If you aren’t using OpenDNS to protect your small business network, now is the time to take the few minutes to set it up. It is well worth the investment, it is free, and it will protect you from any number of issues in the future. And you might get better browsing performance as a result that your users will thank you for.
You can read more of the column that posted this week in PC World here.
I will be doing this webinar tomorrow at 1 pm ET for TechTarget’s SearchSecurity.com web site, you can start at this URL.
I will present ten different ways that a midmarket IT organization can improve its threat management and network security posture. I will review a critical strategy going forward into an economic recession: making only minimum investments in new tools and finding products that don’t require a great deal of increased manpower to implement and manage. The webcast will focus on midmarket IT strategies that either don’t cost a lot of money, or at least provide fast returns on the investments.
I want to review another series of tools that can be useful protection as well: doing whole-disk encryption of your hard drives across your enterprise. The idea that even if your laptop falls into the wrong hands, no one besides yourself will be able to read any of the files stored on it. When you boot your PC, you need to enter a password, otherwise the data in each file is scrambled, and no one else can gain access to your files.
This week I begin a new series of columns for PC World entitled “Net Work” that will focus on practical solutions for networking and communications problems for SMBs. My first piece is about how you can protect your laptop when you travel.
I have had my laptop stolen once, about four years ago, from the trunk of a locked car parked at a shopping mall. You never forget that experience of being violated, of being stupid. There are a lot of ways that you can be proactive here, and you can read the column for more details.
Times are tough for the good guys, but a recession is always an opportunity for criminals. Threats to your sensitive data, your customers and your infrastructure are increasing dramatically, from compromised and malicious Web sites to unhappy employees to poorly controlled partners.
The good news is that you can tighten your security and tighten your belt at the same time. Quick-payoff strategies can help you stay on top of evolving security threats without neglecting your network infrastructure.
There are many clever ways to do this. In this article in this month’s Information Security magazine, I’ll look at 10 steps you can take to improve your threat management posture that require minimum investment, manpower and give you a fast return on your investment.
With all the talk of billions for this program or that in Washington, I thought I would put together my own stimulus package that can help your network run smoother. I don’t know whether $10 billion to buy steel (domestic preferred) for new bridges or $9 billion to put up new rural DSL lines will really be effective (my initial reaction is dubious), but the idea of spending lots of money quickly by our Congress is a scary one. And despite serving on my local school board several years, I am not qualified to run any cabinet department or national office (I have dutifully and fully paid my income taxes and don’t have any dark family embarrassments). But I think I can offer a few ideas for you. So here are a few suggestions that won’t cost (much) dough and could save your own bacon if you are trying to impress the boss that your name doesn’t belong on the cut list quite yet.
First off, do you actually know what kind of traffic is running on your network? Have you looked at your top applications? You would be surprised. At an event that I attended yesterday sponsored by Blue Coat, they talked about how when they did these assessments they always found ten times the number of applications that most IT admins thought they were supporting. That is a factor of ten. The best story was a company that found out that one of its most popular mission critical apps was a home-grown one running on a box under someone’s desk. I am sure this isn’t unique, or even rare. It doesn’t matter what fancy tool you use to do this apps census, and there are many vendors besides Blue Coat who would gladly come in and do one for you (in the hopes that you will eventually buy their gear). But the more that you know, the more you fine tune your network and reduce the traffic from the apps that aren’t business-related.
Second, have you looked at your latency lately? Has someone along the way added a few new router hops somewhere that you didn’t know about? I am amazed that we are still talking about a concept that is decades old and should be better understood. Latency improvements are the best bang for your buck short of hiring a DC lobbyist to get some of that earmark money. And you don’t have to wait for any Congressional action either.
Third, how many people still have admin rights to their own desktop PCs? This makes it impossible to manage these machines, and allows users to install their own apps. Granted, it may be politically difficult to change this policy now, but hey, change is in the air and you might as well start somewhere.
Next, have you looked at your user accounts lately and seen if anyone that you have laid off is still using your network? You would be surprised at how often this happens. At one hospital that I visited, the IT manager told me that an employee who was laid off went home and started using his girlfriend’s login credentials at night. They caught it because the girlfriend was still logged in at the same time at work. And the number of people that I talk to that don’t have regular password change policies, or have the same password for all of their critical servers, is amazingly high. Take the time to get this set up properly. Given the number of layoffs these days, this is probably the biggest thing that you can do to fix your security loopholes that doesn’t even cost you a dime.
