Will your network pass a security audit?Written by Michael Bruck
It is a well-known fact that in Internet-connected world network perimeter vulnerabilities do exist that allow unauthorized individuals access to networks and provide ability to disrupt business continuance. Well-prepared companies do know about many of these vulnerabilities and they correct them whenever appropriate. However, there are a large number of new, as well as older vulnerabilities that average company is just not aware of. If these vulnerabilities are known, companies usually, and I emphasize usually, allocate resources to them. Unfortunately, too many companies either do not have resources to track such security-related matters or do not have trained internal personnel to allocate towards identifying and remediating vulnerabilities. Obviously knowing about or being able to detect vulnerabilities is half battle, but not acting on known issues for any reason is almost a guarantee to lose battle.
An alarming fact is that many companies do not prioritize information security because it does not generate revenue for company. However, as we have seen in headlines and trade journals, lack of a proper security program can and does affect bottom line. Some organizations are now investing larger budget dollars and resources into information security, and they’re starting by assessing their present level of risk with an audit. If your company relies on Internet and was one of vast number that missed vulnerability used by Code Red virus, you know how lack of an active security program can affect bottom line. In addition to unknown vulnerabilities, there are many stories of technicians performing routine network maintenance and unintentionally leaving credit card database or other proprietary information open for would be hackers. Finding vulnerabilities in your environment is vital to success of your security program, but knowing how to prioritize and perform proper remediation is often impossible without properly trained personnel. Lets concentrate on value of audit process and deliverables for a moment.
Whenever we think of audits, first thing that comes to mind is financially related IRS visit. They are looking for holes in integrity of income and expense reporting for individuals and companies. These audits are required because if system, in this case tax system, has enough vulnerabilities, then whole system fails. The audit acts as police to either deter vulnerabilities or find them so they can be eventually removed. Removing vulnerabilities in your information network is just as key, but can you find them, which are important, and how do you remove them efficiently. Much like IRS audits, finding information network security vulnerabilities requires a trained professional. Most commonly, security professionals trained in auditing are full time in-house employees of only largest companies. For majority of companies who want thorough periodic audits, this requires use of outside security experts as most cost-effective choice. Outsourcing to security professionals offers many advantages over in-house testing, such as having a team of experts dedicated to current security matters, armed with proven best practices or entire methodologies, and equipped with a suite of security auditing products instead of a single commercial tool.
Who's watching you?Written by Dale Sexton
How many business owners use DSL, cable or other fast modem hookup to get on internet? I use a 56k modem myself, but because I test most of my programming online, I am on 10 to 16 hours a day.
Hackers like to get into sites that are online all time. If you have a super fast modem like DSL or like, and you leave your computer on, your online. Hackers like to get into your computer, get your financial information, plant programs to hack into other sites without a trace, or just wreck havoc on your computer.
Here is another scenario, Do you use programs like Netscape, Go!zilla, or Real Player? Did you know that they contain programming to send information from your computer to their server? These are not only programs with spyware built in. So I've been told, they can send every program you've downloaded and what address you got it from.
Believe what you wish, but I believe that anything can happen. What can we do to prevent any of above or worse from happening? I've been studying this.
Let's look at some sites that rummage through your computer and show you what they see. What we are going to learn is how vulnerable we are.
http://www.secure-me.net/secureme_go http://grc.com http://www.sdesign.com/securitytest/index.html http://www.hackerwhacker.com/
After these sites have ransacked your computer, let's see what we can do to prevent it from happening again. A good fire wall will be a good start. The fire wall I prefer is ZoneAlarm from ZoneLabs. These fire walls are free to public, although if used for business, they ask for a small payment. The average prices I've seen are around $20, but compare for yourself.