quinta-feira, 6 de setembro de 2012

A REAL STORY 
Alarming results were announced after a recent survey conducted by the Ponemon Institute Research and Juniper Networks. The result is related to what we have seen in the media recently, hackers are almost always successful in their efforts to invade a site, and stopping them is no easy task.The news shows that 90% of companies suffered some kind of attack in the last 12 months. Over 77% have suffered attacks had actually internal problems due to the success of hackers in the invasion. 
Respondents reported having a very low confidence in their ability to prevent attacks. Many believe that simply are not prepared.53% believe they will also face some kind of attack in the next 12 months.Attacks on websites are often using classic vulnerabilities as "SQL Injection and Cross Site Scripting (XSS). 'What are the biggest barriers to implementing an effective security strategy?Almost half (48%) of companies surveyed said they found safety procedures too complex to implement. Another 48% also mentioned the lack of resources. Companies are looking at the cost of safety procedures and practices complex and analyzing them as expensive to implement.Thus check the possibilities are cheaper.Vulnerability scanners are becoming an ever more effective in detecting faults and take corrective action with reduced cost.As for the consequences of these attacks, companies are seeing that the theft of information and business interruption losses are more severe. With so much money being lost in violations, companies need to invest more money in more preventative security measures even with reduced cost."What we see is that in today's environment, systems" hacked "is almost a statistical certainty.
"A real fact. He warned that there would be an invasion sites in the corporation, but no one took action.On several occasions the analyst SI informed the IT developments that had vulnerabilities in web sites of the corporation. He analyzed, identified, reported and pointed out that should be considered for settlement, however was not granted.Months passed and patch updates were installed, new devices were placed to improve perimeter security, however the application was not a single line of code updated for protection, only lines to improve customer service and streamline the business. How many of you have heard this story.
When this occurs, IT loses itself, along with the corporation, she takes the blame for failing to observe safety guidelines and parameters in its internal development.A notification of security is proactive rather than an invasion and consequent graffiti site developed, Be it outsourced or internal development, the role of SI is also possible to analyze vulnerabilities and liable.An example worthy hit occurred on one occasion, when an analysis done on a Brazilian site in the U.S.. The analysis showed more vulnerability on the site than holes in Swiss cheese. A notice sent to holders of the site in this country warned that the problem for biggest surprise was resolved in just over two weeks. Impressive concern and best for the Corporation as the situation was resolved in a timely manner.The same situation occurred in the corporation with a website only available in Brazil has not had the same attention and resolution of vulnerabilities. Guess what happened to this site?La was a graffiti Brazilian to traditional modes of usual invaders.

quarta-feira, 22 de fevereiro de 2012

Access Control.


I never imagined how big of a problem when a corporation has no control over the access control. I leave aside the physical control for another opportunity. At this time I will talk a little about Access Control.We live in a globalized world where converge within the IT Access Control to see that if there is investment in controls, fraud and other threats actually happen.Evaluating closely, few companies are in full growth they realize the need and true value to the control accounts and passwords of its employees, in addition to other controls, such as web usage, firewalls, file servers, applications and many others. .. It is a fact that companies in UP should prepare for a dark future if you do not have their appropriate controls, even if they are manual. The major market players are there, prepared to a high price for La to meet this demand for SSO (Single Sign On) and IDM (Identity Manager), manager identities. In fact, few companies to invest in automation due to its high investment. When then we have a small but growing the most striking fact is a function of cost versus benefit. This is why the Small Midsize companies, still opt for their manual control and minimizing the risks often with a good tone.A well defined policy guidelines to joining processes and bound, but can help to small businesses currently make use of its manual controls specific to the ACCESS CONTROL. It is true that one day at a time when the company took shape and became a big corporation does not have doubts that automation will be needed because the number of applications grows with the company.Specific projects related to Information Security Access Control to split today is a troubled sea of ​​growing businesses. Owners of their vision should be no doubt while criticizing not only healthy for themselves and for the healing of threats. Not that we can eliminate threats, but minimize them to a risk at least not so onerous.The vision 5W1H is old but will live for many years questioning the assets of a corporation. Measures and countermeasures should be evaluated.Unprecedented access to back office systems through the Web have reduced costs but hidden threats if no control privileges. We must enforce access policies to users, proxies and Web Services that perform operations on behalf of users who really are true.When the environment becomes large and distributed is a sign that the corporation is leaving the small and medium enterprises to become something huge and observance of appropriate controls is required. Escape from the automation is a matter of time. It is necessary to evaluate policies inhibition of threats based on risk. It's like Projects, no monitoring and control, your project danced .....

domingo, 12 de fevereiro de 2012

SKIMLINKS