Featuring research by SophosLabs
A close inspection of Blackhole reveals just how sophisticated malware authors have become. Blackhole is now the world’s most popular and notorious malware exploit kit. It combines remarkable technical dexterity with a business model that could have come straight from a Harvard Business School MBA case study. And, barring a takedown by law enforcement, security vendors and IT organizations are likely to be battling it for years to come.
An exploit kit is a pre-packaged software tool that can be used on a malicious web server to sneak malware onto your computers without you realizing it. By identifying and making use of vulnerabilities (bugs or security holes) in software running on your computer, an exploit kit can automatically pull off what’s called a drive-by install. This is where the content of web page tricks software—such as your browser, PDF reader or other online content viewer—into downloading and running malware silently, without producing any of the warnings or dialogs you would usually expect. Like other exploit kits, Blackhole can be used to deliver a wide variety of payloads. Its authors profit by delivering payloads for others, and they have delivered everything from fake antivirus and ransomware to Zeus and the infamous TDSS and ZeroAccess rootkits. Blackhole can attack Windows, OS X, and Linux. It is an equal opportunity victimizer.
Ask us how we can set you up with KineticD Cloud Backup!!
KineticCloud Backup has been built with the highest level of security in mind every step of the way.
Secure Bank Grade Encryption
Your files are protected using 448 bit Blowfish Encryption before they leave your PC, Mac or server system. This extremely secure bank-grade encryption algorithm has never been cracked.
Your files are then stored in this encrypted state at our SSAE 16 certified secure data center.
Further Protection with Individual Data Security
With KineticCloud Backup, each user gets his or her own individual account and password. This is significant because it means that each user also gets a unique encryption key. This encryption key ensures that while your data is securely stored at our data center, only you have access to your data. In fact, even our most privileged systems administrators do not have the ability to access your data.
Password Security that is Second to None
Great lengths are taken in our system to ensure your password remains a secret. A few examples:
- Your password security practices have been modeled after premiere online banking web sites.
- Your password is encrypted before it is stored in our database. At no point is an administrator able to retrieve your password, nor does an administrator have the ability to set your password to a known value.
- When you activate your account, you are required to choose a password and set up a security question. If you forget your password or repeatedly try to log in with an incorrect password, the system will lock you out after a few attempts. You may then reset your password by correctly answering your security question.
- if you incorrectly answer your security question, you are again locked out after a few attempts. In the unlikely event that you forget your password and the answer to your security question, you must contact KineticD Support directly for manual identity verification.
Secure SSAE 16 Certified Data Center
Your data is securely stored in KineticD’s Carrier Grade SSAE 16 data center. KineticD’s all Cisco-based switched network employs redundant Internet providers, redundant routers and redundant firewalls. KineticD uses BGP and HSRP protocols to implement fail-over and redundancy. Even during the big blackout of August 2003 KineticD’s data center was up and running without any service interruption to our customers.
KineticD uses only Carrier Grade computer hardware from major manufacturers to store your data. There are no – clones in KineticD’s data center. All systems operate on redundant power. Servers have dual power supplies fed from separate electrical panels. The facility includes triple redundant diesel generators, dual redundant UPSs, the latest fire suppression equipment, and 24/7/365 guards on-site.
When your data is stored on KineticD’s servers, it is written to RAID 6 disk arrays (including hot spare drives). Each storage server is then replicated in real time to a second RAID 6 storage server for backup. Every precaution is taken to protect the integrity of your data.
There are two key things to know about KineticD’s data center: your data is safe from crashes, and your data is safe from hackers.
More Reasons to Trust KineticD™ End-to-End Verification
As each file is transferred to KineticD’s data center, we carefully verify its integrity against a known CRC signature. Files are re-verified each time they are written to disk. If any file fails verification, it is retransmitted from your system or recovered from the replication server. This ensures that the data stored on our servers is the same data that was stored on your system.
Secure Protocol
The KineticCloud Backup software communicates with our servers over a proprietary protocol that was designed specifically for online backup. Other online backup products that use popular web protocols like HTTP, FTP or WebDav can be vulnerable to hacker and virus attacks. The extreme popularity of these protocols makes them a target. It is extremely unlikely that a hacker is going to invest the time and effort to go after a proprietary protocol. Even if they did, the 448 bit Blowfish Encryption has never been cracked.
Firewalls
To maximize compatibility with home and corporate firewalls, the protocol used by our lightweight online backup software was designed to look to a firewall just like the SSL protocol used in web browsers. This means that if you are able to access our web site, you will be able to connect with our backup software.
