This type of network threat can even allow an attacker to take control of a victim’s machine and cause it to run slow, lose, or deny connection. An attack-related outage, which can lead to extended downtime for a business, can happen if an infrastructure was not protected ahead of time. With many security reports and findings these days showing a great number of businesses that have experienced some sort of DDoS attack and with indications that continuing threats are on the rise for this year and next, it becomes paramount to come up with a strategy for DDoS protection and mitigation.

These attacks are considered by many to be the greatest threat that businesses normally face in their everyday online activity; preventing the attacks has to be a priority for all companies when considering their online presence and planning their own information systems.

Mitigation Strategy

DDoS attacks take many forms, making it important to understand the different types, like UDP flood and ICMP (Ping) flood to name a few, and the special techniques used by IT and security experts to prevent them.

Possible solutions include use of firewalls and intrusion detection and prevention systems, like one designed to address anomaly-based intrusion and prevention; these may be effective in helping businesses cope with DDoS threats.

Alternately, one can always choose a hosted company specializing in DDOS mitigation. This is a good option for those that do not want to take security matters in their own hands and prefer a cloud-based solution to prevent DDoS attacks. Security is assured through a third-party which obviously helps businesses by tapping into high-end technology without bearing the full costs of it.

DDoS mitigation service providers have the capacity to mitigate these threats, prevent future attacks, and keep network traffic flowing without being interrupted. Outsourcing centers are able to provide the hardware and software, as well as other needed equipment, like load balancers, to prevent DDoS attacks. Moreover, they offer 24/7 real-time protection to detect and address suspicious botnet activity before it disrupts services and wreaks havoc on the business server causing it to overload.  They can monitor and stop acts of countless external communication requests or other mischief to either the network or application layer of one’s network that could take down the entire system or website.

Having knowledge about DDoS and following good security practices to prevent attacks may be not enough to avoid them.  Ddos may also be prevented by increasing bandwidth allocation and considering a third-party load balancing product. One can also choose to install and maintain anti-virus software and use VPN services, switches, and routers as defensive mechanisms to help keep one’s identity and location completely secure.  Other options include separate network services, like those that may be public from private, diverse systems for intranet, extranet and Internet services, or single-purpose servers.

Some companies have already started taking measures to combat the problem of DDoS attacks or at least have prepared solid contingency plans in case they become victim of one. This is a reflection of the ever-increasing concerns of how such acts can be crippling to businesses if one does nothing to prepare and at least know how to stop DDoS attacks.

About the author: George Hillston is professional freelance writer and passionate information security blogger.

Post from: Business Security Information © 2011

Why Businesses Should Be Aware of DDOS Attacks

1. Security concerns

Event log monitoring with a tool that can handle Security Information and Event Management (SIEM) can help you detect security issues before they become incidents.  Event log monitoring can quickly alert you to all kinds of security concerns such as password guessing, people snooping around in data they shouldn’t snoop into, and signs of a compromised system,.

2. Proactive management

One of the best ways to get ahead of things, and to find what needs to be done before failures and outages occur is to perform regular event log monitoring. Your logs have all the information you need, and almost all problems start with events that can be detected long before incidents occur. Event log monitoring is your best way to react before users experience problems.

3. Baselining

Is the Internet slower today? Is that system less responsive than normal? Is there something going on? Event log monitoring is the best way to quickly create accurate baselines of system activities across your network.  Those baselines can then be used to evaluate changes or perceived performance challenges.

4. Spotting trends

You can also use event log monitoring to spot trends, such as load at week’s, month’s, or quarter’s end; or to find changes in network utilization during launches; or after earnings reports are released. All the information needed is in the logs.

5. Forecasting

Do you need to budget for next year’s upgrades? Forecast your storage utilization for next quarter? Prove that there is a surge in user log-ons each day at 8:00 AM? Event log monitoring can help you to forecast your future needs by establishing patterns and providing you with the specific data you need for a particular request.

6. Addressing issues before they become problems

Very few outages just occur. There’s usually a series of events that lead to an outage, and these are easy to spot after the reboot when you go digging through the logs. Of course, event log monitoring can spot those early warning signs so you can address the issue before it becomes the outage.

7. Compliance

Any number of federal regulations and compliance standards require not only that you log, but also that you regularly review those logs. Nothing makes regular reviews easier than event log monitoring, which automates the process and makes it simple to prove compliance.

