Monitoring machines
Good morning, It would not be important in similar forensic software security solution to point some strange movement in net for manual configuration? Would not it be nice to send this log to the administrator so that it has real science of what happens on their machines? The fact that even happens that the only security solution for password and disable it is discovered any protection software with password folder can hold a virus where this solution can not be detected due to have a password contained Performing a test in a given security software that will not mention the name says it the same as the high power of detection can not detect which way the folder with password there is a virus code that I created is not the same as new I sent them to the database and still is not detected because the folder containing password. In this case the solution would be important to periodically report to the administrator the steps that are being taken on all machines on your network because each machine would have this solution that would monitor every activity detecting managing such facilities that protect files with password and security does not detect your code simplest is that despite being in the database. Big hug860Views2likes2CommentsPhrases that scare security professionals
Given the findings of some practices and routines, it is easy to know what the problems are with the security companies. It is your case? The scenes are classic. A child with chocolate smeared shirt says, categorically: "It was not me." Or the phone rings and mother assures you, "There's nothing to worry about." Or a systems administrator who carries a box of tapes back up guarantees: "Within minutes, all information will be retrieved." In some cases, the first words you hear - despite the distance between them and the truth - are enough to tell you everything you need to know. In some cases, the first words you hear - despite the distance between Them and the truth - are enough to tell you everything you need to know. The same applies to the world of information security. The same applies to the world of information security. Some words sound reassuring, but we know they often point out problems of internal security, technical resources or the people and processes involved in the protection systems. Get to know some of the phrases "revealing secrets" that signal the imminence of problems in security. One. One We have a culture of safety We have a culture of safety "No, you do not have" is the immediate response of the professionals. "No, you have not's" is the immediate response of the professionals. Even if only mentally. Even if only mentally. This is the kind of phrase that comes from companies that started with five people - in the traditional family business model - and, as they grew, a snap themselves operating with thousands of people without governance or policies. This is the kind of phrase That comes from companies That started with five people - in the traditional family business model - and, As They grew to snap Themselves Thousands of people operating with or without governance policies. Some exchanged and its "safety culture" are enough to buy a good espresso in a quiet corner allowing look to the horizon and find out how much work lies ahead. Some Exchanged and its "safety culture" are enough to buy a good espresso in a quiet corner Allowing look to the horizon and find out how much work lies ahead. The simple fact is that without support guidelines or feedback mechanisms (feedback), security is defined differently by each and is not verified by anyone. The simple fact is without support guidelines That common mechanisms or feedback (feedback), security is defined differently by each and is not verified by anyone. There are no metrics for compliance with the "culture" and a "safety culture" is hidden by a practice of "do your job". If there are rules, write them down. If there are rules, write down Them. If technology is put into action to implement or monitor the rules, write that down too. If technology is put into action to Implement or monitor the rules, write down That too. If people break the rules, comply with what was agreed. If the rules undermine the legitimacy of the business when completed, change them. 2nd. 2nd. IT security is information security IT security is the security of information Information security is not the same thing in the information technology security. If the term "information security" is used in the same way that "IT security", it invariably means that nobody has taken decisions not primarily security techniques that affect departments - IT, human resources, legal, audit and perhaps others in the organization. Join those who have influence in the departments listed above and decide whether information (not paper documents or equipment) is an asset of the company, such as computers and desks. Decide whether the company authorizes people to do jobs, logical and physical access to information as individuals. Decides Whether the company authorizes people to the jobs, logical and physical access to the information Individuals. Take these policies in group decisions. Take these policies in group decisions. Then maybe there will be more time to decide "how to" manage security - rather than trying to guess ... 