Sorting through the Sea of 'IT Security'

We know it's next to impossible to know everything about everything - all the time!  There's simply not enough time in the day.  Well…rest assured, we're here to help!  Our goal is to educate you on everything IT – give you the kind of info. you can actually use.  Each month we'll focus on an issue, technology, or news item that's relevant to growing businesses.  So keep an eye out, please add us to your address book or safe senders list and be prepared to be enlightened.

Something you want to know more about?  Let us know!  Check out the Suggestion Box below.
   All About Security
 

The realm of 'Security' is SO HUGE, can be hard to get a handle on.  There's Physical Security, Airport Security, National Security, and Homeland Security.  There's Security Policy, Security Management, IT Security Standards and Security Experts – and that's just to start. 

There's the 'IT Security' world - encompassing Computing Security, Data Security, Application Security, Information Security, Network Security, and Financial Security.  Security, Security, Security - It's enough to make your head spin. 

IT Security is increasingly being viewed as a problem much broader than technology alone.  The threat landscape is extremely dynamic and we're seeing all kinds of new vulnerabilities pop up everyday.  Not to worry, we're here to help you sort through it all – the potential risks, what to do about them, and what's right for you!

Knowing what you're up against is step one.  To help you, we went ahead and broke down some of the threats that made SANS Top 20 Security Risks list in 2007:

  • Office Software
  • Email Clients
  • Web Applications                        
  • Backup Software
  • Management Servers

Office Software – You know it, you love it. – It's your email, word processors, spreadsheet applications, document viewers, presentation programs – the stuff you use daily.  Here, threats typically arrive via email in the form of an attachment, say a spreadsheet.  You open that spreadsheet and pow – the virus now attacks weaknesses in your software. 

Email Clients – Email might very well be considered one of the most vital applications your business has.  Email serves as a time saver, cost saver and let's face it – allows everyone to do their job a little more efficiently.  So it should come as no surprise that it too provides multiple avenues of attack – including distribution of malware, phishing, spam and denial of service.  These attacks can damage your operating systems, your data and applications not to mention waste time, money and labor.

Vulnerabilities in Web-based applications account for almost half of the total number of threats discovered in 2007.  This group might include Content Management Systems (CMS), Wikis, Portals, Bulletin Boards, and Discussion Forums used by business of all sizes.  Yes, these are the weakest link!  Hundreds of vulnerabilities are reported every week and tracked publically in databases such as @RISK, CVE or BugTraq. 

Custom-built web applications – or Intranets are also susceptible to attack.  Unfortunately, the majority of these threats go unreported.  Some large web hosting firms will see hundreds of thousands to even millions every day.

Backup Software is extremely important to every business.  After all – this stuff runs on just about every system you have – which makes it a ticking time bomb.  And…really the physical security of your backed up data is equally if not more important.  Are your backups safe?

Management Servers – we're talking on-server virus and spam filters, directory servers and management and monitoring systems.  Sounds complicated, right?  No worries, we'll do our best to make this as painless as possible.

The directory maintains user and system information – i.e. usernames and passwords.  Simple enough…

Monitoring systems do just that – they monitor other systems, but they also allow easy access to those systems. 

Configuration and Patch Systems are used to maintain software – unfortunately, the also provide a clear path to pass threats back and forth.

Spam and Virus Scanners are often very touchy – they can become compromised by sending one email – allowing attackers to send span and virus-containing emails users' mailboxes. 

SANS (SysAdmin, Audit, Network, Security) Institute is one of the most trusted and by far the largest source for information security training and certification in the world.  SANS Top-20 2007 Security Risks

Did you know?

Spiderhost offers a wide array of Network Security services.  We follow the best practices and methodologies from the International Standards Organization (ISO), Federal Information Processing Standards (FIPS), National Institute of Science and Technology (NIST) to name a few. 

