November 28, 2014

How to Secure Your Systems in Nine Easy Steps

That you need to secure your systems is obvious; how to do so that isn’t though. You’ve heard of port scanners and vulnerability scanners and you know antivirus software and patching are important, but it’s easy to get lost in the weeds when it comes time to formalize your approach.walt-gfi

In this article we are going to see how to secure your systems in nine easy steps. We’ll keep things high level so that you can apply the concepts to as many systems as possible, rather than drilling down to the specifics on product X. Applying these steps to your systems will help ensure your systems are as secure as possible, will reduce the risks as much as possible and will get the boss and the security guy off your back. Here’s how you begin:

1. Get a network security application

It doesn’t have to be a $100K purchase, nor will it necessarily be something you download from an open source website. What it will be is one that can run in your environment, is easy for you to start using, has support and updates included, and can help you to automate and perform many of the tasks that are in this list. A good network security application is a key part of any security program, and with so much to do and so little time, not an option.

2. Use a vulnerability scanner

Vulnerability scanners are tools that can scan systems over the network looking for security issues that you need to remediate. Vulnerability scanners include databases of known vulnerabilities for all kinds of systems and applications, and it is critical to keep that database up-to-date so your vulnerability scanner can look for the latest discovered issues. Use your vulnerability scanner to scan every new system before it is approved for production, before the firewall ports on the Internet are open, and whenever the configuration is changed. You should also use your vulnerability scanner to assess your entire network. Run it from the Internet against your DMZ to see everything an attacker outside would see. Run it internally against your entire network to be sure every system is up-to-date. Regular use is key to ensure nothing slips through the cracks.

3. Lock down defaults

Vulnerability scanners can also help you to identify default settings. These are the things that the vendor sets up out-of-the-box, and that often can be used by attackers to find a back door into your network or to access data on devices. Examples include default passwords, running services that you don’t need, open shares that contain sensitive information and protocols that don’t use encryption. Finding these defaults and either securing or disabling them reduces your exposure and takes away an easy in for any attacker to exploit.

4. Patch

It’s as simple as that. Patch. Patch everything. Patch operating systems on servers and workstations, third party applications, drivers, network devices, firmware and anything else you can. Keeping all of your systems 100% updated on patches closes the largest number of vulnerabilities of any action you can take. In support of this fact, your vulnerability scanner will identify many unpatched systems and list the patches they need. It may not find them all, but it will find the ones most attackers would find too. Seriously, if you do nothing else on this list, patch. If you have more systems than you have fingers, then you need patch management software to keep up with everything. Look for patch management software that includes vulnerability scanning so you can get a two for one solution.

5. Use good passwords

That means using strong, easy-to-remember but hard-to-guess passwords on every system, and training your users to do the same. It also means using different passwords on different systems, and changing those passwords regularly. It also means resetting any default passwords, and never sharing them. Each user should have his or her own access to any system, and no one should know another user’s password.

6. Practice least privilege

The concept of least privilege is pretty straightforward. Don’t give out any access to someone unless they need that access. Only give them the minimum access they need to do their job. Take away that access when it is no longer required.

7. Document

One of the most difficult tasks for many sys admins is one of the most important. Documenting your systems, your network, your configurations, and your best practices is a critical part of maintaining your systems. Without documentation, how do you know what you have? How can you be sure you didn’t miss something? Never put off documentation until ‘later’. ‘Later’ will never come.

8. Establish baselines

Each system will have its own particular behaviours. How busy is it? How much RAM is it using? What services is it running? How quickly is it running out of disk space? Make sure that you establish baselines for every new system while you are still paying close attention to it and before you declare it production-ready, and add those into the documentation. When the server varies from its baseline, it’s a good indication that something might be wrong. Whether that is an errant app, an underestimated load, or an uninvited guest remains to be seen, but consider spikes in CPU and RAM, and rapidly diminishing disk space all to be your early warning system.

9. Set up alerts

If you have central monitoring, it is easy to stay on top of these baselines and also to automate reviews of logs. Smaller shops aren’t so well equipped. Setting up alerts on your systems for things like failed logons, spikes in CPU, low disk space, etc., not only helps you with the sys admin tasks of maintaining the systems, but can also call to your attention issues that might indicate a security incident is happening.

