OnlyHardwareBlog

General discussion, news & views about Hardware

Posts Tagged ‘security’

The private cloud security problem

March 21st, 2012

Cloud computing brings unquestionable benefits, but amid all of the congratulatory rhetoric, it is important to understand the dangers so that we can prepare for them. In this series of three blog posts, I’ll explain those dangers, and create a security vision for IT departments to counter them. Finally, I’ll explain how log management must be used to tie broader security management tools into the cloud.

Many companies, especially larger ones, may not be ready to hand their computing infrastructures over entirely to third party providers as part of the public cloud. Instead, they may choose to take advantage of private cloud technology, which provides a useful alternative.

Private cloud technology gives companies the best of both worlds. They enjoy many of the benefits of cloud computing, including elasticity of storage and computing resources, and reduced capital expenditure on hardware. They get to retain control of the computing infrastructure that they own, which ostensibly reduces the security risks associated with having a company outside their control manage computing resources.

However, the security issues don’t entirely disappear into the cloud. They simply change form.

Private clouds are designed to appear like a black box to the end-user. They can be pulled and tweaked to extract the resources that the customer wants, when they want. But the inverse is true to the IT department. It needs to understand the inner workings of its infrastructure so that it can make critical decisions. The end user’s perception of the cloud as a black box doesn’t change that requirement.

IT departments are grappling with the need to keep track of all aspects of their cloud infrastructure, so that they can keep control of their security. The moment that they stop watching their private cloud is the moment when they can no longer be sure of its security. On top of all the other issues associated with private cloud deployments, IT departments are faced with questions such as: “how do we log all of our cloud-based activities for subsequent event analysis?” and “When we turn something off in the virtual environment, how do we maintain that data in a specific manner?”

These questions have particular relevance in areas such as compliance, which will attract the attention of senior business management. IT departments must be ready to answer them. In the next two blog posts, we’ll explain how.

Source:http://blogs.computerworlduk.com/cloud-vision/2012/03/the-private-cloud-security-problem/index.htm

Comments Off »

Posted in Hardware News

Tags: Cloud security

How to Build Multiple Layers of Security for Your Small Business

February 27th, 2012

Share

Most of us have heard about the concept of building a defense in depth in order to protect computer resources from black hat hackers. The idea revolves around the use of multiple defenses to thwart, or at least limit, the damage arising from a potential security breach.

Given the rapid pace of change in the security sector, some executives may have difficulty naming the specific safeguards that their companies deploy. This guide aims to shed some light on some of the more common aspects of computer security, and also serve as a checklist to identify potential areas upon which to improve.

1. Network firewall

The first line of defense against unwelcomed visitors would surely be the firewall. At one point, the use of dual firewalls from different vendors was all the rage, though the creation of a DMZ (Demilitarized zone) appears to be more popular these days. Internet-facing servers are typically placed within the DMZ, where they are encumbered by fewer restrictions and lesser monitoring than the internal corporate network.

There are actually a few different types of firewall implementations. For example, consumer-grade routers typically make use of Network Address Translation (NAT), which was originally created to address the problem of limited IPv4 routable addresses. Because the identity of hosts is obfuscated, NAT is often said to offer firewall capabilities.

At a minimum, a proper firewall typically offers packet filter technology, which allows or denies data packets based on established rules relating to the type of data packet and its source and destination address. Stateful packet filter firewalls conduct what is known as stateful packet inspection (SPI), which tracks active connections to sieve out spoofed packets, a superior approach to the stateless packet filtering firewall. Finally, a firewall operating on the application layer understands application-level protocols to identify sophisticated intrusion attempts.

A heightened security awareness and an increase in ecommerce have led more users than ever to use encryption to protect against third-party snooping. Paradoxically, this has resulted in lower visibility of network traffic at a time when more sophisticated malware varieties are resorting to encryption in order to conceal themselves from a casual inspection.

