Category : Security/Compliane

Reliable Back Up and Setting Correct Expectations

Over the last five years I have seen a more passive approach to back up and disaster recovery.  Organizations are letting their data reliability take a back seat to system up-time and performance which is starting to become scary.  I typically ask CEO’s and owners what an acceptable amount of downtime for their business and they all reference about 2 to 4 hours.  It always amazes me, these types of expectations people in power have about how quickly their systems can get back up.  Never taken into account is how long it takes to build their new system as well as the time consuming process of moving data from one location to another.  It is something that is always over-looked in normal system installations.  Many businesses out there feel that their system can be up in 4 to 5 hours and typically when we review and assess a small to medium size business, we find that the average rebuild time for a single server that has a disaster is roughly 10 hours.  Of course the 10 hours for a single server consists of:

  • server build via operating system install and patching
  • application set up and configuration
  • shares/drive set up
  • data migration
  • testing and validation

It is very important to build and structure a network system that can facilitate an agreed level of downtime.  In other words, if management decides that the network can only be down for 4 hours, no matter what time of the day it might be, that will drive a completely different back up system and methodology then if bva is told that 12 hours is satisfactory from 8am to 5pm on weekdays.  Documenting the process and timeline for bring back up the system is critical and imperative.

Many businesses are looking to move their data into the cloud and normally referenced to bva that it is a cheaper alternative to onsite back up, but I can tell you that is not the case.  Moving the data offsite in a reliable and consistent manner can be a bit tricky depending on the solution.  For the solution to thrive, you need a reliable telco provider such as fiber as well as a stable power grid.  Depending on the solution, data roughly can cost $4 to $12 per gigabit (GB) depending on the compliance standard set forth for data retention.  (30 days, 12 months, 5 years, 7 years)  There are several great softwares out there that can be loaded on any server and completely hardware agnostic.  This software drives the back up job and can point it to any iSCSI target. This software can also move the data offsite to any destination you prefer and typically the software you select will provide that option via several data centers.  Microsoft, Google, Amazon, and even Apple are a few that have gotten in this business and will continue to grow and large back up solution providers.

Completely secure data transfer on the way?

I recently read an article that talked about the possibility of a completely secure data transfer using quantum entanglement. Essentially what that means in terms of computer data and packets is that the data becomes correlated with each other and shares properties. Hypothetically speaking, if you send 50 packets, all packets could take the same properties of the first packet, therefore making it impossible to see what the total outcome of all 50 packets contains.

Until now, the entanglement was only controllable for up to a second, but a recent advancement at the University of Copenhagen’s Niels Bohr institute have been able to keep this entanglement active for up to an hour. This could enable you to be able to make direct connections between two systems, and when you make a change on one end the other end will know and it can all be transferred directly over the internet.

Scientists are currently working on ways to incorporate this into both networking and the internet. Although this is cutting edge and in my honest opinion pretty cool, it may be some time before this would ever reach a PC near you.

Archiving Email–Some Considerations

Businesses live and die by email. Orders are submitted, proposals are sent, meetings are scheduled, and deals are made through email. So emails have a tendency to accumulate rapidly. No one wants to delete email because they like to have a record of the communication. There’s the fear that if you delete and old email you’ll need it later. It’s a security blanket of sorts. And some employees will use email as a default document management system, categorizing emails by client name, etc. These and other factors tend to contribute to large email stores, and large mailbox sizes.

Since data is expensive to store and backup, and accounts with large mailboxes can be more problematic to manage, not only can the uncontrolled saving of email become expensive to maintain, but it can also become a liability for the company.

Archiving Email

To technically solve this problem many companies will install an email Archiving solution. If they are using Microsoft’s Exchange 2010 an archiving solution is built into the product, Archiving email enables organizations to move older, or less accessed, emails out of the main data store and onto a less expensive, less accessed, storage solution. It doesn’t keep emails from accumulating, but it does control where they are stored and how they are managed. Typically, users can easily retrieve archived emails when they’re needed.

Using Hyperlinks

One of the foremost reasons why mailboxes grow in size quickly is ‘attachments’. Attaching documents to emails will quickly grow a mailbox store size. It will not only increase the growth of the mailbox sending the document(s) but also increase the size of all the recipients’ mailboxes.

