Windows XP Migration: A practical guide to making the transition Part 1: Introduction

Size: px
Start display at page:

Download "Windows XP Migration: A practical guide to making the transition Part 1: Introduction"

Transcription

1 Windows XP Migration: A practical guide to making the transition Part 1: Introduction With Windows XP officially going End-of-Support in April 2014, in this first part of the guide we discuss the business risks associated with running Windows XP after the support deadline. Part 1 of 11 Xtravirt Limited, Riverbridge House, Guildford Road, Leatherhead, Surrey KT22 9AD information@xtravirt.com Tel +44 (0) Web xtravirt.com Xtravirt Limited is registered in England and Wales at the above address. Company no

2 Table of Contents 1 Introduction Overview Business risks Windows Updates WSUS and SCCM Patch Tuesday Exploit Wednesday Zero day exploits Anti-Virus and firewall protection Zombies and Bot-Nets Application support from third parties... 5 Windows XP Migration: A practical guide to making the transition Part 1: Introduction 2

3 1 Introduction Xtravirt is an organisation which is no stranger to transforming the workspace, whether it be for highly distributed organisations such as Avis Budget Group with a workspace transformation over 12 countries and 1,000 sites, or high density volume such as a 24,000 seat migration for Jaguar Landrover, a global luxury car manufacturer. 2 Overview On the 8 th April 2014 Windows XP will officially go End-of-Support and no further security updates or security patches will be made available. For most businesses still using Windows XP this will be a major headache and could present some critical security challenges. In this guide we hope to provide information about the business issues around the use of Windows XP after 8 th April 2014, and provide some practical advice and guidance for managing the challenges ahead. 2.1 Business risks Put simply, the risks to most businesses and individuals still running are Windows XP after the 8 th April are as follows: Security updates will no longer be made available for Windows XP to protect it from malicious software, spyware, data corruption, data theft or misuse by 3 rd parties or remote attackers. When new security exploits and security holes are discovered and fixed for other versions of Windows such as Windows Vista, Windows 7 or Windows 8, Windows XP will not receive any of those security patches even if the exploit and fix would be identical for Windows XP as it would for all of the other versions of Windows. Exploits and vulnerabilities in Internet Explorer running on Windows XP will also remain unpatched after the 8 th April cut-off date (As Internet Explorer is treated as a closely knit component of Windows XP). Other vendors are likely to remove support and end-of-life for other programs and applications if they are running on Windows XP (In reality this is an opportunity for other software vendors to force end users to buy new versions of their products and lay the blame with Microsoft) A chain is as strong as its weakest link. No matter how secure the rest of the computers are on your internal network, a single unpatched computer is all a remote attacker would need to gain access to the internal network and launch attacks, steal data or install malware on other computers inside the perimeter of your network. Knowingly ignoring the risks of running vulnerable software inside your organisation could leave you open to fines and litigation (The Data Protection Act for example which can carry a fine of up to 500,000 per incident), or losing the ability to process financial transactions or credit card payments electronically (PCI DSS compliance for example) For Publicly-traded companies in the United States, including all wholly-owned subsidiaries and all publiclytraded non-us companies doing business in the US the Sarbanes-Oxley legislation might also apply (sometimes called SOX compliance for short). In short, SOX compliance may affect IT departments in three different ways in relation to Electronic Records. The first rule deals with destruction, alteration, or falsification of records. The second rule defines the retention period for records storage. This third rule refers to the type of business records that need to be stored, including all business records and communications, including electronic communications. PLEASE NOTE THAT THIS GUIDE DOES NOT CONSITIUTE LEGAL ADVICE AND YOU ARE ADVISED TO SEEK PROFESSIONAL GUIDANCE IN ALL MATTERS WITH RELATION TO THE LEGAL IMPLICATIONS AND COMLIANCE RISKS OF RUNNING WINDOWS XP IN YOUR ORGANISATION AFTER THE 8 TH APRIL Windows Updates In smaller environments Windows security updates and operating system patches are provided through the Microsoft Windows Update service. The current settings for downloading and installing security updates and patches through Windows Update can be viewed or modified by opening up the settings in the main Windows Control Panel. CONTROL PANEL > WINDOWS UPDATE (or WINDOWS AUTOMATIC UPDATES) Windows XP Migration: A practical guide to making the transition Part 1: Introduction 3

