Career Advice? One Word. Are You Listening? Cybersecurity
- Editor's Corner
Career Advice? One Word. Are You Listening? Cybersecurity.
Create A Security Culture
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without:
- Webinars & Seminars
- VIPRE Antivirus Business Product Demonstration
- Free Desktop Virtualization Seminar
- Tech Briefing
- 10 Ways to Give Your System Administrators a Break
- Windows XP Finally Falls Below 50 Percent
- iPad Users Opening The Enterprise To Risk Via Email
- Spike In Mobile Malware Doubles Android Chances Of Infection
- Windows Server News
- Are You Properly Protecting Your Windows Servers Against Malware?
- Tools For Managing The Data Center Components Behind VDI
- Enterprise Cloud By Definition Demands A Custom Fit
- Finding The Value In Server Application Virtualization
- Third Party News
- VIPRE Server Release Announcement
- From The GFI NTSysadmin List
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
myPassword - Securing your business, one password at a time
Career Advice? One Word. Are You Listening? Cybersecurity
The CSO (Chief Security Officer) magazine website has an article that I could not agree with more. "Advice on what a young person should choose for a future is as old as civilization. In the United States the classic satirical take on such advice was in the 1967 movie "The Graduate", when Dustin Hoffman playing an overwhelmed teenager, is nabbed at his high school graduation party by a well-meaning adult.
"I just want to say one word to you," the adult says. "One word. Are you listening?" After pausing for dramatic effect he blurts out the secret to the kid’s future: "Plastics!" The advice might not have been completely off the mark, as plenty of plastic came out of the 1960s, 1970s, and beyond. But, on a more serious note, the one-word advice I’d give to someone starting out today—or to someone re-starting their career today—would be: "Cybersecurity!"
There is a severe shortage of cybersecurity professionals as per a report of the Center for Strategic and International Studies (CSIS): http://www.wservernews.com/go/1312535332656. CSIS sees the demand as being perhaps 30 times greater than supply. Wow. I have started studying for my CISSP, it's a very comprehensive curriculum and I'm learning quite a bit despite my 30+ years in the IT business. Here is the original article: http://www.wservernews.com/go/1312535346203
And of course the brand new news that dozens of sites have been hacked for 5+ years, and petabytes of information been siphoned out only makes the point even more clear. This week, McAfee released a paper in which they reveal what probably is the most massive computer intrusion known, perpetrated likely by China, that dates back to mid-2006 or earlier. This advanced persistent threat, or APT, resulted in the pilfering of government and military secrets and corporate intellectual property: http://www.wservernews.com/go/1312535365343
Create A Security Culture
Your company’s name and brand can take years to build and only minutes to destroy. You do not want your company name on the front page as the next one that lost a database with confidential information. Regardless of your company’s size, data security is critical. Your organization needs Policy and Procedure IN PLACE to help you reduce the risk of security breaches.
If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers. When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim." Source: CIO Mag, The Coming Pandemic, Michael Freidenberg, May 15th, 2006.
The FTC Assistant Director stated: "We will act against businesses that fail to protect their customer data. Periodic training emphasizes the importance you place on meaningful data security practices. A well-trained workforce is the best defense against identity theft and data breaches. Create a 'culture of security' by implementing a regular schedule of employee training and if employees don’t attend, consider blocking their access to the network."
I might add that you simply could opt for a rule that puts any employee in non-compliance of training requirements on unpaid leave until they have done their training. That should get the message across! To illustrate the need for this, here is a slide show that puts some hard numbers to the headline. Corporate cybercrime costs skyrocket: http://www.wservernews.com/go/1312535465359
McAfee users: Click here http://www.wservernews.com/go/1312806462246 for a short survey and a chance to win a $100 Amazon.com gift certificate.
Security Quotes of the Week
"Distrust and caution are the parents of security." -- Benjamin Franklin
"I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image." -- Stephen Hawking
"Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford
"Amateurs hack systems, professionals hack people." -- Bruce Schneier
Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
email me: [email protected]
Admin Tools We Think You Shouldn't Be Without
Simplify your life with mPowerTools – new GPO reporting tools - 100+ reports - tackle AD chores in bulk -– no scripting AND NO third party databases!
The Windows Sysinternals Administrator's Reference is the official book on the Sysinternals tools, written by Sysinternals cofounder Mark Russinovich:
Subscribe to the latest hot e-zine: CyberheistNews: 'Arming you with the facts'. Gets you ammo twice a month to defend your network against cybercrime:
Frustrated with gullible end-users causing malware infections? Find out who the culprits are in 10 minutes. Do the Free Phishing Security Test on your users!:
Webinars & Seminars
VIPRE Antivirus Business Product Demonstration
Looking for a security solution that doesn't slow you down? VIPRE Antivirus Business combines antivirus and anti-spyware technologies into one powerful security solution for total protection with low resource usage. New VIPRE features include scalable multisite tiering and role-based access control. Join us as we demonstrate the many features of VIPRE Antivirus Business -- Register today!
Date: Tue, Aug 9, 2011 - 2:00 PM ET
Free Desktop Virtualization Seminar
Coming to 12 cities throughout the remainder of the year, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what’s real and what’s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.
