Business Security Information

Since Facebook privacy issues have been a hot topic in security, I thought it would be a good idea to take a look at some of the add-ons or plug-ins you can get for the Firefox web browser that will help  protect your privacy when on-line.  While a lot of businesses and users still use Internet Explorer, many people and businesses are switching to Firefox which has a ton of plug-ins available.  When I wrote this article, there were 221 add-ons or plug-ins available for Firefox that touched on some element of privacy.  If you search for security-related add-ons, the list gets even bigger.  While I cannot address all of them in this article, I want to highlight a few that can help protect your privacy.

If you are like most businesses, you have more on your plate than you have time to deal with.  Keeping up with all the security issues that face your business can be a daunting task.  One resource that can help you is the new Mozilla Plug-in Checker.  This tool lets you determine which of the computer plug-ins you are currently using are outdated.  While this may not have concerned you before, there is good reason to pay attention to your plug-ins.

GFI has two e-mail security services—MailEdge and MailProtection.  We were given a choice between the two when we registered for a free trial.  We chose GFI MailProtection.  Once we had logged into our account and configured a domain, we were then given, under the Domain Management tab in the Services settings, an option to change from Full (MailProtection) or Edge (MailEdge) protection.  Depending on which one was chosen, additional options were available to configure prior to saving the setting.  The only real difference we noted between GFI MailProtection and GFI MailEdge is that GFI MailProtection also provided virus protection where GFI MailEdge did not.  Both products are marketed to small and medium sized-businesses.

Despite its complicated pronunciation, the word obfuscate merely means is to change, alter, modify, or obscure.  In business, you probably use this more than you think.  On the web, businesses often use URL shortening services which take a long URL (website address) and make it a short one.  These shorter URL’s are then used in an e-mail or instant message, on a blog, or on social media sites such as Facebook.  Twitter is probably one of the most popular places URL shortening (obfuscated URL’s) services are used since you are limited on the number of characters you can put in each tweet.  I have also seen it used in e-books and other informational products that are downloaded off the web.  URL shortening services hide the original and often long URL.

Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF).  If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.  This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks.  Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service.  In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised.  Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary.

If you have not already heard, in mid-January Internet Explorer was under attack by the same attack method that was used by the Chinese to break into Google’s network.  Since then, a number of security researchers, security companies ,and even some governments have recommended that computer users switch to other web browsers such as Firefox, Chrome, Opera and Safari.  Currently, it appears the attack code is mainly geared towards IE (Internet Explorer) 6 and possible IE 7 so businesses that are still using IE 6 should change to another web browser or at least upgrade to IE 8.

When Windows Vista was released and found to have problematic issues,  many businesses stayed with Windows XP Professional.  Now Windows 7 is about to be released.  Will businesses upgrade to Windows 7 when it is released or take the more cautious approach and wait till Windows 7 is out for some time before deciding to upgrade to the newer version of Windows?  I think that a lot of businesses will wait and see before deciding to upgrade.  Since so many businesses are still using Windows XP Professional and may wait to upgrade to Windows 7, I decided to go ahead and write this article on securing Windows XP desktops.

Spyware is a specific form of malware which tracks a person or gathers information about them without their knowledge.  This means that spyware is usually hidden from the user. Software that is installed with the user’s knowledge is not considered spyware.

Spyware can include software that secretly monitors a user’s behavior, but it can also include much more such as collecting personal and account information and e-mail addresses, changing computer settings, installing additional software, and other similar types of activities.  Spyware can be an issue also from the stand point of slowing down your computer and your internet connection speed.

This article covers a somewhat complex and lengthy security topic so I am breaking it into two parts.  The first part will discuss web applications, what they are, and the basics of website security including web application firewalls.  The second part of the article will go into more detail regarding web application firewalls, the PCI standard pertaining to web application firewalls, and, lastly, UTM and web application firewall capabilities.

Web Applications

Kaspersky Lab, an anti-virus/malware company, recently published a “Stop Cybercrime Guide” which I have read, and I think is an excellent overview of many of the computer security threats a business, home office or individual users may face.  Information covered in this short, 10-page document includes:

• Types of malicious programs and how to protect yourself against them.  Some of these protections you may have heard of before, such as installing security software, updating your software, backing up your data, and not using the administrator account except when needed, which I discussed in a previous article.