MY PROFILE | PRIVACY 
Vol. 16, #44 - November 7, 2011 - Issue #853

10 Ways To Secure Browsing In The Enterprise

  1. Editor's Corner    
    • 10 Ways To Secure Browsing In The Enterprise
    • Thailand Floods: Just-In-Time May Be Late
    • What's That Admin Tool You Are Lacking?
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  3. Webinars & Seminars
    • VIPRE Antivirus Business Product Demonstration
    • Building A High Impact Security Awareness Program - SANS Mgt 433
    • Free Desktop Virtualization Seminar
  4. Tech Briefing
    • The Security Industry All-Stars 
    • Symantec: Hackers Hit Chemical Companies 
    • Are You On The Pwnedlist?
    • What Is The Best Android Battery Saver?
    • Why Hyper-V In Windows 8 Server Could Finally Beat VMware
  5. Windows Server News
    • Top 3 Inexpensive Desktop Upgrades In Bang-For-The-Buck Order 
    • WinServer 8 Patch Management Upgrades May Be Too Good To Be True 
    • Demystifying The Private Cloud 
    • Crafting A Virtual DR Plan That Actually Works
  6. Third Party News
    • Looking For Third Party Admin Tools? 
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • New Free Tool - Real-time Bandwidth Monitor
      for Sub Second Device Polling and Interface Monitoring

New Free Tool - Real-time Bandwidth Monitor for Sub Second Device Polling and Interface Monitoring

Real-Time Bandwidth Monitor, SolarWinds? latest and greatest free tool, allows you to monitor interfaces on your network, see how much bandwidth is in use, or how much is traffic is currently on the interfaces. Now you can poll your interface as frequently as every half second. Set critical and warning thresholds to instantly see when usage is out of bounds. Monitoring a troublesome interface has never been so easy!

Download Real-Time Bandwidth Monitor


 

Editor's Corner

10 Ways To Secure Browsing In The Enterprise

When I saw that headline on the Chief Security Officer website I got curious, and read the whole article. I was not disappointed! Joseph Guarino is CEO of consulting company Evolutionary IT, and he knows his stuff. The story starts out like this: "It goes without saying that the Internet isn't a safe place?it's a veritable jungle. In the world of browsers, we, the users, are seen as a delicious and commonly exploited target by many adversaries. Much like in the real jungle, we most often fall prey to lurking predators that bring us down using spear phishing, drive-by downloads and all manner of malware.

"The browser itself, Java, Javascript, HTML5 and plug-ins such as Adobe Flash allow us great opportunities to use rich applications, but they also open the door wide to cybercriminals. It's possible to improve your browser security stance by making some changes to people, procedures and technology. We don't have to be lunch for the piranhas or a quick snack for the tiger; we can defend ourselves in the Internet jungle. Here are my top 10 recommendations for improving the security of your browsing environment."

  1. Holistic Patch Management
  2. Browser Lockdown
  3. Filtering Proxy with Malware Scanning
  4. Evolved Anti-Malware Defense
  5. Minding Your Mobile Devices
  6. Good Password Policies or Two-Factor Authentication
  7. Frequent, Required User Security Training
  8. Proper Policy and Procedures
  9. Minimal Privileges
  10. Thinking Defense in Depth

In the article he goes into detail on each of these points. Warmly recommended!
http://www.wservernews.com/go/1320345875665

Thailand Floods: Just-In-Time May Be Late

Dell who is famous for their Just In Time (JIT) manufacturing process is sending out alerts to customers. If you have projects that need to be deployed soon, better order right away, as hard disks supposed to arrive from 30% flooded Thailand are going to cause delays. An email from a Dell sales rep stated: "This is vendor agnostic across the globe and we only have a limited supply of Drives, before we start seeing very long lead times on builds and equipment shipping, Suppliers are also stating their (sic) will be an increase in price due to supply constraints, below is a link about the supplier issues currently taking place at this time." Expect delays for the Christmas season, and an increase in prices.
http://www.wservernews.com/go/1320346169438 

What's That Admin Tool You Are Lacking?