More specifically, the KineticCloud Backup software runs on port 443 and mimics SSL’s handshaking protocol. Almost all firewalls will pass KineticD’s backup traffic without reconfiguration. KineticD also supports the use of proxy servers. Our web browser interface also uses generic HTTP and HTTPS on ports 80 and 443.
Corporate Remote Access Policy
What your IT Administrator needs to know:
Many organizations have a policy to control access to their data from outside of the organization. VPNs and Firewalls are generally used to control this, but become ineffective when the data is stored offsite. The same features that empower a laptop user to backup and restore his or her data while on the road may violate corporate information policy.
KineticCloud Backup includes the ability to restrict data access to only specific IP addresses. A Corporate Administrator can define the IP address ranges of their firewalls and access points. Once the definitions are in place, users can only access the data from the allowed locations.
If you consider the risks to which your data could be exposed on your computer- everything from hardware damage to hackers – it’s not hard to see that your valuable data is actually better protected by the multiple levels of security and safeguards listed above.
All-in-One Cloud Storage Gateways
CTERA’s cloud storage gateways are hybrid appliances that seamlessly combine local storage, cloud storage, data protection functionality and collaboration capabilities in a single, cost-effective package. Ideal for SMBs as well as enterprise branches and remote offices, CTERA’s appliances can replace legacy file servers and tape backup in a single solution with significant cost savings.
The appliances feature a full set of Network Attached Storage (NAS) capabilities and comprehensive backup functionality, utilizing on-premises storage capabilities for speed and local sharing, while taking advantage of cloud storage for off-site backup, universal access, file sharing, and folder synchronization.
The On-Ramp to Cloud Storage
CTERA cloud storage gateways enable selective replication of data to the cloud providing full control over cloud storage use and costs, while making it possible to access files, share them and restore them directly from the cloud.
Comprehensive Data Protection
With the included CTERA backup software and managed agents, the CTERA cloud storage gateways provide a highly cost-effective and comprehensive solution for server, desktop and laptop backup. Key features include:
- Automated scheduled local & cloud backup
- Selective file backup and “bare metal” disk-level backup
- Bandwidth optimized cloud backup with block-level de-duplication
- Application-aware backup for Microsoft Exchange, SQL Server and Active Directory
Robust NAS Capabilities
CTERA appliances provide a rich set of storage capabilities with enterprise-level security and management features:
- RAID for redundancy in case of disk failure (available on the C200, C400 and C800)
- CIFS, NFS and AFP (Apple Filing Protocol) for network file sharing and folder synchronization
- User quotas and role-based user management
- Thin-provisioned snapshots with Next3
- Active Directory integration
- Web access using DDNS and WebDAV (via CTERA Portal)
Centralized Management
CTERA cloud storage gateways can be managed remotely via CTERA Portal. Template-based management and remote firmware upgrades make it possible to manage numerous appliances while maintaining minimal on-site IT and reducing total cost of ownership.
Microsoft has beaten Apple and Google to the acquisition of R2 Studios, a small home entertainment technology startup from the founder of Sling Media. R2 is famous for an Android app that allows users to control things like lighting and appliances throughout their homes, and its thought the company’s technology will help Microsoft push its Xbox console even further into home entertainment.
People familiar with the matter have today confirmed the deal to The Wall Street Journal, though the price of the acquisition could not be established.
R2 Studios was founded by Blake Kirkorian, the entrepreneur behind Sling Media, the creator of Slingbox. Krikorian will be joining Microsoft in Redmond, Washington, along with a small team. In addition to the company, Microsoft also acquired some patents owned by R2 that are related to controlling electronic devices.
R2 has previously been in talks with both Apple and Google over an acquisition, according to the sources, but it seems Microsoft was first to pull out its check book.
The move follows Microsoft push to make its Xbox 360 a primary source of home entertainment — not just a games console — and it’s likely to boost that mission even further. And with the Xbox 720 expected to get its grand unveiling at E3 later this years, who knows what R2’s technology could bring to the next-generation console.
Microsoft is releasing Windows 8, the newest version of the Windows operating system, for general availability on October 26. Although Windows 8 offers enhanced security features, it also raises new security concerns because of changes to the graphical user interface and a new online app store. We’re offering the following eight security tips to help you stay secure as you move to Windows 8.
1. Exercise caution with apps for the new Windows 8 user interface (formerly known as Metro)
Some familiar applications have been completely re-written for the new Windows 8 UI. As a result they may work completely differently, despite looking the same. For example, an application historically delivered as an executable could now be entirely web-based. This impacts the visibility your existing security and monitoring tools have into these apps.
