|
|  |
|
|
Security Watch
Peer-to-Peer (P2P) file sharing is the fastest-growing application on the Web. Employees install P2P applications to download music, movies, images and software – all free of charge. Additionally, more than 84% of all organizations have some form of unsecured public Instant Messaging (IM) service, including AOL, MSN, Yahoo and ICQ running on their networks. Public IM gives an organization the advantage of “presence,” which improves work efficiency, customer service and productivity while reducing long distance costs. However, because these “rogue protocols” rely on external servers to exchange data, there are significant security risks associated with their use.
The public servers through which IM and P2P data travel do not scan for viruses, leaving an open door to hackers to introduce worms and other viruses that can spread rapidly throughout a corporate  network. The most recent example of this type of attack was the Fizzer Worm, which
spread via KaZaA using public IM applications. Despite efforts to bolster firewalls and block ports, employees can easily send plain text files of sensitive corporate data to external sources without leaving a trace of the file transfer. Or, outsiders can easily “pose” as corporate IM users to obtain sensitive and proprietary information.
Because these “rogue protocols” are not standardized and are constantly changing, they are nearly impossible to stop. Security assistance is available via IM & P2P management software, including products offered by Akonix. These products easily integrate with existing hardware and software and provide a centralized repository for data storage, search and retrieval through which administrators can track usage and alter policies as needed. Furthermore, these private-to-public gateway managers provide the most logical and intelligent solutions for reducing the risks related to the rising use of IM and P2P in the corporate environment. Akonix server based software even offers a dynamic update service for these ever-changing protocols to eliminate the “cat and mouse” game.
Akonix’s free monitoring and reporting tool, Rogue Aware 1.5, alerts network administrators of hidden vulnerabilities in their security infrastructure by exposing unauthorized use of Peer-to-Peer (P2P) file-sharing applications and public IM in the corporate network. To download this software, go to
http://www.akonix.com/login/.
To learn more about the various threats of unmanaged Public Instant Messaging and P2P File sharing, including loss of employee productivity, harassment, copyright infringement and loss of confidential information, register to attend Akonix free Webinar; Proctecting Your Corporate Network fom Dangers of IM and P2P, 8:30 a.m. PT / 10:30 a.m. CT / 11:30 a.m. ET, July 10, at www.akonix.com/webinar.
|
Tech Q&A with Tom Ewing
Q: What is the first step in a comprehensive security program?
A: Security Policies
In today’s connected economy, Information Security continues to be a pressing issue for Executive and IT managers. Articles describing Information Security incidents headline industry trade publications and have also penetrated into the mainstream media. Threats such as Worms, Viruses,  industrial espionage, fraud, and inappropriate use of corporate systems by employees are resulting in enormous financial loss, increased legal liability, and disruptions to business continuity. Organizations are deploying tactical security solutions such as firewalls, Intrusion Detection/Protection Systems, and 24/7 security monitoring to combat these threats, but often overlook a vital component when developing their Information Security Program. That component is Information Security Policies. Information Security Policies lay the foundation for an effective Information Security Program by defining and enabling managers to enforce corporate security objectives. Policies deliver a framework that provides direction for all security decisions including the technical requirements that dictate where and how to deploy technical security controls as well as identify acceptable use and behavioral guidelines for employees. Without policies, employers have traditionally found it difficult to hold employees liable for inappropriate actions and have exposed these organizations to lawsuits under privacy, sexual harassment, and due diligence liability laws. Policies impose employee responsibility for actions such as downloading, storing, or transmitting viruses, pirated software or offensive/explicit materials. As aforementioned, policies also provide the technical guidelines for securing critical information and systems.
The list below represents several best practice security policies:
· Information Classification and Protection
· Physical Security
· Information Disclosure
· Workstation/Desktop Acceptable Use
· Remote Access
· Monitoring and Auditing
· Incident Response and Handling
· Employee Privacy
· Training and Awareness
· Access Control – Network and Systems
· Technology Procurement
· Vendor/Visitor Access
· Disaster Recovery
· Internet and Email Acceptable Use
Compuquip’s Security Services practice has extensive experience developing, delivering, and enforcing information security policies to mid-market and Fortune 500 organizations. Compuquip’s Security Consultants use proven policy development methodologies to ensure polices reflect corporate security objectives while satisfying legal and regulatory requirements.
|
What's New at Compuquip Technologies
Mohiedin Shams has joined Compuquip Technologies as a senior systems engineer in our Systems and Network Integration divisions. He is a project and team leader for complex integration and migration projects. With more than 10 years of experience in the technology and computing fields, Mo has received extensive training and earned the following certifications: Microsoft Certified Systems Engineer NT 4.0, Windows XP, Windows 2000 Advanced Server; Microsoft Certified Professional + Internet; Certified NetWare Engineer 4.x, 5.x, 6.x; Certified NetWare Administrator 3.x, 4.x, 4.1, 5.x, 6.x; IBM Certified; Compaq Certified ASE; and Legato Co-Standby Server.
Kevin Espositio has joined Compuquip as network engineer in our systems and network integration division. He is responsible for the design, implementation and migration of various network-integration solutions, including those based in Microsoft, Compaq, Cisco and other leading technologies. Previously, Kevin was a network support technician with Learningsoft Corp., where he co-managed customer support and the ongoing maintenance of the company's network components. A Microsoft Certified Professional, Kevin has more than 10 years of network integration and technology support experience.
Tom Ruiz has joined Compuquip as a resource coordinator for our systems and network integration division. He was previously a field analyst and IT support contractor with Consultis/Cingular Wireless, where he managed workstation and network issues for Cingular Wireless stores and kiosks and its sales and custom-support departments. Tom is a Microsoft Certified Systems Engineer, who also earned certification in Microsoft NT, Microsoft 2000 and Microsoft Professional + Internet.
|
Customer Success Story
BAC Florida Bank, a member of one of Central America's foremost multinational banking organization, turned to Compuquip Technologies to reinforce its existing network security and protect its various technology and information assets.
“We installed the appropriate products, but lacked the staff to follow through with a strategy to continuously monitor, manage and modify our security policies and practices,” said Adilson Araujo, Internet Banking and Network Manager with BAC Bank Florida.
After performing a thorough assessment of BAC’s network infrastructure and existing information-security policies, Compuquip provided a solution that addressed the bank’s unique technical configurations and architecture and put into place a system for managing and measuring the effectiveness of BAC’s evolving security policies.
“With Compuquip’s assistance, we’ve significantly enhanced our bank’s information-security policies and reduced our exposure to vulnerabilities,” said Adilson. “Furthermore, the company’s intricate knowledge of banking policies helped us to meet our unique industry regulations, without requiring additional time or training.”
|
In the News
Community Banker, May 2003
|
Events
August 7th - Security Seminar Presented by Compuquip, Check Point, Surf Control and Guarded Networks
Click here for more info.
|
|
|