Getting these nine steps in place now, consistently and across all systems, will immensely help you in securing your systems. You would cover the majority of things that could be exploited by an attacker, and set yourself up to stay informed on what is happening with your systems.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. Learn more about the importance of network scanning by downloading the free eBook: A first aid kit for SysAdmins.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

 

3 Reasons Why Your Organization Needs a Network Scanner

A network scanner is a somewhat vague term. While it is easy to answer questions such as “what does a patch manager do?”, the same cannot be said of a network scanner. The main reason for this is that a network scanner, unlike a patch manager, is not designed to perform a single function. In general, a network scanner can perform a series of different tasks and checks to ensure that your network is secure against all known vulnerabilities as well as to make sure that it is configured in a secure way.

GFI LanGuard 2012 Dashboard

This is all well and good, but at the end of the day, why do you need a network scanner?

1. To ensure your software is configured securely:

An administrator’s life can be quite demanding at times. It is not enough for an administrator to make sure that any software deployed on the network works as it should but s/he also needs to make sure that this software is configured securely in a way that makes it quite hard for others to exploit.

I cannot stress enough this point. Consider a mail server, for example, that allows relaying from any source. Such a mail server would be seen as working correctly. Any person on your network would be able to send and receive emails without any issues. In fact, in terms of functionality there are no issues.

However, a mail server which relays messages from any source is prone to be discovered by spammers and it is quite likely that they will exploit it to run massive spam campaigns through it. This will lead to a severely degraded performance as your bandwidth would be flooded with spam. Moreover, such activity could get the organization into trouble, your server blacklisted internationally and your company labelled a spammer. This is why a securely configured server is a must.

2. Ensuring there are no unnecessary services or applications:

Every service or application that runs on a system is a potential security risk. One can never be absolutely sure that a service or application is not exploitable. The solution is to avoid running unnecessary services or applications and to do so you have to identify what these are.

While one can manually do a software inventory periodically, using a good network scanner will allow the administrator to do so accurately on a daily basis and be a lot more proactive.

3. Removing unused user accounts and open shares:

User accounts that are no longer required should be deleted at once. They can easily be exploited by their former owners when they leave the company especially if they were fired or they left on bad terms and hold a grudge against the organization.

Deleting accounts as soon as people leave the company is a good practice but is not always enough. Employees with a grudge might have created new user accounts on a number of systems, even more so nowadays when you can deploy virtual machines so easily. Apart from sending out alerts when new user accounts are created, a network scanner can be set to notify the administrator when an account has not been used for a long period of time.

Open shares are also common vectors used to spread malware. A good network scanner can periodically look for such unauthorized shares saving administrators from having to do lengthy inventories in order to maintain network integrity.

There are other reasons why you should be using a network scanner. For instance, to identify vulnerabilities that are hard to find manually. You can regularly monitor the network, automatically carry out audits that otherwise would take ages to complete manually.

What is important is that issues are discovered today and not in a month’s time or when something goes wrong. That is the difference between a safe network and one at risk of being exploited and compromised.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

5 Threats Posed by Vulnerabilities

(LiveHacking.com) – A vulnerability scanner is an essential tool for any systems administrator. Vulnerabilities on your network and in your software can easily lead to compromised systems. There is a false impression that it requires a lot of skill to compromise a computer system. However, in reality, the number of incidents where machines are compromised due to trivial events is substantial. And these could all be identified and prevented up by a good vulnerability scanner.
In this article we outline five threats posed by vulnerabilities and juxtapose them with five real-life cases.

1. Change to a network - In 2004, a postal bank office in Israel suffered a break-in. A quick investigation found that nothing went missing, so the whole episode was dropped as some prank. In the following days however, the office noticed that tens of thousands of shekels were going missing. A more thorough investigation revealed a rouge access point installed on the network. The thieves had broken into the postal bank office to install it a few days earlier. The break-in obviously went unnoticed. A vulnerability scanner would have done a wealth of good in this case as it monitors changes to the network, advising the administrator when hardware is added or removed. Such an action would have alerted the administrator of the rouge access point the minute it was installed.

