routers

Sep 14 2008   11:17PM GMT

Encrypting for Security - SAS70

Posted by: sas70expert
Uncategorized, Networking, Network monitoring, Identity & Access Management, routers, Security Program Management, Encryption, Auditing, Development, Network

SAS 70 audits review the not only the security of your networks but of the data that is transported across your networks and on the security of your data that remains on your servers and laptops. Before choosing an encryption vendor, there are factors you consider:

• What administrative actions are required? Can keys be changed and modified by the user or does your network administrator have to take action? What if the key is compromised, can it be changed at will? If the key is changed, how do you remember it?
• What steps are taken to manage keys? Are keys kept in a secure database or are they managed individually? Independent solutions allow you more flexibility, but independent users may not always follow the company standards which may give hackers an opportunity.
• Are multiple keys supported and can you create a master? The more critical and sensitive the data, the tougher the key should be crack. 
• Is there PKI in corporation? Does the encryption product integrate with an existing PKI production ro des it require software in order to function? Any vendor solution should be able too.  Trackback URL

Jun 26 2008   4:30AM GMT

What’s your data loss prevention strategy? – SAS70

Posted by: sas70expert
Security management, Third-party services, Database issues, Networking, Network security, Firewalls, Incident response, Security, Network monitoring, Identity & Access Management, Information risk management, routers, Management, Security Program Management, Compliance, Viruses, Database, patching, Configuration, Database Management Systems, business/IT alignment, Auditing, Monitoring, Access, Access control, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Security tokens, Patch management, CFO, router configuration, SAS 70, CSO, Intrustion management, TrendMirco

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.

 

Jun 25 2008   11:21AM GMT

Data Exchange and SAS70

Posted by: sas70expert
Third-party services, Networking, Security, Identity & Access Management, routers, Compliance, Encryption, business/IT alignment, Auditing, Monitoring, Access control, CIO, DataCenter, DataManagement, CEO, FTP, instant messaging, CFO, Email, Exchange, SAS 70, CSO

Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods, suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. What data transfer method are you using and is it secure,manageable and auditable?

 

The types of data transfer continue to evolve and a variety of people with whom companies exchange data is also changing. For example, many companies outsource processes that they used to perform in-house. Furthermore, some even are processed overseas, especially in India. How much control do you have on your outsourced vendor? How do you know that their process to transfer data is secure and managed appropriately?  Trackback URL

Jun 17 2008   11:45AM GMT

Networks, laptops and virus in your Starbucks? How much do you want in your coffee? – SAS70

Posted by: sas70expert
Networking, Security, Microsoft Windows, routers, Compliance, Viruses, Auditing, Blackberry, Mobile, DataCenter, router configuration, SAS 70

Wi-fi networks are everywhere…..to keep employees thinking, moving and socializing. Can we just drink coffee at Starbucks? UNTHINKABLE!! As more and more of these networks become prevalent and we become connected to one big network that never ends, what is going to happen if that unthinkable malware or virus infects your network? Will it start on your pda/phone, or on your laptop at 8:05am and then spread to your home computer at 8:07 and then off to your corporate network at 8:15am. Researchers at Indiana University  are predicting that unsecured wireless networks could launch a potential network attack that spreads like wildfire to personal, home, and business networks. How can you combat such an attack? 

First, those wi-fi networks need monitoring and standards – a SAS70 audit to review network controls. Included in a SAS70 audit is a review of your router controls to make sure that you have some insurance in place to prevent network downtime.

 When the routers are taken out of the box and set on the shelf and plugged in, that is not the only installation required. Administrative passwords and SSID’s need to be strengthen and hardened so that Mr Hacker is not able to stop your credit card from being accepted. Use administrative passwords that are not common, require numbers and letters, and are not your mothers name. The same requirements should be used for SSID’s.In addition, turn on encryption, preferably WPA – which is considered almost impossible to crack. What controls/insurance do you have in place?

SAS70ExPERT@gmail.com