Security

If 2017 was the year of the ransomware attack, then 2018, insofar as it can be defined by malware, was the year of cryptojacking.

For most IT organizations, network monitoring is an essential tool. Network monitoring tools play an important role in letting IT pros get complete visibility into the status of network devices, systems, and applications, keeping the IT team aware of problems with services, networks, application performance, and more.

For years, there have been concerns of the Chinese government building backdoors and spying capabilities in to phones and hardware built on their soil, and now it seems those concerns are coming to head with a recent Bloomberg story that alleges that Chinese government agents installed thousands of spy chips into servers used by Amazon, Apple, and the US government. How true are these allegations, are our servers safe? In this article, we’ll attempt to figure out what—if anything—happened, and how IT pros should react.

Monitoring traffic on the dark web is the kind of thing that IT administrators worry about, but they can't do anything about. Now IT can pinpoint who and what is accessing the dark web from corporate networks with WhatsUp Gold. 

When your business is growing so is your network. Even when business isn’t booming (thanks economy) your business’ infrastructure can be evolving too. What you need is a software tool that’s able to manage these network configuration changes for you.

The computer security world uses a lot of military language and concepts. This is not just because it "sounds good" but because there are many useful analogies to be found.

Let's cut right to the chase here, the life of an IT pro is hard. With endless to-do lists stuffed with infrastructure maintenance, security management and support, it's always a new adventure. Unfortunately for us, it doesn't look like things are getting any easier. Technological trends such as BYOD have made many aspects of modern business more efficient, but they've also increased the complexity of IT environments and made processes such as endpoint security management a real thorn in the side of many an IT pro.

If you do any security monitoring, it's easy to get overwhelmed by the amount of events you need to track. You can start by doing longer hours, but eventually you'll end up in a swamp — sucked in to the point that workflow comes to a standstill.

Human error is responsible for more than half of all security breaches as of last year, making employees the biggest cyber threat of all. Shadow IT, on the other hand, is the deliberate installation of software that is not authorized by IT. The reasons for it? They vary, but generally include tools to make your tickets easier — which should already be available in a centralized company repository.

It's been a year since Sony Pictures employees logged into their workstations, expecting to start a normal workday, when they were greeted by soundbites of gunfire, images of skeletons and threats scrolling across their monitors. To date, the Sony Pictures attack is arguably the most vivid example of advanced persistent threats used to disable a commercial victim. A corporate giant was reduced to posting paper memos, sending faxes and paying over 7,000 employees with paper checks.

Knowing which BYOD risks your fellow IT pros face is paramount in determining how to mitigate them. And the scope of BYOD's influence on company data hasn't stopped changing since your office first implemented a BYOD policy. What kinds of devices are users likely to bring to work with them? The range of devices encompasses more than just smartphones and tablets. Once these devices are identified, however, the risks they represent can help your team formulate a policy to keep resources safe when accessed from outside the network.

As you've likely already heard on Sept 24th a new computer security threat called Shellshock was identified and entered into the National Vulnerability Database as CVE-2014-7169.

As you may already know, there was a recent Security Advisory about new vulnerabilities in OpenSSL released in early June. This specific flaw requires a vulnerable OpenSSL library active on both the client and server ends of the transaction. The flaw allows a savvy attacker to sit between the client and server and turn off encryption, silently exposing information exchanged between those two end points. Technologies that only use OpenSSL to accept web-browser (HTTPS) connections will be vulnerable to this flaw only when the browser is using a vulnerable version of OpenSSL. Chrome for Android is the only major browser that is currently susceptible.

If you're over budget this year, your BYOD policy may be to blame.

There is a common misconception that BYOD will be the savior of IT budget troubles; however, it’s not always as cost-effective as it seems. According to Aberdeen, enterprises spend an extra $170,000 per year to deploy 1,000 mobile devices via BYOD. A typical BYOD model costs 33% more than the traditional corporate-wireless model.

When I talk about BYOD with other IT pros, I get flashbacks of 2009 when the ‘cloud’ first became a hot topic. Security and costs are the top concerns, but few people understand the importance of monitoring and measuring the impact on the network, and why it matters.

Hey folks, this is Brian M. Jacobs, Senior Product Manager for the WhatsUp Gold family of network management products.  I would like to let you know that a security researcher (who has been a big fan of WhatsUp Gold for many years) has informed us of a SQL injection vulnerability in the WhatsUp Gold v15.0.2 product.  This vulnerability involves WhatsUp Gold running in a default deployment, in which administrators have privileged access to the database instance.  For customers who wish to restrict access to their database, we already provide the capability to configure WhatsUp Gold to run with reduced database privileges.  Details on how to implement reduced privilege operation can be found in our Database Migration and Management Guide.  Based on our customers' input, we are also working on security patches to limit all SQL injection related vulnerabilities, regardless of database privilege level.

Imagine if your WhatsUp Gold expert simply stopped showing up for work. What’s your Plan B? What is your backup plan for their sudden or even planned absence?

Did you know that this year the number of Wi-Fi connected devices will exceed the world’s population? With the growing number of Wi-Fi connected devices, there have been more and more public Wi-Fi networks created. Nowadays, whether you are in a coffee shop or train station, there is probably a public Wi-Fi in your general area.

Breach, which is set for release in a few weeks, focuses on the true story of an FBI upstart who must investigate his boss who is suspected to be selling secrets to the Soviet Union. For those of you who read the story in paperback or in weekly new journals, a strong lesson materializes in a story early on that is applicable to the numerous breaches we have heard about at TJX and other retail and insurer organizations. Regardless of how strong and robust your physical and digital security plan is, the success or failure of the plan more likely will lie with the human capital charged with installing, managing and watching the systems.