Should You Allow Online File Storage?

In 5 years, Dropbox, the online file storage company has grown to a user base of 50 million users worldwide. That’s great news for their founders Drew Houston and Arash Ferdowsi, but not such good news for network security managers!
Online file storage is simple to use, and incredibly convenient if you need to access files both in the office as well as from home or on the move. The disadvantage of many of the services that were originally designed for consumer use however, is that you can lose control of your data security.
Since consumer online file sharing systems were not designed with the business user in mind; there is often little or no provision for central management, and storing data in US data centres renders it open to examination under the US Patriot act. Storing personal data outside the EU also runs the risk of landing you on the wrong side of EU data protection legislation in the event of a data breach. We think that businesses need to consider their policy on online file sharing and whether consumer file storage services should be blocked using an application firewall.
On the other hand, employees are using these services because they help them to do their jobs more efficiently and be more productive, so a better answer is to provide users with better tools that offer superior facilities than those provided by consumer online storage. Products such as Accellion and Trend Micro Safesync for Business provide cloud storage that can be managed by your IT staff. They employ the highest levels of data protection to secure your information in European data centres, and to protect against insecure passwords, you can also implement two factor authentication to positively identify users connecting to the service.
Both Accellion and Safesync for Busines also provide additional tools for online collaboration, allowing you to send files securely to your clients and business partners, and collaborate on project documentation. If you want to know more about how your company can take its first steps into the world of cloud computing, why not give us a call?

Introducing the Next Generation Proxy Server

The Internet has been with us for over 17 years now, but companies still need to make sure that the Internet supports their business rather than detracts from it. Web security needs to rise to the challenges presented by today's technology trends rather than trying to plug IT Security gaps by fitting yesterday’s square pegs into today’s round holes.

The major change in Internet usage that has taken place over the past 2-3 years has been the arrival of social media such as Facebook and YouTube. At the same time, cyber-criminals have turned from email to the web as a means of disseminating their malicious code that it designed to take advantage of unpatched workstations on your network to obtain your employees' personal login credentials. Simply installing web filter software doesn't adequately address the demands for web security that now arise. More granular controls are required for web security that allow companies to market themselves using social networking whilst protecting themselves against the new generation of web threats.

SonicWall firewall appliances not only provide companies with firewall security, but also URL Filtering, antivirus, and control over web applications such as Skype, Facebook and Spotify. It is even possible to permit access to Facebook to update company marketing information whilst blocking the ability to play Facebook games. If however you want to make sure that you have the highest level of web protection against today’s zero-day threats, you need to look at the current generation of proxy servers.

Trend Micro Interscan Web Security and McAfee Web Gateway both go beyond traditional web filtering in providing protection against zero day threats spread by “drive-by” infections. They examine the behaviour of executable code that is downloaded from the internet and simply block the delivery of any code that appears to perform potentially malicious actions. By blocking execution of the Java / ActiveX code that is used to run exploits against unpatched workstations and laptops, you are able to go a long way to preventing prevent the installation of Trojan applications on your company’s systems.

Getting The Best From Your Endpoint Security Software.

I hope that it’s safe to assume that anyone reading this blog has at least some form of antivirus software installed! If nothing else, we now seem to accept that it is a good idea to use commercially available endpoint security software such as McAfee Endpoint Protection or Trend Micro Worry Free Business Security to protect against malicious code that is inadvertently downloaded from the Internet.

Today’s endpoint security suites however have so much more to offer than virus protection, and although some of the new network security features such as zero day threat protection are turned on by default, many companies don’t seem to be exploiting the protection that they have paid for in their endpoint protection subscriptions to its fullest extent:

Host Intrusion Prevention

Intrusion Prevention is not a technology that is just for government and finance companies. It can help to protect every PC from network layer attacks, as well as identify rogue software that has been downloaded to your PC’s through an exploit run against unpatched software.

Personal Firewall

We seem to understand the need for personal firewalls for users who connect back into company systems via a VPN server, but many companies still don’t configure firewalls for in-house workstations. Using a personal firewall on a company network does require some extra configuration, but it also serves as a last line of defence when spyware or malicious code ends up on the user’s PC as it can prevent unauthorised applications from accessing the Internet.

Device Control

USB Smartdrives enable users to carry round their own personal desktop and applications and launch them in your company’s machines. Not only that, but a quick search for applications for USB Smartdrive applications includes a multitude of hacking tools as well as porn viewers. Are you really sure that it’s such a good idea to allow users to plug their own USB devices into your workstations and laptops? If you do choose to implement device control, you may need to provide “authorised” storage devices for your users, but it could save you from a costly data security breach or malware infection.

