Posts Tagged ‘Security’

CSE Awarded ESET Silver Partner Status

Tuesday, August 10th, 2010

We are very pleased to announce that CSE have achieved Silver Partner Status with ESET.

This has been achieved within the first 12 months of registering as a reseller for the ESET products and is in recognition of our having completing both technical and sales training as well as reaching certain revenue levels and shows that we are able to supply, install and support the products to a high standard.

Have a look on our website for more information, there is also a link to a free scanner that you can run to see if you have any infections www.cselimited.co.uk the link is neaxt to the blog link.

If you have any requirements why not drop us a note from our contacts page and we can get back to you, there is an offer on at the moment for 3 years for the price of 2 until the end of August 2010 so could be a good time to switch. www.cselimited.co.uk/contact.html  

We have been very happy with the ESET range of products and would recommend them but if you are not convinced we can also arrange a free trial for you. See www.cselimited.co.uk/security-antivirus.html for more details.

Tags: , , , , , , , , , , , , ,
Posted in Security | No Comments »

Windows Help and Support Vulnerability

Friday, July 2nd, 2010

A vulnerability has been recently discovered in the “Windows Help and Support Centre” as used in Windows XP. Basically this is a tool that is used to offer basic assistance to users and makes use of the internet to gather information and offer advice and downloads including drivers and updates.

The problem is that it uses the HCP protocol as well as the http one and it’s not too fussy about the sites it connects to as it cant validate URL’s properly when using the HCP protocol.

This has led to the bad boys writing websites and links that exploit this vulnerability and if a site with this code is browsed, or a link in an email followed to this code it can then download the “payload” to your PC and in effect do what it wants.

There is more information here on Microsoft’s technet site if you want to learn more.

The best advice for the moment is to keep your antivirus and security software as up to date as possible. There is a workaround listed on the site that involves editing the system registry to disable the HCP protocol but this should not be attempted by the feint hearted as in the words of warning at the beginning of the post “Using registry editor can cause serious problems that may require you to reinstall your operating system” and this is not a fix, its just a workaround until a fix is available.

The worst affected countries at the moment seem to be Portugal and Russia but it will spread.

Windows 7 is not affected by this problem.

Tags: , , , , ,
Posted in Security, Software | No Comments »

Retrieve that document or folder without going to your backup.

Friday, June 11th, 2010
 

At one point or another most of us have accidentally deleted a file or folder on our systems, hopefully you have a good backup and your IT team can recover the file for you. But this takes time of course, wouldn’t it be good if there were a way to retrieve the file yourself?

Volume Shadow Copy or VSS has been available since Windows Server 2003 and what this does is take a snap shot of your network drives at set points, this then allows you to look at previous versions of files. If this has been set up on your servers, or if you are using one of the later operating systems such as Windows 7 or Vista then you can access previous versions of your folders via the Explorer screen. Once you have opened up Windows Explorer simply find the folder that contained the file or folder that you deleted and highlight it, then right click on your mouse and select properties.

Screen shot of previous versions of folder

Screen shot of previous versions of folder

Once of the tabs that will be revealed will be “Previous Versions” clicking on this will offer you a selection of previous versions of the folder which you can look through and find the files that you are missing.

These are the files that are recoverable in this folder These are the files that are recoverable in this folder

From here you can then restore them or save them to where you want and hey presto you have your file or folder back again and without going to the tape backup.

Make sure that you have your VSS turned on and set to take snapshots correctly so that the next time you accidentally lose some data you can get it back again quickly and easily. If you need help then look here for how you can get help to set this up correctly.

Tags: , , , , , ,
Posted in Security, Software | No Comments »

83% of small firms suffer I.T. security incidents!

Friday, May 28th, 2010

A recent survey of businesses reported that, 92% of firms with more than 250 employees, and 83% of smaller firms (up to 25 employees), said they had an I.T. related security incident of some sort in the last year. That seems a very high figure but its not all that surprising when you consider that most people still don’t take computer security nearly seriously enough!