4 2.3 WSUS and SCCM In larger environments, Windows Updates are usually configured and applied through WSUS (Windows Software Update Services) or SCCM (System Center Configuration Manager). WSUS is a mechanism for downloading patches and updates, approving patches and updates, and scheduling the installation of these patches and updates to specific groups of users or computers according to a predefined schedule. In many organisations these updates are tried and tested on a small subset of machines to make sure they do not introduce any new incompatibilities or instabilities before they are approved for distribution to a wider audience. SCCM is an enterprise grade management solution for Microsoft Windows environments. WSUS can be integrated with SCCM to provide a central solutions for installing, configuring and patching software on Windows devices. WSUS and SCCM are often used with a Group Policy. Essentially a Group Policy is a group of settings that an IT administrator can define and apply to a group of users or computer in an automated manner. 2.4 Patch Tuesday As the number of companies connected to the Internet increased, so did the number of security exploits. Over time IT departments began to struggle to keep up with the number of security exploits and security updates that were starting to appear. To keep the administrative overhead to a minimum Microsoft decided to create Patch Tuesday, and started using the service from October Patch Tuesday allows Microsoft to accumulate or roll-up all of the security updates and patches created during the month, and deliver them all on the second Tuesday of every month. This gives IT departments a whole month to test each patch and schedule the updates to be delivered in a controlled, predictable manner. 2.5 Exploit Wednesday The controlled one month window for testing updates released as part of Patch Tuesday has had some unwanted consequences. Virus authors and criminal gangs creating and distributing Malware (Malicious Software) soon realised that if they waited until the day after Patch Tuesday to release as security exploit or piece of malicious software, they would have a whole month to take advantage of the malware or virus before Microsoft could attempt to deliver another security update on the following Patch Tuesday. From this window of opportunity Exploit Wednesday was born. It is now very common for Zero day exploits to be released into the wild on or just after Exploit Wednesday. 2.6 Zero day exploits A zero day or zero day exploit is a security vulnerability that malware authors and criminal gangs start to take advantage of before the software vendor even knows that a security hole exists in their software. The software vendor literally has zero days notice of the security bug, before somebody else starts actively targeting it, hence the name. Once the 8 th April deadline has passed for Windows XP security updates and patches, any new vulnerabilities found in Windows XP will automatically become zero day exploits as Microsoft has categorically stated that it will not fix them after the cut-off date. 2.7 Anti-Virus and firewall protection Some IT departments are advocating the use of third-party Anti-Virus solutions and Firewall products as a Band-Aid sticking plaster to cover up the security holes that will be left in Windows XP once extended support ends. Whilst it may offer protection from some types of attack it should not be relied on as a long-term solution as Windows XP begins to look more and more like a Swiss Cheese over time. Though there is no conclusive evidence to support this at present, many IT security professionals believe that virus authors and criminal gangs are deliberately holding back malware and security exploits that they have already developed until after the 8 th April and waiting until it becomes a free-for-all to launch a Zombie Invasion 2.8 Zombies and Bot-Nets In days gone by viruses and malware would often jump in the face of a user and proudly proclaim that the computer had successfully been infected with a virus to make its presence known and gain notoriety as a cleverer, smarter virus than Virus-X, Virus-Y or Virus-Z. Some virus just displayed a message on screen, or copied themselves from one computer to Windows XP Migration: A practical guide to making the transition Part 1: Introduction 4

