Tag Archives: Symantec Corporation

About 1969 days ago Internet and Online Business

Famous Last Words: It Can’t Happen to My Website

our beautiful site

Over the recent holidays I woke up one morning to an unwelcome present:  one of my websites had been hacked!  Being the holidays, it took longer than normal to get help to fix the rest of the site.  Finally, after two days, we were able to get everything fully functioning again.  It was costly, both in terms of time, money and worry.  But I breathed a sigh of relief.  Little did I know that the problems were not over … yet. What the hackers wanted Throughout it all, I kept wondering, “Why would somebody hack my site?”  It is purely a content site. The site databases contain no customer information, no credit card numbers, no confidential data of any kind. There is absolutely nothing of value for a hacker — or so I thought. At first I chalked up the incident to somebody’s idea of a sick joke … mere vandalism. Over the ensuing four days, I was soon to discover what the hackers had really done to my site.  Deleted files and a messed-up design were just the tip of the iceberg. Search engine boosting is the goal The real purpose of the hacking was to boost search engine rankings.  The latest trend is that hackers hijack legitimate sites to use them to generate links to other sites to increase those sites’ rankings.  Even Al Gore’s climate blog was victimized by hackers to boost search engine links. In my case, a script had been loaded on the shared server that my site resided on, generating hundreds of hidden pages on my domain.  These were pages that I had absolutely no idea were there until, looking at my Technorati.com account, I saw thousands of new links suddenly come in overnight from spam sites pointing to those pages on my domain.  The anchor text in the links used words such as “oxycontin” and “cute ringtones” and similar junk that I knew could not be legitimate links to my site. The fake pages on my site were in turn automatically redirected to pharma, ringtone, and adult sites to boost those sites’ link weight. In addition, we found dozens of hidden links in the main pages of my site to ringtone, pharma, and adult websites.  You could not see these links on my site’s pages using a standard browser. Also, we found some rogue PHP code designed to generate even more hidden links if the first group were removed.  They also managed to insert bogus links in my blogroll and elsewhere in the site — this time in plain view.  Presumably links were scattered here and there among legitimate content with the hope they would be overlooked.  What it means for small business websites You’ve heard of defensive driving?  Well, welcome to the world of defensive Web publishing. If you thought your site was safe just because you had nothing of value in it except some content, think again.  Even small business websites and personal blogs are not immune from this kind of attack.  Your site indeed does have value to hackers — as a link-generating drone. How to protect your website The toughest part with hacking attacks is that you may not even be aware that your site was compromised.  Or it may take a while (in my case, four days) to figure out the full extent of the damage.  Remember that you’re not as helpless as you may feel.  Taking these steps can help protect your site or blog: Educate Yourself — The single best way to watch out for hacking activity is to know what to look for.  Read up on hacking activity so that you can be a proactive site owner and spot suspicious activity or avoid it in the first place.   Bolster security– Arrange for regular backups of your site code and any databases.  In the event of a hacking you probably will need to revert to an earlier backup.  And remember, prevention is the best protection. Have your webmaster perform a security audit to check specifically for vulnerabilities.  And observe good security practices as a site owner.  Keep up to date with software upgrades, which often fix known vulnerabilities.  Change passwords regularly. Limit access to your site – for instance, in the case of a blog, do not allow unknown users to register themselves as authors.  Check your code regularly — Occasionally check your site code.  In your browser, Click on the “View” menu, and then choose “view source.”  This will open up a little window where you can easily see your code.  Look for links to sites you do not recognize.  Look also for HTML code stating “display:none” or using the word “hidden.”  Both codes mean what they suggest:  that links are being hidden from casual view.  Maybe there’s a legitimate use for such HTML in your site – but then again, it may be the work of hackers.    Check your link counts and standings — Use tools such as Technorati.com or another link-popularity tool to keep tabs on inbound links.  One telltale sign of a hacking: a huge jump in link counts seemingly overnight.  Keep an eye also on your search engine traffic.  If traffic dries up overnight, that may be another telltale sign.  The search engines WILL penalize your site for having hidden links (Google doesn’t know if you are a victim or if you inserted hidden links intentionally).  Have your webmaster check your server logs regularly, too – or learn to do it yourself.  Get qualified help — I’d love to say that any reasonably intelligent business person can recover from a hacking.  But most of us would be kidding ourselves.  I never could have scoured the code and cleaned up the hackers’ crud without the help of my skilled webmaster and telephone support of my Web host. Unless you are highly confident of your own technical skill, get qualified help.  Be a little paranoid – it’s OK.  It just may save you from a hacking or help you recover more quickly.  For more information: To educate yourself to spot suspicious activity, read the white paper, Trends in Badware 2007: What Internet Users Need to Know. For those who have blogs, subscribe to:  Blog Security. Symantec offers a helpful Security Response blog. To search to see if your site has been flagged by Google as compromised, visit:  StopBadWare.org  Anita Campbell is a writer, speaker and radio talk show host who closely follows trends in the small business market at her site, Small Business Trends.

