BH Consulting Security Watch Newsletter

Helping you Piece IT Together

Issue December 2006

In this month's issue of our Security Watch Newsletter we update you on some of the latest happenings at BH Consulting, highlight a research project on Radicalisation and Terrorist Recruitment on the Internet, information security predictions for 2007, highlight the SANS Dublin event, remind you about our Security Watch Blog and provide some interesting news stories from around the world.

Christmas Wishes
We would like to take this opportunity to wish all our readers a very happy and peaceful Christmas and we also hope that 2007 is a very prosperous and secure New Year to you all.

As part of our Community Responsibility Programme BH Consulting is not sending out Christmas cards this year, instead we have donated money to two very worthy charities who do sterling work in helping those less fortunate than ourselves;

The Central Remedial Clinic
The Central Remedial Clinic the national centre for the care, treatment and development of children and adults with physical and multiple disabilities. Services are provided for people with physical conditions ranging from the very rare to the more familiar, such as cerebral palsy, spina bifida, muscular dystrophy and arthrogryposis. The staff at the CRC do sterling work in helping children and adults reach their potential and a sign of their success is the many smiling faces of the children who attend the Clinic. While the Clinic is largely funded by the state there are still significant shortfalls that need to be made up from voluntary donations. If you have missed the CRC's Santa Bear "Buy a Bear and Show You Care" Appeal, then please consider making an online donation.

Focus Ireland
The other is Focus Ireland who support the homeless throughout Ireland. Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy. The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to campaign and lobby for the rights of people out-of-home and the prevention of homelessness. No sum is too small and all is put to excellent use so please consider donating to this worthwhile cause.

If you have found our Security Watch newsletter or our Blog to be of use or of interest, we ask you to make a donation to either of the above charities. No sum is too small and all is put to excellent use.

We wish you, you colleagues and your families a Very Peaceful and Merry Christmas And a Secure and Prosperous 2007!!

Nollaig Shona daoibh go léir agus Athbhliain faoi shéan is faoi mhaise daoibh, agus go mba seacht fearr sinn go léir ag an am seo ar an bhliain seo chugainn!

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

BH CONSULTING NEWS
Brian Honan Interviewed by Irish Times Regarding the Ongoing CERT Project
BH Consulting's Senior Consultant Brian Honan has been working for a number of months in his spare time researching whether or not Ireland needs a Computer Emergency Response Team. This has involved talking to various Government bodies, organisations of various sizes and in different industries and engaging with industry representative bodies to determine the level of interest and requirements in such a service.

On Friday the 1st of December the Irish Times newspaper published an article on the project's progress thus far and it is available online. Also a similar article appeared on the SiliconRepublic.com. If you have any thoughts or comments on this project please let us know.

BH Consulting Advises on Email Security
The latest issue of the Knowledge Ireland magazine published an article on email security. Brian Honan was interviewed extensively for this article and outlined how organised criminal gangs are becoming more and more involved in cyber crime and using email as a means to target individuals and companies. Brian also pointed out that companies need to ensure they have a secure email infrastructure to protect themselves from potential legal issues arising from staff abusing the systems. If you require any assistance on how to develop and implement acceptable usage policies or how to architect and implement a secure email infrastructure then please do not hesitate to contact us.

Security Trends for 2007
The SANS Institute published its top 20 predictions relating to information security for 2007. The list was compiled by "twenty respected leaders in cyber security", of which our Senior Consultant Brian Honan is one. SiliconRepublic.Com covered the report as did the British Computer Society. A downloadable version of the list in Adobe Acrobat format (PDF) is available from the British Computer Society here.

Terrorist Radicalisation & Recruitment on the Internet
The Institute for European Studies has launched a Blog to support its research into the topic of Terrorist Radicalisation & Recruitment on the Internet. The purpose of the project is to identify what would be involved in providing some means of preventing European citizens from accessing terrorist radical and recruiting content on the web.

This research includes looking into the legal, social, economic and technical requirements and ramifications implementing such a system would have to support this goal. BH Consulting, through our senior consultant Brian Honan, has already provided some feedback to the Institute on the technical implications and how feasible it would be to try and block access to such content.

The Institute is eager to hear the views of others and to get their insight and input into this important topic. If you have any feedback on this subject then please access the Institute’s Blog and share your thoughts.

