Click here to close now.


Cloud Security Authors: Pat Romanski, Elizabeth White, Jim Scott, Liz McMillan, Kevin Jackson

Blog Feed Post

How To Deal With Internet Security Threats

Ian Kilpatrick, chairman of IT specialist Wick Hill Group, examines the range of Internet security threats faced by companies today and advises on how to protect against them.

How to use the Internet while staying secure has always been a concern for businesses. Over the last couple of years there have been many changes in the Internet threat scenario. Most notably there has been a significant increase in the 'access anywhere/anytime culture' with a growth in social networking, a move to convergence solutions such as VoIP, a major increase in smartphone use, a growth in cloud computing, plus the 'consumerisation' of systems (i.e. the use of personal devices for company data).

The range of security threats includes

* Malicious threats, such as viruses and other malware

* Fraud threats such as phishing emails, spyware and toll fraud

* Unauthorised access from hacking, data leakage, botnets, unsecured wireless, and user name/password insecurity, etc.

* Operational threats, such as distributed denial of service (DDoS) attacks, attacks on VoIP, the failure of cloud computing suppliers to secure your network, or security risks from remote workers.

* Newer threats such as social networking insecurity, web application threats, smartphone insecurity and poor security for converged voice/data applications on the network

The basics that companies need to protect themselves in today's internet environment include:

Risk assessment/risk management.
A risk assessment should be carried out BEFORE implementing additional aspects of internet use, to identify the risks and determine what, if anything, needs to be done to minimise them. It is important to regularly review all security policies. Recent history has shown that it is less expensive, easier and more efficient to deploy security at the beginning of any project than to try to "backfill" it. Oh yes, and it's more secure!

Staff training
Educated staff are the first and main line of defence. Staff need to be brought on board, where security is concerned. The impetus needs to come from the top and be maintained.

Staying up to date
A basic and key way of staying secure is to make sure you rapidly deploy software updates, such as operating system and browser updates. Make sure too that patches, particularly security patches, are installed as soon as available.

As a first line of defence, users should be educated to not open unknown attachments, which are a common source of viruses and spyware, and to be very cautious about clicking on any links.

Anti-virus systems should be behaviour-based and updated automatically in the background. Many anti-virus solutions also incorporate anti-spyware elements, to help cope with problems such as the theft of user names and passwords. Suppliers include Kaspersky Lab, VIPRE Business, Norton, McAfee and Symantec. Anti-spyware suppliers include Barracuda Networks and WebRoot. Free anti-spyware solutions, such as Spybot, are also available.

Firewalls are now almost universally deployed. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

A huge range of firewalls is available today from companies such as Check Point, Nortel, Nokia and WatchGuard. Firewalls are also available as part of a unified threat management appliance (UTM) or an extensible threat management (XTM) appliance, where a firewall is combined with other security functions, including (in many cases) web application firewalling (WAF), sometimes also known as deep packet inspection (DPI).

The best way to prevent unauthorised access is through authentication.

Single factor authentication involves the use of passwords only, ranging from weak to complex. It has a number of insecurities and is highly vulnerable to the same password being used for multiple applications (including social networking), increasing the risk that your business applications security could be breached.

Strong two factor authentication comprises something you know (a password) and something you have (e.g. a hardware token, which can produce a time limited one time password, a soft token (for example a PIN sent to a mobile phone) or a swipe card). Companies including VASCO, RSA and CRYPTOCard provide strong two factor authentication solutions. While there are still risks with this approach, it provides significantly improved security at a comparatively low cost

Biometric authentication, involving personal elements such as fingerprint or iris recognition, is more appropriate for high security applications, such as financial or defence.

Remote user security
Encrypted virtual private networks (VPNs), either IPsec or SSL, are the typical solution for secure branch to head office communications, for communications between companies and third parties such as suppliers, and for secure communications between remote/mobile workers and head office/branches. This should be done, using a minimum of two-factor authentication.

