Friday, June 29, 2012

Today's Tech Deals: 6/2912




Laptops, PCs, Software, and Much More!

Deal #1: Musicians Friend: 64GB SSD $49.99...1000W Power Supply $169.99...3rd Generation Core i5 3570K Processor $189.99...1TB 7200RPM Hard Drive $94.99

Deal #2: MusiciansFriend: Celebrate This 4th Of July With A Great Deal On New Gear

Deal #3: TigerDirect: June Black Friday...Weekend Deal Event!

Deal #4: Game Stop: July Newsletter: Kick Off Your Summer with GameStock!

Deal #5: Corel: Celebrate with big saving! Up to 50% off plus free gift

Deal #6: LogicBuy: Upgrade & Save: D-Link Extended Range Router, Logitech THX Speakers, 27 1080p LCD, & More!

Deal #7: Musician's Friend: Enjoy Savings Up To $200 On Recorders & Lighting FX

Deal #8: Native Instruments: Celebrate: 50% off KONTAKT and 10 other instruments

Deal #9:  Abe's of Maine: Buy a Laptop - Get a Gift

Deal #10: Geeks: Loaded 2-Core Athlon 2.3GHz Win7 Notebook


Additional Deals

Sweetwater's GearNet Music Deals

4th Of July Sale Starts Now At Abt

7" Tablet $89.99, Logitech Keyboard $12.49, TiVo $49.99 - Refurb,...

42" LED TV $399...7" GPS $89...72 hours only

Free Shipping PLUS Discounts On Ink & Toner - Stock Up For Your 4th of July Party Today!

July 4th Sale – $89.99 CORSAIR 120GB SSD, $109.99 ACER 21.5" Monitor...

Grow your Business with a Proven Pro

TEST: Final Day! White Tees on sale for $15.

Printer Ink Hot Summer Clearance this Week

Loaded 17" 2.4GHz Core i5 Win7 Laptop Deal

Free mug inside - email exclusive!

25% OFF - 4th of July Ink Blowout Sale!

Pocket Chair (2-pack) $11.99, Sleeping Bag $39.98, 3" Reflector Telescope $89.99,...

Steelers Stars & Stripes Tees - Shop Now!

Price Alert: 4GB Quad Core PC Kit $119...Our Lowest Priced Quad Kit Ever, plus 1TB $79

New Products @ AFBookstore.com.  Bibles, DVDs, books, paperbacks, history, CDs, audio, ebooks, health, kids, sharing

Mushkin 120GB SSD $99.98 @ OutletPC

Quick-Draw Deals: $189.99 SAMSUNG 256GB SSD, 20% OFF Select NZXT Cases & Power Supplies...

Product Reviews

Alienware M17x R4 Review and Ratings


Asus G75VW-DS71 Review and Ratings









Follow me on Twitter for more Deals! @ITSecPr0

Tuesday, June 26, 2012

Beyond SNMP: Monitoring Your Cisco Converged Infrastructure (webinar)



Beyond SNMP: Monitoring Your Cisco Converged Infrastructure


Date: Wednesday, July 11th
Time: 2pm EDT/ 11am PDT
Duration: 30mins
Speaker: Floyd Strimling, Technology Evangelist, Zenoss

Summary: "In this 30-minute session you will learn:
• Monitoring and Modeling of Cisco's Nexus, MDS, UCS, and Catalyst Switches running VSS
• Visualization of your IT infrastructure across multiple IT infrastructure domains
• The Benefits of the Zenoss Platform versus Traditional Monitoring Tools" source: zenoss.com

For more information and to register for this event click here.

@ITSecPr0

Last Minute Registration: 2012 Ponemon Report on Risk-based Security Management (webcast)


2012 Ponemon Report on Risk-based Security Management: Are Organizations Really Walking the Talk?

Starts in one hour! 

Date: June 26, 2012
Time: 10AM Pacific, 1PM Eastern


@ITSecPr0

Monday, June 25, 2012

VoIP Sniffing Cracking Phishing & Metasploit Testing Tutorial

The folks over at ehacking.net have done it again! This time they've provided information on how to hack VOIP using various tools of the trade such as Wireshark , Sipcrack and Backtrack 5 R2 to name a few. Here's a a sneak peek:

"Sniffing on VoIP Network
The concept of sniffing in VoIP network is the same as a general network sniffing concept. I will use some of the most famous tools to demonstrate the sniffing attack on VoIP network. Let us start with Wireshark, which is able to capture VoIP traffic.
Now let’s suppose the end users (extensions) are busy communicating with each other, and that an attacker is trying to capture some traffic so that he/she will able to get the data (their communication).



