Simon Heron – SecureNet

Today’s news of a massive SQL injection attack on thousands of websites – reported on SC Magazine is another salutary reminder of why businesses need to be so careful to protect themselves from these attacks.

Last month, we warned of a significant increase in SQL injection attacks IDP systems won’t always protect users of exploited applications from downloading malicious code, as it comes from a genuine application that has been hacked.

Companies that use public web servers should make sure their applications are patched and up to date, and set clear parameters for SQL instruction to avoid these applications being vulnerable to injection (for details of how to do this, see our advisory).

We’ve just published the latest guide in our ‘Securing Social Media’ series.

The peer-to-peer (P2P) technology guide focuses on the threat posed to businesses that let their employees download P2P technology.

The risks of allowing the use of P2P technology at work include:
•    Allowing an open network of users to access PC’s on your LAN and exploit potential vulnerabilities in the P2P software being used
•    Downloading a P2P application onto a corporate network which could expose corporate files, if the user doesn’t set access rights correctly, with implications for corporate data protection
•    The threat of downloading malware when files are shared which may be ‘played’ by end users and could install Trojans on the host PC
•    Lack of anonymity and privacy issues if a user’s IP address is identifiable over the P2P network (this could attract criminals seeking to target a company, for example)
•    Bandwidth issues associated with distributing and receiving large media files.

We advise companies to block the use of P2P on the corporate network where not related to business use, and implement security guidelines to limit the risk (for example a child using the computer of a parent at home that is also used for work). We also advise that companies:

1.    Block outgoing, as well as incoming, data to prevent applications such as BitTorrent being used to distribute files
2.    Monitor bandwidth use closely, by user
3.    Monitor network connections closely. Only allow authorised applications to be used, ensuring all other ports are secured
4.    Keep security systems up to date to ensure that any vulnerabilities are patched, and computers are scanned regularly
5.    Ensure that any mobile devices (netbooks, laptops etc) that are removed from the corporate environment – for example, for home-working, or remote working – adhere to the same rules as those within the office
6.    If for any reason, file sharing is allowed on the corporate network, only use a legal, checked service
7.    Educate employees on the risks of using P2P networks and technology.

The free P2P guide can be downloaded here.

We are upgrading our customer mail portal, and I’m happy to say that we have managed to improve the speed of mail handing by three to five times whilst also simplifying the user interface.

Data is now presented in a way that allows email administrators to see at a glance how their mail service is performing, and any issues affecting it. A simplified home page to the mail portal now shows (both as lists and graphics):

1. Top five email senders and recipients in the last 24 hours
2. Latest 15 messages
3. Type of mail (whether it is spam or malware)
4. Volume of sent versus incoming email
5. A breakdown of the type and status of mail by time period.

This allows the user to check the status of their email system at their convenience and quickly be able to assess whether there are any developing issues with the email system. Users can now tell instantly where the heaviest use is coming from, or whether they are experiencing a heavier than usual malware load.

We will be releasing this to customers in September.  More details on the upgrade are available here (pdf).