About 1969 days ago Computer Security

Famous Last Words: It Can’t Happen to My Website

our beautiful site

Over the recent holidays I woke up one morning to an unwelcome present:  one of my websites had been hacked!  Being the holidays, it took longer than normal to get help to fix the rest of the site.  Finally, after two days, we were able to get everything fully functioning again.  It was costly, both in terms of time, money and worry.  But I breathed a sigh of relief.  Little did I know that the problems were not over … yet. What the hackers wanted Throughout it all, I kept wondering, “Why would somebody hack my site?”  It is purely a content site. The site databases contain no customer information, no credit card numbers, no confidential data of any kind. There is absolutely nothing of value for a hacker — or so I thought. At first I chalked up the incident to somebody’s idea of a sick joke … mere vandalism. Over the ensuing four days, I was soon to discover what the hackers had really done to my site.  Deleted files and a messed-up design were just the tip of the iceberg. Search engine boosting is the goal The real purpose of the hacking was to boost search engine rankings.  The latest trend is that hackers hijack legitimate sites to use them to generate links to other sites to increase those sites’ rankings.  Even Al Gore’s climate blog was victimized by hackers to boost search engine links. In my case, a script had been loaded on the shared server that my site resided on, generating hundreds of hidden pages on my domain.  These were pages that I had absolutely no idea were there until, looking at my Technorati.com account, I saw thousands of new links suddenly come in overnight from spam sites pointing to those pages on my domain.  The anchor text in the links used words such as “oxycontin” and “cute ringtones” and similar junk that I knew could not be legitimate links to my site. The fake pages on my site were in turn automatically redirected to pharma, ringtone, and adult sites to boost those sites’ link weight. In addition, we found dozens of hidden links in the main pages of my site to ringtone, pharma, and adult websites.  You could not see these links on my site’s pages using a standard browser. Also, we found some rogue PHP code designed to generate even more hidden links if the first group were removed.  They also managed to insert bogus links in my blogroll and elsewhere in the site — this time in plain view.  Presumably links were scattered here and there among legitimate content with the hope they would be overlooked.  What it means for small business websites You’ve heard of defensive driving?  Well, welcome to the world of defensive Web publishing. If you thought your site was safe just because you had nothing of value in it except some content, think again.  Even small business websites and personal blogs are not immune from this kind of attack.  Your site indeed does have value to hackers — as a link-generating drone. How to protect your website The toughest part with hacking attacks is that you may not even be aware that your site was compromised.  Or it may take a while (in my case, four days) to figure out the full extent of the damage.  Remember that you’re not as helpless as you may feel.  Taking these steps can help protect your site or blog: Educate Yourself — The single best way to watch out for hacking activity is to know what to look for.  Read up on hacking activity so that you can be a proactive site owner and spot suspicious activity or avoid it in the first place.   Bolster security– Arrange for regular backups of your site code and any databases.  In the event of a hacking you probably will need to revert to an earlier backup.  And remember, prevention is the best protection. Have your webmaster perform a security audit to check specifically for vulnerabilities.  And observe good security practices as a site owner.  Keep up to date with software upgrades, which often fix known vulnerabilities.  Change passwords regularly. Limit access to your site – for instance, in the case of a blog, do not allow unknown users to register themselves as authors.  Check your code regularly — Occasionally check your site code.  In your browser, Click on the “View” menu, and then choose “view source.”  This will open up a little window where you can easily see your code.  Look for links to sites you do not recognize.  Look also for HTML code stating “display:none” or using the word “hidden.”  Both codes mean what they suggest:  that links are being hidden from casual view.  Maybe there’s a legitimate use for such HTML in your site – but then again, it may be the work of hackers.    Check your link counts and standings — Use tools such as Technorati.com or another link-popularity tool to keep tabs on inbound links.  One telltale sign of a hacking: a huge jump in link counts seemingly overnight.  Keep an eye also on your search engine traffic.  If traffic dries up overnight, that may be another telltale sign.  The search engines WILL penalize your site for having hidden links (Google doesn’t know if you are a victim or if you inserted hidden links intentionally).  Have your webmaster check your server logs regularly, too – or learn to do it yourself.  Get qualified help — I’d love to say that any reasonably intelligent business person can recover from a hacking.  But most of us would be kidding ourselves.  I never could have scoured the code and cleaned up the hackers’ crud without the help of my skilled webmaster and telephone support of my Web host. Unless you are highly confident of your own technical skill, get qualified help.  Be a little paranoid – it’s OK.  It just may save you from a hacking or help you recover more quickly.  For more information: To educate yourself to spot suspicious activity, read the white paper, Trends in Badware 2007: What Internet Users Need to Know. For those who have blogs, subscribe to:  Blog Security. Symantec offers a helpful Security Response blog. To search to see if your site has been flagged by Google as compromised, visit:  StopBadWare.org  Anita Campbell is a writer, speaker and radio talk show host who closely follows trends in the small business market at her site, Small Business Trends.

