Helping you Piece IT Together

 

Home Previous About Us Our Services Whitepapers Resources Newsletter Links News Contact Us Search
 

Visit Our Blog

 


 

 

Issue March 2007

Welcome to the March edition of BH Consulting's Security Watch Newsletter.   In this month's issue we provide some updates to what has been going on in BH Consulting, highlight some interesting news stories from around the globe and outline a disaster recovery checklist, discuss database vulnerabilities and we then provide information on how to secure Microsoft SQL Server.

 

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

 Focus IrelandSupport Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

BH CONSULTING NEWS
Security Watch Blog Reaches Final of the Irish Blog Awards.
We would like to thank all those who supported us in the is year's Irish Blog Awards 2007 in the Best Business Blog Category.  While we did not win the award, Ice Cream Ireland  deservedly won, being selected for the final was a cause of great celebration to us.

Before the awards Brian Honan took part in a podcast other finalists in the Best Business Blog category.  We talked about the benefits Blogging can bring to your organisation and what things you should think about if you are considering jumping into the business Blogosphere.  It was a very interesting podcast and one we would encourage you to listen to, it is now available for download (MP3 format 9MB).  We are planning to make this a regular series of podcasts and welcome any ideas or suggestions regarding topics that you would like us to cover.

BH Consulting presents "Managing Information Security with ISO 27001"
Information security is becoming more and more a business critical issue as executives and IT professionals are responsible for ensuring the safeguarding of client information, corporate data and compliance with various regulatory and legal requirements.

The ISO 27001 Information Security Standard enables those responsible for securing corporate information and associated assets to demonstrate they have taken a very powerful step in complying with internationally recognised best practices in information security.

BH Consulting and the Centre for Software Engineering are hosting a two day course “Managing Information Security with the ISO 27001 Information Security Standard”. This course provides a framework that will enable those responsible for securing sensitive information assets using a quality based approach to identify key assets and how best to manage the associate threats and risks.

The subjects covered include:

  • Overview of information security
  • Introduction to the ISO 27001 Information Security Standard
  • Identifying key information assets
  • Identifying risks
  • Strategies for mitigating and managing risk
  • Implementing appropriate security controls
  • Monitoring the effectiveness of security controls

More information is available from the Centre For Software Engineering’s website

Brian Honan Presents to the Institute of Certified Public Accountants.
The Institute of Certified Public Accountants in Ireland (CPA) recently held their "Effective Implementation & Management of IT Systems" IT conference.  Brian Honan was invited to address the conference on the topic "Information Security - what is it and why should I care?"

BH Consulting has established and experienced speakers who have addressed many key industry events.  If you wish to invite BH Consulting to speak at an event please contact us

BH CONSULTING WEBSITE UPDATE
 We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of whitepapers available for download free from our white papers page.

This month the podcast involving all the finalists in this year's Best Business Blog category in the Irish Blog Awards is available.

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

Latest Symantec Internet Threat Report
Symantec’s latest Internet Security Threat Report claims that online criminals are exchanging stolen full identities for between $14 and $18. A full identity includes the victim’s Social Security number, bank account details including passwords and other personal information such as date of birth and the mother of the victim’s maiden name. The main victims of online identity theft appear to be US citizens with 86% of the credit and debit cards advertised for sale on the online underground issued by U.S. based banks.

Elsewhere in the report Symantec claim to have seen an 11% rise in the use of Bot networks, with China accounting for 26% of all Bot networks. The number of bot-infected computers in Europe, Middle East and Africa (EMEA) increased by 130 percent from the 1 million seen during the first half of 2006. U.S. sites were also the victim of 52% of all DOS attacks.

While the report makes depressing reading as it highlights the sheer volume of online criminal activity it is worth looking at to simply better understand the attack trends and the mindset of those who you need to protect your networks from.

If you are not up to reading the 104 page report, Symantec provides a podcast which outlines the key findings, while a flash presentation is also available.

Internet Auction Fraud Most Commonly Reported Online Crime
According to the 2006 annual report released by the U.S. Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), Internet auction fraud is the most commonly reported online crime. 45% of the 207,492 complaints received by the IC3 in 2006 related to auction fraud which was down significantly from the 2005 figure of 65%. Overall the reported number of complaints received by IC3 is down 10% from the 2005 figures but the total dollar cost of these crimes is up to $198 million in 2006 from $183 million in 2005. The overall average sum per complaint was $724.

Along the same theme, with April fools day (April 1st) approaching the Irish National Consumer Agency has launched a campaign to make Irish consumers more aware of scams which, among other forms, can happen via e-mails, Internet sites, text messages and phone calls. As April also coincides with the maturation of many of the SSIA (Special Savings Incentive Account) scheme sponsored by the Irish Government, this is a timely warning. The SSIA scheme was started 5 years ago in a bid to encourage Irish people to save more money. To encourage the saving habit the Irish Government offered a guaranteed 25% bonus on each saving scheme that matured at the end of the 5 year saving period. There are concerns that many of these SSIA savers will be targeted by scams to relieve them of their hard earned savings.

Monthly Report on OS Security Vulnerabilities
Nobody likes security patching but for the time being at least, it's a necessary evil for everyone regardless what operating system you use. With this issue we begin a monthly summary of security bulletins for three leading operating systems: Red Hat Enterprise Linux ES (v. 4), SUSE Linux Enterprise Server 10 and Windows Server 2003 Enterprise Edition. We don't intend for you to use this as a trigger for your patch management......  Click Here for more.

New Type of Database Vulnerability on the Rise
In 2007, database professionals need to be vigilant in monitoring their database communication protocols for potential security vulnerabilities. In a recent conversation with our editors, Amichai Shulman, CTO at Imperva (http://www.imperva.com) and Alan Norquist, Imperva’s vice president of marketing, offered their insights about the new kinds of vulnerability exploits that database professionals might see in upcoming months. Shulman, who is.... Click Here for more.

Lockdown.sql
The simple Lockdown.sql T-SQL script configures a SQL Server 2000 instance to the most secure baseline configuration possible. From this point, the DBA can simply enable the functionality needed for that instance. Although some DBAs typically lock down security holes as they emerge, Lockdown.sql secures all vulnerabilities and requires you to specifically open up functionality that might not automatically be available because it introduces a..... Click Here for more

Disaster-Recovery Checklist
Step 1: Create a Disaster Recovery Plan (DRP) Planning Team? Choose team members who have decisionmaking approval and sufficient authority to gather information companywide. Define team members’ responsibilities. Create a clear organisational chart that outlines who is responsible for each aspect of disaster-recovery planning. Step 2: Evaluate Your Business Processes Evaluate and rank .....  Click Here for more

Reminder - SANS Training Coming to Dublin
SANS will be hosting a training event at the Red Cow Moran Hotel from April the 16th to the 21st 2007. The courses being offered are;

SEC401: SANS Security Essentials Bootcamp

SEC503: Intrusion Detection In-Depth

SEC504: Hacker Techniques, Exploits & Incident Handling

For those of you interested in attending now may be a very opportune time to book the course given the current Euro to dollar rate. This in effect gives you a 30% discount on the course price. More details of the event are available at SANS

FREE SECURITY SCAN
 In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.