Webremix Articles

Kenya: Red Alert Over Counterfeit Security Software

Fri, 03 Feb 2012 10:35:30 GMT

[Business Daily] ISOLS provides Anti-virus, Content Filtering, Firewalls, Integrated Security Appliance (UTMs), Network Management, Encryption, PKI, VPNs, Change and Configuration Audit, Backup and Data Recovery, Data Leakage Protection and Intrusion Detection & Prevention IDS/IPS.

HP slams 'sensational' reports about LaserJet printer hack vulnerability

Wed, 30 Nov 2011 10:24:09 GMT

(PhysOrg.com) -- Columbia University researchers have demonstrated how hackers can use printers not only to infect computer systems and steal information but to set printers on fire. Their claims were made this week in a demo at Columbia University's Intrusion Detection Systems Laboratory for msnbc. They report a security flaw in Hewlett-Packard (HP) printers open for exploit. While their experiments were only on HP printers, they said that they are just starting to sample other manufacturers' printers too.

Columbia researchers show remote HP printer hijack [video]

Wed, 30 Nov 2011 02:24:54 GMT

Columbia University's Intrusion Detection Systems Lab has found a significant core vulnerability in certain networked HP printers that lets a remote system infiltrate print jobs, remotely inject malware into the printer's firmware that takes control of the machine. The lab, headed by Professor Salvatore J. Stolfo, has been doing research on the vulnerabilities of embedded systems for the last year, identifying more than 540,000 publicly accessible embedded devices configured with factory default root passwords: this includes routers, VoIP phones, webcams, digital energy systems, and IPTV/Cable boxes. Networked printers are a part of this environment, and researcher Ang Cui discovered certain… [Continue Reading]

ForeScout Intros NAC-as-a-Service Platform for MSPs

Tue, 01 Nov 2011 13:16:00 GMT

ForeScout figures the Managed Service Provider market for firewalls, VPNs, virus cures, web filtering, log management and intrusion detection is pretty much saturated so it’s going to push its CounterACT network access control (NAC) solution as a defensive cloud service that MSPs can take to their clients. It maps to the new security issues raised by the BYOD trend, which Gartner seems to think accounts for 20% of the desktop and mobile widgets connecting to corporate networks these days. CounterACT is supposed to be interoperable and easy to integrate and manage. It’s policy-based, agent-free and now comes as a monthly subscription-based virtual appliance that scales for mid-tier, large accounts and government agencies also concerned about compliance. Licenses can expand on-demand.

Magal receives prison security contract

Fri, 28 Oct 2011 13:50:05 GMT

Magal Security Systems Ltd YEHUD, Israel, Oct. 28 (UPI) -- A new high-security prison in Latin America is being outfitted with multilayer Perimeter Intrusion Detection Systems by Magal Security ...

Stonesoft identifies new ways to evade intrusion detection systems

Tue, 11 Oct 2011 12:43:39 GMT

Finnish security firm Stonesoft claims to have developed 163 new attack methods that can evade network intrusion detection and prevention systems (IDPS) over multiple communication protocols including IPv4, IPv6, TCP and HTTP.

Spam Continues to Drop

Tue, 16 Aug 2011 18:49:00 GMT

Below is a chart that shows the amount of inbound mail that we see, both spam and non-spam, over the past three and a half years. This data also appears in the Microsoft Security Intelligence Report, but the data there is monthly (or half-yearly) whereas this data is weekly:

Microsoft Forefront Online – Total Weekly Spam (red) and Non-Spam (blue)

The charts are normalized to show the scale (i.e., the left hand scale is not 35,000 messages, but is 35,000 x some number). In addition, the spam in red is plotted against the primary (left) Y-axis and the good mail in blue is plotted against the secondary (right) Y-axis.

You can see in the above that the amount of good mail that we see has continued to increase over time. This is because of an increased customer base, not because the total amount of good mail worldwide has gone up (although it has increased marginally as more and more people start using the Internet). However, the amount of spam has plummeted from 23,000 in mid 2010 to 5000 now, a drop of over 75%. The contrast couldn't be starker — spammers are not spamming as much anymore.

It almost looks like the battle against spam is almost over. What's still left to do?