Wireshark has captured some traffic. As discussed above on the protocol section, RTP contains the information. The question now is: how do we extract information from these packets? Wireshark provides the option to extract the information with a built-in feature for VoIP. Click on the telephony tab – VoIP calls you. You will then get this window:
   

Click on the player, then on the decode tab. You are now able to listen in to this communication and all of the data available in the audio file.

" source: ehacking.net


If you'd like to learn more click here for the full article!

@ITSecPr0

Last Chance To Register: Vulnerability Management Evolves Webcast



DATE: Tomorrow, June 26, 2012
TIME: 11:00 AM EDT 
No More Checkboxes: Vulnerability Management Evolves
SPEAKERS: Mike Rothman, Securosis president and analyst,
                                     Jack Daniel, Tenable Network Security product manager
 SUMMARY:
"Vulnerability management is growing in strategic importance as organizations seek to optimize the efficiency of their security teams, and to better understand and manage risk. As managers struggle to make sense of a deluge of vulnerability data, vulnerability scanners are evolving to address these needs. As a result, they’re emerging as a much more strategic component of the security infrastructure.


Register now to join Securosis president and analyst Mike Rothman and Tenable Network Security product manager Jack Daniel tomorrow, June 26, as they discuss critical findings around this market shift–including an examination of underlying drivers and detailed insights into the capabilities and features you’ll need to move to next-generation vulnerability management and begin reaping the rewards." source: brighttalk.com




Upcoming Webinar: Modernizing Your IT Infrastructure with Hadoop


Modernizing Your IT Infrastructure with Hadoop

Date: Wednesday, June 27, 2012
Time: 10:00am PT, 12:00pm ET
Speakers: Merv Adrian, Gartner Analyst, 
                                       Charles Zedlewski, VP Cloudera Products
Summary: "The way organizations put data to work is rapidly changing. Apache Hadoop and its related projects are maturing as an integrated stack to store, process and analyze huge volumes of varied semi-structured, unstructured and raw data – quickly becoming the standard infrastructure layer for big data workloads. With the advent of Hadoop, businesses can now affordably analyze massive amounts of data and open up a whole new world of possibilities to add value to the business. You will also learn how to:
  • Understand key challenges when deploying a Hadoop cluster in production
  • Manage the entire Hadoop lifecycle using a single management console
  • Deliver integrated management of the entire cluster to maximize IT and business agility" source: cloudera.com
Register-Button-Green.png

Today's Tech Deals: 6/25/12



Laptops, PCs, Software, and Much More!


Deal #1: PC Connection: Get Great Savings on Select Cisco Switches and ASA Midrange Security Appliances

Deal #2: MusiciansFriend: Celebrate This 4th Of July With A Great Deal On New Gear

Deal #3: Abes of Maine: Special Savings Inside!

Deal #4: LogicBuy: Up to 59% Off: Skullcandy Aviator Headset, Desktop + LCD Bundle, Ooma VoIP, USB 3.0 HDD, & More!

Deal #5: Buy.com: Labeler w/ Carrying Case $22.99 AR, Headphones $6.99, 8GB Flash Drive $4.95, Slingbox SOLO,...

Deal #6: Geeks: Quad-Core Win7 4GB/640GB Laptop

Deal #7: Corel: [Deal Alert Reminder] Save up to 50% on top products + Free Shipping

Deal #8: CompUSA: Hot Deals...Up to 50% Off: 8" Digital Frame $24...Samsung 3D TV $799...24" LCD $129...

Deal #9:  NewEgg: Quick-Draw Deals: $109.99 SeaSonic 650W Power Supply , $199.99 Polk Audio PSW505 Subwoofer

Deal #10: MicroCenter: 13.3" MacBook Pro $999.99...15.4" MacBook Pro $1499.99...Pentium Dual-Core Laptop $329.99...Core i3 Laptop $429.99...Pentium Dual-Core Desktop $349.99


Additional Deals

$15 T-shirts: Limited-time only!

