2006 K2 Information Security Home Page

Effective Information Security

• 2005 FBI Computer Crime Survey

• Trusted Computing

• Microsoft Online Course on Office Security

• The SANS Security Policy Project Page

Passwords and Other Authorization Techniques

• SANS Institute Password Policy Document (in MS Word Format)

• Password Depot - Password management software

• Excel Password Generator

• distributed.net - Worldwide organization of computers trying to crack encryption

• RSA's Secure ID two-factor authentication that fully integrates with Microsoft's Active Directory

Locking Down Your Systems

• Windows XP: Your Definitive Lockdown Guide

• How to convert a FAT16 volume or a FAT32 volume to an NTFS file system in Windows XP

Registry Cleaning Tools

• Top Ten Reviews Compares Registry Clean Software

• Information Week Registry Cleaning Software Review

• Registry Clean Expert

• RegSupreme Pro

• Registry Mechanic  

• Registry Repair

Controlling Browser Helper Objects (BHO)

• ToolBarCop

• BhoScanner

• BHODemon

•  

Viruses and Worms

Keeping Systems Patched

• Microsoft Windows Update Site

• Microsoft Pre-Announces Security Fixes (released 2nd Tuesday of each month)

• Microsoft Releases Critical Security Patches for Office and Windows

• Disabling Messenger Service in Windows XP

Patch Management Software

• Microsoft’s Software Update Services (SUS) and Windows Update Services (WUS)
• HFNetChkPro Patch Management Software
• LANDesk Management Suite
• Altirus Patch Management Solution

Outsourcing Patch Management Software

• iPass Endpoint Policy Management

Anti-Virus Software

• F-Secure Anti-Virus top rated product that combines Top Rated Anti-Virus with Top Rated Spyware and the only one of the top rated products that also spots Rootkits.  From the company that discovered the Sony BMG rootkit. 

• AVG Anti-Virus - Top rated and very userfriendly, 2 year license

• BitDefender Standard Edition v7

• PC-cillin Internet Security

• Norton Antivirus Rates Poorly in Recent Reviews

• 2006 Anti-Virus Software Report

• TopChoice Anti-Virus Software Reviews

Email Born Viruses and Spam

• MX Logic Reports One in Eight Email Messages Infected by Sober.Z Worm

• Message Labs Virus and Spam Statistics

• Zombie PCs Account for 51 Percent of Spam in January 2005

• Spam Laws 

• Are You Spamming Your Clients (Journal of Accountancy, August 2004)

• eWeek Special Report - Canning Spam

Outsourcing SPAM Filtering (Great Choice!) 

• MxLogic $1.50 per user per month (Used by K2 Enterprises)
• Managed Services for E-mail Security $1.80 per user per month
• MessageLabs see a Services Demo
• McAfee Managed Mail Protection- McAfee Site
• FrontBridge TrueProtect Message Management Suite
• Postini Email Filtering
• AppRiver
• Trend Micro Spam Prevention Service

Filtering Spam with a Gateway Server (Great Choice!)

• DoubleCheck (The solution used by K2 Enterprises.)

• MailFrontier Gateway™ Appliance

• IronPort Systems 

Filtering SPAM on Your Email Server (OK Choice.)

• Add-ins for Microsoft Exchange Server
• IHateSpam

Filtering SPAM at Your Local WorkStation (Weakest Approach.)

• SpamBayes (Our recommendation for this class of product.)

• Trend Micro™ PC-cillin™ Internet Security 2004

• Other Alternatives 

• Outlook 2003 Includes Much Improved Spam Filtering

IM Viruses

• Companies unprepared for IM Attacks

• Akonix IM Solution

Cell Phone Viruses

• Cell Phone Viruses are for Real

Web Page Viruses

• Can I catch a virus from a web page?

• Example of a Page with an Active X Control

• W32/Nimda - An Example of a Web Page Virus

Hackers and other Unauthorized Network Entry

Physical Security Issues

• 70 Percent of All Reported Security Breaches Are Due to Insiders

Wireless Networks

• Default Password List for Routers

• Worried about Wi-Fi security?