10 Ways to Give Your System Administrators a Break
This is a fun slide show over at eWEEK: "System administrators have a difficult job. They have to keep track of what users are doing, what applications are running and what information is leaving and coming into the corporate network:
Windows XP Finally Falls Below 50 Percent
July 2011 may well go down in the history books as the month Windows XP finally started to succumb to the inevitable. Also worth noting: Windows usage in general continues to fall. Read More:
iPad Users Opening The Enterprise To Risk Via Email
"Apple gets serious about iPad security, but is it enough? As enterprise adoption rates for the iPad skyrocket, Apple has been forced to adjust its security thinking to placate its new business customers. Story at InfoWorld: http://www.wservernews.com/go/1312535931593
Spike In Mobile Malware Doubles Android Chances Of Infection
Computerworld reported this week that "an explosion in mobile malware during the last six months has more than doubled the chance that a user's Android smartphone will become infected, a security researcher said today.
"According to Lookout Security, which develops anti-malware software for Android but not for Apple's iPhone, the likelihood of an Android owner encountering malware has jumped by two-and-a-half times since January.
By June, between 1% and 5% of Android users -- the number varies by country -- had been infected by mobile malware, said Kevin Mahaffey, co-founder and CTO of San Francisco-based Lookout.
Mahaffey blamed a dramatic spike in malware targeting Android for improving hackers' odds. "In January, we saw only 80 unique pieces of Android malware, but by the end of June we tracked over 400," said Mahaffey.
Time to get and test the beta of VIPRE MOBILE. I am running it and I like it a lot. There is no noticeable performance degradation on my HTC sprint phone with VIPRE running:
Windows Server News
Are You Properly Protecting Your Windows Servers Against Malware?
How are you protecting your Windows servers against malware? Whether we're talking about Active Directory domain controllers, Exchange or SQL Server-based systems, file servers or even systems serving up basic VPN access or terminal services, what you’re doing may be inadequate at best. Here is a guide to help you build a malware protection plan before it's too late:
Tools For Managing The Data Center Components Behind VDI
VDI incorporates many different parts of the data center, but the management consoles provided with VDI software don't give IT pros a way to see or manage the cogs behind the wheel -- the servers, storage and the network. Here are some VDI monitoring tools available that give granular views into issues with back-end components: http://www.wservernews.com/go/1312536104218
Enterprise Cloud By Definition Demands A Custom Fit
When it comes to cloud computing, enterprises need individual, complex solutions. Cloud-in-a-box or everything-on AWS attitudes simply won't work. Learn more in this exclusive article:
Finding The Value In Server Application Virtualization
With the potential to ease application installation and mobility, products that can abstract applications from server operating systems have emerged in the server virtualization market. But right now, "potential" is the operative word. Check out this featured article for more insight:
Third Party News
VIPRE Server Release Announcement
Date: July 28, 2011.
Products affected: VIPRE Enterprise, VIPRE Enterprise Premium, CounterSpy Enterprise Software version: 4.0.4551
GFI is very pleased to announce the release of VIPRE Enterprise, VIPRE Enterprise Premium, and CounterSpy Enterprise server/management console version 4.0.4551. This release resolves problems in management console versions 4.0.4545 and 4.0.4547 related to email notifications and an unhandled exception error that could occur.
Enhancements and Bug Fixes:
- A bug was fixed that previously resulted in email alerts not being generated for deep scans.
- A bug was fixed that previously resulted in email alerts not being generated for quick scans.
- A bug was fixed that previously resulted in email alerts not being generated for custom (manual) scans.
- A bug was fixed that could cause the management console to generate an unhandled exception error.
How to Obtain this Update:
This update can be obtained via either of the following:
- Via the message-of-the-day widget in your management console by selecting the hyperlinked version number
- Via http://www.wservernews.com/go/1312536349796 (registration key is required)
IMPORTANT NOTE: If you are upgrading from server/console version 4.0.4360 or prior, please be advised that you will also receive agent software version 4.0.4205. To learn more, please see the July 19, 2011 release announcement via http://www.wservernews.com/go/1312536362640
From The GFI NTSysadmin List
I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way:
As a sample use case, the command "ZeShell -e delete,after=20-july-2011" will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar "1,2,3,5-10" format. Just type "ZeShell -?" for details.
You'll need to be in the "Event Log Readers" group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve
WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff
A camera mounted on Yu Muroga dashboard captured not only the March 11 earthquake, but also the moment he and other drivers were suddenly engulfed in the Tsunami. You will be pleased to know that he survived:
Gmail Man is FUD done right, and very funny as well. It was made for Microsoft employees, but got loose ( that might be deliberate though).
This audit is veeery interesting. How much money did the Fed lend? Wow:
I discovered a website that is extremely useful when you urgently need to get a message out to your employees, and it HAS to get there: email, voice, text, pager, etc. Check out their (less than) 2 minute video:
There are people doing crazy stuff on their motorcycles and then there is Jorian Ponomareff from Montpelier, France. Dang he's GOOD:
One of the world's best R/C helicopter pilots shows his skill performing amazing maneuvers at low altitude:
Thriller cat: "I'm out of here!"