Branch offices can install low-cost remote UTMs which incorporate VPNs and these can be centrally administered, typically by the head office. Companies such as WatchGuard, Check Point and NETASQ provide remote, centrally manageable IPsec and SSL VPN solutions.

Another method of securing remote and mobile users is endpoint security (EPS). Coupled with central management, it can ensure that firewall, anti-virus and security patches are used. A range of solutions is available from companies such as Check Point, GFI Software, Kaspersky Lab and Citrix.

With the growth of remote working, managing the remote worker network securely has become increasingly difficult and costly. To complicate matters, many employees are using their own PCs, laptops and smartphones to link to the company.

This carries a significant risk of these devices being infected by spyware, etc. and introduced to the network. Additionally, data on them could be unprotected. Coupled with this, there is the high cost of providing, supporting, patching and managing company supplied devices.

One solution is for the employer to give the employee an allowance to buy their own PC or laptop and to supply them with a secure, hardware encrypted flash drive with embedded security software.

This creates a secure tunnel, stronger than an SSL VPN, between the remote worker's PC and the applications on the home network. File transfer between the PC hosting the flash drive, and the corporate network, is strictly controlled. The use of applications and programmes too is subject to the applied security policy.

These types of solutions essentially provide a secure, virtual environment, irrespective of the security status of the users PC/Laptop. They include solutions from Check Point (Abra) and IronKey, as well as the different approach of virtual desktop infrastructure (VDI) from Citrix and VMware.

Smartphone growth presents another remote access security risk. Staff are increasingly using them to retrieve email and use other applications on the move.

But they remain largely unprotected and have the potential to put the whole network at risk through unauthorised access, particularly as they are so easily lost or stolen. Wi-Fi roaming out of the office, creates a number of security risks, including the risk of identity and security credentials being lost or stolen.

Because of the dangers, smartphones should be treated just like PCs, when it comes to securing them.

A lot can be done through carrying out a number of simple preventative actions. For example, use the PIN function to secure the phone, install data wiping facilities, employ time-out policies, and install GPS tracking so the phone can be located if stolen. Authentication to the network from smartphones is essential.

Specific smartphone security solutions are also available from suppliers such as Kaspersky Lab, Sipera, CRYPTOCard and Check Point.

Wireless security
The use of wireless has grown significantly in the last few years and is now endemic, with smartphones increasingly being used to connect to wireless.

Authentication is absolutely crucial in this environment and strong two factor authentication should be used for access to all confidential internal data, from wireless pcs, laptops and smartphones. Sensitive data should not be held on a smartphone or wireless laptops, unless encrypted.

IPSec or SSL encrypted VPNs should be used for all wireless communications between head office and remote locations, such as branch offices, mobile users or home workers.

When employees leave a company, and their access to wireless hasn't been managed, then the risk of them causing problems through unauthorised access is significantly increased.

Wi-Fi roaming and Bluetooth are other risks, with many users leaving their devices Wi-Fi roaming and Bluetooth-enabled. This leaves them vulnerable to attacks resulting in access to the devices and the company network, particularly if authentication is not strong enough.

If your organisation is using unencrypted wireless in the office, all the information held on your network can be at risk. If your existing solution supports WPA2 or even the discredited WEP encryption, switch it on (it will have arrived with the default off). It is a good idea to encrypt all relevant confidential files, data, internal e-mails and network attached storage (NAS).

Wireless security providers include companies such as Aruba Networks, Check Point, Ruckus, SonicWall, and WatchGuard.

Encryption (including laptop and smartphone encryption)
The easiest and most effective way of stopping sensitive and critical data being read by unauthorised personnel or outsiders is to encrypt it.

Loss or theft of data stored on laptops or smartphones is a particular problem.
However, this can be easily and inexpensively protected using comparatively low-cost encryption software for laptops from companies such as Pointsec, Utimaco and PGP, and specific mobile security software for smartphones.