• Wi-Fi security is getting worse

Firewalls

Hardware Firewalls

• Is the DSL/Cable Router Enough for the SOHO - NO!
• Apple Airport Express
• 3Com Office Connect Wireless 54Mbps 11g Travel Router
• Home and Small Office Hardware Firewalls
• Sonicwall TZ 170 Wireless Router  (Small office wireless router $450)
• SonicWALL PRO 230 and PRO 330 (Examples of business class firewalls.)
• Outsourcing Firewall Management

Software Firewalls

• Zone Alarm Pro - personal firewall software - low cost, very highly rated solution
• Norton Internet Security - not recommended - requires IOHO excessive resources
• Black Ice Defender Personal Firewall Software
• Window XP Built In Firewall - Probably not adequate for laptops that have confidential information on them and are not behind a corporate grade firewall

Intrusion Detection

Intrusion Detection Systems

• Introduction to Intrusion Detection Systems
• ZyWALL IDP 10, the first in a series of intrusion detection and prevention network security appliances for the SOHO and small/medium enterprise (SME) market
• Sun Expands Managed Security Services  Security Pipeline, October 29 2004  Sun Microsystems unveiled an incentive for solution providers to offer customers a risk-free, 90-day trial of outsourced Intrusion Detection System (IDS) services and associated security technologies.
• Many health-care organizations are going beyond firewall and intrusion-detection technologies and counting on intrusion-prevention products to safeguard their systems.
• One of the most well known and widely used intrusion detection systems is the open source, freely available Snort.

Confidentiality of Remote Communications

Secure Remote Network Access

• Is a VPN the Right Solution for Your Organization?

Email Communications

• The Case For Secure Email - A good article on how email works and the security issues with unencrypted email.

Spyware

• F-Secure Anti-Virus top rated product that combines Top Rated Anti-Virus with Top Rated Spyware and the only one of the top rated products that also spots Rootkits.  From the company that discovered the Sony BMG rootkit. F-Secure uses has licensed Lavasoft Ad-Aware to use in detecting and blocking spyware.

• Spy Sweeper - PC Magazine Editor's Choice

• PC Magazine Spyware Review - November 2005

• Microsoft Free Anti-Spyware

• Lavasoft Ad-Aware 

• Center for Pest Research 

• War Story on SpyWare infested PC - Includes tips for cleaning your machine

• Using ToolbarCop to remove the unwanted Toolbands, Toolbar icons and Browser Helper Objects

• Registry Clean Expert - Popular Registry Clean Utility

Sony Makes a Major Misstep by Planting Trojan on Legally Purchased CDs

• FAQ: Sony's 'rootkit' CDs

• Sony recalls risky 'rootkit' CDs

• What makes a rootkit?

Phishing and Pharming

• Anti-Phishing Working Group

• MessageLabs Intelligence Annual Email Security Report 2004

• Report: Cost of phishing not so high

• Phishers using DNS servers to lure victims

Spear Phishing - The Latest Twist on ID Theft Scams

• PC World, November 2005 - Threat Alert: Spear Phishing

Recovering from a Security Failure

Backup

Examples of Online Backup Services

• Mistral Managed Backup service

• First Backup (as little as $3.29 per month)

• U.S.DataTrust

• Google Search of Online Backup Services

Having a Disaster Recover Plan that Covers Security Breaches

• Disaster Recovery Plan Checklist and Audit 

• Disaster Recovery Plan: Manager's update checklists

• Janco Disaster Recovery Plan Template 

Using NAS Drives for Backup Instead of Tape

• Maxtor 300 GB NAS Drive

• Second Copy Reasonably Priced Backup Software

Tools for Testing Computer Security

• The MailFrontier Phishing IQ Test
• Shields Up 
• Symantec Security Check 
• Qualys’ Free Browser Checkup 
• Microsoft Baseline Security Analyzer 
• GFI Email Security Test