5 another, or from one floppy disk or USB stick to another. Some of the more malicious viruses would delete data files, or completely destroy all of the data on a floppy disk or hard drive. However all of these viruses have a fatal flaw. A virus that announces itself in a flamboyant style like Liberace, or destroys its host and loses the ability to spread to another computer is always going to have a limited lifespan. As the virus authors who wrote viruses for critical acclaim from their peers were replaced by organised gangs focused purely on making money a paradigm shift occurred and viruses started to be developed to remain hidden under the covers to make it hard for anyone to first discover them, and secondly remove them. The term Zombie is often used to describe a computer that is under the control of a criminal gang without the knowledge of the owner. Once the computer is under the control of the criminal gang these can be assembled into a huge network of robots that can be controlled by a single Command and Control centre. These huge networks of robots are often known as Bot-Nets. Bot-Nets are sold onto other criminal gangs in chucks of time for financial gain. Whilst a Bot-Net might contain of hundreds of thousands of machines, or even millions of machines access to these machines can be sold for fractions of pennies and still create a huge financial return for the people renting out the zombie computers in the Bot-Net. For criminal gangs, booking and paying for access to a huge Bot-Nets for an hour with a credit card is no different than booking and paying for a lane in a bowling alley for an hour with a credit card. It is widely anticipated that many of the computers running Windows XP after security updates stop will be unwillingly recruited into Bot-Nets and will be hired out to other criminal gangs to send Spam s, launch DDOS attacks on other websites (Distributed Denial of Service attacks as a form of extortion) on other websites or used to mine for Bit-Coins (A new virtual currency). 2.9 Application support from third parties Another concern for many organisations is that 3 rd party software vendors may use the end of extended support for Windows XP deadline on the 8 th April 2014 as a stick to beat more licencing revenue out of customers in the form of: Forced product upgrades Increased support fees Reduced obligation to answer any support queries with software running on Windows XP (regardless of if the issue has actually been caused by running Windows XP) If you haven t done so already, it would be a good idea to speak to your existing software suppliers and find out if they intend to help you make the transition as painless as possible, or use it as an opportunity to use their powers for evil and move towards the dark side. PLEASE NOTE THAT THE INTENT OF THIS SECTION WAS NOT TO INTRODUCE SCARE-MONGERING FOR THE SAKE OF IT, BUT TO HIGHLIGHT THAT WHILST MOST IT DEPARMENTS ARE LOOKING AT THIS AS AN IT PROBLEM TO OVERCOME, SOME SUPPLIERS AND CRIMINAL GANGS ARE LOOKING AT THE SITUATION AS AN OPPURTUNITY TO MAKE MONEY FROM A DOWNED OPPONENT WITH LIMITED TIME, BUDGET AND RESOURCES. MANY BUSINESS OWNERS ALSO HAVE APATHY FOR THE SITUATION AND MAY NOT FULLY APPRECIATE THE IMPACT THIS MAY HAVE ON THEIR BUSINESS, PRODUCTIVITY AND REPUTATION IF MIS-MANAGED OR IGNORED. Windows XP Migration: A practical guide to making the transition Part 1: Introduction 5

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

GlobalSign Malware Monitoring

GlobalSign Malware Monitoring GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Windows XP Migration: A practical guide to making the transition Part 10: Applications

Windows XP Migration: A practical guide to making the transition Part 10: Applications Windows XP Migration: A practical guide to making the transition Part 10: Applications In part 10 we cover the provision of applications to the new desktops. Part 10 of 11 Xtravirt Limited, Riverbridge

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Dealing with the unsupported Windows XP

Dealing with the unsupported Windows XP Dealing with the unsupported Windows XP What Should You Do? A White Paper by: Windows Vulnerabilities XP has substantial and HIPAA design Compliancy vulnerabilities Make that put Upgrading an entire organization

More information

ZNetLive Malware Monitoring

ZNetLive Malware Monitoring Introduction The criminal ways of distributing malware or malicious software online have gone through a change in past years. In place of using USB drives, attachments or disks to distribute viruses, hackers

More information

You can protect your computer against attacks from the Internet with Windows Vista integrated Firewall.

You can protect your computer against attacks from the Internet with Windows Vista integrated Firewall. 1. Step: Firewall Activation You can protect your computer against attacks from the Internet with Windows Vista integrated Firewall. Click on Start > Control Panel > System and Security> Windows Firewall

More information

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows

More information

Module 5: Analytical Writing

Module 5: Analytical Writing Module 5: Analytical Writing Aims of this module: To identify the nature and features of analytical writing To discover the differences between descriptive and analytical writing To explain how to develop

More information

What you need to know to keep your computer safe on the Internet

What you need to know to keep your computer safe on the Internet What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats

Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two

More information

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Running A Fully Controlled Windows Desktop Environment with Application Whitelisting

Running A Fully Controlled Windows Desktop Environment with Application Whitelisting Running A Fully Controlled Windows Desktop Environment with Application Whitelisting By: Brien M. Posey, Microsoft MVP Published: June 2008 About the Author: Brien M. Posey, MCSE, is a Microsoft Most Valuable

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

Almost 400 million people 1 fall victim to cybercrime every year.

Almost 400 million people 1 fall victim to cybercrime every year. 400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked

More information

Regulatory Compliance and Least Privilege Security

Regulatory Compliance and Least Privilege Security Regulatory Compliance and Least Privilege Security Whitepaper As the requirement to comply with industry and government regulations, such as PCI DSS and Government Connect (or FDDC in the States), becomes

More information

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online

More information

More Computer Hints and Tips

More Computer Hints and Tips Introduction More Computer Hints and Tips This document covers in a little more detail the topics introduced at the Carefree Computer Club meeting held on 15 Dec 2008. The principal subjects included:

