The global spam rate is shown on a daily basis for this edition’s given period. Spam rate indicates the accumulated emails which have been tagged as spam, in comparison to total email traffic. Top 5 spam regions are ranked by received spam in comparison to global spam volume. Statistics are graphed for business working days, and shown in Figures 4a-4b below:

The amount of spam detected in email traffic averaged 86.3% in September 2009. A low of 83.3% was recorded on 18 September with a peak value of 91.3% being reached on 27 September. Most noticeably, for the first time ever Kaspersky Lab’s records show that the quantity of spam received by users throughout September 2009 did not drop below 83%.


Email Monitor

we can monitor emails with some technical methods, especially how we can monitor emails with this packet sniffer – Colasoft Capsa.

Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing.

By giving you insights into all of your network’s operations, Capsa Network Analyzer (Packet Sniffer) makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.

Windows 7 keeps being a hot topic since its publication, and it was touted to be a great improvement no Vista, among what security aspect is included.
In order to text that assertion,the Sophos Team installed a full release copy of the new OS on a previously cleaned computer, kept the default values for User Account Control (UAC) and didn’t install any anti-virus software.
Then they proceed to infect the computer with 10 unique samples ofmalware that SophosLabs received last. Unfortunately,the result was not at all good for the users, actually, it is technically a good result for manufacturers of anti-malware software around the world. The result is that only 2 out of 10 failed to operate!The following chart shows how vulnerable Windows7 is to most of the virus!

The UAC managed to block by itself only on sample, and that is definitely not good enough.

So if you installed Windows 7, remember to useanti-virus software.

According to the latest Microsoft Security Intelligence Report , security best practices from countries that have consistently exhibited low malware infection are shared. While network security is highlight in many enterprise and countries,these best practices and security intelligence provide a very valuable resource for business leaders that need to make accurate decisions based on the threats that are most pressing today.

Malware infection rates and threats vary geographically, and the Microsoft Security Intelligence Report contains proven best practices from countries with the lowest infections. Such as in Japan, Austria and Germany ,the infection remained relatively low during this period.

Let’s see how professionals from these regions keep their customers and resources safe from cyber threats:

* Japan has seen its infection rates remain relatively low. One of the reasons is due in large part to collaborations such as the Cyber Clean Center, a cooperative project between Internet service providers (ISPs), major security vendors and Japanese government agencies to educate users.
* Austria has implemented strict IT enforcement guidelines to lower piracy rates, and this - along with strong ISP relationships and fast Internet lines, which aid in security update deployment - has helped ensure its generally low infection rate.
* Germany has also leveraged collaboration efforts with its computer emergency response team (CERT) and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.

The main reason for the success of each of these regions is the growing trend of community-based defense, in which the broader industry combines its collective strengths and intelligence to help defend computer users.

You can see the complete report here!

According to the latest Microsoft Security Intelligence Report (SIRv7), worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six month.That is horrible and indicates that more attentions should be paid to network security in enterprise. Before it does any harmful damages to us, we should do something! Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.

Worm infections have resurged to become the second most prevalent threat for enterprises in the first half of 2009 after Melissa appeared and defined mass-mailing worms as a class of malicious threats ten years ago!Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments. According to SIRv7, the following were the top two families detected:

Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Conficker is not in the top 10 for consumers, because home computers are more likely to have automatic updating enabled. This further reiterates the need for enterprises to have a robust security update management program in place.

Taterf, with detections up 156 percent since the second half of 2008, targets massively multiplayer online role-playing games (MMORPGs). These attacks rely less on social engineering to spread, and more on access to unsecured file shares and removable storage volumes — both of which are often plentiful in the enterprise. Taterf’s impressive growth underscores the need for organizations to develop guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.

According to the report, rogue security software remained the single largest threat category for the first half of 2009. In addition, while there has been progress combating rogues, this threat remained a major pain point for computer users during the same period.

Also known as “scareware,” rogue security software takes advantage of customers’ desire to keep their computer protected. Microsoft products and services removed malware from more than 13 million computers worldwide, down from 16.8 million in the second half of 2008. Computer users are advised to use an anti-malware solution from a company they trust and to keep its threat definitions up to date.

Network sniffer
A network sniffer can help a lot to build a secure network! Here is a very good one! Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing.
By giving you insights into all of your network’s operations, Capsa Network Analyzer (Packet Sniffer) makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.You can download a free trail here!