Here's a couple of things that are unique to spam and not other forms of communication:

Generic bulk mail – this is a category of mail that is not quite spam but is definitely not legitimate. It's gray and is usually a dark shade of gray. These are mailers that harvest list from other places or populate their lists in shady ways (single opt-in, tossing your business card into a bowl at a conference, and so forth). These are mailers that cannot be blocked across an entire organization because there is some set of users who desire the mail.
In other words, the mailers that can't be bothered to be responsible are still problematic.
Foreign language mail – When I say "foreign language" I mean mail in a language that is other than English. I see a lot of complaints these days about Chinese spam, Japanese spam, Turkish spam, Portuguese spam and Spanish spam. I don't know what is it about spam in those languages, but they are more resistant to IP filtering than English language spam.
Writing spam rules and processing the stuff has been a challenge right since the day I joined, but I definitely see an uptick in it compared to a year ago at this time.
Spear phishing – I debated putting generic phishing in here, but generic phishing is dealt with using regular antispam techniques (URL filtering, IP filtering, and content and keyword filtering). But as spammers have moved from a "throw everything against the wall and see what sticks" mechanism, they have embraced the "target your prey and slip under the radar" model. They are better at crafting their spam in order to deceive users, no doubt in part because of the proliferation of the Zeus botnet and malware kit.
Spear phishing is not something that spam filters are going to be good at the way they are at pharmaceutical spam or stock spam. Because spear phishers are actively trying to craft their content in order to get around one organization's filters, a company must use both spam filtering and user education.

Eventually the first two will be handled. Pesky bulk mailers will see their reputations dwindle down to nothing and they will get added to blocklists along with everyone else. The second will be handled in the same way — as the spam traps start to attract more and more foreign language spam, they will populate their lists from URLs pointing to Portuguese spam sites, or IPs sending high volumes of spam.

The third is the most difficult. Filters will continue to update quickly but products other than spam filters will be required in order to prevent these, such as traffic analysis tools and intrusion detection software. That will open up a whole new niche for security vendors but will likely be plagued by even less collaboration than there is now (would Microsoft want to share their infrastructure layout with Google? I think not, nor vice versa).

That will take some creative thinking and is probably the next big trend in security.

Written by Terry Zink, Program Manager

Defense in Depth for DNSSEC Applications

Sat, 13 Aug 2011 21:58:00 GMT

At the time of this writing DNSSEC mostly does not work. This is not a bad thing — in fact it's expected. New technologies go through a necessary "early adoption" phase where you can for example buy a hydrogen powered car but you can't get hydrogen near your house. There is a significant last-mover advantage DNSSEC deployment (or IPv6 deployment) and that can't be helped. It's all in a good cause though — everybody knows we need this stuff and some farsighted contributors put some money and time in years or decades ago to ensure that when the time comes the world will have a migration path. Sadly, this leaves current investors and application designers and developers wondering whether there's a market yet. I could sit back and quote Bull Durham and say "if you build it they will come" but everybody always says that even about technologies which turn out to have been really useless in retrospect. Let me instead take a look at the case for DNSSEC as seen through the eyes of an application designer.

The two things that keep DNSSEC from mostly working are that (1) other people aren't using it yet to either sign their zones or validate the signatures they receive when they look things up, and (2) many other people have made assumptions about what a DNS transaction will look like and they either drop anything strange-looking (like a DNSSEC transaction) or they mindlessly modify your DNS transactions (which damages DNSSEC). DNS has been around since the Internet's earliest non-commercial days and a whole lot of firewall and intrusion detection and ad-insertion and network address translation machinery has been built and deployed successfully which is now very much in the way of expanding the DNS protocol to include things like DNSSEC. I know some of the designers of these "mindless middleboxes" and from what they tell me, schedule and revenue pressures led them to look at what DNS looked like on the wire in the lab on a particular day and build their products accordingly. The details of what the protocol meant or what other packets they did not see that day might also be valid did not enter into it.