More information

Virtual Desktop Infrastructure

Virtual Desktop Infrastructure Virtual Desktop Infrastructure Improved manageability and availability spur move to virtualize desktops Many companies have turned to virtualization technologies for their servers and in their data centers

More information

Endpoint Security Management

Endpoint Security Management Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect

More information

Computer Viruses: How to Avoid Infection

Computer Viruses: How to Avoid Infection Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

Cyber Threats: Exposures and Breach Costs

Cyber Threats: Exposures and Breach Costs Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

TIME TO LIVE ON THE NETWORK

TIME TO LIVE ON THE NETWORK TIME TO LIVE ON THE NETWORK Executive Summary This experiment tests to see how well commonly used computer platforms withstand Internet attacks in the wild. The experiment quantifies the amount of time

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business & Preventing (Distributed Denial of Service) A Report For Small Business According to a study by Verizon and the FBI published in 2011, 60% of data breaches are inflicted upon small organizations! Copyright

More information

Seven for 7: Best practices for implementing Windows 7

Seven for 7: Best practices for implementing Windows 7 Seven for 7: Best practices for implementing Windows 7 The early reports are in, and it s clear that Microsoft s Windows 7 is off to a fast start thanks in part to Microsoft s liberal Windows 7 beta program

More information

Spyware. Summary. Overview of Spyware. Who Is Spying?

Spyware. Summary. Overview of Spyware. Who Is Spying? Spyware US-CERT Summary This paper gives an overview of spyware and outlines some practices to defend against it. Spyware is becoming more widespread as online attackers and traditional criminals use it

More information

Preparing Your Personal Computer to Connect to the VPN

Preparing Your Personal Computer to Connect to the VPN Preparing Your Personal Computer to Connect to the VPN (Protecting Your Personal Computer Running Windows) Using the VPN to connect your computer to the campus network is the same as bringing your computer

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Big Tips and Ideas for Small to Mid-size Businesses

Big Tips and Ideas for Small to Mid-size Businesses Big Tips and Ideas for Small to Mid-size Businesses MAY NEWSLETTER 2014 IN THIS ISSUE Security Advisory: Microsoft Warns of Attack on Internet Explorer Ignoring Social Media, SEO can make your business

More information

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Antivirus Best Practices

Antivirus Best Practices Antivirus Best Practices A Net Sense White Paper By Greg Reynolds Consultant (919) 870-8889 (800) 642-8360 Net Sense 1 www.netsense.info Antivirus Best Practices by Greg Reynolds A virus outbreak on your

More information

Stopping zombies, botnets and other email- and web-borne threats

Stopping zombies, botnets and other email- and web-borne threats Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

Applications, virtualization, and devices: Taking back control

Applications, virtualization, and devices: Taking back control Applications, virtualization, and devices: Taking back control Employees installing and using legitimate but unauthorized applications, such as Instant Messaging, VoIP, games, virtualization software,

More information

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Email Security - A Holistic Approach to SMBs

Email Security - A Holistic Approach to SMBs Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

More information

Security survey in the United States

Security survey in the United States Security survey in the United States This document contains the results of a survey on network security in 455 small and medium sized businesses, conducted in the United States in October/November 2007.

More information

Korea s experience of massive DDoS attacks from Botnet

Korea s experience of massive DDoS attacks from Botnet Korea s experience of massive DDoS attacks from Botnet April 12, 2011 Heung Youl YOUM Ph.D. SoonChunHyang University, Korea President, KIISC, Korea Vice-chairman, ITU-T SG 17 1 Table of Contents Overview

More information

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.

More information

UNCLASSIFIED. http://www.govcertuk.gov.uk. General Enquiries. Incidents incidents@govcertuk.gov.uk Incidents incidents@govcertuk.gsi.gov.uk.

UNCLASSIFIED. http://www.govcertuk.gov.uk. General Enquiries. Incidents incidents@govcertuk.gov.uk Incidents incidents@govcertuk.gsi.gov.uk. Version 1.2 19-June-2013 GUIDELINES Incident Response Guidelines Executive Summary Government Departments have a responsibility to report computer incidents under the terms laid out in the SPF, issued

More information

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003 Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

More information

BUSINESS ADVISORY GUIDE TO SPYWARE AND VIRUSES

BUSINESS ADVISORY GUIDE TO SPYWARE AND VIRUSES BUSINESS ADVISORY GUIDE TO SPYWARE AND VIRUSES Cyber criminals lurk everywhere and are constantly finding new ways to harm you. Even legitimate websites have sophisticated methods of snooping into your

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

Firewalls and Software Updates

Firewalls and Software Updates Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General

