Niche Konsult Limited's Newsletter September 2007 Edition

This email message is being sent to all individuals who have expressed interest in Niche Konsult or Niche Konsult partner products and solutions in accordance with Niche Konsult’s privacy policy. You may opt out of future mails by sending a mail to newsletter@nichekonsult.com with “Unsubscribe” in the Subject line.

View in Browser   Privacy Policy

Feature Story: BlackBerry and GFI - Complimentary Solutions

 

History

It is eight years since the Canadian company Research in Motion (RIM) introduced BlackBerry. The original BlackBerry devices were equivalent to the black and white television sets of bygone days, but today’s BlackBerry supports up to 65,000 colours.

Attraction

A major attraction of BlackBerry is its ability to push email to the user without any action on the part of the user, for this reason many companies use it to provide roaming employees access to email.

In addition to wireless email, it provides full two way wireless synchronization of Microsoft Exchange Server, Lotus Domino and Novell GroupWise calendars, contacts, notes, instant messaging, SMS and MMS plus full web browsing and access to corporate applications.

And since emails are stored on the device, emails remain accessible even if network coverage is non-existent.

The flavours

Three flavours of BlackBerry exist:

BlackBerry Enterprise Server or BES for short

BlackBerry Web Client or BWC for short

BlackBerry Internet Server or BIS for short

The first as the name implies is aimed at enterprises running their own mail servers, and the last two at what RIM prefers to call the ‘prosumer’ short for professional consumer.

BlackBerry Enterprise Server

Companies interested in the tightest possible integration between BlackBerry and their system usually opt for BES. With BES, a direct link is created between the BlackBerry device and the enterprise’s mail servers such that emails are sent to the client the moment the mail server receives them.

BES versions exist for Microsoft Exchange Server, Lotus Domino and Novell GroupWise.

BlackBerry Web Client

The BWC on the other hand costs far less than the BES and is not as fast either since it acts as an email redirector by retrieving emails from the end-users various email accounts (maximum of ten) before forwarding them to the client some 15 minutes after such mails hit the ISPs mail server.

The BWC has a webmail interface, hence the web in its name, meaning in effect that mails may be accessed, replied or deleted on the BlackBerry device, and on any other computer including non-BlackBerry devices. It is older than the BIS. However, the maximum mailbox size was limited to a little above 20 MB.

BlackBerry Internet Server

Just like the BWC, the BWC costs much less than the BES and equally acts as an email redirector, retrieving mails from up to 10 different POP3 email accounts but has no webmail interface. The BIS is the latest entrant into the Blackberry family, it replaces BWC and has no mailbox limit.

How it works

BlackBerry utilises client/server architecture with the handheld device sold by network operators like Globacom, MTN acting as the client that receives the pushed email and either the operator’s mail server or the company’s mail server as the server that pushes the email to the client.

Statistics

November 2004 - 2 million users

May 2005 - 3 million users

December 2005 - 4.3 million users

March 2006 - 5 million+ users

October 2006 - 6.2 million users

April 2007 - 8 million users

Supported networks

BlackBerry devices can be used on both GSM and CDMA networks.

Blackberry on Non-BlackBerry devices

RIM has licensed some BlackBerry functionality to other handset manufacturers, however not all handset manufacturers incorporate the full set of the licensed functionality. With such handsets, BlackBerry Connect is usually installed to enable features such as push email and calendar. However, as the saying goes, nothing is as BlackBerry as a Blackberry.

GFI EndPointSecurity and BlackBerry

 

GFI EndPointSecurity is a security solution that helps you maintain data integrity by preventing the unauthorized transfer of content to and from a number of portable storage devices including:

• USB ports (e.g., Flash and Memory Card Readers, Pen drives)

• FireWire Ports (e.g., digital cameras, FireWire card readers)

• Wireless data connections (e.g., Bluetooth dongles, infrared )

• Optical drives such as CD, DVD and MO (magneto optical) drives both internal and external

• Other drives such as zip drives and tape derives

With GFI EndPointSecurity, Pocket PCs e.g., HP IPAQ and Sony CLIE, Blackberry devices e.g., 8100, 7270 and SmartPhones e.g., Motorola i930 and Palm Treo can also be centrally managed and controlled.