2. Use the Windows 8 style UI version of Internet Explorer
By default, plugins are disabled, blocking a major target for exploit kits and Blackhole attacks.
3. Make sure your security vendor can flag malicious Windows 8 UI apps
Windows 8 UI apps have important differences from regular applications, and your security product should be able to distinguish the two. The security product should correctly flag malicious or modified Windows 8 UI applications (tampered, modified, invalid license).
4. Disable hard drive encryption hibernation
Hard drive encryption is a cornerstone of data protection. If possible, disable the hibernation option in Windows 8 through group policy, as it doesn’t always work well with encryption.
5. Make sure your hardware carries the “Designed for Windows 8” logo
To carry this logo, hardware must be UEFI compliant. This means you can take advantage of the secure boot functionality available in Windows 8. Secure boot is designed to ensure the pre-OS environment is secure in order to minimize the risk from boot loader attacks.
6. Make application control a priority
The Windows 8 app store makes application control increasingly important for both malware prevention and productivity control. While the Windows Store will be secured, history shows that malicious apps are likely to slip through. Disable the use of apps that aren’t relevant to your organization.
7. Treat Windows RT (ARM) devices like any other mobile devices
Make sure you impose the same security levels on Windows RT devices as all others. You should have the ability to control, track, remote wipe and encrypt them.
8. Review application permissions in the Windows Store
Applications in the Windows Store must list any resources they require. Carefully review these permissions in the details tab as some will grant access by default to your location information, calendar, etc.
You should still run a full security suite for superior filtering and centralized management and reporting. While Microsoft has included a minimalist antivirus and firewall, most organizations will still require commercial-grade security. And of course, all the old security rules also apply with Window 8. It’s still a bad idea to allow automatic log-on. Above all, remain vigilant.
By Vanja Svajcer, Principal Researcher, SophosLabs
Malicious software—commonly referred to as “malware”—mainly targets desktop PCs. But cybercriminals are increasingly setting their sights on smartphones and other mobile devices. In spite of preventative measures like Apple’s walled garden and Google’s Bouncer application for Android, malware impacts both iOS and Android platforms. This paper includes step-by-step, platform-specific policies and strategies you can employ to protect your data and keep mobile devices safe from the malware writers determined to break into them.
The smartphone as emerging threat vector
With mobile subscriptions totaling 6 billion by the end of 2011, one thing remains very clear. Mobile devices are rapidly replacing the personal computer at home and in the workplace. We rely on smartphones and tablets for everything Internet-related in our lives, from web surfing to ecommerce transactions to online banking.
Because of our increasing reliance on mobile devices, they represent an emerging threat vector ready to be exploited by cybercriminals. They are also open to new classes of attack. For example, criminals often use malicious mobile apps to send text messages to premium mobile phone numbers, racking up unauthorized charges.
We can expect the threat vector to increase exponentially as mobile devices are used more frequently to make payments. In August 2012, rival U.S. coffee chains Starbucks and Dunkin Donuts3 began accepting mobile payments via iOS and Android-enabled mobile devices. Starbucks’ mobile payment solution makes use of digital wallets,technology that allows businesses to accept secure mobile transactions and deliver offers, coupons, rewards, and receipts to customers’ smartphones.
These announcements will undoubtedly accelerate the daily use of digital wallets and other forms of mobile payment. They will also act as a magnet for malicious malware writers.
The business of cybercrime
We used to imagine malware coming from loosely knit groups of hackers walled up in non-descript offices, spending their days pinging websites in search of vulnerabilities to exploit. Today the purpose of nearly all malware is to make money for cybercriminals. Over the last 10 years the creation of malware has evolved into an organized international criminal enterprise.
In an August 2012 article in InfoWorld,
IT security writer Roger Grimes pointed out that cybercrime syndicates are recruiting amateur hackers and coders to sign on as full-time employees of their increasingly professional organizations. These criminal operations now have HR departments and project management teams. The goal of these multi-level, service-oriented syndicates is no longer political hacktivism or carrying out denial-of-service (DoS) attacks. Their mission is to steal money and intellectual property from individuals and businesses.
At the heart of these organizations are what Grimes called “malware mercenaries”—malware writers who work daily to turn out malware intended to bypass security measures, attack specific customers and achieve specific outcomes. And like the independent malware creators of the past, these criminal organizations continue to sell their malware on the open market in fierce bidding forums.
Currently cybercriminals are developing malware to specifically target mobile devices. There are two prominent ways the criminals use malware to make money from unsuspecting mobile device users: banking malware and premium-rate SMS fraud.
