China Tops Exploitation
Posted on May 22nd, 2015 at 9:19 am by Grace

Image Source:

Trojans are still the biggest threats in the internet today. Although vulnerabilities like the one recently found in Microsoft MS08-067, is fast decreasing, it is much more easy to attck or exploit. and recent studioes show that Chinese computers are the number one most infected with exploits that are browser based. In the last 12 months, vulnerabilities have decreased by 20% compared to last year. But the percentage of the known vulnerabilities that are easy to exploit has gone up 56%. Vulnerabilities in operating systems have continually declined . it is reported that Microsoft have already released many patches for the security flaws amounting to almost 77 vulnerabilities in the first half of the year. The lowest rate of infection is in Japan.

Symantec Releases Threat Analysis for 2007 (Part 2)
Posted on May 15th, 2015 at 9:07 am by Avatar

sym2.jpgThey also report that the amount of malware has increased significantly with them growing ever complex making it harder for industry to cope unless there is mass infections. The initial detection of a threat mobilizes emergency centers that these software company’s have who work against the clock to provide updates to their many registered subscribers which they send updates to once they have the cure. They also send out updates to virus signature databases which allows the anti-virus, Intrusion detection and Prevention Systems to counter attacks by letting them recognize them hopefully in time to prevent mass infection.

Conficker Awakens
Posted on May 8th, 2015 at 8:28 am by Grace

confickerAs expected, the much awaited zero day for the Conficker worm (aka. Downadup) has sprung back to life when the date turned to April 1, the set date for the malicious activity of the said malware. Security centers have been waiting for the worm to come back to life and as expected it did, issuing re-configured processes and spreading malware to more computers worldwide. The widespread distribution of the worm has been worrying security experts who have been working hard to counter the damage the malicious worm causes, to some success for the world’s security software have been able to protect the rest of the world form the damage it would have caused.
(Read the rest of this story.)

McAfee Security
Posted on May 1st, 2015 at 7:26 am by Hannah

McAfee is a known company that caters to securing the numerous forms of technology. The following are just some of the uses of the McAfee Security: Protection of Data and Database, Email and Web Security, and Network and Mobile Security. Taking for instance its feature that focus on Email and Web Security, this is important mainly because the Web involves a wide range of programs, applications, and users that make it more susceptible to infection and breakdown due to increasing viruses and malware. Features of this email and web security aim to protect the web from threats, prevent the occurrence of loss data, and resist malwares. Through these features, users will definitely enjoy the usage of both the email and the web and not worrying about the increase in viruses and threats. With McAfee Security, one is given that secured usage ensuring that one’s technology is safe from corruption and the risk of system failure is minimized.

Data Center Services Security in Northern Europe Gets a Boost from NTT
Posted on April 24th, 2015 at 5:46 am by Grace

The global data center service industry has been relatively flourishing despite the prevailing economic difficulties in the past couple of years. Business continue to survive, and many of these businesses rely on data center providers for their information handling needs.

Perhaps one indication that the industry is thriving is the recent news that NTT Communications made a move to acquire Secode AB, a leading name in the managed-security and security-consulting arena in Northern Europe. This move has been hailed by many as beneficial to all the parties involved.

NTT Communications is the long distance and international arm of the well known company, NTT. Having established the brand worldwide, it has been the main choice of many businesses. NTT Communications offer various data center services to its customers from all corners of the world. With this acquisition, it only hopes to further strengthen its services in terms of security.

NTT Communications offers data center services in more than 31 cities in 20 countries/regions. Any client can expect excellent quality, characterized by:

  • Full-scale preparations for power outage and fire disaster.
  • Green data center equipped with efficient cooling facilities.
  • Security system installing the latest authentication methods.
  • 24 ⁄ 7 operation and maintenance system
  • System redundancy in power supply, air conditioning and network.
  • Stable network achieved by using backbones and access lines from multiple carriers
  • Quality is certified by NTT Communications Data Center standards.

While the acquisition involves a company local to a certain region, the effects on the security of the data center services of NTT shall certainly be felt system-wide, geographic barriers notwithstanding.

FTC Orders Closure of ISP
Posted on April 17th, 2015 at 5:26 am by Grace

In a first, the FTC has taken a move to bolster their powers on the internet with them ordering the closure of a so-called determined malware ISP that they say has been determined and documented to host several illegal activities such as malware, viruses, pornographic sites and many others. The ISP of course denies all accusations and say they will be fighting the FTC on the matter, claiming they are innocent of all charges. The ISP, PriceWert LLC, has denied all the FTC’s accusations yet the FTC says it has a well documented and solid case. (Read the rest of this story.)