Thus, if your corporate policy falls into either that which does not permit the use of BlackBerrys or permits the use by some only, GFI EndPointSecurity is the tool you need to provide full or read-only privileges or to allow or deny access. For more information, please visit GFI EndPointSecurity Webinar

GFI FAXmaker and BlackBerry

 

GFI FAXmaker is a network fax server for Microsoft Exchange Serer 5.5, 2000, 2003 and 2007; Lotus Domino and SMTP/POP servers which seamlessly integrates with any of the aforementioned mail servers to enable users to send and receive faxes from their mail client such as Outlook or Outlook Web Access just as they do email.

With GFI FAXmaker’s Email2Fax Gateway, the email clients of handhelds like the BlackBerry and PocketPC (2003 upwards) can be used to send and receive faxes as well as fax reports as well. Blackberry devices also have a built-in PDF viewer that seamlessly integrates with GFI FAXmaker’s PDF capabilities.

Since GFI FAXmaker delivers faxes to the user’s inbox in TIF-fax-format or Adobe PDF format, users can check their faxes in PDF format and can even forward such faxes to anybody including those who have an email address but do not operate a fax line! GFI FAXmaker also allows for easy integration with document archival systems or workflow software/procedures.

For more information, please visit http://www.gfi.com/faxmaker/faxfeatures.htm and http://kbase.gfi.com/showarticle.asp?id=KBID002420 

GFI MailEssentials and BlackBerry

 

With GFI MailEssentials (a server based anti-spam and anti-phishing utility) installed on your enterprise mail server or as a relay to your mailserver, mails marked as spam can be configured not to be pushed to BlackBerry servers/clients. For more information, please visit http://kbase.gfi.com/showarticle.asp?id=KBID002696

GFI Network Server Monitor and BlackBerry

 

GFI Network Server Monitor is a network and server monitoring tool that allows administrators to monitor the network for failures or irregularities automatically and reacts to network and server failures to ensure maximum network uptime.

Since GFI Network Server Monitor ships with a remote web monitor, administrators can remotely connect to GFI Network Server Monitor to view the status of checks via Internet Explorer over the network or the internet. Through the remote web monitor the administrator can examine the status of his network from virtually anywhere, both within and outside the company building.

By default, the remote web monitor supports two views, the “normal view” and the “mobile view”, while the normal view displays information in a layout suitable for viewing on small displays such as are found on SmartPhones and BlackBerry devices. For more information, please visit http://www.gfi.com/news/en/nsm55launch.htm

Need to do some more research on BlackBerry?

The following links could be useful:

MTNNigeria

GloMobile

BlackBerry ( the official site)

Note:

Some portions of the above article were sourced from Wikipedia, the Official BlackBerry Site and others from MTNNigeria and Globacom websites

Database Security – Making the Case

Between August and September 2007, a number of high profile database breaches were in the news including that of Monster.com the online job site, TJX and the Oklahoma State Law Enforcement Telecommunications System.

Databases are the crown jewel of any organization containing data of inestimable value. For this reason, protection is a must. Unfortunately, many IT departments don’t even know how many databases they have installed on their networks. The first step in protecting anything is to know that it exists at all, tools such as GFI LANguard Network Security Scanner 8, MySQL Network Scanner, Microsoft SQL Server tool or Microsoft Baseline Security Analyzer can be used to audit your network for databases such as SQL Server 2005, MSDE, SQL Server Express which may be installed and running on your network without the IT Department’s knowledge.

The next step is to ensure that only the latest version of the relevant database software is running on your network. This can be done with the tools such as GFI LANguard Network Security Scanner 8, Microsoft Baseline Security Analyzer. Other relevant steps to take include hardening the system of configuration of servers housing the databases and sanitizing user input.

I found an article aptly titled Database Security (Common-sense Principles) which should give system administrators ahead start with respect to improvement in database security, and also another article which attempted to quantify the Cost of a Security Breach.

Email Security– Nigerian Online Shoppers become victims of targeted attacks

Graphcard is an online payment processor that enables anyone anywhere in the world to pay for goods and services online without having a credit card. Graphcard’s system comprises customer who want to shop online, resellers who enable customers to keep their accounts liquid by selling virtual prepaid cards from Graphcard and merchants from whom the customers buy.

Customers, resellers and merchants all need to setup member accounts and these accounts are used to purchase Graphcard funds which are freely convertible into online debit cards.

In recent times, Graphcard members in Nigeria have been the subject of targeted email attacks. They have been receiving bogus emails with a virus attachment named Reseller_Security_anti_virus.exe, the email requests that they download a file to cleanup their computer.

