IT Security

The Real Risks of Pirated Software

Posted by Mark on Monday, May 10th, 2010

Pirated computer software is illegal – we all know that. We’re also all well aware that the use of such software can result in prosecution, but it’s a risk many people are prepared to take if it means they can cut costs in a difficult economic climate. But the risk of prosecution aside, have you thought about what this illegal software could actually be doing to your computer systems?

A recent helpdesk call provides a fine example…

When sending emails out, the user noticed that attachments were being randomly removed during the sending process. Sometimes they would arrive at their destination, other times they would simply vanish.

After first looking at the company’s anti-virus to check all was ok there, my colleagues Mohammed, John and I investigated with hosting on the off chance that attachments were being filtered out for some reason. We sent test emails via webmail but everything worked fine, as did Outlook Express. This lead us to believe that the problem was with Outlook itself, so we went back to investigate further. The result of our investigations? …. a pirate copy of Office 2007.

This illegal software was stripping out attachments which were then vanishing. There was no way to trace where the attachments were going, and what was happening to the information within them.

The long and short of it is that pirated software often contains spyware, viruses and malware which will put your vital company data, passwords, financial information and employee and customer details at risk. This information could end up anywhere, and leave you with no way of knowing what information has been taken and when.

By saving a few pounds on your initial software purchase, you are in fact risking losing everything by opening the door to cyber criminals. A high price to pay compared to the cost of legitimate software.

So next time you are offered a cheaper alternative on your software, think about the real risks…… you wouldn’t go home for the evening and leave the office door wide open, so keep your digital information locked down as well, and make sure your business stays safe.

Tags: , , , ,
Posted in IT Blog | Small Business Blog, IT Security | No Comments »

Online Security Tips for Safe Browsing

Posted by Graham on Monday, April 19th, 2010

Microsoft’s latest foray into the world of TV advertising involves a number of ‘7 second demos’ highlighting the different benefits of Windows 7. Although these may all seem to be good advantages to using their new operating system, most of these features are common place on computers nowadays, and most notably, the Internet Explorer security features.

In one of the demonstrations, a person is prevented from downloading a potentially harmful file by IE before they may infect their computer. Now this is no-doubt a useful benefit, but it has been a feature of other browsers for some time now.

To maximise the chances of preventing an attack on your computer while browsing online, there are a number of different things that can be done to both your browser and computer system – here’s five of the best tips.

Anti-Virus Software

Although this is a rather obvious one, it is so often overlooked by computer owners – especially those who presume they are safe when buying a new PC. Protecting your computer doesn’t have to be expensive, so don’t be fooled by advertisements of anti-virus programs for hundreds of pounds. Free software such as AVG works very well behind the scenes, and may just save your files should you accidentally install a harmful program.

Internet Browser

There is still a surprising number of people using outdated browsers such as Internet Explorer 6 to browse the web – and as such are exposed to hundreds (if not thousands) of potential security vulnerabilities. Keeping up to date is critical as the internet is ever-changing. Install a browser such as the latest Firefox, Google Chrome, or the latest Internet Explorer to have the best chance of keeping attacks at bay.

Avoid Spyware

One of the most common problems on PCs nowadays is spyware. The amount of adverts online has gone into overdrive, and people still fall victim to the false promises offered. Avoiding spyware takes a bit of common sense. Don’t click ads that pop up on your screen unexpectedly, or enter your details to competitions where you are promised free games consoles and money. Take the cautious approach when downloading any file on the web, and try to stick to trusted resources. If you are in doubt about installing a piece of software, do a quick search on Google for it and see what the general consensus is from other people.

Extensions

One of the great features of modern internet browsers is the ability to add plugins and extensions to improve the functionality of your software. To improve the security of your browser there are some fantastic Firefox plugins that are tried and trusted by the community. One of the most highly recommended ones would be NoScript – a security extension that protects your computer against clickjacking attempts, among other things.

Firewall

Since Windows Service Pack 2 was released, the Windows operating system generally comes with a firewall that is built into the system. However, on some computers and operating systems, firewalls often remain deactivated, or in some cases, not even installed. A firewall stays active while you are using your internet connection to block access to potentially dangerous programs. This type of prevention is excellent against real-time attacks on your computer, and will also alert you should anything untoward happen. Using a firewall is a must if you use the internet – especially if you want to keep your details safe.

Tags: , , , , ,
Posted in IT Blog | Small Business Blog, IT Security, Spyware | No Comments »

Cannot turn on Bitlocker on Dell Vostro 1510 with TPM chip.

Posted by Richard on Thursday, August 27th, 2009

Have you been BitLockered!!?

Axon recently had an issue enabling Bitlocker encryption on a Dell Vostro 1510 with a TPM chip and Vista Ultimate. The laptop came with the TPM Infineon software and driver installed.

