CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

Protecting Users From Themselves Is Key to Better Security

For many businesses taking advantage of cloud computing, security is more than just a passing concern. Handy web applications can open up users, and the businesses that operate them, to security vulnerabilities from phishing scams and combinations of cyber security threats.

We've asked cloud-based video surveillance company Connexed Technologies Inc. to provide their perspective on how companies can protect their customers, and why it's so important to make sure those protections are in place.

"I think the trends in security in cloud computing are to help protect users from themsleves," says Connexed CEO Rick Bentley. "This means to do things like require an extended login process whenever someone logs in from a new IP address or hasn't logged in for a period of time, or to force longer passwords, or to allow https-only access to a service (no http), or to log all IP addresses used to access a user's account for forensic purposes after a breach."

Ensuring the back-end systems are secure isn't enough when authorized users can open up the system to cyber attacks. "I think anyone who is serious in the cloud-computing space has already taken the steps necessary to run a tight ship and not get the back-end hacked. It is their end users who get socially engineered to give up their passwords that cause breaches."

Encryption is another aspect of security that many companies might need to pay more attention to, Bentley notes. A wide range of encryption software is available to protect sensitive files (e.g. customer records, passwords, networking information, etc.) whether they are stored on a file server at the office, on a hosted application, or on an employee's notebook computer in the field. Using encryption software, we can encrypt anything from a single file, a directory, or an entire hard drive all the way up to a logical volume stored across an array of disks.

More companies need to understand that security is an asset, not a cost, he adds. "One successful hack of our system, or even our offices, would be a company ending event," Bentley adds. Particularly when a company is a SaaS, but with other service delivery methods as well, customers demand security is done right all the time. Customers can view security as part of the value proposition of a given service provider, enabling a competitive edge for the company.

In the next issue of Cyber Security Informer, we’ll be continuing to profile organizations that are helping make the world a more secure place. If your organization is doing its part to build a more secure future by protecting partners, customers, website visitors and application users from cyber crime, contact us today at info@pcis.com

Identity Management Workshop at Massive Tech Show

Identity Management can be a critical part of a business, empowering employees while making the organization secure. PCIS President Vaclav Vincalek presents a workshop, "IDENTITY MANAGEMENT: What you need to know as a responsible business owner, executive, or department head" at the Massive Technology Show in Vancouver today.

The workshop happens at UBC Robson Square in Room C225, Meeting Room Level on April 1 from 3:30-4:20 pm.

Building effective IDM involves making critical business decisions. How does IDM relate to social media and online identities on LinkedIn and Twitter? Who gives people access? When an employee moves on, what happens to their email, their passwords? How does IDM fit into your overall web and network security strategy?

Attend this workshop for a hands-on approach to responsible Identity Management within your business. For more information, read the Identity Management workshop summary.

Web Security Webinars for IT and Risk Management Experts

The Web Application Security Fundamentals Webinar by PCIS aims to help the time-and-resource strapped departments in charge of security cope with a complex and ever-changing web application security landscape. This webinar happens on April 8, from 8:30-8:45 am Pacific Time. To register, email info@pcis.com

This webinar is a great opportunity for IT managers, web developers, webmasters and other professionals. Future PCIS webinars will also provide information for CEOs and people in charge of risk management to understand web security.

Fundamentals of Web Application Security includes a discussion of web application security concepts and terminology, detailed examples of common web application exploits, and strategies on how to secure your applications now, and in the future. We will show how web application security exploits are used, how your business may participate in hacking and fraud activities without your knowledge and why it is important to prevent this from happening.

Webinar Agenda:

*Defining web applications
*Network Security vs Web Application Security
*Web Application Hacking Explained
*Common Application Exploits & Examples
*Understanding the Consequences of Security Failures
*Proactive Web Application Security
*Making Your Security Plan
*Devfense Security Solutions
*Questions

If you have questions about this webinar, please contact info@pcis.com

April 1, 2009

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Protecting Users From Themselves is Key to Better Security

* Identity Management Workshop at Massive Tech Show

* Web Security Webinars for IT and Risk Management Experts

* Hacker Bait

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers.

Give us your feedback about Cyber Security Informer

Resources Links:

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites, including some involved with security, that have been found to have vulnerabilities that hackers and cyber criminals could exploit.

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

banktown.com

bannermakerpro.com

bestantispywarescan.com

china.com

chinaelections.org

cinemaexpress.com

extra-pc.com

feedburner.com

freehostplace.com

indexbargains.com

indiatimes.com

localhikes.com

magicdvdripper.com

magicmovies.com

mailorderexpress.com

onlinewebscan.com

pcsoft.com.cn

photobucket.com

pichunter.com

video-trailers.net

Ask A Security Expert

"How do I protect my computers and network from threats like the Conficker worm?"

Sorry to say, but if you haven't already run the updates to protect yourself, there's a very good chance your computers are already infected. The Conficker worm is so serious a threat that precautions include the French air force grounding its jets for fear of a worm-based malfunction causing air disaster. Microsoft has a $250,000 bounty on the hackers who wrote the code.

But April 1 is the official date that the worm is supposed to start calling home from all of its infected computers. By the time you read this, the bad guys may have already launched whatever mischief they were planning.

That said, there's a chance you can shut this barn door and still save the day. To remedy your network’s potential vulnerability to the Conficker worm, we recommend you check the Microsoft Security Bulletin MS08-067 and apply the update you will find for your operating system immediately. Find the bulletin here.

The Conficker worm seemed to come out of nowhere, but at least we did have some warning that it was happening. As usual, the best way to protect against worms and viruses is to keep your firewall configured right, make sure your operating system has the latest updates, and ensure your anti-virus and anti-spyware are enabled. When in doubt, call in your experts to make sure your systems are locked down.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558