You may have read our primer on Virtualization technology where we detailed some compelling reasons to consider virtualizing some or all of your servers. At the time of writing that article we were not aware of a new program from PG&E that can give you up to $300 rebate per server that you virtualize. While the process is not without some invasive steps, such as before and after inspections, a large project would be well worth the work. Let’s say you were planning to consolidate 20 servers in your data center, that could mean up to $6,000 back from PG&E, not a paltry sum by any means. Even for a smaller business looking to consolidate a small server closet the savings could pay a portion of your installation and configuration costs. This is the sort of creative incentive that shows PG&E is a technically aware organization.
Cisco IOS Multiple Vulnerabilities
The United States Computer Readiness Team (CERT) is reporting today that multiple vulnerabilities exist for IOS. We recommend you review the bulletin if you use any Cisco networking products.
Beware of Predatory Domain Name Registrars
This may sound familiar to you, you’re going through your business mail and setting aside the bills for your payables department. Oh, here is one for our website, Liberty Names of America. I guess our domain is expiring we better renew …. uh wait a minute, we don’t use Liberty Names of America. Why are they sending me a bill? It seems that some companies are founded with at the least ill advised business policies or perhaps far worse. Over the years as the operator of a small business I have seen a number of these predatory notices. The first one years ago was for some yellow page listing. It looked just like a bill you might get from the publisher of the yellow pages you run your advertisements in, only it was for some company you’ve never heard of and some book that no-one will see. Evidently people with similar scruples decided to get into the domain name business. There was even a allegation at one time that Verisign, Inc. (formerly Network Solutions) had sent similar notices to GoDaddy.com customers. We were unable to find evidence that these allegations were proven one way or the other.
Basically what these companies do is determine when your domain names are going to expire. They then send you a notice in the present example a “Domain Expiration Notice” and they encourage you to “renew today”. They will even bundle multiple domains you might have expiring at the same time in these notices. To make matters worse the prices in these letters is likely to be much higher than what you are already paying with your current registrar. If you receive one of these notices or worse yet are the victim of these predatory practices by mistaking them as legitimate, you can report a problem to InterNIC using their Registrar Problem Report form.
Education: the Answer to Zero Day Exploits
A Zero Day Exploit is an exploit that is circulating before the software vendor has learned of it. They can linger around as un-patched vulnerabilities if the vendor is slow or unable to respond to them.
Security software with lots of bells and whistles tends to encourage end users to feel more secure. They have firewalls, Antivirus protection, all sorts of resident programs and pretty icons. Something pops up now and then asking for their input; again insuring them it is working hard to protect them. They pay good money for this software, so it must give them some reason to rest easier at night. The sad fact is that even the best network protection scheme short of not having a network, is never safe. Let’s take a look at the situation today, and let’s talk about what we know. As of the writing of this article there are 3 un-patched vulnerabilities affecting Microsoft Word that have been known for over one month. That means that in spite of your efforts to protect yourself it is possible that a user at your company could receive an email containing an attached word document with an exploit designed to compromise your systems and your user would be the only line of defense. You’ve done everything you can do to layer your defenses, keep your systems up to date, and protect them pro-actively with other security software but there still is a chance that it could come down to the actions of that end user. That is why you should not overlook the human element in your security apparatus. Building a security aware culture is an important step in any IT security strategy. Teaching end users to get confirmation from third parties when they receive a message containing a suspicious attachment for example; can go a long way in preventing exploitation of your valuable resources. Scheduling regular training sessions where current issues are addressed can pay large dividends if even one compromise of your security apparatus is avoided. Educated users are safer users.
At Managed Solutions we advocate quarterly training sessions for existing employees and orientation for new users of our clients systems. By keeping the humans up to date with the latest information, our customers can substantially lower the chances of experiencing costly cleanup operations, loss of reputation and most importantly lost customers. What does your company do to educate its users? Perhaps it is time for you to consider a shift towards a more educated end user base. A security aware culture is the main protection we have against zero day exploits.
3 Critical Updates for Microsoft Products
There are some critical patches available today to address bugs in Internet Explorer (nearly all versions), Outlook (numerous versions) and Excel (numerous version). We recommend you take these precautions for the coming few days even if you are able to install the update.
- Exercise caution with your web access habits.
- Do not open any attachments in Outlook that you are not expecting.
- Delete any suspicious emails you receive.
These updates will be available immediately from microsoft, to download them manually:
We will also push these updates out to customers machines that have requested in advanced that we do so. If you would like to see to it that this is done for your systems please contact us. Otherwise advise your users that when prompted by windows update to install critical updates to do so. These issues are significant and could cause extensive problems if they were to be exploited on one or more of your systems.
It is likely that you will not actually be prompted to install these updates until Wednesday January 9th as most windows update servers synchronize early in the morning. Running a manually synchronization is not adding the updates as of the authoring of this notice.
If you’d like to read more about this:
Or:
- « Previous Page
- 1
- …
- 15
- 16
- 17
- 18
- 19
- 20
- Next Page »