Nowadays, almost every company has a network security admin! what will you do to ensure a proper training for your network security admin,properly training your security administrator is important. So, let’s see what makes a good network security administrator and what kind of training should be given to make a good network security administrator!
why a network security admin should be well trained?First of all,he/she should have a certain baseline of skills and some specific training. At a minimum, your network security trainee should be able to administer the systems he or she is protecting.But this doesn’t mean he/she should know each application thoroughly; applications are for systems administrators. Rather, the security administrator should be able to administer the operating systems and security-specific devices and applications that lie within your network defense perimeter.let’s see a example,if you run a Windows network, the security administrator must be qualified to administer the systems within that network, including everything from server to client. This is necessary because most vulnerabilities are discovered in the operating systems and their components.That’s why a well training for your security admin is very important. If you need a financial incentive to provide this training, keep in mind the words “due diligence” and the recent bout of court cases against companies that failed to properly secure their networks.
Developing a training plan isn’t that difficult, but I’ll make it even easier by outlining a sample training plan. I’ll base this sample plan on a Windows 2000 network with Windows XP Professional clients and a Check Point FireWall-1 NG.
This plan mentions specific certifications. While certifications normally mean next to nothing to me, these certification tracks do an excellent job of training and verifying the skill sets that a security admin requires. The key word here is training. In this plan, you’re using the certification as an industry standard tool set to train and verify the skills you want your security administrator to have.

“Clients and servers training”

For the operating systems involved in clients and servers training, the Microsoft Certified Systems Administrator program does an excellent job of training and verifying client- and server-level skills. The MCSA covers the following areas:

* Installing, configuring, and administering Windows XP Professional and Windows 2000 Server
* Managing a Windows 2000 network environment
* Implementing and administering Windows 2000 network security
* General security concepts
* Communications security
* Infrastructure security
* Cryptography basics
* Integration of various devices across your organization

Once your new security administrator thoroughly understands what he or she is protecting, it’s time to begin training on the device that’s most responsible for network security: the firewall.

“Firewall training”

Your best choice for firewall training is usually directly through the vendor. Check Point Certified Security Administrator (CCSA) is an entry-level certification that confirms the administrator’s ability to configure and manage fundamental implementations of Check Point’s FireWall-1.

The CCSA training plan verifies that the security administrator possesses the skills to define and configure security policies that enable secure access to information across the corporate network. The CCSA training also teaches the admin how to monitor network security activity and how to implement measures to block intruder access to protected networks.

“Final thoughts”

This is a basic plan for training a security admin. Advanced training for a new security admin should include training on all switches and routers and on any security-specific tools and applications that are used for your network defense. In addition, training your admin to understand how security impacts the organization as a whole is important to prepare him or her to create effective security policies.

Once you’ve trained the new admin and as new security devices and software are added to the network, have your security admin review and certify these devices to operate on the network. This builds security into the operations of your network instead of tacking it on at the end.

“network analyzer”

Above all I conclude above, a network analyzer is a good help to a network security administrator!Here is a very good one!It is an expert network analyzer designed for monitoring and diagnosing network traffic flowing through local network, helping network administrators to detect and troubleshoot network problems. With the abilities of real time packet capture, accurate protocol analysis, automatic network events diagnosis, combined powerful filters and statistic information of global network, Colasoft Capsa let you quickly and efficiently fix the network troubles.Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing.
By giving you insights into all of your network’s operations, Capsa Network Analyzer (Packet Sniffer) makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.

Every office generates so much e-mail, instant messages and Internet traffic it’s all but impossible for management to keep track of exactly what’s being said, seen and done online.

But how can execs be confident that all these digital conversations are necessary and not just time-wasting? Or worse: the cover for data leaks, inappropriate content-sharing or other nefarious or even criminal activities.

Why monitor staff e-mail?
Some of the reasons an organisation might want to monitor staff use of e-mail and Internet sound obvious–assessing skills or performance or keeping tabs on time spent on non-work activities, for instance, or preventing the distribution of inappropriate or illegal content.

Another possible use for monitoring could be to help prevent damage to computer systems by identifying careless Internet and e-mail users who are downloading malware or accessing potentially risky websites. It could also help to ensure compliance with health and safety regulations and, more broadly, to reduce the risk to the business from liability for the actions of its employees.

Other reasons to embark on a period of monitoring might include gathering evidence on an untrustworthy employee where there are serious and credible grounds for suspicion.