Summer's Here! Shop the Steelers Collection for the Season

SUPER SALE: Up to 50% off t-shirts, flair & more!

Monday | Hand-Picked Offers from Lands' End, Wolferman's, Intercontinental Hotels, Boden & more

Sigma Lens SALE!

Tablet Stand $8.99, Backpack $39.99, Grill Brush $34.95,...

Find The Latest Apple Products at Abt



Product Reviews

Asus Transformer Pad Infinity TF700 Review and Ratings




Follow me on Twitter for more Deals! @ITSecPr0

Sunday, June 24, 2012

Little Known Youtube Secrets: How Video Counts Are Done

Some people have noticed that Youtube views sometimes get stuck at 301 views. If you have ever wondered why the view counter freezes on 301 views or how Youtube keeps track of the number of views a video receives this video is definitely for you! Take a few minutes and check out Google Analytics Product Manager Ted Hamilton explaining how Youtube keeps track of views and separates the legitimate views from bogus ones and much more.




@ITSecPr0

Friday, June 22, 2012

Upcoming Webcast: 2012 The Year of Application Performance Management

2012 The Year of Application Performance Management


Summary: 
Bob Tarzey and Chuck Miller will discuss the need for Application Performance Management (APM) and why 2012 will be the year of APM in business. 



"Learn:
  • Why application performance management (APM) is the top priority for CIOs 
  • What users expect from high-performance applications in 2012 e.g. faster page load, credit card authentication, smoother video streaming
  • How lack of visibility into end-user experience compromises business agility and seriously impacts revenue
An APM self-evaluation tool and selection criteria will also be shared.


The presentation will be followed by an audience Q&A."




Trends in Mobility for Business
Date: Thursday, June 28, 2012
Time: 12 pm Eastern / 9am Pacific
Speakers: Bob Tarzey, Analyst and Director, Quocirca
                  Chuck Miller, Senior Director of Technical Services, Compuware


@ITSecPr0

Today's Tech Deals: 6/22/12



Laptops, PCs, Software, and Much More!


Deal #1: Geeks: 2.2GHz Core i3 4GB/640GB Win7 Laptop Deal

Deal #2: CompUSA: Inventory Reduction: Electronics, TVs, Laptops - Priced to Move!

Deal #3: LD Products: Save 10% On Ink & Toner - Buy Now Before You Miss Out!

Deal #4: Frys: 13.3" Ultrabook $799, 23" LG LED HDTV $169, Kaspersky Antivirus 2012 $0*, Samsung Galaxy S III i9300 Unlocked $799.99 and more

Deal #5: NewEgg: Top Deals on PC Products! $14.99 Samsung 22X DVD Burner, $54.99 WD 250GB HDD…

Deal #6: CouponCabin: Friday Grocery Coupons | 50% off + FS at GlassesUSA.com | 5% off at Sears Outlet | More Top Deals

Deal #7: TigerDirect: HURRY: Overstock Blowout up to 70% Off...Won't Last

Deal #8: MusiciansFriend: Save Hundreds On AKG And MXL

Deal #9:  MicroCenter: SanDisk SSD 480GB $379.99...650W Power Supply $59.99...$40 OFF Select Motherboards with purchase of AMD FM1 Processor...Verbatim DVD +/-R 25-pack $3.99

Deal #10: LogicBuys: Quad-Core "Ivy Bridge" PC Deals: HP 15.6" Laptop $749, Dell Desktop + 24" LED LCD $999, plus USB 3.0 HDD & More


Additional Deals

Find All of Your Favorite Player Products in Our Player Shop

Celebrate July 4th with $7 tees!

Coupon Alerts: Kmart

7" Tablet $99.99, 11.6" Netebook - Refurb $229.99, Weather Station $23.99,...

Sigma Lens SALE!

Check Out Our Offers from Lexmark, Apple, Lenovo and More!

4th Of July Special Issue - Sitewide Coupon Till 6/25

Blackberry Playbook Tablet Blow-out 

7" Tablet $99.99, USB Car Charger $6.99, Portable DVD Player - Refurb $39.99,...

Up to 60% off T-shirts for our favorite holiday!

Hot Deals - Limited Stock!