Broad spectrum DLP’s
Posted on April 10th, 2015 at 1:15 am by Avatar

Data Loss Prevention is a term used to define and enforce data classification and uses robust encryption and security. Vendors like Vontu , Reconnex and Titus Labs, all produce software that is classified as data mining technologies and gives the user the function/ability to include the security option which they can define the level that should be applied.
These types of software scans email and their attachments along the files users already have and create giving the users a sign that the said files are in need of protection. They then assign the level/s of protection that are assigned and the file is encrypted with a key. Only authorized clients and users with the right access levels get the key and thus access to the said information eliminating the reliance on the traditional walls for protection.

Be secured using SharePoint Server 2010 Claims based Authentication
Posted on April 3rd, 2015 at 12:42 am by Grace

Sharepoint 2010
Today when duplicity problem has increased a lot, authentication has become a must. Authentication is the process of determining if someone is who they claim to be. It answers the question “Who is this guy really?” Taking advantage of SharePoint Server 2010 Claims Based Authentication feature may help you curb this duplicity issue. Even if you are a SharePoint Foundation 2010 user, you can enjoy the same feature to authenticate the user identity.
Most enterprise applications need some basic user security features. At a minimum, they need to authenticate their users, and many also need to authorize access to certain features so that only privileged users can get to them. Some apps must go further and audit what the user does. On Windows®, these features are built into the operating system and are usually quite easy to integrate into an application. By taking advantage of Windows integrated authentication, you don’t have to invent your own authentication protocol or manage a user database. By using access control lists (ACLs), impersonation, and features such as groups, you can implement authorization with very little code. Indeed, this advice applies no matter which OS you are using. It’s almost always a better idea to integrate closely with the security features in your OS rather than reinventing those features yourself.

In the real world, we face the following challenges:
* Privacy regulations and other pieces of legislation are impacting what kind of information we are allowed to capture and store about users, so in some cases we can’t just demand that people give us all of their personal details.
* Businesses want to inter-operate with other businesses, and government organizations want to provide more integrated services to citizens. However, different systems use different authentication systems and businesses want to integrate in a secure, legally compliant manner.

Consequently, claims based authentication in SharePoint Server is designed to address the two challenges mentioned above. Claims based authentication addresses privacy and other compliance concerns by requesting less specific, less personal information about people, and by trusting other parties or systems to do the “proof of identity” check. Claims based authentication addresses integration of different systems by allowing communications using open standards, and by providing a platform for developing more specialized ‘identity connectors’ between systems.

How to implement Claims based authentication?
The claims-based authentication is implemented in the following way:
* From a developer’s point of view, the platform that Microsoft is providing is called the Windows Identity Foundation. Earlier, it was called the Geneva framework. It provides a programming library suitable for building claims-aware applications. This library is also used by SharePoint 2010
* Active Directory Federation Services implement services to create, accept, and transform tokens that contain claims.
* Cardspace provides a user interface for users to select which “identity card” they wish to use for a particular system

Claims based authentication won’t address the lifecycle management of identity information.
Claims based authentication may let our system know that a user is a contractor from a partner company, but it alone won’t let us specify a rule that says “all of my company’s financial spreadsheets must not be seen by contractors”. Not only does claims based authentication not provide this capability, but neither do the role-based access controls provided by SharePoint. In fact SharePoint’s role-based access control model itself is too limited to address this. It still needs substantial improvements.

Claims based authentication feature was not available in MOSS 2007; SharePoint Server 2007 uses a native Active Directory-based authentication between machines and systems. In addition to claims based authentication, take advantage of other exclusive features in SharePoint Server 2010 and also enjoy some free SharePoint templates or web parts that come with SharePoint products.

Microsoft’s Windows 7 – Opening Pandora’s Box
Posted on March 26th, 2015 at 11:59 pm by Grace

Microsoft UacThere has been much talk about the problem associated with the so-called Pandora’s box that is Microsoft’s UAC or User Account Control. This is one of the most unforgettable features of Vista where it first appeared as the ever present annoying pop-up window that asked for permission on almost each and every mouse click (exaggerated). The danger is that the said control feature seems to fail to revert to default security settings after a user has signed into the system as the systems administrator. After this event, use of all applications thereafter have been found to have default settings of the admin without reverting to previously set security settings that can be a wide open door for hackers to exploit. (Read the rest of this story.)

Cisco-Servers with Built-in Protection
Posted on March 19th, 2015 at 11:18 pm by Avatar

Cisco, one of the world�s leading producers of network servers that are deployed on the internet and in large corporations has announced the release of their Self-Defending Network version 3.0. This is after they have finalized the acquisition of security software Ironport Systems Inc. Ironport is responsible for the development of a powerful e-mail and web monitoring service called SenderBase. The said system collects information from almost 100,000 internet providers, schools, universities and corporations globally. Checking for more than 110 parameters for any available active web server connected to the internet which allows it to verify, inspect and check e-mail that passes through them (their massive database/s are reported to get at least 5 billion requests per day).

« Previous Entries