IT Security Blog

Changing Providers: Study, Learn and then Decide

By

Being in an online business or introducing your business to the online world may seem risky, most especially because not all make it in the industry or it may seem risky if you are simply a newbie in the online world. One of the scariest issues that business owners normally face when incorporating business online is the privacy issues.

However, it is rare this days to have a hacked system or site and make permanent damages to the company’s system or website, most especially because of the constant and consistent restrictive measures that server provider provide for their online clients. There’s always a solution to hacking problems. However, there are still present issues that online clients should face more than the security issues.

If there is one problematic issue business owners may have premium link building should be the least. A problem online business owners face today is moving from an original provider to the next. One particular example of problem is the migration of data. It is a crucial move for any business owner to move any online data to another provider. A thorough study before any final decision is vital and should not be taken lightly as these may jeopardize business operation including data loss and worse, sales loss. Considering these important tips might save your business from any losses.

If you have been with an online provider for 10 years or more and did a lot of customization, then you may want to think twice before saying a go to the next provider. You are not just making your business loose one leg, but one arm as well. If there is an argument between you and your first provider, seat down and settle things in a way that you will not end up the victim. Agree on a takeover terms in such a way that your company data will be smoothly handed over to the next provider with minor to no change.

Get the best IT adviser from your company or hire a specialist not a freelancer. An open conversation and a consistent up-to-date exchange of information should be a priority between the company’s IT personnel and the manager or the owner because this will enable the owner to understand the pros and cons, thus allowing him to make a final decision.

Test before you get. Precautionary measures is necessary prior going to the next level. Being able to test the other provider’s product and services will enable you to weigh if moving from one to the next is a wise decision.

Tape virtualization guidelines

By

mainframes

Greg Schulz of Computerworld shared some guidelines of tape virtualization. Tape virtualization is one of the popular topics when it come to storage. Some of the said advantages of making virtual tape libraries would include improvement of the performance of the back up, archiving and other related processes and smooth transition (from tape-based to disk-based).

Here are the ten points he raised in his article:

1. Integration of VTL in your business continuity, conditions of your site/location.
2. Storage devices to be attached to the VTL.
3. Projected storage capacity needed in the future.
4. Backup, archiving, etc. software supported.
5. Support of differencing or single-instance repository capabilities.
6. Determine if you are looking for a turnkey solution.
7. Resiliency and redundancy needed.
8. Security level needed.
9. Tape device and library emulation for your environment.
10. Necessary changes to your current setup.

The questions he raised in his article really make you consider your needs and the conditions of your system. All these questions will help you evaluate if you would use virtualization. You cannot just decide right away if you will use VTL because it could affect your system in a major way.

It is always good to look at the possibilities before arriving at some decisions like this one. It is best to do a full study before you spend on it. One of the important things you also have to consider would be the people who would be in charge of this project in your company. Who will be the ones in charge of the study and the follow up in case you do push through with it. Your data will be at stake so it is better to be safe than sorry.

Scan Storage Devices before Enabling

By

Viruses and malware issues are far from being a thing of the past. On the contrary, they seem to grow large by numbers as each day passes. Thus the works of security software companies have their work cut out for them. There is not definite date to which such threats and intrusions would wholly be resolved.

Scanning Protocol

For the time being, it would be advisable for people to scan third party storage devices such as diskettes, USB drives and mobile storages to be safe and sound. These wandering viruses can attack at any time and this is a fact anywhere computer related materials are concerned.

Files can go as far as infecting the executable files, hence document, excel and compiled scripts are baits for immediate infection and malicious intrusions. Software applications also have their limits as their development teams cater only to a specific genre for known harmful files. But it is better to lower the risk of intrusion than not having protection at all.

[tags]scan, spyware, virus, infections, spyware, malware, trojans[/tags]

Data or Program: Which are you really Safeguarding?

By

When it comes to network security, the main focus is to of course protect your IT infrastructure. But if you had a choice, which is really important; the program or the data you have gathered?

At first glance it would have to be the data for sure. Software programs can be easily modified and replaced depending on the requirements of any organization. Database protection is important since without it, companies have no basis for analysis and comparison as far as actual performance and reference for clients stored in the database is concerned. If you had to rate both, it would be data first and software second.

There are other people who put premium on software of course. But this will depend on their contingency plan better known to most IT professionals as backed up or archived data. Normally this is so basic that you don’t need to remind anyone the need to have archived historical data in cases where system crashes or intrusions may occur. There will always be scheduled backups and archiving for any program using entity since these are valued and important as far as linking all transactions and tracing revenue.

But the actual safeguarding of these two IT elements is how you expose it. There are usually policies governing the actual level of exposure such as net presence or the use of external storage devices like CDs and floppy disks. Normally, these are discouraged but knowing people who are hard headed today, some of them still ignore these policies and even get away with it.

CitiBank ATM-Pin Breach

By

Citibank an arm of Citi Corp, has suffered a data breach in the form of 7-11 Store installed ATM machines which were broken into by hackers who got away with millions according to the report on Yahoo News. The three hackers have been found, arrested and are currently under custody as the case is further studied and discussed in the courtroom.
The problem happened when these hackers got through third-party computers who handled debit card account transactions taking all the information they needed that was enough for them to engage in online transactions without the need for physical contact with any ATM machine.
The problem is another case of lax data security which in terms of ATM pins are said to be the most secure of all bank information systems for the potential is horrendous in terms of loss.

“PINs were supposed be sacrosanct — what this shows is that PINs aren’t always encrypted like they’re supposed to be,” said Avivah Litan, a security analyst with the Gartner research firm. “The banks need much better fraud detection systems and much better authentication.”

This shows that even with the repetitive problems and incidents of identity theft not everybody is listening and taking action to protect their information, as in the case of Citi Corp., their third party providers should have had ample measures such as encryption, and redundant security measures to prevent such incidents from even happening. Citi Corp., being one of the biggest multi-national banks with accounts all over the world should have check and balance systems that ensures customer information is safeguarded from such intrusions which in this case is going to cost them millions of dollars. The company has relied so heavily on systems based on Microsoft Software technology which has received continuous attacks and this is just another addition to the types of attacks they suffer from hackers.

Encryption – Why people shun away from it even now? (Part 2)

By

If you happen to be a small or medium scale company that cannot afford multiple data stores and infinite numbers of mirrored hard drives, that becomes a problem. An encrypted hard disk in a laptop that gets banged up damaging the hard disk may still have some of the information intact enough for recovery but damage some of the vital keys and software and you are left hanging by a thread or down in the gutters. Data recovery is possible but only through expensive methods with the hard disks being opened up, the platters extracted and installed into another similar hard disk for data extraction. Only the military and federal government would have enough cash to burn in terms of data recovery at that level for the price is computed in the amount of megabytes recovered and on a per hard disk basis, and imagine a 1 terabyte drive at say $50/MB then you’d be scratching your head by now, and that’s just for a single drive.
The risks of identity theft and information leakage is real but the technology is still quite prone to failure even with today’s quad-core which is why we didn’t discuss the performance issue in the discussion. Today’s multi-core processors are capable of handling complex tasks such as real time encryption and decryption as if there was nothing happening on the background. The performance issue has been addressed by more powerful microprocessors but the reliability of the hard disks which stores the information and even the CD’s are still quite weak. Till there is more definite proof that all parts of the computer has reached such a reliable level that failure is a less of a factor more people would still retain their own proprietary security measures (birthday passwords, flash thumb drives that always get lost and physically carrying their discs with them).