The DNSSEC industry can probably solve problem (1) above — the lack of signed zones and the lack of validation by DNS requestors — by just rolling out solid products and services which make these activities cheap and easy and maybe even turning them on by default at some point. But there is no deliberate way to solve problem (2) above — because there's no way to incent the millions of middlebox owners to stop interfering with our DNSSEC transactions. This creates a big risk to any DNSSEC application designer (and their investors) who have to worry that problem (2) will keep DNSSEC from succeeding — ever — and that any effort they expend could be wasted. To me the interesting question therefore becomes: how can the designer of a DNSSEC application protect their design investment and mitigate risks in the network? My proposed answer is the approach that's protected Skype all these years: Defense in Depth. This is more or less what I meant in my previous article on COICA and Secure DNS when I said:

… if someone upstream of you can interfere with your traffic then you'll have to use anti-censorship tools rather than Secure DNS to frustrate that interference.

Defense in depth just means having Plan B ready (and perhaps Plan C and Play D) if your Plan A doesn't work out. A DNSSEC application who will offer advanced functionality when it receives and validates DNSSEC signed data has to be optimistic about the existence of such signatures. Just because you don't see them doesn't mean they aren't there — you could be behind a home gateway or firewall or deep packet inspection device that strips out DNSSEC responses. Since the application presumably has enhanced functionality it can only offer if it can see the real DNSSEC data, then to defend the investment in this enhanced functionality it will be necessary to try more than one approach to getting that data. You might for example try multiple name servers rather than believing the first one who answers you. You could try far-away name servers such as the one at your house or your employer if the name server in your hotel or coffee shop or ISP does not offer you a DNSSEC secured response. You could try a proxy or a VPN if you think you're being prohibited from reaching far-away name servers. The one thing you will not do is just give up without first trying every trick you can think of to get a complete DNSSEC validated response to your DNS questions.

This is an obstacle to the development and deployment of DNSSEC applications and therefore to DNSSEC itself, but it's how the game is played. Skype has made voice-over-IP practical globally because their application doesn't just try SIP and then give up. SIP almost never works behind a network address translation (NAT) box or in a hotel room but Skype wanted to create a global service. "Try SIP and then give up" would have been a FAIL for that plan. Similarly a DNSSEC application like the one contemplated by the IETF DANE project will have to have a fallback strategy or it would never build market share. Some day we can expect these fallback strategies to be used less frequently — which will drive down costs and improve performance — but at no time during the lifetime of DNS and the Internet can any DNSSEC application safely assume that if no DNSSEC data appears in a response then there probably is no DNSSEC data available. Notably, the enhanced features that will be offered by an application when DNSSEC validation is possible will make the application and its data and its user more secure. We can expect attackers to deliberately force DNSSEC failures in order to disable those enhanced features and force the application into a less secure mode. That's not something we should make easy by being too fragile in how we try to acquire the DNSSEC data necessary to prove the truth of the DNS data we consume.

These observations have policy implications, including one I had not foreseen at the time I wrote my earlier article COICA and Secure DNS when I said:

… a below-recursive policy whose goal is to make certain domain names unreachable will always be successful no matter how completely the world deploys Secure DNS.

A policy based DNSSEC failure like that contemplated by COICA would be indistinguishable from a bad middlebox or a man-in-the-middle attack. Either way any DNSSEC application which is robust enough to succeed in the market will not give up at that point. My friend Dan Kaminsky told me that he would not be willing to deploy defense-in-depth if there was any chance that his code or his users would be in violation of the law. This is a reasonable position and I share it. Anything we create that can bypass the restrictions of stupid hotel room middleboxes will also trivially bypass anything like COICA anywhere in the world. Since no responsible application designer will code "or else just break the law" into their product, something like COICA could stalemate the market's movement toward DNSSEC. If a DNSSEC application would have to treat any DNSSEC failure as though it could be due to a lawful intercept, there could literally be no defense-in-depth, no robust DNSSEC applications, and no success in the market for enhanced features that depend on DNSSEC. And if the only benefit from the decades of cost and work that have done into DNSSEC is to protect the DNS infrastructure from data insertion and poisoning attacks — if in other words there could be no new applications which offered enhanced functionality in the presence of DNSSEC data — then DNSSEC itself would be doomed by its own economics.