2. Creation of an account and irregular use - In April 2011, a story broke out about a former Gucci employee illegally accessing Gucci systems and causing $200,000 worth of damage. It all started when the Gucci employee was fired. His administrator promptly disabled his accounts as good security practices recommend. However, before being fired, the employee had created a fake user account that the administrator was not aware of, and which he then used to access Gucci systems. In this case, a good vulnerability scanner would have proved useful in detecting the threat firstly by alerting the administrator when the account was created, and secondly by notifying them when the account had been used on an irregular basis, so the administrator could then delete the unnecessary account.

3. Deploying a patch - On April 13, 2004, Microsoft released a patch for a security flaw in its Windows operating system. A few weeks after the patch was made available, a malicious computer worm was released on the internet. This Sasser worm exploited the vulnerability and caused wide-spread chaos even though companies had a few weeks’ head start to deploy the patch. This caused a news agency to lose satellite communications for hours, an airline to cancel flights and a financial institution to close 130 of its offices due to widespread infection. An important function of a vulnerability scanner is to scan the network for vulnerable applications for which a patch is available and inform the administrator. Provided the administrator is proactive in testing and deploying the patch, a few weeks would be more than enough to secure a network.

4. Creation of blank passwords - One of the top hacker stories recurring in the news over the past five years is that of Gary McKinnon. Out of his conviction that the United States government had certain information about extraterrestrials and knowledge of anti-gravity and free energy, in February 2001, McKinnon started looking for proof by trying to gain unauthorized access to US military and NASA’s computer systems . He allegedly scanned the system for administrator accounts using blank passwords, and actually managed to find quite a few systems, which he then compromised. A good vulnerability scanner will help in two ways in such a situation. First and foremost, it will scan and report on a system’s password policies, enabling the administrator to determine if users can create weak passwords. Additionally, a vulnerability scanner will also check administrator accounts for blank passwords.

5. File sharing software -We all know that the US military takes secrecy seriously, and there is no doubt that some of the most secretive details revolve around the presidential helicopter defense system. In March 2009, however, news broke out that details about Marine One’s missile system were being shared on a P2P network from a computer in Iran. It turned out that an employee of the contractor in charge of the helicopter had installed file sharing software and inadvertently shared the classified file. The dangers of file sharing software in relation to data leakage are well known. A good vulnerability scanner will not only inform the administrator if new software is installed on a system but also when file sharing software is installed on a scanned computer.

These threats could have easily been brought to the attention of the systems administrator by means of a vulnerability scanner. Vulnerabilities can cause a number of issues that can lead to a system compromise. The number is so staggering that it might not be possible to stay ahead without a systems support. A good vulnerability scanner nowadays checks for many vulnerabilities at the click of a button and can indeed provide the necessary information to help an administrator avoid many pitfalls, such as those discussed in the five examples above.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

4 Key Features of Good Endpoint Security Software

(Live-Hacking.Com) – Data leakage occurs when data that should have never left the physical confines of your company’s brick and mortar walls does, and control of that data is lost. One of the main reasons why this could happen is because companies lack endpoint protection. When a user copies data to their smartphone (think contacts, critical documents that they wish to

GFI EndPointSecurity™ console

GFI EndPointSecurity™ console

review while mobile, email attachments, etc), or to a USB flash drive, your company is primed for a data leak. Endpoint protection is designed to prevent that from ever happening in the first place. Sure, you can remotely wipe smartphones, at least the ones that are compatible with your company’s policies, and you can protect data on portable media with encryption, but both of those depend in part on the end user. Whether that person is intentionally malicious, apathetic, or simply ignorant, it is entirely possible to transfer data to unprotected media, unless you prevent it in the first place through endpoint security.

There are programs on the Internet today that can turn portable media players into mass storage devices capable of automatically seeking out and downloading key data to their storage. Search for podslurping to see just how creative these applications are, and don’t forget the users with DVD/CD burners in their machines that can burn a disk with gigabytes of data. Unless they have encrypted that data, it can be read by anyone who happens to come across that disk. Some companies have gone as far as to epoxy the USB connection on machines to prevent the physical attachment of external media, but this has several problems. They won’t be able to turn such damaged hardware back in at the end of a lease; any residual value after the useful life will be greatly decreased, there are lots of legitimate uses for USB that will be prevented by this, and it is not a full solution. Search on bluesnarfing to see how users can exploit Bluetooth connections to further transfer data. Instead of ruining your hardware, implement endpoint security to protect your data.

