|
Issue
October 2007
Welcome to the October edition of BH
Consulting's Security Watch Newsletter. In this month's issue we provide some
updates to what has been going on in BH Consulting, help those of you with a
mainframe system learn about Windows interoperability, provide a guide to
setting up a VMWare environment, how to use saved queries with Active Directory
and provide some news items from around the world.
About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting
firm to assist clients gain a competitive edge by achieving IT Operational
excellence in deploying, managing and securing their IT infrastructure. With
over 20 year’s experience, we provide you with access to in-depth expertise,
experience and technical know-how. Backed with our quality processes and
commitment to deliver, BH Consulting provides clients with quality solutions at
cost effective rates.
 Support
Focus Ireland
If you have found any items in our
Security Watch Newsletter to be of use to you we ask that you
make a donation to
Focus Ireland who
work tirelessly supporting the homeless throughout Ireland. Focus Ireland
aims to advance the right of people-out-of-home to live in a place they call
home through quality services, research, and advocacy. The objectives of
Focus Ireland are to respond to the needs of people out-of-home and those at
risk of becoming homeless, through a range of appropriate high quality services,
to provide emergency transitional and long-term accommodation for people
out-of-home, to campaign and lobby for the rights of people out-of-home
and the prevention of homelessness. No sum is too small and all is
put to excellent use.
BH CONSULTING NEWS
BH Consulting Comments on
Eircom Wireless Security Issue
In response to the recent discovery that Eircom implemented WEP security on
their customers' wireless broadband routers with an insecure key our senior
consultant Brian Honan was interviewed by the
Irish Times regarding this issue. The
article is available to read
here and Brian has given more insight and
thoughts on the issue in our
Security Watch Blog.
BH Consulting's
Security Watch Blog Selected as Irish Time's "Blog of the Week"
John Collins provided readers of the Friday 5th
of October edition of the
Irish Times with an
overview of our Security Watch Blog and
selected it as the Irish Times Blog of the Week. John provided a very
flattering overview of what we are trying to achieve with our Blog. If you
have not yet visited our Blog please do so and join in the discussions.
Sunday Times Discuss Cyber
Attacks with Brian Honan.
Our Senior Consultant, Brian Honan, was interviewed by the Sunday
Times for their October the 7th edition which contained an article on cyber
attacks against irish interests.
Brian Honan
Keynote Speaker at two Microsoft Events
October saw Brian Honan being the keynote speaker for two
Microsoft Ireland seminars focusing on
information security. On October 11th,
Microsoft ran a
IT Professional Security Training Event, while
the seminar on October 12th was a
Developer Security Training Event. Brian
discusses the two days and how he feels Microsoft have improved on security on
our
Security Watch Blog.
BH Consulting
in a SPIN.
The radio station SPIN 103.8 interviewed Brian Honan on their
lunchtime radio show to discuss cyber crime and the risk it poses to people's
computers. Brian outlined some of the simple steps people can take, such
as not clicking on links and attachments in unexpected emails, using updated
anti-virus software and a personal firewall to protect their computers.
BH Consulting in Irish
Independent Corporate Security Supplement.
The Irish Independent newspaper included a supplement on Tuesday the 23rd of
October. The theme for this supplement was “Corporate Security”. Our Senior
Consultant Brian Honan was quoted within two articles in the supplement;
“Cell Phones Pose New Risks to Businesses” where Brian highlighted the threat
mobile devices can pose to information security.
“Policy is Paramount for Security”, in this article Brian tries to help
businesses understand that technology alone will not address the various
security threats to a company’s information. Companies need to also address the
“policy and people” issue. The article also includes a reference to our
“Corporate Security Assurance Checklist” whitepaper to assist senior business
people ensure the three elements of People, Process and Technology for
information security have been addressed.
We have been kindly granted permission to make the Corporate Security Supplement
available via our
website. It is a PDF file and approx 3 MB in size.
"Managing
Information Security with ISO 27001" Training Course Scheduled for
November 2007
BH Consulting and the
Centre for Software Engineering are hosting a
two day course
“Managing Information Security with the ISO 27001
Information Security Standard”. This course provides a framework that
will enable those responsible for securing sensitive information assets using a
quality based approach to identify key assets and how best to manage the
associate threats and risks.
