Watchguard, provider of quality firewall and security products for small, media and enterprise business made a “Social Media Release” today that outlines a list of PCI Pitfalls for Retailers.

It is quoted below  in its entirety but can be found here.

I’ll be posting about the new WatchGuard XTM 33 designed for Small/Medium businesses, and may be ideal for retailers!

Should you wish to purchase a WatchGuard product, receive more information or support, please call us at 864.990.4748 or email info@homelandsecureit.com… We are a WatchGuard partner!

—

Social Media Release:
WatchGuard Lists PCI Pitfalls for Retailers

NEW YORK (January 16, 2012) – WatchGuard Technologies

Highlights / News Facts:

Businesses that process, transmit or store cardholder data must implement security controls as defined by the latest PCI DSS standard. The following are the nine common PCI DSS compliance pitfalls that many retailers fall into and tips to avoid them.

• 1) Faulty firewall installation or configuration
  Many DIY (do it yourself) projects are easy; properly configuring a firewall is not one of them. According to WatchGuard research, a majority of small business security breaches are the result of improperly configured firewalls. Best practice: Use security certified technicians or trained resellers to ensure firewall configurations are proper and up to date; regularly audit firewall configurations as people and IT resources constantly change.
• 2) Relying on vendor supplied defaults for system passwords
  Not only is it critical to change vendor supplied default passwords, be sure to use something other than “password” as a password. According to a recently published research report, the most common passwords are: 1) password, 2) 123456, 3) 12345678, 4) qwerty, 5) abc123, 6) monkey, 7) 1234567, letmein, 9) trustno1, and 10) dragon. Best practice: Change vendor settings and utilize strong passwords.
• 3) Failing to utilize IPS to protect stored cardholder data
  There are multiple ways to help protect stored cardholder data. One key technology that is often overlooked is IPS (intrusion prevention systems). IPS is to hackers as anti-virus is to viruses. IPS keeps hackers out and helps cardholder data stay safe. Best practice: Make sure intrusion prevention systems (IPS) are up and running.
• 4) Not encrypting transmission of cardholder data across open, public networks
  Encryption is a key component to PCI DSS compliance. A common problem occurs in the transmission of credit card data, which is often done in unencrypted email. Best practice: Use encryption everywhere, and especially in email systems where any type of sensitive information may be transmitted.
• 5) Failing to use and regularly update anti-virus software or programs
  Unlike desktop/endpoint anti-virus (AV), gateway anti-virus stops threats right at the entry point of a network. Using gateway AV adds an additional layer of defense at the primary point of attack, and because it functions at the gateway, users see no degradation of performance on their local computer. Best practice: Use gateway AV in addition to endpoint AV for maximum defense in depth.
• 6) Not maintaining secure systems and applications
  Many businesses do a good job at maintaining secure systems, however what is often overlooked in today’s social media business world is application security. Most firewalls are incapable of distinguishing a web application from a website. Because of this, crafty cyber-crooks create web applications as a way to sneak past the firewall and steal cardholder data. Best practice: To gain control over web applications, businesses utilize the latest generation of UTMs and firewalls that include application control.
• 7) Providing access to cardholder data to those who do not need to know
  About 80 percent of security violations happen from within an organization. In order to reduce that figure, businesses should use the “least privilege rule,” which parallels the same concept of “need to know.” Users should be granted the minimum necessary permissions and privileges that are required for them to accomplish their jobs. When employees have access to data that they should not, bad things often result. Best practice: Use RBAC (role based access controls), separation of duties and other forms of “least privilege” to make sure data is restricted to those who absolutely must have access to it.
• Forgetting to track and monitor all access to network resources and cardholder data
  Unfortunately, many businesses take a “fire and forget” approach to network security; once the firewall is set, they forget to check the reports. Many security breaches can me mitigated early on simply by checking reports and logs on a regular basis. Best practice: Establish a routine of checking logs and reports to spot trouble before it blossoms into headline security news.
• 9) Not having an information security policy
  In order to meet PCI compliance, businesses must create an information security policy that is up to date, and that addresses the security requirements as proscribed by PCI DSS. This should also include operational security, system usage, security management and other related policies. Best practice: Get IT, HR and other business stakeholders to regularly review information security policies.

Keywords:

PCI DSS, Network Security, Firewall, Cardholder Data, Passwords, Encryption, IPS, Anti-Virus, Application Control, Next-Generation UTM, Policy

Quote:

• “The PCI DSS standard is a model that many businesses – even non-retailers can look to in order to maintain best security practices,” said Eric Aarrestad, Vice President at WatchGuard Technologies. “The devil is in the details when it comes to security. Hopefully, this quick list helps remind businesses owners and IT management that little things can make a big difference in preventing data loss.”

Everyone here at Homeland Secure IT would like to thank you for another year of friendship and support…   2011 was awesome and 2012 is going to be even better!

