mac guide to e-security

Transcription

1 e-security booklet 20/12/02 2:11 am Page 1 Contact Us US Office Vicomsoft Inc. 265 E. Merrick Road Suite 209 Valley Stream NY USA Phone: Fax: Sales : sales@vicomsoft.com UK Office Gild House 70 Norwich Avenue West Bournemouth Dorset BH2 6AW UK Tel: +44 (0) Fax: +44 (0) General : info@vicomsoft.com mac guide to e-security All brand names and trademarks are fully recognised as the property of their respective owners.

2 e-security booklet 20/12/02 2:11 am Page 3 Vicomsoft are trusted providers of Internet connectivity and e-security solutions. Established for two decades we are committed to providing technology-driven solutions with a business focus. Our products allow you to manage your Internet connectivity and more importantly our IT security tools allow you to protect your valuable business assets from Internet security threats. Our commitment to quality and support ensures that companies can trust us to deliver PC and Mac connectivity and security software that allow organizations to get on with their business with peace of mind. Vicomsoft enables organizations to connect to the Internet and conduct business securely, reducing the concerns associated with protecting corporate information and complying with legal requirements. We are business focused and all solutions have been designed by IT professionals with a proven track record in IT security and networking for both the PC and Mac. Our expertise ensures we are committed to providing our customers with up-to-date information about the latest IT security vulnerabilities and the most appropriate Vicomsoft solution to combat them. The product range includes InterGate a powerful Internet connectivity, sharing and security solution that allows organisation to maximise their Internet connection and offers firewall protection from the threats found on the Internet. We also have a new and intelligent management solution that ensures your organisation is protected from Spam or unsolicited s and other threats contained within s such as viruses. Vicomsoft is committed to providing you with solutions that allow you to connect securely to the Internet. Connect and Protect with Vicomsoft contents e-security issues mac e-security tips e-security issues for business e-security issues for small business/home network e-security issues for education e-security policy advice point e-security check list vicomsoft solutions and software & 11 2 e-security issues spam The low cost of electronic communications has both benefits and drawbacks. Most of us take for granted, and gladly take full advantage of, the ability to send a written communication delivered directly to the desktop of our correspondent thousands of miles away in a matter of seconds at negligible cost. What many of us are beginning to discover, however, is that there are hundreds of thousands of marketeers out there who want to send written communications to our desktops at a negligible cost. These unexpected, unsolicited and often intrusive s are referred to as Spam. firewall As an increasing number of local area networks become connected to the Internet, organizations of all sizes are confronted with concerns about security. Firewalls play an important part in any security policy, and understanding them is an important step in securing the local network. website filtering The Internet puts the world at your fingertips, the good, the bad and the ugly. This gives an important emphasis to protecting children while online, and restricting the chances of being exposed to risk. Although the Internet offers inexhaustible resources for the student, it also provides easy access to material that is entirely inappropriate for students, such as pornography, racist and hate literature, stalkers, financial scams and more. Content filtering software can play a key role in the supervision of students on the Internet. It is important, however, to educate each student about the issues, and to use sound judgement when implementing Internet access in the school and at home. According to the 2002 Computer Crime and Security Survey, conducted by Computer Security Institute and the FBI, a startling amount of US-based company and government offices have had some level of security breach. 90% of those companies and institutes polled detected security breaches within the last 12 months. 80% acknowledged financial losses due to the computer breaches. Of the respondents that acknowledged financial loss due to security breaches, 44% were willing to quantify their financial losses. These 223 respondents reported a collective $455,848,000 in financial losses, through e-security lapses. The most serious financial losses occurred through theft of proprietary information (41 respondents reported $170,827,000) and financial fraud (40 respondents reported $115,753,000). Of all respondents, 74% cited their Internet connection as a frequent point of attack. 3