I am sure that a lot of the firms in the statistics above will have had some basic protection in place and a proportion of the incidents may well have been relatively minor, but a general lack of knowledge and a false belief that “they won’t be interested in my data” leads companies to neglect the security of their networks and allows others to take advantage of the fact.

We would recommend that regular reviews of network security are undertaken and whilst the full on security audits are perhaps a bit much for a small company, and lets be honest penetration testing sounds painful :-( and social engineering is a bit of an overkill when there are only 30 of you in the company to start with! But there are things that you can do to improve the security, look back at previous posts about stronger passwords  and there was the one about preventing your systems from being used by spammers other things that you should think about are what you allow your users to do on the network.

Do the users on your network need to be able to install software on their PCs? if not then why not consider taking away the local admin rights? This will stop them from installing software that could potentially cause problems later such as peer to peer file sharing, “free software” that comes with a load of viruses and can prevent quite a few user induced problems.

Are all the users on the network set up with the right level off access? Too few rights and they wont be able to work and too many and they will be able to see things that they shouldn’t and make changes that could affect your whole network. If there are users on your network with full domain admin rights then this is probably a bad idea. Even the network administrator should have a standard logon for the day to day stuff and just use an admin account to log on to make system changes.

Setting up effective user groups can help with this in the long term, that way you can assign rights to the group such as sales, admin, management etc. and add individual users to the groups so that they have exactly the rights that they need depending on what role they are performing making future management much easier.

Are your firewalls set up correctly so that they only allow the traffic, both in and out, that you want to allow and prevent all other traffic? As they come out of the box they are quite open and need to be configured to get the best out of them so its worth checking the rules are all set correctly, we can help with that if you need help call us on 0161 941 4555.

There are lots of quite simple checks and modifications that can be made to a network to reduce the risk of becoming a victim of a security breach, so do take some advice on how to protect yourself before its too late. you could do worse than give us a ring and have a chat.

Tags: , , , , , , , , , , , ,
Posted in Security | No Comments »

Oooops! McAfee Anti-virus update cripples PC’s

Friday, April 23rd, 2010

It would appear that a mistake by McAfee, one of the largest anti-virus companies, has caused thousands of PC’s around the world to fail because of a “false positive” issue, i.e. identifying a clean bit of code as infected/bad. Not a bad little virus in itself I suppose :-)

The problem has occurred because an update that they sent out, wrongly identified a part of the Windows operating system, svchost.exe as the wecorl.a virus. This meant that the antivirus software quarantined the file which stopped the operating system from working and resulted in machines constantly restarting and not being able to complete the boot sequence. 

The problem was spotted quickly and McAfee have apologised for the mistake and released a fix, of course because the eroneous update was only in the wild for a short time not everyone will have been affected and it appears that the bulk of the problems were in the US…… this time. This has caused McAffee a major problem and I suspect rather a few red faces as they work to help their customers who were affected by the problem to recover. The other anti-virus companies are, in public at least, sympathetic, no doubt thinking that “there but for the grace of God” etc.

So how can this happen? Well in truth I can’t say what caused this particular issue. McAffee say that there was a problem with their QA process (having made recent changes) which allowed a faulty code to get in to the update. However a simple overview of how anti-virus software detects viruses might be useful here.

Viruses like any other software are just a bunch of code, long string of characters, the antivirus software is looking at this code and checking the character sequences against known sequences that it holds in a database. Now if you are looking for the whole virus then you can have the AV software look for the very long sequence of characters and only identify code as a virus if it is an exact match, fine but what happens if the virus writer changes the code slightly and re-releases the virus, as a variant? Well some of the code will be the same so you have to look for shorter and shorter sequences. The shorter the sequence that you are looking for the more likley it is that it can match a sequence in existing legitimate software, so you can see that there always needs to be a balance to ensure that the software identifies viruses positively whilst not identifying good software as a virus, a false positive.

