One of the primary goals of Information Security is to maintain the availability of information, and this month we will be discussing the availability of your internet connection. With lower costs and increased throughput, the internet is more of a vital business tool than ever. So just how painful is it when your internet connection is down? If Your phones connect through your internet connection or an online PBX Your clients and customers order or contact you through a server on your network Your line of business applications are hosted online You connect locations through a VPN (Virtual Private Network) Your employees work remotely Primarily communicate with clients/customers through email Then Losing your internet connection can be very painful and expensive, even for just a short time. Just how much does it cost your...

Have you ever experienced the nauseating sensation of data loss? If so, you are most likely a firm believer in backing up your information. Whether it was a deleted proposal that could have save you hours of work, or a presentation that someone wrote over, or a hard drive that died, there is no teacher quite like experience. As a result, we tirelessly change tapes/drives and diligently rotate them offsite in case of a disaster at the office. But what exactly does our information backup accomplish? A good information backup strategy should be one component of an overall business continuity plan. But is all of this tedium still necessary, or is there an easier way? We know that information backup is vital to our business’s continued existence, but let’s face it: it’s a chore. Every morning, the offsite tape/drive needs to be brought into the office, then the tape/drive has to be changed...

With the holidays here, there are many not-so-jolly “traditions” that are percolating through the internet. Specifically, we are focusing on the social engineering attacks frequently referred to as a confidence trick or as a con. A con is the basis for a number of online or computer threats. A social engineering attack involves an action on our part, that we are tricked into taking. These attacks take many forms and are some of the most difficult to guard against because they involve actions we take and not just the technology. In other words, since we are part of the problem, we need to be part of the solution. This year’s popular attacks include: “Windows Anti-virus 2009” Trojan horse (a Trojan horse is where we install a program that appears benign but is actually malicious) Attack method: This insidious browser pop-up appears to be a security warnings, usually from...

It’s one thing when private and personal information is breached through accident, theft, or the occasional cracker hacking the systems. While damaging, these occurrences can be defended against and the risk can be mitigated and managed through various means. That being said, it is quite another matter when people who are authorized to use this data abuse their power. Today, it was disclosed that a number of Verizon wireless employees accessed President-elect Obama’s cell phone records without authorization (http://www.cnn.com/2008/POLITICS/11/21/obama.cell.breach/index.html?eref=rss_topstories). This is yet another example of broken trust involving our private and personal information. This type of incident should be considered a grievous breach of the public trust, regardless of the profile of the citizen affected. While this particular incident made headlines because it happened to...

Litigation is an unpleasant fact of life for many businesses and it now has serious Information Systems implications. E-Discovery (Electronic Discovery) rules shine a very bright spotlight on your Information Systems policies and procedures, and how well they are implemented. The policies, procedures and implementation, not just the information discovered, can actually contribute to the outcome of the case. In the past few years, the federal government and state after state have implemented E-Discovery rules on gathering and processing electronic files and communications. This generally includes all business communications such as email and IM (Instant Messaging, to be discussed in a later article) as well as documents, database records and other files. Let us make it clear, we are not lawyers and are not offering legal advice. As information technology experts, we believe these rules...

Just how dependent is your organization on your computer/network/systems administrator(s)? I like to think that all administrators are a Nietzschesque breed of super-humans who never get sick, hit by busses, retire, win the lottery, take other jobs, or quit. Unfortunately, statistics show that we are just as human as everyone else, albeit usually a little paler. Thus we are subject to the same luck, maladies and vacations as the rest of the population. So how would you deal with your administrator leaving, especially unexpectedly? Or worse, how would you deal with your administrator getting fired? The administrator typically has a special place within an organization. Although not generally part of the executive management, they usually have full access to all of the organization’s systems, data, and programs. Generally, part of the administrator’s job is to maintain all of...

With the increasing sophistication of malware and other security threats, it has been obvious for quite some time that the standard “locks” we are using to secure our information may not be up to the task. The venerable “username and password” combination is generally used for everything from securing firewalls to stop intruders; to locking down our servers to secure our files; to logging into websites to do our banking. Since these passwords are the keys to the kingdom, they have been targeted innumerable hacks, trojans, worms and keyloggers. However, there are reasonable and secure alternatives. Passwords are considered to be a single factor authentication mechanism, something that you know, to prove you are who you say you are. The problem with this is that others may find out that password, and then have your access. A much more secure authentication scheme is to use two...

Information Security cannot be achieved with just a device or program, but must be embraced as a foundation for building your organization. These days, it’s not only giant multi-national conglomerates that are experiencing security issues with hackers, viruses or breaches. Increasingly, it’s small and medium sized organizations that are being compromised, extorted, and/or breached. Why? It’s a simple matter of following the path of least resistance. Larger organizations are finally being forced to take notice of information security issues due to increased regulatory rules and oversight. As these larger organizations lock down their internet connections, web sites, and remote access, they become harder and less attractive targets. Statistically, there are a lot more smaller and medium sized organizations, and historically they have been considered low profile targets because their...

Ever wonder where that spam comes from? It could be coming from you… Many computers that become compromised with malicious software (also called malware: viruses, worms, spyware, etc.) are not being infected in a way that most people would think. Their hard drives remain intact, they aren’t plagued with popup ads, and their email contacts remain pristine. Instead, their computers become “zombies”: unwitting accomplices to high crimes and misdemeanors. This malware installs a “bot” program (short for robot), allowing the computer to be remotely controlled across the internet. A group of computers controlled by a single person or group is known as a “botnet”, and the controller is call a “botnet herder” or “bot herder”. These networks can become enormous. The largest at the moment is called “Srizbi” and boasts over 315,000 bots with which it can send out and astounding...

Invasion of Privacy? Google Inc. is apparently being sued over their semi-new “Street View” feature of Google maps (click here for source article on Forbes.com). For those of you that aren’t up to the second with Google’s features, they are having people drive all over the place with digital cameras on their cars. The photo’s are then upload with the location info to Google maps, allowing you to see a picture of the address you’re looking up. Although not of the highest quality, these pictures can be rotated and zoomed as well as the camera being able to move up and down the street. Apparently, a couple that lives outside of Pittsburg PA is suing Google as the taking of the pictures “…violated their privacy, devalued their property and caused them mental suffering.” They claim that the pictures taken of their home could only have been taken from their long driveway which is marked...