We’re working on new and exciting things that will help us to provide even better computer service & support to Greenville and Upstate area individuals and businesses, as well as bringing on new products as requested by our clients.

Our office will be closed tomorrow, Friday the 30th, and will not reopen until Monday the 3rd of January, 2012. If you need emergency assistance, please call our office or send an email, we will be monitoring voice mail and email and will get back with you ASAP! Most clients have our cell phone numbers and shouldn’t hesitate to call if a need arises.

We wish you, your family and your business many blessings in the coming year!

Also, if you are looking for a great party, come to The Hide-Out in Easley and catch The Dockside Band on New Year’s Eve! We’ll be playing all your favorite tunes.

http://facebook.com/DocksideBand or http://www.TheDocksideBand.com for more info!

Our preferred vendor Nexlink, has an “Upgrade Ready” line of computers that makes perfect sense for businesses who may want to save some money when they initially purchase, but down the road, increase the “horsepower” of their computer without replacing the entire system, or changing out the processor.

For example, if you purchased a business computer system from us with the Intel Core i3 2102 processor, you can later purchase a “Processor Performance Upgrade” from us too, and it does not involve even opening the machine.

We would visit your business, or you could optionally bring the computer to us, and we would apply a product key from Intel that would accomplish the following:

• Increase frequency by 500 Mhz
• Improves performance when downloading, editing and viewing photos, videos and music so you can multitask more effectively
• Works more efficiently while running complex applications

Even the Intel Pentium C6x2 processor family can be upgraded with an increase of 600 Mhz!

The update is affordable and fast!

If you would like more information about the Intel Processor Performance Upgrade, please call us at 864.990.4748 or email info@homelandsecureit.com

This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback!

One of the first made its debut back in 1999 and was known as “CIH”.  But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control of a system even before you get to the MBR (Master Boot Record).

Expect this trend to continue….

Read more about it here:

http://www.symantec.com/connect/blogs/bios-threat-showing-again

As always, please insure your systems are using the latest anti-virus (We suggest and sell Trend Micro products such as the amazing Trend Micro Worry Free Business Security), that all updates are applied to your Microsoft Windows operating systems, all applications and support programs from Microsoft Office, to Adobe Reader, Flash and JAVA are at the latest patch levels. Obtain a quality firewall, and use common sense! And don’t forget to BACKUP!

If you suspect your system may be infected, or want to know how to better protect your computer or an entire business full of computers and servers, please call us at 864.990.4748 or email info@homelandsecureit.com.  We offer virus removal and cleanup in the Greenville / Upstate, SC area.

We provide sales, licensing, installation and support for Trend Micro and Symantec products. We can sell you one seat, or protect your business with 1000 users!

Here’s a sad story… A local (Spartanburg, SC) music store was broken into over the weekend and 40,000 dollars in gear was taken.

The theft doesn’t look like your typical smash and grab either, because the thieve/s appear to have known the layout and went to great lengths to avoid detection. They entered through a skylight, after cutting power to the store, cutting video surveillance wires and disconnecting the alarm system backup power. A newspaper article about the break in and theft can be found here.

As a small business owner, I know the devastation the proprietor of the music store must be feeling, and I sincerely hope the perpetrator/s is/are caught and the equipment returned, and that there was insurance covering that inventory.

However, as a supplier and consultant in the security field, I have to wonder about a few details and offer some suggestions.

The article states the power was cut.  That would not normally matter to an alarm system, as it has a backup battery.  Now if the phone lines were cut before the power, then the system could not dial out.  UNLESS the alarm system has a cellular backup system as our home and our office both have.  This costs a few dollars more, but in the event of a power failure and loss of telephone connectivity, it can make the difference between the system working or not.

Dropping through a skylight SHOULD have been picked up by motion.  Was it not functioning? Was the system unable to call out?  The alarm should have sounded and strobe lights in equipped should have been flashing.  Pulling the battery on the alarm would have then silenced it, but not before it dialed out on the cellular backup system if it used that, or VoIP if the internet were not disabled too.

Which brings us to video surveillance. Obviously, no system is perfect, but many modern systems are capable of alerting staff of intrusion before it happens.  If you walk into my yard at my home, or come into the parking lot of our businesses, still shots will be emailed to me.  This functionality is easy to configure and helps let you know about sketchy things taking place. If I receive email at 10pm on a Saturday then I am going to be paying special attention to it, watching in real-time.

But what if someone were to manage to disable the internet connections? Wouldn’t that disable the ability to notify anyone?  Not necessarily. Businesses can consider secondary internet services, such as wireless broadband internet (3g/4g) for their video surveillance.  Total cost, 450/year and doubles as a failover for the business internet.

What if the power were cut to the building? The video surveillance system should be on an UPS (un-interruptable power supply) to keep it running for many hours. Our system is on an inexpensive UPS which will keep the DVR and the cameras functional for about 72 hours.  Total cost, 350 dollars.

