|
| |
 Issue June 2005
In the June/July issue of Security Watch, we
bring you the latest security alerts, plus we look at how creating
organizational units within Active Directory can help you manage permissions and
rights, we stress the importance of including defence-in-depth in your security
strategy, we offer 4 tips for avoiding identity theft and 5 tips for using a
public PC safely. In addition we dispel 4 security myths, offer a primer on
security notifications and what they mean to you, and suggest how to keep
network attacks at bay.
About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting
firm to assist clients gain a competitive edge by achieving IT Operational
excellence in deploying, managing and securing their IT infrastructure. With
over 20 year’s experience, we provide you with access to in-depth expertise,
experience and technical know-how. Backed with our quality processes and
commitment to deliver, BH Consulting provides clients with quality solutions at
cost effective rates.
MALWARE THREAT WATCH
* Current level: NORMAL
(Levels: Normal Risk, Elevated Risk, High Risk, Critical) Malware = Malicious
Software
Click
here for more details.
RECENT SECURITY
ALERTS AS OF June 3
* Microsoft (1)
* Red Hat (17)
* SuSE (1)
* Sun (8)
Click
here for more details.
Keeping Network Attacks at Bay
I find it valuable to separate network attacks on IIS servers into
two groups - those that are specific to http (ports 80 and 443) and those that
aren't related to http, such as attacks on other services (e.g., FTP or Telnet)
running on the server... Click
here for more details.
Empower Support Staff Without Sacrificing Control
As an organization grows, so does its IT staff. What once was a small
group of trusted individuals is now an organization itself and along with that
comes added risks from change control failures as well as unscrupulous or
disgruntled employees... Click
here for more details.
The Necessity of Defence-in-Depth
No single defence is impenetrable and no information security strategy is
complete without incorporating the concept of defence-in-depth. Defence-in-depth
is far from a new idea... Click
here for more details.
Fight 'Phishers': 4 Tips to Avoid Identity Theft
Criminals are using emails to lure victims onto fake Web sites. At these sites,
the victims willingly enter their own credit card numbers, bank account numbers,
and other important information. This is called "phishing"... Click
here for more details.
Danger, Danger: 5
Tips for Using a Public PC
There's a guy in New York who may have gotten into your personal business. If he
did, he probably looted your online bank account. Juju Jiang is now serving time
after pleading guilty. But for a couple years, he bugged public computers at
Kinko's with software that logged keystrokes. He used it to capture usernames
and passwords. Some he used to steal money; others he sold on the Web... Click
here for more details.
Dispelling 4 Security Myths
Security configuration changes and guides have been around for about 10 years in
the Windows world, longer in other areas. The original Windows NT 4.0 guides
that were published by the U.S. National Security Agency and the SANS Institute
were basically just lists of changes, with a little bit of rationale behind each
setting but no overall cohesiveness... Click
here for more details.
Security Notifications and You
Microsoft calls them Security Bulletins, Red Hat calls them Security Advisories,
and Novell calls them either Security Advisories or Security Announcements.
Whatever they're called, they all have the common purpose ... Click
here for more details.
This issue of Security Watch is being brought to you by BH Consulting Each
Security Watch eNewsletter, and the special Security Alert issues, are produced
independently by the Windows IT Pro Custom Media Group and is distributed by
various Microsoft security partners. Each eNewsletter contains up-to-date
information about security strategies, technologies, and alerts. Each Security
Alert contains the latest information about security threats.
To update your subscribe to our newsletter
click
here. To unsubscribe click
here
|