If you ever want to get out of the non-stop fire-fighting mode and get into proactive management of your systems, event log monitoring is the fastest, easiest, and most affordable way to do so. Deploy event log monitoring in your network today, and you’ll have a much more enjoyable tomorrow.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides network security, content security and messaging solutions. Read a review on GFI EventsManager 2013.  All product and company names herein may be trademarks of their respective owners.

Post from: Business Security Information © 2011

7 Reason Why You Need to Monitor Event Logs

The skyrocketing use of mobile devices among employees has also ushered in new and extraordinary threats to information security. As a result, those organizations that have preventative measures against these risks can enhance employee efficiency and secure a competitive advantage. Within this context, information security refers to protecting both the data storage and data transmission whether it refers to personally identifiable information of employees and customers, corporate data or intellectual property.

Complicating Factors For Information Security

There are many factors that have influenced the implementation of effective information security strategies and policies within an organization. Some of these factors include:

• Diversity of mobile devices as far as divergent operating systems.
• Multiplication of mobile devices and, consequently, difficulty in controlling hardware.
• Use of familiar devices by the employees instead of those offered by the company.
• Frequently upgraded devices to keep up with technology.
• Increase in social networking among employees on their mobile devices.
• Ubiquity of cloud computing.

Security Threats To Mobile Devices

As the number and types of mobile devices increase, so do the attempts to exploit them. Consequently, cyber criminals tend to target mobile devices more than ever before and, unfortunately, with increased efficiency. G Data Security Labs reveals that malware targeting of smart phones and tablets rose by 273% compared to 2011.

Managing Security In A Mobile Workplace

It is true that mobile devices bring substantial hurdles to enterprises. However, these hurdles are not insurmountable, and businesses can still transform information technology to minimize risks for data, networks, and applications while taking advantage of mobility through new governance, support processes, and outstanding IT skills. In order to manage information security in a mobile workplace, businesses should:

• Start by understanding exposure of regulated data, including trade secrets, industrial designs, and patents;
• Be aware of the unique risks that define each business and build a security framework on a platform that caters to those risks;
• Explore how and when employees use technology on and off the job to establish the most appropriate security measures;
• Determine a set of mobile devices that can access the network and prevent the addition of new mobile devices by the employees;
• Create preventive controls to ensure that unproved units cannot access the network;
• Establish the type of corporate information that approved devices can store and also the type of data that can be exchanged between the approved device and the corporate network;
• Determine encryption and authentication security measures to protect data on approved units;
• Establish measures that allow the distinction between corporate and personal information;
• Establish where corporate data is allowed to reside (device, network, cloud, or a combination);
• Assess application and services to determine potential risks so that only approved users can access the network;
• Ensure that cloud and data service providers meet the security requirements;
• Implement mechanisms to enforce the controls and standards.

When a business has finished implementing the proper security strategies and policies, employees need to be made aware and trained in best practices for secure use of mobile devices. Since most technical issues can be overcome through training and knowledge, employee awareness is often the weakest link of mobile security. Employee compliance becomes a crucial element of a successfully implemented security strategy for mobile devices.

About the author: George Hillston is professional freelance writer and passionate information security blogger. To ensure complete security with your business’s confidential information, he recommends Shred-It for all your data destruction needs.

Post from: Business Security Information © 2011

How to Manage Information Security in a Mobile Workplace

Open Internet access for your employees is a wonderful privilege. It can boost morale, improve productivity and provide your users with a sense that they are trusted when you treat them as adults, rather than untrustworthy children. However, truly open and unrestricted Internet access can present significant risks to your users, their workstations and the company’s data. No matter how well-intentioned your users may be, accidents happen. Human error can result in malware infections, data leakage, credential compromise and productivity loss. It is up to you to protect your network from common human errors. Here’s how to do just that:

User Education

The weakest link in your defensive chain is also the one best able to help you protect the company. Your users are the ones surfing the web, reading emails full of links and searching throughout the day. Educating your users about the risks, how to recognize them and what to do when the inevitable human error occurs, is the first and most important thing you can do to protect all concerned.

Antivirus Software

Antivirus software is not a panacea, but it is a critical part of your defense in-depth approach to making Internet access safe. All systems should run antivirus software and the real-time protections should be on. Definitions should be updated regularly and you should implement a web security solution that also scans all downloads to minimize the chance that anything gets through. When you use multiple engines, you greatly improve your chances.

