admini – Page 188 – CyberSecurity Institute

VoIP Offers Cost Savings But Also Presents Security Risks

Posted on April 1, 2007December 30, 2021 by admini

Configuration weaknesses in VoIP devices and underlying operating systems can enable denial of service attacks, eavesdropping, voice alteration (hijacking) and toll fraud (theft of service), all of which can result in the loss of privacy and integrity. To perform well in VoIP environments, security appliances must both protect the VoIP infrastructure and maintain the voice quality, availability and reliability of the connection.

Establishing a secure VoIP and data network is a complex process that requires greater effort than that required for data-only networks.

VoIP systems can be expected to be more vulnerable than conventional telephone systems, in part because they are tied into the data network, resulting in additional security weaknesses and avenues of attack. Confidentiality and privacy may be at greater risk in VoIP systems unless strong controls are implemented and maintained.

Use strong authentication and access controls on the voice gateway system. Since some VoIP telephones are not powerful enough to perform encryption, placing this burden at a central point ensures all VoIP traffic emanating from the enterprise network will be encrypted. Financial institutions should enable, use and routinely test the security features included in VoIP systems.

http://www.bankinfosecurity.com/articles.php?art_id=207

Security Considerations for Voice Over IP Systems – NIST Special Publication 800-58

Saudi government gets tough on cybercrime and criminals

Posted on March 28, 2007December 30, 2021 by admini

The internet is strictly monitored and censored in Saudi Arabia, with online pornographic material and politically themed websites blocked from public viewing.

While the cabinet passed the proposal, the king must give the final approval.

http://tech.monstersandcritics.com/news/article_1283704.php/Saudi_government_gets_tough_on_cybercrime_and_criminals

How to safely dispose of old mobile devices

Posted on March 27, 2007December 30, 2021 by admini

The increasing use of portable devices and WiFi access to company IT resources means that truly personal control of data is a thing of the past. As a result, data on PCs, laptops, PDAs and smartphones – as well as back-up data on the network – needs to be encrypted. It’s now possible to install encryption solutions on most mobile devices.

You can also use authentication technology – tokens, biometrics and smartcards – to create a security system that is stronger than the sum of its parts.

Using a factory reset on your portable device may seem to be the easiest precaution before disposing of the unit, but factory resets are far from permanent, since they only delete the header information to your data. That way, even if a hacker manages to un-delete your portable device’s files, it stays secure, since it is encrypted. Even deleting the data files on the back-up system is not full deletion, as network/PC restore functions can regenerate the back-up files.

The optimum approach to mobile device security is to conduct a risk analysis and, from the results, formulate a best practice set of policies relating to the use of mobile devices across the entire organisation.

Don’t forget the cellular network backups. A growing number of cellular networks now support network-based data back-ups.

Although designed to assist users in the event of a mobile phone loss or theft, the back-up poses a security risk if a third party obtains your network logon details, or if your old mobile number is re-assigned (as most are).

Many mobiles automatically back-up data from the SIM card to the phone, so moving your SIM card can leave contact data behind on the old handset.

Care should be taken when downloading or installing company data on a mobile device – even a mobile phone – as that information could easily fall into the wrong hands.

http://www.it-observer.com/articles/1314/how_safely_dispose_old_mobile_devices/

Europe to develop guidelines on RFID

Posted on March 17, 2007December 30, 2021 by admini

A stakeholder group will be formed first to advise the Commission on the development of its RFID policy. The group will report back to the Commission by the end of 2008 on any reform to European laws that it thinks is needed.

Major issues, according to Reding, include privacy, trust and governance.

“We should stimulate the use of RFID technology in Europe while safeguarding personal data and privacy,” Reding told reporters at CeBit. Reding also said that the Commission would not tie up use of RFID in regulation. “When I come to CeBit, people ask, ‘What regulation are you proposing today?’
We must not overregulate RFID, but we must provide the industry with legal certainty,” she said.

The Commission also published a strategy report on Thursday that was produced after consulting with interested parties. In the report, the Commission said RFID tags–the hardware attached to the assets in question–needed to be more secure, particularly in terms of encryption and authentication.

http://news.com.com/Europe+to+develop+guidelines+on+RFID/2100-11746_3-6167977.html?tag=nefd.top

Goldman Sachs IT spending survey: Winners and losers

Posted on March 14, 2007December 30, 2021 by admini

The report also detailed what hardware and software players were gaining traction.

Surprisingly, Lenovo and Apple were shown to be gaining share of the IT spend, which Dell and HP were losing share.

http://blogs.zdnet.com/BTL/?p=4646

Forget hackers; companies responsible for most data breaches, study says

Posted on March 14, 2007December 30, 2021 by admini

“What this shows is that a surprising number of incidents actually involve corporate mismanagement more than hackers,” said Philip Howard, assistant professor of communication at the University of Washington and co-author of the report.

A report released last week by the IT Policy Compliance Group showed that human error is the overwhelming cause of losses of sensitive data — contributing to 75% of all occurrences, while malicious hacking activity contributed to just 20% of data losses. According to that report, the primary channels for data loss involve laptops and mobile devices as well as e-mail and instant messages. Even in incidents that were publicly blamed on external hackers, the reality is a bit more nuanced, Howard said.

When it comes to just the volume of compromised records, though, external hackers accounted for some 45% of breached records, while 27% came from internal errors and 28% remained unattributed, Howard said. The university study also showed that there were more reported incidents in 2005 and 2006 — 424 — than the previous 25 years combined, when there were 126. But that’s likely because of breach-disclosure laws in California and several other states that require companies to notify consumers of incidents involving the potential compromise of their data, he said.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9013142&source=NLT_AM&nlid=1