More information

Computer Security Maintenance Information and Self-Check Activities

Computer Security Maintenance Information and Self-Check Activities Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

More information

Internet security: Shutting the doors to keep hackers off your network

Internet security: Shutting the doors to keep hackers off your network Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet

More information

Xerox Next Generation Security: Partnering with McAfee White Paper

Xerox Next Generation Security: Partnering with McAfee White Paper Xerox Next Generation Security: Partnering with McAfee White Paper 1 Background Today s MFPs are complex embedded systems. They contain, among other things, full scale operating systems, embedded web servers,

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

How To Manage A Patch Management Program

How To Manage A Patch Management Program Patch Management Best Practices What is Patch Management? Patch management is the practice of reviewing, understanding, testing, deploying and reconciling the deployment state for software product updates.

More information

GET. Northwestern University Information Technology www.it.northwestern.edu

GET. Northwestern University Information Technology www.it.northwestern.edu GET 4 Easy Steps to Computer Securit y Northwestern University Information Technology www.it.northwestern.edu My computer has antivirus software. That means I m protected, right? I don t need to worry

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

Enterprise Desktop Management Security Strategy. Liz Cummings. July 16, 2014. Enterprise Desktop Management Security Strategy 1

Enterprise Desktop Management Security Strategy. Liz Cummings. July 16, 2014. Enterprise Desktop Management Security Strategy 1 Enterprise Desktop Management Security Strategy Liz Cummings July 16, 2014 Enterprise Desktop Management Security Strategy 1 Table of Contents Abstract... 3 Introduction... 4 Threat to Information Security...

More information

Protecting personally identifiable information: What data is at risk and what you can do about it

Protecting personally identifiable information: What data is at risk and what you can do about it Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 CLEO ~Remote Access Services Remote Desktop Access User guide CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 August 2007 page 1 of 16 CLEO 2007 CLEO Remote Access Services 3SGD

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

More information

7 Steps to Safer Computing

7 Steps to Safer Computing 7 Steps to Safer Computing These are the seven essentials: - Use a firewall. - Keep your software up to date. - Use an up to date antivirus program. - Use an up to date anti-spyware program. - Only download

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

Secure Your Home Computer and Router. Windows 7 Abbreviated Version. LeRoy Luginbill, CISSP

Secure Your Home Computer and Router. Windows 7 Abbreviated Version. LeRoy Luginbill, CISSP Secure Your Home Computer and Router Windows 7 Abbreviated Version LeRoy Luginbill, CISSP TABLE OF CONTENTS Introduction... 2 Getting Ready... 5 Page 1 of 10 Introduction By giving the Introduction and

More information

What's the difference between spyware and a virus? What is Scareware?

What's the difference between spyware and a virus? What is Scareware? What's the difference between spyware and a virus? What is Scareware? Spyware and viruses are both forms of unwanted or malicious software, sometimes called "malware." You can use Microsoft Security Essentials

More information

Patch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG 2012. All Rights Reserved.

Patch Management. Is it recommended to patch an Industrial Automation Control System and, if so, why? Siemens AG 2012. All Rights Reserved. Patch Management Is it recommended to patch an Industrial Automation Control System and, if so, why? Facts Most of the computer components of modern Industrial Automation Control System are based on standard

More information

Managing Security Risks in Modern IT Networks

Managing Security Risks in Modern IT Networks Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling

More information

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3,

More information

How To Cover A Data Breach In The European Market

How To Cover A Data Breach In The European Market SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

www.pwc.co.uk Information Security Breaches Survey 2013

www.pwc.co.uk Information Security Breaches Survey 2013 www.pwc.co.uk Information Security Breaches Survey 2013 Agenda and contents About the survey Security breaches increase External versus insider threats Understanding and communicating risks Implementation

More information

Countermeasures against Computer Viruses

Countermeasures against Computer Viruses Countermeasures against Computer Viruses How to protect your computer from computer viruses!! Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ Note: A poster showing

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

October Is National Cyber Security Awareness Month!

October Is National Cyber Security Awareness Month! (0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

More information

Do you constantly get hammered by pop up ads that come from nowhere and interfere with using your computer?

Do you constantly get hammered by pop up ads that come from nowhere and interfere with using your computer? GSG Computers 698 W. Main Street Hendersonville, TN 37075 (615) 826-0017 (615) 826-0346 FAX The Computer People FREE Consumer Awareness Guide: How To Keep Your Computer Safe From Crippling Pop Ups, Viruses,

More information

Cisco IPS Tuning Overview

Cisco IPS Tuning Overview Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.

More information