Patches and Updates

Far more systems are compromised due to missing patches than any other reason. Keeping workstations up-to-date and browsers and media players patched helps minimize the number of ways surfing the web can be dangerous. When a user does click somewhere they shouldn’t, an up-to-date system is far less likely to be exploited than one that is out of date.

Email Content Filtering

Clicking links in email or opening infected attachments are human errors that occur daily. Even seasoned sys admins can make these mistakes with surprising regularity. Email content filtering is the best way to stop these sorts of threats before a human has the opportunity to click.

Internet Content Filtering

An Internet security solution can go a very long way towards securing your network against human error, because it can provide so many protections for your users. Databases of compromised websites, sites that do not comply with company policy, and sites with questionable content, can all be screened to prevent users from accidentally visiting them. Malware filtering can add another level of defense against dangerous files and phishing sites can be blocked so that when an email makes it through, your users and your network are still protected.

Internet Usage Monitoring

Sometimes, human error doesn’t jump out at you. It’s more subtle, behind the scenes, and as the phrase suggests, it’s an error, not an intentional deed. Internet usage monitoring can provide aggregate reports of websites and content accessed, so that you can address any issues company-wide, rather than singling someone out. Of course, when the situation calls for it, you can also drill down to the specific user.

Monitoring Internet usage doesn’t mean you have to be Big Brother, or even that you must review individual’s activities. Using a web security application to automatically block compromised websites and those that are counter to company policy, to scan all downloads for malware, and to safeguard users from phishing sites, makes this job easy and respects users and their privacy.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about why you need Internet monitoring software.

All product and company names herein may be trademarks of their respective owners.

Post from: Business Security Information © 2011

How to Protect Your Network from Human Errors

How? Read on to discover five great benefits that this solution can offer.

 1) A fast setup

Cloud-based solutions only require the deployment of an agent on each workstation or server to be up and running. This takes just a few minutes and there is no user downtime during the setup process. Best of all, you won’t need to worry about software compatibility or vulnerabilities, or even hardware installations, that often plague new deployments.

2) Does not put a strain on budgets

A good cloud-based remote server monitoring solutions allow you to add in servers and workstations based on a low cost subscription model. This means your budgets won’t be eaten up by unnecessary software licensing costs, or hardware purchases. Even better, cloud-based solutions remove complexity so you won’t need expensive, highly specialized IT administrators to dedicate their time to it.

3) Check in wherever you are

Whether you are out on the road, at a client’s site, or on your daily commute, you can keep your finger on the pulse of your network. You can be notified of specific events by email, or even by text message to your mobile phone. Then, cloud-based remote server monitoring solutions allow you to log in to a web-based management console and view real-time statistics about your network at a glance. You can even view this on your phone, allowing you to stay in the loop wherever you are.

4) An extra pair of hands

While cloud-based solutions allow you to log in to a management console from wherever you are, good remote server monitoring solutions can also perform remedial actions without administrator intervention. It thus provides you with an extra pair of hands, taking corrective action automatically. This saves you time and can often cut down incoming support calls.

5) Easy maintenance

Updates and upgrades are immediately deployed from a central location to each server and workstation connected to the cloud-based service. That means IT administrators do not have to visit each computer to check and monitor for this. Cloud-based solutions also have the advantage of being able to do this without any worries about compatibility, dependencies or conflicts.

As can be seen from the above, remote server monitoring – and especially cloud-based solutions – offers busy system administrators many benefits, allowing you to save time and relieve some of the pressure on your IT department. Also, system administrators can attend to tasks even while they are out of the office, giving them some measure of freedom, while enabling organizations to enjoy smooth running networks.

About the Author: This guest post was provided by Jeff Smith on behalf of GFI Software Ltd.

Get your free eBook for more expert insights on remote server monitoring here: http://landnsmcd.gficloud.com/ebook-download-cloud-network-monitoring/.

All product and company names herein may be trademarks of their respective owners.

Post from: Business Security Information © 2011

The 5 Benefits of Remote Server Monitoring

Back when I first heard about GFI LanGuard, it was just a vulnerability scanner. While it is still a vulnerability scanner for networks and network devices, today it can do so much more.  Let’s look at some of the current features.