Of course there are other methods that the antivirus software packages use such as sandboxing code (allowing it to do what it wants to do in a controlled environment where it can’t get at the main system and watching to see if it tries to do something naughty) and then quarantining the code if it is likely to be a virus.

So for all of you who have not been affected you  can smile a bit, but just be aware that your antivirus software is updating several times a day and hope that your antivirus vendor does not have a similar problem in the future.

And before signing off, in answer to those of you who are wondering if you would be better off not having any anti-virus software at all?  The answer is NO.

Tags: , , , , , , ,
Posted in Security, Software | 6 Comments »

Don’t get blacklisted as a spam sender.

Friday, March 12th, 2010

If you have read other posts on this blog you will know that we have covered various security topics including making sure that your antivirus software is up to date and that you run regular scans, set your users up with strong passwords etc. etc. etc.

This is another good tip for making sure that you’re getting the best protection out of the equipment that you already have.

The issue we are looking at today is one way of preventing getting blacklisted as a spam sender.

Assuming that you are not a spam sender (at least knowingly) one way that  you can get blacklisted is if one of your machines gets infected with a bot that is programmed to send out email for someone else. This can result in thousands or tens of thousands of emails going out of your network at which point your ISP (Internet Service provider) along with the anti spam databases will tag you as a spam sender. Your ISP will most likley turn your ability to send email off altogether preventing you from sending any mail until you prove that you have corrected the problem and are not going to send more spam, and secondly your domain/IP address will be listed on the various anti spam databases as a spam sender so any one using these to detect spam will reject your legitimate mail in future.

If you are using a mail server such as Microsoft Exchange on your network then this should be the only machine that is sending email out for you. Your firewall should be set so that the mail server is the only machine that is allowed to send email through the firewall, that way if one of your machines does get infected with a virus and starts sending thousands of emails out it will be prevented from doing so and you will not get blacklisted or have your mail turned off.

So what changes do you need to make? Firstly if you are not very clear on what you need to do then get an expert to make the changes for you, you could end up causing yourself major problems if you attempt to do this yourself and get it wrong. Basically what needs to happen is that the firewall needs to be set up so that:

  • The firewall should be set so that all outbound SMTP traffic is blocked from every host unless there is a further match
  • Then the next rule should be set a rule allowing outbound SMTP traffic from source “mail server”

OK it’s a bit more complicated than that but that gives you the basics. I hope that you found this article interesting, leave a comment and let us know.

Tags: , ,
Posted in Security, Uncategorized | 30 Comments »

Creating and remembering stronger passwords

Friday, December 18th, 2009

It’s increasingly important these days to ensure that your passwords are as secure as they can be to prevent identity theft or unauthorized access to your data. Everyone knows that they should have a strong password but it’s so hard to remember them and we end up using the same easy to remember words that are easy to crack for the bad guys. So how do you get a better password?

Here are a few steps to build and remember a strong password

The strongest passwords are long strings of random letters numbers and symbols however this would be almost impossible to remember for a normal human being so whats the next best thing?

Why not try to make up a random string of characters based on a sentence or quote that is memorable to you but would be difficult for anyboby else to guess.

First think of a quote or phrase that you will remember, for example “I live at twenty six Evergreen Terrace Manchester.”

Now turn your sentence into a simple password by using the first letter of each word of your phrase to create a basic password, in this case: “ilatsetm”

To add some complexity to your password add numbers and capital letters (in mine it’s easy but you could swap E’s to 3’s or L’s to 1’s etc. so our password might now be “i1a263GTM”

Now see if you can swap some letters for special characters my at could be swapped for the @ symbol or you could use the $ for an S

So now our simple password is “i1@263GTM” which is better than using a well known word.

You might also comsider creating new passwords for each website that you register with, you can do this easily by adding the initials of the website to your existing password that way you can have unique passwords that are still easy to remember. i.e. for TSB bank “TSBi1@263GTM”

Why not have a go yourself with a phrase or sentance that you are not likely to forget?

Tags: , , ,
Posted in Security | No Comments »