Security Watch | Matt Hines » June 2006

June 30, 2006 | Comments: (0)

LifeLock proactively stops theft

TAGS: Podcast

In today's cast I had a chance to catch up with Todd Davis, CEO of LifeLock to discuss a way of stopping identity theft and fraud proactively.

In our short talk we discuss how LifeLock works and how it can save companies from employee productivity loss by preventing identity theft, and how lifelock backs up that claim with a million dollar guarantee.

Listen to the interview with LifeLock now. LISTEN!

Posted by Victor R. Garza on June 30, 2006 04:05 AM

June 29, 2006 | Comments: (0)

Deloitte expands on security survey

TAGS: Podcast

In today's cast I had a chance to catch up with Brain Geffert, partner at Deloitte and Touche, to talk about their recently released security survey, which I've included here.

The survey touches on a variety of topics and we talk about a number of them, including the security issues that you should be watching out for, even if you think you've got your infrastructure nailed down.

Listen to the interview with Deloitte now. LISTEN!

Posted by Victor R. Garza on June 29, 2006 03:48 AM

June 28, 2006 | Comments: (0)

Secure your laptop

TAGS: Security

Utimaco sent me a note with these seven tips for securing laptop data so I'm going to pass it along to you as a reminder on portable data protection.

Takeaways:

- Security leaks are not only caused by data transfer, but by the mobile device itself
- The only effective solution is a combination of encryption, authentication and access management
- Users need self-discipline

Let's be honest: is it really the fault of problems with a virus protection program, or an insecure hotspot, if notebook users lose data? A recent Gartner study showed that 86% of all security events in wireless networks are caused by the mobile devices – and not by insecure data transfer.

Tip 1: More discipline when on the move
The only protection against being careless is more care and discipline – but that is difficult when you are under time pressure. Airline passengers lost more than 5,000 mobile devices at airports in Germany, Austria and Switzerland a survey conducted by Utimaco Safeware AG among the Lost and Found offices at the ten largest airports in the region revealed. Particularly at airports with a large number of short-distance routes that are primarily used by business travelers, several dozen mobile devices are turned in daily – on heavily traveled days, as many as a hundred. It might sound obvious, but if you travel with a notebook, you should always make sure that you really have the notebook case, including all its contents, over your shoulder before you leave the plane, taxi or train.

Tip 2: Making passwords more difficult to crack
If the worst happens, and your computer is stolen or lost, there is still hope that your personal data is not all accessible, if the password is difficult enough to crack. A mixture of characters, numbers and letters is considered the most secure – but only if passwords and keys are not stored on the hard disk. For this reason it is better if the computer prompts for a password before booting– electronic security solutions enable this. This gives an unauthorized user no chance to somehow get access to the operating system or saved data in any way.

Tip 3: Use hardware to supplement password protection
Analysts working for the Meta Group have confirmed what IT managers already know: passwords alone do not provide optimum protection for data. The alternatives have been available, and in use, for years: special smartcards or tokens – which look just like a USB stick – store key information that is used in combination with a user password to unlock the computer. Only someone who has the token and knows the password can access the system and the data saved on it. Alternatively, the user's biometric data can be stored on a smartcard. For authentication, the user's fingerprint is checked directly on the card, instead of the password.

Tip 4: Secure hibernation mode
You can set up the system to prompt for the password again when the notebook switches back from the screen saver or from hibernation mode to normal working mode. This means your data is still secure if you stop for a break or you are making a phone call in the train or airport.

Tip 5: Set up an electronic safe
As a basic principle you should never save valuable information without protecting it electronically: important papers are kept in safes. The electronic pendant is a "virtual" disk drive that securely encrypts and stores all its contents. You can very easily set up an electronic safe of this kind on local hard disks and network directories, on the PDA, and also on mobile devices such as USB sticks and smartcards, CD-ROMs and DVDs to provide secure storage of your electronic data.

Tip 6: Implement automatic encryption
Talking about the electronic safe: what use is the best safe, if the valuable data is simply left on the shelf next to it because no-one takes the time to think about whether a particular document needs protecting at all? Here, data transparent encryption is a big help. It runs automatically in the background, without being noticed, so the user does not even have to think about storing data securely.

Tip 7: Restrict plug and play
Plug and Play is convenient, but can sometimes be dangerous: if someone connects a USB stick, MP3 player or external hard disk drive to a notebook, it is recognized automatically – and it is then easy to start exporting data and passing it on to the wrong people. The alternative is to lock the computer for all memory media apart from the company's own memory sticks which cannot be used to run or read programs. This also removes the danger of accidentally loading a worm or virus on your own hard disk if you lend the data medium to someone, and get it back with a "dangerous cargo". In addition you should only use sensitive data on USB sticks when it is encrypted, as the smaller the memory device, the greater the danger that it will get lost or stolen.

