Saturday, February 11, 2006

247Network Security - Fortify Your Email Defences - Live Webcast

Live Webcast: Fortify Your E-mail DefensesWed., Feb. 22, 20061:00 PM ET / 10:00 AM PTFind out how to protect your e-mail gateway from viruses, spyware, and other threats during this FREE, TechRepublic Webcast, featuring Peter Firstbrook, Gartner Research Director, and Jeff Epstein of Sophos.This Webcast—with live Q&A—will show the value of:
Managing e-mail hygiene at the gateway.

The gateway as your first line of defense against message-borne threats.

Comparing software- vs. appliance-based solutions Learn how to protect your network's most vulnerable point — Pre-register today for our FREE, live Webcast, sponsored by Sophos!

Friday, February 03, 2006

247Network Security - Kama Sutra FREE FIX HERE!

A.K.A Kama Sutra Worm

W32.Blackmal.E@mm is a mass-mailing worm that attempts to spread through network shares and lower security settings. On the third day of every month it attempts to rewrite files with certain extensions with custom text. It is delivered as an email attachment featuring some 'porn' video.

To fix this problem - get the removal tool here. Remember to disconnect your network FIRST!

Monday, January 30, 2006

247Network Security - Good Worms

'Immunity's research is the latest attempt to create a more rigorously conceived framework for creating worms that could spread across specific networks to find and report vulnerabilities. The research essentially offers two advances, a strategy for the controlled propagation of worms and a framework in which reliable worms could be created quickly, Aitel said.

"History has repeatedly shown us that people who write worms by hand make mistakes," he said. "Worms are difficult to build and very difficult to test."' Learn More

Thursday, January 19, 2006

247 Network Security - VPN Horror Stories - Case Studies

WEBCAST: VPN Horror Stories: Real-World Case Studies on Surviving a VPN Disaster

FEATURING: Evan Conway, EVP, Channel Management, and Jason Sloderbeck, Director, Security & Service Delivery, Positive Networks

DATE: Thursday, January 19, 2006
TIME: 2:00 P.M. ET / 11:00 A.M. PT SPONSOR: Positive Networks
Hosted by James Hilliard of TechRepublic and featuring live Q&A, this interactive Web event will focus on how your company can avoid a VPN disaster of its own. You'll also learn how a new, managed VPN service enables companies of all sizes to:
Increase the return on their VPN investments Enhance network security
Reduce administrative overhead
Redirect scarce IT resources to more strategic initiatives
Improve the remote-access experience for end users
Don't let your company write the next enterprise VPN horror story!
Tune in on January 19th to find out how to sidestep VPN disasters for good!
Pre-register NOW to join us for this January 19th Webcast!
NOTE: This Webcast will be recorded and made available on an on-demand basis following the live event. Pre-register today — even if you\'re not sure you can attend on January 19th — and we'll notify you by e-mail when the on-demand version becomes available.

Copyright © 2006 CNET Networks, Inc. All rights reserved.
NOTE: This Webcast will be recorded and made available on an on-demand basis following the live event. Pre-register today — even if you're not sure you can attend on January 19th — and we'll notify you by e-mail when the on-demand version becomes available.

Monday, January 16, 2006

247 Network Security - Security Center for Microsoft Windows

1st Security Center is a powerful security utility that allows you to restrict access to some of Windows important resources.

This easy-to-use utility helps you to keep your computer in order. It enables you to impose a variety of access restrictions to protect your privacy.

You can deny access to each individual component of several Control Panel applets, including Display, Network, Passwords, Printers, and System. You can disable your boot keys, DOS programs, Registry editing and network access.

You have got an ability to hide your desktop icons, individual drives, Start menu items and the taskbar features, it enables you to stop others from tampering with your desktop. If you set up the special list of allowed applications nobody will run unwanted programs.

The powerful feature "User Working Time" allows you to limit working time for your children , office colleagues , students and so on. You can defineseveral time intervals and time durations to manage users working time very easy.

1st Security Center
supports Internet Explorer security that enables you to customize many aspects of the Internet Explorer Web browser. It lets you disable individual menu items, prevent others from editing your Favorites, disable individual tabs in the Internet Options dialog, restrict access to the IE browser options.

Also the program can log WHO and WHEN uses your computer to the special log file , so you always know who has used your computer.

The administrator password prevents anybody to run the program and change settings and uninstall the program.

The "Import/Export" function helps you set up the same settings on several computers very easy.

Security restrictions can be applied universally or just to specific users because 1st Security Center has got the multiuser intuitional interface.

