As summer approaches, the dream of working while sitting on the beach comes to the fore. While I doubt many of us will be that lucky, the technology to enable this has been with us for some time and most of us use it every day: WiFi. WiFi (or Wireless Fidelity) is any of the widely deployed wireless networking protocols that operate in the frequencies unregulated by the FCC (Federal Communications Commission), specifically 2.4 GHz and 5.8 GHz. These protocols are technically referred to as the IEEE (Institute of Electrical and Electronics Engineers) 802.11x specification, with the "x" being the version. The versions are lettered: "b", "a", "g", and now "n" (in order of release) and specify the maximum connectivity speed, signaling rules and frequencies used. Many coffee shops, cafés, airports, and hotels offer WiFi hotspots for their patrons. Many homes and offices have these networks...

Every day, our communications are becoming more interconnected. Whether it's receiving work and home email on your phone, updating your Linkedin status at work, or accessing work files from home, the line between home life and work life is more blurred than ever. While all of this interconnection can make our lives easier, we must be aware of where sensitive data is being accessed and stored, and the information security implications. As an employer, the first step in preventing any issues with social websites, or internet communications in general, is to decide on clear policy to let the everyone know what they can and can't do. The policy can be as relaxed or stringent as is appropriate to your working environment, but should be clear, concise, and in plain English (avoid legalese). Then of course, the decided policy needs to be uniformly enforced. Contact your network security...

As the warm weather begins to set in, something besides April showers may be approaching. A malicious program called Conficker (a.k.a. Worm_DownAD.AD, Trojan.Win32.Pakes.lxf, W32.Downadup) has been propagating throughout the internet and making headlines. This malware (malicious software) has garnered so much attention because of it's level sophistication, it's install base, and it's unknown nature. Conficker was first discovered in the wild (on the internet) back in October of 2008, and targets Windows based computers and servers. The latest variants of this malware are programmed to download an update in April 1st, 2009. Unfortunately, no one knows what this update is or what effect it will have on  infected computers or the internet in general. Conficker is employing some of the latest encryption techniques and is being actively adapted in response to network security measures...

One of the primary goals of Information Security is to maintain the availability of information, and this month we will be discussing the availability of your internet connection. With lower costs and increased throughput, the internet is more of a vital business tool than ever. So just how painful is it when your internet connection is down? If Your phones connect through your internet connection or an online PBX Your clients and customers order or contact you through a server on your network Your line of business applications are hosted online You connect locations through a VPN (Virtual Private Network) Your employees work remotely Primarily communicate with clients/customers through email Then Losing your internet connection can be very painful and expensive, even for just a short time. Just how much does it cost your...

Have you ever experienced the nauseating sensation of data loss? If so, you are most likely a firm believer in backing up your information. Whether it was a deleted proposal that could have save you hours of work, or a presentation that someone wrote over, or a hard drive that died, there is no teacher quite like experience. As a result, we tirelessly change tapes/drives and diligently rotate them offsite in case of a disaster at the office. But what exactly does our information backup accomplish? A good information backup strategy should be one component of an overall business continuity plan. But is all of this tedium still necessary, or is there an easier way? We know that information backup is vital to our business’s continued existence, but let’s face it: it’s a chore. Every morning, the offsite tape/drive needs to be brought into the office, then the tape/drive has to be changed...

With the holidays here, there are many not-so-jolly “traditions” that are percolating through the internet. Specifically, we are focusing on the social engineering attacks frequently referred to as a confidence trick or as a con. A con is the basis for a number of online or computer threats. A social engineering attack involves an action on our part, that we are tricked into taking. These attacks take many forms and are some of the most difficult to guard against because they involve actions we take and not just the technology. In other words, since we are part of the problem, we need to be part of the solution. This year’s popular attacks include: “Windows Anti-virus 2009” Trojan horse (a Trojan horse is where we install a program that appears benign but is actually malicious) Attack method: This insidious browser pop-up appears to be a security warnings, usually from...

It’s one thing when private and personal information is breached through accident, theft, or the occasional cracker hacking the systems. While damaging, these occurrences can be defended against and the risk can be mitigated and managed through various means. That being said, it is quite another matter when people who are authorized to use this data abuse their power. Today, it was disclosed that a number of Verizon wireless employees accessed President-elect Obama’s cell phone records without authorization (http://www.cnn.com/2008/POLITICS/11/21/obama.cell.breach/index.html?eref=rss_topstories). This is yet another example of broken trust involving our private and personal information. This type of incident should be considered a grievous breach of the public trust, regardless of the profile of the citizen affected. While this particular incident made headlines because it happened to...

Litigation is an unpleasant fact of life for many businesses and it now has serious Information Systems implications. E-Discovery (Electronic Discovery) rules shine a very bright spotlight on your Information Systems policies and procedures, and how well they are implemented. The policies, procedures and implementation, not just the information discovered, can actually contribute to the outcome of the case. In the past few years, the federal government and state after state have implemented E-Discovery rules on gathering and processing electronic files and communications. This generally includes all business communications such as email and IM (Instant Messaging, to be discussed in a later article) as well as documents, database records and other files. Let us make it clear, we are not lawyers and are not offering legal advice. As information technology experts, we believe these rules...

Just how dependent is your organization on your computer/network/systems administrator(s)? I like to think that all administrators are a Nietzschesque breed of super-humans who never get sick, hit by busses, retire, win the lottery, take other jobs, or quit. Unfortunately, statistics show that we are just as human as everyone else, albeit usually a little paler. Thus we are subject to the same luck, maladies and vacations as the rest of the population. So how would you deal with your administrator leaving, especially unexpectedly? Or worse, how would you deal with your administrator getting fired? The administrator typically has a special place within an organization. Although not generally part of the executive management, they usually have full access to all of the organization’s systems, data, and programs. Generally, part of the administrator’s job is to maintain all of...

With the increasing sophistication of malware and other security threats, it has been obvious for quite some time that the standard “locks” we are using to secure our information may not be up to the task. The venerable “username and password” combination is generally used for everything from securing firewalls to stop intruders; to locking down our servers to secure our files; to logging into websites to do our banking. Since these passwords are the keys to the kingdom, they have been targeted innumerable hacks, trojans, worms and keyloggers. However, there are reasonable and secure alternatives. Passwords are considered to be a single factor authentication mechanism, something that you know, to prove you are who you say you are. The problem with this is that others may find out that password, and then have your access. A much more secure authentication scheme is to use two...