A few weeks ago I found myself watching a 4Corners show on computer & network security which highlighted how vulnerable computers and computer networks are from a security standpoint.

It's often difficult to convince business owners that computer security is a real problem and a real threat to their business and livelihood. Too often, business owners are only convinced that they need to actively address computer security only when their network has been hacked and they've lost time, money, their data or all three.

Anyway, I highly recommend you check out the documentary when you get a moment. You can watch it online.

Here's a quick network security checklist too that will help you quickly assess how secure or well protected your network is:

• Do all staff have unique passwords that expire or are changed regularly?
• Are all your business PCs running antivirus software that has a current subscription and can be managed from a central location?
• Do you have email spam filtering that also protects you against viruses that also sits outside your network?
• Does your server have antivirus software installed?
• Do you run nightly backups of your company data?
• Is your backup media regularly taken offsite to protect against fire and theft?
• Do you have multiple backup methods to provide protection in cases where the primary method fails?
• Is your wireless network at home & work encrypted?
• Do you use unique passwords for various online services you access regularly?
• Are you staff storing data on the server or is it sitting on their laptops or desktops where it's not regularly backed up?
• Is your network protected behind a business grade firewall with UTM (unified threat management) to protect you against trojans, spyware & phishing?
• Does your IT provider perform regular server, network & IT maintenance to ensure systems are running in peak condition and are not vulnerable to attack?
• Do you regularly apply security updates on your PCs & Servers?

Looking for help with computer security or are maybe looking at a network audit? Why not give us a call on 08-6102-5700 to talk about how we can help you today.

Four Corners IT Security Documentary

Microsoft released a whole bunch of security patched yesterday (14-October-09) and one of these relates to critical flaws in Internet Explorer. Details are below; if you need help with your PC patching & maintenance, call us now.


October's Critical IE Cumulative Update Corrects Four Code Execution Flaws
SEVERITY: HIGH
13 October, 2009

SUMMARY:

• This vulnerability affects: Internet Explorer 8 and earlier versions, running on all current version of Windows
• How an attacker exploits it: By enticing one of your users to visit a web page or link containing malicious code
• Impact: In the worst case, the attacker can execute code on your user's computer, gaining complete control of it
• What to do: Deploy the appropriate Internet Explorer patches immediately

EXPOSURE:
In a security bulletin released today as part of its monthly patch update, Microsoft describes four new vulnerabilities in Internet Explorer (IE) 8.0 and earlier versions, running on all current versions of Windows (including Windows 7 and Windows Server 2008).

Although the four vulnerabilities differ technically, they share the same general scope and impact. Most of them involve memory corruption flaws having to do with how IE handles various HTML objects or data streams. If an attacker can lure one of your users to a web page containing malicious web code, he can exploit these vulnerabilities to execute code on that user's computer, inheriting that user's privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim's computer.

Keep in mind, today's attackers commonly hijack legitimate web pages and booby-trap them with malicious code. They do this via hosted web ads or through SQL injection attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way.
If you'd like to know more about the technical differences between these flaws, see the "Vulnerability Information" section of Microsoft's bulletin. Technical differences aside, all of these IE flaws pose significant risk, you should download and install the IE cumulative patch as soon as possible.

SOLUTION PATH:
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches as soon as possible.

* Note: These flaws do not affect Windows Server 2008 administrators who installed using the Server Core installation option.

STATUS:
Microsoft has released patches to fix these vulnerabilities.

REFERENCES:
 MS Security Bulletin MS09-054

Microsoft announced yesterday that it will deliver it's largest ever patch release this coming Tuesday. The patches address flaws in every vewrsion of Windows as well as Internet Explorer, Office and SQL Server.

How are you planning to deploy these patches?

ITSupportPerth can take care of all your server and PC patching and maintenance needs - from $5 per week per desktop and $59 per week per server.

Call us now on 08-6102-5700 for more information.

Click here for more information on the upcoming patches.

Got some serious spam problems you need to take care of? Our SpamScreen Spam Filtering solution will fix it for good!

SpamScreen is a relatively new service ITSupportPerth offers and is a spam filter, antivirus product & anti-phishing product all in one. SpamScreen also scans your outbound email for viruses and malicious content and learns what sort of email constitutes spam and what email is genuine so it gets even better over time!

We believe SpamScreen is the perfect solution to your spam problems because:

• There's absolutely no software to manage
• SpamScreen is charged on a per mailbox basis so you're not stuck paying for software you don't use, particularly handy for companies that engage a lot of short term contractors
• SpamScreen sits OUTSIDE your network, so it blocks viruses before they get to your server offering an additional layer of protection
• Because SpamScreen is outside your network, it will dramatically reduce the amount of internet traffic coming into your network both speeding up your internet connection AND reducing your internet bills!
• You'll get detailed reports on how well SpamScreen is performing, who your biggest email users are and how much money your spend on SpamScreen is actually saving you!
• Your staff can manage and release their own emails directly, so no more calls for IT help when a genuine message gets accidentally blocked!
• SpamScreen comes with a no obligation 14-day FREE trial so you can test the service before committing any money to it!
• No minimum contract period, SpamScreen is billed on a monthly basis so at most all you need to provide is 30-days notice to disable the service!
• SpamScreen is only $1.29 per week per mailbox!

Following their plan to implement a twice-yearly patch cycle falling on the fourth Wednesday of March and September, today marks Cisco's biannual patch day for September 2009, with eleven security advisories released. Most of these advisories cover security vulnerabilities that affect devices running Cisco's Internetwork Operating System (IOS) software. IOS is the operating system that runs on most Cisco routers and switches. However, two of the advisories also cover vulnerabilities in Unified Communications Manager (UCM), which is Cisco's enterprise-level, IP telephony call-processing system.

More information available here

It's that time of year again when daylight savings kicks in. The three year trial of daylight savings in WA is finished now and the eastern states move their clocks forward on the 4th of October.

If your PCs and servers aren't up to date and haven't been patched with the latest Windows Patches then you're in for some trouble! Your PCs and servers will automatically move their clocks forward on the 4th unless they've been patched with Microsoft Windows patch KB970653. If you don't patch your machines your Outlook appointments will not be correct, your Blackberry handheld device will also display incorrect appointment times and you may have trouble with accounting systems or line of business applications.

ITSupportPerth can help to deploy the latest daylight savings patch onto your network no matter how small or large your network is - for more information, call us on 08 6102-5700