Banking malware
Fraudsters have built a highly specialized industry around capturing authentication information used to access online financial institutions. Their attacks initially relied on simple key-logging software to capture your username and password. But evolving techniques have led to an advanced cat-and-mouse game between criminals and banks.
Malicious mobile software such as Spyeye and Zeus (aka, Spitmo and Zitmo) attack users that visit a website set up by malware writers, their sponsors, or their partners. If the user visiting the malicious site is using a Windows-based web browser, the site serves the Windows version of malware. If the user visits a malicious website from a mobile browser, the malware serves up mobile versions of Zeus or Spyeye.
In either case the website has the ability to identify the platform you’re using to access that website. For users of the Android platform, the malicious website will serve an Android package (APK file). This app is designed to steal the mobile transaction authentication numbers (mTANs) associated with a banking transaction. MTANs are temporary passwords users receive from their banks via SMS message.
Zeus intercepts all incoming SMS messages and transmits them to either a website or phone number controlled by the attacker. Zeus also allows the attacker to control malware settings using HTTP requests or SMS messages. For example, by sending a specifically formatted SMS message, the attacker can change the destination number of forwarded SMS messages such as those from a bank. Zeus also targets devices running other mobile operating systems such as BlackBerry OS.
Premium-rate SMS fraud
Rather than ask you for your credit card or attempt to withdraw money directly from your bank account, many mobile phone malware authors use premium-rate SMS services to make money.
Once installed, a malicious application disguised as a pirated app for your Android may come with a little something extra, a module that will start sending SMS messages to premium rate numbers at your expense.
For more information on premium-rate SMS fraud, download the whitepaper Exposing the Money Behind the Malware.
Why iOS is safer than Android
Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. However, the relative vulnerability of Android vs. iOS comes down to the level of control the vendors have over products and the marketplace for development and distribution of apps.
Mobile malware writers know the best way to infect as many devices as possible is to attack central application markets. The cybercriminals plant applications that include hidden (obfuscated) malicious functionality in an attempt to avoid detection included in the vendor’s application vetting process (e.g., Google Bouncer).
In 2011 alone, Google removed more than 100 malicious applications from its app store. Google discovered 50 applications infected by a single piece of malware known as Droid Dream, which had the capability to compromise personal data. However, Google hasn’t always acted in a timely manner to prevent infections. Users downloaded one harmful app more than 260,000 times before the company removed it from the app market.
Apple and iOS
Apple’s walled garden App Store—where applications are fully vetted before being made available to customers—has prevented widespread malware infection of iOS users. As a centralized point of distribution, the App Store provides users with confidence that the apps they download have been tested and validated by Apple.
Evidence of malicious malware showing up in the App Store is anecdotal at best, as Apple does not typically volunteer such information. However, it’s safe to assume that since Apple does not make APIs available to developers, the iOS operating system has fewer vulnerabilities.
However, iOS isn’t 100% invulnerable. Take the tale of Charlie Miller, a security researcher who deliberately created a suspicious application and submitted it to Apple. Apple initially approved the application, which uncovered a bug in iOS. As soon as Apple discovered that the application was suspicious, the company suspended Charlie’s developer account for one year.
Google and Android
Like Apple, Google provides a centralized market for mobile applications called Google Play. However, that is offset by the Android’s ability to install apps from third-party sources. Some are well-known and reputable such as Amazon. Others are not, and originate from malware hotspots in Russia and China. The criminal developers deconstruct and decompile popular apps like Angry Birds, and publish malicious versions and make them available for free.
One alternative market for these “cracked” or “cloned” applications is Blackmart, and the apps cracked for that market are known as PJApps. Tools used to crack legitimate applications allow the mobile malware writers to repackage popular applications and add their own functionality. Repackaged apps will typically include some potentially unwanted pieces, such as advertising frameworks or malicious capabilities.
Another family of Android-specific malware reported to Sophos is known as DroidSheep, a tool used by hackers to listen to network traffic and gain access to online accounts of popular websites. Attackers running DroidSheep can impersonate victims’ accounts and gain access to sites not using a secure connection. DroidSheep allows the attacker to sniff wireless network traffic and steal authentication tokens, which the attacker can then use to impersonate someone else. Popular sites such as Yahoo, Google, and Facebook support HTTPS connections, which a tool like DroidSheep cannot infiltrate.
The most prolific family of Android malware is known as Boxer. In April 2012, when the popular photo sharing application Instagram was released on the Android platform, mobile malware writers immediately took notice. The malware creators copied the contents of the Instagram site and created a fake, malicious counterpart complete with rogue applications. Once installed, the app sends SMS messages to premium-rate services, concentrated mostly in Eastern European countries like Russia, Ukraine and Kazakhstan. In the process, cybercriminals earn a fast and tidy commission at the expense of users.
