DNSSEC

Image via Wikipedia

DNSSEC stands for DNS Security Extensions, and is designed to add security to the Domain Name System. As of May 5th, the last root server went through a a transitional milestone in the deployment of this protocol across the root DNS servers. As a resultall root servers are now serving up longer responses for DNSSEC requests. Full implementation of this new and major upgrade to the security of DNS at the root server level is expected to be finished by Mid-July. This will protect the DNS function from certain attacks, and all major DNS systems will be required to provide full or partial DNSSEC functionality within the next few years.
Specific functions that take place between a multi-campus company, or business transactions that use HTTPS(SSL), can now provide more security and integrity to transactions that take place using DNSSEC. It can provide for better origin authentication, data integrity, and authenticated denial of existence. One of the easy transition methods is the deployment of a DNSSEC appliance, which serves as a DNS signer for DNS zones. This can be a large, several thousand dollar appliance; or as inexpensive as a several hundred dollar, more portable device like a card or USB token.

In addition to accelerating DNSSEC compliance, These devices, known as Hardware Security Modules (HSM) provide support for other applications as well.

The applications are many, but are commonly deployed for such things as
1> Card Payment Systems
2> PKI Environments
3> Automated Teller Machines
4> POS Terminals

For these and other types of systems, the HSM provides an aid to securely encrypting data in a relatively unsecure database, verifying the integrity of the data in a database, and aids in verifying digital signatures.
The HSM provides FIPS 140-1 and 140-2 validation, and uses widely accepted algorithms for the most part. It is much more preferable to find a system that does not use a proprietary algorithm, so that the HSM can provide proven functionality for all necessary functions.

This is just one of many types of systems that can aid in an overall security solution. Providing that proper security processes, such as risk analysis, testing and careful administration of the device can ensure a better security posture for mid-sized businesses or greater integrity for financial transactions.

Related articles by Zemanta

• More network firms join VeriSign's DNSSec initiative (v3.co.uk)
• DNSSEC Adds Security to URLs (readwriteweb.com)

"Likejacking" Takes Off on Facebook

"Likejacking" Takes Off on Facebook

Remote Access

I love remote access. It lets anyone from a company connect from anywhere with an internet connection and access company resources. It enables a workforce to tend to business matters without coming into the office. In my opinion and experience, this is one of the greatest things from IT that makes people's lives better. The manager is happy because his work is getting done, the worker is happy since they can finish projects without a care to the time of day, where they physically are at that moment or the weather outside. I live just outside Philadelphia, where the snow can be deep sometimes, especially last winter. Remote access enabled me to keep working, right after I shoveled out.
There are some distinct security benefits and drawbacks to a workforce that uses remote access, and if it is properly implemented could create a happier, and more productive workforce.
Some of the drawbacks include greater difficulty managing patches and updates, and the opening of a portal through the firewalls into the heart of the organization. And although it is completely necessary to let systems administrators connect remotely for maintenance and administration, this is where the greatest security hole is, when someone with intrinsic back door access connects to critical machines.
For benefits, the workforce is enabled to work with more flexibility for time to time, and will often spend more hours working than if they were in the office every day. The company can maintain a smaller office with a mobile workforce, and doesn't need to have dedicated workspace for every worker. From a security standpoint, remote access gives great resiliency in the event of a disaster, since many processes are location neutral and the workforce just needs a connection to perform their duties.
I think about the benefits from my own experience working on the road, and I'm a huge fan of properly implemented remote access.
1. Management must support the reality of workers connecting from on the road. Sometimes the amount of backlog on paperwork (virtual, of course) or other work gets so great that I would sequester myself in my office at home to catch up. If a worker can do that from home or on the road, not only will their happiness and morale improve, but so will their mobile workforce's productivity if management supports this kind of activity, and ultimately this leads to greater profits.
2. The workspace must be viable. The home worker needs to have their configuration verified by the IT department to ensure some level of security. The workspace must also be free from distractions. I have been working at home for so long now that my children leave me alone, but it took time and effort to get that aspect of remote access from home solid.
3. The security process must be included from start to finish. User verification, secure connection protocols, patch management, virus protection updates and notifications, and access control all have to be implemented and managed for successful remote access to be truly effective. What's the point of having people connect from hotels in several different cities if one of them brings havoc to your core systems.
4. Regular review must take place of the time that users spend working from home and their effectiveness. Logs of connection times can serve as great records to verify production. Most workers will not take advantage, and the ones who will are often kept in line by a procedure that keeps them on the right path.
5. Training on time management and discipline should be given on a regular basis. Most of your workers will do just fine from home, and this kind of regular support is often welcomed. I personally am a fan of tricks and tips to help me manage my time since I apply them across the board.
If properly deployed, remote access can offer some serious improvements to the lifestyles of the workers as well as great benefits to the company.

