Preserving Electronic Evidence

May 21st, 2007

A misstep in preserving electronic data for litigation could mean defeat before the enemy is even engaged.

According to Greg Fordham, a founder of K&F Consulting Inc., “Just not deleting anything off the computer isn’t enough.”

“The continued use of a computer can alter important metadata such as file system date and time stamps. Similarly, continued use can overwrite dynamic system data such as virtual memory stored to a disk, or overwrite deleted data so that it is unrecoverable,” he said.

Steps Fordham recommends include: early notice to preserve evidence – even prior to filing; preserving electronic evidence in a forensically sound manner that will capture the full spectrum of data; and developing a questionnaire or guide that seeks specific details about a clients electronic and computer systems.

According to K&F Consulting.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

May 19th, 2007

Computer security audit software changed a lot now

How the type of computer security software has changed over the years, what about checking if your system provides sufficient security, why not pass security audit?

The system of computer security audit has changed dramatically over the years. Whereas in the beginning all of the software that was crucial was produced by giants like Hewlett Packard, and it was adjusted to suit the customer’s specific needs, now it has been almost totally replaced with ready made products, as they proved to be very cost-effective for businesses.

While the performance of these products is not the same as it used to be with the previous generation of hand-tailored software, final users have still had to put up with it as well as with the fact that they have to take all the necessary security measures, as the developing companies disclaim any liability for incurred damages.

So what is exactly a computer security audit? To put it bluntly, it is a series of tests intended to assess a company’s security policies are used and if they are effective. In order to do this, computer security auditors may conduct various procedures, like personal interviews, system vulnerability benchmark tests, and others.

Computer security auditors usually start with checking if the company has a written security policy code. The latter does not exist in a lot of even modern companies, which is very unfortunate, since unless all the staff members of the company have understood and signed the security policy agreement, the security system may be extremely vulnerable.

Furthermore, this document must be living and regulations reflected in it must be implemented daily. That is to say, a lot of employees still choose convenience over security. For instance, users must be aware that every password should be somewhat sophisticated and should include numbers as well as letters and should not be a mere word or two words together. However, many employees are simply too lazy to come up with a password of this kind, which leaves the company’s security system vulnerable.

When auditors are checking the system, they should follow some kind of a standard procedure, a list of check-ups that they generally do, but also keep their eyes open for some unexpected problems. When the check has been completed, first of all, auditors should inform the administration and the staff of the obvious errors and flaws in the system. This should be done in a way that does not show the administration that the conclusions are definitive and final.

A thorough follow-up check-up might be needed to clear up the difficulties. Some errors, though, have to be corrected right on the spot. The final audit report should be carefully considered and written in a simple logical form so that every staff member should understand it correctly. Each problem, with its background and the solution should be laid out on a separate worksheet. In the meantime, the management of the company should be constantly supervising the faulty areas, just to make sure that the recommendations provided by the auditors are being implemented.

Though even when the report has been issued, the auditors and the management should keep in mind that organizations generally evolve, they do not stay the same, and as they evolve, so do their security systems. Therefore, the auditors should always be able to consult the company workers, in case some changes are to take place.

__

If you want to learn more about security auditing software, check Sam Miller new web-site.

Identity Theft Discourages Online Banking

May 13th, 2007

For fear of becomming the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study.

The study, which was based on online survey responses from 3,349 U.S. adult consumers, reports that 31 million customers would feel safe enough to begin banking online and another 39 million online users would increase their online banking activity if their banks offered free identity protection software.

While only 6 percent of survey respondents have been victims of identity theft or fraud, 41 percent — which translates to more than 88 million U.S. online banking customers — would change banks or reduce their online service usage if their individual institution was compromised by a data breach, the study says, making identity protection a significant competitive differentiator.

Consumers are willing to take extra steps to protect their identities, but they do not want to pay extra for these services. “Many view this as a service they should get automatically,” explains Stephen Knighten, statistical analyst, Javelin. “They are willing to take extra steps, but not at an expense.”

According to the study, 62 percent of online banking users would download and use identity protection software if their banks provided it for free. Consumers are interested in second-factor solutions, including biometrics (33 percent), one-time password tokens (20 percent) and peripheral device recognition solutions (15 percent). “The key to these solutions’ success,” says Knighten, “is that they must be convenient.”

While banks must foot the bill for these security measures, they can recover their investments by cross-selling to the lucrative online banking segment, notes TriCipher’s DeSantis. “Banks can target them with profitable lines of credit, mortgages and similar products,” he says. “The key is to reinforce trust and loyalty of account holders. … Unless you have their confidence, they will start to stray.”