2. Virtual Private Network

Employees who need to access company resources from unsecured locations such as public Wi-Fi hotspots are a particularly vulnerable group. Such workers will be well served by a virtual private network (VPN) connection in order to protect the confidentiality of their network access. A VPN channels all network traffic through an encrypted tunnel back to the trusted corporate network.

As a downside, a VPN can be complex for a small business to deploy, and is costly to support due to the overheads of authentication, processing and bandwidth. Moreover, it is also vulnerable to the theft of physical authentication tokens — or authentication technology, as was the case with the compromise of RSA’s SecurID technology last year. Finally, stolen and lost company laptops with preconfigured VPN settings can become potential gateways for unauthorized access.

3. IDS and IPS

An intrusion detection system (IDS) is a network-centric strategy that involves monitoring traffic for suspicious activities that may indicate that the corporate network has been compromised. On its simplest level, this may entail the detection of port scans originating from within the network or excessive attempts to log into a server. The former could be indicative of a compromised host being used to perform initial reconnaissance, while the latter could well be a brute-force attempt in progress. On more advanced network switches, IDS monitoring of network traffic may be enabled by port mirroring, or via the use of passive network taps.

Then an intrusion prevention system (IPS) is usually deployed in-line in order to actively prevent or block intrusions as they are detected. A specific IP address could be automatically blocked off, with an alarm sent to an administrator.

4. Malware Detection

The cat-and-mouse game of malware detection is very much a linchpin of the $22.9 billion enterprise security software market projected for 2012. Malware scanning performed on client devices relies on the processing capabilities of individual devices to check for threats. Business-centric versions typically include some form of central management used to push out new definition updates and implement simple security policies. Malware products specifically optimized for servers are also available, though they are not particularly popular, as businesses are understandably loathe to deploy anything that saps the processing cycles of expensive server hardware.

Given that most malware infestations are a direct result of a user action, the typical anti-malware package has also evolved into comprehensive suites that attempt to offer protection against multiple threat vectors. This may include a component to scrutinize a URL link prior to launching it, or email and browser plug-ins that do the same to file attachments. In addition, anti-malware suites are increasingly bundled with a software-based firewall, spyware detection and even spam filtering.

5. Whitelisting

Whitelisting is an anti-malware defense implemented on client devices much like traditional antivirus software. Instead of attempting to identify known malware, however, whitelisting only allows known files to be executed. This necessitates an initial baseline scan to construct a database of whitelisted applications, to which new applications can be added over time as they are installed.

Though promising, whitelisting has been plagued by various practical problems that have hindered its adoption in businesses. Situations may arise, for example, in which critical file dependencies were not properly identified, resulting in application crashes or an improper installation, as they were prevented from loading. Also, whitelisting may be less useful against exploits that leverage the use of specially created documents or other non-executable files. Finally, employees who are in a hurry may simply disregard warnings and opt to add everything, including malware, into their whitelist.

To be fair, whitelisting software has seen tremendous improvements over the years. Today, most whitelisting software applications will recognize commonly used applications upon installation and are hence capable of building an initial whitelist very quickly and with minimum interaction from users. It is important to ask question whether whitelisting software can coexist with traditional antivirus software. The answer varies, though some whitelisting products do advertise their compatibility with antivirus applications.

6. Spam Filtering

Though spam is not traditionally considered within the domain of computer security, the lines are getting blurred given the increasing number of spear phishing attacks used by hackers to sneak Trojan or zero-day malware into corporate workstations. In addition, there is also evidence to suggest that users who deal with a high volume of emails are more susceptible to being taken in by a phishing attempt. It is clearly in the interest of the IT department to filter out as many bogus email messages as possible.

There are many ways to deal with spam, which may entail channeling all incoming email messages through a specialized cloud service provider, a server-based spam filtering software, or dedicated anti-spam appliances deployed within the DMZ.