The use of unified encryption management (UEM) means encryption can be easily managed across all data risk areas including desktops, laptops, PDAs, USB sticks, mobile phones and other removable media.

* Converged systems security
Security convergence is different from normal data security, because the link between phone systems and the Internet makes both voice and data more vulnerable to problems such as toll fraud and the total loss of both voice and data communications, if VoIP is hacked. However, there are security products available specifically tailored for a unified communications (UC) environment. These include solutions from Sipera, Panasonic and Samsung.

* Cloud computing/hosted systems security
If you put your network into the cloud or use hosted systems, then you are making someone else responsible for your security and need to ask your supplier a number of questions. These could include:

- what security and authentication procedures are in place for remote staff access?
- how is data secured against leakage?
- what protection is there against DDoS attacks?
- how can you guarantee your staff won't access my company's data?
- what is the service level agreement for availability and what is the recourse if it is breached?
- in what jurisdiction is my data held and stored?


Unified threat management systems (UTMs) are designed to provide a range of security solutions in a single appliance, reducing costs and simplifying the whole process of security systems management and installation. The minimum requirement for a UTM is a firewall, VPN, anti-virus and intrusion detection/prevention. Some UTMs may also provide anti-spam, web content inspection spyware protection, centralised management, monitoring, and logging capabilities.

Extensible threat management systems (XTMs) are a development of UTMs, which combine fast throughput with advanced networking features to handle high-volume traffic. They are suitable for 50-10,000 or more users.

Popular UTM and XTM solutions include those from WatchGuard, Check Point, Fortinet, Barracuda Networks and NetASQ.

Web Application Firewalling (WAF)
Web application firewalls apply rules to HTTP (essentially web server and browser) conversations. This is sometimes also known as deep packet inspection (DPI). Dedicated devices are available such as SecureSphere from Imperva, ModSecurity (open source) and the Barracuda Web Site Firewall. WAF is also included in many UTM and XTM solutions.

A variety of other multi-functional solutions, incorporating various security product mixes, is also available from companies such as Kaspersky Lab, Symantec, McAfee and Computer Associates.

The latest important IT security concerns include the increasing amount and variety of remote access, and the growing use of converged systems such as VoIP and smartphones. However, these and other ongoing security risks such as malware, fraud and data leakage, can all be adequately protected against with a strong commitment to security and the deployment of appropriate solutions.



Ian Kilpatrick is chairman of Wick Hill Group plc, specialists in secure IP infrastructure solutions for e-business. Ian has been involved with the Group for more than 30 years. Wick Hill is an international organisation supplying most of the Time Top 1000 companies through a network of accredited resellers. Contact, 01483 227600.

Ian looks at computing from a business point-of-view and his approach reflects his philosophy that business benefits and ease-of-use are key factors in IT. He has had numerous articles published in the UK and overseas press, as well as being a regular speaker at IT conferences.


For further press information, please contact Annabelle Brown on 01326 318212, email [email protected]. For reader queries, please contact Wick Hill on 01483 227600, web