If users have a need to collaborate on documents within an organization there’s a simple remedy for this problem: Hyperlinks. Instead of sending the documents themselves, send a hyperlink, which is a pointer, to the document. The recipient will be able to click on the hyperlink and pull up the document without adding it to their mailbox. This is also best practice for collaboration purposes because when hyperlinks are used everyone views and edits the same document, not copies of it. This means that everyone sees the final product, not an outdated copy of it in their email store.

Mailbox Size Limits

Most companies will impose mailbox size limits on employees. This process limits the overall size of a user’s mailbox and will force the user to archive or delete email to keep the size within the limits imposed. Various actions can be taken if the user fails to heed the mailbox size limit warning. One such action, once the mailbox has reached a specified size limit, is to inhibit the ability to send emails. The user may be allowed to receive them for a limited time, but their ability to send or reply is inhibited.

Other Considerations

In addition to the IT cost for maintaining large email stores, keeping old emails can be a company liability. For instance, if a company is legally required to produce old emails for a court case the discovery costs can be huge. This requirement can be forced upon a company by an ex-employee bringing a suit, or any one of other legal proceedings that require a company produce their archived communications.

To limit liability, and the cost of discovery, in this type of situation, most companies will establish an “Email Retention Policy”. That is simply a formal document that states how far back in time the company will keep emails. If such a policy is in place and published to employees, the company is not liable to produce anything older than the retention date.

In conclusion, not limiting email retention and not imposing mailbox limits are expensive. Companies that are not proactive in establishing policies executing them find that out the hard way.

Secure Email Encryption – Zixmail

BVA gets several requests month in and month out for a good way to send secure emails.  There is really no way to answer this with a cheap method.  There are a few great solutions out there though they can be a little costly but here recently we found a method that is pretty cheap and very reliable.  ZixCorp Email Encryption Services is a solution tool that can protect your sensitive mail data.  ZixMail is the name of their product and it basically provides desktop email encryption that includes automated key management and delivery to anyone, anywhere through a secure web portal. It can be used with any corporate or web-based email system, and optional plug-ins are available for full integration with Microsoft Outlook.

ZixMail makes it easy to securely send and receive confidential information. Encrypted messages are delivered using your existing email address, and a single ZixMail client can support multiple email addresses. ZixMail also provides time stamping and authentication for irrefutable proof of delivery and receipt.

If your recipient is not a ZixCorp customer, not an issue…ZixMail automatically sends your email to ZixPort, a secure messaging portal that can be used to deliver secure email to any address.  The majority of your clients are strong Microsoft environments and this solution works great with it. ZixCorp provides a special ZixMail plug-in so you can send and receive encrypted email without ever leaving Outlook. The plug-in integrates the ZixMail functionality directly into Outlook’s toolbar. The simple click of a button is all it takes to encrypt or decrypt a message.

Automated Key Management
ZixMail takes care of the most complicated aspect of using email encryption – key management. With ZixMail, all key management is handled through ZixDirectorySM, ZixCorp’s hosted public key repository. Tens of millions of members are included in ZixDirectory, allowing ZixMail users to automatically send and receive encrypted emails from other ZixMail or ZixGateway customers. No key set-up or exchange is necessary.

Fake Antivirus removal tool

Trend Micro has released a tool designed to target & help remove fake antivirus threats.  You can download the tool here

Some of the threats it detects are:

Alpha Antivirus
Antivirus 2010
Antivirus Action
Antivirus Pro 2010
Antivirus Soft
Antivirus Software Alert
Antivirus Studio 2010 ?
Antivirus System Pro
AV Security Suite ?
Control Center
CRYP_FAKEAV-11 ?
Cyber Security
Internet Security Suite ?
Microsoft Security Essentials
My Security Shield ?
Personal Antivirus (pav.exe)
Quick Defragmenter ?
Security Center
Security Tool ?
Smart Engine
System Defender ?
System Security
System Tool ?
ThinkPoint
TROJ_FAKEAV.VG ?
Trust Warrior
Windows Security Alert ?
XP Antispyware
XP Antivirus

Malware Terminology

The Information Technology world has a definite jargon of its own, which can be confusing to both the end users and (sometimes) to the IT people themselves. One of our biggest problems these days is Malware (mal meaning “bad”) infections on our users’ computers. In the interests of making the problem a little clearer, here is a basic (if not necessarily complete) dictionary of terms, in plain English.

Adware: Advertising-supported software. This is software that automatically plays, downloads or displays advertisements to a computer. A classic example would be a “helper toolbar” that causes advertising pop-ups on your screen.