7. Keeping Software up to Date

Ensuring that software updates and security patches are kept up to date is widely acknowledged to be an important defense against security breaches. The reason is simple. Though vendors do not typically release the full details of new security flaws, the proffered guidelines and the release of the security patches are often sufficient for black hats to reverse engineer a particular vulnerability. Depending on the nature of the security flaw that is identified, an exploit could potentially be written in days.

This becomes a problem in larger SMBs, which may make use of wide range of software applications or in-house tools that depend on various third-party tools or codebases. It is hence not uncommon for new software updates or security patches to be overlooked, thus opening up a window of vulnerability. The increasing variety of software that is capable of updating itself over the Internet may somewhat alleviate this problem. However, it should be noted that automatic updating may not be a desirable behavior in mission-critical production environments. To that end, businesses need to implement appropriate processes to identify and test new updates in a timely manner. 8. Physical security

Physical security is a crucial factor that cannot be overstated. After all, given physical access, practically every security or network appliance can be reset to its factory default. In addition, unsecured Ethernet ports may also offer a direct line past the firewall and other perimeter defenses, though that access can be mitigated to an extent with managed switches configured to deny access to unrecognized MAC addresses. Another concern within server rooms is the theft of hard disk drives from hot-swappable bays of storage appliances or servers. Given how passwords files can be deciphered relatively easily from stolen storage devices, server closets or server rooms should be kept locked at all times, and access granted only to authorized staffers.

We have only touched on some of the most common aspects of security deployments. There are obviously many others, such as the importance of user education, independent security audits and the value of a good IT policy. The presence of comprehensive logging and auditing will also help greatly in identifying sources of a breach.

The important point here is that security is a multi-faceted topic that is constantly evolving. Small and mid-sized businesses need to ensure that they do not rely on a single mechanism to stay secure, and that they stay up to date on the latest security offerings available.

Source:http://www.pcadvisor.co.uk/news/network-wifi/3339736/how-build-multiple-layers-of-security-for-your-small-business/

Comments Off »

Posted in Hardware News

Tags: Business security

Security Manager’s Journal: You can’t secure every employee’s home

January 24th, 2012

Share

We recently deployed RSA SecurID software authentication tokens to replace the hardware tokens we had been using to provide strong authentication for remote access via a VPN client. Hardware tokens are more secure for two-factor authentication in some ways (but not in every way, as you’ll see), but the software tokens can be used on mobile devices such as phones; they are much less expensive; and they can be deployed more quickly and easily. What’s more, when a user no longer needs access, it’s much simpler to disable a software token than it is to retrieve a hardware token from somewhere like China, Russia or India.

Of course, RSA suffered a notorious security breach last year, but after I was briefed on the details, I felt comfortable moving forward.

Deployments such as this software token rollout can be interesting, because you have a chance to learn about some scary practices that had been going on without your knowledge.

For example, once employees got word that their hardware tokens will no longer be operational, some of them started asking for software tokens to be installed on their home PCs and Macs. Clearly, they had been taking advantage of the fact that the hardware tokens could be used with any computer. Our VPN client allows full network access, and that, combined with our lack of Network Admissions Control, meant that we were ending up with untold numbers of noncompany computers on our network. Naturally, I can’t vouch for the integrity of any of those noncompany assets. Home PCs are often used by family members and other people, any of whom might install untrusted applications, click on things they shouldn’t and end up infecting our internal production network.

I’m also concerned about protecting intellectual property, which is my responsibility. We are free to inspect the contents of any device we have issued to our employees, but we have no legal right to inspect any personal device, even if that device is connected to our network. In addition, laws are vague in some states and countries regarding our ability to monitor activity when an employee is using a personally owned device. If such an employee were to leave the company, our intellectual property could easily go with him.

For good measure, let’s throw in the risk of license compliance issues.