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Insider Threat

April 22nd, 2007

Oracle is suing SAP in federal court, alleging that its chief competitor in business software markets has been stealing corporate secrets. SAP is still reviewing the suit.

Concerns over sabotage or theft are on the rise, prompting companies of all sizes and including utilities to examine their policies and business processes. Because utilities are geographically dispersed and have thousands of employees, breakdowns in security will inevitably occur. The goal then is to mitigate that threat on the front end and if espionage has taken place, perpetrators should be tracked down and held responsible.

According to the FBI, corporate espionage costs U.S. companies between $24 billion and $100 billion annually. Interestingly, only about 20 percent of those losses are tied to cyber threats while the majority of them are associated with low-tech schemes such as stealing from trashcans.

It’s not just big business that is at risk. It can also be the smaller engineering, environmental and law firms. Most corporate crooks can’t break into computer systems. But, they can meander into open offices, taking phone numbers, strategy bulletins and computer info.

“A good spy always looks for the path of least resistance before trying anything fancy or high tech,” says Ira Winkler, an information-security-systems consultant, in a book called Corporate Espionage. “In fact, small businesses tend to be targets more often than large corporations, simply because they have more competitors.”

Beyond cyber threats, companies must keep classified information restricted while requiring employees to sign agreements prohibiting the unlawful use of company trade secrets. Those secrets may include anything that a company knows that is unknown in the marketplace, which gives it an uncommon competitive advantage.

Corporate espionage is a risk for all companies. Utilities are clearly aware of the problem. As a result, their information technology units are now working hand-in-hand with upper management to guard the integrity of the business lines. It’s a sensible solution to what could be a potentially devastating issue.

See full story by Ken Silverstein.

See the latest on Oracle’s SAP lawsuit at PCWorld.com.


This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Security Enforcement, The Cooperative Way

April 12th, 2007

Imagine all of your network and security devices working as a unit to enforce security policy. That’s the vision of “cooperative policy enforcement,” an emerging concept being promoted by Aventail.

While network admission control (NAC) is emerging and there are many different policy enforcement tools available, there still isn’t a common, coordinated structure for enforcing policy across all devices. Chris Hopen, CTO of Aventail, says the key is having a broader policy that aggregates the traditionally separate policies of firewalls, routers, switches, VPN gateways, and NAC boxes.

Some industry analysts consider cooperative policy a natural progression. “Cooperative policy has to happen. It’s not even a question of if, but of when. You have many network assets as an organization — firewalls, routers, switches, VPN gateways — and each of those should be able to enforce policy, not just any one,” says Robert Whiteley, senior analyst for enterprise networking at Forrester Research. “Most NAC products make you choose one of those” to do enforcement, he says.

With cooperative policy enforcement, the policy servers on each security device can share security problems they find and take action to fix them, he says. When an IPS sitting behind the VPN gateway detects a problem, for instance, it can work with the gateway to pinpoint the source: “So when the IPS raises an event and says here’s malicious traffic, that device can then make a SOAP call back to us, query us, and say ‘what user is responsible for injecting this traffic into the network?’”

Then the offending user could automatically be blocked from the network or certain service. “This is beyond reporting and more about taking action,” he says. “Today devices do not allow any visibility into their policy decisions, let alone providing a mechanism for allowing another network device to control or dictate changes to the policy behavior.”

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

What is today’s biggest IT security threat?

March 22nd, 2007

IDC research finds that enterprise companies rank insider sources as their top security threat.

In addition, research from Carnegie Mellon University for the Department of Defense (DoD) finds that when it comes to insider attacks, 86 percent of perpetrators held technical positions. Of these, 57 percent performed the attack after termination.

Both reports found that insider attacks result in costly outages, lost business, legal liability and, inevitably, failed audits. In one case study, it took 115 employees 1,800 hours to restore data deleted by a disgruntled insider. At the time of the attack, the perpetrator was an ex-employee of the IT department who was able to remotely access key systems. According to these reports, IT insiders commonly acquire and maintain powerful system access using privileged accounts and passwords even after termination.

Here are six of the best practices recommended by Calum MacLeod (European director, Cyber-Ark Software) to battle insider menace:

1: Create an inventory of privileged (non-personal) passwords

2: Define the role of identity and access management (IAM)

3: Apply change policies to privileged passwords

4. Make sure privileged passwords are stored securely

5. Create a staged approach to deployment

6: Remember computers are people, too

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Most alarming help desk calls

March 12th, 2007

SupportSoft Inc. analyzed about 2 million IT help desk calls from 20 large companies (average workforce: 75,000 employees). James Morehead, vice president of product management and marketing at the Redwood City, Calif.-based vendor, says the result is his company’s Headache Index of the most common problems end users thrust upon IT support operations.

