1.USB Devices. The largest threat in the Promisec study was undocumented or unsecured USB devices. About 13 percent of the surveyed endpoints had them. This isn't just a theoretical concern. A 2005 Yankee Group survey found that 37 percent of the companies surveyed believed USB devices were used to compromise corporate information.
The source of the infection doesn't have to be an employee. A visitor, invited or otherwise, who gets access to a company computer can easily plug in a thumb drive. More elaborately, a computer security firm gained national attention in 2006 by loading 20 USB drives with password-stealing malware and scattering them in the parking lot and other likely locations outside a target company. Fifteen of the drives were found by employees, who plugged them in to see what was on them; in a matter of hours, the security company was getting a stream of passwords and other critical data. (The security firm was Secure Network Technologies. It was testing security at a client, and the incident was reported in a number of places, including June 7, 2006 on the Dark Reading Web site.)
USB device protection under Windows is pretty limited. Basically, you can only enable or disable USB on a system. Since USB is the default peripheral connection for Windows, this is extremely limiting. However, third-party software such as Sophos, Devicelock or Promisec removes this restriction by offering policy-based management for USB devices.
2.Peer-to-Peer File Sharing. Although unauthorized peer-to-peer (P2P) file-sharing programs are often forbidden by company policy, 4 percent of the surveyed computers had such applications installed. This problem is getting worse. Not only are more peer-to-peer networks making their way onto corporate networks, but computer criminals have started using them to compromise and take over computers wholesale.
According to security software company Prolexic, P2P networks are now being used to launch distributed denial-of-service attacks against corporate Web sites. The company says it has seen a kind of P2P-based DDoS attack called dc++ involving as many as 300,000 compromised computers.
Unauthorized P2P software can be a major path for information leaks. So much so that a Web site called See What You Share has been set up just to show off the kind of information leaking out of the government by file sharing - included classified documents.
Of course, P2P file sharing is also one of the primary methods of illegally distributing copyrighted material - which can be both expensive and embarrassing if the lawyers from the RIAA come calling.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Email Archiving 101—Customer Case Study
Best Practice in Building an Integrated Information Management Strategy
Solve Exchange Mailbox Storage Issues Once and for All
Enterprise Wireless WLAN Security
Making the Business Case for IT Consolidation
Data grids and service-oriented architecture
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
- White PaperJoin Ed Thompson, Research VP, featured analyst firm, Gartner, Inc., and Brad Wilson, General Manager CRM Microsoft Dynamics, for a new webcast, Delivering the Power of Choice with Microsoft Dynamics CRM, available now. Our panel will break down the best practices for getting the most out of CRM and you'll learn key recommendations you can implement in your organization. Additionally, you'll also hear Microsoft's vision for CRM.
- White PaperJoin Lee Benjamin, a Microsoft Exchange MVP and Ryan Shipkowski, network administrator for Matthews, to discuss the process and ROI of implementing an email archiving solution, with emphasis on a case study from Matthews International.
- White PaperDiscover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00
Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes. - +
The Myth of Cloud Computing 04 December, 2008 08:25:00
Why the rapid spread of virtual technology is becoming a security riskWhy the rapid spread of virtual technology is becoming a security risk. - +
Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00
Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann DavidsonHint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson. - +
CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00
GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets. - +
Security Culture: Americans are Ferengis, Europeans are Vulcans 04 December, 2008 08:32:00
Lunch table conversations tell a lot about the culture of security in Europe and the USLunch table conversations tell a lot about the culture of security in Europe and the US.
International researchers gather in Sydney to preview the clever web 05 December, 2008 09:48:00
Borderless corporate networks to shift focus to secure content management in Australia in 2009 04 December, 2008 16:06:00
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 04 December, 2008 15:04:00
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 04 December, 2008 13:34:00
Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence 04 December, 2008 08:30:00
|
||
|
||
|
|
||
|
Wireless LANs: Is my enterprise at risk?
Achieve an overall understanding of the risks associated with wireless LANs. Discover their inherent properties, as well as what makes them different from wired networks. Read on to uncover a list of recently published articles on real-life breaches and incidents illustrating the need for proactive measures to mitigate wireless security risks.
Buying Guides