3rd. 3rd. This does not apply to the chief This does not apply to the chief Although this is becoming less of an issue in public, occasionally an executive simply refuses to follow security guidelines that he himself approved. Although this is less of an issue Becoming in public, occasionally an executive simply Refuses to follow security guidelines That he himself approved. Unless you are prepared to meticulously document all "escapades" following the model of forensics and then deliver them to the directors or the police (or just quit), be prepared to work around the situation. Most bad apples can be managed by applying the Machiavellian sense of having influence the relationship of the other: they must at least pretend to lead by example, while continuing to do whatever they do behind closed doors. Few will admit it, but many Organizations simply put in the budget and install a DSL line access to "guests" in the halls of top executives and Their Eyes close to anything that is plugged into That line. This is not a desirable solution, but if you still solve these executives sign the documents required by Sarbanes-Oxley, the rest comes from the ability to deny knowledge of security professionals. 4th. 4th. Our department gets information security IT staff Our department gets information security IT staff Titles do not matter. Titles of not matter. A report by a security expert at the IT director is always a security administrator, even if that person has the job of information security officer. The problem is that in the corporate world the word "officer" usually means that professional has the authority to verify and monitor whether all the techniques and processes that control proprietary information are efficient. An IT security administrator is usually involved in designing technical control and therefore can not be "self-audit" and make sure that IT is doing the right thing, particularly if it relates to someone within IT. The security professional with the position of "officer" should always report the same level or higher as the IT director. The security professional with the position of "officer" should always report the same level or higher to the IT director. 5th. 5th. We have a password policy We have a password policy Speaking directly, a document that specifies the size, shape and complexity of a password is a technical standard or procedure, not a policy. Speaking directly, the document that specifies the size, shape and complexity of the password is a technical standard or procedure, not a policy. Politics is a directory for directing business, something like "individuals must be identified uniquely and authenticated priority to have the condition to access the company's assets." Politics is a business directory for directing, something like "Individuals must be authenticated and uniquely Identified priority to have the condition to access the company's assets." Note that this example policy involves "what" to do about people and access, not "how" to construct a sequence of character types. 6th. 6th. Our executives have copies of all passwords Our executives have copies of all passwords Although the idea to make a young student faint, ex ist indeed managers who demand that their direct employees to disclose their individual passwords. Although the idea to make the faint young student, ex ist indeed managers who demand That Their direct employees to Disclose Their individual passwords. The explanation for this is always: "What if someone is fired or sick? How could we find your documents?." When this happens, the only effective strategy is to tell anyone who asks such a thing: "If you do, then you are a suspect in any negative situation that arises. When this happens, the only effective strategy is to tell anyone who ASKs such a thing: " You'll never be Able to fire anybody because you will Also be a suspect. "Or you can always summarize it all in a simple:" Grow friend. " 7th. 7th. The brand is our standard I have nothing against the major hardware vendors in the market, but when the personal shopping company says: "Our standard is Dell" (or any other brand), what they are really saying is: "We play our standards security out the window in exchange for discounts and now we buy whatever the vendor offers. " I have nothing against the major hardware vendors in the market, but When the personal shopping company says: "Our standard is Dell" (or any other brand), What They are really saying is: "We play our security standards out the window in exchange for discounts and now we buy whatever the vendor offers. "It's the equivalent of shopping that her great-aunt in a store with inflated prices, getting happy because" a product is discounted 75%. " It's the equivalent of shopping That her great-aunt in the store with inflated prices, getting happy because "the product is discounted 75%." The point is, that both her great-aunt when IT people in the real world have other decisions to make and are commodity PCs. The point is, that her great-aunt ambos When IT people in the real world have other Decisions to make and are commodity PCs are all sure to choose the product from a vendor and maintain applications with it for a while. It's all right to choose the product from the vendor and Maintain applications with it for a while. But a manufacturer is not a technical standard and there is a problem in that mix if anyone does their homework. But the manufacturer is not a technical standard and there is a problem in That mix if anyone does Their homework. When a manufacturer makes