You're an IT Administrator, and need to keep servers up and running, workstations patched, applications updated, the network operating at top performance, make sure Backup/Restore actually works, and a zillion other urgent things.

Was there ever a time when you thought: "If I only had an admin tool to do _________, my life would be -so- much easier!" Tell us about that tool you are lacking, we'll try to find the best solution, and tell you about it in a coming issue. This is a one-question, 30 second answer!  
http://www.wservernews.com/go/1320346362162

Warm regards,
Stu Sjouwerman

Quotes of the Week

"Theories crumble, but good observations never fade." -- Harlow Shapley, born this week in 1885.

"You know there is a problem with the education system when you realize that out of the 3 R's only one begins with an R." - Dennis Miller, born this week in 1953.

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/go/1307096257843

Stu Sjouwerman
email me: [email protected]

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Identify which users, applications, and protocols are consuming the most network bandwidth with Orion NetFlow Traffic Analyzer.
http://www.wservernews.com/go/1320344960304

Insider. Outsider. With Centrify's detailed recordings of privileged user sessions, you've got a better way to see if outsourced IT staff are acting like insiders?or outsiders. View Demo:
http://www.wservernews.com/go/1320345052417

rDirectory's Community Edition is a pre-configured, easy to use, web-based directory and search engine that downloads in just minutes - and it's absolutely free! 
http://www.wservernews.com/go/1320345125126

Tired of your Active Directory management tools? Centralize and simplify all Windows and AD management without scripting. 
http://www.wservernews.com/go/1320345199694

Free Service: Email Exposure Check. Find out which addresses of your organization are exposed on the Internet and are a phish-attack target:
http://www.wservernews.com/go/1320345396417

Subscribe to the latest hot e-zine: CyberheistNews: 'Arming you with the facts'. Once-a-week ammo to defend your network against cybercrime:
http://www.wservernews.com/go/1320345323802

 

Webinars & Seminars

VIPRE Antivirus Business Product Demonstration

Looking for a security solution that doesn?t slow you down? VIPRE Antivirus Business combines antivirus and anti-spyware technologies into one powerful security solution for total protection with low resource usage. New VIPRE features include scalable multisite tiering and role-based access control.

Join us as we demonstrate the many features of VIPRE Antivirus Business. Register today!

Nov 8 at 11am ET:
http://www.wservernews.com/go/1320346604458

Building A High Impact Security Awareness Program - Mgt 433

Lance Spitzner will teach a 2-day class at SANS, December 15-16 in Washington. DC as part of SANS CDI. If you or your organization is considering a security awareness program, or looking to improve an existing one, this intense two day course is for you. We are also teaching this as a simulcast, meaning you can virtually attend the class and get the same training but without having to leave home:
http://www.wservernews.com/go/1320346664778

Free Desktop Virtualization Seminar

Coming to Denver this November and LA this December, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what?s real and what?s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.

Register today!
http://www.wservernews.com/go/1320346742955

 

Tech Briefing

The Security Industry All-Stars

From Bruce Schneier to Moxie Marlinspike, these folks are the ones to listen to for security insight. Here we have assembled our list of top players in information security who year after year demonstrate the specialized skills that make them worth listening to. At NetworkWorld:
http://www.wservernews.com/go/1320347162102

Symantec: Hackers Hit Chemical Companies

BEIJING (AP) ? Cyber attacks traced to China targeted at least 48 chemical and military-related companies in an effort to steal technical secrets, a U.S. computer security company said Tuesday, adding to complaints about pervasive Internet crime linked to this country.

The targets included 29 chemical companies and 19 others that make advanced materials used by the military, California-based Symantec Corp. said in a report. It said the group included multiple Fortune 100 companies but did not identify them or say where they were located.
http://www.wservernews.com/go/1320347322346

Are You On The Pwnedlist?