I will have lots of other suggestions, if you are interested; check out my article in next week’s Information Security magazine. I will post a link to it here when it goes live. In the meantime, you can post your own network stimulus ideas here if you are feeling a need to share them.
We saw increases in the fourth quarter of 2008 as well as year-over-year for each abuse category that we track. The majority of offenses are cybersquatting – the practice of abusing trademarks within the domain name system – which rose to almost 450,000 incidents in Q4 2008.
You can download the report directly here from MarkMonitor’s Web site.
Accompanying the announcement that more than 150 million people are active on Facebook last week (and even more amazing, that half of them login daily) is a new series of security and legal issues surrounding its use. When exactly is your account compromised by a piece of software that may not be acting in your best interests? Or could it be something that is more sinister, or just human error?
Don’t you pine for those simple days when the line between software and malware was pretty easy to delineate? Consider these news items:
The trouble is that as these attacks proliferate, it gets harder to differentiate them with legit situations where people are just making dumb mistakes. Consider the situation where a new social networking user doesn’t understand the very optional step when he or she signs up and is asked whether or not to send email invitations to their entire address book. In just a few seconds, a simple task of joining the network has turned into an annoying one sending out hundreds of unwanted emails. Sometimes this step isn’t explained well in the sign-up process, or sometimes people aren’t paying attention. Either way, it isn’t malevolent; it is just a stupid user error.
Or take instant messaging, which seems so quaint now that there are lots of other networks out there. Yes, there are malware programs that propagate through IM, and there are security products that protect IM networks too. But nothing can stop human stupidity in how these IM networks are used, particularly if you store your IM login credentials on a family computer that is shared by several people. One of my colleagues has been having IM conversations with the wrong people – some that have gone on for ten or 15 minutes, before he realized he was talking to the intended’s spouse or kids. Why anyone leave his or her IM account wide open in this way is hard to understand. But it points out that just because someone is signed into IM, doesn’t mean that they are there. Remember, on the Internet no one knows that your dog hasn’t logged instead of you.
Then there are sites like omgxd.com that use your login information for IM networks, supposedly to make it easier to connect but in reality spam all of your contacts on your buddy list. Heyxd.com is another one. I have tried to find out whether these two sites are legit or have some sinister purpose. I can’t really tell, but I would recommend steering clear of both of them.
So the next time you get an email or IM or text message asking you to download a greeting card, update your Flash player, or do something else, take a moment to stop and think whether this is a request that you should just hit the delete key and move on. You don’t need to be the latest victim of a new social networking disease.
The key is to understand what needs protection and to find out what’s missing from your existing security strategies and solutions.
As endpoint security technologies continue to proliferate, it can be difficult for IT managers to determine the best course to pursue. Here are some tips from those who have already taken steps to protect their endpoints.
You can read the rest of the story, which appears in this month’s edition of Baseline magazine, here.
A story around the InterWebs today about how a collection of computer researchers have been able to create rogue Web certificates got me interested in one side note of how they did it — using a cluster of 200 Sony PlayStation 3 gaming consoles at a special lab in Switzerland (pictured at left). I have written about this before, how the 9-core processors inside the PS3 can be used for very computationally intensive tasks. Indeed, the researchers said in their paper that if they had used ordinary Intel PCs the task would have taken years to complete rather than the days that it took to construct the rogue cert:
“We have found that one PlayStation 3 game console is equivalent to about 40 modern single core processors. The most computationally intensive part of our method required about 3 days of work with over 200 game consoles, which is equivalent to 32 years of computing on a typical desktop computer.”
You can read a more detailed analysis of what they did here by Rich Mogul.
They aren’t the only ones clustering PS3s. The fastest computer in the world uses a custom collection of Cell processors that IBM put together for one of the US national labs. Granted, this isn’t quite the same thing as going down to BestBuy and picking up a console, but you get the idea that there is now more processing power in the graphics engine than the CPU itself of most modern computers. Given the demands that many video games have on redrawing and rendering, this makes sense.