The software once downloaded logs keystrokes and sends them to the sponsor of the malware enabling them to capture both the Graphcard and email logins and passwords of Graphcard members.

Who says that Nigerians cannot be the subject of targeted cyber-attacks. To learn more about Graphcard’s unique selling proposition, please visit http://www.graphcard.com,  and to learn more about the threat from targeted email attacks and how to protect your network, please visit http://www.gfi.com/whitepapers/cyber-attacks.pdf

Email Security - Microsoft Excel and Zip attachment spam

Also during August, one of our security partners, GFI noticed a marked rise in Microsoft Excel (doubtless in consequence of the Microsoft Security Bulletin MS07-044), and Zip attachments in place of image and PDf spam and in consequence produced a new whitepaper that exhaustively analyzes this new trend. The whitepaper can be accessed at http://www.gfi.com/whitepapers/attachment-spam.pdf.

Email Security - Niche Konsult now offers Managed Email Anti-Spam/Anti-virus Security

In partnership with Netcore Solutions, Niche Konsult now offers Managed Email Anti-Spam/Anti-virus security solutions. To learn more about the service, please download this PDF file.

Enterprise Security – Nigeria how far?

Nigeria is marking progress with respect to cybersecurity legislation as evidenced by the enactment of the Advanced Fee Fraud and Other related Offences Act 2006 and the progress so far made by the previous National Assembly with respect to the passage of the Computer Security and Critical Information Infrastructure Protection Bill. Given the far reaching effects of the yet to be enacted bill on IT security and company operations in general, it’s worth following up developments in this arena. The government cybersecurity website can be accessed at http://www.cybercrime.gov.ng.

Enterprise Security – Payment Card Industry(PCI) Data Security Standard (DSS)

 

September 30, 2007 was the deadline for complying with the PCI DSS. The official standard can be accessed at this link https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf. Two of our partners, Acunetix and GFI have prepared resources that might be of value to you as you attempt to beat the compliance deadline.

Acunetix Resources

PCI DSS and Web Applications - http://www.acunetix.com/websitesecurity/pci-dss.htm

PCI DSS Compliance Guide - http://www.acunetix.com/news/pci-compliance.htm

Evaluation - http://www.acunetix.com/vulnerability-scanner/download.htm

GFI Resources

Overview, Checklists and Whitepapers - http://www.gfi.com/security/pci.htm

Frequently Asked Questions - http://www.gfi.com/security/pcifaqs.htm

Case Study - http://www.gfi.com/documents/cs/quipu.htm

PCI Suite - http://www.gfi.com/pci/

General Security - Microsoft Malware Protection Centre Launched

Until recently, Microsoft was not a strong player in the antivirus/malware security market, but with a number of acquisitions and product launches such as the Windows Defender, the ForeFront range and Windows OneCare to mention but a few, the Microsoft Malware Protection Center is definitely worth checking out.

General Security - Microsoft hackers Blog Launched

While Microsoft has been represented at hacker conferences and a lot of hacking is done at Microsoft internally, Microsoft has not done much to publicize its activities in that direction, It seems that all of that is about to change with the launch of http://blogs.msdn.com/hackers/

Government Security – File sharing Software: To be or not to be

Staff of Japan’s Maritime Self Defence Force (JMSDF) have been subjected to investigation as a result of leakage of data pertaining to the Aegis missile defence system and other sensitive data, as a result of running file-sharing software on government PC’s .

The lesson? File-sharing programs have no place on government PCs or even corporate PCS. System Administrators may wish to recall one of the ten immutable laws of security:  ‘If a bad guy can persuade you to run his program on your computer, its not your computer anymore'. So run a software inventory today and prevent users from installing software without authorization from IT!

Instant Messaging Security – Yahoo/MSN Messenger Flaws

A flaw was discovered in the Yahoo Messenger camera invitation facility which can be exploited to execute code on vulnerable computers. As an interim measure, TCP port 5900 should be blocked until updates to version 8.1.0.146 are applied. Also users running MSN Messenger 6 and 7 are susceptible to a zero-day buffer overflow vulnerability, the solution is to upgrade to version 8.1 as no upgrade is available for the earlier versions.

