Viruses

Jun 26 2008   4:30AM GMT

What’s your data loss prevention strategy? – SAS70

Posted by: sas70expert
Security management, Third-party services, Database issues, Networking, Network security, Firewalls, Incident response, Security, Network monitoring, Identity & Access Management, Information risk management, routers, Management, Security Program Management, Compliance, Viruses, Database, patching, Configuration, Database Management Systems, business/IT alignment, Auditing, Monitoring, Access, Access control, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Security tokens, Patch management, CFO, router configuration, SAS 70, CSO, Intrustion management, TrendMirco

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.

 

Jun 17 2008   11:45AM GMT

Networks, laptops and virus in your Starbucks? How much do you want in your coffee? – SAS70

Posted by: sas70expert
Networking, Security, Microsoft Windows, routers, Compliance, Viruses, Auditing, Blackberry, Mobile, DataCenter, router configuration, SAS 70

Wi-fi networks are everywhere…..to keep employees thinking, moving and socializing. Can we just drink coffee at Starbucks? UNTHINKABLE!! As more and more of these networks become prevalent and we become connected to one big network that never ends, what is going to happen if that unthinkable malware or virus infects your network? Will it start on your pda/phone, or on your laptop at 8:05am and then spread to your home computer at 8:07 and then off to your corporate network at 8:15am. Researchers at Indiana University  are predicting that unsecured wireless networks could launch a potential network attack that spreads like wildfire to personal, home, and business networks. How can you combat such an attack? 

First, those wi-fi networks need monitoring and standards – a SAS70 audit to review network controls. Included in a SAS70 audit is a review of your router controls to make sure that you have some insurance in place to prevent network downtime.

 When the routers are taken out of the box and set on the shelf and plugged in, that is not the only installation required. Administrative passwords and SSID’s need to be strengthen and hardened so that Mr Hacker is not able to stop your credit card from being accepted. Use administrative passwords that are not common, require numbers and letters, and are not your mothers name. The same requirements should be used for SSID’s.In addition, turn on encryption, preferably WPA – which is considered almost impossible to crack. What controls/insurance do you have in place?

SAS70ExPERT@gmail.com

 

 

Jun 12 2008   8:51PM GMT

iPhone’s and data security

Posted by: sas70expert
Networking, Security, Servers, Compliance, Viruses, Auditing, CIO, Mobile, DataManagement, Email, Exchange, SAS 70

What about the new iPhone? It has an abundance of new features and new headaches? With the latest push of emails to your iPhone, how many more network issues will this create? 

With the iPhone, you can download, pictures, music, and applications – how many of these will have undetected viruses or Trojan horses? As executives demand more technology, do you have enough security in place to prevent such disasters to your network? How much downtime can you afford? 

In a SAS70 audit, wireless networks and the related controls are normally tested. Testing of phone connectivity to internal networks and the related hazards are not normal considerations. 

I would recommend standardization of cell phones. Chose a cell phone that meets business needs and provides basic communication access for employees. Enact most security features to prevent rogue viruses from attacking your network. The phones should only sync with your business Exchange server and not the employee’s personal contacts or emails.