Many of us wake up in the middle of the night in cold sweats thinking, do we really know what is happening within our network? This is normally after another story about how a large or small company was hacked and their data was stolen and strewn throughout the Internet. But then you resign yourself to the fact that your firewall will protect you and you go back to sleep.
Although your firewall is an indispensable part of your security posture, it isn’t the only way to protect yourself. Many people in the security industry describe security as an onion. It has multiple layers to protect you and give you time to find and fix the issue prior to something happening.
So while your firewall will protect you from bad people trying to get in, it is only as good as the rules that are configured. If you allow access to your wiki from the Internet, then your wiki is now available and can be hacked and potentially exploited. Even if it is properly secured there are always new vulnerabilities. So how do you protect against this?
There is nothing any business fears more than a complete collapse of its IT systems. The financial cost of such an outage can be great, and additionally retrieving the data and rebuilding the system into its former state is often an extremely time consuming and logistically complex proposition. Businesses have literally gone under due to such IT issues, and although this is something that many companies dread, often SMEs don’t have sufficient provisions in place to provide effective disaster recovery.
It is a basic facet of human psychology that we often assume that the best case scenario will occur, and nothing fundamentally will go wrong. This tendency is amplified in the case of disaster recovery, where providing satisfactory backup for a business can involve a certain financial outlay.
The battle between network security experts and hackers is an ever evolving and unending conflict. No matter how hard security experts attempt to keep Internet and computer users across the globe safe from harm, hackers are continually finding new ways of threatening personal data. This is becoming ever more complex given that the number of platforms which people are using to access the worldwide web, and consequently store personal data, continues to increase.
In accordance with this, here are three of the biggest network security issues that the world will face during 2015.
Worldwide issues, such as the recent Heartbleed bug, bring into focus the importance of Internet security. Of course, we have all heard scare stories about the dangers of the world wide web, and in some cases, these can be dismissed as scare stories. However, some of the more rabid reporting on the issue of Internet security shouldn’t disguise the fact that there are real threats out there.
Outsourcing has been growing in popularity. It represents an opportunity for companies to expand, as needed, while cutting the costs associated with new technologies and services. Recent studies conducted by Computer Economics, Inc. showed outsourcing made up only 4 percent of IT costs in 2008. By 2009 this percentage increased to more than 6 percent. By 2011, outsourcing IT services made up more than 10 percent of the total IT expenditures, and this trend has only continued in 2012.
This means that choosing the right outsourced IT provider is now more important than ever. There is a lot at stake in terms of business continuity, company productivity, growth of revenue, and company expansion.
Part of choosing an outsourced IT provider is knowing what mistakes to avoid. Investing the time at the beginning means fewer headaches over the long term and minimizing the potential for unexpected costs as a result of making the wrong decision.
There can hardly be a person who has used a computer in the last ten years who hasn’t received a spam email at some point or another. For most of us, this is a daily occurrence, a nuisance that can be filed alongside the daily commute and packaging that won’t open properly. It rarely occurs to many of us why we receive so much spam. While it is pretty obvious that there is a basic commercial imperative behind a lot of spam, why is this particular marketing technique so prevalent in the modern world?
Quite simply…because it works! Pitching goods via spam earns the people engaged in it hundreds of millions of dollars per business per year, while the cost and time involved in sending spam is somewhere between negligible and non-existent.
In the every changing world of online threats, a new type of spear phishing attack has emerged.
Have you ever gotten an email in your office asking you to receive money on behalf of someone in distress? These emails are easy to spot as pure SPAM and/or Phishing attempts. Even if you didn’t recognize this as SPAM, you would remember what your mother told you as a kid: “If it seems too good to be true, then it probably is.” Take a look:
Microsoft has released an out-of-band security update to address the latest Internet Explorer “Zero-Day” vulnerability, as of 1PM on Thursday, May 1st, 2014. The patch has been fully tested and is ready to be released for all affected browsers. Despite previous reports, Microsoft will be releasing the security update for Microsoft XP users.
How do I download the patch for the “Zero Day” Vulnerability?
As a reminder to all Thrive Managed Patching, ThriveCloud, and ThriveProtect customers, this patch will automatically be applied to your machine once we have tested it and approved it for release. You should continue to use other web-browsers until notified that you have been patched.
If you are a Thrive Managed Firewall customer, you have been protected from this vulnerability as long as you are behind your company’s corporate firewall.
For more information about Thrive’s Managed Patching and Managed Firewall Services, please visit our website.
This is a follow up to Thrive previous blog: “What you need to know about the Microsoft Internet Explorer “Zero-Day” Vulnerability“
The latest Internet Explorer “Zero-Day” vulnerability, first acknowledged by Microsoft on Saturday, April 26th, has left all version of Internet Explorer 6 through 11 vulnerable to exploitation. However, initial reports indicate that IE versions 9, 10, and 11 are the primary targets. According to the research firm FireEye, the exploit uses an Adobe Flash SWF file to execute the exploit. Machines that do not have Flash installed are believed to be safe. It is important to note that Microsoft will not be producing a patch for its Microsoft XP operating system. Support for this OS ended on April 8, 2014 so if you’re running this operating system on your machine, you will need to upgrade.
If you currently have a Thrive Managed Firewall powered by Dell SonicWALL, the Intrusion Prevention signatures to cover the “Zero-Day” exploit were added to your device within the last 48 hours. You are protected from this vulnerability when on the Internet behind your corporate firewall.
By now you may have heard about the “Heartbleed Bug”, a serious security vulnerability in the OpenSSL cryptographic library. The OpenSSL library is used by a number of different computing platforms to secure communication between a client (typically in a web browser session) and a secure endpoint, typically a web site or device used to allow access to secure business systems. Anytime you are conducting a transaction online you are typically using SSL, and you can tell that you are doing so when the URL starts with “https://” or when you see a padlock appear in the browsing session. It is estimated that this vulnerability effects upwards of 50% of Internet web sites that use SSL, so the scope of the bug is potentially huge.
Because the vulnerability exposes extremely sensitive information to an entity who tries to exploit it, such as usernames, passwords, banking information, credit card information, and more, the threat is a very real and very serious one. You should take all reasonable precautions to secure your environment if you have systems that contain the vulnerability, as well as being aware of any communications from online vendors, such as banks, that may reach out to you indicating that they may have been subject to the vulnerability and that data may have been compromised.
For more technical information about the vulnerability you can start by looking here.
Thrive suggests that you do the following in response to the Heartbleed vulnerability:
- Analyze and secure your business systems that have the vulnerability present by shutting down and / or patching effected systems.
- Reach out to your third party vendors or providers about systems that utilize the Open SSL cryptographic library to ensure that the vulnerability is not present in those systems.
If you have any questions or would like Thrive to conduct a security audit of IT systems that are not managed by Thrive directly, please contact Thrive Networks today.
Page 1 of 612345...»Last »