Friday, January 06, 2006

247Network Security - Microsoft Release WMF Patch Early

XP users can now get their hands on the official patch for the Windows Meta File vulnerability, but Windows ME and 2000 users miss out

Microsoft released a fix for a serious security vulnerability in Windows on Thursday, several days before the patch's scheduled delivery.

The company is breaking with its monthly patch cycle because it completed testing of the security update earlier than it anticipated, it said in a note on its Web site. "In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible," the company said.

Security bulletin MS06-001, originally scheduled for Tuesday, is the first security bulletin of this year and fixes a vulnerability in the way Windows renders Windows Meta File images. The bug was discovered last week and is increasingly being used in what Microsoft calls "malicious and criminal attacks on computer users."

Critics had called for Microsoft to release the patch as soon as possible. With people unable to patch their systems, the flaw could provide an opportunity for cybercriminals to launch increasingly sophisticated attacks on users, they have said.

Wednesday, January 04, 2006

247Network Security - Unofficial Patch for Major Windows Security Vulnerability

NB. Not for Corporates.

If you have a Windows 2000, XP, XP/Pro, or 2003 computer you can to install this hot fix, rather than wait for Microsoft to fix the problem.

It doesn't do anything you can see - just installs then says its done. According to SANS, it will protect you from this major exploit. This patch file and installation has been verified by SANS ( http://isc.sans.org/diary.php?storyid=1010 ).

"Users of the Windows OS should install an unofficial security patch now, without waiting for Microsoft to make its move, advise security researchers at The SANS Institute's Internet Storm Center (ISC)." - ComputerworldCOMPUTERWORLD article:

http://computerworld.co.nz/news.nsf/news/B4714903757E6CBECC2570EB001286D4

If you cannot get on the site because of the crowds of downloaders: you can also find it here:
http://www.hexblog.com

Sunday, January 01, 2006

247Network Security - The Blood and the VPN Holy Grail

Reading Kevin Watt's post: Hamachi - The Holy Grail VPN and it's FREE!

Hamachi installs a virtual network adapter in your computer, and assigns your machine an additional IP address. You can then create a new virtual "workgroup" which your computers can then join. Using the virtual workgroup, you now have access to all the other computers connected to your virtual workgroup as if they were sitting on your own lan. Connections to and from your new IP address are encrypted by Hamachi so your traffic can't be intercepted between machines.

Kevin says this means is that you can then use the Windows File and Print Sharing over this new network without fear that your exposing yourself to the internet. How cool would that be?

Hamachi network security architecture is completely open meaning that its detailed description is available for the review to anyone interested.

Hamachi Security ArchitectureThe following description requires a knowledge of applied cryptography; in particular -

Block ciphers and chaining modes
Diffie-Hellman key exchange
Public key encryption
Message authentication codes

Thursday, December 29, 2005

247Network Security - The Role of Security Management in Regulatory Compliance

Safeguarding your company's IT systems and data is arguably the most important thing you'll do in 2006. And given the complexity of today's networks and sophisticated IT threat landscape, it's also one of the most difficult. So resolve to make security a top priority in the coming year, and start by checking out these FREE, security-related white papers and Webcasts, compliments of TechRepublic.

This white paper describes the major regulations that are impacting IT operations in businesses today and highlights the common requirements. Not surprisingly, the requirement for strong security management cuts across all major regulations, which is why a comprehensive identity and access management platform is imperative.

You can download the paper to read about the identity and access management, provisioning, and monitoring capabilities that are built into Computer Associates compliance platform and how they can simplify compliance efforts.

Topics: Best Practices, Gramm-Leach-Bliley Act, HIPAA, Sarbanes-Oxley, Security Applications, etc.
Tags: access management, regulation, regulatory compliance, network security management

Saturday, December 17, 2005

247 Network Security - Software Vulnerabilities Auctioned

An eBay auction has sent a flash of interest among security researchers about the effect that free-market vulnerability could have on software security.

This week there was an eBay auction that represented the second attempt of an anonymous security researcher to make money from a vulnerability in Microsoft's spreadsheet application, only to be shut down by online auction company within 48 hours. Last week, the seller tried the direct approach - stating that the item for sale was information about the vulnerability - before being shut down for "encouraging illegal activity".

"The idea was to estimate a market value for a major vulnerability and to see who would be interested to obtain such information," said the seller, who used the handle "fearwall" in the initial auction and was contacted by SecurityFocus through eBay's email service. "The listing clearly stated that the information would be delivered to researchers only."