GFI LanGuard Features

The best feature of GFI LanGuard is still it’s vulnerability scanner:

• Scans your network by IP address looking for security issues.  LanGuard will use a list of over 45,000 different security vulnerabilities to scan all computers and servers (as well as routers, network printers, and other types of devices) on your network, including Windows, Mac, Unix, and Linux systems.  In addition, it will also detect virtual machines running on the network.
• Will detect outdated anti-virus and anti-spyware definition files for a variety of software during the scanning phase.  It will not detect outdated definition files for every type of anti-virus and anti-spyware software, but it covers a lot of them.
• Can check the password policy while scanning systems on your network.
• Will look for software applications that run automatically – a key sign of a possible trojan running on a system.

GFI LanGuard will also assist with remediation of security issues with a built-in patch management system:

• Assists with patch management for Microsoft Windows as well as non-Microsoft software and third-party software applications.  In addition, GFI LanGuard will allow IT to upgrade to the newest version of some software such as the newest version of Adobe Flash or the newest version of a web browser.
• Able to remove unauthorized software applications.
• Able to remote into a computer to fix security issues that cannot be fixed automatically by GFI LanGuard.  Even though I did not try the remote feature, looking at GFI Languard as well as all the documentation, I am presuming it is available when an agent is being used on the remote machine.

Agent or Agent-less Vulnerability Scans

With GFI LanGuard, you can choose to use agents on the devices to be scanned or you can run the scan agent-less.  Agents can only be deployed on Microsoft Windows systems.  Non-Microsoft systems must be scanned using agent-less scans.  One nice feature, though, is that you do not need to install the agent software on each Microsoft system locally (meaning when you are sitting in front of the machine).  GFI LanGuard allows the agent software to be installed on a Microsoft machine as long as it is reachable from the machine on which you are running GFI LanGuard.

The advantage of running GFI LanGuard without any agents is that you can scan any type of device on the network, not just Microsoft Windows machines.  In addition, with no agent running on the client machine, no hardware resources will be used, and, in turn, no performance issues will be noticed by someone using the client machine.

When an agent is used, there is better performance (meaning the scan won’t take as long) because the scanning is shared between the machine that is running GFI LanGuard and the client machine.  The agent setup works on networks where there is lower bandwidth which would slow down the scan if the machine that is running GFI LanGuard is doing all the work and sending more data to the client machine.

The most noticeable advantage to using agents is that accuracy of the information received from the scan will be better because access to the client machine is greater than if a more passive (agent-less) scan is performed.  Unfortunately, agents can only be used on Microsoft Window machines.  Depending on the type of network you are scanning, this could be a problem since not all networks are one hundred percent Windows-based.

GFI LanGuard Conclusions

Overall, I like the features offered by GFI LanGuard and believe it can be a good fit for a variety of business types and sizes.  In addition, the documentation that comes with the product is thorough and covers how to install, set up, use, and modify the software.  Do make sure you read the documentation if you decide to give GFI LanGuard a try because it will save you a lot of headaches.

Also, pay attention to the recommended hardware requirements for not only the machine that you will be using to run GFI LanGuard but also the machines that you plan on installing a software agent on.  Pay close attention to this, and again it will save you a lot of headaches.  Software restrictions are simple, whatever machine you will run GFI LanGuard on as well as the machines you will use a software agent on will need to be running Microsoft Windows. Both hardware and software requirements are clearly noted in the documentation.

While the default setting for the number of scans is three IP addresses simultaneously, the setting can be changed to a maximum of ten.  Make sure your hardware is up to the task before increasing the number of IP’s scanned at one time.

GFI LanGuard requires the use of a database and comes with the Microsoft Access Database. It is noted in documentation, however, that larger businesses such as ones that will be scanning over 250 IP addresses will need to have Microsoft SQL Server database – a separate expense for a business if they do not already have this database product.  The default Microsoft Access Database should be adequate for  most small and medium-sized businesses.

Being a Linux user, I would like to see GFI LanGuard be improved to run on more than just Microsoft machines. I would also prefer it to be used with databases other than just Microsoft products, whether that be open-source databases or other paid products.  These two changes would allow businesses to use GFI LanGuard no matter what they are currently running in their IT environment.

I like this product and think most customers will be satisfied with GFI LanGuard once they have it up and running.  As with the use of any new piece of software, though, there is a learning curve.  Give it a try, and let me know what you think.  Feel free to leave comments about your experience with GFI LanGuard.