Written by Paul Vixie, Chairman and Chief Scientist, Internet Systems Consortium

Alert Logic & SunGard Partner to Deliver Security & Compliance Solutions

Wed, 10 Aug 2011 14:55:00 GMT

Alert Logic, a leader in delivering on-demand Security-as-a-Service, announced that SunGard Availability Services will integrate Alert Logic’s solutions for vulnerability assessment, intrusion detection and log management into its current suite of managed security services.

Alert Logic & SunGard Partner to Deliver Security & Compliance Solutions

Wed, 10 Aug 2011 14:55:00 GMT

DDoS Attacks: Don't Be In Denial of the Risks

Mon, 08 Aug 2011 20:02:00 GMT

The business world forever changed when the Internet entered the scene and it has been driving constant change ever since. Businesses are now connected to the Internet in almost every aspect of their daily operation. Today, most businesses rely on it to allow them to make phone calls, send emails, collect payments, connect to their supply chains, store critical data remotely and promote their products/brands.

With all the advantages of this online environment come new risks to a business's brand and revenue stream. One of these risks — an everyday event now — is Distributed Denial of Service (DDoS) attacks. Unlike traditional attacks by hackers which breach a business's security systems, resulting in defaced websites, intellectual property theft and/or customer data theft, a DDoS attack focuses on making a business's Internet connected infrastructure (e.g. web servers, email servers, database servers, FTP servers, APIs, etc.) unavailable to legitimate users. A business's brand reputation, which can take years to establish, can be swept away in just a few hours from a single DDoS attack in the same way a natural disaster like a flood or earthquake can impact a traditional brick and mortar business.

DDoS attacks cause customers and prospective customers to worry about a business's infrastructure, stability and basic security practices. It takes only minutes for blogs, tweets and other news forums to be alerted of an outage stemming from an attack, which is then permanently searchable for future prospective customers, partners and potential investors to find. The damage caused by a well crafted DDoS attack is seldom limited to the initial revenue losses suffered during the outage and/or subsequent infrastructure repair. This is why many government regulations and corporate governances now require protection from these ever increasing risks.

Unfortunately, investments made only a few years ago in DDoS protection can no longer provide adequate shielding from modern day attacks. DDoS attacks, which used to require thousands of computers and years of training to launch, can now be done by a handful of novices with free downloadable software on a few home PCs connected to DSL/cable modems. This has allowed social media to foster "hacktivists," who use DDoS attacks as a non-violent tool to demonstrate their dissatisfaction with a business and/or promote political ideology.

These rampant threats require businesses to expand their security solution to include not only intrusion detection and prevention systems (IDPS) but also the strength and flexibility of cloud- based DDoS solutions. No longer can a business rely on over provisioning their telecom services or buying premise-based technologies as their only DDoS protection. The high adoption of broadband and availability of freely distributed DDoS attack software simply put a business's connection to the Internet at risk (saturation), rendering premise-based solutions useless unless they are also matched with a corresponding cloud-based DDoS service for large attacks.

In today's online business environment it is important that the risks are truly understood and mitigation measures put in place before attacks happen and the damage is done. Whether you are trying to protect your infrastructure, your revenue stream, your brand or your job, you need to act now. Traditional approaches simply aren't effective anymore. DDoS attacks are increasing in frequency, in size and in complexity.

Written by Rick Rumbarger, Senior Director Product Management, Neustar Internet Infrastructure Services

Weekend Project: Use HoneyD on Linux to Fool Attackers

Sat, 23 Jul 2011 00:13:12 GMT

For the security conscious, there is always room for another weapon against attackers. Firewalls, intrusion detection systems, packet sniffers — all are important pieces of the puzzle. So too is Honeyd, the "honeypot daemon." Honeyd simulates the existence of an array of server and client machines on your network, including typical traffic between them. The phantom machines can be configured to mimic the signature and behavior of real operating systems, which will trick intruders into poking at them — and revealing themselves to your security staff.