About 1969 days ago Network Security

Famous Last Words: It Can’t Happen to My Website

our beautiful site

Over the recent holidays I woke up one morning to an unwelcome present:  one of my websites had been hacked!  Being the holidays, it took longer than normal to get help to fix the rest of the site.  Finally, after two days, we were able to get everything fully functioning again.  It was costly, both in terms of time, money and worry.  But I breathed a sigh of relief.  Little did I know that the problems were not over … yet. What the hackers wanted Throughout it all, I kept wondering, “Why would somebody hack my site?”  It is purely a content site. The site databases contain no customer information, no credit card numbers, no confidential data of any kind. There is absolutely nothing of value for a hacker — or so I thought. At first I chalked up the incident to somebody’s idea of a sick joke … mere vandalism. Over the ensuing four days, I was soon to discover what the hackers had really done to my site.  Deleted files and a messed-up design were just the tip of the iceberg. Search engine boosting is the goal The real purpose of the hacking was to boost search engine rankings.  The latest trend is that hackers hijack legitimate sites to use them to generate links to other sites to increase those sites’ rankings.  Even Al Gore’s climate blog was victimized by hackers to boost search engine links. In my case, a script had been loaded on the shared server that my site resided on, generating hundreds of hidden pages on my domain.  These were pages that I had absolutely no idea were there until, looking at my Technorati.com account, I saw thousands of new links suddenly come in overnight from spam sites pointing to those pages on my domain.  The anchor text in the links used words such as “oxycontin” and “cute ringtones” and similar junk that I knew could not be legitimate links to my site. The fake pages on my site were in turn automatically redirected to pharma, ringtone, and adult sites to boost those sites’ link weight. In addition, we found dozens of hidden links in the main pages of my site to ringtone, pharma, and adult websites.  You could not see these links on my site’s pages using a standard browser. Also, we found some rogue PHP code designed to generate even more hidden links if the first group were removed.  They also managed to insert bogus links in my blogroll and elsewhere in the site — this time in plain view.  Presumably links were scattered here and there among legitimate content with the hope they would be overlooked.  What it means for small business websites You’ve heard of defensive driving?  Well, welcome to the world of defensive Web publishing. If you thought your site was safe just because you had nothing of value in it except some content, think again.  Even small business websites and personal blogs are not immune from this kind of attack.  Your site indeed does have value to hackers — as a link-generating drone. How to protect your website The toughest part with hacking attacks is that you may not even be aware that your site was compromised.  Or it may take a while (in my case, four days) to figure out the full extent of the damage.  Remember that you’re not as helpless as you may feel.  Taking these steps can help protect your site or blog: Educate Yourself — The single best way to watch out for hacking activity is to know what to look for.  Read up on hacking activity so that you can be a proactive site owner and spot suspicious activity or avoid it in the first place.   Bolster security– Arrange for regular backups of your site code and any databases.  In the event of a hacking you probably will need to revert to an earlier backup.  And remember, prevention is the best protection. Have your webmaster perform a security audit to check specifically for vulnerabilities.  And observe good security practices as a site owner.  Keep up to date with software upgrades, which often fix known vulnerabilities.  Change passwords regularly. Limit access to your site – for instance, in the case of a blog, do not allow unknown users to register themselves as authors.  Check your code regularly — Occasionally check your site code.  In your browser, Click on the “View” menu, and then choose “view source.”  This will open up a little window where you can easily see your code.  Look for links to sites you do not recognize.  Look also for HTML code stating “display:none” or using the word “hidden.”  Both codes mean what they suggest:  that links are being hidden from casual view.  Maybe there’s a legitimate use for such HTML in your site – but then again, it may be the work of hackers.    Check your link counts and standings — Use tools such as Technorati.com or another link-popularity tool to keep tabs on inbound links.  One telltale sign of a hacking: a huge jump in link counts seemingly overnight.  Keep an eye also on your search engine traffic.  If traffic dries up overnight, that may be another telltale sign.  The search engines WILL penalize your site for having hidden links (Google doesn’t know if you are a victim or if you inserted hidden links intentionally).  Have your webmaster check your server logs regularly, too – or learn to do it yourself.  Get qualified help — I’d love to say that any reasonably intelligent business person can recover from a hacking.  But most of us would be kidding ourselves.  I never could have scoured the code and cleaned up the hackers’ crud without the help of my skilled webmaster and telephone support of my Web host. Unless you are highly confident of your own technical skill, get qualified help.  Be a little paranoid – it’s OK.  It just may save you from a hacking or help you recover more quickly.  For more information: To educate yourself to spot suspicious activity, read the white paper, Trends in Badware 2007: What Internet Users Need to Know. For those who have blogs, subscribe to:  Blog Security. Symantec offers a helpful Security Response blog. To search to see if your site has been flagged by Google as compromised, visit:  StopBadWare.org  Anita Campbell is a writer, speaker and radio talk show host who closely follows trends in the small business market at her site, Small Business Trends.

