Business Security Information

If you have not already heard, in mid-January Internet Explorer was under attack by the same attack method that was used by the Chinese to break into Google’s network.  Since then, a number of security researchers, security companies ,and even some governments have recommended that computer users switch to other web browsers such as Firefox, Chrome, Opera and Safari.  Currently, it appears the attack code is mainly geared towards IE (Internet Explorer) 6 and possible IE 7 so businesses that are still using IE 6 should change to another web browser or at least upgrade to IE 8.

When Windows Vista was released and found to have problematic issues,  many businesses stayed with Windows XP Professional.  Now Windows 7 is about to be released.  Will businesses upgrade to Windows 7 when it is released or take the more cautious approach and wait till Windows 7 is out for some time before deciding to upgrade to the newer version of Windows?  I think that a lot of businesses will wait and see before deciding to upgrade.  Since so many businesses are still using Windows XP Professional and may wait to upgrade to Windows 7, I decided to go ahead and write this article on securing Windows XP desktops.

Spyware is a specific form of malware which tracks a person or gathers information about them without their knowledge.  This means that spyware is usually hidden from the user. Software that is installed with the user’s knowledge is not considered spyware.

Spyware can include software that secretly monitors a user’s behavior, but it can also include much more such as collecting personal and account information and e-mail addresses, changing computer settings, installing additional software, and other similar types of activities.  Spyware can be an issue also from the stand point of slowing down your computer and your internet connection speed.

This article covers a somewhat complex and lengthy security topic so I am breaking it into two parts.  The first part will discuss web applications, what they are, and the basics of website security including web application firewalls.  The second part of the article will go into more detail regarding web application firewalls, the PCI standard pertaining to web application firewalls, and, lastly, UTM and web application firewall capabilities.

Web Applications

Kaspersky Lab, an anti-virus/malware company, recently published a “Stop Cybercrime Guide” which I have read, and I think is an excellent overview of many of the computer security threats a business, home office or individual users may face.  Information covered in this short, 10-page document includes:

• Types of malicious programs and how to protect yourself against them.  Some of these protections you may have heard of before, such as installing security software, updating your software, backing up your data, and not using the administrator account except when needed, which I discussed in a previous article.

Websites and Phishers

I had just got done writing about recent website attacks on a variety of small business websites when I came across updated statistics from the Anti-Phishing Working Group that show even more of a need to protect your website.  The statistics indicate that the majority of criminals are actually using legitimate business websites when carrying out phishing scams.  The information shows that the fake or forged websites are only used by these con artists in 13 percent of the phishing attacks.  With a total of 30,454 domain names used by phishers in the last half of 2008, only 5591 of these domains were ones the phisher had set up themselves.  The remaining phishing attacks were using legitimate business domains.  This contradicts some of the information in my phishing article and is all the more reason to protect your business website and brand.

This week, news has come out regarding another wave of attacks against websites.  As of the last report from Websense, over 40,000 websites have been compromised.  The attacks have mainly targeted websites of small businesses.  When people try to visit the small business websites, they are directed to a site that appears to be Google Analytics but is actually a misspelled web address such as googleanalytlcs.net where an “l” not an “i” is used.  The person visiting the website is then redirected to a beladen.net domain where a variety of attacks are tried, and, if successful, a variety of malware is loaded onto the person’s computer.  As noted in previous articles once the malware is installed on the computer, it can be remotely controlled by the attacker.   As a small business owner of a website, you really don’t want your website redirecting your customers or potential customers to a site where their computer(s) will become infected with a variety of malware (bad software).  This is never good for business.

Extent of the Problem

The Conficker worm has been around since late last year, but it was not until early this year that most people had heard of it.  The worm, which is also called the Downadup worm, takes advantage of a flaw in the Windows operating system.  A recent article in CSO Online detailed Conficker and stated that it is still infecting Window computers at a rate of about 50,000 new computers per day which to me seems like a lot of computers.    The number of infected computers is not the only reason to be concerned, however.  Once the computer is infected, it can receive updates or downloads and install other malware or bad software.  The infected computer can be remotely controlled and essentially becomes part of a botnet, which is a group of compromised computers that are under the common control of one person or group.  The computers become “zombies” since they can be controlled remotely by others without the user’s knowledge.  Currently, it appears that the botnet is not really being used for any specific purposes, but that could change at any time.  I don’t know about you, but I would not want such a worm on my network or computer, and I surely don’t want someone to be able to remotely control my computer or steal information off my network.

First we can not talk about something if we do not know what it is so let’s define this term of “Unified Threat Management”.  Unified Threat Management (UTM) basically is a firewall that has a variety of features and capabilities beyond just a firewall.  It is a device that can include such features as intrusion detection, intrusion prevention, anti-virus, spam filtering, content filtering, instant messaging security and other similar types of features.  Please note that this is not a complete list of features because these devices are continually changing, and different features are offered by different vendors.