August 7 and 8: Websense Technical Training

2 Full Days of Technical Training

 

During this two day training course, you will learn how to install, configure, administer and support Websense Web Security Suite software. Through instruction, iLabs (instructor led demos and lab exercises) and hands-on lab practice exercises, you will gain familiarity with the requirements and recommendations of Websense product deployment, installation and configuration, Websense product and component functionality (remote filtering, delegated and remote administration) and troubleshooting via internal and 3rd party diagnostic processes.

 

Topics Covered:

 

Topic 1: Course Introduction: Websense Overview and Software Architecture

 

Topic 2: Installation and Deployment Part 1

 

Topic 3: Websense Server Configuration

 

Topic 4: User Identification: Authentication and User Names

 

Topic 5: Working with Policies

 

Topic 6: Troubleshooting Part 1

 

Topic 7: Websense Reporting Tools

 

Topic 8: Remote Filtering

 

Topic 9: Deployment Part 2

 

Topic 10: Installation Part 2

 

Topic 11: Advanced Administration

 

Topic 12: Troubleshooting Part 2

 

[Optional Modules]

 

Topic 1a: Terminology, Network Essentials and Websense Software Basics

 

Topic 13a: Integrations and Websense Technology Partners

 

Topic 13b: Websense Security Labs

 

  

Lecturer:

 

Arun Chaudhury, Technical and Presales Consultant of Websense Inc, S.E. Asia.

 

Security consultant for 7 years prior joining Websense. He’s now a Certified Websense Systems Engineer (CWSE) and Certified Websense Instructor (CWI).

August 6: Websense Partners Program Seminar

Get to know more about Quantiq and Websense and how we can help you grow your business with Websense.

Learn about our solution offerings and why we are the market leader in both Web Content Security (#1 market share as ranked by IDC) and Information Loss Prevention (top the charts as indicated by Gartner and Forrester Wave).

Be a Websense Partner today and embark on our Partner Incentive Programs.

Sorry Registration is Closed.

Survey says 1 in 3 IT managers snoops on colleagues

A company’s information technology managers are entrusted to keep watch and access vital information. But some of them may be accessing too much information.

For most companies, it’s no secret. Whatever e-mails or messages you send on your work computer can be reviewed and scrutinized by the company. But, a recent survey from security company Cyber-Ark says one out of three information technology officials say they abuse passwords to look into things they don’t need to.

This touched a nerve with some people in Salt Lake City. One woman said, “I wouldn’t think that was right.” One man said, “I just don’t like the idea of people snooping unless there’s a cause to do so.” Another said, “Personal information should be kept to ourselves, I would hope.”

Some of the information they admit to snooping: personal e-mails, board meeting minutes and colleagues’ salary.

A Salt Lake student said, “I don’t make enough money yet for that to bother me, but I could see, in the future, it would bother me.” Another man, who was very bothered, said, “I’ve been fired from a job because I found out, by mistake, that somebody made more than me.”

Bateman IP Law Group President Rand Bateman says most states don’t require companies to even tell employees that they can look through any information that’s put on a work computer. You may think this is common knowledge, but he says it’s not as common as you might think.

“Surprisingly, people are surprised,” he said.

But, that’s not to say IT managers should look at every bit of information in the company. For example, if an IT guy gets his hands on personal health data, the company could get in legal trouble.

Bateman said, “If an IT guy gets in and finds out and employee has AIDS or a sexually transmitted disease or some mental health issue and releases that, it could really spark some liability on the part of the employer.”

As for any IT managers reading this, you’ll probably want to avoid looking up your co-workers salaries. For some companies, that’s not exactly open information.

“Other companies, including some law firms, have what they call ‘dark box salaries.’ In fact, I have friends who works at a firm where you can get fired for revealing what your own salary is,” he said.

Bateman says several companies have had their customers’ credit information taken from someone working from within who had access to that kind of data.

Source: KSL

Survey says 1 in 3 IT managers snoops on colleagues

A company’s information technology managers are entrusted to keep watch and access vital information. But some of them may be accessing too much information.

For most companies, it’s no secret. Whatever e-mails or messages you send on your work computer can be reviewed and scrutinized by the company. But, a recent survey from security company Cyber-Ark says one out of three information technology officials say they abuse passwords to look into things they don’t need to.