Posted by Victor R. Garza on June 28, 2006 03:08 AM

June 27, 2006 | Comments: (0)

Privaris' integrated authentication solution

TAGS: Podcast

In today's cast I had a chance to catch up with Barry Johnson, CEO of Privaris to discuss a new biometric device.

The Privaris plusID literally opens several types of doors, all with a push of a button and a swipe of a finger. This single personal authentication device allows an authenticated user access to multiple physical sites, computers and networks.

Follow along with the presentation here.

Listen to the interview with Privaris now. LISTEN!

Posted by Victor R. Garza on June 27, 2006 03:16 AM

June 26, 2006 | Comments: (0)

Sun tackles SOA security

TAGS: Podcast

In today's cast I had a chance to catch up with Ross Altman, CTO for Business Integration Platforms at Sun and we have a leisurely conversation regarding Service Oriented Architecture or SOA security.

In our twenty minute conversation we discuss the fact that SOA security touches almost every part of your web infrastructure and what you don't know about SOA security can hurt you.

Listen to the interview with Sun now. LISTEN!

Posted by Victor R. Garza on June 26, 2006 03:50 AM

June 25, 2006 | Comments: (0)

VoIP: brute force, SPIT and wiretapping

TAGS: None

And you thought brute force attacks were a thing of the past? Well, it still seems to work if you're looking for VoIP vulnerabilities.

And what about SPIT? Seems that we'll be seeing more spam, but this time it'll be Spam over Internet Telephony.

Federal Computer Week also has a good article on the issues surrounding CALEA (Communications Assistance for Law Enforcement Act) and VoIP.

Posted by Victor R. Garza on June 25, 2006 11:35 PM

June 23, 2006 | Comments: (0)

Cymphonix podcast on the Network Composer

TAGS: Podcast

In today's cast I had a chance to catch up with Joe Lowry, a marketing engineer for Cymphonix. In our fifteen minute conversation we talk about the Cymphonix smart gateway appliance with layer 7 packet scanning.

You can follow along with my demo by going to their site to take a look at traffic from users, applications, and threats.

Listen to the interview with Cymphonix now. LISTEN!

Posted by Victor R. Garza on June 23, 2006 03:27 AM

June 22, 2006 | Comments: (0)

Protegrity podcast on AIG data breach

TAGS: Podcast

In today's cast I had a chance to catch up with Gordon Rapkin, CEO of Protegrity to discuss the recent AIG data breach and loss.

Gordon believes this type of data loss won't stop happening until a cultural shift occurs, and I tend to agree with him. Listen to this fifteen minute podcast to find out how I'm losing brain cells every time this kind of an event happens and how he's saving his.

Listen to the interview with Protegrity now. LISTEN!

In case you haven't heard:

Insurance giant American International Group said it has lost personal identifying information on about 970,000 consumers through a burglary at an undisclosed office in the Midwest.

The insurer said the break-in occurred March 31 and that it alerted police to the loss of a laptop computer and a file server with insurance applicants' personal records. But the company acknowledged that it has not yet alerted consumers about their possible vulnerability to identity thieves. AIG said it plans to mail out advisories to the affected consumers by the end of this week.

Posted by Victor R. Garza on June 22, 2006 04:48 AM

June 20, 2006 | Comments: (0)

Microsoft Antigen Podcast

TAGS: Podcast

In today's cast I had a chance to catch up with Peter Eicher, Senior Product Manager from Microsoft to discuss Microsoft's newly released Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager.

In our thirty minute discussion we go over how these products can protect your enterprise from viruses using several simultaneous anti virus engines, and also protect against worms, spam, and inappropriate content.

Listen to the interview with Microsoft now. LISTEN!

The presentation can be found here.

Posted by Victor R. Garza on June 20, 2006 05:07 AM

June 07, 2006 | Comments: (0)

Symantec surveys the landscape

TAGS: Podcast

I had a conversation recently with Symantec's CTO Ajei Gopal at Symantec Vision in San Francisco to discuss the current threat landscape and find out what's on this CTO's mind.

Ajai talks about how the threats we deal with on a day to day basis have evolved from simplistic, graffiti type attacks to more sophisticated vectors from a different user base altogether.

Listen to the interview with Symantec now. LISTEN!

Posted by Victor R. Garza on June 7, 2006 06:45 PM