So how can endpoint security help a company to prevent data leakage? Here are the four most important features to look for in good endpoint protection software:

  1. Agent based enforcement: Endpoint protection software should use easy to deploy, tamperproof agents which can be rolled out to users, and once on their system, be locked down so even local admins cannot disable them.
  2. Easy, central management: Good endpoint protection software should support rapid policy creation through an easy to understand wizard, that can be deployed granularly with Active Directory Group Policy, and that has the flexibility to support business needs.
  3. Information at your fingertips
  4. Real-time centralized monitoring and alerts are just the starting point for endpoint protection’s information components. Look for centralized logging and reporting, that can generate on demand and scheduled reports.
  5. Flexibility:The one thing you can count on is that no matter what you set up, you will need exceptions. Whether you need to provide temporary access, allow systems admins or security personnel to bypass restrictions, or implement white-lists and blacklists, look for an endpoint protection that is not going to lock you down so tightly that it breaks business processes.

By deploying endpoint security, you are taking reasonable steps to prevent data leakage and protecting your company’s data and that of your customers. Endpoint protection makes good business sense in today’s environment where a data leakage can cost a company millions in reporting and monitoring, and cause irreparable damage to a company’s reputation.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on how to make the best out of endpoint security.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

5 Ways to Create the Right Patch Management Policy

While patch management is, conceptually, a straightforward task, its correct implementation is not always that simple. One might be tempted to simply deploy patches on a need to basis without giving it much thought; however, in order for patch management to be fully effective, the right patch management policy is required, as without it patch management could become the threat you’re actually trying to prevent.5 Ways to Create the Right Patch Management Policy

So what makes the right patch management policy?

1. Inventory

Without knowing which software or systems need patching, no proper patch management process can exist. While this might seem obvious, it’s a step often overlooked in a company’s patch management policy. An inventory is also required when testing environments are created – an essential item in any patch management policy. Inventories can be done manually, however it’s wise to either have scripts that automate the process to a degree, or use a network scanner to do the job.

2. Monitoring

Every patch management policy needs a process that can identify which patches are missing or outdated, and this can be achieved by either monitoring vendor sites or using patch management detection software.

3. Testing

Once an administrator determines and downloads the patches needed on the network, it is essential that they are tested before they are deployed to make sure that that they are working well across all systems. Test environments that perfectly mimic the actual environments that the patches will be deployed on are needed. A blueprint for such environments ought to be prepared during the inventory step. As time goes by it’s important to keep the test environments in line with the actual environments. This can be done by comparing inventories or through the use of software which can notify the administrator when environments change.

4. Deployment and Verification

This is another pitfall. For many, their patch management process does not include verification but just deployment; however, the right patch management policy requires both. If the deployment fails for any reason, especially if the whole process of deployment is unattended, it can easily happen that the failure goes unnoticed thus giving the administrator a false sense of security. To avoid this, ensure that there is a way to determine the patch level of each machine and confirm that all the patches deployed were successful.

5. Disaster Recovery

No matter how many precautions are taken and how many tests are run, there is no guarantee that a patch deployment will not cause issues. Computer software is complex and it is impossible to test all possible combinations, especially when you factor hardware and chipsets in. Therefore, it is essential that a patch management policy includes a section on disaster recovery, so, should things go wrong, an administrator will be able to quickly recover the network to a working state.

Without the right patch management policy in place, patch management can indirectly be a security risk since the patch deployment itself can cause issues and possibly downtime. Once designed, the patch management policy will require a little extra effort; however, this is a much more favourable option than the effort spent trying to fix a broken environment, not to mention the loss of productivity.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about creating the right patch management policy.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

12 Reasons to Deploy Email Monitoring

(LiveHacking.Com) – With all of the effort email administrators put into monitoring their email servers for utilization, disk space, and error logs, they may be overlooking some of the most important information they can get out of their email system – how it’s actually being used. Companies that implement email monitoring quickly find a wealth of useful information about how employees are actually using email to perform their jobs, or in some cases, instead of performing their jobs. Using email monitoring is much like using web monitoring. It provides insight into patterns and behaviors, identifies trends and issues, and can even support compliance efforts.12 Reasons to Deploy Email Monitoring

