording lectures. Effective learning is both visual and aural.
   • Protective Materials - a case, screen protectors, & ID tags (or engraving)
3. Portable Gaming - for play and multi-purpose applications including Internet access
   • Lock it up – keep it in a locker, even in your dorm room. Out of sight is a plus, locked is a preference.
4. Cell Phone - one complete with a camera phone or video capabilities. Get a good data plan. Communication is vital to social learning, and for families too.
   • Protect it - most people overlook this. You can password-protect your address book or other personal information & pictures. Consider a replacement policy if the phone is lost or stolen.

Via Westchester1 Tags: back to school, technology, school, education technology, kids technology

Intel decided to lighten things up with a new music video comparing software and hardware in IT Security. Directed by Christopher Guest, starring Dan Finnerty and Rob Giles.

The video was created as a part of Intel’s “IT Gets Easier” campaign.

Tags: intel, set it managers free, intel ad, intel music video, it managers, it security, security, it gets easier

Cisco Systems, EMC and Microsoft announced the formation of a consortium yesterday to help the government develop ways to more efficiently and securely share information. The Secure Information Sharing Infrastructure (SISA) is the venture which will provide services and technology to the Federal government and, eventually, the private sector.

The Secure Information Sharing Architecture (SISA) breaks through information-sharing barriers with a COTS solution that allows agencies to communicate and collaborate while protecting sensitive internal content. It enables government to consolidate disparate systems and networks into a cost-effective infrastructure to help secure, govern, and accelerate the distribution of mission-critical knowledge.

SISA combines products from Cisco, EMC, and Microsoft with best-of-breed solutions from Liquid Machines, Swan Island Networks, and Titus Labs to address the urgent need for sharing sensitive materials across organizational, IT, and jurisdictional boundaries. With SISA, organizations can participate with confidence in communities of trust because they have the controls they need to precisely govern how their information is accessed and used.

SISA lets information owners determine how, when, where, and with whom they will share their materials – according to the requirements of the mission, not the constraints of technology or resources.

SISA was created in response to the need for sharing information – a need which is often at odds with security. Each of the vendors was hired separately by various agencies of the government to address the same repeated issues. SISA forms a more unified – and therefore more solid and cost effective – approach to the issues.

The three vendors teamed up in order to provide the best possible data sharing solution. SISA will provide the products, leaving agencies to security policy planning rather than implementation. The alliance already includes other partners; Liquid Machines, Swan Island Networks and Titus Labs, and the list of members is expected to grow.

Grace Mastalli, Homeland Security’s former director of information sharing and collaboration, told InformationWeek that SISA will provide infrastructure the government has been talking about for many years, but has been unable to create on their own.

SISA services will initially includes 4 areas:

1. Access protection – secure network connections and identity management
2. Content protection – controlling access to information
3. Data protection – securing information
4. “Watchdog” services – system performance and data flow

Visit the SISA site to read examples of how SISA works.

Via InterGovWorld & InformationWeek Tags: sisa, it, microsoft, cisco, emc, security, government security, data sharing, it, government it

According to a report from RSA, more companies are using wireless encryption software or the Wireless Encryption Protocol (WEP). This means that, overall, there are fewer “open access points” through which unauthorized data access can occur.

According to the report, business use of wireless access points has been increasing, and so too has their protection. In London, where business wireless access points grew by 180% over 1996, the encryption of access points improved from 74% to 81%. In NY, the improvement rose from 75% to 76%. In all cities, there was also a rise in advanced encryption use.

One must consider, however, that 20-25% of companies are still completely unprotected. In major cities such as London and New York, this poses a significant threat to many large corporations.

Despite the use of encryption, many businesses are leaving themselves open to attack by using the default out-of-the-box settings. In London, this rose from 22% to 30%.

“Often times the people putting these things up are not very sophisticated about managing security, that’s why you see so many access points with out-of-the-box settings, people broadcast the SSID without knowing the implications,” he said. “However, as we have learned in other areas of security, it will likely only take a few high-profile incidents where wireless is the entry point to convince some of the less sophisticated users to get savvier about protecting themselves.”

RSA notes also that Wifi hotspots are posing a greater threat, as hackers are taking advantage of business users who neglect to protect their logon information in unsecured settings. Additionally, with widespread adoption of wireless technology, unprotected business networks are mistakenly or intentionally being used as public hotspots.

Via zero day Tags: encryption, encryption technology, wireless encryption, wep, wifi hotspots, business wireless networks, wireless, wireless networks, business security, it security

A survey conducted by Application Security and the Ponemon Institute was released this week at the Gartner IT Security Summit.  The survey reveals that 40% of companies are not monitoring their databases for suspicious activity which places them at high risk for data breaches and identity theft.

According to the survey of 649 IT professionals (60% in CIO or CTO positions), 78% of respondents say their databases are critical or important to their business and contain customer data. IT professionals are increasingly strained by the demands for data and the threat of data breaches. On the one hand, data must be protected from external and internal threats and on the other hand, there is greater demand to this data to make business decisions.

With more than 50% of these organizations managing 500 or more databases, the number of companies not effectively monitoring their databases is staggering at a whopping 40%.

Some of the key problems facing respondents are the sheer number of databases being used and the difficulty of knowing where those databases are and what is in them…

According to Weiss, locating all of an organization’s databases is just one-fourth of the battle. Corporations need to prioritize which databases need to be addressed first, re-mediate any vulnerabilities or security issues and monitor databases for suspicious activity, he said. [eWeek]

As previous posts on this blog have indicated, “people” are the biggest concern IT professionals have when it comes to data security. 57% of respondents say they have inadequate protection against malicious insiders and 55% are not protected against data loss caused by insiders.

In general, only 45% of IT professionals felt adequately protected against data loss.

In addition, the survey indicates that companies are more concerned about securing their own data (intellectual property and confidential business information) than they are about securing their customers’ data.

Via InformationWeek & eWeek Tags: database security, data security, it security, data breach, data loss, data security, data protection