About 2122 days ago Computer Security

New Strains of Anti-Virus Protection

Small and mid-size businesses have become increasingly savvy about securing their computers, servers, and networks. At the same time, the hackers, crackers, and other criminal minds have become equally as confident that one Trojan or virus can make conducting business difficult, if not impossible. Many small and mid-size businesses have developed a “sense of complacency” regarding security because large-scale viruses aren’t the main threat anymore, says Adams Hils, small and mid-size business security analyst for Gartner, the Stamford, Conn. research firm. But he and other analysts warn that the danger is now worse because criminals are looking to steal data for financial gain — not merely for mischief-making. “They don’t want to generate headines,” Hils said. “They want to generate revenue.” Furthermore, if your business retains customer data and you do business over the Internet, your business is a potential target. Basic anti-virus tools aren’t enough Firewall misconfigurations, weak encryption and passwords, and lapsed software patchwork can lead to company or customer data theft for a business. Basic anti-virus software isn’t enough to protect many small and mid-size businesses these days, and anti-spyware is becoming increasingly important. Malware from websites has grown 540 percent over the last two years, according to Gartner. Security software maker Symantec, in its most recent Internet Security Threat Report, warned that in addition to other malware problems, phishing was a growing concern for businesses in 2007. Symantec said that servers for small business could be used as hosts for phishers because the companies are often short on IT staff and therefore could be at risk for lapsed security patches. That’s why it’s important for all businesses — no matter what size — to maintain tight security on all data and company information, analysts say. “You’re trying to increase the number of barriers between yourself and the bad guys,” says Anil Miglani, senior vice president at AMI-Partners, a market research firm based in New York. AMI-Partners estimates that security spending among small and mid-size North American companies will be $5.25 billion in 2007 — up from $4.5 billion in 2006. It expects double-digit growth rates for security spending among North American small and mid-size businesses over the next five years. New products offer solutions It’s no surprise, then, that vendors have new security products for small and mid-size businesses, which are prioritizing security upgrades but demand simplicity and affordability, according to Forrester Research. Because of these factors, Microsoft is gaining ground in the security market, according to analysts. Microsoft’s Forefront Client Security is one of the cheapest anti-virus and anti-spyware security solutions on the market, but it may be too basic for some businesses, analysts warn. “For some smaller businesses that are not as exposed to Web threats and outside threats, it might be OK,” Hils said. Security heavyweights McAfee and Symantec offer “the most robust” solutions but are pricier, says Natalie Lambert, an analyst with Forrester Research. Symantec’s Client Security and Anti-Virus products are developed for businesses of varying size, but like most vendors, it does not have a one-size-fits-all solution, Lambert said. McAfee has specific products for small and mid-size businesses such as its Active VirusScan SMB Edition, as well as separate host intrusion products. The company provides management support which is crucial for companies with small IT staffs, Lambert said. Bundled options best for small business McAfee does not combine its anti-virus and anti-spyware solution. Gartner advises small and mid-size businesses to use vendors that bundle anti-spyware with their anti-virus products, such as Symantec, Trend Micro or Panda Software, or to negotiate with their current vendors for a competitive combined anti-virus and anti-spyware price. A smaller competitor, eEye Digital Security’s Blink product, has performed well in independent tests. It covers several security concerns by offering anti-virus, anti-spyware, anti-phishing and firewall protections, as well as intrusion preventions and detections. Whether you need a basic or more sophisticated security product depends on the needs of your business. For example, if you do business on the Web or if you have several employees and want to tighten internal as well as external security. It’s important that you assess your own needs — or have an assessment conducted for you — before shopping for products, Miglani advises. And, he warns, don’t think that your business is immune to threats, no matter how small it might be. “The probably of these [attacks] happening can be low, but the potential damages can be high,” Miglani says.