Currently only two companies actively encourage such sales: VeriSign's iDefense and 3Com's TippingPoint. Both companies have created initiatives aimed at procuring original vulnerability research from independent flaw finders.

Monday, December 05, 2005

247Network Security - Taking Control of Email Security

Webcast: Taking Control of E-mail Security - How to Stay Ahead of the Latest Threats Join Willy Leichter, Director of Product Marketing for Tumbleweed Communications, and moderator James Hilliard of TechRepublic, for a live discussion of how to stay ahead of the latest spam and hacking techniques. You'll learn how to develop a comprehensive strategy for managing e-mail security and hygiene. Don't miss out-pre-register today for this live event, scheduled for December 6, 2005 at 2:00 P.M. ET / 11:00 A.M. PT.

247Network Security - Learn About the Next Generation of .Net

Microsoft's next round of certifications for the release of .NET 2.0 and related tools promises to better gauge an IT pro's experience as well as knowledge. Get advice on how to choose the Microsoft certification path that's right for you.

http://techrepublic.com.com/5100-3513_11-5966414.html?tag=nl.e101

Monday, November 28, 2005

247Network Security - WinTarget Server

WinTarget Server by String Bean Software
WinTarget is a powerful iSCSI target software solution that enables users to benefit from cost-effective network security storage solutions.

Thursday, November 24, 2005

247Network Security - Eco-Responsibility

Did you know that the average corporate data centre burns about 80 barrels of oil a day?

CEO Scott McNealy and a panel of environmental 'thought leaders' discuss how eco-responsibility can minimize harm to the planet and benefit business. Watch webcast from Sun here

Friday, November 18, 2005

247Network Security - Find Your Path to Security Implementation

247Network Security

Useful seminar on Microsoft training references and resources on network security threats and appropriate countermeasures.

Learning resources are organized by level (from basic to expert) and provide information on the planning, prevention, detection, and response phases of security implementation.
Topics: Anti-Hacking, Best Practices, Firewalls, Intrusion Detection Systems, Network Security, etc.

247Network Security - Top Twenty Most Critical Internet Vulnerabilities

247Network Security

The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus

This new list ~ SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, it also includes Cross-Platform Applications and Networking Products.

They say the change reflects the 'dynamic nature of the evolving threat landscape.'

If you have not patched your systems for a length of time, they highly recommend that you first patch the vulnerabilities listed in the previous Top-20 2004 list.

The list is the result of a process that brought together dozens of leading network security experts. They come from the most network security-conscious government agencies in the UK, US, and Singapore; the leading network security software vendors and network security consulting firms; the top university-based network security programs; many other network security user organizations; and the SANS Institute.

Tools and Service Fixes to Find Network Security Vulnerabilities here A list of participants may be found here.

247Network Security - Sarbanes Oxley

247Network Security

"In the past few years, companies have spent billions of dollars to update their IT infrastructures to meet requirements from various European and US government regulations.

One of the more noticeable and most important recommendations of these regulations is record-keeping. For example, Sarbanes-Oxley recommends that all companies 'maintain financial records for seven years.'

In order to ensure the accuracy of corporate financial and business information, this recommendation also pertains to records that are used to 'audit unauthorised access, misuse and fraud.' Other regulations such as HIPAA also recommend keeping records for up to six years. More by LiveAmmo

247Network Security - Top Twenty Most Critical Internet Vulnerabilities

247Network Security

The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus continued

Top Vulnerabilities in Windows Systems
W1. Windows Services
W2. Internet Explorer
W3. Windows Libraries
W4. Microsoft Office and Outlook Express
W5. Windows Configuration Weaknesses
Top Vulnerabilities in Cross-Platform Applications
C1. Backup Software
C2. Anti-virus Software
C3. PHP-based Applications
C4. Database Software
C5. File Sharing Applications
C6. DNS Software
C7. Media Players
C8. Instant Messaging Applications
C9. Mozilla and Firefox Browsers
C10. Other Cross-platform Applications
Top Vulnerabilities in UNIX Systems
U1. UNIX Configuration Weaknesses
U2. Mac OS X
Top Vulnerabilities in Networking Products
N1. Cisco IOS and non-IOS Products
N2. Juniper, CheckPoint and Symantec Products
N3. Cisco Devices Configuration Weaknesses

247Network Security - Winter Olympics 2006 Network Security

The IT security team for the 2006 Winter Olympics learned from the previous Games that they need to filter and correlate their network security alarms with more specificity - and that the insider threat is greater than they imagined.