3 years ago

Computerworld Hong Kong -

Computerworld Hong Kong -

CWHK awards:

CWHK awards: networking and securityThe second in a series of CWHK Awards previewsSoftware technology is featured in this month’s CWHK Awards preview—networking and security. Who will walk away with crystal-star-statues at the 2011Computerworld Hong Kong Awards?Stop boss from spying on youPrivacy may be dead, butthat doesn’t mean you have toenjoy having your every electronicmove tracked by yournosy manager. If you use acompany-supplied PC on acorporate network, you’re almostcertainly being watched. But with abit of forethought and some of your owngear, you can enjoy a little digital libertyin the workplace.PC monitoringIn corporate-security speak, the softwarethat monitors what’s happening onyour PC falls under the general headingof endpoint security. The term refers toeverything that goes on between you andyour machine, from how you use yourcomputer to the way the software on itworks to the physical location of the system.Your IT department needs to knowwhat’s up with your PC (and you) tomake sure the computer doesn’t fall preyto malware, putting company data at riskand potentially harming the business.Use your own machine…withgood excusesThe best way to get around PC monitoringsoftware is to sidestep it entirelyby using a PC that only you control. Inother words, bring your own laptop. Ifyour boss asks why you’re not using theone Big Brother issued you, say that thekeyboard makes your wrists hurt.By Robert Strohmeyeryour keyboard to basically every otherpiece of equipment on the corporatenetwork. In some offices, even the copymachine keeps tabs on you. At the veryleast, all of your network use is likelybeing logged somewhere. To avoid havingyour browsing tracked, you need toget off that network.Thanks to the proliferation of 3G and4G data services, it has never been easierto enjoy a little semiprivate (nothing istotally private) Web surfing from the office.Even if you’re out of the office, or ifyou work remotely, your Web activitycan still be tracked whenever you connectto the company’s virtual privatenetwork. The solution here is simple:Disconnect from the VPN wheneveryou’re not using it, and stick to worktasks while you are connected. This isgood practice anyway, since you haveno solid reason to stay connected to theVPN when you don’t need it.In the grand scheme, of course, there’sno such thing as online privacy. And althoughI know it’s none of my businesswhat you do with your time at work, itactually is—both literally and legallyspeaking—your boss’s business. Justuse your best judgment, and don’t getyourself into trouble. 3Get off network monitoringYour work PC is only the first link ina chain of surveillance that extends from32 Computerworld Hong Kong April 2011

Critical NASA network was open to Internet attackSix NASA servers exposedto the Internet had critical vulnerabilitiesthat could haveendangered Space Shuttle, InternationalSpace Station andHubble Telescope missions—flaws that would have beenfound by a security oversight program theagency agreed to last year but hasn’t yetimplemented, according to a report by theagency’s inspector general.NASA’s CIO Linda Cureton says shehas patched the vulnerabilities, but IGPaul Martin found that NASA still hasno ongoing program for spotting andcorrecting similar problems as they ariseBy Tim Greene, Network World (US)and is giving itself until the end of Septemberjust to come up with a plan, accordingto the report titled “InadequateSecurity Practices Expose Key NASANetwork to Cyber Attack.” The deadlinefor the plan is Sept. 30.The six vulnerable servers were associatedwith IT projects that controlspacecraft or contain critical NASAinformation, the report says. The auditalso found other servers that exposed encryptionkeys, encrypted passwords anduser-account information, all of whichcould enable attackers to gain unauthorizednetwork access. The report didn’tassess the agencywide network that isn’tdirectly used for missions.“These deficiencies occurred becauseNASA had not fully assessed and mitigatedrisks to the network and had notassigned responsibility for IT securityoversight to ensure the network was adequatelyprotected,” the report says. “Asecurity breach of a moderate- or highimpactsystem or project on this keynetwork could severely disrupt NASAoperations or result in the loss of sensitivedata.”One server was found vulnerable toFTP bounce attacks, which if exploited,“could have significantly disruptedNASA’s space flight operations andstolen sensitive data,” the report says.Other servers weren’t securely configured,exposing the encryption keys,encrypted passwords and user accountlists to attackers.The IG says NASA didn’t know aboutthese problems but could have if it performedbroad risk assessment, part of theagreed-to security program. “As a result,NASA’s Agency-wide mission networkwas vulnerable to a variety of cyber attackswith the potential for devastatingadverse effects on the mission operationsthe network supports,” the report says.In addition to the oversight programon Internet-connected servers, NASA’sCIO promises she will start a pilot programby Aug. 21 for spotting risks onthe rest of NASA’s networks that don’thave Internet connectivity.The IG performed port scans usingNmap and manually verified open ports.It also performed NESSUS vulnerabilityscans. 2011 Computerworld Hong Kong 33

Hong Kong's Source of IT Insight -
Hong Kong's Source of IT Insight -
Hong Kong: IT innovation hub? -
Hong Kong Computer Society -
Hong Kong's leading CIOs of 2011 -
Hong Kong security vendors: FAIL -
Hong Kong's premier awards return -
Hong Kong
hong kong
But wait, there's hope... HONG KONG'S - Hong Kong Refugee ...
Pharmaceutical advertising in Hong Kong - Hong Kong Baptist ...
The Heart of Hong Kong's Business District - The Hong Kong ...
Hong Kong
Hong Kong in brief
Doing Business In Hong Kong
The Hong Kong Geriatrics Society