If you are still only using your endpoint security software for virus protection, take a few minutes to read the documentation to see what else is available to you to improve your PC Security.

Home Working for the Olympic Games

The Olympics are soon to be upon us. For a period of 6 weeks during the summer, the world’s finest athletes will compete for the highest honors that their sports can bestow, but life for people who have to work in and around London just gets a little trickier. All companies around the capital are being urged to provide for home working for the duration of the competition.

Remote Access

Many companies have already installed a remote access server to provide access to their company networks for mobile users, but for those that haven’t, a secure remote access solution can cost less than you think. The SonicWall SRA 1200 SSL VPN appliance can be installed for under £1,000, and Two Factor Authentication no longer requires users to carry separate devices to prove their identity when they access the company network. Safenet SafeWord 2008 can use either SMS to distribute one-time passwords, or smartphone apps for iPhone / Android devices. For companies who are looking to review their remote access systems, VPN Servers such as the SonicWall EX6000 allow you to temporarily burst the number of concurrent user connections that you have available to provide for travel disruption due to the Olympics or more often snow. Transport delays no longer mean that your employees have to be unproductive.

VPN / Firewall Appliances

Some companies may also find that a new firewall appliance is the way forward for them. The SonicWall NSA 3500 VPN firewall appliances don’t just keep the bad guys out ... they also let your staff access your network securely using SSL VPN and RDP. This allows your staff to work as easily from home as they can sat in your office, and with the falling cost of firewalls over the past few years, a new firewall needn’t break the bank.

Cloud Storage

As an alternative companies may also want to give consideration to the use of cloud storage that is accessible both from the office and laptops / tablet devices. Services such as Trend Micro SafeSync create a folder on your PC / Laptop into which you can drag and drop files and folders that you can access from a home PC and even tablet devices. You can even set up online collaboration facilities to allow your project teams to share files securely using any device that has an internet connection.
There is still time for you to install a home working system before the games start, but make sure that you allow some time just to sit back and watch the greatest show on earth.

Security and Social Networking.

Social media is here to stay despite the challenges that it presents for web security. So perhaps it’s time to take a long hard look at your network security defences and see if they are up to muster in these days of social networking and web applications?

The Web Application Dilemma

Web applications have changed the game as far as IT Security is concerned. The problem is that social media has a growing number of legitimate business uses. Organisations of all types are increasingly using social media to connect with both the public and their customer base. Yet social media sites are also targeted by cybercriminals as a means of getting their malware onto your employees  PC’s.  You also have to ask whether you want to give your staff access to Facebook for legitimate business reasons without at least having some control mechanism that will prevent them from playing Facebook games when they should be doing the job that they are being paid for.

Bandwidth Considerations

An increasing amount of internet content comprises streaming video and audio. Much of this is “good” video being used by companies to deliver marketing messages and technical previews of their products, but too much streaming media coming in through your internet connection can mean that your company extranet and secure remote access services suffer. In an ideal world you should therefore have a way of not only having an “on or off” switch for streaming applications, but also a throttle mechanism to allow you to keep a proportion of your internet bandwidth available for more business critical applications.

Good and Bad Web Applications?

So Facebook is good (with appropriate controls), YouTube is good (in moderation), but what about the plethora of other web applications? Should your users really have Spotify streaming their favourite tunes to their desks? Applications such as Dropbox are great for personal usage, but you have presumably spent a considerable amount of money over the years in software to make sure that your email is virus-free, and Dropbox has just bypassed all of your carefully constructed gateway security!

Is It Time To Overhaul Your Firewall?

The real answer to all of these issues is to upgrade to a Next Generation firewall. Next Generation firewalls from SonicWall and McAfee provide you with visibility of web applications passing through your internet gateway and allow you to regain control of your internet security. The first step is to be able to audit what traffic is passing through your firewall. Armed with this information, you are able to take informed decisions as to whether a specific web application should be allowed through your firewall, and if the answer is yes you can then decide whether to scan it for internet borne malware (even within an SSL encrypted tunnel), as well as whether to apply either a bandwidth or time of day policy. All of this can be implemented on a per user basis if appropriate.

Social Networking Can Be Controlled.

The advent of the “Web 2” world comprising social networking sites, web applications and streaming media presents some significant challenges to maintaining the security of your networks, but major manufacturers such as McAfee and SonicWall have addressed these new threats through McAfee Firewall Enterprise and the SonicWall NSA firewalls respectively. If you would like some advice on implementing a Next Generation Firewall solution, please contact us.