kdr ebusiness

If your PC has become very slow you may have unwittingly allowed a Browser Hijack to take control of your internet connection. Browser Hijacking is a common type of on-line attack in which hackers attempt to take control of your internet browser to change how and what it displays when you’re using the internet.

the following are indicators of a Browser Hijack:

• The home page changes on your PC.
• Links are added to websites that you would usually avoid
• you cannot navigate to some websites, particularly microsoft update, or security software sites.
• Ad popups appear on your screen with annoying regularity
• Links or popups to gaming, pornography or other unsavoury sites appear.

Preventing Hijacks

Hijacks are relatively easy to defend against and providing you take reasonable precautions your PC should remain free from problems. We would advise the following approach.

• keep your PC up to date with the latest operating system patches
• Use a good anti-virus product, such as AVG
• Load Anti Spyware software, like Lavasoft’s Ad-Aware or Microsoft’s freely available Defender
• Don’t download or allow unknown ActiveX components to be loaded onto your PC.
• Look out for Social Engineering tactics.
• Don’t download or install any software that is not approved.

any website that asks you to install a program should be treated with appropriate levels of suspicion. If in doubt, use Google to pull up some background about the website or product. Also be aware that many popular programs such as screensavers, smileys, registry checkers and PC tuneup applications have been used as methods for Browser Hijacks

If you suspect your PC is infected you should seek professional advice. Unless you are very familiar with the workings of your PC’s operating system and with the methods used by Spyware and Malware programmers, it is unlikely that you will be able to solve the problem yourself.

Bookmark to:
         

Because security should run through your IT like the lettering on a stick of blackpool rock, a security audit may reveal plenty of areas for improvement in your IT infrastructure. There are several frameworks you can choose to perform your IT audit. One of the most popular is the ISO 27002 standard (previously known as ISO 17799). This is a code of practice that covers the following areas:

• Structure
• Risk Assessment and Treatment
• Security Policy
• Organization of Information Security
• Asset Management
• Human Resources Security
• Physical Security
• Communications and Operations Management
• Access Control
• Information Systems Acquisition, Development, Maintenance
• Information Security Incident management
• Business Continuity
• Compliance

By assessing each of these areas in turn and by measuring your own arrangements against the code of practice, deficiencies in your IT infrastructure are revealed. Fixing those deficiencies will result in a more efficient, stable IT platform for your business.

If you would like to arrange an audit of your own IT infrastructure, please get in touch.

Tags: IT, audit, ISO 27002, ISO 17799

Bookmark to:
         

I came across this essay from renowned security guru Bruce Schneier entitled The Psychology of Security. There are some excellent insights into why we often make the wrong decisions when assessing risks and into the huge differences that exist between the reality and the feeling of security. For those of you who are involved in risk management, health and safety or security management I recommend that you take a look. Warning: Set aside some time, this is not a five minute read, the article is 13,500 words long.

Tags: Bruce Schneier, risk management, health and safety, security management

Bookmark to:
         

A recent article in the New York Times demonstrated just how insecure it can be to use a WiFi ‘hotspot’ - just like the ones you might find in Ronaldsway Airport or Strand Streets’ Java Coffee lounge.

First the bad news:

…Jon sat a few feet
away with his PowerBook; I fired up my Fujitsu laptop and began doing
some e-mail and Web surfing.

That’s all it took. He turned his laptop around to reveal all of this:

* Every copy of every e-mail message I sent *and* received.

* A list of the Web sites I visited.

* Even, incredibly, the graphics that had appeared on the Web sites I had visited…

Jon used a program called a “packet sniffer” to capture the data being broadcast by the laptop - these programs are widely available and can be very sophisticated.

The good news is that by taking some basic precautions, you can use WiFi hotspots in a reasonably secure manner and the full article lists these in some detail.

Bookmark to:
         

I’ve been wanting to write up my own definition of this for ages, but then I found this from Security Guru, Bruce Schneier. There’s no way I can say it better. Below is an extract, but I recommend that you read the whole thing.

A hacker is someone who thinks outside the box. It’s someone who discards conventional wisdom, and does something else instead. It’s someone who looks at the edge and wonders what’s beyond. It’s someone who sees a set of rules and wonders what happens if you don’t follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.

Bookmark to:
         

Today’s announcement of a serious vulnerability in Microsoft Word get’s my attention.

Most email systems now routinely block unsafe attachments, but when it comes to Word Documents, these are let straight through. They have become a vital part of doing business.

If you want to protect your company from this threat then you need to ensure that your systems are up to date (patched) and that you have the latest anti-virus signatures installed. You should have a patching policy to cover this.

but

the best defence you have against this and future threats is a well trained and security aware workforce. I’ve written about this before - invest in your staff to improve security.

Tags: vulnerability, Microsoft Word, attachments, security

Bookmark to:
         

It is a fact that big companies have big reputations to protect and big budgets to spend doing it. It is also a fact that not all companies have the luxury of a full team of IT staff to ensure that their systems are properly secured.

Good security is set out in layers, designed to match each risk with the approriate measure. A typical systems security setup will consist of the following layers:

• People - Security Aware
• Policies - Set out rules and guidelines for the safe use of systems
• Firewalls - Similar to a nightclub bouncer, the firewall maintains a list of who gets in (and out!)
• Network Security - Controls who can connect and protects the data on the network
• Access Controls - Controls who can access files, audits changes
• PC Security - Up to date AntiVirus, AntiSpyware and Operating System patching provide protection for the data on your PC
• Backup - Allows for the recovery of critical data in the event of failure

The Isle of Man Government has been active in promoting good security practices and has commissioned courses and awareness campaigns. But not all business owners have the time or the technical knowledge to perform a security assessment of their own. KDR EBusiness have recognised this and offer a fixed price service designed to bring the benefits of good systems security to IOM based businesses.

To arrange your fixed price security assessment, call KDR EBusiness today

Tags: security, risk, systems security, Isle of Man, security assessment, KDR, EBusiness, IOM

Bookmark to:
         

The best systems security in the world will not work if your people can be tricked into revealing information to hackers. In the Security World this is known as Social Engineering.

Awareness of the risks should always be your first line of defence. Unfortunately the amount spent on security awareness training does not reflect the benefits that your business gains from a knowledgeable and security aware staff.

There are four points to consider:

• Do you know the risks that your company faces?
• How well trained are your staff? what is their current level of security awareness?
• Do you have policies in place that give your staff guidelines for usage, i.e., email, internet, etc.
• Do you have documented procedures in place for dealing with security issues

When planning Systems Security it is vital to consider your staff first. KDR E-Business can help you to plan and implement relevant, cost effective security for your business.

Tags: Social Engineering, defence, security

Bookmark to: