|
Vol. 15, #32 - Aug 2, 2010 - Issue #790
|
|
Why No Internet Security Awareness Training?
|
| This issue of WServerNews is sponsored by |
|---|
 |
|---|
- Editor's Corner
- Why No Internet Security Awareness Training?
- Sunbelt Worldwide Threat Level Raised To High
- Quotes of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Webinars & Seminars
- VIPRE Enterprise Premium Product Demonstration - 8/3
- Introducing VIPRE Enterprise Premium, Version 4.0 - 8/10
- VIPRE Email Security for Exchange Product Demo - 8/17
- Affordable, Enterprise Email Archiving - 8/24
- Desktop Virtualization: What it Means in 2010
- Tech Briefing
- Microsoft Office: 10 Reasons to Dump It And Go With Online Apps
- Fake Femme Fatale Shows Social Network Risks
- New Outlook 2010 AutoComplete Cache and Suggested Contacts
- Security: Top Hacks, Breaches and Compromises of 2010 (So Far)
- What Your Phone App Doesn't Say: It's Watching
- Windows Server News
- Adding Risk Management Analysis To A Disaster Recovery Plan
- Top 5 Ways To Improve Virtualized Server Infrastructure Performance
- Security Issues In Cloud Computing
- What’s Inside The Virtual Desktop Grab Bag?
- Third Party News
- ChargeBack Allows Visibility to Infrastructure Costs
- "How VIPRE Could Be Improved." (humor)
- WServerNews Fave Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- myPassword. Securing your business, one password at a time.
|
|
myPassword. Securing your business, one password at a time.
In today’s fast paced mobile business environment, a comprehensive and cost
effective identity management plan is more important than ever and critical
to preventing devastating security breaches. myPassword is an easy to use,
yet extremely powerful, self-service password management solution that
provides end users with a cost-efficient, safe and secure method to reset
forgotten passwords, meet complexity requirements and manage locked accounts.
myPassword minimizes user downtime, dramatically decreases Help Desk costs and
delivers an immediate ROI to your organization.
http://www.wservernews.com/100802-myPassword
|
|
 |
Editor's Corner |
|
Why No Internet Security Awareness Training?
Something I discovered recently is that a large section of organizations
do not train their employees on even the basics of Internet Security.
Things like how not to get phished, not to get infected. In short, how
not to click on something they shouldn't. Most of us get mandatory sexual
harassment training once a year. Why not training how to be secure online?
What do you think is causing this, especially with moving things in the
cloud? I started a thread on the NTSYSADMIN list, to see what the people
on that very popular list think about this. Their answers were quite
interesting, and one of the participants gave a good summary:
"Many good responses have been provided thus far, but it comes down to the
following for many organizations:
- Training of all sorts become early casualties of budgets. If there aren't
enough reasons from a Senior Management standpoint to have that sort of
training, it won't happen.
- Organizations assume that people already know.
- Organizations forward emails or links about the subject and assume that
this is good enough.
- They don't hire someone who will manage the ongoing process of end-user
security training, or they relegate it to someone with 19 hats who won't
have the time to do it justice.
- There's a whole lot more than just security training that they're not
doing -- sometimes including security itself.
Security costs, but good security prevents more debilitating costs. Some
organizations just don't get that yet." -- Andrew Baker.
And he's right about that. However, with the press the last few years full
of stories about security breaches, lost databases, cyber bank heists and
the like, don't you think that Senior Management would think it's about time
to get regular Internet Security Awareness Training (ISAT) done by now?
Let me know if/how this is done in your organization. Please take 30
seconds and fill out the new SunPoll (anonymously): "In your organization,
is end-user Internet Security Awareness Training (ISAT) done regularly?"
- Yes, that is Policy here, and most get mandatory (semi)-annual ISAT
- I send friendly emails regarding latest threats, scams, phishing, etc
- They do not see the quantifiable ROI, so no budget for ISAT, unfortunately
- There is no one to manage the ongoing process of end-user security training
- They assume people already know, and nothing is done about it
- Other (email me at feedback@wservernews.com)
Vote here, Bottom Right. Going to be interesting what the percentages are!
http://www.wservernews.com/100802-SunbeltSoftware
Now, you might want to answer something like: "Although there is no one
to manage the ongoing process of end-user security training, and the
executives may not see the quantifiable ROI, so (there is) no budget for
ISAT, I do send friendly emails regarding latest threats, scams, phishing,
and most get (non-)mandatory annual ISAT, there is no actual policy here."
(LOL) In that case I want to hear your story. Write to me here:
feedback@wservernews
Sunbelt Worldwide Threat Level Raised To High
Sunbelt Software is raising its Worldwide Threat Level to "high" in light
of unpatched vulnerabilities in three widely-used applications or systems
and the Defcon and Black Hat conferences in Las Vegas this week.
Internet users should:
- be sure anti-virus applications are updated and functional
- avoid opening attachments in spam emails or clicking on links in spam
- be cautious opening attachments or following links in email messages
- be especially cautious in web browsing if they use QuickTime Player
- be alert for updates that are expected soon to fix serious holes in
QuickTime Player, Microsoft Windows and Cisco Industrial Ethernet 3000
series routers.
Be safe out there, folks!
Quotes of the Week
"Men of power have no time to read; yet the men who do not read are
unfit for power." -- Michael Foot
"Ambition is the path to success. Persistence is the vehicle you arrive
in." - Bill Bradley
"Those who cannot change their minds cannot change anything."
-- George Bernard Shaw
Warm regards, and thank you for being a WServerNews subscriber. No trees
were killed in the sending of this message, but a large number of electrons
were terribly inconvenienced. Please tell your friends about us.
They can subscribe here:
http://www.wservernews.com/100802-Subscribe
PS: Did you know this newsletter has a sister publication for XP users
called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/100802-WXPNews
PPS: And now we have our new Win7News! You can subscribe here, and tell
your friends:
http://www.wservernews.com/100802-Win7News
|
Get Answers in our LIVE daily Demo of VIPRE Enterprise v.4
Register for a live demonstration of VIPRE Enterprise Version 4.
- See VIPRE Enterprise Version 4 live and in action
- Learn about the features and functionality
- Receive tips and best practices for configuration
- Get LIVE answers to your questions from our Support team.
- VIPRE Enterprise Version 4 combines antivirus, antispyware, client
firewall (with VIPRE Enterprise Premium) and malicious website filtering
technologies into a single agent to protect against the ever-changing
wave of malware in the most comprehensive, highly efficient manner.
Register for one of our daily demos today and learn why VIPRE delivers all
the necessary endpoint security you need, and nothing you don't:
http://www.wservernews.com/100726-Daily-Webinars
|
|
|
Webinars & Seminars |
|
VIPRE Enterprise Premium Product Demonstration - 8/3
Join us for a look at Sunbelt’s new VIPRE Enterprise Premium Version 4.0,
powerful, high-performance endpoint malware protection. Be among the first
to see the new version, which combines antivirus, antispyware and now
firewall into a single agent. Plus take a deep dive into other new
features including scalable multi-site tiering and role-based access
control.
Tuesday, August 3, 2010, 2:00pm - 2:30pm EDT
http://www.wservernews.com/100802-VIPRE-Demo
Introducing VIPRE Enterprise Premium, Version 4.0 - 8/10
Be among the first to see Sunbelt’s new VIPRE Enterprise Premium Version
4.0 - powerful, high-performance endpoint malware protection. The new
premium version combines antivirus, antispyware, and now client firewall
and malicious website filtering technologies, into a single agent to protect
against the ever-changing wave of malware in the most comprehensive, highly
efficient manner.
Join us to hear how our approach to malware protection is different.
We translated our years of experience in detecting and remediating
sophisticated malware into the next-generation endpoint protection
technology, VIPRE - without building on older generation AV engines
or other sourced technology components. VIPRE is fast, efficient
technology in a single, powerful threat engine with low impact on
system resources.
Take a deep dive into new features including scalable multi-site tiering
and role-based access control. Plus, learn why VIPRE delivers all the
necessary security functionality you need and nothing you don’t.
Tuesday, August 10, 2010, 2:00pm - 3:00pm EDT
http://www.wservernews.com/100802-Introducing-VIPRE
VIPRE Email Security for Exchange Product Demo - 8/17
Securing your Exchange Server is key to protecting your enterprise
environment from spam, viruses, phishing, and other messaging threats.
In this product demonstration, learn how the new version of VIPRE Email
Security for Exchange (formerly Ninja Email Security) can help protect
your network and cut your Exchange admin time in half with this powerful,
policy-based email security product.