Post from: Business Security Information © 2011

GFI LanGuard – Vulnerability Scanner and More

In most cases, I install and test the software that I review, but this time it was not possible because of the limitations of my current test network.  This review is based on reviewing the features of the product.

As in the older version, GFI WebMonitor comes in three editions:

• WebFilter Edition – Allows the business to control employees’ internet access by  blocking certain categories of websites or specific URL’s.  Can also control internet access based on time and bandwidth usage.
• WebSecurity Edition – Capable of controlling downloads and scans for viruses using a variety of anti-virus engines.  Also has anti-phishing protection and can control the use of most IM (instant message) clients.
• Unified Protection Edition – A combined edition with features of both the WebFilter and WebSecurity Editions.

Installation Requirements

GFI WebMonitor can now be installed in three modes.  As before, the software can be installed either on a company’s internet gateway server (Gateway Mode) or as a simple proxy server (Simple Proxy Mode).  The third way of installing GFI WebMonitor is with the use of a dedicated plug-in for Mircosoft ISA /TMG Server.

System requirements vary depending on which installation mode you choose to use.  Supported operating systems include Windows Server 2003, Windows Server 2008, Windows XP with at least SP2, Windows Vista, and Windows 7.  I would suggest that you follow at least the recommended  system requirements (especially when using it in a choke point such as a internet gateway) so there is less chance of your internet access or network slowing down.   Because GFI WebMonitor must scan and inspect all HTTP traffic, a lower end server or gateway can cause network speeds to suffer.

Please note:  a small business using a home network setup with no server and using basic residential grade routers would need to invest in additional hardware before using software such as GFI WebMonitor.  Look closely at the requirements laid out in the downloadable manuals prior to investing in GFI WebMonitor or any software similar to it.

Before trying GFI WebMonitor, and definitely before installing and configuring it, read the Getting Started Guide and the Administration Guides.  The manuals are well-written and provide a wealth of information beyond the marketing information provided on the main GFI site.  You can download the manuals from the GFI WebMonitor page.

GFI WebMonitor Overview

Since there are three editions of GFI WebMonitor, make sure you have determined the needs of your company prior to choosing which one to install.  The edition you choose will depend on your business needs and what you want to accomplish with this security solution.  Look at the detailed descriptions for each edition prior to either trying a free trial of the software or purchasing this security solution.

The look and layout of the software are some of the improvements made to the 2012 edition of WebMonitor.  According to GFI, the software layout has been completely redesigned to include what they call smart dashboards, new policy screens, and a better report generating engine.

Smart dashboards allow others outside the IT department to generate and view reports.  These smart dashboards include the following:

Activity Dashboard – Provides information and reports related to what categories and websites have resulted in the most losses in productivity.  It will identify users who are browsing non-productive websites as well as inappropriate websites.  You can also rank users based on browsing activity and generate a variety of other reports related to internet usage activity.
Bandwidth Dashboard – Users will be able to see reports related to download and upload volumes.  This includes identifying particular websites and website categories that are contributing to the highest bandwidth usage.  The dashboard will also reveal peak bandwidth consumption days, users using the most bandwidth, and other related bandwidth information.
Real-time Traffic Dashboard – Displays real-time data related to internet usage such as which categories, websites, and/or users that are causing problems at a given moment in time.  This dashboard also allows the business to monitor and cut off internet connections that are causing issues.

In this newer version of GFI WebMonitor, policy screens provide one central interface to create and implement internet usage policies.  Policy management is now grouped by needs and/or functions such as security, productivity loss, bandwidth issues, and download issues.

The new report generator is more robust than the previous version of GFI WebMonitor.  Reports can be generated right from the main interface and can be narrowed down by department, website category, browsing activity, bandwidth issues, or security/download issues.  The software can also be configured to contact the correct person or department when certain issues occur.  These alerts can be sent to specific individuals as soon as an issue arises. Finally, the WebFilter edition can monitor what employees are searching for using most major search engines.

The Unified Protection edition has the capabilities of both the WebFilter and WebSecurity edition.  I would recommend that businesses who really want to protect their information and network using a tool such as GFI WebMonitor spend the extra money and implement the Unified Protection solution. By using the combined edition, you won’t have to spend extra money and/or time implementing a separate solution to cover either the web filtering or the anti-virus capabilities of GFI WebMonitor.