Our security services include:

  • Wireless audit – SSID identification, AP security, encryption verification, MAC Spoofing and perimeter testing
  • Vulnerability scans – port scanning, IP spoofing, ARIN auditing, Web server, email and FTP auditing
  • Penetration tests – platform exploits, scripting errors, buffer overflows, update neglect and patch degradation
  • Device management – firewall/IOS configuration, change management, policy auditing and implementation
  • Physical penetration – facilities audits, location hardening, social engineering and dumpster diving
  • Education – timely, pertinent instruction directly related to your infrastructure and specific responsibilities of key personnel

Did you know we could do all that?  For more information on our security services, please contact us today!

Latest Buzzwords…Identity Theft – Fraud – Security Breach – Insider Threats
People are getting more and more creative – they're finding new ways everyday to obtain your sensitive data.  That's why as a business owner - It's even more important to know what data you have, who has access to it and what's being done with it.

According to the Federal Trade Commission, the Key Principles of a Sound Data Security Plan are:

  • Take stock. – Know what personal information you have in your files and on your computers.
  • Scale down. – Keep only what you need for your business.
  • Lock it. – Protect the information you keep.
  • Pitch it. – Properly dispose of what you no longer need.
  • Plan ahead. – Create a plan to respond to security incidents.

Spiderhost to the rescue!  Our IT Consulting Services can help you with this process.  For more information, contact us today!

Check out our Abridged Security Glossary – and find out what the heck a Wiki is!

  • Spoofing – faking the sending address of a transmission in order to gain illegal entry into a secure system.
  • Malware – or a.k.a. 'computer virus' – is a program designed to damage a computer system.
  • Phishing – attempting to steal sensitive information, usernames, passwords, credit card information, etc.  Spear phishing is usually done via email or instant messaging, and users are asked to enter their information on a website.   
  • Password Sniffers – programs that monitor activity on a network, record the names and passwords of users and allow an attacker to steal your password and use your computer account.
  • Bots – software applications that run automated tasks over the Internet. 
  • Wiki – a software that allows users to create, edit and link web pages easily. 
  • Patch – basically, it's a software update – usually meant to fix a known problem.  But beware – poorly designed patches fix one problem and introduce 5 new ones.  Always test them first!  Or better yet – let us handle it!
 
   Security in the News
 

Prolific spammer's felony conviction upheld

Virginia's anti-spamming law does not violate free speech, court rules

Blast of cold air can open computer to hackers

New research shows how easily an encrypted hard drive can be defeated
 
   Security Case Study
 

This month's case study features the Orlando Magic.  The Magic trust Spiderhost to manage their network security, and so can you.

Click here to read the case study.

 
   Security Horror Story
 

We know – it's hard not to read about other people's IT misery.  And there's certainly plenty of it in the news today.  Each month we'll feature a terrifying “IT Horror Story” – don't get scared.  The main lesson here is to learn from other's mistakes.  Let us help you – you don't want this kind of stuff happening to you, do you?  No way.  Contact us today so we can make sure your IT is in tip-top-shape!

And don't forget to send us your own IT horror story.  If we put your story online you'll get a Spiderhost credit, a t-shirt, and a gift card for a restaurant or store.  Looks like that IT meltdown's proving useful after all!

Click here to read this month's IT Horror Story
 
   Suggestion Box
 

Something you want to hear about?  Something we could do differently?  Let us know!  Drop your suggestion/comment in the box - click here.
 
 

An Innovative IT and Internet Services Provider, Spiderhost delivers customized, best in class technology solutions to small and mid-size businesses that fit their unique needs and individual budgets.  With a robust suite of Internet products and services, Spiderhost combines technical elegance, high performance, security, and economical operation for maximum positive impact.  Spiderhost enables companies to affordably overcome challenges, freeing up time, money, and energy to focus on their core business.  For more information, please visit: www.spiderhost.com.

142 W Lakeview Ave., Ste 2090 | Lake Mary, FL 32746
Office: 407-444-2760 | TOLL FREE: 1-866-SPIDERHOST | Fax: 866-762-0204
sales@spiderhost.com | billing@spiderhost.com | support@spiderhost.com