CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

Big Networks Build Security Inside and Out

How do you protect a network when you've got thousands of identified users with no formal security clearance and a wireless network anyone with a mobile device can join?

The challenge of keeping a network locked down is diabolically tough under those kinds of conditions. This week in Cyber Security Informer, we talked with a representative from the Technical College System of Georgia (TCSG), which oversees the state's system of 33 technical colleges, adult literacy programs, and a host of economic and workforce development programs.

"We not only have to protect internal data from the outside world, but from the inside as well," says TCSC Senior Network Engineer Steven Ferguson. "The challenge is segmenting the administration and student networks, protecting them from outside threats while still allowing academic freedoms." Keeping students from logging on to porn and gambling sites on their mobile devices, or on the 40,000 desktop devices within the network, as mandated by college and state regulations, is an ongoing task.

TCSG routes all web traffic through a secure gateway proxy server to ensure users aren't looking at innappropriate content or logging on to malware-infected sites. As well, they recommend a very aggressive strategy of regimenting anti-virus and anti-spyware updates, with products that can provide continuous protection. "These threats can also come in through the USB ports, not just through the web, so you also need internal spyware and anti-malware protection for servers and desktops," Ferguson notes.

Users at colleges, just like users at many private organizations, require the freedom to conduct research on the Internet at large, while not harming the machines they're using. At the same time, privacy and security regulations can require companies to keep track of the types of uses for all devices connected to the network. As in the case of TCSC, an organization can fall under multiple sets of industry, state, and federal regulations. 

The number and complexity of regulations, from PIPEDA and PCI DSS to HIPAA and SOX, can leave some managers scratching their heads. While it is important to be aware of how these regulations affect your company, remember that if you are already instituting good practices for protecting private data, your organization could already meet many of the regulatory requirements. If you're not sure about which regulations apply to your organization or how to secure your network and web applications, call in the experts.

In the next issue of Cyber Security Informer, we’ll be continuing to profile organizations that are helping make the world a more secure place. If your organization is doing its part to build a more secure future by protecting partners, customers, website visitors and application users from cyber crime, contact us today at info@pcis.com

Network and Web Application Security Webinar April 29

When your network or web applications get hacked, your revenue stream evaporates. Security is essential for keeping your business running. So how do you protect your computer systems?

The Need for Network and Web Application Security Webinar by PCIS aims to help  managers understand the complex and changing cyber-threat landscape and how they can maintain business continuity through better security. 

How to Register: To register for this free webinar, email info@pcis.com with the Subject: Register for Webinar April 29. PCIS will send your registration confirmation information.

Date/Time: This webinar happens on April 29, from 8:30-8:45 am Pacific Time. 

Who Should Register: This webinar is a great opportunity for CEOs, managers and SMB business owners.

Webinar Synopsis: The Need for Network and Web Application Security a discussion of network security and web application security concepts, an overview of the cyber-threats, and basic strategies on how to protect your systems with network security assessments and web security assessments.

Webinar Agenda:

* Hacker Threats Basic Overview
* How the Threats Impact Your Business Today
* Network Security Assessment – A Roadmap to Security
* Web Security Assessment – Keeping the Hackers Away
* Questions

April 14, 2009

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Big Networks Build Security Inside and Out

* Network and Web Application Security Webinar April 29

* Hacker Bait 

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. 

Give us your feedback about Cyber Security Informer

Name

*

Company

*

Phone

*

Email

*

Feedback

Please tell us how you found out about PCIS

Please Select One - - - - - - - - - - - - - - - - - - - We've done business with PCIS before A PCIS representative contacted meWord of MouthSearch EngineLink on another websiteNews Article or PublicationPrint AdvertisementOther

 Resources Links:

• Get more IT Security Resources
• Experience and join the discussion about tech trends and IT security on the Pacific Coast Informer Blog
• Managers’ Cheat Sheet for PCI DSS
• Types of IT Security Threats and their Consequences
• This Site May Harm Your Computer - How to Remove the Google Website Warning

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

Ask A Security Expert

"Beside a firewall, what other products can I deploy to protect my network?"

You want to build defense-in-depth into your network, so that an exploit in one part doesn't necessarily lead to a compromise of your entire system. Some other elements you could use include:

1. Network and systems security scan. You should have your network checked regularly for vulnerabilities. It's even more efficient to combine this with an assessment and report by IT security experts, so that the scans (automatic and manual) are accompanied by reports detailing what you can do in priority sequence to improve your security.

2. Website scan or web application security scan. Again, combine this with expert advice about how to act on any vulnerabilities found. Use the reports to close off your vulnerabilities to threats like SQL injection or cross-site scripting.

3. An identity management and password management solution. By having the tools to manage and secure identities while balancing the need for access, your organization can have better protection almost instantly. It saves money, too; Some studies show about a third of all IT support calls are for changing passwords.

4. Anti-virus and anti-spyware software. As we've said before many times, this is a fundamental part of your security. Keep them patched.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558