Helping you Piece IT Together

 

Home Previous About Us Our Services Whitepapers Resources Newsletter Links News Contact Us Search
 

Visit Our Blog

 


 

 

Issue February 2007

Welcome to the February  of BH Consulting's Security Watch Newsletter.   In this month's packed issue we bring you some interesting news stories including details of the Irish Cyber Crime Survey, the results from Safer Internet Day, how to secure laptops, an overview of Identify federation with ADFS, discuss Microsoft SQL Server security and how to monitor access to the system registry.

 

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

 Focus IrelandSupport Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

BH CONSULTING NEWS
Security Watch Blog Reaches Final of the Irish Blog Awards.

Despite our Security Watch Blog being active for only a short while, we are delighted that it has been selected as a finalist under the Best Business Blog Category for the Irish Blog Awards 2007.  Many thanks to our readers and subscribers who contribute to our Blog and made this nomination possible.  The awards happen on the night of March the 3rd and we will update you all with how we do in our next newsletter and of course on the Blog.

BH Consulting Supported Safer Internet Day
BH Consulting proudly supported Safer Internet Day which fell on the 6th of February 2007.  There was some good coverage of the event in both national papers and also on TV3's Ireland AM program.

The theme for this year was "Crossing Borders" and countries from all around the work participated in the event.  For this year’s event schools in Ireland have been working with partner schools in Portugal, Estonia, and Denmark as part of a competition that combines the educational use of Information and Communication Technology (ICT) with raising awareness of the risks of using the internet and mobile phones.  More details of the day are available on our Security Watch Blog.

A survey conducted as part of Safer Internet Day highlighted some of the issues facing younger people when using online services.   A key finding from the survey shows 57% of young people make their online social network profiles public and disclose a great deal of personal information.  More details on the results of this survey are also available on our Security Watch Blog.

Brian Honan Interviewed by the Irish Times
TJX released more details on the security breach which exposed their customers' credit card details to hackers.  The attack is now believed to be more significant than first thought.  More importantly from an Irish perspective is the breach is now believed to have impacted on Irish customers of TK Maxx.  The Irish Times discussed with Brian the impact this could have on affected customers and what concerned customers should do in response to this breach.

BH CONSULTING WEBSITE UPDATE
 We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of whitepapers available for download free from our white papers page.

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

Irish Cybercrime Survey Released
The Irish Chapter of the Irish Information Systems Security Association and University College Dublin’s Center for Cybercrime Investigation recently released the results of the first comprehensive survey on the impact on cybercrime on companies and organisations in Ireland, the Irish CybercrimeSurvey 2006.

This is a significant event for those of us working in the Information Security field within Ireland as up until now we have depended on surveys from other sources such as the annual CSI/FBI Computer Crime and Security Survey, Ernst & Young’s Survey or others provided by vendors such as Symantec’s Internet Security Threat Report. While all these surveys provide valuable information and insight into the upcoming trends and issues we should be aware of, they provided very little hard facts that we could use to convince Irish senior management to invest scarce Euros into information security initiatives.

The main problem being many companies that take part in the above surveys are much larger than those here in Ireland thus undermining any like for like comparisons. The argument is further weakened when the figures for items such as the average costs of security breaches are quoted in US dollars as the listener immediately thinks this is not relevant to them.

The Irish Cybercrime Survey now provides us with hard data that is relative and pertinent to the Irish IT environment and will hopefully act as a wakeup call to business people who think their company is too small to be a target of cybercrime.

Some key statistics that got our attention were;

  • 98% of all organisations were impacted by cybercrime
  • 90% impacted by computer virus infection
  • 20% suffered losses > €100,000
  • 33% suffered losses > €50,000
  • 52% had incidents resulting in 10 man days to recover
  • 25% had incidents resulting in 50 man days to recover
  • 55% lost data as a direct result
  • 90% suffered loss in productivity
  • 12% of internal misuse resulted in criminal cases

Keep IT Secure on the Road
Windows Vista will include a nice Network and Sharing Center that lets you configure whether individual wireless networks are at home (and thus trusted), at work (also trusted, but usually configured differently), or public (a wireless AP at a café, airport, hotel, or other public space where you don't want other users to access your PC's files). But you don't have to jump into a time machine and run Vista to be secure on the road today. ... Click Here for more

Identity Federation with ADFS
Your organization might be one of the many that would like to share data with authorized external users over the Web. You’d like to make it easy for these suppliers or customers to connect to your resources by using their existing user account and not requiring them to establish an account on your system, but you need to be sure that only authorized users get access.......  Click Here for more.

No Joking About SQL Server Security
Security—or arguably the lack thereof—has long been an area in which Joe Public likes to poke fun at Microsoft. Because so many desktops worldwide run Windows, the popular press has countless opportunities for pointing out Microsoft’s foibles in this space. But it looks like Microsoft might be improving its security reputation, especially in the SQL Server realm.... Click Here for more.

Monitoring Registry Activity
Q. How can I monitor registry activity during logon and logoff? A. The Regmon tool, which you can download at http://www.sysinternals.com, is handy for monitoring registry access and modification. However, it runs as part of the interactive desktop, which means when you log off, the Regmon process terminates. To solve this problem, ... Click Here for more

Reminder - SANS Training Coming to Dublin
SANS will be hosting a training event at the Red Cow Moran Hotel from April the 16th to the 21st 2007. The courses being offered are;

SEC401: SANS Security Essentials Bootcamp

SEC503: Intrusion Detection In-Depth

SEC504: Hacker Techniques, Exploits & Incident Handling

For those of you interested in attending now may be a very opportune time to book the course given the current Euro to dollar rate. This in effect gives you a 30% discount on the course price. More details of the event are available at SANS

FREE SECURITY SCAN
 In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.