Help Desk Too Helpful

While employees might not be aware that they shouldn’t be connecting to the network from their own PCs, our help desk personnel should know that, right? Truth is, they’ve been helping employees install the VPN client on their home PCs. As an experiment, I called the help desk with an urgent request for access from my home PC. They actually sent me the full VPN client and walked me through the installation on my computer. After that experience, I reviewed some help desk tickets and found that the techs had also assisted in the installation of the VPN client on PCs at public Internet kiosks and hotel lobbies.

These exception requests are being met with a stern response. If an employee needs to access our network from home or another remote location, then the company needs to issue that employee a laptop. In many cases, the employee already has a laptop and is just too lazy to take it home or prefers using a Mac. But until we deploy a more secure method of remote access, such as a virtual desktop environment or a sandboxed VPN, I will hold the line against these sorts of exceptions.

Source:http://www.computerworld.com/s/article/9223574/Security_Manager_s_Journal_You_Can_t_Secure_Every_Home?taxonomyId=17

Comments Off »

Posted in Hardware News

Tags: Manager's security

DARPA seeks to blend biometrics with passwords in DOD cyber security without new hardware

January 16th, 2012

Share

Military information security experts at the U.S. Defense Advanced Research Projects Agency in Arlington, Va., are asking for industry’s help in developing ways to blend biometrics into U.S. Department of Defense (DOD) military cyber security systems without installing new hardware. The intent is no only to save time and money, but also to help bolster existing DOD computer security that relies primarily on requiring uses to type in long and complex passwords.

DARPA on Friday issued a broad agency announcement (DARPA-BAA-12-06) for the initial phase of the Active Authentication program to develop software-based biometric approaches to verify the identities of authorized DOD computer users not only at login, but also throughout the courses of the users’ computer sessions.

The Active Authentication program seeks to change the DOD’s current cyber security focus from user passwords and common access cards when validating identity on DOD computer systems. Instead, the program seeks to focus on software-based user biometrics that does not require installation of new cyber-security software.

DARPA is particularly interested in user biometrics such as eye tracking on the page; the speed with which the individual reads content; methods and structure of e-mail and other communications; keystrokes; how the user searches for and selects information; and how the user reads the material he selects. These observable traits, taken together, can create a cognitive footprint of the user.

Using this kind of cognitive footprint to verify the identity of DOD computer users would replace or augment using long, complex passwords and common access cards. Today’s approaches, DARPA officials say, only verify’s the user’s identity at login, and have no way to verify the user originally authenticated is the user still in control of the keyboard. As a result, unauthorized users may improperly obtain extended access to information system resources if a password is compromised or if a user does not take adequate measures after initially authenticating at the console.

The Active Authentication program will be in three phases, and this solicitation pertains only to the first phase, which focuses on new ways of capturing the cognitive fingerprint by using biometrics that do not require the installation of additional hardware for information security.

Later, the program will focus developing a solution that integrates any available biometrics using new authentication suitable for deployment on a standard DOD desktop or laptop computer. Future solutions must be developed with open Application Programming Interfaces (APIs) so other software or hardware biometrics available in the future could be added.

Companies interested in participating should submit proposals no later than 6 March 2012.

Source:http://www.militaryaerospace.com/articles/2012/01/darpa-seeks-to-blend-biometrics-with-passwords-in-dod-cyber-security-without-new-hardware.html

Comments Off »

Posted in Hardware News

Tags: Cyber Hardware new security Without

McAfee Predicts the Potential Security Threats in 2012 for Windows 8

December 30th, 2011

Share

McAfee a well known entity in computer security has released their predictions for the upcoming threats for the year 2012.The PDF which was released recently predicts the upcoming security threats for mobiles,embedded systems and the computer specific threats including the rootkits that might pose a threat for the upcoming Windows 8 Operating System slated for release in the second half of 2012.

The report also acknowledges the efforts Microsoft have put to make the next and the best operating system till date to make it fool proof against any sorts of attacks,but it also raises a concern about the hackers growing interest in hacking into the system using the rootkits ,Neowin reports.