Product Reviews


Toshiba Excite 13 Review










Follow me on Twitter for more Deals! @ITSecPr0

Thursday, June 21, 2012

Tech Quote of the Day: 6/21/12

"People say that if you play Microsoft CD's backwards, you hear satanic things, but that's nothing, because if you play them forwards, they install Windows."


@ITSecPr0

Protect Yourself From Computer Vision Syndrome

If you spend hours on the computer whether for work or for play you are at risk for developing CVS -- no not the retail store, CVS stands for Computer Vision Syndrome. At the core of the problem seems to be eye strain caused by poor computer screen positioning and/or poor environment lighting. Dr. Shaun Golemba sheds some light on the issue and how to avoid it:


Learn more about Dr. Golemba here.

@ITSecPr0

Monday, June 18, 2012

Today's Tech Deals: 6/18/12



PCs, Software, Cameras and Much More!


Deal #1: Geeks: 2.8GHz Dual Core 3GB/1TB Win7 System Deal

Deal #2: Corel: [Deal Alert] Save up to 50% on top products + Free Shipping

Deal #3: Abe's of Maine: Are These the Prices You were Looking For?

Deal #4: CompUSA: Dorm Room Markdowns: 20" LCD $89...24" LCD $129, plus Quad-Core Laptop $399 and more

Deal #5: Buy.com: Protect What Matters with Norton

Deal #6: Amazon: One-Day Sale on the LG EW224T 22-Inch Widescreen 1080p LED LCD Monitor

Deal #7: NewEgg: Quick-Draw Deals: $53.99 Intel Pentium G620 Processor, $269.99 Sony Ericsson Xperia Arc S…

Deal #8: MicroCenter: Dual-Core E-300 Laptop $299.99...Dual-Core Desktop $299.99...2TB 7200RPM Hard Drive $109.99...20" LED Display $89.99



Additional Deals

$12 T-shirts: Limited-time only!

One More Day for Dad

Get Your Favorite Player's Gear in Our Player Shop

7" Tablet $99.99, 11.6" Netebook - Refurb $229.99, Weather Station $23.99,...




Follow me on Twitter for more Deals! @ITSecPr0

Upcoming Webcast: Flexible Working – Enabling end-user productivity through a connected technology foundation

Flexible Working – Enabling end-user productivity through a connected technology foundation


Date: June 28, 2012
  Time: 12:30 Pm EDT


Speakers: John Lyons, Senior Solutions Manager, End-User Computing, Dell; Rich Nockels, Marketing Manager, Intel;  Brian Madden, Independent Blogger
  
Description: As technologies increasingly support telecommuting and working on-the-go, not only are many employees pushing for more flexible work hours and locations, but also for the ability to use their own devices to access corporate resources. In order to increase productivity and attract the best talent, organizations should take these demands seriously. Join the live, interactive discussion “Flexible Working – Enabling end-user productivity through a connected technology foundation” on June 28 at 12:30 EDT to gain insights from independent expert Brian Madden and other technology professionals on selecting and implementing the best technologies and strategies to support an increasingly mobile workforce. Find out how you can create a more mobile, flexible and collaborative work environment without compromising the security of your sensitive data. Plus, get answers to key questions in a live Q&A session. Preregister now, lock-in your spot, and you’ll be eligible to win one of two $50 Amazon.com gift cards!

Sponsored By: Dell and Intel 
ADD TO CALENDAR

Rise of the "Mobile, Social Cloud"

Technology is forever evolving and businesses need to stay on top of the latest trends in technology to stay competitive. Whether you like it or not cloud technology is here to stay. The same can be said of mobile computing and social networks, so it was only a matter of time before all three of these technologies were merged and offered to businesses. The combination of mobile computing with social networks and cloud computing is called the "mobile, social cloud" and it comes with many benefits for businesses; especially those seeking new and innovative methods of working more efficiently. If you aren't familiar with the mobile social cloud and the importance of implementing the technology, take a few minutes to read InsideCRM's Whitepaper - Working Social: Becoming a Collaborative Enterprise and check out the video below to see some of the benefits of social, mobile and cloud technologies in the healthcare industry.



@ITSecPr0

Tech Quote of the Day: 6/18/12

"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila."

Thursday, June 14, 2012

Today's Tech Deals: 6/14/12


Hard Drives, Tablets, Printers and Much More!