About 2122 days ago PCs, Laptops, and Notebooks

New Technologies to Thwart Laptop Theft

our beautiful site

The dangers of laptop theft are all over the news. High-profile laptop losses involving Neiman-Marcus, CardSystems Solutions Inc., the U.S. Department of Veterans Affairs, and even the FBI itself illustrate the need for companies to be vigilant in protecting company laptops — and the sensitive company data housed within.   According to the FBI, a laptop is stolen every 53 seconds, and 97 percent of them are never recovered. And, according to Symantec, the computer security software giant, the average laptop — perhaps only a $1,000 machine — contains at least $800,000 worth of data. If that data is classified or proprietary, its worth could increase exponentially. Common sense has become increasingly important — don’t let your laptop out of your sight while commuting or traveling, beware of two-person theft scams in public places, and don’t leave it in plain view while not at your desk. But new technologies for securing and tracking laptops are giving companies a wide range of other security options. And many of them have versions that small- and medium-sized businesses can afford. Here are some of the latest offerings for protecting your company’s laptops: RFID Taken mainstream by Wal-Mart as an inventory-tracking method, radio-frequency identification (RFID) has had applications as a shoplifting/theft deterrent for some time. And as RFID tags continue to fall in price — with tags themselves costing between 50 cents and $10 each — they can now be used as a way to track laptops. Dallas-based Axcess International’s ActiveTag uses a small, long-acting battery to power the durable tag. The tag can trigger alarms or generate text messages and e-mails to alert businesses to a theft. However, the user must remember to activate and deactivate the tag. Tracking and asset recovery tools Computer Security Products’ XTool software suite includes a tracking feature that transmits a signal whenever the laptop connects to the Internet, allowing its location to be tracked if stolen. A one-year subscription for small businesses with less than 50 laptops, which includes encryption capabilities, is $70. Absolute’sLoJack for computers also offers tracking capabilities, along with additional asset recovery services that will work with local law enforcement to get a stolen laptop back. Using an optional data-delete feature, LoJack can delete the contents of a laptop so they don’t fall into the wrong hands. LoJack is available to smaller businesses for about $100 per laptop for a three-year contract, according to Les Jickling, Absolute’s director of corporate marketing. Encryption Although the Microsoft Vista operating system includes encryption technology, a number of vendors offer it as a separate product. The technology makes data virtually indecipherable to all but those with access. These include XTool, Pointsec, and PGP Corp. PGP’s offerings for small- to medium-sized businesses range from a yearly subscription at about $59 per laptop for a company with 500 laptops to a $119-per-laptop perpetual license, according to PGP’s Albert Fong. Biometrics Many new laptops are equipped with bioscanners — fingerprint readers that only let the user open documents. Experts recommend using these scanners — preferably with one’s  thumbprint — along with a password to ensure optimal safety. While these technologies represent exciting possibilities, experts warn that there is no one solution to keeping laptops safe. “There’s no silver bullet,” notes Jimmy Alderson, co-founder of Washington, D.C.-based Intelguardians, an IT security firm. “Users can’t just use one methodology.” Alderson recommends using strong biopasswords and RFID with an alarm system, but suggests some low-tech precautions, too. Specifically, Alderson recommends: Registering laptops with the manufacturer upon purchase, so they can assist if they’re stolen; Physically etching a company name on the laptop, to aid in recovery; and Insuring the laptop — and its contents. Companies such as Safeware will ensure your hardware, while Aon’s Wired for Growth offer liability coverage for lost data. “All of these will help keep your laptop safe,” advises Alderson. “Just don’t put all your eggs in one basket.”