Issues to consider when monitoring staff

Monitor staff only if you think it is justified because of a present and serious risk to your business.

Remember that monitoring in itself can present a risk to your business if employees feel you don’t trust them. Consider the issues below when monitoring staff.

Management issues

Ensure that your reasons for, policies about, and methods of monitoring are:

• well thought out to meet your business’ needs
• justified and proportionate
• applied consistently and fairly

To avoid damaging employment relations as a result of monitoring:

• consult staff, employee representatives or trade unions about procedures and policies
• communicate policies to staff
• include monitoring policies in your workers’ contractual terms and alert them to these when they start work
• control access to information collected through monitoring, in line with data protection law
• consider alternatives to monitoring
• inform staff of how you will deal with misconduct discovered through monitoring

Internet issues

To avoid inappropriate use of the internet and email:

• Set out workers’ rights, responsibilities and limitations for use of the internet and email at work, but don’t be too restrictive.
• Allocate personal internet usage time, eg outside normal working hours.
• Detail monitoring methods for internet and email usage.
• Educate staff on the potential legal risks and liabilities/security problems that misuse may create.
• Make clear to staff that you are complying with legal guidelines on interception.
• If you outsource computer support, provide in the maintenance contract for someone at your supplier to brief you on security issues. To comply with the Data Protection Act 1998, you will need a contract with the support company requiring them to act under instruction from you only and which ensures that they take equivalent security measures to you regarding the handling of personal information.
• It’s less intrusive to block access to sites than to monitor the sites someone visits.

Legal issues

• Ensure that your monitoring of staff complies with the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000. If in doubt consult a solicitor.
• Put up notices reminding employees of your monitoring policies.
• UK passports are subject to Crown copyright protection and copies can only be made in certain circumstances, eg where an employer has to prove that it has checked the passport holder’s entitlement to work in the UK.

Network security is arguably one of the most critical functions of IT - yet I frequently see organizations that have overlooked easily implemented security design practices. Here are a few common mistakes that could compromise your network defenses and put company assets at risk.

the first design flaw: Set it and forget it

The first flaw I want to talk about is more a planning flaw than a design flaw. It involves what I like to think of as the “set it and forget it” mentality. This is what happens when organizations work hard to secure their networks without stopping to reevaluate their security plans again. The threats to Internet security are constantly evolving, and your security architecture must evolve too. The best way to accomplish this is to reevaluate your security needs on a regular basis.

the second design flaw: Opening more firewall ports than necessary

We all know that opening an excessive number of firewall ports is bad, but sometimes opening ports is unavoidable. For instance, take Microsoft Office Communications Server 2007 R2. If you are planning on providing external access, about a dozen ports must be opened. In addition, OCS 2007 R2 assigns a wide range of ports dynamically. So what’s a security administrator to do?

One of the best solutions is to make use of a reverse proxy (such as Microsoft’s ForeFront Threat Management Gateway). A reverse proxy sits between the Internet and the server that requires the various ports to be opened. While there is no getting around the need for open ports, a reverse proxy can intercept and filter requests and then pass them on to the server they’re intended for. This helps hide the server from the outside world and helps ensure that malicious requests do not reach the server.

the third design flaw: Pulling double duty

With the economy in shambles, there is increasing pressure to make the most of existing server resources. So it might be tempting to host multiple applications or multiple application roles on a single server. While this practice is not necessarily bad, there’s a law of computing that states that as the size of the code base increases, so does the chance that an exploitable vulnerability exists.

It isn’t always practical to dedicate a server to each of your applications, but you should at least be careful about which applications or application roles are hosted on a single server. For example, at a minimum, an Exchange 2007 organization requires three server roles (hub transport, client access, and mailbox server). While you can host all three roles on a single server, you should avoid doing so if you are going to be providing Outlook Web Access to external users. The Client Access Server role makes use of IIS to host Outlook Web Access. Therefore, if you place the client access server role on the same server as your hub transport and mailbox server roles, you are essentially exposing your mailbox database to the Internet.

the fourth design flaw: Ignoring network workstations

About a year ago, someone asked me during a radio interview what I thought was the single biggest threat to network security. My answer was, and still is, that workstations make up the single largest threat. I constantly see organizations that go to great lengths to secure their network servers but practically neglect their workstations. Unless workstations are locked down properly, users (or malicious Web sites) can install unauthorized software with untold consequences.

the fifth design flaw: Failing to use SSL encryption where it counts

We all know that a Web site needs to use SSL encryption any time a user is going to be entering sensitive information, such as a username and password or a credit card number. However, many organizations make some bad decisions when it comes to securing their Web portals. The security flaw I see most often is including insecure content on a secure page. When this happens, users receive a prompt asking if they want to display both secure and insecure content. This gets users in the habit of giving Internet Explorer permission to provide insecure content.