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

@ThingsExpo Stories
Scott Guthrie's keynote presentation "Journey to the intelligent cloud" is a must view video. This is from AzureCon 2015, September 29, 2015 I have reproduced some screen shots in case you are unable to view this long video for one reason or another. One of the highlights is 3 datacenters coming on line in India.
In his session at @ThingsExpo, Tony Shan, Chief Architect at CTS, will explore the synergy of Big Data and IoT. First he will take a closer look at the Internet of Things and Big Data individually, in terms of what, which, why, where, when, who, how and how much. Then he will explore the relationship between IoT and Big Data. Specifically, he will drill down to how the 4Vs aspects intersect with IoT: Volume, Variety, Velocity and Value. In turn, Tony will analyze how the key components of IoT influence Big Data: Device, Connectivity, Context, and Intelligence. He will dive deep to the matrix...
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT’s direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Building actually breathes - immediately flagging overheating in a closet or over cooling in unoccupied ho...
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of streaming data in the cloud with an enterprise grade SLA. It features built-in integration with Azur...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
The enterprise is being consumerized, and the consumer is being enterprised. Moore's Law does not matter anymore, the future belongs to business virtualization powered by invisible service architecture, powered by hyperscale and hyperconvergence, and facilitated by vertical streaming and horizontal scaling and consolidation. Both buyers and sellers want instant results, and from paperwork to paperless to mindless is the ultimate goal for any seamless transaction. The sweetest sweet spot in innovation is automation. The most painful pain point for any business is the mismatch between supplies a...
The broad selection of hardware, the rapid evolution of operating systems and the time-to-market for mobile apps has been so rapid that new challenges for developers and engineers arise every day. Security, testing, hosting, and other metrics have to be considered through the process. In his session at Big Data Expo, Walter Maguire, Chief Field Technologist, HP Big Data Group, at Hewlett-Packard, will discuss the challenges faced by developers and a composite Big Data applications builder, focusing on how to help solve the problems that developers are continuously battling.
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
Mobile messaging has been a popular communication channel for more than 20 years. Finnish engineer Matti Makkonen invented the idea for SMS (Short Message Service) in 1984, making his vision a reality on December 3, 1992 by sending the first message ("Happy Christmas") from a PC to a cell phone. Since then, the technology has evolved immensely, from both a technology standpoint, and in our everyday uses for it. Originally used for person-to-person (P2P) communication, i.e., Sally sends a text message to Betty – mobile messaging now offers tremendous value to businesses for customer and empl...
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the cloud and the best price/performance value available. ProfitBricks was named one of the coolest Clo...
“The Internet of Things transforms the way organizations leverage machine data and gain insights from it,” noted Splunk’s CTO Snehal Antani, as Splunk announced accelerated momentum in Industrial Data and the IoT. The trend is driven by Splunk’s continued investment in its products and partner ecosystem as well as the creativity of customers and the flexibility to deploy Splunk IoT solutions as software, cloud services or in a hybrid environment. Customers are using Splunk® solutions to collect and correlate data from control systems, sensors, mobile devices and IT systems for a variety of Ind...
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated and cloud solutions through hybrid hosting – a sustainable solution for the data required to manage I...
You have your devices and your data, but what about the rest of your Internet of Things story? Two popular classes of technologies that nicely handle the Big Data analytics for Internet of Things are Apache Hadoop and NoSQL. Hadoop is designed for parallelizing analytical work across many servers and is ideal for the massive data volumes you create with IoT devices. NoSQL databases such as Apache HBase are ideal for storing and retrieving IoT data as “time series data.”
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud without worrying about any lock-in fears. In fact by having standard APIs for IaaS would help PaaS expl...
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Bradley Holt, Developer Advocate at IBM Cloud Data Services, will demonstrate techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user experience, both offline and online. The focus of this talk will be on IBM Cloudant, Apa...
As enterprises capture more and more data of all types – structured, semi-structured, and unstructured – data discovery requirements for business intelligence (BI), Big Data, and predictive analytics initiatives grow more complex. A company’s ability to become data-driven and compete on analytics depends on the speed with which it can provision their analytics applications with all relevant information. The task of finding data has traditionally resided with IT, but now organizations increasingly turn towards data source discovery tools to find the right data, in context, for business users, d...
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobile software company with over 150 developers, designers, quality assurance engineers, project manage...
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities. In his session at @ThingsExpo, Michael Heydt, founder of Seamless Thingies, will discuss and demonstrate how devices and humans can be integrated from a simple clust...
SYS-CON Events announced today that Cloud Raxak has been named “Media & Session Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Raxak Protect automates security compliance across private and public clouds. Using the SaaS tool or managed service, developers can deploy cloud apps quickly, cost-effectively, and without error.
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, will discuss the impact of technology on identity. Should we federate, or not? How should identity be secured? Who owns the identity? How is identity ...