Mobile malware by the numbers
The prolific nature of threats—especially on the Android platform—continues to increase. In 2011 SophosLabs observed 81 times more Android malware than in 2010—an 8,000% leap. In 2012 SophosLabs has already seen 41 times more malware than in all of 2011—a growth rate of nearly 4,100%.
10 tips to prevent mobile malware
Now that we’ve identified the causes and challenges associated with mobile malware, how do you prevent it? By taking back control of your devices and their applications.
Here are 10 tips for securing your mobile users and preventing mobile malware infections.
1. Inform users about mobile risks
A mobile device is a computer and should be protected like one. Users must recognize that applications or games could be malicious, and always consider the source. A good rule of thumb: if an app is asking for more than what it needs to do its job, you shouldn’t install it.
2. Consider the security of over-the-air networks used to access company data
Generally speaking, over-the-air (i.e., Wi-Fi) networks are insecure. For example, if a user is accessing corporate data using a free Wi-Fi connection at an airport, the data may be exposed to malicious users sniffing the wireless traffic on the same access point. Companies must develop acceptable use policies, provide VPN technology, and require that users connect through these secure tunnels.
3. Establish and enforce bring-your-own-device (BYOD) policies
BYOD should be a win-win for users and companies, but it can result in additional risk. Ask yourself: How do I control a user-owned and managed device that requires access to my corporate network? Employees are often the best defense against the theft of sensitive data. Employees using their own mobile devices must follow policies that keep the business compliant with regulatory requirements.
4. Prevent jailbreaking
Jailbreaking is the process of removing the security limitations imposed by the operating system vendor. To “jailbreak” or to “root” means to gain full access to the operating system and features. This also means breaking the security model and allowing all apps, including malicious ones, to access the data owned by other applications. In brief, you never want to have root-enabled devices in your company.
5. Keep device operating systems up to date
This sounds easier than it actually is. In the Android ecosystem, updates can be blocked a number of ways: by Google (which updates the operating system); by the handset manufacturer (which may decide to release updates only for the latest models); or by the mobile provider (which may not increase bandwidth on their network to support updates). Without the ability to update your Android OS, your device is vulnerable to potential exploits. Research mobile providers and handset manufacturers to know which ones apply updates and which don’t.
6. Encrypt your devices
The risk of losing a device is still higher than the risk of malware infection. Protecting your devices by fully encrypting the device makes it incredibly difficult for someone to break in and steal the data. Setting a strong password for the device, as well as for the SIM card, is a must.
7. Mobile security policies should fit into your overall security framework
IT needs to strike a balance between user freedom and the manageability of the IT environment. If a device does not comply with security policies, it should not be allowed to connect to the corporate network and access corporate data. IT departments need to communicate which devices are allowed. And you should enforce your security policy by using mobile device management tools.
8. Install apps from trusted sources; consider building an enterprise app store
You should only permit the installation of apps from trusted sources, such as Google Play and Apple App Store. However, companies should also consider building enterprise application stores to distribute corporate custom apps and sanctioned consumer apps. Your chosen security vendor can help set up an app store and advise which applications are safe.
9. Provide cloud-sharing alternatives
Mobile users want to store data they can access from any device, and they may use services without the approval of IT. Businesses should consider building a secure cloud-based storage service to accommodate users in a secure way.
10. Encourage users to install anti-malware on their devices
Although malware exists for iOS and BlackBerry, those operating system interfaces don’t support anti-malware. However, the risk of infection is highest for Android, where security software is already available. Make sure all your Android devices are protected by anti-malware software.
Sophos Mobile Control
Mobile device management (MDM) for enhanced usability, better protection
Sophos Mobile Control 2.5
gives you a wide range of tools to keep mobile devices from becoming a threat to your business. Your users are asking to use their own smartphones and tablets, so we’re helping you say yes to BYOD. We’ve improved the usability of our solution and provide new features, giving you all the data you need at a glance.
Get your users up and running faster
We let you use the groups you already have in Active Directory. For example, you can automatically assign newly registered devices in SMC and apply the appropriate policies to them. This helps you to get your users set up and ready to go to work in less time.
Fewer clicks to get more done
As an administrator, you don’t want managing mobile devices to take up too much of your time. We empower you to work faster with improved workflows and provide data on the inventory as pie charts, so you can see the current status at a glance.