changes in line or software product - especially when that part of an equipment manufacturer and network security such as Cisco Systems - it is important to have clearly defined functional requirements to assess whether the products still work as desired. When the customers not know what They want, any bargain Seems to be what you need. 8th. 8th. Hey, where did that come from? It is conceivable that those highly technical users should organize their own equipment as well as support them. On the other hand, this means that the area of IT and support personnel were knocked out by hardware manufacturers that provide only an 0800 number that never works. Security policies must be present everywhere, including the bathrooms attached to the wall behind the toilet paper of an organization. Security policy in the company can be exposed Also next to the bathroom towels. The important thing is to be clear and known to all. Solving this problem is a fundamental respect. Solving this problem is a fundamental respect. Start with the basic governance and making it clear that there are rules, with much effort and communication, this will at least make the "safety culture" a settled matter. 9th. 9th. We ship to the firewall rules ... Most network administrators cowers with the words mentioned above. Still, many will still send free email with a copy of the firewall rules. Worse, they have an OEM or a freelance consultant who set up the firewall for them and retain the single copy of the rules. These rules, if they present complexity, provide a detailed map of the security scheme of the company, with important information about the identity of internal networks and services and how to make them a target. No serious security professional would date a copy of the firewall rules of someone without a specific requirement to do so. A competent auditor of information systems certificate or other auditor will review firewall rules directly into the system administrator and can not take. The Competent auditor of information systems certificate or other auditor will review firewall rules Directly into the system administrator and can not take. If you see a copy of your corporate firewall rules put in an audit report, especially an audience, get ready to redo the design of IP ... and call their lawyers. Their lawyers and call.Solved1.3KViews2likes6CommentsYou design your system
For better be your antivirus, two problems occur frequently: Lack of update. Inefficiency to block changes in the registry keys or writing to the system folder. For malware to install itself on the system successfully it needs basically two things, run and allowed to spread. Many users do not know, but as an administrative user, you have the power to destroy your system if you wish, as well as install whatever you want on it. When working on a computer as an administrative user, everything the user does is run with administrative powers and as such, you can modify any part of the operating system. hugs449Views2likes0CommentsRisks of fraud power increase in business
The risks of fraud in computer security or enterprise networks have grown considerably in Brazil and worldwide. Essas são algumas das conclusões de um estudo realizado pela Deloitte intitulado “Risk Intelligent governance in the age of cyber threats”. These are among the findings of a study conducted by Deloitte titled "Risk Intelligent governance in the age of cyber Threats." The study, which took into account other surveys to be drawn, points out that in 2011, organizations heard suffered an average of more than one successful cyberattack per week, which represents an increase of 44% compared to 2010. "Companies generally, should no longer be questioned about the possibility of such an attack happen. É bem provável que ele já esteja acontecendo”, destaca André Gargaro, sócio da área de Gestão de Riscos Empresariais da Deloitte. It is very likely that it is already happening, "says André Gargaro, a partner in the area of Enterprise Risk Management at Deloitte. The cyber attacks, the study indicates, may harm a business in various ways, from simple vandalizing the site, even to the shutdown of electronic fraud and intellectual property theft. In Brazil, Deloitte indicates, with the exception of the financial industry, preparation companies is still very reactive in relation to protection. Apenas depois da ocorrência de um evento considerável é que as corporações começam a se preocupar com medidas para evitar impactos de outros ataques. Only after the occurrence of an event is significant that corporations begin to worry about measures to avoid impacts to other attacks. "The ideal is to anticipate possible attacks through knowledge of their potential invaders and shapes how they act. As empresas precisam investir de forma mais eficiente em ferramentas, pessoas e processos”, aconselha Gargaro. Companies need to invest more efficiently in tools, people and processes, "advises Gargaro489Views2likes0Commentsvulnerability