Here are 12 important reasons why you should deploy email monitoring on your network:

  1. See who users email the most time to identify patterns and efficiencies.
    This will let you know who communicates with whom, to ensure the right people are interacting with one another.
  2. Learn who the key contacts are for each user or role.
    If a job transitions to another user, it can help them quickly get up to speed on the primary contacts they will have.
  3. Discover which customers or vendors need the most attention.
    This is a great way to head off customer satisfaction issues early.
  4. Identify the customers most likely to provide good referrals to others.
    Those who receive the best communications are likely to be the most satisfied.
  5. Identify the users spending excessive time on personal email.
    Sending emails to traditional personal accounts (Hotmail, Gmail, Yahoo, etc.) is a pretty good indication that they are not communicating with your customers unless you are a consumer-focused business.
  6. Measure response times to customer emails to be sure they are getting answers when they should.
    You should have standards for response times, and this will let you confirm your employees are meeting those commitments.
  7. Confirm that the help desk is replying to users within their SLAs.
    Users tend to call the help desk because they don’t get responses to emails quickly enough. Knowing just how long it takes to get a response helps identify staffing or performance issues.
  8. Find the mail hoarders so you can work with them to purge email, or charge them for the excessive space.
    Disk space is a limited commodity, and departments that use excessive amounts either need to be brought into compliance, or charged for the usage.
  9. Ensure that your email system isn’t being used as a file server, and that attachments are business-related.
    Email is a convenient way to trade files between users, but it places increased demands on server resources. See just how much space is being used, and ensure it’s not for MP3s and videos.
  10. Make sure customers aren’t emailing inactive or deleted accounts so you don’t miss any opportunities or leave customers thinking they are being ignored.
    An unanswered email is a good reason for a customer to contact your competition next. Identifying inactive accounts that customers still email makes sure someone responds.
  11. Ensure email communications use professional and appropriate language.
    Every email an employee sends represents your organization, so you want to be sure communications are sent in a professional manner without profanity or slang.
  12. Make sure users aren’t forwarding emails to personal accounts or the competition.
    Finding emails going to competitors helps stop the loss of intellectual property.

An email monitoring solution will show you how your users actually use your email system, where communications channels exist, and whether or not any compliance issues exist. It’s the next level of email management and an extremely valuable source of information.

Editor Note: This guest post was provided by Christina Goggi on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using email monitoring.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

6 Ways to Optimize Your Spam Detection Mechanism

(LiveHacking.Com) – Spam is a scourge that causes several problems for most organizations and therefore needs to be stopped before it reaches the users’ mailboxes. Luckily, there are various types of anti-spam filters to suit different types of organizations; however, it is important to understand that spam detection can be quite tricky. If the configuration is wrong, valuable emails will be incorrectly classified as spam. You therefore need to ensure your anti-spam filter is configured correctly to avoid as many false negatives as possible and without creating false negatives as well.

So how would one go about configuring spam detection?6 Ways to Optimize Your Spam Detection Mechanism

In order to have an effective spam detection mechanism, you can use various techniques. Different products might provide a combination of these technologies but it is important to understand what they are in order to be able to configure each one effectively.

1. Bayesian Filtering:

Bayesian spam filtering is an advanced way for a computer to determine whether an email is spam or not. Bayesian filtering is a system that through training can “learn” to distinguish between spam and legitimate emails. It does this through a statistical analysis of what words one expects to find in a legitimate email and not in spam. To do this, Bayesian filters need to be trained using legitimate emails and spam. Some products offer automated updates and allow the customer to do their own training. Having vendors do the training is advantageous due to the wider range of samples that the training is based on. It is hard to gauge the rate of false positives and false negatives this method can cause. The strength of this method is based entirely on the quality of the training and how typical the spam or legitimate email being checked is.

2. Databases:

Some anti-spam filters include databases of known spammers, open relays and spam emails. These databases have a variety of uses – from recognizing spam email, to recognizing other harmful content in emails such as links to malicious and phishing sites.