Backdoor: Some spyware can install a credential and password that make unauthorized and unexpected entry into a computer possible by an outside user, who can then plant more malware and/or harvest available data.

Bot: A piece of software designed to grant an outside user complete control of your computer at will. A computer affected by bots is called a zombie, and “armies” of like-infected machines can be used to launch simultaneous attacks on other systems, or send out spam email messages.

Browser Hijacker: Code that replaces search pages, home pages or error pages with its own, allowing further browsing to be redirected to wherever it wants you to go (as opposed to where you wanted to go).

Rootkit: Code designed to gain root-access to your computer and manipulate it into allowing viruses or spyware to install and operate, while hiding from anti-virus scanners by appearing to be a part of the operating system.

Spyware: Differing from viruses in that they are not out to wreck your system, but to gain from it – controlling functions or accessing data for financial gain. Spyware might include keystroke loggers, backdoors, or browser hijackers, among other things.

Trojan: A disguise for malicious software, which may be brought into your computer as something apparently safe, but which can drop one or more harmful programs once inside. For example, an image file might contain code that operates only when the image is viewed, which installs backdoors, bots or viruses at that time, but which is otherwise inert.

Virus: A self-replicating program, intended to cause damage in computers. Pretty much pure vandalism, there is generally no gain for the perpetrators…

Worm: A program that looks for holes in your computer’s security, to get itself inside your computer where it can drop its payload (viruses or spyware). It is not, itself, either a virus or spyware, but may be thought of as something like a trojan. It scans IP addresses, opportunistically looking for entry points to exploit.

Setting up VPN On Your iPad/iPhone

If you are interested in setting up a Cisco IPSec VPN connection on your iPad, I have detailed some instructions on doing so.

  1. On the iPad itself, go to Settings > General > Network >VPN > Add VPN Configuration.
  2. On the tabs listed, select the IPSec tab from the connection types. Note that  you see a Cisco logo present here.
  3. Now you can enter you information as provided by your network admin:
    • Description: “Work VPN” (this can be whatever you would like)
    • Server: vpn.mydomain.com (ask your IT administrator if you are not sure)
    • Account: Your network login account
    • Password: Your network login password
    • Group Name: myvpn (ask network admin
    • Secret: ******* (once again ask your network admin)

4. Now you should be able to click save up in the corner and we are almost there.

5. You should now be able to go into Settings > General > Network > VPN  and slide the VPN switch to on. Once connected, you can use your favorite RDP client and remote your network PCs.

 

Mac Users Beware Of Malware

Do you think your Mac is immune to malware infections? If you said Yes, you would be wrong. Although there may not be as much malware for a Mac as there is for Windows, you should still not be caught sleeping.

According to the Security firm Sophos, from November 2nd to November 16th 2010, their Sophos Anti-Virus for Mac Home Edition collected some 50,000 malware reports (This is based on an approximate 150,000 users).

Note that some of the above mentioned malware will just not run on a Mac, but there are some that will. For instance the DNS Changer and OSX/Jahlav are some specific examples of infections that you want to remove from you system right away. Some people make take this lightly as they have the idea stuck in their head that their Mac cannot be infected….but guess what it can.

My recommendation to anyone that owns a computer or mobile device is to protect yourself. Any device connected to the internet whether it be 3G, Wi-Fi, or on your LAN can be infected.  Hopefully you do the right thing and I don’t have to say I told you so.

Certain Key Words in Searches Attract Malware

Have you ever gone on the web and searched for “free stuff?” I know I have quite a bit, and did not realize the risk I was putting myself in. According to a study done by McAfee released in September of 2010, your chances of being directed to a malicious site are greatly increased when you use the word “free” while searching for music, movies, and other digital content.

In the report, it notes that you are 300 percent more likely to land on a malicious site if you search for free music ringtones. Also, the report states that searching for artists lyrics puts you at twice the risk than searching for “ringtones” for the same artists (first five pages of results).

Including the word “MP3” within your search immediately puts you at risk of reaching malicious sites. According to McAfee, there has been a 40 percent increase in the number of sites that host malicious MP3 files.

In order to protect yourself from these types of issues, it is recommended to not use the word “free” in your searches related to digital media, keep your antivirus up to date, don’t click on suspicious links, and use your best judgment when not sure about the safety of certain websites.

(Credit: McAfee)