This touched a nerve with some people in Salt Lake City. One woman said, “I wouldn’t think that was right.” One man said, “I just don’t like the idea of people snooping unless there’s a cause to do so.” Another said, “Personal information should be kept to ourselves, I would hope.”

Some of the information they admit to snooping: personal e-mails, board meeting minutes and colleagues’ salary.

A Salt Lake student said, “I don’t make enough money yet for that to bother me, but I could see, in the future, it would bother me.” Another man, who was very bothered, said, “I’ve been fired from a job because I found out, by mistake, that somebody made more than me.”

Bateman IP Law Group President Rand Bateman says most states don’t require companies to even tell employees that they can look through any information that’s put on a work computer. You may think this is common knowledge, but he says it’s not as common as you might think.

“Surprisingly, people are surprised,” he said.

But, that’s not to say IT managers should look at every bit of information in the company. For example, if an IT guy gets his hands on personal health data, the company could get in legal trouble.

Bateman said, “If an IT guy gets in and finds out and employee has AIDS or a sexually transmitted disease or some mental health issue and releases that, it could really spark some liability on the part of the employer.”

As for any IT managers reading this, you’ll probably want to avoid looking up your co-workers salaries. For some companies, that’s not exactly open information.

“Other companies, including some law firms, have what they call ‘dark box salaries.’ In fact, I have friends who works at a firm where you can get fired for revealing what your own salary is,” he said.

Bateman says several companies have had their customers’ credit information taken from someone working from within who had access to that kind of data.

Source: KSL

Nuix can now process EMC EmailXtender and Symantec Vault archives

Nuix is working with leading new York-based litigation and eDiscovery support company RVM to help financial institutions, law firms and corporations, reduce the time, risk and cost of undertaking eDiscovery and corporate investigations.

This new alliance is part of Nuix’s strategy to partner with leading service providers around the world, utilizing our unique capabilities to fully process multiple-terabytes of data per day, across all languages with a special emphasis on difficult datasets such EMC’s EmailXtender Archives and Microsoft’s Exchange Database Files, which can be processed directly. 

CEO of RVM, Vincent Brunetti, said Nuix gives RVM the tools to truly reduce the costs of discovery, by attacking the issue at its source û over broad collections.  

“For years we have been looking for an early case assessment technology that allows our professional services team to arrive on site at 8am and have the client reviewing data by lunch time,” Mr Brunetti said.

Excerpt from: http://www.nuix.com/eDiscovery.asp?active_page_id=181

Nuix can now process EMC EmailXtender and Symantec Vault archives

Nuix is working with leading new York-based litigation and eDiscovery support company RVM to help financial institutions, law firms and corporations, reduce the time, risk and cost of undertaking eDiscovery and corporate investigations.

This new alliance is part of Nuix’s strategy to partner with leading service providers around the world, utilizing our unique capabilities to fully process multiple-terabytes of data per day, across all languages with a special emphasis on difficult datasets such EMC’s EmailXtender Archives and Microsoft’s Exchange Database Files, which can be processed directly. 

CEO of RVM, Vincent Brunetti, said Nuix gives RVM the tools to truly reduce the costs of discovery, by attacking the issue at its source û over broad collections.  

“For years we have been looking for an early case assessment technology that allows our professional services team to arrive on site at 8am and have the client reviewing data by lunch time,” Mr Brunetti said.

Excerpt from: http://www.nuix.com/eDiscovery.asp?active_page_id=181

Fake Microsoft Patch Spam Makes Rounds

A new spam attack falsely alerts users to download a Microsoft patch, but when responded to, the user is directed to a page that installs malware on the user’s computer.

According to a report from security provider Websense, the message tells users that their Windows version is vulnerable to a critical security issue and directs them to a download page. The link actually uses an open redirect to a legitimate shopping site. From there, the redirect forwards users to a URL with a pop-up box, instructing the user to click “yes” to start the download, Dan Hubbard, chief technology officer at Websense, told SCMagazineUS.com on Wednesday.

“It’s a deception attack, where it is made to look like a Microsoft update and the user has to take action, rather than an exploit where the user gets infected without saying yes to the download,” Hubbard said.

The downloaded malware infects the computer with a backdoor that can be exploited by hackers Hubbard said. However, the spam is easy to spot because Microsoft does not send email notifications about patch updates.

One of the more interesting aspects to this spam, Hubbard said, is the actual root of the domain name used – it will take the user to the U.S. Secret Service website.