About 2183 days ago Wireless Networks

Automating Your IT Networks

our beautiful site

Fast-growing businesses with several software and application deployments underway at any given time can mean big headaches for IT managers and big costs for businesses. IT administrators are often busy troubleshooting and updating workstations — tasks that cost businesses time and money. “IT people are always on the push to do more with less,” says Michael Speyer, a senior analyst at Cambridge, Mass.-based Forrester Research. Companies want IT staff to be “a little more creative and value-adding,” he says. A 2005 survey of 500 IT administrators by Dynamic Markets found that 94 percent of U.S. IT managers believe they are becoming more strategic to their organizations, but most of their time is spent on administrative tasks. For many IT administrators in small and mid-size businesses, the most time-consuming task is managing individual workstations. By automating inventory management and daily tasks such as software distribution and security patches on desktops, laptops and other network devices, IT can focus on business goals. Expanding IT automation IT automation has traditionally been employed by large companies with considerable IT budgets. But some companies that offer automation solutions also cater to small and mid-size businesses. “It’s just as important for those folks to have the same benefit and to level the playing field for them,” says Steve Workman, vice president of product management for LANDesk, which offers automation through systems and process software. Businesses concerned about IT costs save money by using automation because they can shift IT focus to from troubleshooting to business solutions, providers argue. LANDesk says its customers usually receive a return on investment within 90 days. LANDesk’s Process Management software costs $15,000 for 50 employees. Competitor Altiris charges $92 per 100 workstations for its Client Management Suite software and offers volume discounts. Altiris, now part of Symantec, is also targeting the mid-size market with its Configuration Management Database Solution in June. It will cost $6,995 per concurrent user. Solutions geared toward small businesses The solutions offered by larger providers such as LANDesk, Altiris, and Microsoft are often complex and require installation and training, says Fred Broussard, an analyst with Framingham, Mass.-based IDC. But larger providers generally support more operating systems. Broussard said that KACE, a Silicon Valley-based automation appliances provider, has been able to “package its solutions in an easy-to-use and consume form” for businesses between 100 and 500 employees. KACE offers an appliance called a KBOX to manage and automate IT administration. It does not require additional software or hardware and needs minimal training, according to the company. KACE charges $9,500 to $12,900 per 100 workstations for its KBOX appliances. IT departments “experience pain at all levels,” says KACE CEO Rob Meinhardt, “but the amplitude of that pain increases to the point where you’re going to pay for automation at about 100 employees.” IT automation will not eliminate a company’s need for IT managers, says Broussard, because they still have to manage the process. “IT would just do other things that would add more value to the enterprise,” he says.