2011 has been called the year of the data breach, with hacker groups publishing troves of stolen data online almost daily. Now a new site called pwnedlist.com lets users check to see if their email address or username and associated information may have been compromised.

Pwnedlist.com is the creation of Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint. Enter a username or email address into the site's search box, and it will check to see if the information was found in any of these recent public data dumps.
http://www.wservernews.com/go/1320347454469

What Is The Best Android Battery Saver?

InfoWorld's Serdar Yegulalp had a look and tested a few. He came out with his winner: JuiceDefender. I downloaded it and also had a look.The free version is so-so, but the Ultimate ($4.99) flavor is a powerful battery saver! JuiceDefender offers more options, more utilities, and more ways to work for you than anything else I've seen. JuiceDefender has five power moderation profiles available out of the box. Balanced (the default) is exactly what it sounds like: JuiceDefender tries to maximize battery life without making a major impact on your phone's performance. Here is the story with LOTS more technical detail:
http://www.wservernews.com/go/1320347555049

Why Hyper-V In Windows 8 Server Could Finally Beat VMware

"If we were having a discussion based on cost alone and didn't have to bring features and management tools into the discussion, Hyper-V would already be the leading virtualization product compared to EMC VMware's vSphere. But obviously, money isn't the only factor when making the decision on which vendor to choose for your virtualization needs. That's why VMware has done so well. But I believe that equation will change when Windows 8 Server comes out with Scalability hikes, a new VHDX format, storage enhancements, networking enhancements, virtual migration enhancements, multiple concurrent live migration, performance improvements, and virtual machine copy recovery": Details in Story at:
http://www.wservernews.com/go/1320347793704

 

Windows Server News

Top 3 Inexpensive Desktop Upgrades In Bang-For-The-Buck Order

It's no wonder that with today's economic uncertainty and tight budgets, organizations are commonly pushing out hardware refreshes by a couple of years. But there's usually still some money for incremental improvements that can increase the service life of the desktop hardware assets in which you've already invested. What are the three best areas to spend a little money to get a lot of life back out of your existing hardware inventory? Find out in this expert tip: 
http://www.wservernews.com/go/1320348277280

WinServer 8 Patch Management Upgrades May Be Too Good To Be True

Microsoft promises high IT service uptime in Windows Server 8 thanks to patch management upgrades ? but what will that really translate into? Find out why one expert isn?t convinced Windows Server 8 will make our Windows Server patching woes go away in the popular tip:
http://www.wservernews.com/go/1320348424198

Demystifying The Private Cloud

For growing businesses with variable needs, cloud computing can reduce costs while boosting project flexibility and time to market. But the cloud still raises IT hackles. This featured article details some of the factors that block many cloud implementations, including networking and security obstacles, and how you can overcome them:
http://www.wservernews.com/go/1320348605767

Crafting A Virtual DR Plan That Actually Works

Many organizations write a DR plan merely to satisfy auditors. When disaster strikes, the plan is set aside and recovery becomes an ad-hoc exercise. But new virtualization technologies have made it more feasible, efficient and affordable to implement a DR plan. Gain insight into the benefits of this approach and how to easily and accurately test it in this exclusive article:
http://www.wservernews.com/go/1320348715018

 

Third Party News

Looking For Third Party Admin Tools?

Last week we ran a survey, and found that a lot of people are looking for tools that actually exist, but they are not aware of them. Here is an extensive list of admin tools created by Andrew Baker, one of the NTSYSADMIN list all-stars:  
http://www.wservernews.com/go/1320348880355

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

 

WServerNews - Product of the Week

New Free Tool - Real-time Bandwidth Monitor for Sub Second Device Polling and Interface Monitoring

Real-Time Bandwidth Monitor, SolarWinds? latest and greatest free tool, allows you to monitor interfaces on your network, see how much bandwidth is in use, or how much is traffic is currently on the interfaces. Now you can poll your interface as frequently as every half second. Set critical and warning thresholds to instantly see when usage is out of bounds. Monitoring a troublesome interface has never been so easy!

Download Real-Time Bandwidth Monitor