“We believe they are doing that because some security products only look at the top-level domain name, rather than look at the whole name,” Hubbard explained. “In this case, the security product would see it was going to the Secret Service and let it go.”

Avivah Litan, Gartner vice president and distinguished analyst, said this is just more proof that cybercriminals are getting smarter.

“The people sending out the spam are figuring out how to avoid the filters or reputation systems,” she said.  

It is just one more instance that shows the need for stronger authorization on the Internet, she said.

Source: SC Magazine

Fake Storm Worm blast claims World War III is here

The U.S. Army has just invaded Iran, sparking World War III — or at least that is what the latest Storm Worm spam campaign wants you to believe.

Fresh off a July 4 Storm Worm spam surge, the resilient yet predictable botnet is back — this time spreading bogus emails that the United States and Iran are at war.

The latest wave is similar to the weekend’s Independence Day-themed spam, according to internet security firm Websense. Messages arrive that contain a brief amount of text, which tries to persuade unsuspecting recipients to visit a bogus website.

In this case, the website tries to dupe people to click on a video that claims to show the “first minutes of the beginning of World War III.” If opened, the video may run a malicious executable.

The Storm Worm, which first appeared in early 2007, has been capitalizing on holidays and popular news ever since.

Kevin Liston, an incident handler at the all-volunteer SANS Internet Storm Center, said in a recent blog post that businesses should, by now, be able to stave off Storm-related attacks.

“I don’t consider these Storm botnet waves to be so much of a threat,” he said. “I consider them like an EICAR (anti-virus test file) for an organization’s incident response process. If your security policies and incident response procedures are having difficulty with this kind of event, they both need some assistance and retooling.”

Source: SC Magazine

Fake Microsoft Patch Spam Makes Rounds

A new spam attack falsely alerts users to download a Microsoft patch, but when responded to, the user is directed to a page that installs malware on the user’s computer.

According to a report from security provider Websense, the message tells users that their Windows version is vulnerable to a critical security issue and directs them to a download page. The link actually uses an open redirect to a legitimate shopping site. From there, the redirect forwards users to a URL with a pop-up box, instructing the user to click “yes” to start the download, Dan Hubbard, chief technology officer at Websense, told SCMagazineUS.com on Wednesday.

“It’s a deception attack, where it is made to look like a Microsoft update and the user has to take action, rather than an exploit where the user gets infected without saying yes to the download,” Hubbard said.

The downloaded malware infects the computer with a backdoor that can be exploited by hackers Hubbard said. However, the spam is easy to spot because Microsoft does not send email notifications about patch updates.

One of the more interesting aspects to this spam, Hubbard said, is the actual root of the domain name used – it will take the user to the U.S. Secret Service website.

“We believe they are doing that because some security products only look at the top-level domain name, rather than look at the whole name,” Hubbard explained. “In this case, the security product would see it was going to the Secret Service and let it go.”

Avivah Litan, Gartner vice president and distinguished analyst, said this is just more proof that cybercriminals are getting smarter.

“The people sending out the spam are figuring out how to avoid the filters or reputation systems,” she said.  

It is just one more instance that shows the need for stronger authorization on the Internet, she said.

Source: SC Magazine

Sony PlayStation site victim of SQL-injection attack

Early Wednesday, antivirus vendor Sophos reported that some visitors to the Sony PlayStation site may have been prompted to download an antivirus scanner.

Pages promoting the PlayStation games SingStar Pop and God of War contained SQL-injected code. Visitors to those specific game pages would see a fake antivirus scan , then a message that their computer was infected with different viruses and Trojan horses. Warned, the user would then be asked to purchase the scanner to remove the bogus malware.

The injected code linking to the scanner has since been removed.

Sophos said the attack could have downloaded malicious payloads, but did not.

Security researcher Dancho Danchev said in his ZDNet blog that Sony wasn’t alone. It was one of 794 domains hit in the latest automated SQL-injection campaign using a multilayer fast-flux superstructure built around coldwop.com. Over the last 90 days, Google reports that 794 domains have been infected with code pointing to that domain. These are legitimate sites with vulnerabilities that allow criminal hackers to inject code pointing to their servers.

With fast-flux, a registered domain name stays the same while its node changes frequently, presumably thwarting any attempts to shut down the server hosting malicious content.

Danchev concludes: “If you don’t take care of your Web application vulnerabilities, someone else will.”

Source: CNET News.com