Since the review of the older edition of GFI WebMonitor, it now appears that filtering of HTTPS traffic in all three editions has improved.  According to the documentation, the new editions decrypt all HTTPS traffic as well as re-encrypt the traffic after inspection. This is accomplished by creating a new certificate in GFI WebMonitor or by importing an existing certificate.

GFI WebMonitor is a subscription-based product with which you can purchase licenses according to the number of seats (the number of users or IP’s) needed.  There is general pricing information available on the GFI WebMonitor for each edition available.

Conclusions

I liked GFI WebMonitor when I reviewed it back in 2010, but it appears that they have now refined the product further giving the user a simpler and more understandable interface with the necessary information to identify and handle issues more easily.  Remember, as with any similar type of product, this software must be set up and then continually monitored using the dashboards and report engines to be effective.

In my opinion, GFI WebMonitor is geared more toward small and medium-sized businesses with the right IT capabilities.  GFI WebMonitor requires network and system requirements that most small businesses may not have or wish to have.  Make sure you have the recommended requirements for this product prior to purchasing  it.  There is a free 30-day trial with GFI products so I would recommend trying it before purchasing to make sure it gives you the solution you are looking for and that your network/systems  are capable of running GFI WebMonitor.

Post from: Business Security Information © 2011

GFI WebMonitor 2012 Review

There are several advantages to using web filtering solutions like Rawstream.  Web filtering can help businesses block the use of unwanted websites as well as monitor the use of their business’ internet connection and reduce bandwidth usage.  Depending on the type of business, web filtering can also help with regulatory requirements.  Company production can increase when employees are not wasting time on websites that have no business value.

Rawstream Setup

When I registered to receive Rawstream for a trial period for the purpose of this review, I was led  through a four-step setup process.  From this process, I came to several conclusions.  First, since it is currently only available in beta, there will likely be changes made to the product in the future.  Secondly, although this web filtering solution is geared to small and medium-sized businesses, some of the configuration components in the four-step process will be beyond the technical abilities of businesses that do not have tech people on their staff.  Solutions like this should be as simple as possible for the customer to install themselves.

At this time, Rawstream is based on the use of their DNS servers so businesses will need to either configure their gateway routers or individual computers.  Also, depending on whether a business has a static  or dynamic IP will determine how Rawstream will have to be set up to filter your business internet traffic.  If the internet service provider that is used by the business does not force the use of their own DNS servers, it is a simple process of making changes to the DNS servers used by the gateway router.  I say simple from the tech perspective, but this may still be an issue for some small and medium-sized businesses.  Any time changes are made on the router, technical assistance may be required unless the internet service provider  provides a dynamic IP.   This then requires the configuration of each individual computer using either the Windows agent or the Windows VB Script depending on the version of Windows and the .NET framework  installed on the computer.

Although the Windows agent does not appear to be too difficult to set up, the Windows VB Script is more technical than most small and medium-sized businesses can handle on their own.  I think the use of one Windows Agent that can be installed on any Windows computer would be the easiest for most businesses to set up.  Rawstream does not provide an agent to configure Mac’s -  a feature that the company should consider adding in the future .

In my opinion, Rawstream contains too many setup methods for a small or medium-sized business to choose from.  It would be easy for any business to get confused on what method to use and end up getting frustrated with the configuration process if things did not work the first time around.  The Rawstream configuration documentation and setup process states many times “depending on your network” which can be confusing if the business is not technically savvy.

Conclusions

In the end, I would say Rawstream’s setup process should be simplified for the small or medium-sized business to configure their hardware whether they have a gateway router, firewall, or individual computers.  Secondly, if individual computers must be configured due to the network setup, I would recommend the use of a Windows and Mac agent that can easily be installed and configured (drop the use of the VB Script agent process).  Lastly, as the product continues to be developed, the documentation should improve to make it is easier for customers to understand the different configuration methods for their individual network setups.  As it is now, customers without a tech background may find the process confusing and frustrating.

When a web filtering solution is needed, cloud web filtering will work well for most small and medium-sized businesses.  Keep an eye on Rawstream – I think as it develops, it will become a good business solution.  Also, as an added incentive to try it, signing up to be a beta tester for the product now enters you to win a $1000 Amazon voucher.

