Care Micro Systems Website

Self-help for IT Security

If you want to keep up with the latest developments in IT security and minimise the impact of any lapses on your business, here's Care Micro's handy guide to keeping your computers squeaky-clean.

De-perimeterisation and the Jericho Forum

Recognising this changing IT security landscape, a group of large companies got together two years ago to devise a new way of doing things. Called the Jericho Forum (‘walls come tumbling down'), the group attracted big-name corporates such as BP, ICI, Boeing, Qantas, Royal Mail and Rolls-Royce.

The jury is still out on how effective the Forum will be in shaping future products, but no-one argues with the notion that security has to change to meet a changing business world.

More details at www.jerichoforum.org

Spam, phishing and botnets

If you have an email account will have received a message purportedly from their bank (and many other others, too) asking you to confirm your details by revealing your valuable personal and financial information.

These so-called phishing attacks may have fooled plenty of people when they first appeared a few years ago, but most users are more wary these days.

But the phishers have not given up - they have just changed their tactics. They have to find fresh suckers - which is why we're seeing smaller targets and in different languages, including Greek, Finnish and Czech.

German phishers recently came up with a new wheeze. They sent out messages purporting to come from a utility that provides an electronic invoice as a pdf file. Recipients were invited to click on the link to download the document which, instead of having the suffix 'pdf', had '.pdf.exe'. In other words, it held an executable program that secretly lodges itself on their hard drive.

The program was a trojan, a piece of secret code that allows the sender to take control of the infected machine and, for example, record the users' keystrokes.

We call this spy-phishing and we have already seen quite a lot of these attacks.

The other big problem with Trojans is their huge number. The aim of those sending them out is to capture and infect an many machines as possible. In the parlance, a hi-jacked machine is termed a robot, or ‘bot', and a network of bots controlled by a single source is a ‘botnet'. The widespread use of broadband, which provides a permanent connection between PCs and the internet, has provided the so-called ‘bot-herders' with a fertile ground for their attacks. Botnets can consist of hundreds of thousands of machines, with the combined power to send out spam messages by the million, or to mount denial-of-service attacks against commercial websites.

You've been hit - what do you do next?

The first instinct if your company is hit by a security breach or fraud is to fix the problem and get your business operating again. It is an understandable reaction, but not the right one if you want to find the cause and, more especially, the culprit.

If the incident is serious enough to warrant a prosecution, your first priority should be to apply forensic principles, just as with any other scene of crime. If a computer system is touched after an event, software settings may change and it may be impossible to prove who did what.

The second instinct for you may be to call in the police, but the general advice is not to bother. The recent absorption of the National Hi-Tech Crime Unit (NHTCU) into the new Serious and Organised Crime Agency (SOCA) is a signal that the main focus by law enforcement will be on the most serious internet-based crime and not on smaller, more local attacks.

Where the crime is international, then a private investigation firm could be employed to gather evidence, deal with local police and trace the perpertrators and the proceeds of the crime. It is then down to you as the the victim to decide how to proceed.

Smaller companies can also now find protection with a new membership organisation call the Computer Forensic Alliance (CFA), which offers its members a low-cost investigative service.

CFA annual membership costs between £175 and £480, depending on the level of service.

More details at www.cfallies.com

Maintaining your Business Continuity

Security Services or Business Continuity Management processes provide the means for your company or organisation to recover quickly from a situation where company data or communications are not available. Also known as Disaster Recovery (DR) processes, they are of paramount importance for today's modern organisation. With so much information being stored on file servers and associated storage devices, the loss or corruption of relevant operating data for any significant period could prove fatal to your company

Leading experts have estimated that, on average, a company will suffer a major computer disaster every fifteen years.

In the world of IT, disaster means loss of data, whether this is due to fire, flood or criminal action (which would include hackers and viruses).

From communicating with clients and colleagues to storing data and files, email and the internet are essential tools for any business. Yet while many firms have some online protection, most have experienced a security incident. Can your company afford to count the cost of lost business, cash flow and credibility?

For help and advice on how best to defend your company or organisation against viruses, junk mail, browser vulnerabilities, spyware and trojan software, please contact Care Micro.