Rootkits are used to subvert both the operating system and security software, while bootkits attack encryption and can replace legitimate boot loaders. These are advanced techniques to intercept encryption keys and passwords, and even subvert driver-signing defenses employed by some OS’s. Attacking hardware and firmware is not easy, but success there would allow attackers to create persistent malware “images” in network cards, hard drives, and even system BIOS. We expect to see more effort put into hardware and firmware exploits and their related real-world attacks throughout 2012 and beyond. Advances in the Windows 8 bootloader security feature have already caused researchers to show how they can be subverted through legacy BIOS; meanwhile, the product has not even been fully released yet.

We have already seen the first BootKit for Windows 8 which was demonstrated at the MalCon conference in india earlier this year,though the maker of the Bootkit handed over the code and some suggestions to Microsoft which will benefit the operating system to be more secured than before,we can expect a polished product from Microsoft in the later part of the year.

Source:http://windows8beta.com/2011/12/mcafee-predicts-the-potential-security-threats-in-2012-for-windows-8

Comments Off »

Posted in Hardware News

Tags: McAfee security

The top five SME security challenges

November 2nd, 2011

Share

Best practice in information security and compliance for small and medium-sized enterprises (SMEs) is often seen as a headache and a “grudge purchase”, but SMEs are facing the same threat landscape as larger organisations – but without their budgets.

SME IT leaders met at a Computer Weekly roundtable event, in association with Dell SecureWorks, to discuss the challenges they face around data protection, compliance and the cloud and how to make their organisations secure without following expensive, outdated methods.

The cloud security risk for the SME
Security regulation compliance for SMEs
The changing SME threat landscape
Security education and training for SMEs
ISSA5173 security standard targets SME needs

The cloud security risk for the SME

The cloud is a technology many SMEs are interested in because of the benefits of flexibility, pay-for-use and reduced hardware investment. But there remain questions over its security.

David Lacey, director of research at the Information Systems Security Association (ISSA-UK) said the cloud is a good solution for SMEs if they choose professional, reliable service providers.

“Big companies don’t like the cloud as they can’t get legal assurance from the regulators,” Lacey said.

However, Alan Coburn, director of security and risk consulting at Dell SecureWorks, is more sceptical.

“Who’s responsible for security in the cloud? It is a personal decision, but I am very wary of putting personal information into the cloud,” Coburn said.

Steve Nicholls, technical architect at Ingens, said there had been no major security breach of the cloud, but it could only be a matter of time as cyber criminals wait for the right moment to strike.

“There have been no security scares yet as hackers want everyone to put all their data in the cloud and then do a land grab and get out, which is why it’s quiet for now,” Nicholls said.

Security regulation compliance for SMEs

Compliance is a painful process for many SMEs. The Data Protection Act and PCI-DSS payment card regulations were criticised as time-consuming and expensive.

However, there is no avoiding compliance, even if it does not necessarily lead to better security.

“Before, compliance was not expected but now it is an issue. The world of compliance is not security – it’s a mad world,” said Lacey.

Peter Vangeen, owner of Corporate Chauffeurs, is going through PCI-DSS compliance because his bank asked him to do so.

“It is a lot more complicated than I thought. I have a 48-page document with the best part of 400 questions. I started at question one and gave up at question seven. The whole process for SMEs is very difficult, is huge and costs money and I wonder how different security will be at the end from how it is now,” Vangeen said.

“Compliance is about covering yourself, passing on the problems and ticking all the boxes,” he said.

“I’m running a business. Reading through 400 questions that are meaningless to me is not a way to spend my time. I want to look after customers which I have done for 20 years without a security issue. The tick-box culture large companies perpetuate and wrap up in corporate speak is meaningless for SMEs.”

But Eamonn Sheridan, IT director at Citybond Holdings, said: “If you wade through security guidelines, there are good practices.”

