Friday, August 22, 2014

send us your original HP toners requests and start saving money with the highest rebates on the HP List pricing!

Available Toners

Thursday, August 21, 2014

Are CIOs standing in the way of a proactive security strategy?

It turns out that the same remote access software that allows you to work in your pajamas at home has more insidious uses, as a new report published by the Department of Homeland Security revealed. Among the report's troubling findings is how hackers, once inside a network, are using a particular malware called Backoff that even fully updated antivirus systems find difficult to detect.

What's not as shocking, although equally worrying, is the report's conclusion that any information security program is only as good as the humans who guard the gates.

In this digital day and age, as many companies have discovered, a reactive, two-dimensional approach is no longer good enough to prevent a breach. To stand a fighting chance against the legion of hackers out there, companies need to take proactive security measures, or as the report advises, implement a "defense in depth" strategy that starts at the top and layers multiple tools and countermeasures.

Some key facts and findings from the report:

Attackers use brute-force cracking to log in to remote desktop solutions many businesses use, including Microsoft Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop and LogMEIn Join.Me.
After they gain access to these administrator accounts, hackers then deploy Backoff -- a family of point-of-sale (PoS) malware -- to exfiltrate consumer payment data.
Backoff is capable of memory scraping, keylogging, command-and-control communication and injecting malicious stubs into explorer.exe.
AV vendors will soon update their products to be able to detect Backoff's variants. In the meantime, apply indicators of compromise to security strategies.
two-factor authentication for desktop access, limit the number of users and workstations granted remote access, install a remote desktop gatewa
( Remote Desktop Gateway: The Remote Desktop Gateway service component, also known as RD Gateway, can tunnel the Remote Desktop Protocol session using a HTTPS channel. This increases the security of Remote Desktop Services by encapsulating the session with Transport Layer Security (TLS) This also allows the option to use Internet Explorer as the RDP client. The official MS RDP client for Mac OS X supports RD Gateway as of version 8. This is also available for iOS and Android.

This feature was introduced in the Windows Server 2008 and Windows Home Server products.) to restrict access, and define complex password parameters.

Many CIOs have recognized that traditional security approaches are not up to the job, and as a result, are implementing 
a multilayered security defense. CIOs of this ilk also recognize the need for top-down participation in security strategy, including business alliances with board members to broaden their understanding of their responsibility for protecting information assets. For others, however, politics gets in the way of a sound security program, argues information security consultant Kevin Beaver. Politics and self-preservation, that is.

"The interesting thing, to me, that rarely comes up in these discussions is how the CIO can actually be part of the security problem. Not many, but quite a few CIOs view security as a threat to their jobs. If you point out security risks, then you're pointing out their shortcomings," Beaver commented in response to a story I did recently on CIOs advocating a top-down proactive security strategy. "In certain cases, depending on politics and culture," he added, "it's easier for them to not acknowledge what's wrong with security, because once they do something has to be done about it."

A do-nothing CIO, looking out only for No. 1? That's a pretty incendiary observation. But, given the damage done by breaches and the myriad moving parts that need to be in place to thwart them, some soul-searching on the part of certain CIOs is perhaps in order.

Information security systems are only as good as the humans guarding the gates.

by: Francesca Sales