Good anti-spam solutions block unwanted email, allow email you are interested in receiving, and even attempts to block viruses arriving via email. One of the biggest signs of a good service, in addition to working properly, is that the service saves your workers and your IT team time by not needing to babysit the anti-spam solution.

Eliminate specific E-mail attachments since they may contain malicious code. This infection vector is a significant source of infections that lead to attackers gaining control over major assets in your network.

It is important for security and productivity to implement a solution to block Internet access to inappropriate sites. While most everyone in an organization can quickly agree on blocking certain sites because the inappropriate content could endanger the organization. For other categories of web sites, there may be more than one point of view.

Consider, at least initially, only blocking the sites that everyone can agree need to be blocked. Simply activating the blocking tool will usually help reduce drive-by-downloads at some sites.

Many firewalls support web filtering although many firewalls do not provide reporting features with enough detail. If your solution is inadequate, then upgrade the firewall or add a tool that will provide this functionality.

Please post your comments on this blog.

The post Stop Drive-By-Downloads appeared first on Foster Institute.

1. The email message has some kind of urgency. For example, “such and such will expire unless you…”
2. There is a link in the email or, less commonly, an attachment to the email message. Those links, when clicked, are when attackers can interact with your users in ways from tricking the user into giving out personal information to injecting malicious code into the user’s computer.

Protect your system from attacks. Teach your users to quickly identify the “urgency” and “click here to…” dangers.

Please post your comments on this blog.

The post Quickly Identify an Attack Email Message–Know thy Enemy appeared first on Foster Institute.

It is imperative that all of your users learn about common dangers and follow best practices. Require them all to attend the training courses you provide. Next time we’ll focus on the best delivery methods.

Please post your comments on this blog.

The post Make Security Awareness Training mandatory appeared first on Foster Institute.

These days, some viruses can “morph” at regular intervals—keeping their same dangerous functionality and avoiding the signature matching. An analogy would be someone being able to change their thumbprint one or more times each day.

Over the years anti-virus has evolved to include new ways to stop viruses. One way is to watch for dangerous behavior. The problem here is for the anti-virus tool to be able to discern if the dangerous behavior is being performed by a legitimate process or a virus.

Anti-virus vendors are constantly playing the “cat and mouse” game of keeping up with new virus strategies. This is one more reason to always stay current with the latest anti-virus offerings available.

Please post your comments on this blog.

The post Old-school anti-virus is no longer the best protection appeared first on Foster Institute.

In reality, an additional computer can be expensive and the chances are, at some point, some user will use that computer to access the Internet anyway and now the “banking only” computer is infected too.

There are other solutions, such as using VMware Desktop, to launch a “clean” browser to use for online banking, however VMware desktop is a little technical to set up and use for most senior executives. As time goes on, browsers are starting to run in their own isolated space that helps, too.

Another option is to use a product such as Faronics Deep Freeze that makes your home computer “go back to brand new” every time you reboot. That’s like having a new computer every time you sit down!

I feel the most probable solution is to make your home computers really secure and then use them for banking. This includes patches, anti-virus, a robust firewall, etc. If you want to take the extra step to get a separate computer, and make it super secure too, then you may decide that is best for you.

Please post your comments on this blog.

The post Should executives buy a second computer for banking? appeared first on Foster Institute.

Will viruses and other malware contribute to injuries and deaths? Imagine diagnostic imaging machines, like X-rays and CAT Scanners, exposing patients to too much radiation due to a virus. Traffic lights not functioning properly, especially on a highway with high speed limits, could lead to a horrible crash.  Emergency services may already be delayed in their response due to computer malfunctions. The airline industry has plenty to worry about. What if trains fail to stop and crash into another train or the end of the line?

Apparently the Spanair diagnostic computer does not connect to the Internet so the infection likely came from an infected USB device, CD-ROM, or some other form of removable media.

Just last month, control systems manufacturer Siemens, who manufactures control systems, warned that malware called Stuxnet is spreading through infected USB devices to penetrate industrial control systems. I wonder if there are any control systems at nuclear power plants infected yet.

More and more regulations and laws are forcing organizations to wake up to the fact that IT security is very important.