Office Security - Microsoft Excel Vulnerability Rated Critical

Microsoft rates the Microsoft Excel File Parsing Remote Code Execution Vulnerability as critical. This vulnerability affects Office 2000/XP/2003, it would therefore be a good idea to restrict Microsoft Excel email attachments and excel file downloads via HTTP until patches have been applied to affected computers on your network. You will need a vulnerability scanner, to determine what computers on your network might be affected, so if you don’t have one, go grab a copy of GFI LANguard Network Security Scanner 8.

And if you need a tool to block Excel email attachments, GFI MailEssentials is worth the try.

Portable Device Security– Sony Again!

Two years ago, Sony was in the news because of DRM-ed music CDs that disrupted the normal operation of Microsoft® Windows® by installing rootkits on PCs once the music CDs were played. Those installations were taken advantage of by hackers who used them as a launchpad to attack such PCs. Once again Sony is the news for packaging rootkit-like software with its Sony Microvault USM-F USB range of USB sticks.

Given the damage Sony’s DRM CDs caused, system administrators may consider it worthwhile to control portable device usage on their networks. This video shows how GFI EndpointSecurity Scanner helps them do so.

Web Security - Subscribe to Web Vulnerability RSS feed

Please subscribe to the Web vulnerability RSS feed at http://www.acunetix.com/news/web-vulnerabilities.htm.

Web Security - Free Cross Site Scripting Web vulnerability Scanner

Grab a free edition of the popular Acunetix Web Vulnerability Scanning for scanning cross-site scripting vulnerabilities on your website/web application at http://www.acunetix.com/news/free-edition-xss.htm

View this flash video to help you get your first scan just right.

Windows Security -Guest Operating System insecurity can affect host operating system security

Vulnerabilities affecting a Virtual PC or a Virtual Server can allow an administrator one guest operating system to attack either or both the host OS and any other guest OSes. This is the lesson from MS07-049, for more information, on Virtual Machine vulnerabilities see this Microsoft Security Research Centre (MSRC) article.

Other News

Effective 18th of August 2008, Niche Konsult was appointed a Microsoft Authorized Education Reseller

Tips and Tricks

1. If you have ever had to troubleshoot a Windows XP system that just won’t boot, you’ll consider the following Eight Commands a real time server.

2. Interested in early bird preparation for certification in Windows Server 2008? Well Microsoft is offering self-paced Official E-learning courses from now till November 15, 2007 at a discount to help you build your skills and prepare for the same. All you need is to use the promo code 1W815 and you’ll get 15% off

3. Interested in early bird preparation for certification in Exchange Server 2007? Well Microsoft is offering self-paced Official E-learning courses from now till November 15, 2007 at a discount  to help you build your skills and prepare for the same. All you need is to use the promo code 1E810 and you’ll get 10% off

4. If you need to fight some of those pesky rootkits, then you might want to try the McAfee Rootkit Detective

5. Grab your copy of the Wireless Notebook Presenter Mouse 8000. It is a laser pointer, media remote and highlighter.

About Niche Konsult

Niche Konsult is an information technology security firm with expertise in content, messaging, network and web application security.

Niche Konsult provides software and solutions that help individuals, small and medium size businesses, large companies and governments optimize and secure their information technology infrastructure. For more information, please visit http://www.nichekonsult.com.

Having trouble viewing this Niche Konsult Newsletter? Visit http://www.nichekonsult.com/Company/Newsletters/09_17_07.aspx or copy it into your browser. If you no longer wish to receive these emails simply click on the following link: Remove Me.

You're receiving this message because you've either subscribed  to receive timely security news and product/company updates from Niche Konsult or have indicated interest in Niche Konsult partner solutions in the past.

Newsletter Reminder

We hope that you have found this issue to be informative and useful. Subscription is entirely free (although 'opt-in' only). Please feel free to pass this copy on to your friends and colleagues. If your friends or colleagues wish to receive the newsletter directly, they should simply send an email to: newsletter@nichekonsult.com with a title of 'Subscribe'.

Niche Konsult

43 Cotonou Crescent

Wuse Zone 6

Abuja

© 2007 Niche Konsult. All rights reserved worldwide. Reproduction in whole or in part of any text, photograph or illustration without permission of the publisher is prohibited.

Contact Niche Konsult

Like This Page!

PANDA SECURITY HEALTH-CHECK

PANDA SECURITY One step ahead. 23% of PCs with updated antivirus are infected ...is yours? Find out now for free !


analytics