BH Consulting Securiy Watch Newsletter

Helping you Piece IT Together

Visit Our
Blog

Buy Our Latest Book

Issue March 2006

The main focus of this month's issue is on statistics identifying the latest trends and threats in information security. In this issue of our Security Watch Newsletter, we highlight some interesting news stories, discuss how to manage the administrator account, look at the report from Panda software on the increase in viruses and the report from the Anti-Phishing group on the increase in Phishing sites, Microsoft and corporate security, provide a guide for mobile users to protect their laptops, and provide details on how to improve the detection of SPAM emails.

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

NEWS
BH Consulting Updates Corporate Responsibility and Community Programme Policy.
We at BH Consulting recognise that as a company we do not operate in a vacuum but are part of a larger community. In recognition of this, BH Consulting has put in place a Corporate Responsibility Policy and Community Programme to enable BH Consulting be a better corporate citixzen. Our community support programme is structured as follows;

At least 10% of the work carried out by BH Consulting during any fiscal year will be Pro Bono work for registered charities and educational establishments. All staff members are expected to partake in this programme. If you know of any suitable organisation that may be interested in facilitating of our programme please contact us.
BH Consulting has selected to support the following worthwhile charities:

Focus Ireland supporting the homeless throughout Ireland.

The Central Remedial Clinic, the national centre for the care, treatment and development of children and adults with physical and multiple disabilities.

Both charities do sterling work in helping those less fortunate than ourselves. BH Consulting will run a number of staff and customer events to raise funds for these charities. If you have found any items in our Security Watch Newsletter to be of use to you we ask you to make a donation to either of the above charities. No sum is too small and all is put to excellent use.

The Threat Landscape is Changing
The 9th Symantec Internet Threat Report and the McAfee Virtual Criminology Report gives us a very useful insight into how the external threats to our networks are changing. It is becoming increasingly obvious that criminals are becoming involved in computer crime. This change in motive for those attacking computer systems, profit rather than fame and bragging rights, means the attacks will become more sophisticated and harder to detect. We therefore need to ensure that our defences are deployed accordingly. A recent survey by the Irish Central Statistics Office on the state of information security in Irish Businesses shows that some companies may not appreciate the threat. Some key points I picked out;

8% of companies have no computer security. How many of these companies do you do business with and how are they protecting whatever private information you have given them?
33% of companies with 10 or more employees do not have firewalls installed. Of the other 66%, it would be interesting to see how many of those firewalls are configured properly and updated regularly.
13% of companies have no anti-virus software installed. How many of the other 87% regularly update their anti-virus software?

A survey in the UK shows that half of the SMEs surveyed expect a security breach in the coming year, with one in five admitting to having had a security incident.

Finally, research at the SANS Institute shows an unprotected Windows XP computer has a 20 minute survival time on the Internet. In some cases this is less time for it to take to purchase and download the latest anti-virus software. Further to this the Canadian Broadcasting Corporation conducted an interesting experiment to see if the above findings were true. This video shows their results. The Canadian Broadcasting Company also provide a guide on how to protect yourself online available here. SANs also published their Windows XP: Surviving the First Day guidelines on how to ensure the safety of your PC.

Mac Under Attack
The following is a series of articles relating to MAC security. Interesting to see the focus on security increasing on the MAC platform as it becomes more popular. Still it will be a long time before it is as popular a target as Microsoft, but Mac users still shouldn't be complacent. The old adage "security through obscurity is no security" comes to mind

Mac OS X patch faces scrutiny
http://zdnet.com.au/news/security/soa/Mac_OS_X_patch_faces_scrutiny/0,2000061744,39242168,00.htm
http://news.zdnet.co.uk/internet/security/0,39020375,39256044,00.htm

Mac OS X flaw raises serious concerns
http://zdnet.com.au/news/security/soa/Mac_OS_X_flaw_raises_serious_concerns/0,2000061744,39241951,00.htm

Apple OS X security withstands hacking contest
http://www.vnunet.com/vnunet/news/2151531/apple-security-withstands
http://software.silicon.com/security/0,39024655,39157042,00.htm

Theme for Global Security Week 2006 Launched
This year the theme for Global Security Week is Identity Theft. There are plans to have numerous events happening worldwide to make individuals and companies aware of the threats posed by Identity Theft and how to protect yourself and your company from becoming a victim of this fast growing crime. The US Treasury Department in a recent report says that cyber crime has now outgrown illegal drug sales in annual proceeds, netting an estimated $105 billion in 2004. Global Security Week is one way to help combat this lucrative area of crime.

Global Security Week Ireland will host an event on Identity Theft during this years Global Security Week. Details of this event will be posted here and on the Global Security Week website when details have been finalised.

If you wish to participate in Global Security Week or require more information on this worthwhile initiative, please visit the Global Security Week website or contact us for further information.

Global Security Week is running a competition to find a suitable logo for 2006. The logo should ideally be a distinctive square or circular image that will normally be used on the web at about 150 to 200 pixels wide but should remain recognizable if shrunk down to less than 100 pixels wide.

The logo should be distinctive and reflect the ideals of Global Security Week. Specifically for 2006, the central theme is identity theft so something related to ID theft would be likely to catch the judges’ eyes. More information on this competition is available at the Global Security Week Logo Competition Web Page.

BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we have updated our range of whitepapers and the following is now available for download free from our white papers page;

Presentation on "An Overview of SPAM" (252 KB)

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

Administering the Administrators
In many organisations there are multiple network administrators that either do not need or should not have access to network resources that are not meant to be under their control. This limitation is good practice to help protect data and... Click Here for more info

Why You Should Disable the Administrator Account
Managing the built-in administrator account often causes problems for IT teams, especially the account BUILTIN\Administrator, also known as NT AUTHORITY\Administrator, the account with relative identifier (RID) 500. This account exists by default... Click Here for more info

Over 45,000 New Malware Threats Discovered in 2005
According to Panda Software, in 2005 more than 123 new malware threats were discovered every day. The company said that in total more than 45,000 thousand new malware threats were discovered last year. The figures represent a 240 percent... Click Here for more info

How To Nip A Little More Spam in The Bud
Most spam filtering systems do a good job of tagging spam, but many can be tweaked for better detection rates and better performance. Recently a security expert ran a test on more than 254,000 email messages to see which filters work... Click Here for more info

Phishing Sites Increase Significantly in December 2005
The Anti-Phishing Working Group (APWG) published its Phishing Activity Trends Report for December 2005. According to data gathered by the group, over 7,197 new phishing sites were created in December 2005 and the group recorded 15,244 unique... Click Here for more info

FREE SECURITY SCAN
In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan.

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting. If you have found this issue to be of use please support drive to raise funds for Focus Ireland.
Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here. To unsubscribe click here