Dell’s Coburn said he can see why PCI-DSS was created – because organisations are not putting the necessary controls in place – but said SMEs should work with trusted advisors on compliance.

“One organisation asked us how much is too much credit card data? But the standard doesn’t prescribe how much is too much. That organisation had been given different advice which could have cost them hundreds of pounds,” Coburn said.

SMEs should try to understand where their assets are and focus security controls there. “It is better than a scattergun approach,” he said.

Andy Bover, head of ICT at finance company 1st Credit, agreed it was important to get the right advice.

“Be wary of any consultant who doesn’t ask you why you need to hold credit card data. There is very little business case for retaining cardholder details,” Bover said.

However, the main benefit of compliance is to get the attention of the board, because the CEO must sign a top-level policy document to ensure confidentiality and integrity to comply with standards such as ISO 27000, said Bover.

“It is signed by the chief executive and if a weakness is found, the chief executive is in court. This is positive, as it means my chief executive will commit to IT expenditure to see it happens, and will say to the CFO, you need to spend money on that,” he said.

The changing SME threat landscape

Like many IT security firms, Dell SecureWorks is constantly surveying the changing threat landscape. Coburn said SMEs are increasingly being targeted, but many believe they are under the radar and not in the sights of cyber criminals.

“Malware is becoming more sophisticated. Aurora and Stuxnet are very sophisticated, all targeted at siphoning financial information,” he said.

Dell SecureWorks trawls the internet and monitors hacker forums to work out the next threat to protect its 3,500 clients’ security.

“We see on average about 50 security events per year per customer which we have to phone or alert someone to. That’s an event every week. If you’re not getting a call, are you any different from those organisations?” Coburn asked.

Ian Crofts, IT director at JBW Group, said revenge hacking is also a worry.

“It’s easy to annoy someone enough to make them want to target you,” Crofts said.

Lacey said organised crime and intelligence services are increasingly targeting smaller companies and looking for useful information about contracts: “There are a large number of targets and criminals are going broader and deeper.”

Bover said most SME IT professionals understand the risks, but their struggle lies in convincing senior executives of the threat.

“They would give you a different answer about being small enough to be below the threat radar,” he said.

Security education and training for SMEs

Constant education and training around IT security is necessary to help reduce human error.

Vangeen said that, even after achieving PCI-DSS compliance, access to credit card details can occur if someone writes them down on a piece of paper and chucks it in the bin. Staff are trusted, but no company is inviolate.

“There’s nothing the industry can do to solve the problem. Human error lets security down,” he said. “Human error means that someone will always walk out of the building with an unencrypted laptop.”

Bover said the only answer is to remove the opportunity for people to make mistakes: “We have no pens or papers in the call centre. Everything is written on whiteboards which are wiped clean.”

Josko Grljevic, IS director at Thetrainline.com, said: “You can have the best technology in the world, then someone has a chat with the receptionist and gets everyone’s details.”

Coburn said awareness and education are essential parts of security.

“Most secure organisations spend time and money on staff. Until you start training awareness, you are not a secure organisation. Common sense only becomes common sense when you know the right thing to do. Organisations that do it well take the pragmatic approach and do it often without making it boring,” he said.

Lacey said training is more important than security qualifications, which are often just a licence to operate.

“I believe in training and education, not qualifications,” he said.

Coburn said security improvements can pay dividends – but don’t overdo it.

“Don’t try and implement controls of big City organisations,” he said.

“Understand your environment. The challenge is if you have a lot of infrastructure, it is difficult to focus, but start small where you are worried about infrastructure protecting assets that might be targeted.”

ISSA5173 security standard targets SME needs

David Lacey is an information security expert with over 30 years’ experience working as a chief information security officer for organisations such as Royal Mail, Shell and the Foreign & Commonwealth Office.

To combat some of the issues SMEs face, the Information Systems Security Association (ISSA-UK), where Lacey is director of research, is creating a new security standard for small businesses, called ISSA5173.