Know you’re compliant and stay that way
As mobile technology constantly changes, you need to be sure that devices stay compliant. Our improved compliance check not only runs more tests, but allows you to decide how serious a compliance breach is. Set it to inform the user or apply the risk mitigation actions you see fit.
Distribute and control apps and data
We now support iOS managed apps. So you can push apps—from the App Store or those developed in-house—right to your iOS users. You can securely remove managed apps and the data they contain, if your user leaves the company or the device becomes non-compliant.
Independent professionals and small businesses have to do more with less. It’s about staying close to your customers, focusing on your business differentiators, and being more agile than competitors. Microsoft® Office 365 can help you achieve those goals with low upfront costs, rich features, a familiar Microsoft Office experience, and guaranteed 99.9 percent uptime. Of course, Google also has online productivity offerings that are within reach of small businesses. So, why should small businesses choose Office 365 over Google Apps? The full white paper discusses the following 10 reasons in greater detail:
1
|
Office 365 values your security and privacy. |
|
6
|
Office 365 is simple to set up and use. |
|
Office 365 is built from the ground up with security and privacy in mind. No Office 365 services are supported by advertising—and there is no risk that your information will be scanned for ad targeting. |
|
Office 365 is designed for professionals and small businesses to get started right away. If these businesses don’t have in-house IT staff, no problem! Setting up new users and their permission levels is a snap. |
2
|
Office 365 is available when you need it. |
7
|
Office 365 is flexible. |
|
With Office 365 you’re not tied down to an Internet connection. Whether you’re online or offline, whether you are using a PC, mobile device, or browser, you can get work done virtually anytime, anywhere. |
|
With Microsoft, you can choose a cloud-based solution, an on-premises solution, or a hybrid of the two to meet specific operational or security requirements. Microsoft has one of the world’s largest partner ecosystems to help you get exactly the solution you need. |
3
|
Office 365 is effective and efficient. |
8
|
Office 365 is financially-backed. |
|
Office 365 services work together to deliver a seamless experience. Communicate with instant messaging, real-time presence, video conferencing, and desktop sharing— accessible right from familiar Office applications. |
|
Office 365 comes with a 99.9 percent service level agreement (SLA) and gives customers financial credit if the SLA is not met. Our SLA covers the entire solution, not just “core” services. Microsoft has a proven track record of enterprise-class availability, and you can count on us to be responsive when unexpected downtime occurs. |
4
|
Office 365 lets you be productive NOW. |
9
|
Office 365 means no surprises. |
|
If you have used Microsoft Office, you can use Office 365 with virtually no training. Whatever your experience, Office 365 is straightforward, yet offers all the features power users expect. |
|
With a clear technology and feature roadmap, and advance notice for significant updates, Office 365 gives you the predictability you need to make confident business decisions. |
5
|
Office 365 is the professional choice. |
10
|
Office 365 delivers help when you need it. |
|
With Office 365, you can get the benefits of cloud computing while using the same productivity tools as your customers and partners. The fidelity of your documents is preserved across devices (PC, browser, and phone) and will look as expected to the recipients. |
|
All Office 365 plans include access to moderated community forums, where you can find the answer to virtually any question you might have. Access to 24/7 phone support is also available with many plans.
|
Technology professionals who work in and around SMBs know that sometimes bringing up information security in a smaller IT shop can be a tough sell. In many cases, SMBs feel that they don’t present an attractive or large enough target for hackers to be interested in them.
For example, a small community bank or credit union might believe that only a large bank needs to worry about fraud; a small local retailer might think only the big chains need to worry about security.
In practice, nothing could be farther from the truth.
Not only are SMBs actively attacked, they’re also in some categories attacked more often (or at least more successfully) than their larger counterparts.
On the Contrary
The Verizon 2012 Data Breach Investigations Report for example found that not only are SMBs — organizations with fewer than 1,000 employees — more often the victim of attacks generally, but they’re also overwhelmingly the victims of untargeted attacks or are targets of opportunity.
“Large-scale automated attacks are opportunistically attacking small to medium businesses” in significant numbers, the report says.
The point is, SMBs get attacked — and more often than you might think — which means they need to worry about security just as much as larger firms. Challenges abound, however: SMBs might have fewer technology staff than larger organizations, they may also find that getting budget for security tools isn’t always easy, and the inaccurate perception of reduced need makes business cases for specialized tools hard to pull off.
One Answer
Enter open source and community supported security software. In many cases, open source security software can fill the gap when funding for heavy, commercially supported, closed-source security tools is hard to come by. For SMBs, having a few open source security tools in their back pocket to meet specific security challenges can be a godsend. Because the tools are free (as in beer), they’re relatively easy to get pushed out without the need to go through a purchasing cycle — and because they’re popularly adopted and focused in scope, they can often be deployed without significant staff overhead.