Alert Logic Joins Microsoft Active Protections Program

Wed, 18 May 2011 13:56:34 GMT

Alert Logic, a provider of on-demand Security-as-a-Service solutions, has announced that it has joined the Microsoft Active Protections Program (MAPP). Joining MAPP will provide Alert Logic with detailed insight in advance of Microsoft's monthly security updates, enabling Alert Logic to anticipate emerging threats and quickly deploy updates to Alert Logic's vulnerability assessment, intrusion detection and log management solutions. Proactively incorporating this information into the products will help protect customers during the time between the release of security updates and applying them to their systems.

Defending the Network Several Times Over

Mon, 09 May 2011 14:38:00 GMT

Modern networks can be attacked in a variety of ways, meaning that companies need different types of protection. This article explains some of the risks involved, and provides some easy ways to deal with them.

Consumerisation is a problem facing every IT department. Once upon a time, home and corporate computing were entirely separate. During the eighties, the PC was purely a business tool. Then, during the nineties, it became the primary machine for home use as well. During the following decade, the Internet took many applications into the cloud. Today, employees use the same computer and browser architectures at home, as they do at work. This has blurred the lines between computing at home and at work — and has created some unique security challenges in the process.

Dazzled by the Web 2.0 sites that permeate their lives at home, employees want the same comforts in the office. Modern web sites offer far more than the one-way Internet experience so common in 1995, where users simply read the information on web sites.

A new and dangerous web

Instead, today's web offers a bidirectional, many-to-many experience, in which users are encouraged to participate by submitting their own content. Sites ranging from social networks to online photo sharing services invite users to submit their own information, and even to chat in real time. Facebook, LinkedIn, Wikipedia, Flickr and a panoply of other sites fall into this category.

These technologies have bought small to medium-sized businesses the same benefits as their larger counterparts. Online applications, advanced search capabilities, and real-time messaging technologies enable them to build scalable, highly-responsive technology infrastructures to support their businesses. Virtual teams of contractors can now be assembled easily with a collection of free instant messenger clients and a cheap account on a collaborative web site, for example.

However, these benefits come at a cost. Many web 2.0 sites have repeatedly been found wanting in terms of security. More functionality breeds more vulnerabilities, and attackers have been quick to exploit them.

Malicious software (malware) that infects computers and connections spreads via a variety of channels, including hacked web sites, email, social networks, and instant messenger programs. Even simple search results are being 'poisoned' by search engine optimisation experts who want to direct unwitting users to malicious web pages instead of legitimate ones.

The dangers extend to the unintended egress of information. Employees may inadvertently send sensitive data outside the company via several channels. Pasting customer information into an email is one example, although it can also be pasted into web 2.0 sites, or sent via instant messaging programs.

An example of the danger: real-time chat

The encroachment of real-time chat into corporate networks began as long ago as 1996-7, when Mirabilis launched the ICQ chat service, and AOL launched its Instant Messenger program. The software began creeping onto corporate desktops without IT's permission.

That's the problem with the corporate desktop; it is very difficult to manage effectively. For SMBs especially, who often have a surfeit of IT expertise, trying to lock down desktops is a challenging task. Even those organisations with the wherewithal to do it risk irritating employees who want those comforts on the desktop.

With instant messaging becoming an important work tool, it could even be deemed counterproductive for companies to ban it from the desktop altogether. AOL Instant Messenger, MSN Messenger, and Skype are all useful for business purposes, as are other programs such as Google Talk.

The irony underlying most instant messaging programs is that while legitimate, they act like malicious software. They are designed to get around network firewalls that might try to block them, by 'port hopping' - effectively trying different digital 'doors' separating a company's network from the public Internet, until they find one that is unlocked.

The problem of real-time chat as a potential attack vector has been exacerbated with the introduction of web-based online chat mechanisms that need no desktop client at all. Facebook's built-in instant messaging feature is a good example of this.

Defence in depth

SMBs with little resource to spare for complex IT security therefore find themselves battling not only real, external threats, but also their own well-meaning employees. They need simple, turnkey solutions to secure their networks, but as we've seen, the threats operate at multiple levels. For this reason, security products for SMBs should provide multi-layered protection (otherwise known as 'defence in depth' to protect all of the available channels.

Defence in depth goes beyond the traditional firewall, which has historically been the main method used to protect the corporate network. These devices did little more than block specific ports on a network to stop external attackers from using them to attack a company's computers. They did nothing to analyse the actual content of the traffic passing over the company's network connection.