“SMEs are different from large organisations, not in security threats which are the same, but more in the way they operate. SMEs don’t need paper and labour-intensive controls that big companies like. The new standard suggests looking at policies, procedure and education,” Lacey said.

Lacey said the pressure on SMEs is to grow their business and security is often low on the to-do list.

“Small companies lack knowledge, motivation and money. Security is a grudge purchase and someone else’s problem, but the vast majority of UK business is made up of SMEs. They are the soft underbelly of business,” he said.

Lacey said SMEs will have to get to grips with security because compliance and data protection are high on the agenda of the government and big companies.

“Large businesses are increasingly demanding security and SMEs must get PCI-DSS compliance, for example,” he said.

Meanwhile, the security landscape has changed out of all recognition with the impact of the internet and an increasingly mobile workforce, which has transformed the way people communicate.

“The future of security is complex. We are facing a data Tsunami with a 60% growth in mobile data. The threats are more sophisticated, data breaches more damaging, users have left the buildings and the applications have followed,” said Lacey.

There has been an increase in data legislation around the world because it is citizen-friendly and cheap, but reliance on standards and a herd-mentality towards security is leading to a world of compliance and policies, which doesn’t necessarily improve security, said Lacey.

“Auditors judge against security standards that are outdated, and security is judged on the quality of paperwork and procedures,” he said.

SMEs must avoid following the example of big corporations.

“Big-company thinking is about maximising the security budget, whereas SMEs are frugal, and must think about the customer,” said Lacey.

“SMEs require fast cost-effective control measures and solutions that are easy to manage.”

He suggested SMEs use risk-management to support decisions, not shape them: “Focus on protecting data and standardisation and use independent advisers to manage your interests.”

Source:http://www.computerweekly.com/Articles/2011/11/01/248333/The-top-five-SME-security-challenges.htm

Comments Off »

Posted in Hardware News

Tags: Data security

Why B2B for Network security is Needed

November 2nd, 2011

Share

The road to network security is a long one for any business, with many pitfalls along the way. Human personalities can make life difficult when personal preferences and personalized use profiles intervene with intelligent technical design of a network use plan. The concept of a motive in planning a uniform use of network devices needs to be underlined and emphasized to the staff.

A system that was secure last year is open to newer and newer threats each week, especially with patches, upgrades, physical device upgrades and IT overhauls. The more things change in computer system safeguarding the more things in device and computer desktop security stay the same. Aligning personal interests to the device security is key to motivating personnel to remembering best practices for network security. The market for B2B products and services along this industry channel therefore remains robust.

Employees must be advised repeatedly that the investment in computer integrity and device security is not the employee’s to control. Policy updates to any intellectual property uses of a computer can lead any employee can accidentally or inflict harm on a network even through the purest of motive. For company employees to value the total product of what they do and the mission of their organization means to value the total entity. Thus demand for B2B network security services for companies of all sizes and shapes exists and grows daily.

Device security and online threats to networks via malware, viruses and intrusions are now common knowledge. But the lengths to which a computer sniffer or intruder will go to get into a system via various types of device platforms such as cellphone, smartphone and wireless devices may still surprise even sophisticated computer users. Passing through airports and using business machines on “personal time” can compromise a business machine instantly.

The investment a company makes in its employees awareness of network security via everyday best practices can protect every dollar spent in network security and IT tech. In fact, malicious intruders and device sniffers count n the every day users being “fed up” with safety and conservative computer use habits to break the protocol and be careless. They are waiting with a variety of programmed sniffer technologies and hardware to scan and screen for openings into valuable systems and to allow them to seed harmful programs that can cause damage down the line to companies and individuals.

Ironically, these same employees are disappointed and annoyed when their own retail and institutional commercial credit and business companies and vendors fall short in the security department. Software and technology innovate daily and sadly so do network security threats.