Random Security Articles

Best Practices for Securing Your Backup Data

Tue, 14 Aug 2007 00:00:00 -0500

Encryption is readily available for new applications in e-commerce, telecommunications and finance. With security breaches commonplace, the need for encryption has become so necessary that various agencies have seen a need to step in and impose regulations. Why is it even necessary to encrypt backup data? The reason is security. Data stored in clear-text is open to attack by everyone.

IT organizations are beginning to realize that the reach and effect of these security laws impacts their procedures and processes. There is currently no specific set of guidelines for compliance within the IT industry. One area of compliance that remains high-risk is that of data storage encryption. For the most part, data transported to off-site storage is not secured and tracked, leaving tapes defenseless against theft, alteration or unauthorized viewing. Encryption appliances for backup tapes are the only way to ensure data at rest is safe.

The California Security Breach Information Act is a cutting-edge law which enforces a rule stating California residents must be notified any time their “personal information” is compromised. Of course, this law imposes strict requirements for public disclosure, the main reason for the increase in reported security breaches across the country. The difference today is that those responsible will have to pay for their mistakes. If an IT Manager fails to properly encrypt company data, the sentences range from suspension to 10 years in prison, with fines from $100 to $1,000,000.

Therefore, concern is steadily growing over an individual company’s current and potential liability. To define what your most critical data is and how best to encrypt that data while at rest requires an in-depth review of current encryption policies, including assessing methods, key lengths and key management. Only after this thorough process will your company be in the position to address these high-risk areas with proper encryption.

Security measures are widely implemented to protect data, however these are not nearly effective enough to provide the security that guarantees the safety of stored confidential records. The answer was to transport backup tapes off-site for protection. However, as corporations grew increasingly computer and Internet savvy, the risk of employee theft, data lost or stolen during transport, environmental damage and theft of discarded tapes grew. Each of these threats brought increased security measures.

However, the biggest threat to confidential information today comes not from the outside, but from the inside. Internet hacking has quickly become the most efficient method of stealing data. Under the new compliance regulations the database administrators (DBA’s) find themselves charged with a high level of duties for which they often feel they do not have the most effective arsenal of tools.

Logic would tell us that the risk personally and to company information and customer privacy is high enough to immediately begin a solid plan of data encryption. Concerned CEOs searching for ways to minimize risk are taking a longer and harder look at cost-effective ways to make data security a priority.

Government regulations, including more stringent control and audit requirements, are designed to protect consumer data and confidential information, making it clear in no uncertain terms the penalties and fines one could face for failing to meet these requirements. Records storage leader Iron Mountain, which fell victim to the loss of tapes containing sensitive customer information, is recommending that companies encrypt backup tapes containing personal information saying, “We believe encryption is the best way for businesses to meet the increasing need for privacy protection.”

Still, while most organizations perform backup data and maintain offsite copies, backup tapes remain largely unencrypted. This leaves the risk at high levels and exposes the company, IT managers and supervisors to stiff fines and penalties for failure to comply with government regulations that control exposure of confidential consumer information, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Fair and Accurate Credit Transaction Act of 2003 (FACTA), and the Financial Services Act of 1999 (Gramm-Leach-Bliley or GLBA).

Unfortunately, as with all new regulations, there is much work to be done in plugging the holes, but one thing is clear: it doesn’t matter whether the breach is accidental or intentional. If it happens to you, you’re responsible.

New encryption methods and hardware are helping to take away some of the difficulties commonly associated with the process of encryption. What can be done to ensure the security of this data and protect those involved with it? What, if anything, is holding your organization back from taking the necessary steps to choose the only appropriate solution, data encryption? Which encryption solution best meets your needs and will instill the highest level of confidence? No longer is it a matter of whether you’re going to encrypt, but when and, even more importantly, how.

One excellent solution is the Q3, a hardware appliance for tape backup encryption that fits in seamlessly with your current environment, takes little time to setup and has little to no effect on current backup procedures, offered by BOSaNOVA, Inc. The Q3 is the latest encryption solution to address your highest levels of risk to your entire IT staff from managers to programmers. Providing systems implementation across your entire infrastructure, the Q3 offers the most efficient, cutting-edge process your team can implement quickly and easily, with the assistance of BOSaNOVA’s technical support.

The Q3 meets your biggest challenge by not interrupting your workflow or your network’s performance. Access to data through this secure hardware appliance now means there’s only one way in, making it nearly impossible for your data at rest to be vulnerable to attack from an unknown source.
For a full version of this article go to http://www.theq3.com/securingbackup.php

--
Martin Pladgeman is President of BOSaNOVA, a leading provider of security solutions, thin clients and network appliances. Their newest solution, the Q3, is a storage encryption appliance that provides complete security for data at rest. For more information, visit www.theq3.com or email info@theq3.com . Detailed information on BOSaNOVA Thin Clients and iSeries Connectivity Solutions can be found online at www.bosanova.net

Source: http://www.articletrader.com

How To Avoid The Pitfalls Of On-Line Shopping

Mon, 06 Jul 2009 11:39:20 -0500

It is very difficult to really get a sense of who you are buying an item from when all you have is their website to go by. Not being able to speak to or see who you are dealing with (in many cases) does put off many potential customers (around 7%) who are not yet able to trust the internet and put their details on-line without having some assurances.

Here is a guide to follow to help those new to internet shopping avoid any unscrupulous traders.

Do you recognise the name? Have you heard of the merchant or any of their products before? If not then possibly look elsewhere or at least check on review websites to make sure they have not been given bad reviews. Checking their title in Google should flag up any bad press they have.

Make sure they are able to secure your personal details and have a recognised secure socket layer (SSL) certificate, well known vendors are verisign, rapidssl, thawte and globalsign. They will encrypt the data being sent to the merchant from your browser via their web server and stop anyone from receiving your personal information who is snooping. The other secure way is to use a Paypal account.

Many of the merchant will offer returns and exchanges or even refunds in the same way you would expect a normal high street vendor would and always check for a company address and telephone number and you could even give them a call to just ensure the validity of their information.

If you just aren't really satisfied with their security or the look of the website and have any doubts at all then do not give your information out, there are always more internet based merchants out there and it's always better to be safe.

--
Oliver is a avid web security analyst who wishes to promote the correct ways to protect corporate websites. Oliver works for ssl247.co.uk who allow you to Buy SSL Certificate as well as trial SSL certificates for IIS web servers in the UK.

Source: http://www.articletrader.com

Basic IT Infrastructure Investments That Cannot Be Ignored For An Acquired New Business

Sun, 27 Jan 2008 00:00:00 -0600

Introduction

In order to expand, most companies either grow organically or acquire new businesses. For newly acquired business, there will be a lot of groundwork need to be done to merge the acquired companies IT System to the purchaser company IT System. In IT Infrastructure areas, there are basic requirements that cannot be ignored especially if the new business is in another location or country. These requirements will assist in mitigating the risk of possible security threats from Internet such as trojans, viruses, and worms, hackers damaging business servers or worst unauthorized intrusion retrieving valuable data.

Basic IT Infrastructure investment includes:

a)Firewall

A proper firewall should have Packet filter, Stateful level protection, IPS, Anti-Spyware, Web Anti-Virus that acts as the first line of defense against any attacks, security threat from the Internet.

A Web-based firewall with easy secured configuration menu is preferred. Further, this is suitable for offices that are lack of dedicated local IT personnel. The HQ IT Experts can remotely assist in administering this firewall for the remote office. Remote administration should be via a secured HTTPS channel. Lookout for reputable firewalls that comes with built-in VPN, Web-based Application Filter (Proxy) Anti Virus and also Intrusion Protection.

b) Anti-Virus

To implement the first layer of anti-virus to protect the servers and PCs from harmful viruses, it will be advisable to setup a central Anti-Virus server in the HQ. This meant all acquired offices require are to install the Anti-Virus clients into their local servers and PCs. Management of the latest virus pattern file, scheduled scanning, and licence management will be centrally managed by HQ IT team using the central anti-virus Server.

Note: When your IT Infrastructure grows, it is better to place your servers in a proper Tier 3 or 4 Data Centre. These Data Centres often guarantees electrical and air-condition supply with a SLA agreement of 99.99%. If the HQ servers are not in a proper Data Centre, imagine a severe electrical outage may just cripple your main servers and also all your acquired companies and subsidiaries IT Systems.

c)E-Mail

Instead of investing ground up on an Industry standard communication software such as Lotus or Exchange E-Mail system, it will be advisable that the new acquired company also take advantage of your HQ E-Mail system. The acquired company only requires to install E-Mail clients and can start utilizing the e-mail for communication and data delivery (if required). The E-Mail system will also be administered centrally.

To mitigate risk further, HQ E-Mail system should be clustered for high-availability and comes with dual layer anti-virus systems, anti-spam and anti-relay mechanisms to mitigate risk of E-Mail viruses, spam and relay attacks.

d)Tape Backup System

To reduce the risk of not been able to recover data in the event of server or database failure, a proper tape backup should be implemented. It is recommended to use enterprise Backup Systems (e.g. CA, Veritas) software that comes with Open File Agent (allows to backup files that are currently still open), SQL Backup Agent (allows to backup database without shutting down the database). It will be prudent to conduct daily, weekly, monthly and yearly backups. Monthly and yearly backups should be kept off-site.

e) Telecommunication line

Option 1)

A WAN (Wide Area Network) link will provide a stable communication line given the provider will guarantee a minimum bandwidth. E-Mail replications, Business related application connections will be more predictable on a WAN line. As you have more subsidiaries and new acquired offices, you can leverage onyour numbers with your WAN provider for a better pricing and services. WAN links are costly but are stable and critical if your business relies on fast and reliable International connectivity.

Option 2)

Cost effective Internet lease line or broadband. This meant connection between the offices to HQ is via Internet. However, please note Internet connection is "best effort" where there is no guarantees of bandwidth or uptime. This is a cheaper solution that WAN.

For secure communication between the offices, I would recommend implementing VPN (Virtual Private Network) connections between these offices. This will facilitate encrypted communication between the offices.

These are basic measures that should be in place before allowing communications between these new offices and your HQ data servers. The impact is severe if security threats were to spread to your HQ and other offices from a new business via WAN or private lease lines.

--

Gabriel Ng is a professional IT Security Consultant, IT Auditor (CISSP) and author of http://www.comsectutorial.com This site is setup to provide information, recommendation on hacking prevention, controls to minimise security threats from viruses, trojans, spywares, hacking based real life experience while conducting security assessment and penetration tests.

Source: http://www.articletrader.com

The Importance of Getting a Checkpoint Engineer to Secure Company Network

Wed, 05 Nov 2008 00:00:00 -0600

You can strengthen and enhance your company’s internal and perimeter network security by getting the services of a certified Checkpoint engineer. Security vulnerabilities of private and public networks are real concerns that should be addressed decisively.

Without a Checkpoint engineer that could arrest vulnerabilities, your company could face serious network losses. The database and sensitive information stored on your company’s server can also be exposed to hacking. By hiring a Checkpoint engineer, loopholes in your VPN, private networks, and security gateways, could be prevented effectively.

The Benefits of Getting a Certified Checkpoint Engineer

A Checkpoint engineer will be able to implement solutions and manage your company’s network security against hundreds of dynamic application level attacks. A Checkpoint engineer has the expertise in the following checkpoint technologies:

VPN-1 VE
Firewall / VPN
Unified Threat Management
Remote Access
Intrusion Detection & Prevention
Endpoint Security

A Checkpoint Engineer Can Safeguard Your Gateway

A Checkpoint engineer would be able to plug your network against intrusions by implementing perimeter gateway security solutions such as IPS-1 and SmartDefense. Check Point intrusion prevention solutions provide precise, real-time attack mitigation, granular forensic analysis and flexible deployment options. Check Point intrusion prevention solutions are delivered as dedicated IPS appliances or software, and as intrusion prevention that is integrated into Check Point security gateways.

Intrusive traffic will try to merge with legitimate traffic by hiding behind spoofing methods that can bypass network passwords and security checkpoint. A Checkpoint engineer can secure the network gateway against such traffic thus preventing intrusion at the point of entry by using SmartDefense. This maintains the most current preemptive security for the Check Point security infrastructure. To help defenses stay continuously ahead of today's constantly evolving threat landscape, SmartDefense Services provide ongoing and real-time updates and configuration advice for defenses and security policies found in SmartDefense.

Firewalling Against Denial of Service Attacks

Another important function of a Checkpoint engineer is to establish a firewall solution that will prevent denial of service attacks.

Denial of service is a serious problem that could crash your network resulting to extended outages and network downtimes. Your clients and legitimate users will not be able to access the network if it is experiencing denial of service attacks.

A Checkpoint engineer can deploy a proactive double firewalling solution that screens unidentified data signatures even before it reaches your network gateway. In this way, your network will not experience downtimes caused by such attacks.

Hire a Checkpoint Engineer to Prevent Phishing Operations

Probably the most compelling reason why you need to get a Checkpoint engineer is to prevent information theft. Hackers are always on the look out for vulnerable networks to phish for usernames and passwords. Phishing these information and data would enable hackers to mine your server of important personal records such as credit card numbers, customer list, and trade secrets. ZoneAlarm ForceField is the first virtualized, on-demand browser security solution to enable consumers to bank and shop online, or surf dangerous areas of the Internet without fear or limitation. Built from the ground-up specifically to fight the emerging classes of browser-based Web threats, ForceField also erases all personal information after a Web browsing session to further protect consumer privacy online. Features include browser virtualization, powerful anti-phishing technology, ZoneAlarm's Spy Site Blocker (also found in the award-winning ZoneAlarm Internet Security Suite) and additional dangerous download defenses.

Without a Checkpoint engineer that will implement multiple protocol security nets within you network, the company’s servers and client applications would become easy targets for Phishing operations. Your company’s reputation will suffer and you can lose customers if your network will not get proper security attention from a certified Checkpoint engineer.

Where to Find a Reliable Checkpoint Engineer?

You can simply post a wanted ad if you want a Checkpoint engineer for your company. However, this is tedious and you have no guarantee that applicants really have enough experience to implement complicated security solutions.

To make your life easier, you can check some of the best online security consultants and B2B security websites. These companies can offer superior network security services. They usually have an onboard certified Checkpoint engineer and experts that can help your network ward off malicious attacks.

--
Bsecure is a Sydney based Network Security Services company that provides affordable assessment, consultation, design and implementation services in all areas of network and information security.

Source: http://www.articletrader.com

Protect Your Computer from Viruses-Using Anti Virus

Tue, 15 Jul 2008 00:00:00 -0500

If you are the type of person that likes to download lots of files of the internet, you could be pushing your luck when it comes to getting a computer virus. If this is the case, I'll assert that you have little understanding of just how vulnerable you are to getting infected. This article is my way of helping you avoid the dreaded infestations.

Listed below are some of the guidelines you can follow in order to keep those nasty viruses from making a mess out of your computer and your life.

1. Get yourself some antivirus software from a respected company such as Norton Antivirus software. You should set it up to run automatically every time you turn your computer on.

2. Make sure to keep your antivirus software up to date by either using the automatic update feature that many come with or make it a habit to manually check at least once or twice a week for updates on your own.

3. The antivirus software can also scan for Macro Viruses. This type of virus is usually hidden in word processing documents that you may receive in an email.

4. Downloading software from the internet should not be done too often. It is very easy to get infected this way, even though there may be lots of great programs available This is very risky.

5. There are many ways to swap data between two different computers. I don't recommend you do this unless it is unavoidable, and even then you must scan the storage device you are transferring from for viruses.

6. When transferring data using a floppy disc, the disc must be formatted first.

7. Only use trusted vendors when you are buying new software for your computer.

8. Never install software that is pirated. This is not only illegal but also a great way to get infected with a virus.

9. Before you open and install a program you have downloaded of the internet, ALWAYS scan them for computer viruses.

10. One very important task is to back your computer files regularly. This will ensure that if, after all your prevention measures, you do still catch a virus it can be removed, and the lost files can be replaced with the ones that were saved.

Finally, it is not guaranteed that if you follow the above steps that you will not be the victim of a computer virus, but you can sure bet that if followed you will greatly reduce the chance of being an unsuspecting recipient of such an unwanted program.

--
Did you find this article useful? For more useful tips & hints, Points to ponder and keep in mind, techniques & insights pertaining to Google Ad sense, Do please browse for more information at our website :-

http://www.reprintarticlesite.com
http://computertips.reprintarticlesite.com

Source: http://www.articletrader.com

Finding Cheap Home Security Cameras

Tue, 15 Jan 2008 00:00:00 -0600

Protecting your home is more important today than ever. Fortunately, it is possible to get quality equipment without having to pay a high price tag. If you are in the market for cheap home security cameras, there are several places to look for bargains. Here are a few examples of ways to get the cameras you want, without spending a lot of money.

One of the first things you should do is spend some time online, educating yourself about security cameras in general. The value in spending time on this activity is that you get a good idea of what features you want for your home system, and what is really not of any interest. Putting together a list of what you want in your cameras will make is much easier to look for a bargain brand that has everything you want, while ensuring you don't have to pay for a lot of other features you don't want and probably will not use.

After completing your orientation into the world of security cameras, spend a little more time online looking for bargains. There are actually several web sites that feature new security equipment at a discounted rate. Often, these will be last year's models, but certainly are still excellent choices. You may be able to save up to 40% simply by looking around the Internet.

While online, don't forget to check out auction sites for bargains as well. Often, there are cameras on bidding sites that begin at a very low bid. With a little luck, you may be able to obtain the camera you want for a very little investment. Keep in mind that auctions usually run over several days, so make sure you check your bid from time to time. If you are outbid and do not log a higher bid, all your hard work will be for nothing.

Locally, check with security companies that may have some quality cameras that are a little older. Often, this will be older inventory that has never been used. The security company may be interested in selling the older cameras for a discount, simply to clear them off the inventory. However, if they insist that you pay full retail for the units, keep looking. There is bound to be another service provider that will be willing to cut you a deal.

Don't forget to check with local electronics stores as well. Cameras go on sale from time to time, often at a significant discount. If you see cameras you like and can afford to wait until the units go on sale, it is possible to save quite a bit of money, and often still be able to obtain a service warranty on the equipment.

--
http://security-cameras101.info is a website devoted to giving you the best information concerning security camera systems. Whether you're looking for an internet security camera or want to protect your home with a home surveillance security camera, we've got you covered!

Source: http://www.articletrader.com

Why you should take your courier seriously?

Wed, 10 Oct 2007 00:00:00 -0500

Sample: Let us look into this case scenario. Company Green sends a courier to company Yellow. Company Yellow receives it. Company Green communicates to company Yellow asking for the response to the sent message. Company Yellow reverts back saying the message was never received. Company Green verifies with the concerned courier service and succeeds in getting the name of the person who seems to have received the courier. Company Yellow sends regrets to Company Green stating the genuine cause for this mishap. The security person in charge of receiving the couriers had put it in his pocket, contemplating later delivery of the same. However, due to sudden rainfall that very evening the important documents which were stored in the persons apparel were irrevocably damaged.

Inter organizational communication is built on a very fragile platform. Often instances like this can affect the organizational image and slacken the communication process. It can also lead to future conflicts .The core or business critical functions remain the sole matter of concern for most of the Multi national corporations today. Routine functions like courier or key management are not given due importance, even though it might go a long way in determining future business relationships.

Technological advancements in the 90’s lead to an increase in non-manual or computer managed functions. The security measures were now automated and several in-house operations in an organization were handled using sophisticated software. The arguments against and in favor of automating security set ups or the front office administration are unending. Whereas computer centric crimes like hacking are an area of concern, there are others who want their security built up to be perfectly automated with a view to protecting valuable information. Access to sensitive information remains the major area of concern for business establishments. Protecting it through the available technology will however be a choice made in the right direction as the use of such softwares can be used for information privacy thereby barring the access points for any illegal use (like information pilferage) by the criminals.

The case of handling couriers is a suitable example of illustrating the logic behind using software technology to keep track of trivial yet consequential tasks like checking the inflow or outflow of valuable information through post and the person responsible for the same. Cost effectiveness can be argued on the same lines as information privacy. The cost of losing valuable information is same as succumbing to information pilferage.

There is an impressive array of products to choose from in the software market, which provide a solution to courier mismanagement issues. There are special features incorporated in them to help an organization track deliverables like postal packages and even keep a tab on the person responsible for the same. If the strongest principle of growth lies in human choice, then the organizations should make the right one and in the right direction.

--

Md Faizullah

Visitor
Management Software

Source: http://www.articletrader.com

Malicious Software Hindrance Must Be Done In A Proactive Manner

Wed, 26 Dec 2007 00:00:00 -0600

You are surfing away at your computer, searching for that perfect gift for your significant other. You think you have the best idea and click�*POOF* An annoying little box comes up pushing a product or service that you don�t want or need. That box popped up because you didn�t remove scumware from your system.

You didn�t know that by removing simple � OK not simple, but simply removing noxious code � you could change the world, did you? It�s true, regular spyware removal can save the Earth!

Unfortunately it is a matter that troubles almost all of the Internet users through out the world. Even many anti virus software fail to get rid of such an aggravation. It is known as the adware. However there is no need to get panicked, as proper adware deletion system does exist to save you from loosing your control. Just a simple deletion of a noxious code can free you from the annoyance.

Take your email account, for example. How many emails in one day do you get from a spambot or a spam account? Ten? Twenty? More? It�s not unheard of for a person to get close to 30 unsolicited emails that qualify as spam, EVERY single day.

Why Is There Spyware On My Computer!

Spyware is a nasty little thing coded on to websites, software and even email messages. Spyware tracks the websites you view, sees the content you are reading in emails and monitors all of your instant messages and chat topics. Sounds worse than the government, huh? It is.

Scumware then takes the information it has tracked for your system, reports back to its owner, who then throws things at you like unwanted pop-ups and advertising. They even throw lots of spam in to your email accounts. Since you don�t want all of the necessary garbage, it�s important to remove scumware from your system regularly.

Spyware Removal Procedures

To remove spyware from your system, it�s as easy as downloading a simple program � available from www.removespywareandadware.com � with a few clicks of the mouse. Click to order the anti-spyware software, download it, and then run a scan on your computer system.

Open up your favorite web browser, type http://www.removespywareeandadware.com/, and press the �enter�. Order a simple yet highly effective anti-malware program, download it and install the software in your system. Run a quick or thorough scan of your computer.

In order to save the world, your spyware removal should happen regularly. Like weekly if you are an active internet user. Every few days if you are very active. Your spyware removal will prevent those companies from gaining access to email addresses in your account. From not having those emails, they then don�t have 30 more emails. Think of all that saved time for those people who don�t have to filter through their inbox and weed out the tons of spam each day. They have nothing to delete! You�ve just saved part of the world a bunch of time. Now maybe you can work on solving world peace.

Spyware is also associated with lots of virus that can run havoc in your hard drive putting the entire system in a state of jeopardy. The damage caused in the process can be of great dimension. Hence it is extremely important for any Internet user to have spyware removal software run regularly to keep your computer clean and safe.">

--
We are glad to have Isaiah Henry has our spyware removal geek at RemoveSpywareandAdware.com. He works hard to give users the necessary info like the review on XoftSpySE.

Source: http://www.articletrader.com

SAP security solutions

Tue, 25 Sep 2007 00:00:00 -0500

A short piece taking a look at the various ways in which using SAP security can help a business.

SAP or Systems, Applications, Products in Data Processing is an application that is being used in more and more businesses all over the world. It can used to create orders, build product and customer databases, handle employee information such as wages, holiday entitlements and sickness absence and much more. In fact SAP is the all round business solution that is the smart choice for any thriving business. SAP is created for each business that requires it and as a result all systems are different, but all have one thing in
common, they all use SAP security solutions.

Why Use SAP Security?

SAP security is purpose built for each and every client, but it is made with one thing in mind, and that is to provide the most up to date, secure SAP system possible. Today security threats for businesses have never been greater. From the risk of attack from viruses and hackers to fraud and theft all businesses need to implement SAP security to protect themselves.

Once a SAP system has been implemented in a business, that business can then request a SAP security review. The SAP security review will be carried out by an individual or team of SAP security experts. The SAP security review will look at all threats both real and potential and then report these back to the business. These found SAP security
threats can be a shock to a business who had previously thought that their SAP security was fine. Once these threats have been determined the next steps is to come up with SAP solutions to the SAP security threats. This will also be done by SAP security experts. There are three main ways in which these SAP security threats can be addressed –

1.   People – these are the employees of the business who use SAP technologies. If a SAP security threat is found that is due to the employees not following certain SAP security procedures then the SAP experts will put together an easy to follow training program which will increase staff awareness in SAP security and help to further protect the systems. The SAP security threat posed by staff simply not adhering to SAP security measures by sharing passwords and leaving computers unlocked when not at their desks is astounding. And sometimes a SAP security review can highlight this in such a way that staff can clearly see what implications their lax SAP security and start to improve their working methods. Staff sometimes unwittingly put systems at risk from not being as SAP security aware as they could be, and using SAP training for your staff can bring about a change in SAP security measures.

2.   Processes – this is of key importance in order to analyise business processes and highlight any SAP security threats which are found. This kind of risk assessment is crucial in determining future risks and ensuring compliance with SAP security measures. The SAP security consulting and support services can help to create methods that ensure that all business processes and systems are secure and pose no risk to SAP security.

3.   Technology – every single SAP systems are created and designed with high levels of SAP security in mind. The SAP NetWeaver platform is used which helps to create a highly secure system that has a strong foundation. As SAP is designed using stringent security standards you can be assured that the system you are using has been built with SAP security at it’s base. This makes for a more secure system that has increased SAP security as standard.

Added Security

It is also worth noting that every SAP security expert and developer is trained to a high standard in security issues. And when testing SAP systems for any security risks you can be assured that risks will be identified and then solutions for them will be presented. Such risks could take the form of the potential risk from hackers or identity theft from systems both of which can be identified and solved using SAP security solutions. Whatever security risks are found there will be a solution for it, or one that can be developed for your business.

If SAP security is a concern for your business you need to have a SAP security review undertaken as soon as possible. That way you can find out if your SAP system has any security risks. And if there are found the SAP security experts can work with your business to develop new methods and systems to minimize SAP security risks. Anyone in business who uses SAP really should get a SAP security review performed. At the best the SAP experts will find little wrong with your SAP security, at worst they will uncover a SAP security risk. Either way the SAP security of your business should be reviewed to make sure that you are
running SAP systems which are secure and safe.

Author Bio: Cathy Mc Leod is a senior SAP Security Consultant with SU53 Solutions specialising in SAP Security and SAP GRC (Governance Risk and Compliance).

--
Cathy Mc Leod is a senior href="http://www.su53.com%29http://www.su53.com">SAP Security
Consultant with SU53 Solutions specialising in SAP Security and href="%20http://www.su53.com/sap-security/services/virsa-consultants/">SAP
GRC (Governance Risk and Compliance).

Source: http://www.articletrader.com

Sophisticated hackers get personal

Fri, 29 Feb 2008 00:00:00 -0600

Humans, as a species, have a very trusting nature. We know that danger lurks in shadowy corners and occasionally marches out in broad sunshine. We just don’t think that it’s in every corner and we’re confident that measures are in place that will protect us from the worst of the worst. Even when presented with a mountain of evidence that proves a particular course of action is unwise, we tend to think that we’ll be alright. How else do you explain the alarming number of people who persist in advertising their personal details at every online opportunity presented to them?

The Internet is an indisputably convenient tool that enables us to significantly simplify our lives. We can bank online; do all of our grocery shopping, chat with friends, meet new people, play social games, and even date. There is very little need for us to leave the safety of our homes. All we need to do is trust the safety of all the applications we use.

But, no matter how secure sites claim to be there is always the danger of information being lost, stolen or misappropriated in some way. Hacking is no different from any other field of occupation in that it constantly develops and evolves. Increasingly sophisticated techniques allow hackers to fly in and out of sites undetected, wrecking havoc as they go.

Social networking sites, such as Facebook and MySpace, are like gold mines to the socially ill-adjusted. People don’t give a thought to including all manner of personal details on these sites. Why wouldn’t they? They’re among friends, and the sites are assuredly secure.

This would be good news, except that an increasing number of pages are being hi-jacked and used for malicious purposes. In November last year, News Corp’s pages on MySpace were hi-jacked so that when anyone clicked on them they were redirected to a site in China. The site aimed to lure users into downloading malicious software that would take control of their PCs.

Hackers copy friend-lists from social networks and send mass emails under friendly disguises. We all know not to open attachments or emails from people we don’t know, but why would we suspect our friends of malicious intent? We click open and descend into cyber-hell.

A new strategy used by hacking masterminds involves placing help-wanted ads in underground channels and hiring professional writers to pen enticing emails and ads, completely devoid of suspicious content. The innocuous nature and well-written content lulls users into a false sense of security. We forget all we’ve learnt about saying no to strangers and walk blindly into the dragon’s lair.

Hackers are also extending their scope of interest, turning their attention to “smartphones”. Phones like Apple’s iPhone can run entire operating systems, support email applications and are capable of storing every aspect of your life. Many people are helpless without their smartphones because they keep all their information on them. They’re a hacker’s paradise. It’s never been easier for them to steal your identity or hack into your bank account.

Cyber criminals use viruses and worms to disrupt and weaken corporate databases so that they can go in and steal ideas, designs and blueprints for prototypes. Intellectual property fetches magnificent prices on the cyber blackmarket.

We all need to get our heads out of the sand and face up to the fact that with incredible convenience comes incredible danger. For our financial, psychological and physical safety, we need to wise up and rethink what information we’re willing to make public. We also need to consider the adage that warns against putting all of our eggs in one basket. We can’t have become so dependent on technology that we can’t make a trip to the supermarket when we run out of toilet paper rather than click “add to basket”.

Recommended site:

http://www.businessweek.com/technology/content/nov2007/tc2007119_234494_page_2.htm

--
Sandra wrote this article for the online marketers Star Business Internet internet service provider and website hosting one of the leading Internet service companies specialising in business website hosting in the UK

Source: http://www.articletrader.com