Internet Speedtest Results Going Public - PCWorld Business Center

Internet Speedtest Results Going Public - PCWorld Business Center

Posted using ShareThis

Virus Defense for Small Business

I still remember clearly the morning the first virus got through. It was a pain, having to hit every machine and eradicate the infection, but it was also an alarm that our network security posture had to improve immediately. That particular virus had a payload which deleted pictures, and at the time the company I was working for used pictures heavily on the sales side to help with quotes. The viruses that attack now are much more malicious, and are intended to gather information, take over your PC or network and send information back to the source. I have tracked some attacks to some former eastern bloc countries, but many times there are computers relaying information and instructions so it can appear as if the attack is a mile away.
The threat has evolved, and if you have not taken this into account when looking at your small business then disaster awaits. Not IF, but WHEN, and usually quite soon. Back when I had Comcast, I decided to hook a PC straight to the internet, without a firewall, just to see what happened. Within 10 minutes the PC was rendered unusable. I also watched, while it still worked, the probing of the machine and was amazed at how many different sources were attacking. Automated programs use lists of IP addresses for Comcast and relentlessly try passwords, ports, and various techniques to try to gain entry. If your machine were to get infected, sometimes the only thing it would do is run the automated programs and further the infection, and your PC or server just became a 'zombie.' As far as you could tell, your laptop just seems to run slower.

Basic defense against this type of attack is simple, and very cost effective.
1. Implement a firewall solution. Get a good firewall that does Intrusion Prevention (IPS) right at the edge. This allows for most attacks to be stopped before they take root. Some large companies use layers of firewalls and other techniques so that traffic is filtered several times, both entering and leaving the enterprise.
2. Implement a good Anti-virus solution on every machine in your enterprise, and make sure updates are regularly applied. Automate as much of this process as possible so that you don't have to remember to update. Many threats can be stopped before they affect you just by having up-to-date virus signatures.
3. Keep current with Microsoft patches, and other patches for your applications. Often, viruses and malware exploit vulnerabilities in code, and software manufacturers are constantly updating their programs. There are methods of automating this for any business, and this process should be regular in nature.
4. If your company has the resources, then an Intrusion Detection System (IDS) is also something to consider. These types of systems watch for threats to show up, or watch for activity that indicates a breach.
5. Educate your employees. If someone calls on the phone looking for the IT department and asks a ton of questions about your infrastructure, make sure that they don't give freely all of the information. Make sure your employees don't use their business email as their sole email for all things personal and private, and that they should not click on everything in their inbox. (people still do it!) This training needs to happen in a formalized setting, and be a part of the policy handbook, new employee training, and reiterated on a regular basis. Many, many times the virus will come in because of user error.

The cost of the IT department running around fixing the problems on every machine was just one part of that original infection. Also was the lost data and time for sales that now needed to replicate their efforts, and put together quotes based on memory or hand drawings alone. Now the threat could sneak in and take all of your customer information, credit card numbers or any of the other 100 or so proprietary types of data that you safeguard, and use that information in ways that it is not intended. Once you have been breached, and this information is leaked, then permanent damage to your business is certain. Your customers trust you, and aside from all other civil and criminal ramifications of a breach, if their information is exposed that trust will never come back. Many large name companies are no longer in existence after the scandal, because their customers took their business elsewhere.

Burglar looks good on camera

Example of IP video quality.

http://bit.ly/aYV5zD

First Post

It has occurred to me on more than one occasion that the digital video revolution in CCTV technology has just opened up the ability to have a very sophisticated video solution is now within reach of almost anyone.
For many years, CCTV technology meant a huge investment upfront, constant maintenance and a gerat deal of staff to monitor and review after incidents had occurred. This is fine if you're a Fortune 500 company and have the resources, but smaller companies had a need as well. The smaller company had to pick and choose amongst features, which were often very expensive, and were often left with a less than desired solution.
Now that IP video (network-based) has taken over the CCTV market, and now that the Fortune 500 has adopted many of the early incarnations, the prices have been driven down for excellent solutions, available at less than the cost of traditional security offerings. Also, since the cameras and recorders are network-based, and use the standards and protocols that are almost universally accepted among IT departments; maintenance and upkeep have been taken away from boutique or specialty security vendors and are deliverable at a greatly reduced cost from IT vendors.
Features that many small businesses would love to have, such as Object Removed, Motion Based recording and alarms, and POS integrated video can make a difference not only when your business is closed, but can also watch the flow of cash into your registers. These types of features turn your passive video system into an active partner that watches for changes and alerts you immediately of problems.
Most of this uses off-the-shelf products, so service and upgrades are not proprietary, thereby freeing the small business owner from being locked into a situation of loving the product but having to deal with the vendor.
It's the most exciting thing to happen in surveillance, ever.