A less obvious but even more common problem is that organizations often fail to encrypt critical pages within their Web sites. In my opinion, any page that provides security information, security advice, or contact information should be SSL encrypted. It isn’t that these pages are especially sensitive. It’s just that the certificate used by the encryption process guarantees to users that they are accessing a legitimate Web page rather than a page someone has set up as a part of a phishing scam.

the sixth design flaw: Using self-signed certificates

Since some organizations completely neglect the importance of SSL encryption, Microsoft has begun to include self-signed certificates with some of its products. That way, Web interfaces can be used with SSL encryption even if the organization hasn’t acquired its own certificate yet.

While self-signed certificates are better than nothing, they are not a substitute for a valid SSL certificate from a trusted certificate authority. Self-signed certificates are primarily intended to help boost a product’s security until an administrator can properly secure it. Yes, a self-signed certificate can provide SSL encryption, but users will receive warning messages in their browsers because their computers do not trust the certificate (nor should they). Furthermore, some SSL-based Web services (such as ActiveSync) are not compatible with self-signed certificates because of the trust issue.

the seventh design flaw: Excessive security logging

Although it’s important to log events that occur on your network, it’s also important not to go hog wild and perform excessive logging. Too much logging can make it difficult or impossible to locate the security events you’re really interested in. Rather than trying to log everything, focus on logging the events that are really meaningful.

the eighth design flaw: Randomly grouping virtual servers

Virtual servers are commonly grouped on host servers by their performance. For example, a high demand virtual server might be paired on a host with a few low demand virtual servers. From a performance standpoint, this is a good idea, but this approach may not be the best idea from a security standpoint.

I recommend using dedicated virtualization hosts for any Internet-facing virtual servers. In other words, if you have three virtual servers that provide services to Internet users, you might consider grouping those servers on a virtualization host, but don’t put infrastructure servers (such as domain controllers) on the host.

My reasoning behind this is to provide protection against an escape attack. An escape attack is one in which a hacker can escape from a virtual machine and take control of the host. To the best of my knowledge, nobody has figured out a way to perform a real-world escape attack yet, but I’m sure that day is coming. When it does, your odds of prevailing against the attack are going to be a lot higher if virtual machines that are exposed to the Internet share a virtualization host only with similarly hardened Web-facing servers.

the ninth design flaw: Placing member servers in the DMZ

If you can avoid it, try not to place any member servers in your DMZ. If compromised, a member server can reveal information about your Active Directory.

the tenth design flaw: Depending on users to install updates

One last common security flaw is depending on users to deploy security patches. I have seen several network deployments recently that use WSUS to patch network workstations. Unfortunately, many of these deployments rely on the users to click the option to install the latest updates. The problem with this is that the users know that the update process is going to require them to reboot their computers. Some users may end up putting off the updates indefinitely. Rather than relying on the end users, use a patch management solution that pushes security patches automatically without giving users a choice in the matter.

Windows allows us to easily share files and folders with other people on our network; but some of us may want to know when someone else is accessing our shared files and folders. I am going to show everyone 4 different methods to do just that.

Computer Management

For all its faults, Windows has a lot of features. In fact, many people outside the tech circle don’t even know most of them. Computer Management is one of these features. From Computer Management, users can do many things. Amongst these “many things”, users have the ability to

1. See all the folders they are sharing (Computer Management -> System Tools -> Shared Folders -> Shares);
2. See who (from their network) is connected to their computer (Computer Management -> System Tools -> Shared Folders -> Sessions);
3. What shared files are opened (Computer Management -> System Tools -> Shared Folders -> Open Files).

You also have the ability to create new shares, stop sharing specific shares, disconnect anyone connected to your computer, or disconnect access to just the opened files. If you want can also right click on “Computer Management (Local)” -> “Connect to another computer” to monitor the shares of another computer (if you have access).

