Is cloud control your best option?

Cloud computing is the latest buzzword in IT security and one of the fastest expanding areas of the web, but it still has a long way to go.

For many major companies requiring a large amount of server space, IT departments or SMEs that handle a lot of data, moving to the cloud may very well be seen as one of the most important technological advances to date. However, if done too early, deciding to store your data in cyberspace could end up creating more problems than it solves.

How secure data in the cloud is has become a hotly debated topic. After all, in some cases, all of your business’s data could be open to being compromised if it is stored in the cloud. Many organisations fear the cloud will be hacked – increasingly so since major incidents are becoming more common.

Cloud organisations take this into account when designing their systems, implementing some of the strongest security technology available to protect user data. For example, Dropbox insists that “your files are actually safer while stored in your Dropbox than on your computer, in some cases.”

Many security questions about the cloud spring from concerns about control and accountability. When an organisation puts data in a cloud service, as opposed to hosting the data on its own server, they lose some of the ability to implement security features they feel are most appropriate – leaving those decisions down to the cloud provider.

It is time for organisations to take the cloud more seriously and look more closely at how it is being utilised. If used appropriately and wisely the cloud can provide some good business benefits.

Retrieving Configuration Files from 3Com Switches

(Tested on a 3Com Switch 5500-SI)

Using SSH, Telnet or the Console.

For this procedure you will be using the Command Line Interface (CLI) of your 3Com Switch device using an SSH client (such as OpenSSH or Putty), Telnet or through the console port. We would recommend using either SSH (for remote connections) or using a direct connection to the console port. Telnet provides no encryption of the communications and therefore your authentication credentials and configuration would be vulnerable if a malicious user were to monitor your connection.

1.       Connect to the 3Com Switch using your favourite SSH client, Telnet or a direct console connection.  (NB: You may need to set the baud rate to the appropriate speed for your device.  A list of standard rates can be found at the end of this document.  On our 3Com test device, the baud rate was 19200)

2.       Press ENTER twice to get started.

3.       If required, log in using your administration authentication credentials.

4.       Execute the following CLI command and capture the output (possibly using the cut and paste facility):

display current-config

1.       Save the captured output to a file and, if necessary, remove any visible page lines (i.e. --More--).

2.       The resulting file should now be auto-detected as a 3Com device when entered into Nipper Studio.

If you are unsure about the baud rate that your device is set to we would suggest trying the most common default baud rates which are 9600, 19200 & 115200

For your convenience, we have listed the other baud rates commonly supported by serial ports below:

110

300

600

1200

2400

4800

14400

28800

38400

56000

57600

Standard baud rates supported by some serial ports:

128000

153600 

230400

256000

460800

921600

Brought to you by Titania www.titania.com

Nipper Studio Named Network Security Solution and Enterprise Security Solution of the Year

Titania and their network security auditing tool Nipper Studio, were announced as the winners in two categories at the Computing Security Awards 2012.

The Computing Security Awards 2012 were held at the Grand Connaught Rooms in Covent Garden on Thursday the 8^th of November. Organisers set up the awards to recognise the products, services and companies that have been the most impressive at protecting organisations from IT security threats. Now in their third year the awards have become well known within the industry and are widely acclaimed.

Representatives from Worcestershire cyber security company Titania travelled to London on Thursday evening to attend the awards ceremony having been made finalists in five categories. The small business was up against some very large international organisations such as Fortinet and WatchGuard but still took home the awards for Network Security Solution of the Year and the Enterprise Security Solution of the Year. Titania also received the runner up award in the SME Security Solution of the Year category, proving that small companies with innovative products can succeed in the cyber industry.

Ian Whiting, Titania CEO, said, ‘We are so pleased to have won two Computing Security Awards. Everyone in the company has worked extremely hard to make our products some of the best in the industry and it is an honour to gain this recognition from our customers and industry peers.’
Before travelling to London Mr Whiting had delivered a presentation at the Malvern Festival of Innovation titled ‘Cresting the Cyber Wave.’ He discussed the innovative steps that Titania have taken in order to grow the company, and offered advice to start-up companies looking to achieve success in the lucrative industry of cyber security.

‘The Festival of Innovation was a brilliantly inspiring event and demonstrated just how much innovation there is out there. I was very pleased to been invited to speak by the organisers KeyIQ. Receiving the awards that same evening was a great end to a very successful day for the company. Next year we are planning to take on more staff and expand our offices yet again, this will be the fourth time in two years. As a company we are very excited for the future,’ said Mr Whiting.

For more information about previous and future events and awards please contact Ruth Inglis.
Ruth Inglis- Marketing Manager Titania Ltd - Email: ruth.inglis@titania.com Tel: 01905 888785
Go to www.titania.com for more information

Can You Afford to Let Your Data Leak?

In the digital age Data Leakage is becoming an increasingly prominent issue. In recent years, groups such as Anonymous and Lulzsec have attacked organisations’ data in attempts to cause denial of service and retrieve private and sensitive information.  There have also been incidents of personal data stored on mobile devices being lost or stolen.  This has led to data protection becoming a hot topic for concern, but keeping data secure can seem to be an unending task and possibly an expensive one.

An increasing amount of devices are becoming essential within a business in order to maintain a high level of security.  For example Firewalls, IDP systems and Proxy servers are now generally considered vital components in keeping a network secure. However, with even mid-range devices costing thousands of pounds, not everyone has the resources to spend whatever it takes to keep information safe.  Furthermore, ensuring that these endpoint security devices are configured appropriately can be a mighty task, especially in large complex networks. All it takes is one ACL rule to allow access to somewhere that it shouldn't and malicious parties will have the opportunity to attack, even with the most expensive and complex of Firewalls. Therefore the management of these devices can also be costly and time consuming, however managing the impact of human involvement on your data security is one way of reducing leakage risks without having a huge impact on your budget.

Keeping control of what information is received and sent or taken locally is extremely important.  Whilst many Data Breaches can occur on a purely accidental level, as a result of someone unknowingly taking sensitive information away on a mobile device, there can be times when it is the result of a deliberate attack by a rogue employee.  This demonstrates the need for a sufficient user policy regarding the use of portable devices and storage and the consideration that these devices should be disabled from use on systems containing private data.  It would also be prudent to ensure that sensitive data on storage devices, such as backups, is in some way encrypted to minimise the impact of its loss or theft.  Furthermore, the use of network traffic monitoring software and devices could provide you with invaluable information as to the access of confidential material, with many devices creating patterns to notice a change to normal day to day data transfer.

There are multiple ways that an organisation can help prevent Data Leakage and protect themselves against a Data Breach, though it is widely agreed that data security requires a multiple response strategy in order to be effective. The expense associated with network security devices and there maintenance can seem cumbersome, however leaving data open to attack will have a much more severe impact on your organisations’ finances.  However combining device management with less costly methods, such as implementing a thorough user policy and increasing understanding within your workforce surrounding the importance of data security, could dramatically reduce the risk of a Data Breach.

By Edwin Bentley

Cyber Security Team- Titania Ltd