Unified threat management appliances monitor the network for a variety of threats by combining smart firewall technology with email and web content scanning. They can be programmed with rules that stop employees from doing specific things on the Internet at particular times, and can look for suspicious traffic flowing over the network.

Protecting the network

Network security features heavily in UTM systems, which build on traditional firewall systems with a host of new features. Modern UTMs feature 'stateful' packet inspection, which not only monitors specific ports, but also watches what traffic passes through them over time.

This ability to watch the traffic passing across the network also allows modern network security products to offer intrusion detection and prevention (IDP) capabilities. The security device monitors network traffic activity to look for patterns that could indicate an attack.

An example of a malicious pattern might be a single PC in the organisation which suddenly begins rapidly contacting other PCs using a single port, which could indicate a rapidly spreading piece of malware. The IDP database is constantly updated with new patterns identified by the vendor of the device as new vulnerabilities and attacks appear.

Modern network security devices also feature application firewall capabilities. This uses a technique known as deep packet inspection to look inside the small 'envelopes' of data that flow over an Internet connection. By examining the content of these packets, a device can determine the type of traffic that they are. They may be video, VoIP, or web traffic directed at a particular application on the company's network. By analysing the packets, the device can determine whether they are performing legitimate tasks.

Higher-level protection

Multi-layered devices also monitor the content of those packets for warning signs, enabling them to scan incoming and outgoing emails for suspicious content. This enables an organisation to stop spam messages from reaching recipients, using a mixture of spam signatures updated by the vendor, and intelligent heuristic techniques that allow the device to estimate the likelihood of a particular email being spammy.

Finally, web security works to protect users both at a content prevention and a URL filtering level. It watches the URLs that users attempt to visit, and can block known malicious sites (such as phishing destinations, or 'drive-by download' sites) before the user's browser has a chance to download malicious or inappropriate content. URL filtering has the added benefit of enabling a company to implement policies controlling social network use. Perhaps managers only want users visiting Facebook pages during their lunch hour, for example.

Web security mechanisms will also scan content, watching for content such as pornography, and for malicious code contained on a webpage that might compromise a user's computer.

Covering all your bases

It is easy to see how these functions work in unison with each other. For example, attackers often use email to send malicious URLs to users. These may be spotted by email protection functions within a unified threat management system or Internet security appliance. However, if they slip through, they will be caught by the web filtering mechanism, making it doubly hard for attackers to compromise users. Anti-virus mechanisms built into the device will also scan for malware separately, providing yet another level of protection.

Defence in depth is a crucial technique for any modern SMB that wants to protect itself against intrusion. Condensing multi-layered protection into a single device, updated by the vendor, provides the best protection for resource-constrained companies.

Modern Internet security is an exercise in probability. It is impossible to guarantee 100% security — a determined hacker may still be able to gain access to a company's system. But the more points protection that a company covers, the more likely it is to fend off the majority of generic attacks on the Internet. Can you afford not to cover your bases?

Written by James Harris, Product Manager at ZyXEL Communications UK

The decline and fall of Slammer?

Wed, 23 Mar 2011 13:24:04 GMT

Me and Slammer (Helkern) go back a long way...to 25 January 2003 to be precise. It was a baptism of fire for me in my new role as a virus analyst at Kaspersky Lab. It was a weekend and I was alone, in charge of monitoring the incoming flow of suspicious files. I had barely been at the company a month.

On that day the Internet suffered one of the biggest virus epidemics in its history - within the space of just fifteen minutes a worm using a vulnerability in MS SQL Server infected hundreds of thousands of computers worldwide and knocked out the Internet in South Korea for a few hours.

Those 376 bytes were the implementation of a so-called ‘bodyless’ virus, which does not write itself to the system but only stays in the operational memory.

That was more than 8 years ago, but Slammer is still hanging around and is constantly among the leaders in our network attack ratings. Millions and billions of malicious packets are sent out each day searching for victims and generating a considerable amount of junk traffic.