About 2214 days ago Wireless Networks

Tips for Network Server Security

our beautiful site

To date, larger enterprises have been the primary focus of information thieves, but smaller businesses are now just as likely to be the targets of these attackers. Maybe more so. “Big companies have more resources and they’re getting smarter on that business risk and starting to be tougher to penetrate,” says Mark Piening, senior director of worldwide small- and medium-size business marketing for security vendor Symantec. Smaller companies won’t be able to protect themselves from criminals who are intent on hacking into their customer databases or phishing for sensitive corporate data — unless they take steps to keep that information out of reach, or stop those emails from reaching employee desktops. “The criminal may have more interest in going after a bigger business, because there’s often more to get,” Piening says. But if it’s easier to go after the smaller business, “What do you think they are going to do?” What you can do to stop trouble before it starts In some cases, that’s as simple as turning off a service you don’t need. Why have critical corporate data sitting on a network exposed to the rest of the world? “If you have a customer database and you’re not doing something online with that, don’t put it on a network where that can be accessed,” says Piening. Isolating a server with that database can be a cheap and easy proposition, but not everyone manages their policies that diligently. Email, of course, presents some of the biggest risks to an organization. “Bad things happen when you don’t protect your Exchange server,” notes Piening. Mail servers should be configured to block or remove emails with file attachments such as .VBS, .BAT, .EXE, .PIF, and .SCR, which are commonly used to spread viruses, advises Symantec in its most recent Internet Security Threat Report, published in September. The report also advises signing up for a fraud alerting service or using Web server log monitoring to track whether complete downloads of your website are taking place, as that may indicate someone is trying set up an illegitimate website in support of a phishing attack. Phishing emails may be sent to your customers, but Piening also brings up other possibilities: those disguised as communications from your human resources department aimed at getting your own employees to cough up personal info, and/or someone phishing for your customers’ information. If they get it, “that’s pure company liability,” Piening says. Email security software or appliances from vendors such as Symantec, McAfee, and Sonicwall are designed to keep the network free from spam (whether of the phishing or perverse kind), as well as from someone hijacking your small business’ email server to send spam. “The challenge there is you get blacklisted,” says David Kakish, a security specialist at technology products and services provider CDW. That’s not a good thing in today’s world, where businesses must be able to electronically communicate with customers and prospects.   A multi-tiered approach to security Kakish advocates that small businesses take a multi-layered, multi-vendor approach to securing their systems. Consider e-mail systems as one example — you might use one company’s technology at the SMTP gateway to cleanse messages of spam and viruses; another anti-spam and anti-virus engine on the email server itself; and further protection from another source at the desktop, laptop or other endpoints. That way, a small business has better assurance that if something is missed by one source at one point, it will be caught at the next. It isn’t as complicated to deploy this kind of approach as it used to be. “People always assume there’s too much to do at the gateway level, and that it’s complex,” he says. But that’s no longer the case. “You don’t have to be an IT whiz to go in and do this. And management has gotten a lot easier.” It’s a bit more of an investment to take a multi-layered approach to security, he says, but not that much. “Everyone looks at ROI, and in the security world you want to look at RON — return on negligence,” Kakish says. “If you are negligent, what will happen in your environment? What’s the cost of your network being down for a couple of hours or days, and what is the cost to try to prevent that?”

About 2334 days ago Data Security

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2334 days ago Antivirus Software

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2426 days ago E-Commerce

Can Instant Messaging Work for Business?

