|
| |
 Issue
December 2005
In this issue of our Security Watch Newsletter, we bring you the latest
security alerts, plus we look at the latest SANs Top 20 vulnerability list,
tools to help you test the security of your network, how to make users aware of
information security risks, what to do if one of your PCs becomes infected, a
discussion about Phishing and how to minimise the threat to your network from
rogue machines.
About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting
firm to assist clients gain a competitive edge by achieving IT Operational
excellence in deploying, managing and securing their IT infrastructure. With
over 20 year’s experience, we provide you with access to in-depth expertise,
experience and technical know-how. Backed with our quality processes and
commitment to deliver, BH Consulting provides clients with quality solutions at
cost effective rates.
NEWS
Some news that we think may be of interest to you;
A survey carried out on behalf on the MakeITsecure initiative,
http://www.makeitsecure.ie, finds few users know about SpyWare and
Phishing.
http://www.siliconrepublic.com/news/news.nv?storyid=single5699
Statistics from the Information Security Management Systems (ISMS) International
User Group and from Ernst & Young indicate the adoption of the BS 7799
information security standard is increasing.
http://www.itweek.co.uk/itweek/analysis/2145504/offshoring-pushes-bs7799
European committee approves extension to data retention law
http://www.europarl.eu.int/news/expert/infopress_page/013-2689-328-11-47-902-20051118IPR02597-24-11-2005-2005--false/default_en.htm
http://management.silicon.com/government/0,39024677,39154561,00.htm
Dot-eu domain to go live.
http://management.silicon.com/government/0,39024677,39154771,00.htm
http://news.zdnet.co.uk/0,39020330,39240109,00.htm
BH Consulting website update
We strive at BH Consulting to provide information that
is relevant and useful in securing and running your business. To this end we
have updated our range of whitepapers and the following are now available for
free download from our
website;
MALWARE THREAT WATCH
Current Threat Level - Normal
Risk Synopsis:
The Sober worm continues to be very active. During one day in the month of
November five variations of the Sober worm were detected. An uncommonly seen
threat is an executable Linux file (ELF), which is a command line tool used in
connecting to various ports. ELF’s can be used to connect back to remote
malicious users, providing them a shell to control an affected system. To
propagate, ELF takes advantage of the XML_RPC PHP vulnerability, which is found
in several applications. Worms and malware can be combated if necessary patches
are up to date and a defensive group policy is implemented and enforced.
Click
here for more details.
Get more information on the latest updates on current threats at our
website;
FEATURES
SANS Says Attack Vectors Have Changed
The SANS (SysAdmin, Audit, Network, Security) Institute has recently
released its Top 20 Internet Security Vulnerabilities report. SANS said a
significant percentage of attack vectors have moved from operating systems to
applications and that administrators need to be aware of this fact.... Click
here for more details
Password Cracking Made Easy
Many of you probably test the strength of your users' passwords now and
then to ensure that people are picking something strong enough to resist attack.
Others of you might test password strength as part of your consulting services
for various.... Click
here for more details.
Security Awareness: Win Users Over to Your Company Policy
You can't configure your way to systems security. Passwords are a perfect
case in point. Windows has five separate policy settings designed to force users
to select hard-to-guess passwords—and a determined user can overcome every one
of them if.... Click
here for more details.
Dealing With An Infected PC
There is no shortage of articles these days on how to prevent SpyWare,
viruses, and other unwanted software from invading your computer. But many
people already have an infected PC. What can you do if you think your computer
is affected by.... Click
here for more details.
Hooked On Phishing
One way to hook a fish is to use a lure so realistic that the fish thinks it’s
food. Phishing on the Web works the same way. Thieves send an email message or
instant message that appears to come from a reputable company. It capitalizes on
your.... Click
here for more details.
Mitigating the Threats of Rogue Machines—802.1X or IPsec?
Rogue computers are some of the scariest things to infest your network. You go
to great lengths to build a protected network, you keep your clients current
with updates and anti-malware signatures, and yet you still suspect that
these....Click
here for more details.
FREE SECURITY SCAN
In partnership with Qualys, BH Consulting
are offering a for a free Network Security Scan so you can check how healthy
your network is. To find out more about what this service can do for you, visit
our free Network Security Scan.
Alternatively contact
us
or visit our website to get more details on our
risk assessment service.
This issue of Security Watch is being brought to you by BH Consulting.
Each
Security Watch eNewsletter, and the special Security Alert issues, are produced
independently by the Windows IT Pro Custom Media Group and is distributed by
various Microsoft security partners. Each eNewsletter contains up-to-date
information about security strategies, technologies, and alerts. Each Security
Alert contains the latest information about security threats.
Additional news courtesy of Cnet,
Silicon and
Zdnet
To update your subscription to our newsletter
click
here. To unsubscribe click
here
|