Deal #1: GlobalComputer: Accomplish More with HP Business Tools

Deal #2: Geeks: 2.3GHz Core i3 Notebook Liquidation

Deal #3: InkGrabber: June 6th Printer Ink Clearance Sale!

Deal #4: PCConnection: Lexmark OfficeEdge Pro5500 - Built for Heavy-Duty Printing

Deal #5: NewEgg: Refurbished Summer Sale! $259.99 DELL 2GB Intel Core 2 Duo Laptop, $72.99 WD 1TB HDD

Deal #6: CompUSA: 4GB MP3 $19…Surround Sound Bar $59, plus Laptops, Tablets and More that Ship Free

Deal #7: MicroCenter: Father's Day Exclusive...iPad 2 $359.99...MacBook Pro 13.3" $1099.99 Price BEFORE $100 instant savings

Deal #8: HP: Expanding business, exceptional solutions

Deal #9: InkjetSuperstore: Super Dad Sale! 3 Printer Ink Cartridges and Office Supplies Coupons

Deal #10: Inkgrabber: Printer Ink Blowout Sale!



Additional Deals

LIDS Buy One Get One Half Off

A rainbow of our best-selling tees for under $19!

Microsoft Back to Business Bundle

Sold Out! Now Take $20 Off Any Laptop

FREE 2-day shipping: Get it by Father's Day!

IK Krazy Deal - Sonik Synth at 85% Off!

More Father's Day Specials. Bibles, DVDs, books, paperbacks, history, CDs, audio, ebooks, health, kids, sharing

Game Time! Whether Heat or Thunder, or the Euro Cup, or just into parties, we've got your party supplies here


Follow me on Twitter for more Deals! @ITSecPr0

Upcoming Webcast: 2012 Ponemon Report on Risk-based Security Management


WEBCAST:
2012 Ponemon Report on Risk-based Security Management

DATE: Tuesday, June 26th, 2012

TIME: 10 AM Pacific
           1 PM Eastern 

register.jpg


Dwayne Melancon, CTO of Tripwire and Cindy Valladares present the study’s key findings.


Specifically, you will learn:

  • What other organizations are doing (or not doing) to address risk-based security management and how they are measuring program effectiveness
  • The factors that increase your probability of implementing risk management as a formal security practice
  • What the top threats that risk and information security organizations identify with and what keeps them awake at night
Register today, and then join us on June 26th to learn and assess how your organization compares to this important benchmark. All attendees will receive a copy of the report.

Upcoming Webcast: Vulnerability Management Webcast Series


June 19, 1PM Eastern Time:
June 26, 11AM Eastern Time: No More Checkboxes: Vulnerability Management Evolves

Mark Bouchard, AimPoint GroupRon Gula, Tenable CEOJune 19, 2012 at 1PM Eastern Time:
Taking Vulnerability Management to the Next Level: The Case for Integral Attack Path Analysis

Register now to join AimPoint Group founder and principal analyst Mark Bouchard (L) and Tenable Network Security CEO Ron Gula (R) on this webcast June 19.
Are your high-value servers and the data they contain really safe from attack, even with multiple countermeasures in place? Tenable’s next-generation vulnerability management, with integrated attack path analysis capabilities provides the answer–delivering the tools, insights, and intelligence organizations need to identify and close off otherwise overlooked attack paths, while simplifying infrastructure and streamlining operations in the process.
Register Now

June 26, 2012 at 11AM Eastern Time: Jack Daniel, Tenable product managerMike Rothman, Securosis
No More Checkboxes: Vulnerability Management Evolves
Register now to join Securosis president and analyst Mike Rothman (L) and Tenable Network Security product manager Jack Daniel (R) on June 26 as they discuss how vulnerability management is evolving–including an examination of underlying drivers and detailed insights into the capabilities and features you’ll need to move to next-generation vulnerability management and begin reaping the rewards.
Register Now

Upcoming Webinar: Skills Training vs. Smile Training: Creating an Effective Learning Environment for Support



GoToAssist
Live Webinar
REGISTER
Webinar Series: [Support Summit 2.0] New Strategies for Elevating Your Support Team's Performance

Topic One: Coaching Your Support Team with Strength-Based Communication
On-Demand, Register to view