3 e-security booklet 20/12/02 2:11 am Page 5 mac e-security tips e-security issues for business Don't wait until hackers invade you - take action now. Be prepared and get systems in place that will take care of all the e-security issues facing mac users today. Here s some tips to take on board... install virus protection Start the protection process going by installing an anti-virus application that scans not only the programs you install, but the mail you receive, and the files you pull off the Internet. The inconvenience they can cause will be more than worth it if it saves you from infection. consider a firewall Working with a firewall on your Internet connection will give you a good level of protection, especially if set-up correctly for your networking requirements. When file sharing over TCP/IP, be sure you have all the users and groups strictly defined and a plan of action in place. stay informed Taking action and getting everything in place is a good start, however e-security, in all its aspects is a moving feast, so in order to stay safe and secure, you must keep up with the times and check the latest information as it becomes available. Put one person in charge of managing and developing the in-house e-security systems and allow them to update systems as and when advised to do so by the experts. passwords The simplest things are often the weak-links in the e-security chain, so make sure you manage your passwords effectively. Don t use the same password for two different log-ins and don t use passwords that you ve already been entering into systems for the last 5 years! A good password scheme is an important tool in the pursuit of improved security. Develop a method like the first letter of your mothers name, the year they were born, the first two letters of you favourite sports team and the middle two numbers of your uncles telephone number. Then reverse the sequence on alternating months. Anything that you can easily recall, yet secure enough to keep others from guessing is good. Try to include both numbers and letters and never keep a record of the passwords anywhere electronically. If your company sends system back-ups off site monthly, this is also a good system for the storage of passwords. take advice If you re starting out on the road to e-security for your school or business, talk to the experts. They ll be able to advice you on the best way forward and introduce you to systems and procedures that have been developed over a period of time. You might also consider looking at a complete solution that can combat spam and filter web content too. If you do go down this route, make sure that all aspects are compatible with one another and that implementation of the system won t cause more problems than you re trying to protect against! e-security trends According to the CSI/FBI 2002 Computer Crime and Security Survey, the following percentages represent respondents comments about e-security issues 40% detected system penetration from the outside. 78% detected employee abuse of Internet privileges 85% detected computer viruses It s now a given fact that organizations rely on the Internet to conduct business. It has opened new and faster ways of working, while widening the marketplace on a global scale. However, with these benefits there are also the associated threats, problems and challenges such as unauthorised access to your information, violated websites, e-commerce fraud and virus transmission. Consequently you need to work out how to best protect your organisation against such threats. One of the best ways of working out what you need to do is take a risk assessment approach. What do you need to protect and guard against, what would happen if? By taking the time to work through the risk assessment process, it is much easier to ensure that you take the appropriate measures to protect your organization. Don t get a sledgehammer to crack a nut. Ask yourself the following questions... What are the real risks and what do I need to protect against? What are the critical assets of the company and were are they located? Is the security policy implemented? Who will manage the policy from here? What products and solutions are required? Firewalls to address unauthorised external access to the organisation. Web monitoring and filtering Ensure employees are using the web appropriately. Content filtering Ensure s don t contain viruses or undesirable content. Authentication Ensure only authorised users have access to the information appropriate to their roles and responsibilities. Intrusion detection Are you alerted to unwanted visitors onto your network? You may think you have nothing worth protecting. However, what would happen if you lost your billing information due to a virus or if your security was breached and important customer information was stolen or posted on message boards on the Internet? e-security trends According to the CSI/FBI 2002 Computer Crime and Security Survey, the following percentages represent respondents comments about e-security issues 38% reported unauthorized access or misuse of their websites 25% reported between 2 and 5 separate instances of e-security breach 70% of those attacked reported website vandalism 4 5

