Social Intelligence

“EMBARRASSING: Father caught daughter on webcam” Facebook exploit

Facebook is being hit by another viral message, spreading between users’ walls disguised as a link to a saucy video. The messages, which are spreading rapidly, use a variety of different links More »

networking

Network Security tips for SMEs

Many time small business owner are ignoring Network security because they are thinking that they are small and doesn’t required network security also many time it is not justifiable security cost, BUT More »

accessibility.comp

Tips for Secure Computer And Server

Server security is also known as information security, it applied to servers and networks. Security for personal web servers, SBS and dedicated servers are in demand now a day. A business wants More »

img11

Human Error Considered Primary Cause of Network Security Outages

According to the survey of more than 100 information security professionals, 66 % of respondents cited human error in the configuration of network security devices as the most common cause of outages More »

img14

New way of phishing called spear-phishing

Most of you know about phishing — the fake email which is look like important mail from banks or credit card companies and even the government tax department or may be some More »

img11

Human Error Considered Primary Cause of Network Security Outages

May 26, 2011   admin   No comments

According to the survey of more than 100 information security professionals, 66 % of respondents cited human error in the configuration of network security devices as the most common cause of outages in the past 12 months, followed by capacity overload (14 %) and flaws in the gateway product (9 %).

The majority of respondents said they had from 10 to 49 different security gateways installed on their network. Another 15 % of companies had more than 50 security gateways installed.

The most common security gateways were firewalls, installed on 98 % of corporate networks, along with anti-virus (90 %) and content filters (85 %).  #

Among these devices, respondents said that firewalls required the greatest investment of time and were held responsible for causing the most network disruptions. A full 73 % of respondents cited a “high number of changes” as the primary reason for the large time investment in managing security gateways.

Given the complexity of the networks we deal with this shouldn’t be shocking.  How often have we seen misconfiguration of network devices cause security problems?  How often have we seen entire networks taken down by someone innocently plugging a device into the wrong port?

Its true that common sense cant be taught. But good management practices (including adequate supervision of network device configuration, change control, validation, and documentation) can go a long way to decreasing the network security problems attributed to human error.

Security Change Management is a big challenge Firewalls take up the most management overhead (hardly a surprise for us of course), with 73.1 % (!) citing a high number of changes as the main cause for the time investment.

If there is one key take away from the survey, I think it is that organizations must be aware of the impact of security configuration errors and take steps to minimize them. Here are some points to consider:

  • xBL.Factor-in ease of use when selecting security products Which of the two do you prefer – a great security product that is misconfigured or a good security product that is well configured? Make sure to give ample weight to ease of management and configuration when selecting security products.
  • Continuous training it’s not enough to train your security and operations team when you first deploy a new technology. Make sure you allocate the time and budget to ensure security staff is up to speed with latest know how.
  • Automate as much possible automation is not only about operational efficiency, it ‘s also about reducing errors. Invest in tools that can help you automate security configuration and or discover configuration errors.
  • Review change management processes change.

 

# A survey by AlgoSec

* Source from Web

Read More
img14

New way of phishing called spear-phishing

May 19, 2011   admin   No comments

Most of you know about phishing — the fake email which is look like important mail from banks or credit card companies and even the government tax department or may be some time as lottery winner.

As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.

Internet securities experts warn of a new wave of scams are known as spear-phishing. Instead of casting a broad net to snag whomever they can, the scammers come after you directly and the attacks are already on the rise.

Unlike the old-school phishing scams that hit your inbox with fake email alerts from banks, and other businesses and address you simply as a “dear valued customer,” spear-phishing scams are specific because scammers are using your specific information. “So they can target you very carefully. They’ll seem very real to you,”

Investigators say massive security breaches back in April will only make it worse. Sony now confirms that hackers stole personal data from more than 24 and a half million PlayStation accounts last month. Weeks before that, a security breach at retail marketing firm Epsilon exposed the email accounts of millions of customers from major retailers and banks.

That means that, instead of getting an email from Wells Fargo when you don’t have a Wells Fargo account, you’re going to get an email from a business that you do business with, and it’s going to have your name on it.

It didn’t happen to you last time. It might not happen to you this time. But it could happen to you in the future and when it does, it’s going to be seriously hard to fix your credit. Here’s one version of a spear phishing attack: The perpetrator finds a web page for their target organization that supplies contact information for the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator. The email asks the employee to log into a bogus page that requests the employee’s user name and password or click on a link that will download spyware or other malicious programming.  If a single employee falls for the spear phisher’s ploy, the attacker can masquerade as that individual and use social engineering techniques to gain further access to sensitive data.

Internet security experts warn: the increased spear-phishing activity increases the odds that you or someone you know will take the bait.

* Source From Web

 

Read More
« Older posts
Newer posts »

  • Calendar

    May 2012
    M T W T F S S
    « Jun    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
the deathly hallows movie downloads

Optimized by SEO Ultimate