antivirus

May 16 2008   6:40PM GMT

Did you see this? - Fear or doubt? New rootkit from researcher’s labs

Posted by: Troy Tate
anti-virus, Security, antivirus, forensics, honeypot, malware, Monitoring, research, tools

Do you fear or doubt these types of announcements? There are so many possibilities and weaknesses in systems and services.

According to: SoftPedia News

TechWorld reported today that a new type of malware that could be impossible to detect by the anti-virus technologies currently on the market has been developed by security researchers and will be demonstrated at the Black Hat security event scheduled for August in Las Vegas. The same source adds that the new rootkit could prove to be incredibly hard to detect first of all due to the fact that it stays in a “protected part of the computer memory”.

Just what I needed… another reason to tell my users to “just say no” to using computers.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

May 13 2008   4:06PM GMT

To be done: an acquisition/merger checklist

Posted by: Troy Tate
howto, CIO, DataCenter, DataManagement, email, Microsoft Windows, Networking, LAN, WAN, Security, antivirus, malware, Monitoring, anti-virus, metrics, reporting, research, tools

An acquisition or merger is not a frequent event for my organization. However, it seems like in the past year or so we have worked on a number of these activities. So, it seems like it may be time to create a formalized checklist for the IT department items that need to be addressed during an acquisition.

To get the ball rolling, I am listing some items that I consider to be important to the infrastructure/security folks like me. I know this list is not exhaustive or complete. It is a work in progress and will need to be refined for each event since they are all different. Some of these may be done in the due-diligence but the rubber hits the road during the implementation.

So, without further ado:
Absorbing a new acquisition - to do list (general & incomplete)

• Private WAN connectivity - 30-90 days or more lead time depending on location
• flexible IP addressing scheme to absorb devices on new network(s)
• Internet firewall changes - ports, source addresses, NAT, etc.
• DNS ownership and management
  • changing registrars
  • changing DNS nameservers - use a dig tool to get information concerning current configuration - MenAndMice
• Network hygiene - how clean are the devices and what personnel habits need to be changed?
• Device inventory - what effort will it take to do this?
• Software licensing inventory
• What about handling loss of staff & knowledge?
  • Documentation of processes, procedures, configurations?
• Phone list sharing
• E-mail addressbook sharing
• E-mail system integration
  • anti-spam/anti-virus
  • calendar sharing
• ERP process integration
• Resource access permissions
• Financial reporting integration - accounts payable, receivable, tax, etc.
• Staff reporting structure
• Other HR activities - benefits, payroll, etc.

I welcome your insight and experience on the many other activities you feel is important to address during a merger/acquisition.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

May 9 2008   6:20PM GMT

Did you see this? - a live honeynet

Posted by: Troy Tate
anti-virus, Data security, howto, CIO, DataManagement, Sandbox, Security, antivirus, forensics, malware, Monitoring, research, honeynet, honeypot, botnet, SQL Server

I just came across the Shadowserver Foundation. According to their mission:

The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.

This is a great resource to find out what’s happening “in the wild” and to help sell security protection to your organization. This is real stuff happening in the real world. For example, take a look at how detailed the blog entry is on the winzipices.cn SQL injection / malware attack. This gives you enough information to fight the threat and feel confident you understand it.  Well done to the Shadowserver Foundation!

Thanks for your time. Let’s be good network citizens together &
practice safe networking!

 

Apr 10 2008   6:39PM GMT

Did you see this? - The Great SPAM diet

Posted by: Troy Tate
anti-virus, blogging, online identity, spam, Security, antivirus, malware, Monitoring, email

McAfee, Inc. Launches Global S.P.A.M. Experiment

Fifty Volunteers around the World Say ‘Yes’ to a Diet of Spam for 30 Days - Started April 1, 2008

McAfee, Inc. announced the launch of its global S.P.A.M. (Spammed Persistently All Month) Experiment. For the month of April, 50 participants from around the world - ranging from homemakers, government executives, and students to retirees - will surf the Web, make online purchases and register for promotions. Participants have been provided with a clean laptop without spam protection and a new email address. Beginning today, they will blog about their experiences daily at this website.

S.P.A.M. Experiment participants are from ten countries spanning the globe, including Australia, Brazil, France, Germany, Italy, Mexico, the Netherlands, Spain, the United Kingdom and the United States.

Let’s be good network citizens together & practice safe networking!