Tuesday, August 17, 2010, 2:00pm - 2:30pm EDT
http://www.wservernews.com/100802-Email-Security-Demo
Affordable, Enterprise Email Archiving - 8/24
Exchange performance is suffering. Your users complain about email
storage and don't want any quotas. Your CEO requires legal compliance.
Want a high-end, feature-rich, admin-friendly product that solves all
these issues at a very affordable price? Then don’t miss this Sunbelt
Exchange Archiver webinar.
Tuesday, August 24, 2010, 2:00pm - 3:00pm EDT
http://www.wservernews.com/100802-Email-Archiving
Desktop Virtualization: What it Means in 2010
This complimentary one-day seminar features industry analyst and blogger
Brian Madden who explains how virtualization technologies can help you
save time and money and simplify the management of your user's desktops.
Coming to Washington D.C., Boston, Chicago and Irvine this year, Brian
reviews the current state of desktop virtualization, application
virtualization and streaming, and the evolution of thin client computing.
Don’t miss out - reserve your seat today!:
http://www.wservernews.com/100802-Virtualization
|
|
Tech Briefing |
|
Microsoft Office: 10 Reasons to Dump It And Go With Online Apps
With the launch of Microsoft Office 2010, many administrators are wondering
if an expensive upgrade is worth the cost and hassle, especially since SaaS
providers like Google and ZOHO have matured their hosted office offerings
into something that is now business ready. Administrators only need a good
reason to make the jump to SaaS, and here are ten of them. This slide
show can be found on the Channel Insider website:
http://www.wservernews.com/100802-Microsoft-Office
Fake Femme Fatale Shows Social Network Risks
Social networking pages featuring the profile of a fake Navy cyberthreat
analyst attracted some 300 friends in the intelligence, military and
security communities in an experiment conducted by a security researcher.
The lesson? Watch out for pretty faces online:
http://www.wservernews.com/100802-Social-Network-Risks
New Outlook 2010 AutoComplete Cache and Suggested Contacts
William Lefkovics wrote this item over at WinITPro. Small but very useful
bit of data that causes users to send emails to the wrong person all the time.
"Outlook provides a cache of email addresses as you use them in new email
messages. This cache, sometimes called a nickname cache, is intended to
improve user productivity. As you type an address in an email address field,
Outlook lists possible addresses matching the letters you’ve entered.
Historically, Outlook stores this cache in a local, profile-specific file
with the extension .nk2. Outlook 2010 changes the location of the
AutoComplete Cache. It’s no longer an .nk2 file but is now a hidden folder
within an Exchange Mailbox or a .pst file, depending on the account type
in Outlook. The principle is the same, of course; however, with the nickname
cache in the mailbox, the content now travels with the user. MORE:
http://www.wservernews.com/100802-AutoComplete
Security: Top Hacks, Breaches and Compromises of 2010 (So Far)
eWEEK has a good little slide show this week. This has been a busy year for
both hackers and computer forensic specialists. Whether it was the 4
million usernames and e-mail addresses swiped in a hack of The Pirate
Bay or AT&T's Website hack that exposed the e-mail addresses of iPad
3G owners, the first six months of 2010 are a reminder of the realities
of today's IT security landscape. With this backdrop, security
professionals meet the week of July 26 at the Black Hat security
conference in Las Vegas to discuss the latest threats and what can be
done about them. While each of the most serious hacks and malicious
breaches are different, many have a key similarity - insecure code.