4 e-security booklet 20/12/02 2:11 am Page 7 e-security issues for small office networks Just because you have a small business or work from home you shouldn t ignore e-security. If you are connected to the Internet then you should still take e-security seriously, just because you are small doesn t mean to say that you won t be hacked. All computers connected to the internet are open to hackers. How important is the data you have on your computer or network or computers to you and your business venture? Can you truthfully say that if you lost all your data tomorrow it wouldn t be a cause for concern? Small businesses and home offices should take a measured approach to e-security firewall Do you want to protect unauthorized access from the Internet to your computer or your network of computers? If so then there are a range of cost effective firewalls that are suited to smaller businesses that still offer exceptional protection against these types of threats. web filtering If you work from home and you allow your children to use your computer do you try to filter or monitor the type of sites they have access to? Alternatively if you run a small business can you afford for employees to be wasting time surfing the Internet? content filtering This is a concern for all businesses large or small. s that contains viruses could destroy data and ruin your business. spam filtering A real cause for concern for smaller businesses. Unsolicited s take up precious bandwidth and take time and effort to read and delete. Spam should be stopped before it enters your inbox. Don t make the mistake of thinking that because you are small e-security doesn t matter. It does. You are just a susceptible to attack and infiltration if you are online without protection. You data is you most valuable asset, don t allow hackers an easy time. Likely sources of e-security breaches According to the CSI/FBI 2002 Computer Crime and Security Survey, the following results were reported as the most likely forms of attack. Most likely - Independent Hackers 2nd most likely Disgruntled Employees 3rd most likely Domestic competitors Joint 4th most likely Foreign Corporation or Foreign Government e-security issues for education A child or teenager s use of and the web is a concern for both parents and teachers. Although the Internet offers inexhaustible resources for the student, it also provides easy access to material that is entirely inappropriate for students, especially pre-teens. In addition many parents and guardians express concerns over Internet usage and your school may have to comply with government directives. Website filtering software can play a key role in the supervision of students on the Internet. However, it is important to educate each student about the issues, and to use sound judgement when implementing Internet access in the school. Apply the same rules your educational establishment always has; don t chat with strangers, don t give personal details and never agree to meet anyone you meet on the Internet without informing a carer, parent or teacher. A website filtering system either blocks or allow access to websites depending on whether or not the content meets a set of criteria which you can set. This criteria depends on the type of filter. Some filters search for keywords within content or use artificial intelligence to gage whether a site falls within the preferences. Others are based on lists of Internet sites evaluated by expert organizations that list those sites deemed inappropriate for student to be surfing. Criteria may also include time of day, or total time spent online by individual users, this can be particularly important for schools as it ensures they only have access at appropriate times during the school day. A good content filtering system will act like a guardian, protecting the student from the worst elements that the Internet harbors. Ultimately content filtering systems should give your students the best possible opportunity to get maximum benefit from use of the Internet, while being protected from inappropriate material and unauthorised contact from the outside world. Top 10 types of Attack or misuse of e-security detected in the last 12 month According to the CSI/FBI 2002 Computer Crime and Security Survey, the following results were reported as the most common types of attack. The percentage in brackets by the type of attack represents that amount of respondents who had 1 Virus (85%) 2 Insider abuse of Net Access (78%) 3 Laptop (65%) 4 System Penetration (40%) 5 Denial of Service (40%) 6 Unauthorized access by insiders (38%) 7 Theft of Proprietary Info (20%) 8 Financial Fraud (12%) 9 Telecom Fraud (9%) 10 Sabotage (8%) 6 7

5 e-security booklet 20/12/02 2:11 am Page 9 e-security policy 10 point e-security check list As an organization you have a responsibility to employees and shareholders to ensure that the highest possible level of reasonable and realistic e-security measures are implemented across the organisation. You can do this by developing a security policy that states how you approach your organisation s and how it is planned and implemented. The first step towards establishing a working security policy is to identify your security needs. Once you have done that you can assess the risks and threats to your assets. the threats could be anything from a Do you have an information security policy? Are you aware of the type of information that exists in your organization and the potential value if unauthorized access was gained to it? Also, do you define which groups of users need access to which types of information and their security levels? 2. Do you have a network security policy? How does the information security policy filter down to your network security policy? Will it prevent unauthorized access? Can you make changes easily to reflect changes in staff and users rights? A malicious hacker breaking into your network An employee sending out a confidential by mistake The viewing and storing of offensive material or the downloading of unlicensed software A disgruntled employee gaining access to or altering important company information Any of these could expose your network threats which could result in anything from loss productivity to legal action against the organisation with company directors being held personally liable for employee actions. check list Here is a checklist of the sort of issues you should be looking at when developing a security policy for your business, workplace or educational establishment... Ensure that all computer equipment and systems are sufficiently protected. This should ensure that your organization is protected but that security measures don t seriously interfere with the working practices of employees or restrict normal business usage. Ensure that it complies fully with any government legislation where relevant and appoint a security officer who is responsible for the production and management of the policy. Take a look at the nature and value of your organization s data, the size of the network, the number of users and the mission critical status of the network. How would the business be affected if the network were disrupted? Do you need to ensure back-up and contingency net works are in place? Security should be an integral part of the running of the business. It should not be seen as a completely separate issue and should form part of the organization s overall business strategy. It should involve business managers not just the IT department. Employees should understand the importance of security and any responsibilities they have for maintaining security. Ensure that you take into account physical security, such as whom has access to server rooms and password lists? Provide the means for identifying attempted unauthorised access to data and what the appropriate action will be to block or monitor the intrusion. Who has access to what, where and when? Include each and every employee. Finally it is important that having developed the security policy that it is continually monitored, managed and updated. 3. Are you aware of all the external network connections on your network? Are you aware of ALL connections from your network to external networks? Remember there might be some users who have dial-up connections you are not aware of. Who is working from home and how are they connecting to the network? Are all your external connections secured by firewalls? As well as between networks? 4. Do you regularly test your network's security? Check your network regularly. If there have been any changes to the security policy are these reflected in your network infrastructure? Do your security measures still provide the protection that you specified when you installed the products? 5. Are your s clean? Do you check incoming s for viruses and inappropriate content? It s important to remember that viruses can multiply quickly on your network, causing serious disruption to business, deletion of data and ultimately affect your trading position. 6. Do you have safeguards to prevent the circulation of inappropriate or defamatory s or inappropriate use of the Internet? Do you have an Acceptable Use Policy for both and the Internet usage in the workplace, so that users are aware of what is acceptable use of the Internet and whilst they are in your employment? 7. Do you have the facility to filter for Spam? The increase of unsolicited or Spam s means that they can take up valuable bandwidth and cost your employees time to filter through them to reach the that they really need to access. If you don t filter then you should consider how much revenue you may be loosing through employees spending time reading and deleting this type of Do you monitor/restrict/limit your employees use of the World Wide Web? Your organization could be losing a significant number of man-hours through employees surfing unauthorized web content. Can you ensure that they are surfing on your terms not theirs? Do you monitor and log the type of sites that they are accessing? 9. Do you educate your employees? Products and plans only form part of your e-security solution. Take time to educate and let your employees know what is expected of them when using and Internet. Acceptable Use Policies can help. It is important that you keep them regularly briefed about the importance of and Internet security and that they understand how breaching Acceptable Use Policies could have a dramatic impact on your organization both in terms of lost data and loss of revenue. 10. Are your internal systems secured against unauthorized access? It is reputed that almost half of all security breaches originate internally, from within the organization itself. Make sure that you take protecting your network from disgruntled or curious employees as seriously as you do protecting it from hackers. 8 9