The Microso ft Windows users warned about possible attacks "man-in-the-middle" capable of stealing passwords from some wireless networks and VPNs (Virtual Private Networks). However, the company will not release an update to resolve the problem. This is not a security vulnerability that requires Microsoft to issue a security update, according to some security experts. "This issue is due to deficiencies cryptographic protocol MS-CHAP v2 and is driven by configuration changes." Rather than release a security patch, Microsoft recommends IT administrators to add PEAP (Protected Extensible Authentication Protocol) to protect passwords on VPN sessions. A support document describes how to configure servers and clients for PEAP. The MS-CHAP v2 is used to authenticate users based VPNs PPTP (Point-to-Point Tunneling Protocol). Windows includes an implementation of PPTP. The threat has been identified by researcher Moxie Marlinspike safely during hacker conference Defcon. The specialist even showed a tool that could be used in this type of invasion, Chapcrack. To use Chapcrack an attacker must first capture data packets to be transmitted via a VPN or Wi-Fi. The most likely scenario: a forgery of a legitimate point wireless, as in an airport, to find a VPN or other traffic and then attack him. Microsoft is not aware of any attacks that have used this feature, but acknowledged that the threat is real. "An attacker who successfully exploited these weaknesses could obtain cryptographic user credentials," said the company's advisory on Monday (20/8). "These credentials could be reused to authenticate the cracker on network resources, allowing the execution of any action you take on this network." As noted Marlinspike, MS-CHAP v2, which refers to the Windows NT SP4 and Windows 98, has been denounced as unsafe for years.477Views2likes0CommentsIT security policies need to change
IT security policies need to change Mobility, cloud and advancement of social networks are becoming obsolete the traditional rules, say industry leaders IT and information security managers will not be able to directly control or adequately protect company data in the coming years. The warning comes from industry executives attending the RSA Conference 2012, being held this week in San Francisco (USA). The confluence of cloud computing, mobile technologies and the consumerization of IT is driving big changes in how corporate data is accessed, used and shared. Instead of trying to fight this movement and change data management, companies should seek an adjustment to the new environment in a safe and practical advice to executives. "We need to rethink how to protect the company," said Enrique Salem, president and CEO of Symantec, which was one of the keynotes of the conference, which began on Monday (27/2) and closes on Friday (2/03 ). "We have to stop saying 'no' and try to form a partnership with our user community to enable safe access of new technologies and social media tools, Salem says the executive. Salem notes that many of the current rules on security in enterprises should be discarded. "In this new world, we can not control the device," he says. The company's data are increasingly accessed and shared via means they have little direct control, as is the case of personal mobile devices and social networks used by employees and services hosted by cloud providers. "With the expanded use of public and private clouds do not know where our data resides are accessed or when," said Salem. Models that focus on traditional security network perimeter controls do not work in the new IT environment, strengthens the CEO of Symantec. Companies must begin to implement controls that can authenticate, authorize and monitor user access through new approaches. Instead of having only firewalls to prevent malicious code from entering the network, businesses should start adding controls that can keep your critical information protected, said Salem. For the first time since the dawn of IT, consumer and experienced employees are adopting technologies faster than companies can absorb them, "says Art Coviello, president of RSA, the security division of EMC. Protection of large volumes of data The ramifications of the trend are significant. "IT must learn to manage what you can not control directly and learn to protect what can not anymore," says Coviello Over the past 10 years, he noted, data volumes, speeds data access, the use of mobile technologies and social media tools and risk levels have increased by several orders of magnitude. "If Facebook were a country, it would be the third largest on the planet right now," compares the executive of RSA / EMC. Protect corporate data in the new environment is much different than current models allow security, he added. Scott Charney, vice president of Microsoft's Trustworthy Computing initiative, emphasizes that good security in the current scenario should be increasingly on the ability to manage and analyze large volumes of data. "It's very important to understand that we are moving to the internet of things," he says. As users begin to access corporate data from mobile devices and other channels, the security manager must find a way to deal with an avalance of information related to devices, cloud infrastructure, data and geolocation sensors, Charney said. Patricia Titus, chief information security, Symantec, argued that, although many processes need to change some things about the safety of the company remain the same. "The governance has not changed much. I still have to keep the basic cybersecurity" as patch and installation of antivirus tools. These ingredients are essential and security managers should not ignore such measures, "says Patricia. "The job security is the same, but now we have an additional layer of complexity," says Patricia. Source: ComputerWorld486Views1like0CommentsI was invaded, who's to blame?