Then something strange happened on 9 March 2011. Our automated threat analysis system, Kaspersky Security Network, recorded a significant drop in the number of machines carrying out attacks and an even bigger reduction in the number of computers being attacked. We received the data from our IDS (Intrusion Detection System) module which monitors network attacks. The system also determines the source of an attack.

From the Security threat report 2011 by Sophos

Sun, 20 Feb 2011 14:50:10 GMT

From the Security threat report 2011 by Sophos, Page 46: “Cybercrime is encroaching more and more into the business space. Industrial espionage, spearphishing of important employees to breach network boundaries and mass theft of customer information are more diffcult to detect and have very serious consequences. At the same time, network boundaries are becoming ever more indistinct and porous as new technologies enable greater access from remote workers and mobile devices. In addition, legal requirements place greater emphasis on traceability and compliance with predefned standards of data hygiene. Increasing amounts of sensitive data is stored, accessed and manipulated in databases connected to company websites as businesses increasingly interact with their customers through the Internet. As a result, it’s become as easy to access these databases as it is to access the main doors at corporate headquarters. Security administrators face a constant battle to maintain usability, while preventing penetration from the outside and data loss from within. Alongside protecting network boundaries, businesses and website maintainers are under growing pressure to ensure that their web presence provides adequate protection for the users of its web services.” As time passes, organizations realize that Web Application Firewalls (WAF) are not sufficient to secure their back end databases. GreenSQL Express provides a free, commercial grade solution to protect MS-SQL, MySQL and PostgreSQL databases from known and unknown threats. GreenSQL Express includes: - Database Intrusion Detection and Prevention System - Database Firewall - Separation of Duties - Advanced Risk Scoring Matrix - Database Front-end Security - Real-time Database Protection Get a free copy of GreenSQL Express at www.greensql.com

ContactOffice’s data security approach

Fri, 11 Feb 2011 15:54:00 GMT

ContactOffice – IT Security and Privacy Strategy As provider of a web-based application ContactOffice has been working for years on its security and privacy issues to guarantee maximum safety and availability for ContactOffice users when working on the application and storing information and documents in it. Core Competency Safety and Security – You better Ask Someone Who Knows Best … That is exactly what we did and for this reason we teamed up with Level 3 Communications. ContactOffice is operated in one of their high-performance data centers in Brussels. This data center provides a comprehensive safety and security concept reaching from physical access control through fire prevention and redundant power supply to firewall and intrusion detection systems. Thus ContactOffice provides an IT infrastructure that goes far beyond standard on-premise IT infrastructures. In addition, all ContactOffice users – from single private person to big major company will profit from the extensive experience of the Level 3 experts in operating highly secure and available data centres Clever Application … In addition, ContactOffice was designed so any data inserted into the system becomes anonymuous, stored randomly. Next to our firewall and security settings, if any hacker can catch any data of our systems (never happened…), he won’t be able to do anything with it because: - he doesn’t know the owner of the file - he doesn’t know the extension - he doesn’t know the login and password of the owner to access the document - he doesn’t know who has access to this document - he doesn’t has the password of users who have access to this document Privacy and Data Security For privacy and data security ContactOffice is deploying the necessary means to guarantee maximum safety and security. This starts at data transfer, which is done – if you selected it when logging in – in SSL-encrypted mode. In addition, all ContactOffice data are backed up several times a day and anonymously stored throughout our servers. Thus, these data are useless as well for any third party. Business Model Software Development and Operation vs. Selling Banner Space or Mailing Lists ContactOffice is a nothing but a software developer and provider financing its operation from the fees it receives from its end-users. For this reason, there are no additional financing models such as displaying third-party ads or selling end-user data/profiles) The ads in the free basic version only include promotional information for ContactOffice itself in the email footer. Trust is Good, Control is Better! As a ContactOffice user you always have the opportunity to download your data and documents in the most popular file formats such as .eml, .vCard, .csv, etc. The “backup” feature enables you to download all data in one single ZIP file at a mouse click. 450.000 End-Users Make a Statement Today almost half a million end-users are using ContactOffice on a daily base. The solution is up and running for more than ten years now and would not have reached its current status if these end-users were not satisfied with the way their data are safe and secure. For additional questions please contact support@contactoffice.net