6 e-security booklet 20/12/02 2:11 am Page 11 InterGate Vicomsoft InterGate is an industrial-strength Internet security and connection-sharing solution dedicated to business and educational users. The software includes the following: Firewall Protect your network from Internet security threats with InterGate firewall. It is easy to install, configure and use and it can provide your network with full protection against Internet security threats without any complex settings. our software InterGate firewall software offers considerable cost benefits when compared with firewall appliances and, unlike an appliance, it can be downloaded and installed in minutes. InterGate is a stateful inspection firewall and once installed it blocks all incoming traffic by default giving firewall protection against hacking attacks. Firewall is server based providing protection for the whole network Ensures full firewall protection immediately using default settings Cost effective and can be downloaded in minutes Customised protection for groups and individuals Web filtering You can hope that your staff and students are only surfing the net for business and school use, or you can ensure it. InterGate web filtering ensures employees and students use of the Internet can be controlled and monitored. Access can be blocked to those sites that are not deemed appropriate for viewing during work or for students at school, using the CyberNot database of web sites. You can also set time controls for individuals or groups restricting web access to certain time periods during the day. Logging tools also monitor exactly who is viewing what and for how long; this can be indispensable, especially when deciding what type of sites to block access and at what times during the day. Improve productivity by limiting or scheduling time spent online Know exactly who is viewing what with detailed logs of all sites visited Block sites and prevent children from accessing harmful Internet content Internet Sharing Sharing your Internet connection is easy with InterGate and you can save your organization costly Internet connection charges. With our easy to use set-up you could have more flexibility and control over the management of your Internet connection whether it is a modem, cable modem, ADSL, ISDN, leased line or T1. FTP Client The ultimate FTP client software, FTP Client is fast, efficient and has support for multiple hosts, resumable uploads and downloads, persistent downloads, file and directory synchronization, Drag & Drop and AppleScript. Mac OS X version coming in Feb 2003 Exclusively available for Macintosh Easy to use Finder-like Graphical User Interface Comprehensive support for many FTP servers Mac OS Terminal emulation Vicomsoft's terminal emulation products are designed with the corporate and business user in mind, sharing a common interface, simplifying access to multiple hosts environments and migrating between differing host environments. They provide comprehensive terminal emulation for IBM Mainframe, IBM Midrange, Digital, Unix and other character based host systems. The product range for MacOS includes MultiTerm Plus and ProSDK. Telnet and Serial connections Multiple simultaneous sessions Range of emulations including Honeywell Bull, IDM Mainframe and Data General Spam Filtering New for 2003 Launching in 2003 the new Spam filtering server-based software will offer Mac users the Spam product they have been waiting for. You can start filtering Spam messages with our software and additional rules will ensure that you can set up how you want to control messages coming in and out of the organisation. Save administration and employees time dealing with Spam s Increase bandwidth with the reduction in Spam traffic Save money with increased employee productivity If you would like to be kept informed of when our Spam product launches then info@vicomsoft.com. Most of our solutions are available as 30-day trial versions on so take a look and download today