Yes, password issues top the list, with 20% of all calls involving a variation on the phrase, “I forgot my password.” While you’ve no doubt already automated the response to that one, other problems probably lack automated fixes. Morehead thinks you should consider help desk automation for any problem that accounts for 3% or more of all calls. Take e-mail issues, which came in fifth on the Headache Index, chalking up an 11% share of help desk calls. Morehead points to Outlook’s OST (offline storage) file as one likely suspect. It’s regularly overstuffed, which can cause Outlook to sputter and fail.

And he says a lot of home PC users are contacting his company’s recently unveiled consumer help desk site, www.support.com, to express frustration with Microsoft Corp.’s new Vista operating system. “We’re learning now to help IT later,” Morehead says. Of course, when you roll out Vista, you might want to keep a bottle of aspirin handy just in case.

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Google Apps and Risk Management

February 25th, 2007

According to the recent article by Dan Morrill, “Google Desktop Applications, or Google Apps is a risky decision to be making, small company or big company it does not matter”.

Information Security - Google has a lot of money to spend on information security, but Google also has a track record like every other software maker, of having code with bugs. If you use Google apps, you have to trust their code over the internet, and you have to trust them to patch their code in a timely manner.

Legal Discovery – so far the law has worked in this fashion, ISP or Company gets a discovery notice, the ISP or Company is not obligated to inform you, rather they usually make a copy of all the data and send it to the legal group requesting the information. Since all your data is hosted outside the company on a 3rd party server system, ownership is most likely not going to be efficiently defined until there is a series of lawsuits to determine who owns information on 3rd party service providers. Technically, it should already all belong to Google.

Control – usually when working with technology and 3rd party outsource, only “authorized” people are allowed to call for support. Control of the help desk, and the services that the help desk provides for lost information, e-mail support, password reset support, and other low level support functions are now being taken over by Google.

Other Legalities – Have you engaged legal counsel before signing up? This is a big one, what do the company lawyers say about the issue? Will they be involved in the decision, and will management listen to what legal counsel is saying, and what the legal liabilities are.

Federal/State Mandates – if you are covered under HIPAA, SOX, GLB, HB1386, or otherwise, how does using Google Apps help you gain compliance, or remain in compliance if you use their system? From the legal mandates and laws side, unless Google can provide a statement of compliance that will stand up in court, anyone who is under any federal or state law for information security compliance might want to think twice before using this service.

Think long and hard before using Google Apps, make sure there are legal protections and someone can not just randomly request data without talking to legal council first. Make sure that the bases are covered, and if you are in a regulated industry that you get a certificate of compliance from Google. Otherwise, there is a ton of free or low cost software out there that will allow you to do the same things, do them in an equal or like manner.

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Public Sector Lacks IT Security Sense

February 3rd, 2007

An adviser to the UK Cabinet warns that civil servants’ low awareness of data security threats puts information collected by the government at risk.

A key advisor to the Cabinet Office on information assurance issues, said that with the exception of the police, defence and intelligence communities, public servants have little grasp of information security threats. “What keeps me awake at night is that, with some notable exceptions, across government there’s too little awareness of the scale and breadth of the risk facing us at the moment,” he said.

Ignorance of information security threats at board level is actually more of a threat than the threats themselves, according to Burton. “No-one knows the scale of the risk. We need to energise boards. The technical risks are nothing compared with ignorance at board level,” he said in a panel discussion at a British Computer Society (BCS) security event this week.

The UK government recently announced two sets of controversial plans around data use – plans to form the database for the ID Cards National Identity Register from three existing databases, and plans to relax data-sharing laws so government departments can share information more easily.

See full story.


This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Check and clear recently accessed files list

January 22nd, 2007

AKS-Labs has released a Windows privacy utility called RecentCleaner. With RecentCleaner one can check and clear the list of recently opened files. Recent files is a kind of link that program creates when the file is being opened. Almost all products create recently files, for instance Microsoft Word, Excel, PowerPoint, Access, WinZip, WinRar. Windows system keeps the record of recently accessed files too.

Sometime the list of recently opened files can become a great security problem, as it hard to remove all these records fast. RecentCleaner was created to solve this issue in a timely manner. Recent files records can be cleared in a single click now.

Learn more about clearing recent files at RecentCleaner web-site.