admini – Page 233 – CyberSecurity Institute

Mobile Device Security IV: Today’s Top Three Vulnerabilities

Posted on June 1, 2006December 30, 2021 by admini

Access to Public Web/E-mail: Vulnerability #1
Over 90 percent of business executives who responded to Bluefire’s survey are using their device for email, either for a web-based account or for a corporate server-based account. An attack can be anything from a hacker at Starbucks who is accessing the data on someone else’s device, to someone using Bluetooth to steal personal information from another person’s handheld. “Trojans” can be defined by something posing as something other than itself. For example, a “Trojan” can be an application that can open a port that should not be opened, allowing outsiders access to the device. Firewalls set rules for the device that designate which ports are allowing traffic into the device. A firewall can keep certain attacks out by blocking the ports that would allow those viruses in. Using Bluetooth requires the devices to be within 30 feet of each other while IR control requires the devices to point at each other from closer than 30 feet.

Some mobile security software controls can be used to keep wireless connections turned off. While most device owners are not using IPSec VPNs for personal communications, they should at least insist on secure web-based connections using SSL encrypted communications. Integrity Manager is an application that monitors the settings on each device and will quarantine the device if the settings change. Anti-virus with automatic updates also keeps your smartphone protected by providing an up to date list of all known viruses from which the software can scrub emails and attachments, just like on your notebook or desktop.

Access to Corporate Email, Networks, Databases: Vulnerability #2
Smartphones and wireless devices are often used to gain access to the enterprise server for e-mail, shared files, and shared databases. Yet as with other wireless networking options, this also leaves the device open to attacks, viruses, or “Trojans”, and ultimately makes the network vulnerable as an unsecured device connecting to a secure server makes that connection unsecured.

Mobile Security Solution: Vulnerability #3
Mobile security features for protecting lost or stolen devices. Bluefire has seen an increasing number of government and enterprise customers requesting that Bluetooth and IR be temporarily or permanently blocked from use. If a device is lost or stolen, the private information becomes open and accessible.

http://www.blackberrytoday.com/articles/2006/6/2006-6-1-Mobile-Device-Security.html

Enterprises Should Ditch Skype: Gartner

Posted on May 31, 2006December 30, 2021 by admini

“In contrast, Microsoft immediately restricted access to its MSN Messenger instant messaging (IM) service in 2005 when it discovered a vulnerability in its IM client. Only users with an updated and nonvulnerable [sic] client were allowed to access the service, which meant Microsoft essentially performed the vulnerability management process on behalf of businesses. Skype provides no such protection,” Orans added.

Although Gartner has previously recommended that enterprises stay away from Skype, Orans repeated the advice in his note. “The most secure option is to block Skype traffic completely,” he said. “However, if after weighing the risks, a business decides to allow Skype use, it should actively manage version control of Skype client — and its distribution to authorized users — using configuration management tools.”

http://www.informationweek.com/news/showArticle.jhtml;jsessionid=HCZC5RR34UIFSQSNDBCSKH0CJUMEKJVN?articleID=188700351

Forecaster sees nine Atlantic hurricanes in 2006

Posted on May 31, 2006December 30, 2021 by admini

http://networks.org/?src=reuters:2006-05-31T133801Z_01_N31454900_RTRUKOC_0_US-WEATHER-HURRICANES-GRAY

Euro Security Initiatives Proposed

Posted on May 31, 2006December 30, 2021 by admini

The report calls for the EC’s European Network and Information Security Agency (ENISA) “to study the feasibility of a European information sharing and alert system to facilitate effective responses to existing and emerging threats to electronic networks.” Such a system would require the creation of a multilingual EU portal to provide detailed information on threats, risks, and alerts, the commission said.

Another proposal calls for businesses, users and government agencies to hold a “multi-stakeholder debate” on the balance between security and privacy, including the implications of RFID technology on end user privacy.

http://www.darkreading.com/document.asp?doc_id=96086&WT.svl=news2_3

Symantec Sets Out Roadmap

Posted on May 31, 2006December 30, 2021 by admini

Prior to last summer’s acquisition, there had been plenty of speculation about who would buy the startup, which offers software for enforcing security policies across a range of devices. Burton also confirmed, in response to a question from an analyst, that Symantec will make more of its email and messaging management products available through an “on demand” pricing model in the future. The vendor, he added, is also planning to launch a new version of its Enterprise Vault messaging management product later this year, which will offer file system enhancements. “A couple of years ago, we would have been talking about hackers seeking notoriety,” he said. In contrast, hackers are now looking to surreptitiously install software on corporate desktops for purposes such as keystroke logging, which can steal critical data.

Security, however, was not the only topic of discussion today, and Symantec execs confirmed that they are preparing a major new release of the NetBackup product they inherited when they bought storage vendor Veritas for $13.5 billion last year.

Away from the enterprise, Enrique Salem, Symantec’s group president for consumer products, explained that the vendor has two major new products up its sleeve: Norton 360 (code-named Genesis) and Norton Confidential (code-named Voyager).

Symantec execs avoided any discussion of their current lawsuit against Microsoft during today’s call.

http://www.darkreading.com/document.asp?doc_id=96125&WT.svl=news1_1

Microsoft officially launches paid security product

Posted on May 31, 2006December 30, 2021 by admini

Redmond-based Microsoft has previously said that its main focus for OneCare was the 70% of computer users who, according to Microsoft estimates, have no additional protection at all. But in an interview last week, Ryan Hamlin, general manager for the OneCare product, said the company also hopes to snag existing Symantec and McAfee customers.

“We’d love for those customers to use our product, and encourage them to, but there’s also 70% that don’t use anybody,” he said.

http://www.usatoday.com/tech/news/computersecurity/2006-05-31-microsoft-security_x.htm