This paper presents the thoughtful side of some teams after serious mistakes made by those who, after hiring some solutions in order to relax a little more concerned for their jobs, in order to relax so much that tend to change as the only solution claiming guilty unauthorized entry and successful attacks carried out by cybercriminals. After all, who's to blame? This case deals with the oversight of IT staff in relation to his duties that, when checking the cause of a failure, always tend to blame the security solution. We will treat the most common mistakes with the question that never shuts up, who's to blame? The greatest demand of a team is to leave everything running smoothly, as the saying goes: Who would not want to see the perfect operation? The problem is that the vast majority proposes to his department managers and the quality of services based on security policies of their solutions, but do not relax to the extreme by creating their own security policies so that together make an effective security for the company. I often see here that many people asking and / or questioning the use or perfect detection power of Symantec's products, now sometimes wonder if our products have detection for "X" virus, since the solution of the competitor "X" has . But has not the courage to perform the test. This situation this is a great uncertainty quality technique itself and not of our solution used. We have many doubters who actually have no idea how a computer virus spreads or how it would affect you so much, because we have many doubters who are overwhelmed with advertising competitor. The most dangerous attackers are those who follow a tutorial, they just want to destroy and quantities, many quantities. They are those who prefer to say that invaded 10 sites spend a week there trying to break into one that has a good security configuration. In fact, these attackers are that most here have questioned whether our award-winning solution for a long time, safe or not an infection that the questioners already have the name of the malicious code. This is easy, detection in this way is too easy. Now let's see how this solution could behave competition against those of thorough knowledge programmers who create their own exploits and are not disclosed? Does this solution is safe from competition? But, our solution is also safe? We need not push too hard to learn that yes, ours is safe because they are conducted in-depth testing on it and so is winning. The big reason this article is actually a relief, more than a demonstration, but why not show? Yes, of course, that will be demonstrated and may be able to take many questions before this publication. The form of demonstration to be held aimed at putting some thoughts for creating a good security policy, so that together we make a 100% protection, but if there is no 100% solution at least 99.9% will be effective. Many companies promise you competitors worry more about their work than their safety, but political will and your good? Who are the people you trust to open certain links, "jab" pen drive, put media on your machine? How soon do you trust someone and really take this attitude? Did a few years of friendship, could you trust me? If advertising competition draws attention detection, the title of an e-mail with the intent to install malicious code on your machine, also call your attention to open such a file, right? Of course. How about opening a PDF file with the description: Please make the price of advice on IT for our company in order to look for possible hiring. What services company, would not open this email? You respond to this "possible" client to rephrase your quote in email body? Would this "possible" customer waste your time again just because of a possible attack and political vision? What level of detection real competitors to offer new malware? The truth is that all these competitors are strengthened by attacks that only do lammers put more power detection code already "manjados" but do not have a good structure for the detection of new codes. Let us return to the team "failed" to demonstrate the most common mistakes that are made by the weakest link in security, and in order to blame someone, it has to be someone. And why not blame the solution since it is easier to blame than to take the same error and lose your job? Data are stored in many parts, flash drives, CDs, external hard drives for enhanced that they will not be lost easily after a disaster, that's a weak point for the team, they should be in a center with a powerful markup where each of them must have a specific job, but build a team, with good protection as our (Symantec) it is possible. The staffs of this type are more concerned with marketing and false promises, than spend time evaluating a security solution, but lost time to come to the forum and ask about the detection of "X" virus. Impressive? It would be yes, but it would be more impressive if he come here and agree that Symantec is not the best solution by chance. Does anyone here would be able to ask the director of the company where you work (your boss) that it is with your iPhone using protection for network access? And if they answer no, you would be able to tell him to turn off the device? The problem is the growing demand for unmanaged devices, in order that some come here to say; SEP did not protect against "x" plague! Another serious problem is the concern about costs, costs more to pay the cheapest. The proof is the support of competition that is not offered in real format, leaving the team panicked when it is needed some help when experiencing an attack. In fact it should be placed a strong security policy for both the enterprise network and for use of devices, the courage to get to your head and say: You are with our trusted security application? If the answer is no, then tell him: Turn it off immediately, because it is based on our standard. Who would have that courage? But it is easier to let the head and then use the solution to blame? Of course! USB devices must be inspected immediately outside the context of security, or USB device plugs into one machine in the network, there is a desktop just for this, but finding a USB thrown to the ground by "social engineer" did not think anyone in espetaria your computer? Of