Business executives and IT professionals alike must realize:Viruses and other malware do not necessarily make themselves obvious for the simple reason that, if you know a computer is infected, you are likely to have a qualified IT professional fix the problem.

• Anti-virus programs do not always catch all viruses
• Firewalls are not perfect either
• End users can, accidentally or on purpose, bypass some of the best security you set up

How many more people will need to die, how much more money will be lost, before people become aware of the importance of IT security?

Please post your comments on this blog.

The post A virus possibly contributed to a fatal passenger jet crash appeared first on Foster Institute.

A strategy that keeps gaining ground is the concept of “white listing” applications. In plain English, this means your computers have a list of programs that are on the “approved” list to run, such as Word, Firefox, Acrobat, Excel, etc.

Then, any other program cannot run. Period. That means virus 1, virus 2, virus 999, etc. is not allowed to run. This solves the whole problem of needing anti-virus. In theory, even if a virus does come into your network through e-mail, web site drive by download, or Ernie in shipping carrying in an infected memory stick, it doesn’t matter. The virus cannot run anyway!

The challenge lies in your IT department being able to keep an organized white list of “approved” programs. When an update to a program arrives, the new update has to be listed too or it will not run.

Many providers are offering solutions including Bit9 Parity and Lumension Application Control and there are constant advancements in making administration even easier.

Yes, some day anti-virus may be old news and never used again.

The post Is anti-virus obsolete? appeared first on Foster Institute.

The primary reason we perform vulnerability assessments as parts of security assessments is to generate an inventory of all the computers currently alive on the network and a list of vulnerabilities those computers have.

The challenge is that the human brain loves a “list of what’s wrong.”  Most of the IT professionals at organizations go immediately to work solving the identified problems thereby “killing alligators.”

We always implore executives and IT professionals alike to focus on “draining the swamp” in addition to, and sometimes instead of, “killing alligators.”

In our ongoing effort to help IT professionals and organizations focus on strategic, as well as tactical, plans to take IT to the next level, I sometimes feel like a dentist who hands out new toothbrushes as well as a gift certificate to the local candy store in the same visit.

Vulnerability assessments are wonderful—just remember to focus on the one or two strategic changes that can fix one hundred or more tactical issues.

The post Are vulnerability scans of your network helpful? appeared first on Foster Institute.

This article from the Washington Post has more details: http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html

The reason criminals keep using the same old tricks is that the tricks work. Warn your fellow executives and other workers about the importance of never opening attachments you were not expecting even if they appear to come from a trusted source. When in doubt, contact the sender to see if they really did send you an attachment.

Your IT department can help you scan the attachment for viruses, and some of you have services that scan all of your attachments. Just remember that the scanning may not catch the virus. Some viruses have new code every four hours so the anti-virus programs cannot keep up with the changes.

Practice many levels of protection and be wary!

The post For real–beware attachments in e-mail appeared first on Foster Institute.

While that strategy may help some, it is far from being a reliable way to protect your network. First of all, without performing some technical detective work, it is hard for a non-IT professional to tell who the e-mail came from anyway. You may get an e-mail from a cybercriminal who uses “spoofing” to make the e-mail message appear that it is coming from your best friend, bank, the FTC, or anyone else.

Better protection comes from scanning tools running at one or more locations including your e-mail server, your firewall, your spam filter, and the anti-virus client on your local machine.

Training users “not to open e-mail from strangers” is a moot point if your user is supposed to open e-mail messages from prospects interested in your company’s products and/or services.  There is some training that matters though…

Train your users to NEVER click on a link in an e-mail message. The link may say to the user, “click here to read an important announcement about your future employment at this company” and the link underneath may take the user to, “hose the network now dot com.”

Also train the users to never send out any private information in an e-mail message or attachment. The message can be misaddressed, intercepted or forwarded to the wrong person. If something is private, it needs to be encrypted using an effective encryption method. In another blog entry I addressed data loss prevention tools that can even help identify these messages and stop them before they leave your organization.

If your executives or other users use the strategy of “not opening mail from someone they don’t know,” that is a red flag alerting you to a problem you can resolve ASAP.

The post Does it help not to open e-mail from strangers? appeared first on Foster Institute.