Post from: Business Security Information © 2011

Rawstream – Cloud Web Filtering Review

When it comes to plugging your business in to the outside world, you should have controls in place for every service you use, because each service has its own individual security issues.  Perhaps one of the most important items you should have in place is good web security.  What exactly does “good Web security” mean?  To make life simple we have listed the three pillars of good web security below to ensure your organization stays safe when it is connected to the internet.

Bandwidth usage

Security is not just about ensuring you stop the bad stuff; it’s also about ensuring that all your services operate efficiently.  Employees that abuse their internet privileges can cause as much havoc as a denial of service attack due to the excessive consumption of bandwidth, leaving vital company services unable to keep up with their own requirements.

File transfers

At some point your users will download an application.  This doesn’t need to be a malicious file.  Users can download freeware applications that help them do their job; they download updates for existing software; they also download trial versions of software they might want to test out.

Every single file transferred on to your network is a security risk, even if that file is legitimate.  No matter how reputable an application is, a user might still inadvertently download an infected version created by malicious attackers.  Reputable sites might even be compromised by hackers and be delivering infected files, rather than the legitimate applications users think they are downloading.  In short, scan every single file that is downloaded and ensure each one is safe before allowing it onto your network.

Monitor websites visited

Having a usage policy is important, but that alone is not enough.  You also need to have controls in place to ensure that your policy is enforced.  Users can visit disreputable websites, either inadvertently while browsing, or perhaps because they have been redirected from a more reputable site.  By using a good web security system, you can ensure that every web request is checked prior to serving it back to the user.  This can help your users avoid malicious sites, as well as phishing websites that are equally hazardous.

The three pillars of web security mentioned above have multiple aspects and are vast subjects in themselves.  Their encompassing nature means that they may require more than one control to be covered effectively.  As long as you consider the risks that each one brings, and ensure your web security systems adequately covers as many of these risks as possible, then you should be on the right track.  This will help keep your business free of the issues that come with enjoying and making full use of all the advantages the web offers.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd.  GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on what your web security solution should include.

All product and company names herein may be trademarks of their respective owners.

Post from: Business Security Information © 2011

Is Your Business Secure?

Patching your network and deploying a good antivirus solution is a good start, but unfortunately it is not good enough.  For example, a system could be compromised and the problem remains unresolved even after the system has been patched and every effort made to prevent viruses entering the network.

Moreover, there are other issues, better known as vulnerabilities, which are quite critical and can only be detected using a vulnerability scanner.

This doesn’t mean that you cannot address vulnerabilities without a vulnerability scanner, but the bottom-line is that it will prove costly in terms of time, and you will continue to run the risk of failing to identify some of them.

What are these vulnerabilities?

There are different types of vulnerabilities. Here are a few of the main categories:

• Bad configurations
• Vulnerabilities in various software running on the network
• Unnecessary services running
• Unused user accounts and unused groups
• Exploitable services
• Dangerous information disclosed by services such as version numbers
• Unsecure system policies
• Open shares
• Dangerous applications installed on the network.

Keeping up with the changing landscape:

Vulnerabilities in software, exploitable services, dangerous applications and bad configurations, are constantly changing.  What today might be considered as a safe configuration, can tomorrow be exploited by a clever hacker who figures out how to subvert its integrity.

This is where the power of a vulnerability scanner becomes clear.  Instead of spending countless hours browsing software vendor sites for updates on vulnerabilities, you can use specialized software do the job for you.

When new vulnerabilities are discovered, a vulnerability scanner is automatically updated with these new rules and will tell you if the newly-discovered vulnerabilities are found on your network. Such information can be critical and time-saving.

Staying in the loop and being proactive:

Unnecessary services, inactive user accounts, open shares, and regular applications are all potential security risks.  A good vulnerability scanner will constantly keep tabs on changes to the network and alert you as when new services, applications or other unauthorized changes are detected.

Being notified of new potential security risks, such as the installation of unauthorized applications, can enable an administrator to proactively take corrective action before malicious attackers get the chance to exploit these applications through known vulnerabilities.

A good vulnerability scanner performs many administrator tasks, especially when it comes to identifying potential security risks on the network.  By automating certain routine tasks, a vulnerability scanner can identify potential issues much faster than a diligent administrator can.  Better still, it frees your time to work on more productive tasks.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

All product and company names herein may be trademarks of their respective owners.

Post from: Business Security Information © 2011

Vulnerability Scanners: The Secret to a Safe Network