I’ve put together a “short list” of open source and community-supported security tools for just these situations. These aren’t the only open source security tools out there; however, the tools in this list are easy to deploy, fill needs that most SMBs have, and are widely adopted enough to have staying power over a long deployment cycle.
1. ClamAV antivirus
Many organizations will already have selected and deployed an antivirus product for use on managed endpoints. However, having an open source alternative at the ready can be advantageous — for example, in situations where coverage needs to be expanded quickly (e.g. the virtual environment) or when additional protection is required over and above a commercial tool. In these cases, ClamAV and the Windows equivalent, “Immunet 3.0, powered by ClamAV” provide low-cost malware detection and removal capability.
2. WiKID strong authentication
Strong multi-factor authentication doesn’t usually come cheap, but for organizations that need enhanced authentication to resources — for example, organizations that process credit cards and therefore need to comply with PCI-DSS (Payment Card Industry Data Security Standard) authentication requirements or organizations that just want to ensure enhanced security for remote access — having a low-cost option on the table can be helpful. For this purpose, the WiKID strong authentication community edition can fit the bill quite nicely. Implementation is fairly straightforward, but depending on how you wish to employ it, you may find freeradius (an open source RADIUS server) a valuable complementary solution.
3. TrueCrypt file encryption
Encryption of data when it leaves the perimeter of the organization has a number of benefits — for example, safe harbor under many breach disclosure laws. However, commercial tools that provide this functionality can be expensive to license and — depending on the population of devices you wish to support — can be a significant effort to roll out. Newer versions of Windows support encryption of files natively (e.g. BitLocker) but only in certain versions and only on newer iterations of the OS. TrueCrypt provides that same functionality — on-access, transparent encryption of bulk storage — across a wide array of operating systems and file systems.
4. Snort intrusion detection
As an enterprise grows, networking requirements grow more complex and interconnections increase and get more complicated. SMBs often feel this pain most acutely: The network is large enough that administrators can no longer whiteboard out every interconnection, but it’s still small enough that a massive rearchitecture is still a long way off. As a result, automated security monitoring can be particularly important — for example, by leveraging intrusion detection to provide alerting to attacker activity. Snort provides intrusion detection capability every bit as sophisticated as commercial counterparts. Note, however, that rules are distributed separately and the most current rules from SourceFire, the owner of Snort, require a paid license. However, they are released to registered users after a period of time and free alternative rules are also available through other channels.
5. Kismet wireless
Just like larger firms, keeping tabs on the wireless (802.11) ecosystem in the SMB is good security practice. Monitoring for rogue access points and ensuring that client stations are appropriately configured keeps the wireless network operating efficiently and securely. The open source Kismet wireless intrusion detection and “sniffing” tool can flag new access points and monitor for insecure configurations. The downside? It doesn’t “do” Windows (it’s designed for use under BSD/Linux/OS X). However, it runs just fine on older hardware that might be on its way to the recycler anyway.
Having these tools in your back pocket for use in the SMB can provide real value to help bolster your SMB’s security stance. It bears repeating that these aren’t the only open source security tools — there are literally hundreds available that we didn’t cover — or even the best tools, necessarily (though one wonders how you would judge such a thing). However, these few meet real security needs that SMBs have, they’re easy to deploy, and they’ve got huge community backing so there’s plenty of support to help with installation and troubleshooting should issues be encountered along the way.
Cloud computing can give you an agile, efficient IT infrastructure that responds quickly and flexibly to changing demands. Create Pools of Shared Computing and Storage Resources Cloud computing virtually pools resources and provides them as a service shared by many applications. When you need resources, you provision them from the pool, use them as long as you need them and, typically, pay for them based on usage. When you no longer need the resources, you return them to the pool, where they can be used by other applications. With this flexibility and scalability for your applications, cloud computing can help your IT organization respond faster to the needs of your business while increasing the efficiency of your operations. In addition, cloud computing helps your IT organization free up trapped resources that can be redirected to support innovative projects that move your business forward. Cloud computing models help you shift resources out of operations and maintenance, and into new projects that keep your business competitive.
Contact Us for more Info!
Understand Servers Better
Is your business missing something important?
The demands of running your business may prevent you from keeping up with the technologies that could help you run your business even better.
Servers are a good example. Chances are you’ve heard enough about their benefits but haven’t found time to do any research. Are you missing something important? Could a server benefit your business? Use this primer to quickly learn what servers are all about and the value they offer businesses like yours.
