Brandjacking Big Pharma for MarkMonitor

I helped write this white paper for MarkMonitor which looks at what they call “brandjacking” or using the Internet to hijack well-known brands for criminal uses. My focus for this report is on pharmaceutical brands. MarkMonitor identified the potential threats to the world’s strongest brands and tracked millions of emails and billions of web pages to determine that exploits of all types are increasing, and some such as domain kiting have more than tripled since earlier this year.

As long as consumers are motivated to shop for cheap drugs, unscrupulous online pharmacies will continue to proliferate and take their money, risking consumer health and financial well-being. Overall, brand abuse is increasing, but more important than the sheer volume is the rise in the level of sophistication and the use of best practices by online criminals and fraudsters. Along with the increasing complexity of attacks is a continued increase in the number of phishing attempts, the number of brands targeted and use of multiple attacks from single domains.

You can download my repor tfor MarkMonitor here.

Tapping the Wireless Healthcare Opportunity

There has never been a better time than now to deploy wireless access in the healthcare industry. Technologies have matured, carriers are motivated to entice mobile-dependent hospital workforce with better deals, and demand to cut the cord is high. Hospitals have traditionally have been slow to invest in a wired network infrastructure, making wireless a more compelling proposition as they try to catch up and deploy new applications.

Deploying wireless healthcare solutions will require understanding several different aspects of technology, applications, and usage patterns before it can become a success. While none of these issues are showstoppers, taken together they can be vexing for even the smallest wireless rollout in a hospital.

In a white paper I contributed to, Jeff Kunst at MobileAccess talks about these issues in more detail.

How Network Forensics Can Help Human Resource Compliance

Something wrong is happening on your network. Call it human nature or simply a few bad apples, but unless your organization is miraculously different from all others, someone is leaking information, someone else is dabbling in porn, and someone else is probably doing a handsome business on eBay—on one of your servers.

Your organization has policies about this—and your industry may have regulations that pertain, as well. You need to ensure these policies are complied with—or you need to collect evidence to take action when they’re not.

When you suspect something is wrong, do you have the means to conduct an investigation? How do you collect evidence—digital evidence—when there are so many channels of communication (email, Web mail, IM, etc.), and so many places to look on your network?

I review these and other issues for a white paper for WildPackets.

Enterprise Printer Fleet Monitoring

Keeping track of an entire collection of printers across an enterprise is still more of an art than a science. Various printer fleet-monitoring tools are available from most of the major printer vendors, including HP’s Web JetAdmin, Toshiba’s Encompass and Xerox’s Office Document Assessment. These tools are useful for IT administrators with relatively single-vendor, homogeneous printer populations, but are not very helpful for printer VARs that want to monitor a mixture of vendor products and keep track of the different printer portfolios at multiple clients.

You can download the white paper, which I wrote for Synnex, here.

Controlling network access and endpoints

As more enterprise computing users become mobile, the chances that one of these laptops will become infected when off your enterprise network becomes more likely. And while many corporate IT departments attempt to secure their laptops with anti-virus and personal firewall software, these defenses aren’t enough to keep up with the malicious software attacks that course through the Internet on an hourly basis.

So what can an IT manager do to protect their endpoint PCs? This white paper from the Trusted Computing Group (TCG) will review what options exist, show you what endpoint security does and doesn’t do, and how it fits into your existing network security solutions.

Stopping Rootkits at the Network Edge

Keeping remote users’ laptops healthy is not an easy task these days. Infections are everywhere, and once these PCs leave the shelter of an enterprise network, they can easily get filled with rootkits, trojan horses, spyware, and viruses. Of the many types of infection, rootkits are the most troubling.

In this white paper for the Trusted Computing Group, I explain what rootkits are, how they do their dirty work, and ways that the TCG is working on stopping them using a variety of developer’s tools.

Anatomy of a Web hack, SQL Injection edition

While there are many Web hacking exploits, none are as simple or as potentially destructive as what is known as SQL injection. This isn’t something new, but what is new is how frequent this attack happens, and how easy you can protect your network with relatively little effort and cost.

The problem is that Web developers tend to think that database queries are coming from a trusted source, namely the database server itself. But that isn’t always the case, and a hacker or even a casual browser can often take control over the Web server by entering commands that appear to be valid SQL commands in the right places. The trick is finding the right places.

In a white paper that I wrote for Breach Security, I show you exactly how easy this exploit is. You don’t need any specialized tools other than a Web browser, and you don’t need any specialized skills either. It doesn’t take much time, and the payoffs could be huge: an intruder could easily obtain a copy of your most sensitive data in about the time it takes to read through this analysis.

The paper walks you through what is involved with a SQL injection exploit, using examples of both a Web site that we found at random as well as one that had previously been compromised with the hackers publicly describing their methods in a Russian post on the Net. We will show you the consequences of doing nothing and leaving this front door wide open for anyone to walk into your data center. Finally, we will talk about ways that you can prevent this from happening in the future, and what choices you have to protect your Web sites and corporate networks.

You can download the entire paper here.

Cranite SafeConnect Has A New Twist on VPNs

If you absolutely need total control over your remote users, and need to run the widest possible range of applications, then the Cranite Systems Inc. SafeConnect VPN software should be in your short list of products to consider. I recently did some tests for the company and found that SafeConnect is neither fish nor fowl, and sits squarely between SSL VPN and IPsec products, combining the ease of use of the SSL crowd with end-to-end applications interoperability of IPsec.

I tested the product on a series of laptops and compared how it worked with SSL VPNs from Juniper, Nokia, and other major manufacturers. Overall, the product stood up well in these tests. SafeConnect will prevent eavesdropping over the remote connection no matter where and how your users connect, and it is easily setup in a few hours. It will support a wider range of applications and do so without any additional configuration required. It delivers extremely high file transfer throughput, way beyond any of the SSL VPN products. Finally, it is priced attractively at about a third to a half of what competitive SSL VPN products with equivalent feature sets would cost.

There are several other things the product doesn’t do. It can’t and doesn’t try to compete with the SSL products for unmanaged remote users, since its client must be installed on each remote desktop or laptop. It doesn’t provide the level of client endpoint integrity checking that a Nokia, Juniper or F5 SSL product provides. It also has three major deficiencies: First, it doesn’t prevent users with duplicate credentials from concurrently connecting to the network, and it doesn’t report on these circumstances either. This puts a burden on your IT department to keep track of their client credentials. Second, there is no auditing ability, which we discuss more completely below. Finally, while the product comes with its own LDAP and RADIUS servers, if you do decide to use these pieces you will have to configure them via their separate command line interfaces. Cranite should integrate these into its own graphic configuration screens.

We liked the fact that once you were connected, your remote connection was solid and bullet-proof from man-in-the-middle attacks. We tried to break the connection by sending malformed packets with a bad MAC address – something that would bring down any SSL VPN connection – but SafeConnect kept on going without any problems. About the only way to tear down the connection would be to fill the pipe with a denial of service attack or if we lost the line entirely from our ISP.

You can read my full report on Cranite’s Web site here.

Email Application Servers: Beyond One-to-One Messaging

I did a series of reports back in 1999 for various private clients on email technologies. This was done for Delano and talks about email app servers.

Email application servers will be the tie that binds this new breed of workers. The difference is now email applications are two-way, fully integrated into the corporate consciousness. Those workers who don’t know how to make use of email servers will waste hours or lose information. And those that are content to continue with one-to-one communications will fall behind their competitors.

Let’s review how email application servers are transcending one-to-one messaging. We’ll examine the role played by these new products, how you can harness the power of these servers and some of the issues involved in moving towards these more interesting and advanced uses.