Helping you Piece IT Together

 

Home Previous About Us Our Services Whitepapers Resources Newsletter Links News Contact Us Search
 

Visit Our Blog

 


 

 

Issue May 2007

Welcome to the May edition of BH Consulting's Security Watch Newsletter.   In this month's issue we provide some updates to what has been going on in BH Consulting, highlight some interesting news stories, discuss how to control user access to removable devices, how to achieve email retention using Microsoft Exchange Server 2007 and highlight the fight against image Spam.

 

 

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

 Focus IrelandSupport Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

BH CONSULTING NEWS
Brian Honan to Speak at COSAC 2007.
Our Senior Consultant, Brian Honan, has been selected to address the 14th COSAC International Computer Security Symposium in September of this year.

Brian will present to the symposium the lessons learnt from his work to establish an independent, trusted and vendor neutral Computer Emergency Response Team to provide services to businesses, organisations and citizens in the Irish Republic.

Brian will share with attendees the various steps and pitfalls that can face anyone looking to set up their own CERT team, be that at a departmental, company, sector level or larger. More details on Brian's presentation are available at the COSAC website.

COSAC is a highly prestigious event with many quality speakers and topics scheduled over the three days. Best of all it is located in Ireland which provides Irish professionals with easy access to some of the industry’s best speakers. Registration for the event is available on the COSAC registration page.

Brian Honan Published in ISSA Journal
The May issue of the ISSA Journal, published by the Information Systems Security Association, contains an in-depth article written by Brian Honan on the methodologies and processes to be used when dealing with an outbreak of malicious software, otherwise known as malware, within your organisation.  Brian provides readers of the ISSA Journal with guidelines on how to detect, contain, eradicate, remove and recover from infections caused by malware such as computer viruses, worms, Rootkits or SpyWare.  The ISSA Journal is published to the global membership of the Information Systems Security Association.

Brian Honan Addressed the Information Technology Association Galway.
The Information Technology Association of Galway (ITAG) invited Brian Honan to address their May meeting on the subject of "Incident Response - Preparing for the Inevitable".  ITAG was established in 2000 representing international and indigenous IT companies based in Galway with the aim to promote, strengthen and grow the information Technology industry in Galway.  Despite it being one of the hottest evenings of the year thus far and the Champions League semi-final featuring Manchester United clashing with the event, the turnout was excellent and the feedback from the talk was very positive.

"Managing Information Security with ISO 27001" Training Course Scheduled for September 2007
Due to the demand and interest generated in the above training course another date to host the event is being scheduled for September of this year. 

BH Consulting and the Centre for Software Engineering are hosting a two day course “Managing Information Security with the ISO 27001 Information Security Standard”. This course provides a framework that will enable those responsible for securing sensitive information assets using a quality based approach to identify key assets and how best to manage the associate threats and risks.

The subjects covered include:

  • Overview of information security
  • Introduction to the ISO 27001 Information Security Standard
  • Identifying key information assets
  • Identifying risks
  • Strategies for mitigating and managing risk
  • Implementing appropriate security controls
  • Monitoring the effectiveness of security controls

Anyone interested in the above course can contact us or find more information available on the Centre For Software Engineering’s website

BH CONSULTING WEBSITE UPDATE
 We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of free whitepapers available for download free from our white papers page.

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

OWASP Release The 2007 Top ten Web Application Vulnerabilities
The excellent work by OWASP continues and they have recently launched the Top 10 web Application vulnerabilities for 2007. The list is a must read for anyone responsible for developing and/or maintaining a web application. It is also equally important for those that are testing applications before they are put into production. This list should form the basis of any quality control checklist that may be used to determine if an application is “fit for use” before being deployed into production.

Anyone that is serious about coding secure web applications needs to look at this list and also the other excellent resources available on the OWASP website.  ... Click Here  for more.

CERTs To The Rescue
The recent civil unrest in Estonia over the removal of a statue commemorating a Soviet Soldier from World War II has spilt over into the online world.   Many of Estonia's websites have been under continuous attack through the past few weeks.  Some news sources claim that the attacks are being launched from within Russia, an allegation which Russia firmly denies.  The ferocity and duration of these attacks have raised concerns within NATO over how susceptible to attack online Government and business systems are and have deployed information security experts to Estonia to assist in defending against these attacks.  TF-CSIRT, the community for European Computer Emergency Response Teams, released a press statement highlighting the good work the European CSIRT teams have been doing to assist Estonia deal with this crisis.  The ease at which a county's online systems were taken off-line is a grave concern and one that perhaps Ireland should take particular note given that we are one of the few countries without a CERT team.  Our Security Watch Blog contains more information on this story...Click Here for more

Checking Audit Logs For Tampering
Is there anything built into Windows that can verify that the Security event log hasn’t been tampered with?  First, it’s important to understand that tampering with Windows event logs isn’t easy. One can’t open the Windows Security log and directly edit it because...  Click Here for more.

Step-by-Step Email Retention in Exchange 2007
Microsoft Exchange Server 2007 has the tools to help you achieve email-retention compliance both with current legislation and your company’s particular needs. These steps outline the procedure to limit Inbox items to three-month retention while holding all messages related to a specific account for five years... Click Here for more.

Fighting Image Spam
Spammers are clever. You can say lots of other things about them (most of which aren’t printable), but you have to give them their due: In the ongoing fight between spammers and antispam providers, the spammers continue to show a high degree of adaptability and resourcefulness. The latest example: image spam... Click Here for more.

Controlling User Access to Removable Storage Devices
Q: We want to control our users’ ability to use removable devices, such as USB flash drives, to prevent unauthorized software or malware from being introduced into our network and to keep users from removing information from our network. How can we control access to removable devices?... Click Here for more.

FREE SECURITY SCAN
 In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.