Controlling remote access tool usage in the enterprise

Palo Alto Networks’ recent advice on controlling remote access tools in the enterprise was prompted by Google releasing a remote desktop control feature for Chrome, which also has the ability to be configured “to punch through the firewall.”

As Palo Alto Networks points out, the 2011 Verizon Data Breach Report showed that the initial penetrations in over 1/3 of the 900 incidents analyzed could be tracked to remote access errors.

Here are Palo Alto Networks’ recommendations:

  1. Learn which remote access tools are in use, who is using them and why.
  2. Establish a standard list of remote access tools for those who need them
  3. Establish a list of who should be allowed to use these tools.
  4. Document the usage guidelines, complete with ramifications of misuse and educate ALL users.
  5. Enforce the usage using traffic monitoring tools or better yet, a Palo Alto Networks next-generation firewall.

 

 

Google+ Gets a “+1″ for Browser Security | The Barracuda Labs Internet Security Blog

Google+ Gets a “+1″ for Browser Security | The Barracuda Labs Internet Security Blog.

Barracuda compares Google+ vs Facebook with respect to SSL and Secure Headers. Google+ wins.

Zscaler reports on ‘blackhat’ SEO numbers for December 2010

Zscaler reports on ‘blackhat’ SEO numbers for December 2010.

One of the Social Engineering risks a user must cope with is malicious web page links that show up in Google searches. Google is aware of this problem and works to weed out the “blackhat” website pages that attempt to fool Google’s algorithms.

While Google’s efforts are improving, Zscaler is reporting that in December 2010, Google flagged only 44% of the “blackhat” links that Zscaler identified.

Full disclosure – Zscaler is a Cymbel partner.

Jeremiah Grossman: Internet Explorer 9 ad blocking via “Tracing Protection” — no means yes.

Jeremiah Grossman: Internet Explorer 9 ad blocking via “Tracing Protection” — no means yes..

Last week, the FTC issued a report recommending Congress implement Do-Not-Track legislation to help protect consumer privacy. This week, Microsoft detailed Do-Not-Track” options in the upcoming Internet Explorer 9. Coincidence? Doubtful.

No way Microsoft slammed out the code from scratch in a few short days because the FTC made some recommendation. The IE team clearly saw ad blocking as a good idea despite what they told us before and had ad blocking, errr I mean Tracking Protection, ready to go. Only they might not have had the juice to include it because of the aforementioned road blocks.

Will Mozilla make AdBlock Plus a standard feature of Firefox? AdBlock Plus is the top download in the Privacy & Security category with overd over 100 million downloads. It has over 8 million daily active users and a 5 star rating with over 2,000 reviews.

Will Mozilla try to match or exceed Microsoft? How will Google react?

Are we going to see a major shift in Internet advertising so it’s more akin to email marketing?

I think we’re witnessing the beginning of a whole new chapter in the ongoing browser war. Now we must ask, when and if Mozilla is going to add the functionality of their #1 extension natively into their browser? How can they now not do so? Can Firefox’s market-share position afford Internet Explorer to be more advanced in privacy protection features? We’ll have to wait and see what they say or do. I’m hopeful they’ll come around as Microsoft did. Even more interesting will be how Google reacts. AdBlock is their most popular add-on as well. The bottom line is these are very good signs for everyone on the Web.

Time for security protection on smartphones?

Critical vulnerabilities appearing in both iPhones and Android phones point to the need for third party security products.

Apparently Juniper and McAfee think so. Juniper recently announced that it was acquiring SMobile Systems for $70 million. McAfee acquired TenCube. Another product in this space is Lookout.

Finally, which operating system do you think is more secure? Do you prefer closed vs. open source? Here is a recent article from Network World discussing this issue.