Topic Two: The "Quality Support Start": A New Approach to Metrics and Performance Management
On-Demand, Register to view

Topic Three: Skills Training vs. Smile Training: Creating a Learning Environment for Support
Date: Thursday, June 21
Time: 10 AM PDT

Speakers:
Rich Gallagher, Founder, Point of Contact Group
Rich Gallagher
Attend this interactive webinar series to learn:
  • How to coach your support team with strength-based communication
  • A new approach to metrics and performance management
  • Strategies for creating a learning environment for support
  • And more...
Reserve Your Complimentary Seat

Upcoming Webinar: Total Economic Impact of Cisco Collaboration Optimization Services


Attend the Total Economic Impact of Cisco Collaboration Optimization Services Webinar

Live Webinar

Date: Thursday, June 28
Time: 12 noon EDT, 9 am PDT

Speakers: Save Ensor, North America Director of Services Sales, Michelle S. Bishop, Forrester senior consultant, and Joe Corbacio, Cisco Advanced Services Manager.

Topics: 
A new Forrester Total Economic Impact (TEI) Study, commissioned by Cisco, finds enterprise customers realize an almost immediate payback period when engaging Cisco Collaboration Optimization Services.
To give an insight into the 28-page report, Cisco invites you to attend a webinar exploring the new Forrester Study: The Total Economic Impact of Cisco Collaboration Optimization ServicesClick here to register today and join us on Thursday, June 28, 2012 at 12 noon EDT, 9:00 am PDT.
Cisco’s Dave Ensor, North America Director of Services Sales, will be joined in this webinar by Forrester senior consultant Michelle S. Bishop, author of the study, who will explain the methodology and the conclusions, and Cisco Advanced Services Manager Joe Corbacio, who will discuss our Collaboration Optimization Services. After attending the webinar, you will be able to download a PDF of the full study.
Some of the benefits of Cisco Collaboration Optimization Services as called out in the study include:
    • Improved long term planning for IT strategy and architecture
    • Faster adoption of new technology to achieve project ROI
    • Access to deep knowledge of Cisco processes, technology and new products
    • Ease of administration and lower IT resource administration costs
    • Reduced timeframe for deployment of new network services
    • Improved user productivity and customer experience by stabilizing collaboration architecture systems
Download the Overview PDF of the Forrester Total Economic Impact Study.

Upcoming Webinar: Advanced Tips and Tricks in Configuring File Server Permissions: icacls, PowerShell, and Graphical Tools


Attend our Webinar for a Chance to WIN a FREE iPAD 3!



Thursday, June 21, 2012
2:00 PM ET / 11:00 AM PT

Configuring file server permissions is a pain. For every million permissions, there are ten million objects needing permissions assignment. Making things worse is the Windows UI. Its graphical user interface is so hard on the wrists that it should be an OSHA violation. But there are a few tips and tricks that’ll get you consistency, guaranteed security, and ridiculous automation. Some are command-line focused; others use a graphical interface.
In this webinar, we’ll give you the tips and tricks you need to keep your network secure and squeaky clean:
  1. Search – Locate security weaknesses (like over-privileged users)
  2. Manage – Simplify administration. Grant, revoke, and modify permissions in bulk
  3. Recover – What happens if disaster strikes? Backup & restore permissions to mitigate the risk
  4. Migrate – Moving to a new server? Avoid the security dilemma by migrating permissions
SAVE THE WRISTS! Join Greg Shields of Concentrated Technology and Todd Tobias of ScriptLogic as they explore the advanced tips and tricks every professional permissioner should know.
*ScriptLogic will be giving away an Apple iPad 3
($499 USD Value) to a webinar attendee. *
Contest Rules

Presenter Highlight:
Greg Shields
Greg ShieldsGreg is a Senior Partner and Principal Technologist with Concentrated Technology. He is a Contributing Editor for TechNet Magazine and Redmond Magazine, and a Series Editor for Realtime Publishers. Greg is a sought–after and top–ranked speaker, seen regularly at conferences like TechMentor, Tech Ed, VMworld, and more. He is a multiple recipient of Microsoft “Most Valuable Professional” award and has received VMware’s vExpert award.
Todd Tobias
Todd TobiasTodd is a Product Manager for ScriptLogic, having joined the company in 2007. He has almost 20 years of experience in Microsoft platform management, having successfully managed 5 products focused on AD Management, backup & recovery, file server management, migration and compliance.






