Blog Archives

IT Disaster Recovery and Tech Trends

 

As we’ve seen in recent years, natural disasters can lead to long-term downtime for organizations. Because earthquakes, hurricanes, snow storms, or other events can put data centers and other corporate facilities out of commission for a while, it’s vital that companies have in place a comprehensive disaster recovery plan.

Disaster recovery (DR) is a subset of business continuity (BC), and like BC, it’s being influenced by some of the key trends in the IT industry, foremost among them:

  • Cloud services
  • Server and desktop virtualization
  • The proliferation of mobile devices in the workforce
  • The growing popularity of social networking as a business tool

These trends are forcing many organizations to rethink how they plan, test, and execute their DR strategies. CSO previously looked at how these trends are specifically affecting IT business continuity; as with BC, much of the impact they are having on DR is for the better. Still, IT and security executives need to consider how these developments can best be leveraged so that they improve, rather than complicate, DR efforts.

Source: 4 tech trends in IT disaster recovery | Data Center – InfoWorld.

Head over to the source and see how IT disaster recovery is being impacted by each of the four.

 

Email In Security Hot Seat

As technology evolves with the rise of the cloud and BYOD, so does the debate on keeping corporate information secure.

Many companies also require remote wiping capability on employee devices in case they are lost or stolen, plus communication encryption software. They also require employees not to use a single password for multiple sites, and some are forbidding passwords of a single word.

But Parris, who formerly held technical and sales management positions at Boeing Computer Services and founded Intercede, argues that securing email also requires identity management — a system that creates a digital identity for employees and other third parties connected to an enterprise, which will then track, “who is sending which email and information to whom, when and protecting it in transit and at rest.”

Even that will not ensure protection of the email, he said. “It must also be run on a secure platform that delivers tightly controlled policy to enforce data labeling, digital message signing, encryption and checking of the actual content.”

Jeff Wilson, principal analyst for security at Infonetics, agrees that an email management platform would help, since “most people are getting email on [multiple] mobile devices that could be lost, stolen, or compromised.”

But he noted a more basic problem for many companies: “They don’t even have an accurate inventory of devices connecting to their network or a framework for building a security policy and buying appropriate security solutions.”

Since email is the primary method of information sharing, enterprises must keep it secure, “to protect intellectual property and to compete in the global business environment,” Parris said.

Source: Email in security hot seat with rise of cloud, BYOD | Consumerization Of It – InfoWorld.

“Android susceptible to sophisticated clickjacking malware”

Due to the loose restrictions Google places on it’s app-marketplace?

Clickjacking rootkits could pose the next big threat for the Android platform, according to a research team out of North Carolina State University. Led by computer science professor Xuxian Jiang, the team has developed a prototype clickjacking rootkit that’s more sophisticated than the other Android-oriented malware already out there.

This new prototype rootkit — which attacks the Android framework, rather than the kernel — differs from other malware in key ways, according to Jiang. “Unlike other rootkits for the platform, this one can function without a restart and without deep modification of the underlying firmware,” Jiang explained in a video in which he demonstrates the rootkit in action. “But it can still do all the things that a rootkit wants to do, such as hide or redirect apps.”

Source: Android susceptible to sophisticated clickjacking malware | Mobile security – InfoWorld.

In other words just as with other computing devices keep anti-virus software up-to-date.

Widely used Web attack toolkit exploits unpatched MSXML flaw

English: A candidate icon for Portal:Computer ...

(Photo credit: Wikipedia)

An exploit for an unpatched vulnerability in the MSXML (Microsoft XML Core Services) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.

The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability — an actively exploited vulnerability for which an official patch doesn’t yet exist.

Source:  Widely used Web attack toolkit exploits unpatched MSXML flaw | Security – InfoWorld.

Be sure to keep that anti-virus up-to-date and also utilize the Fix-It tool Microsoft has made available.

“Top sites are covertly cramming cookies down users’ throats”

If you don’t like cookies …

“The number of websites that allow visitors to be tracked by third parties may be surprising to some, but as consumers begin to understand that their online behavior can be recorded, enterprises will have to work even harder to ensure that consumers’ privacy expectations are met,” said Ray Everett, Keynote’s director of privacy services.

According to Keynote, much of the data that companies collect via cookies is used for behavioral advertising. Third-party trackers place cookies to track a user’s clicks and path through the Web and to know what a visitor buys at any given site.

The problem here is, users don’t have a clear way of knowing which third parties are planting cookies, how they’re using the data they collect (beyond, say, providing more expensive travel offers to Mac users), or how well those third parties are protecting potentially sensitive data. Given that users are becoming increasingly concerned about their online privacy, site operators may feel greater pressure from customers, advocacy groups, and the feds to do a better job.

Consider this:

Looking at the 2,500 most popular websites, the researchers discovered that 87 percent had cookies and found a total of 442,055 cookies in all.

In other words there’s lots of baking and distributing of cookies going on.

Read more:  Top sites are covertly cramming cookies down users’ throats | Internet privacy – InfoWorld.

“The firewall threat you don’t know”

Are you placing active filters on data leaving?

Simulação da participação de um Firewall entre...

(Photo credit: Wikipedia)

The purpose of a firewall has been burned into the head of just about every person who uses the Internet, and the thought of functioning without protection from the bad people is sheer lunacy.

However, nearly all firewalls are unidirectional. They may protect you from nefarious pokes and prods from the nether regions of the Internet, but they’ll happily ship out any data you send from the inside. Only at the higher levels of enterprise IT do you see active filters for data leaving the network.

Paul Venezia makes a great point at the end:

As in so many facets of IT, to be forewarned is to be forearmed. The
quest for true network security and visibility is an ongoing struggle,
and even with all the notice in the world, there’s no winning this arms
race. But that doesn’t mean we can just quit. If you’re not watching
your outbound traffic now, plan on doing so as soon as possible. Whether
you start with something as “simple” as NTop or go for the big guns like the NIKSUN device, it’s a worthwhile investment of time and money — kinda like firewalls.

Read more at:  The firewall threat you don’t know | Data Center – InfoWorld.

Find a bug in Chrome make money

Google Chrome logo
Image via Wikipedia

Following up on a successful bug bounty program that pays hackers for finding security flaws in its Chrome browser, Google now says that it will pay cash for security bugs reported on its websites.

Google calls the program “experimental,” but says it gives security researchers new incentives to report Web flaws directly to Google’s security team. “As well as enabling us to thank regular contributors in a new way, we hope our new program will attract new researchers and the types of reports that help make our users safer,” Google said Monday in a blog posting announcing the program.

The idea is to give Google a chance to fix the vulnerabilities before the bad guys get their hands on them. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. In return, the hackers qualify for cash rewards of between US$500 and $3,133.70, depending on the severity of the flaw.

Google has already paid out about 50 such rewards for Chrome bugs since launching a similar program last January. Google doesn’t pay out for bugs in all of its products, however. There are no bounties for finding flaws in Android, Picasa or Google Desktop, for example.

With the Web program, Google is breaking new ground. (Source: InfoWorld)

Very interesting way to find security bugs. Check out the risks and Google’s guidelines at the source.

Powered by ScribeFire.

 

Enhanced by Zemanta
%d bloggers like this: