Posts Tagged ‘network security’

CSE Awarded ESET Silver Partner Status

Tuesday, August 10th, 2010

We are very pleased to announce that CSE have achieved Silver Partner Status with ESET.

This has been achieved within the first 12 months of registering as a reseller for the ESET products and is in recognition of our having completing both technical and sales training as well as reaching certain revenue levels and shows that we are able to supply, install and support the products to a high standard.

Have a look on our website for more information, there is also a link to a free scanner that you can run to see if you have any infections www.cselimited.co.uk the link is neaxt to the blog link.

If you have any requirements why not drop us a note from our contacts page and we can get back to you, there is an offer on at the moment for 3 years for the price of 2 until the end of August 2010 so could be a good time to switch. www.cselimited.co.uk/contact.html  

We have been very happy with the ESET range of products and would recommend them but if you are not convinced we can also arrange a free trial for you. See www.cselimited.co.uk/security-antivirus.html for more details.

Tags: , , , , , , , , , , , , ,
Posted in Security | No Comments »

Windows Help and Support Vulnerability

Friday, July 2nd, 2010

A vulnerability has been recently discovered in the “Windows Help and Support Centre” as used in Windows XP. Basically this is a tool that is used to offer basic assistance to users and makes use of the internet to gather information and offer advice and downloads including drivers and updates.

The problem is that it uses the HCP protocol as well as the http one and it’s not too fussy about the sites it connects to as it cant validate URL’s properly when using the HCP protocol.

This has led to the bad boys writing websites and links that exploit this vulnerability and if a site with this code is browsed, or a link in an email followed to this code it can then download the “payload” to your PC and in effect do what it wants.

There is more information here on Microsoft’s technet site if you want to learn more.

The best advice for the moment is to keep your antivirus and security software as up to date as possible. There is a workaround listed on the site that involves editing the system registry to disable the HCP protocol but this should not be attempted by the feint hearted as in the words of warning at the beginning of the post “Using registry editor can cause serious problems that may require you to reinstall your operating system” and this is not a fix, its just a workaround until a fix is available.

The worst affected countries at the moment seem to be Portugal and Russia but it will spread.

Windows 7 is not affected by this problem.

Tags: , , , , ,
Posted in Security, Software | No Comments »

83% of small firms suffer I.T. security incidents!

Friday, May 28th, 2010

A recent survey of businesses reported that, 92% of firms with more than 250 employees, and 83% of smaller firms (up to 25 employees), said they had an I.T. related security incident of some sort in the last year. That seems a very high figure but its not all that surprising when you consider that most people still don’t take computer security nearly seriously enough!

I am sure that a lot of the firms in the statistics above will have had some basic protection in place and a proportion of the incidents may well have been relatively minor, but a general lack of knowledge and a false belief that “they won’t be interested in my data” leads companies to neglect the security of their networks and allows others to take advantage of the fact.

We would recommend that regular reviews of network security are undertaken and whilst the full on security audits are perhaps a bit much for a small company, and lets be honest penetration testing sounds painful :-( and social engineering is a bit of an overkill when there are only 30 of you in the company to start with! But there are things that you can do to improve the security, look back at previous posts about stronger passwords  and there was the one about preventing your systems from being used by spammers other things that you should think about are what you allow your users to do on the network.

Do the users on your network need to be able to install software on their PCs? if not then why not consider taking away the local admin rights? This will stop them from installing software that could potentially cause problems later such as peer to peer file sharing, “free software” that comes with a load of viruses and can prevent quite a few user induced problems.

Are all the users on the network set up with the right level off access? Too few rights and they wont be able to work and too many and they will be able to see things that they shouldn’t and make changes that could affect your whole network. If there are users on your network with full domain admin rights then this is probably a bad idea. Even the network administrator should have a standard logon for the day to day stuff and just use an admin account to log on to make system changes.

Setting up effective user groups can help with this in the long term, that way you can assign rights to the group such as sales, admin, management etc. and add individual users to the groups so that they have exactly the rights that they need depending on what role they are performing making future management much easier.

Are your firewalls set up correctly so that they only allow the traffic, both in and out, that you want to allow and prevent all other traffic? As they come out of the box they are quite open and need to be configured to get the best out of them so its worth checking the rules are all set correctly, we can help with that if you need help call us on 0161 941 4555.

There are lots of quite simple checks and modifications that can be made to a network to reduce the risk of becoming a victim of a security breach, so do take some advice on how to protect yourself before its too late. you could do worse than give us a ring and have a chat.

Tags: , , , , , , , , , , , ,
Posted in Security | No Comments »

Oooops! McAfee Anti-virus update cripples PC’s

Friday, April 23rd, 2010

It would appear that a mistake by McAfee, one of the largest anti-virus companies, has caused thousands of PC’s around the world to fail because of a “false positive” issue, i.e. identifying a clean bit of code as infected/bad. Not a bad little virus in itself I suppose :-)

The problem has occurred because an update that they sent out, wrongly identified a part of the Windows operating system, svchost.exe as the wecorl.a virus. This meant that the antivirus software quarantined the file which stopped the operating system from working and resulted in machines constantly restarting and not being able to complete the boot sequence. 

The problem was spotted quickly and McAfee have apologised for the mistake and released a fix, of course because the eroneous update was only in the wild for a short time not everyone will have been affected and it appears that the bulk of the problems were in the US…… this time. This has caused McAffee a major problem and I suspect rather a few red faces as they work to help their customers who were affected by the problem to recover. The other anti-virus companies are, in public at least, sympathetic, no doubt thinking that “there but for the grace of God” etc.

So how can this happen? Well in truth I can’t say what caused this particular issue. McAffee say that there was a problem with their QA process (having made recent changes) which allowed a faulty code to get in to the update. However a simple overview of how anti-virus software detects viruses might be useful here.

Viruses like any other software are just a bunch of code, long string of characters, the antivirus software is looking at this code and checking the character sequences against known sequences that it holds in a database. Now if you are looking for the whole virus then you can have the AV software look for the very long sequence of characters and only identify code as a virus if it is an exact match, fine but what happens if the virus writer changes the code slightly and re-releases the virus, as a variant? Well some of the code will be the same so you have to look for shorter and shorter sequences. The shorter the sequence that you are looking for the more likley it is that it can match a sequence in existing legitimate software, so you can see that there always needs to be a balance to ensure that the software identifies viruses positively whilst not identifying good software as a virus, a false positive.

Of course there are other methods that the antivirus software packages use such as sandboxing code (allowing it to do what it wants to do in a controlled environment where it can’t get at the main system and watching to see if it tries to do something naughty) and then quarantining the code if it is likely to be a virus.

So for all of you who have not been affected you  can smile a bit, but just be aware that your antivirus software is updating several times a day and hope that your antivirus vendor does not have a similar problem in the future.

And before signing off, in answer to those of you who are wondering if you would be better off not having any anti-virus software at all?  The answer is NO.

Tags: , , , , , , ,
Posted in Security, Software | 6 Comments »

Don’t get blacklisted as a spam sender.

Friday, March 12th, 2010

If you have read other posts on this blog you will know that we have covered various security topics including making sure that your antivirus software is up to date and that you run regular scans, set your users up with strong passwords etc. etc. etc.

This is another good tip for making sure that you’re getting the best protection out of the equipment that you already have.

The issue we are looking at today is one way of preventing getting blacklisted as a spam sender.

Assuming that you are not a spam sender (at least knowingly) one way that  you can get blacklisted is if one of your machines gets infected with a bot that is programmed to send out email for someone else. This can result in thousands or tens of thousands of emails going out of your network at which point your ISP (Internet Service provider) along with the anti spam databases will tag you as a spam sender. Your ISP will most likley turn your ability to send email off altogether preventing you from sending any mail until you prove that you have corrected the problem and are not going to send more spam, and secondly your domain/IP address will be listed on the various anti spam databases as a spam sender so any one using these to detect spam will reject your legitimate mail in future.

If you are using a mail server such as Microsoft Exchange on your network then this should be the only machine that is sending email out for you. Your firewall should be set so that the mail server is the only machine that is allowed to send email through the firewall, that way if one of your machines does get infected with a virus and starts sending thousands of emails out it will be prevented from doing so and you will not get blacklisted or have your mail turned off.

So what changes do you need to make? Firstly if you are not very clear on what you need to do then get an expert to make the changes for you, you could end up causing yourself major problems if you attempt to do this yourself and get it wrong. Basically what needs to happen is that the firewall needs to be set up so that:

  • The firewall should be set so that all outbound SMTP traffic is blocked from every host unless there is a further match
  • Then the next rule should be set a rule allowing outbound SMTP traffic from source “mail server”

OK it’s a bit more complicated than that but that gives you the basics. I hope that you found this article interesting, leave a comment and let us know.

Tags: , ,
Posted in Security, Uncategorized | 30 Comments »

Anti-virus video

Thursday, November 5th, 2009

Tags: , , , , ,
Posted in Security, Uncategorized | 1 Comment »