Using software such as AOL’s Instant Messenger or Yahoo Messenger, 50 percent of employees are using consumer instant message (IM) programs via company computers, according to a 2006 survey of 416 primarily small and midsize businesses by the America Management Association and The ePolicy Institute. These consumer IM clients frequently quietly slide their way on to company networks because employees often use the same programs to chat with friends and co-workers when they’re off the clock, too. But consumer IM programs also can enable something that many companies won’t even risk these days when it comes to e-mail: Unfettered, unmonitored and unencrypted communication over the public Internet. What’s worse is that only 47 percent of employers are aware of the IM programs running on their systems, according to the AMA study. “IM is nothing more than turbo charged e-mail — and all the IM risks that exist are the same as with e-mail,” says Nancy Flynn, executive director of The ePolicy Institute and author of several books including, Instant Messaging Rules: A Business Guide to Managing Policies, Security, and Legal Issues for Safe IM Communication.   IM poses some of the same risks to a business as e-mail, from allowing employees to disseminate confidential company information to exposing company computers and networks to a virus, worm, or Trojan Horse that quickly spreads. And with those risks come the potential for a firm to be subject to the same legal liabilities for employee conduct over IM. So then the question becomes: Should companies allow employees to use free consumer programs or should they install enterprise IM that come with more security features? Here’s how to do decide if a business should go with business IM: Does your company need to conduct business via IM? Employees might not even have a legitimate business reason to be IMing the outside world, in which case a company could forgo allowing IM programs altogether. But if employees need to IM each other, vendors, or clients to conduct business, then a company needs to use secure IM, says Richi Jennings, lead e-mail security analyst for Ferris Research, a San Francisco-based research firm. “If they are going to use a consumer-based service, IMs should still be encrypted,” he says. “And there is no substitute for having good antivirus, spyware, and malware control in place.” Enterprise IM programs also can assign company-branded, professional screen names to employees. Does your company need to archive IMs? Regulators in the financial services arena, for instance, have made it clear that they don’t make a distinction between e-mail and when it comes to retention requirements. “When employees engage in IM chat via public IM tools, your electronic business records are not being retained,” Flynn notes. “It’s essential for all businesses–no matter what your size or industry–to retain your records if you’re in a regulated field.” For many companies, complying with regulations like Sarbanes-Oxley means logging and archiving IM sessions between employees and clients–or anyone. IM management tools or enterprise IM products can offer a built-in logging and archiving feature for legal or regulatory compliance. Free consumer IM programs, on the other hand, do allow users to choose to save individual chat sessions, but they don’t include enterprise-wide records management or archiving features. Does your company need to secure IM? If IM is being used on company time, experts say the answer is always, “Yes.” But there are different approaches to boosting IM security. IBM Lotus Sametime, Novel GroupWise Messenger, and Microsoft Live Communications Server (LCS) are among the enterprise IM programs that offer an entire IM infrastructure installed on a company’s internal servers to enable archiving or defenses against threats like malware or IM spam (a.k.a. spim). Enterprise IM programs can be integrated with a user’s e-mail program or allow Web conferencing as well. For instance, Microsoft LCS can allow employees to IM people who use public IM programs but it still encrypts and logs messages. IMB Lotus Sametime even encrypts users’ buddy lists. IM management or gateway products — such as Akonix, Akeni, FaceTime, or Symantec’s IMLogic–can also add layers of security to existing IM products like Google Talk, Yahoo Messenger or MSN Messenger by archiving messages, scanning for viruses or blocking messages containing restricted phrases to prevent that data from leaving a business’s network. Depending on the level of security, management and additional features offered, enterprise IM can cost up to $5,000 for FaceTime’s RTG500 gateway product to about $500 for Microsoft LCS for five users to $10 to $40 per user for Akeni or IMLogic. AOL’s new AIM Pro powered by WebEx, which encrypts IMs and allows users to securely share documents or conduct conference calls, is free. No matter what the size of a business, experts say there are affordable solutions for adding the necessary security needed if employees are going to be IMing on the clock: “It only takes one employee to accidentally transmit the company’s client list or employees’ social security numbers, for example,” Flynn says. “If you decide to allow IM, you have to decide if you’re going to install an enterprise grade system or use freebies with IM gateway management technology to give your company the ability to monitor, filter, purge, and retain IM chat just like you do e-mails.”