To access Computer Management, simply find it under Control Panel, or open Start Menu -> Run and type in compmgmt.msc (Windows Vista and Win7 users can just type compmgmt.msc in their search box instead of going to Run).

ShareWatch

Image by the developer.

ShareWatch is a very small (77 KB) free, portable, and standalone application which monitors all shared folders and files on your computer. Like Computer Management, it allows you to disconnect a user’s access to your computer or to a file at will. While you can’t add new shares with ShareWatch, you can stop sharing a share. Like Computer Management, ShareWatch allows you to monitor the shares of a remote server or computer (if you have permission/access to do that).

Net Share Monitor

Image by the developer.

Net Share Monitor is another small (636 KB), free, portable, and standalone application which monitors local or remote shares. It tells you who is connected and what files are being access. Just like ShareMonitor and Computer Management, you have the ability to disconnect users or access to files. Two features unique to Net Share Monitor, however, is the ability to log all activity related to shares and play a sound to notify the user a new connection has been opened to the shares. Features lacking in Net Share Monitor include not being able to create a new share or stop sharing a share.

System Tray Share Monitor

Image by the developer.

System Tray Share Monitor, while not that small in size, portable, or standalone, is an open source software which pretty much does the same thing as Net Share Monitor: it tells you who is connected and what files are being access, you have the ability to disconnect users or access to files, and you can log all shares related activity. One feature in System Tray Share Monitor not present in all the others is the ability to filter what shares/files you monitor by connected user’s username, computer network name/IP, number of files opened, or max idle time.

Overall which one of the above methods you want to use will depend on your needs. If you want to just occasionally monitor shares, there is no need to download a third party program when Computer Management will do that for you. However if you want to monitor shares on a regular basis, Net Share Monitor is the way to go because not only will it notify you when users connect, but it can also log the activity. Plus Net Share Monitor is portable and standalone, so you don’t need to install it and you can take it with you on the go.

from http://dottech.org/freewaresr

TAIPEI, Taiwan — Far EasTone Telecommunications (FET) announced cooperation with Juniper Networks to launch a cyber protection system for small and medium enterprises (SMEs), yesterday.

According to a survey by the Institute for Information Industry, Taiwan sees a potential NT$16 billion information security market because of the proliferation of IT security breach cases and increased business consciousness on cyber safety.

Since acquiring Information Security Service Digital United Inc. in 2004, the FET, the telecommunications arm of the Far Eastern Group, has been making big moves in the market. By teaming up with the Sunnyvale, California-based Juniper Networks, which was ranked as the 4th most admired networking communications company in the world by Fortune Magazine, FET effectively stepped up its game in cyber security.

“In the fiercely competitive business environment, cyber security issues such as attacks by virus, hackers, spam, etc. have substantial impact on businesses’ productivity,” Jeffey Gee, president of the FET affiliated New Century Information Communication, said. “On top of that, enterprises also have specific needs to protect their sensitive business information. By cooperating with Juniper Networks, FET establishes the ‘Twin Towers’ of cyber protection that provide the best guard for SMEs.”

Juniper, on the other hand, sees its cooperation with FET as a significant development in Taiwan’s telecommunication and IT industry. “Juniper Networks have confidence in the FET’s ability to be ahead of the market in providing well-thought innovative services with added-value to the customers,” Adam Judd, Juniper Networks’ senior vice president for Asia Pacific, said. “We are glad to have the chance to closely cooperate with FET. It is a milestone for us.”

“We share FET’s passion to provide fast, reliable, safe and easy-to-use network services to our customers. We believe this strategic alliance will combine the strength of the products of both of Juniper Networks and FET to provide the best choice of information security service to customers,” he added.

The FET SME Cyber Protection system combines FET’s expertise in telecommunications and customer service with Juniper’s well-known products and after-sales support capability. The system will therefore boost a seamless integration of the front- and back-end services to effectively protect companies’ e-mail systems and increase bandwidth. The system will also provide comprehensive evaluation of businesses’ Web sites to identify possible weaknesses and find the best ways to address them. It will also issue notifications on cyber attack trends and warnings for impending attacks.

The business of Juniper includes the design and sales of Internet Protocol network products and services. Juniper’s products include routers families of T-series, M-series, E-series, MX-series, and J-series; EX-series Ethernet switches, WX-series WAN optimization devices, and SRC Session and Resource Control appliances. With products widely used in the large networks globally, Juniper is a leader in high-performance networking.

From Chinapost.com