3. DNSBL:

DNSBL (DNS Blacklist) is a service offered by some organizations that provide a database of known spammers, open relays and zombies sending spam. Accuracy is dependent on the classification systems used by the service provider. While they’re generally quite good, these systems are sometimes accused of being too strict and thus causing some false positives.

4. Email Analysis:

There are a number of ways to analyze an email and be able to determine if it is spam or not. Some software might check that the headers are crafted correctly, for example if the emails are being addressed to whoever the email is claiming to be addressed to, while others might look for specific keywords. Accuracy can vary but you can expect that keyword-based anti-spam detection will have a higher than normal rate of false positives.

5. Greylisting:

Greylisting is a process whereby an email that arrives at your mail server from an unknown sender, is initially rejected. This will make a legitimate mail server retry again after a delay; if legitimate, the email will be accepted. In many cases the software used by spammers will not try again if the first attempt failed. Provided the mail server sending the email is properly configured, there is no chance of false positives with this method and a minor chance of false negatives should a spammer specifically cater for such scenarios.

6. Sender Policy Framework (SPF):

SPF works by having domain owners specifying what hosts are authorized to send email from the specific domain. If the host sending the email is an unauthorized source, it is marked as spam. This method can cause false positives if a legitimate user sends an email from an unauthorized location, such as a mobile phone.

Knowing what the major spam detection mechanisms are and to what extent they may create false positives are, will help you take an informed decision on how to choose and configure an anti-spam filtering solution.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on what your anti-spam filter should include.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Why You Should Consider Network Auditing

(LiveHacking.Com) – Network auditing can be quite a daunting task for administrators. There are a number of procedures to be followed in order to run an effective network audit. The administrator needs to gather information related to the network infrastructure – from a list of applications installed to network configurations, as well as details of every type of hardware deployed on the network. When you take into account the fact that a network audit needs to be done periodically, it is a lot more expensive to run an audit manually than investing in a tool designed for this purpose.

There are several types of network auditing solutions; some are just designed for auditing, while others offer network auditing as one of their features.

In order to run a network audit manually you would need to analyze each and every item to ensure all hardware and software installed on your network is authorized, and check the system configuration on each machine. You will also need to compare this data with that of previous audits to identify what hardware / software / configurations changed and/or was removed. A good network auditing tool should run this process automatically for you. This software will create a baseline list for the administrator’s approval and, once that is done, the auditing tool will simply compare each scan to the approved baseline and simply notify the administrator when things change. This not only takes the load off the administrator, but it also allows for a higher frequency of audits – ensuring issues are detected in a timely manner.

There are a number of reasons to implement network auditing within the organization; these include:

Legal:

Networking auditing provides a number of benefits to the company’s legal requirements. It can ensure the administrator keeps on top of licensing and legal obligations. Additionally, it would provide the company with proof to satisfy any compliancy audits; for example several legal compliance rules mandate certain standards on the network. With a good network auditing solution you would have the required tool to prove you are compliant.

Security:

The value of network audit in terms of security is immeasurable; one could say it helps with all aspects from policy enforcement to detection of compromised system. If a user decides to open a share and allow access to everyone, for example, this can be exploited by various malware in their propagation, it can also give an unauthorized user access to data that he shouldn’t have access to.

An administrator will want to know when the configuration changes on one of the machines that he is responsible for.

Change Management:

An administrator needs to have an effective change management process for various reasons. S/he needs to maintain test environments, backup systems, and carry out other tasks that are dependent on these alternative systems being identically configured to the original ones.

For example, if a user were to install a new piece of software on his system without informing the administrator first, the administrator might test the latest patches before deploying them to the network and then be confident that productivity will not be impacted, but it turns out his testing didn’t take this new application in consideration and the system becomes unusable when the two are running together.

Network auditing can save the organization a substantial amount of time and money. Additionally, using software to automate network auditing reduces the risk of human error considerably.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on why your organization would benefit from network auditing.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Why Does Your Organization Need Web Content Filtering?

(LiveHacking.Com) – The internet is a minefield for users who are not technology-savvy or who have a habit of clicking on links and downloading files without thinking of the consequences. Now take those users into a business environment and you start seeing the value and importance of web content filtering. As the web ‘threatscape’ becomes more complex and the Internet becomes a focal point for social, business and personal communication, web content filtering (and its additional security benefits) can go a long way toward protecting the network.