course you do, and say more, espetaria in business and at home too, because thinking is this: We have a good solution, nothing passes through it, but when it passes, it is the fault of their own solution, even though this employee aware that nobody is 100%. News, news and more news, see the outside of the building or in front where you have lunch, look how beautiful ad: Your phone used more than one (1) dollar and replace the new Smartphone. For those who like it comes to advertising and the Symantec forums questioning this or that, because the competitor announces that it has against "X" new virus, would be perfect in this advertisement that asks you to visit the site "X" to find the nearest point and carry out its exchange your used cell phone that with only 1 (one) dollar, you would go with the new Smartphone. Certainly at lunchtime, in fact, after he'd at least 100 hits and more than this depending on the size of the company. Social networks are here to stay, and with them, all are on or want to stay connected to people they know or would like to know, is also a very strong point for an attack, because there, any attacker would have some of the necessary information you need to make their invasion. Simply register on this network is done with the corporate e-mail, I doubt that many people say no, and soon after, said and done, this e-mail on the Internet is the victim of spam and social engineering attacks. Each of these networks have become business tools and actually a lot of staff and is not prepared for it, but leaves, because the solution will solve, and if we are attacked by a new exploit? Oh is simple, we switch solution because it was not good enough. This is absurd. Many people do not stop saying social networking company that works, do not make a profile for yourself but for your life, endangering the security of your company. I have watched corporate executives even put photos of the place where he works, and sometimes a picture on the back of the photo would have a necessary information for an attack, and have seen it happen. The total number of incidents malware and infections continues to grow, more effectively be given a detection and response active against such that not all solution has as locking and identification. In the same article, I have attached a video testing the protective capability of the bidder that it is not difficult to imagine who's reading here knows very well that I'm talking about McAfee. I think I got tired of seeing here some citing their protection and questioning our great Symantec. Lack of promoting a culture of awareness, ie, the end user awareness is key to a good level of security. In fact, this team should train their employees so that everyone knows to act before an incident, as if panic across the enterprise, is that this same team will know how to be on the desktop or laptop computer for each employee? Ih Fabiano, but robust and our security from Symantec? Goes very well thank you and defending, but like the others, it is not scheduled to defend himself does not know you actually have a policy of good manners and safety awareness for your company, for there is life and what we call "breadwinners." The reality is that the Web usage policies should be clearly communicated, monitored and applied. Awareness of threats, their impact and methods of proliferation vigilant and help keep users prevents them from making poor decisions that can infect the business. Safety awareness campaigns on a recurring basis is vital to keep employees informed and protected. But they must be well trained to take right decisions at certain applications. In the attached video, we will test only one thing to steal information such as, username and passwords used in a way that could be a social engineering. Willing to see how competition behaves in front of it? Ok then! The test was performed based on a fictional story that says the following; A disgruntled employee sees a team setting up the wireless router company, he knows the external IP and has the same steps and vague inspection, but it is only necessary because he just wants to go. Based on actual fact, I've seen many large companies configure routers for client companies in order to leave their port 23 (telnet) open and do not change their logins and passwords default. Result? Easy access to the same router, and you can see the wireless password. Then this same employee gets the password and the next day go with your laptop to the company where he works. Even though this staff has a policy not to allow their employees access to social networks, and that if it is done only in a controlled way to get in touch with customers, this same employee could use a social engineering technique warning his co-worker that if he enter a specific IP he can get into this social network. The former co-worker and ready access, were copied your logins and passwords, as this practice can watch the video, can be made on any site that has the login page and password, and can easily be captured in any browser, whether IE9 , Chrome, Firefox. The show is based on providing security service in browsers and even then it is possible to capture data, note that no application has not been installed, and no malicious software has been installed, a simple cloning. But Fabiano, you are testing the solution of the competition and still managed the data in this test? Yes, as you can see, easily! Manjados attacks are easy to spot, and it is also easy to say that the competitive solution takes "X" virus, but in practice and it ensures you? Do not just be good. But understand that Symantec is the best. I hope you enjoyed. Big hug to everyone. Fabiano Pessoa – Partner Symantec Analista de Sistemas E-mail: Fabiano.pessoa@peritocriminal.orgSolved1.2KViews1like4Comments1 Feb. 2010: Microsoft's Azure cloud is open for biz
Several IT news sites are reporting today on the "official" opening of Microsoft's Azure cloud computing platform. Azure has be in testing stages for a few years, Feb. 1 is the day Microsoft begins charging customers and developers for use of the Azure cloud. We'd like to know who has been testing this so far, and who will use Azure now that it's official? Will you use Azure as a service, or to connect with Microsoft on-site apps?800Views0likes2Comments