CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

For Business, Security Involves Going Into the Trenches Yourself

The latest developments out of the Pentagon could have long-term consequences for network and online security for your business or organizations. The Pentagon has announced plans to create a new military command for cyberspace, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare (Reuters).

This step may have the unintended consequence of making ordinary businesses and organizations even more insecure, so it's important to remember that your security depends on the measures you - not the government - take today to protect your network and applications.

As more governments (not just of the USA, but many nations) begin to develop offensive capabilities for cyber warfare, it's almost inevitable that these capabilities will be used, with bad results not just for government sites, but for private corporate networks as well.

Some business leaders are also concerned at the sweeping powers of the new bill, which gives the President the power to declare a cybersecurity emergency and shut down or limit Internet traffic in any critical information network - which has obvious implications for the private sector. Meanwhile, nothing in this new bill does anything to help ordinary private businesses make their networks more secure.

Since the basic security equation hasn't changed, it is still incumbent on business owners to do the things that will protect their business and customers. That involves taking care of the basics such as:

  • Keeping your operating system updated and patching your software
  • Making sure your anti-virus and anti-spyware are up to date
  • Undertaking more involved security measures like network audits and application code reviews
  • Providing security awareness training to employees
  • Building your website and applications with security in mind right from the beginning.

If you would like more information about things you can do to improve security for your business, contact us at info@boonbox.net

In the next issue of Cyber Security Informer, we’ll be continuing to profile organizations that are helping make the world a more secure place. If your organization is doing its part to build a more secure future by protecting partners, customers, website visitors and application users from cyber crime, contact us today at info@pcis.com

Webinar on June 10: Fundamentals of Network Security

In this Case for Security webinar, Fundamentals of Network Infrastructure Security, the Boonbox network infrastructure security analyst will discuss the significance of network infrastructure security within the enterprise environment.

To register for this free webinar, follow these simple steps.

1. Go to http://boonbox.webex.com/meet/boonbox
2. Click "Show All Meetings".
3. Click the "Register" link on the right in the Status column for "Fundamentals of Network Infrastructure Security" and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

Date & Time: Wednesday June 10, from 8:30-8:45 am Pacific Time

More event information for the Fundamentals of Network Infrastructure Security Webinar

June 2, 2009

Check out Cyber Security Informer Back Issues

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* For Business, Security Involves Going Into the Trenches Yourself

* Webinar on June 10: Fundamentals of Network Security

* Hacker Bait 

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. 

Give us your feedback about Cyber Security Informer

Name
*
Company
*
Phone
*
Email
*
Feedback
Please tell us how you found out about PCIS


"Submit Feedback"

 Resources Links:

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

affiliatelinkmagic.com

allaboutbackandneckpain.com

attractromance.com

digitalcopierconsultant.com

engagementringsdirect.com

funny-tshirts.co

gamebrite.com

giantmonster.com

goldworthfinancial.com

gospelwire.com

 invest.net.cn

inweekly.net

makeupartistforwedding.com

muay-thai-kickboxing.com

mysteriousworld.com

naturalsoapwholesale.com

onewaylinkexchange.net

pointlessbutcool.com

redhatresources.com

supermegacomics.com

Ask A Security Expert

"I am a WebSphere portal user. What security issues do I need to be concerned with?"

WebSphere customers generally are using their installations to bring together other applications. Therefore, a proper websphere security deployment requires insight and knowledge into non-websphere applications. As well, things that are integrated into a portal also can contain vulnerabilities or insecure access to sensitive data and pages.

WebSphere is susceptible to many of the same risks as any other web application. It's important to make sure that you have all the latest patches and updates and carefully manage all configuration settings and open communication ports.

WebSphere deployment often involves a high level of customization, which inherently creates risk by the introduction of vulnerabilities during software development. Developers must be diligent in using best practices for security from start to finish.

Boonbox experts have access to leading edge tools, expertise and processes to maintain security on all WebSphere applications. These tools have specialized capabilities to analyze content, data and parameters unique to WebSphere.

As a premiere IBM partner with WebSphere development, configuration and support experience, we can also fix the problems our Devfense security suite may uncover.

If you would like more information about how we can improve your WebSphere portal security, contact us.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558