Server and Server Software Basics
A server is a heavy-duty computer that contains files and resources that are “served to” or shared with other computers over a network.
If you surf the Web, you’ve had experience with servers. Each time you sit at your computer and request Web pages, you request them over a network (called the Internet) from a Web server. The Web server then “serves” the Web page files to your computer, where your browser turns them into the Web pages.
Web servers are only one type of server, but this is basically how servers operate, including the one you might add to your office.
Servers typically function as the hub of a network of connected computers where they process requests from those computers. This arrangement is commonly referred to as a “client/server network.” Client simply means any computer that can connect to a server and use the resources it controls — such as Web page or other files, a connection to a printer, Internet access or even e-mail.
Some small businesses use peer-to-peer networks instead of a client/server network because they are easy and inexpensive to set up. As the name implies, all of the computers in a peer-to-peer network are equals. Users within peer-to-peer networks control their own desktop settings and security and decide when, how and with whom to share resources contained on their computers. Where client computers in a client/server network are connected to the server by cables or wireless connections, computers within a peer-to-peer network are connected to each other by cables or wireless connections.
Why opt for a client/server network when the alternative is cheaper and easier to set up? There are a number of reasons a small business might choose to use a server, including the following:
• Important data is kept all in one place where you can better control and protect it
• Data is protected by stronger security tools, reducing the threat from hackers
• Data can be more easily backed up and restored
• You can centralise management of your entire IT system
• You can reduce costs, since resources such as printers, faxes and Internet connections can be shared
• Workplace productivity shows an overall increase
While most folks envision a machine when they talk about servers, server software is what really makes a server a server. Server software enables the server to perform the functions you need it to — such as organising and processing data, controlling access to files and resources, making your network operate efficiently, and managing backups.
Note also that you can run more than one type of server software on a single computer.
Different Types of Servers
We already mentioned Web servers. But there are a number of types of servers, classified according to the specific work they do. Examples include:
File servers: A business that handles an enormous number of documents may use a file server to house them all in a central location, creating a kind of document library. When users want a file, they basically check out the whole file from the file server, work on it locally at their desktop, and then check it back in.
Print servers: As you might guess, a print server provides access to one or more printers. Sometimes the same server functions as a file server and a print server.
Application servers: Like a file server, an application server is an information repository. It may, for example, store databases. But unlike a file server, an application server can process information to deliver only the specific data the user/client requests.
Mail servers: A mail server acts as a network post office for message handling and storage, delivering e-mail to client PCs or holding it for remote users to access at their convenience.
There are also fax servers, communications servers, backup servers and more. The challenge is identifying what you need to make your business operate more efficiently — and then identifying server software with the features and capabilities that can do the job.
A Server for Small Businesses
It used to be that servers were only associated with large enterprises, and in fact, some of the dedicated, task-specific servers mentioned above are probably most appropriate for larger operations.
But more and more small businesses — even those with five or fewer PCs — are choosing server-based networks to streamline operations and gain efficiencies. Being able to manage security and protect vital business data in a controlled manner is another key impetus for small business owners and managers to deploy a server-based network.
Microsoft has produced server software specifically for small business use — Windows Small Business Server 2003 (SBS 2003). In addition to offering reliability and security, here are some of the key features in SBS 2003 that show the benefits a server can bring to your business.
E-mail, networking and Internet connectivity: With SBS 2003, you can share access to the Internet, send and deliver e-mail based on Exchange Server and Outlook 2003 technologies (included with SBS 2003), deploy a firewall to help protect your network, and provide remote access to information on your network.
Company intranet: Co-workers can share information in a collaborative environment with the pre-configured internal Web site – or intranet site – based on Windows SharePoint Services technology (also included with SBS 2003). On these sites you can create libraries of shared documents and post announcements, events and important links.
Remote access: With the Remote Web Workplace feature, workers who are out of the office can access e-mail and their remote desktops and administrators can manage the server remotely.
Mobility: Windows Mobile-based Smartphones and Pocket PCs integrate seamlessly with SBS 2003, so users can access e-mail, calendar and task information while away from the office.
Administration and management: SBS 2003 wizards simplify common or repetitive tasks and preconfigured management consoles provide the necessary tools to manage the network. Monitoring and reporting tools help reduce downtime by enabling administrators to respond quickly when issues arise.
Backup and restore: Allows even inexperienced administrators to develop a backup strategy, prepare complete backups and restore the entire server and all of the data that was backed up on it.
Now that you understand what a server can do, maybe you know the answer to the earlier question: Is my business missing something important?
← Older posts Newer posts →