Tech Quote of the Day: 6/14/12

"Passwords are like underwear. You shouldn’t leave them out where people can see them. You should change them regularly. And you shouldn’t loan them out to strangers."

Protecting Company Data From Disgruntled Employees

Most information security courses have a long list of threats that threaten our computer networks. These threats attack networks on a daily basis ranging from phishing scams, to viruses, to malware all of which are indeed worth studying but there is one threat that has the potential to be even more dangerous than the most vicious virus code ever developed.

That devious threat is called an employee, specifically 'insiders'. While employees who don't follow policy is definitely a risk to the company an insider is a certain danger to a business. An insider is an employee who has crossed over to the dark side sort of speak. They have taken it upon themselves to wreak havoc upon their company usually for their own personal gain -- whether financial or just to "stick it to the man." One thing is for sure they're at the top of a security professionals list of headaches. What makes them such a high level threat is their positioning.

They reside where hackers wish they could be, and have access to areas hackers wish they could go. They are within the company's facility and behind the firewall. In some circumstances and depending on the company they have physical access to areas that in the right (or in this case, the wrong) hands could bring a company to its knees. Consider this, a hacker's main obstacle is figuring out how to circumvent a company's network security. Once they accomplish that task everything else is downhill from there, so you can see just imagine how critical it could be to have an insider who's already passed that obstacle and has access to the network lurking around the business.

Now that we know what they are and where they reside, now it's time to find out why they are insiders. If insiders are employees who has gone bad, what exactly makes an employee an insider? One word -- intent! An employee's intentions are really the determining factor for the type of employee they are. Most employees have a sense of loyalty to their company and show up to work everyday to help the company move forward by doing their job. The insider doesn't share the same loyalty to the company their actions actually harm the company.

The theft of Coca-Cola's Inc's trade secrets shows exactly how serious the threat of an insider attack on a business can be. In 2006 the FBI arrested three people for stealing and attempting to sell Coca-Cola Inc. trade secrets for $1.5 million to PepsiCo Inc. Fortunately PepsiCo worked with Coca-Cola to apprehend the criminals but could you imagine if PepsiCo would have bought the trade secrets? Keep in mind the two soft drink giants have had a fierce rivalry for decades and possessing those trade secrets could have given PepsiCo a huge advantage over Coca-Cola.

Insiders can range from spies involved in corporate espionage to hackers working for a company, to employees that are angry at their company. Sometimes it's because of specific policies they don't agree with, or a particular manager or simply because they felt the company has done them wrong in some way. They use the anger as motivation for damaging the company. So the question is how can companies protect their data from being used maliciously by disgruntled employees?

Microsoft has put together a brief list of basic ways to protect sensitive documents that's worth taking a look at. Aside from those suggestions, companies need to get back to the basics of fundamental security:

  • Policy enforcement- policies are or should be in place but they are only effective if they are being enforced. 
  • Limited physical & logic access- many SMBs don't limit access to data or physical areas like the wiring closet, or server room where anyone can access servers or data freely. Access should be limited to only authorized personnel.
  • Monitor employees- some companies have a policy that when an employee is fired they are escorted out the building and their belongings are brought to them by a member of security which is a good policy; however, companies forget that people talk and discussions about who is going to get fired is among many of the water cooler topics. So many times people know in advance about their termination which means they have time to wreak havoc. So a good practice to use would be to monitor the employee's system, online whereabouts, etc., when word is received that they will be fired.
  • Deactivate or delete immediately- When an employee is fired a best practice is to deactivate their company accounts immediately. I'm aware of a situation where a person was fired but had access to the company email system and network for weeks. The individual was able to access account information and sabotage the company's main client account via the same account that should have been deactivated.
The bottom line is that humans are dynamic creatures capable of achieving goals using unorthodox methods so in regards to security, a static system of catching rogue employees won't always work. Companies need to stay one step ahead of insiders by using employees as the first line of defense. To do this companies need to support a culture where employees freely come forward and anonymously report the suspicious activities of other employees. This can provide security personnel with a heads up before disaster has a chance to strike.

@ITSecPr0