However with the TPM support enabled and the chip activated in the BIOS and having completed the Infineon setup wizard which initialised the TPM chip, Bitlocker could not be turned on. The following error message was displayed:

A TPM was not found. A TPM is required to turn Bitlocker on. If your computer has a TPM, then contact the computer manufacturer for Bitlocker-compatible BIOS.

 This issue was resolved by the following steps:

 1. Uninstall the Infineon TPM Professional Package via the control panel.
2. The uninstall wizard will recommend that you disable the TPM chip. Select ‘yes’. This will take you to the Infineon Security Platform Security Settings tool. Select the advanced tab and disable the TPM chip under the Security Platform Feature.
3. Reboot the laptop and enter the BIOS. Enable and activate the TPM chip, save the configuration and let the laptop restart.
4. Confirm the Enable and Activation of the TPM chip and then continue.
5. Once logged on with local administrator rights go to Device Manager, System Devices and ensure that the Infineon driver is not listed. If it is right click and uninstall it selecting the delete driver checkbox.
6. In Device Manager scan for hardware changes. This should detect the TPM chip and load the Microsoft TPM 1.2 driver. This should appear under a Security category. If the system does not detect the TPM chip manually install it selecting security devices.
7. Go to the Bitlocker section of control panel under security. You should now see the TPM administration tab and be able to turn Bitlocker on.

Dell Vostro 1510

Tags: , , , ,
Posted in Hardware, IT Security | No Comments »

Information Technology Risk Management

Posted by Graham on Wednesday, August 26th, 2009

Risk management is the discipline of identifying, monitoring and limiting risks. To further clarify this it can be broken down into detailed guideline sections:

• Identify assets and which ones are critical
• Identify and assess threats
• Assess the vulnerability of critical assets to specific threats
• Determine the risk
• Identify ways to reduce those risks
• Prioritise risk reduction measures

This all makes sense as an overall “big picture”, but we now need to optimise these guidelines to reflect the businesses’ need to conduct a Risk Assessment on its IT infrastructure, and the systems that run on it.

The first question in my mind is how important Information Technology (IT) is to the business that I am dealing with?

Ask any business owner that question and they’ll all say they cannot accept any risk. This question needs to be impartial, as setting a goal of no risk is unlikely to be reached, and will have considerable cost implications.

I do not ask this question nor is it one I expect an answer to. It’s a feeling that one builds up as the discovery process unfolds, as to the importance of IT within the business. This allows you to tailor any solution relevant to risk versus cost, as it nearly always is a balance of these two factors.

I will now translate the points above into the IT world, and some of the key areas that should be considered.

Physical IT Assets (i.e. servers or other devices). Compile a list of these devices, then assess the effect of each item from the list below, and the possible knock on effect to the business and its continuity:

- Theft (physical security)
- Fire & excessive heat
- Water or excessive damp
- Equipment failure or damage

Software Assets (i.e. databases or business applications). Again, compile a list of applications or software systems that your business uses day to day, and consider the impact on each point.

- Theft of data (through poor data security or a disgruntled employee being malicious)
- Software failure (e.g. a business database)
- Accidental data deletion or corruption
- Data being unavailable due to physical equipment failure
- Data security (who can access what and from where)

Having looked at these two key areas you will be forming opinions about importance and risk. What are the chances (or risk) of a fire or a flood? What about theft?

Now we have to attribute the chances of said item happening and what percentage of that chance are you willing to accept? This answer will in turn reflect the likely cost implications in order to meet the requirement.

The average business will have tight financial constraints that mean they have to accept some risk. They have to deal with the reality of day to day risk, which normally presents itself as data loss through hardware failing, data corruption or accidental data deletion.

Here are some thoughts to a simple blanket solution that turns a blind eye to the more exceptional risks, but covers the likely events:

• Ensure all hardware, have good manufactures warranties. Typically this would be three years cover with four hour response or next business day at least
• Ensure all business critical software has support from the suppliers, and be clear what that support offering actually is
• Protect all vital physical equipment from theft
• Protect key equipment from electrical surges or outages
• Backup key data- this is a large subject matter on its own but a good disaster recovery plan is vital and it must be multi layered (i.e. don’t rely on one system). Remember though a backup is only as good as the last restore!
• System administration. Ensure you either have qualified professional IT staff, or use an industry certified outsourced IT Support Company, who can maintain system integrity and security to ensure no risk is presented through viruses, spyware, hacking or incorrect access to data etc. Ensure you have a service level agreement with your IT department, so you know likely response times in the event of things going wrong.

In summary, IT Risk Management is largely common sense, but ensure you seek the right IT professionals to help guide you through the possible scenarios and the solutions. From this you will strike that balance of risk versus cost, and ultimately your peace of mind!

Tags: ,
Posted in IT Security | No Comments »