Others highlight the dangers of phishing and criminals exploiting
potential gaps in physical security. Here are some of the more notable
data breaches, hacks and exposures that made the news so far this year:
http://www.wservernews.com/100802-Compromises-of-2010
What Your Phone App Doesn't Say: It's Watching
LAS VEGAS - Your smart phone applications are watching you - much more
closely than you might like. Lookout Inc., a mobile-phone security firm,
scanned nearly 300,000 free applications for Apple Inc.'s iPhone and
phones built around Google Inc.'s Android software. It found that many
of them secretly pull sensitive data off users' phones and ship them off
to third parties without notification. That's a major concern that has
been bubbling up in privacy and security circles. The data can include
full details about users' contacts, their pictures, text messages and
Internet and search histories. The third parties can include advertisers
and companies that analyze data on users." In one presentation, Lookout's
CEO John Herring said the Jackeey Wallpaper app, which has been downloaded
millions of times, can gather passwords, browser history, the subscriber
ID, and SIM card numbers and text messages. Ouch. More at Associate Press:
http://www.wservernews.com/100802-Phone-Apps
|
|
Windows Server News |
|
Adding Risk Management Analysis To A Disaster Recovery Plan
Business continuity and disaster recovery plans are enhanced when they
include a risk management analysis - but this analysis is often neglected
by IT departments. Learn how to improve your disaster recovery plan today
with these risk management techniques:
http://www.wservernews.com/100802-Risk-Management
Top 5 Ways To Improve Virtualized Server Infrastructure Performance
Even the smallest adjustments to a virtualized server infrastructure can
greatly enhance its performance. Start improving the effectiveness of
your virtualized server for your users and clients today with these
essential optimization tips: (Registration Required)
http://www.wservernews.com/100802-Virtualization-Tips
Security Issues In Cloud Computing
One of the major issues slowing cloud computing growth is security. Will
things get better or worse for security in the cloud? Access this
exclusive resource for all the recent cloud security news stories, tips
and interviews: (Registration Required)
http://www.wservernews.com/100802-Cloud-Computing
What’s Inside The Virtual Desktop Grab Bag?
Desktop virtualization has grown into a veritable grab bag of useful and
not-so-useful applications. Take an in-depth look at some virtual desktop
innovations and determine which ones may be most valuable to your
organization in this featured article:
http://www.wservernews.com/100802-Virtual-Desktop
|
|
Third Party News |
|
ChargeBack Allows Visibility to Infrastructure Costs
I found something useful you might want to check out if you need to charge
departments for their use of shared IT resources. Here is a blurb from
their site. I have not tested this, so your mileage may vary, but it sounds
very handy.
Chargeback is a powerful, easy to use and affordable product that enables
admins to accurately map VMware and Microsoft Hyper-V virtualization costs
against applications and users. Chargeback provides business level visibility
and cost reporting, by application or business group and by actual resource
consumption or allocation. Installed as a virtual appliance, Chargeback
provides value within 20 minutes from download including:
- Application level visibility into resource consumption
- Business level visibility to virtual infrastructure utilization
- Cost visibility based on usage and/or allocation
- Custom usage reporting
http://www.wservernews.com/100802-vkernel-Chargeback
"How VIPRE Could Be Improved." (humor)
One Redmond Channel Partner Online reader gives some thoughts on how
Sunbelt can improve their software:
"There's nothing to not like about Sunbelt and its VIPRE suite. I'm about to
re-up and expand my subscriptions. Well, in the interests of full disclosure,
I did e-mail some Sunbelt managers this "complaint" message: Years ago, I
kinda liked the dangerous, exciting adventures I had with Symantec/Norton
and Panda. By comparison, VIPRE is boresome. It gives me no emergencies.
Not even close calls. No pirated browsers. Nothing! Where's the fun?
For your PR benefit, let me suggest:
- As scans run, display mock battles on the screen where Vipres eat canny,
wiggly, fast-moving viruses.
- Display messages like: "Today, 4,892,643 Windows users were infected with
KarmaGeddon99. You weren't."
- Each time VIPRE stops malware on its way in, play an audio-visual "SNAP!"
like a mosquito-zapper incinerating its prey.
- Give users a slick, on-screen TurboButton. It doesn't have to do anything.
But pressing it will give us some feeling of participation.
You get the idea, right? Enough of this quiet, behind-the-scenes efficiency!
Jazz it up! I'm still awaiting those product improvements." -- Jon
http://www.wservernews.com/100802-VIPRE-Enterprise-Premium
|
|
WServerNews Fave Links |
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
|
|
WServerNews - Product of the Week |
|
myPassword. Securing your business, one password at a time.
In today’s fast paced mobile business environment, a comprehensive and cost
effective identity management plan is more important than ever and critical
to preventing devastating security breaches. myPassword is an easy to use,
yet extremely powerful, self-service password management solution that provides
end users with a cost-efficient, safe and secure method to reset forgotten passwords,
meet complexity requirements and manage locked accounts. myPassword minimizes user
downtime, dramatically decreases Help Desk costs and delivers an immediate ROI to
your organization.
http://www.wservernews.com/100802-POTW-myPassword
|
|
|
|
|
Email me: 