The subjects covered include:
- Overview of information security
- Introduction to the ISO 27001 Information Security
Standard
- Identifying key information assets
- Identifying risks
- Strategies for mitigating and managing risk
- Implementing appropriate security controls
- Monitoring the effectiveness of security controls
Anyone interested in the above course can
contact us or find more information available
on the
Centre For Software Engineering’s website.
BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is
relevant and useful in securing and running your business. To this end we
provide a range of free whitepapers available for download
free from our
white papers page.
LATEST THREAT LEVELS
Get more information on the latest updates on current threats at
our online resources page;
FEATURES
SAFECode Initiative Launched
At the recent
RSA Conference Europe a number of companies
such as
Microsoft,
Symantec,
Juniper,
SAP
and EMC
Corporation launched the
SAFECode initiative.
SAFECode is an industry initiative founded by
the above companies to develop and promote better software assurance practises
amongst the world’s developers. Each of the above companies will make available
their expertise and experience to introduce methodologies for developers to
employ in ”ensuring that software functions as intended without introducing
vulnerabilities, malicious code, or defects that can bring harm to the end
user.”... Click
Here
for more
A
First Look at Windows and Mainframe Interoperability
Data centers continue to see an increase in the mix of mainframes and servers
that support operational and line-of-business (LoB) applications. Not only that,
but enterprises across the world, particularly Fortune 500 companies, still have
a huge investment in legacy code running on mainframes (think CISC and IMS).
Because this code may be running on mainframes for a long time to come, systems
integrators and application programmers must be... Click
Here for more.
Installing VMware Infrastructure
Chances are, you've got a wireless network that you're not entirely in control
of. Or perhaps you've carefully deployed wireless in your environment, and
you've mistakenly believed that you could just set it and forget it. You can do
that with many computing technologies, but beware doing it with wireless! I
spoke recently with Charles Thompson, manager of sales engineering at Network
Instruments, and he gave me some best practices to share... Click
Here
for more.
Simple Saved Queries for Active Directory
The saved queries function in the Microsoft Management Console (MMC) Active
Directory Users and Computers snap-in lets you create, save, and organize
queries that you'll use repeatedly for administering Active Directory (AD)
objects. You can create queries using the wizardlike options on the New Query
dialog box, or you can define custom searches that can be used to gather
whatever objects you like simply by keying in your own LDAP...
Click
Here
for more.
ISF Releases The Standard of Good Practise
The
Information Security Forum have released the latest version of the Forum’s
“The Standard of Good Practise”. This is an excellent resource for anyone
tasked with identifying controls to improve the security of the information and
systems in their charge.
“The Standard of Good Practise” is broken down into the following key
sections;
-
Security Management
-
Critical Business Applications
-
Computer Installations
-
Networks
-
Systems Development
-
End User Environment
At over 372 pages it is not a light read but
well worth the time to become familiar with.
Microsoft - We Share Your Pain Program
Ever wonder what happens when you click on the “send” button when the dialogue
box appears after an application crashes? This spoof video from Microsoft on the
“We
Share Your Pain” program may shed some light on that question.
FREE SECURITY SCAN
In partnership with
Qualys, BH Consulting
are offering a for a free Network Security Scan so you can check how healthy
your network is. To find out more about what this service can do for you, visit
our free
Network Security Scan.
Alternatively contact
us or visit our website to get more details on our
risk assessment service.
This issue of Security Watch is being brought to you by BH Consulting.
If you have found this issue to be of use please support our drive to raise funds
for
Focus Ireland.
Each
Security Watch eNewsletter, and the special Security Alert issues, are produced
independently by the Windows IT Pro Custom Media Group and is distributed by
various Microsoft security partners. Each eNewsletter contains up-to-date
information about security strategies, technologies, and alerts. Each Security
Alert contains the latest information about security threats.
Additional news courtesy of
Silicon Republic,
Cnet,
Silicon and
Zdnet
To update your subscription to our newsletter
click
here. To unsubscribe click
here
| 