Content filtering server / proxy

Content filtering server / proxy

All IT teams are aware of the risks associated with unrestricted internet browsing, and the traps that exist to trick unsuspecting users into clicking on links or files that could introduce viruses and compromise your network. However, you shouldn’t assume that this knowledge is universal throughout your company.

Hackers and cybercriminals do not discriminate between experienced or naïve internet users – everyone is a possible target – however the less experienced are often a far easier target because they have no clue what security is all about let alone what types of threats exist.

You can eliminate a range of risks to your systems by restricting the Internet content available to your users, and good filtering solutions allow you to automatically protect your users from phishing sites or infected content.

Security breaches aren’t the only risk associated with unrestricted and unmonitored browsing. A lot of employee time can be wasted due to the addictive nature of some Web content, particularly games and social networking sites. Web content filtering software can help you to block certain categories of sites permanently or on a time-limited basis, greatly reducing cyber-slacking and productivity drops.

Another danger associated with company Internet usage is the fact that some websites border on the illegal. For example, if you don’t filter and monitor Internet usage, you may find that members of staff are using the corporate connection to download music or movies illegally, leaving your company open to potential legal action.

Making it known that that you are using Web content filtering technology can bring about a change in employee attitudes and how they use company resources. If employees know they can be held accountable for the content they access, they are less likely to indulge in Internet activities that they feel could put their job at risk.

Web content filtering brings with it the additional benefit of freeing up company Internet bandwidth for legitimate, business related activates.

Web content filtering solutions are typically inexpensive, and too many risks and liabilities come into play if you choose not to implement one. These solutions also bring with them plenty of benefits for you, as a network administrator, not least reducing the risk of malware infections circumventing all the protection you have in place.

Editor Note: This guest post was provided by Ben Taylor on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on web content filtering.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Why Does Your Organization Need Web Security?

(LiveHacking.Com) – Malware is a threat to businesses that is often found addressed in today’s news headlines. The term “malware” encompasses different types of malicious software which could infect your corporate network including viruses, worms, Trojans, spyware, adware, rootkits, crimeware and scareware.

In today’s business environment, most employees are careful when it comes to opening email attachments but are not always as cautious about clicking on links which can lead to a malware infection. With today’s sophisticated malware, the chances of a direct malware infection are high when downloading something from an infected website. Organizations find it extremely difficult to keep up with new malware and other security issues they need to address. Fortunately, businesses can now respond to possible malware threats through the use of internet monitoring software.

Internet monitoring software helps protect against web security threats by monitoring employees’ browsing activity. This software also helps enforce any internet usage policy a business has in place and can even be configured to block websites which employees are not allowed to access during business hours. To be truly effective, however, the internet monitoring software should include other essentials features. When shopping for new web filtering and web security software, keep the following features in mind:

  1. Web filtering should be very granular; meaning access to certain websites can be permitted or blocked based on an employee’s job requirements, the time of day, and the category of website. This will allow for easier administration of the software. Once configured, frequent changes should not be needed.
  2. Internet monitoring software should be able to protect the business from a variety of malware, spyware, and viruses. This is usually done using more than one type or version of virus/spyware engine. At minimum, at least two different types of virus/spyware protection should be included in any internet monitoring software you are considering.
  3. The solution should allow you to monitor and/or block certain downloads when necessary. You should also be able to block specific file types, such as mp3s, video files and zipped files, among others.
  4. Make sure that the web security solution you’re using is able to detect and warn users of possible phishing websites. Basically, this feature should tell the user whether he/she may be accessing known or suspected fake websites instead of the one they think they are actually linking to.
  5. Encrypted traffic should be inspected by internet monitoring software since it is one of the common ways of getting malicious traffic past firewalls and intrusion detection systems.
  6. Monitoring of outbound internet traffic will assist in preventing leakage of sensitive data/information either from an insider (i.e. employee or contractor) or from malicious software that is sending sensitive information to another location.

While this is not an all-encompassing list, it provides you with main features to look for when researching and selecting internet monitoring software to protect your business against any web security threats.

Editor note: This guest post was provided by Sean McCrearyon behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI Internet Monitoring Software.

Disclaimer: All product and company names herein may be trademarks of their respective owners.