Small companies can now affordably be spread across the globe, and big companies can now have inter-office collaboration on a daily basis. But all of that interconnectedness relies in large part on our ability to protect the networks that create those connections.

Security threats to SMBs are just as real as they are to enterprise organisations. Unlike large enterprise organisations, small-to-medium sized businesses (SMBs) face multiple security threats with often limited resources to protect assets, data and customer information. Here’s a list of the Top 10 leading security threats that SMBs currently face:

10: Insiders - In many SMBs, business records and customer information is often entrusted to a single person. Without adequate checks and balances, including network system logs and automated reports, data loss from within can stretch over long periods of time.

9: Lack of contingency plans - One of the biggest threats to SMBs relates to the business impact of post-hack, intrusion or virus. Many SMBs lack a data loss response policy or disaster recovery plan, leaving their business slow to recover and restart operations.

8: Unchanged factory defaults - Hackers publish and maintain exhaustive lists of default logins (username and password) to nearly every networked device, and can easily take control of network resources if the default factory configuration settings are not changed.

7: The unsecured home - In many small businesses, employees often take laptops home to work. In an unsecured home network environment, a business laptop can be dangerously exposed to viruses, attacks and malware applications.

6: Reckless use of public networks - A common ruse by attackers is to put up an unsecured wireless access point labelled, ‘Free Public Wi-Fi’ and simply wait for a connection-starved road warrior to connect. With a packet sniffer enabled, an attacker stealthily sees everything the employee types, and is then able to utilise that data for personal gain.

5: Loss of portable devices - Much SMB data is compromised every year due to lost laptops, misplaced mobile devices and left behind USB sticks. Although encryption of mobile device data and use of strong passwords would mitigate many of these losses, many SMB users simply fail to secure their mobile devices and data.

4: Compromised Web servers - Many SMBs host their own Web sites without adequate protection, leaving their business networks exposed to SQL injections and botnet attacks.

3: Reckless Web surfing - Now more than ever, malware, spyware, keyloggers and spambots reside in innocuous looking Web sites. Employees who venture into ostensibly safe sites may be unknowingly exposing their business networks to extreme threats.

2: Malicious HTML e-mail - No longer are attackers sending e-mails with malicious attachments. Today, the threat is hidden in HTML e-mail messages that include links to malicious, booby-trapped sites. A wrong click can easily lead to a drive by download.

1: Unpatched vulnerabilities Open to Known Exploits - More than 90% of automated attacks try to leverage known vulnerabilities. Although patches are issued regularly, a short staffed SMB may likely fail to install the latest application updates and patches to their systems, leaving them vulnerable to an otherwise easily stopped attack.

Source: www.itreviewed.co.uk

Language: English
FileType: PDF
File size: 11654 KB

Product Description:

End-to-End Network Security

Defense-in-Depth

Best practices for assessing and improving network defenses and responding to security incidents

Omar Santos

Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity¨Call blurring the boundaries between the network and perimeter.

End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds.

End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters.

Windows 2000 & XP machines delay as long as 30 seconds when you try to view shared files across a network because Windows is using the extra time to search the remote computer for any Scheduled Tasks.

Here’s how to prevent this remote search for Scheduled Tasks:

Open up the Registry and go to :

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/RemoteComputer/NameSpace

Under that branch, select the key :

{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

and delete it.

If you like you may want to export the exact branch so that you can restore the key if necessary. This fix is so effective that it doesn’t require a reboot and you can almost immediately determine yourself how much it speeds up your browsing processes.