Security Watch Blog.
BH Consulting launched our Security Watch Blog in November. The Security Watch Blog is intended be a valuable and informative resource for those concerned with information security. So far the feedback has been very positive and supportive. Visit the Security Watch Blog yourself and let us have your feedback.

BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of whitepapers available for download free from our white papers page.

The following whitepapers are available for free download;

Information Security

Incident Handling and Management (91 KB)
Business Risks Relating to Email Security (102 KB)
BS 7799 to become ISO 27001 (51 KB)
Best Practises for Log Management (2.9 MB)
Computer Security Assurance Checklist (47 KB)
Network Security for the Small to Medium Business (Presentation to the Irish Small Business Server User Group) (494 KB)
Computer Viruses Threats and Solutions (83 KB)
Presentation on "An Overview of SPAM" (252 KB)
"Everything You wanted to know about SPAM" (66 KB)
Overview of Firewalls (81 KB)
Corporate ID Theft (139 KB)
Improving Security - Incident Response (Presentation at NITeS Summit 2006) (773 KB)
US Cyber Consequences Unit Cyber Security Check List. (265 KB)
GOVCERT.NL's "Digital Threats at Home" Security Awareness Video (Windows Media Format 28 MB)
GOVCERT.NL's "Botnet Movie" Security Awareness Video (Windows Media Format 18 MB)

IT Operations

Developing an Internal Service Level Agreement. (65 KB)
ITIL and BS 15000 (55 KB)
Successful Outsourcing for the Small to Medium Business (82 KB)
Considerations for Network Backup (106 KB)
Achieving Support Excellence (63 KB)

Other

An Introduction to BH Consulting (351 KB)
BH Consulting Company Brochure (81 KB)
BH Consulting Security Assessment Brochure. (84 KB)

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

Greek Authorities Fine Vodafone €76 Million for Network Breach
During the 2004 Greek Olympics persons unknown broke into the Vodafone network and installed surveillance software to monitor the calls of over 100 people including the personal mobile phone of the Greek Prime Minister. Greek authorities have not been able to find who was responsible for the breach. One of the reasons given is that Vodafone apparently removed the surveillance software before the authorities were informed. The investigations were also hampered by the suicide of an engineer employed by Vodafone who worked on the affected system... Click Here for more

Skype Worm
ZDNET reports that a new worm that uses Skype to propagate has been discovered and is active. Skype provides many users with Voice Over IP telephone services and is probably the most popular VOIP application. Security concerns have been raised in the past about the way Skype works and indeed this worm exploits one of those concerns. The worm is spread using the Skype Chat (instant messaging) feature to transfer the infected file from one system to another... Click Here for more.

ID Theft Gang use Encryption to Foil Police
Three cyber criminals have been convicted in the UK for their part in a gang that stole identities and credit card details from people over a number of years. The interesting twist to this story is one of the criminals managed to activate an encryption routine while in handcuffs that encrypted the contents of numerous computers. Police have so far been unable to break the encryption and believe that the encrypted data holds evidence to even more crimes this gang has been involved in. A good demonstration as to how encryption can be used for good, to protect our own data, and evil, to protect the criminals' data. ... Click Here for more.

SANS Training Coming to Dublin
The SANS Institute will be hosting a training event at the Red Cow Moran Hotel from April the 16th to the 21st 2007. The courses being offered are;

For those of you interested in attending now may be a very opportune time to book the course given the current Euro to dollar rate. This in effect gives you a 30% discount on the course price. More details of the event are available at SANS Click Here for more.

Zero Day Flaw Tracker
The folks at eEye Security have launched their Zero Day Tracker page which lists current 0 day vulnerabilities by order of days of exposure. A Zero Day Vulnerability is one that is known to the those who discovered the flaw and is not made available to the vendor of the affected product or to the public in general. As a result these flaws can be a very effective means to attack a network or system as due to their nature they are difficult to defend against. The list provides a timer to show how many days it is taking a particular vendor to develop a fix for the reported problem. It also provides information on the flaw and what steps you can take to protect against them. Needless to day the three latest Microsoft Word 0 Day vulnerabilities, which are being actively exploited, are listed... Click Here for more.

FREE SECURITY SCAN
In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan.

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting. If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here. To unsubscribe click here