WHAT IF (Lots of what if’s here!) the bad guys managed to actually get in without being detected… Couldn’t they just take the Digital Video Recorder?  Yes, they could, if it were not in a hardened enclosure.  But, there are ways to deal with that too. All video up until the time the DVR went offline can be synced to a remote location.

We have opted to sync our video to multiple machines, so if the DVR were physically destroyed or taken, the video would still be elsewhere.

If you would like to discuss how to better protect your Greenville /Upstate SC business or home, give us a call… 864.990.4748 or email info@homelandsecureit.com.  We offer CCTV, IP Video, Surveillance systems,  DVRs and NVRs. We can also help plan for failover systems, such as UPS and cellular / 3g/4g wireless backups.

Normally, John posts on this blog, but today, I wanted a chance to share my thoughts about a tragedy.

I vividly remember the first time I met Trey Pennington.  My husband, John, and I were at Launch Greenville.  I was not at all thrilled over giving up one of our precious Saturdays to spend sitting in a seminar hearing people talk about launching business in Greenville.  John and I were perfect candidates for this gathering as we had recently started our new business with Homeland Secure IT.  We soaked in every word of the day although later we agreed that there was little to offer in the way of new material to our business plan.  I guess this at least gave us a “good job” pat on the back.  I will never forget and have thought of it often as we were talking to others during a break period, Trey coming up to us to chat.  Sensing  our struggles as new business owners, he wasted no time in connecting with us through family experiences.  He mentioned his regret of not having his wife by his side at such events, but understood given their six children.  Trey offered a boost of confidence in telling us how recent his business had taken a turn in a better direction since recently his family was at a church dinner and both he and his wife had only one dollar to their name.  Today was a different situation he indicated with a thankful heart.

I ran into Trey at a few more conferences in Greenville after that first meeting and connected with him over Twitter and Facebook in the two years to follow.  Every time I saw Trey, I always felt a sense of pain  in his tired, puffy eyes.  John and I always dismissed this as a tribute to having such a big family and always keeping up with their ongoing activities as well as a traveling business.  Then in June, around the 20th, we hear of Trey’s desire to end his life and news of ultimate divorce.  John and I both could relate.

One thing that I find extremely irritating as I read it over and over again in posts and blogs is how great Trey appeared… all skinny and healthy.  When did “Skinny” become the new “Healthy”?  I am certainly not in the medical field, but I can speak from experience.  Thin can be an outward cry for help…an attempt to gain control.  I have lived in the place of such dark despair that eating becomes a huge effort, and even swallowing past the huge lump in your throat almost causes a gag reflex.  I remember how the days continue on in one long sequence and it’s suddenly hard to remember the last meal you ate much less enjoyed.  This feeling feeds into the dark tomb of emptiness and exercise becomes the only therapeutic relief from the pain.  Then one day you begin to hear from others in passing, “Wow, look how much weight you’ve lost!  You look great!”  I began to wonder if I looked so bad before, why didn’t someone tell me?  THIS looks great?  Boy, if you only knew what I look like on the inside!  And the nightmare continues!  Someone once asked me, “What are you doing to lose so much weight and get into great shape?”  I was quick to bark back with, “You don’t want this diet plan it’s called DIVORCE!  You RUN to escape and NEVER EAT!”

I saw this look in Trey’s eyes. The cry for help in his photo posts at the Fall’s Park Bridge and Starbucks downtown. His lips pursed and unhappy, his eyes sagging with exhaustion.  But like many, I just didn’t feel close enough to reach out to him.  What is “close enough” to reach out to someone?  When is it okay to let your guard down and assume someone will respond in like?  I have NO idea what details Trey was faced with in his life anymore than the rest of you scouring social media to find answers to his decision not to continue on in this life.  I have to say that I too was tossed out of my church and I do believe that I must have felt something similar with an institution that once consumed most of my life.  This church faced me and said that they were tired of the drama my family’s problems were bringing and it needed to end.  They strongly suggested that I leave quietly even though I was not to blame (I was the victim).  I should leave “for a season” and allow things to cool down.  After all it was much easier for me to walk away than to ask my husband to leave since his entire family attended the church and offered a big financial support.  Really?  I left with my tail tucked.  I’m so amazed to hear of something like this happening to someone else.  I am very thankful that I discovered my faith in God is stronger than my faith in church.  We are all only human after all.

I have mixed emotions about the passing of Trey Pennington.  Anger that he has cheated his children of the beautiful moments that could have been.  Frustration that he gave up on life and the lives that he had yet to touch.  Pity that his dark demonic life was too dark for him to find any more light.  Sadness for his friends and family that will never have the chance again to make an uplifting contribution in the life of a great man.

Pamela Hoyt – Homeland Secure IT

@PamelaHoyt    -    http://www.facebook.com/PamelaMHoyt

Using Mac’s in your enterprise?

You will want to read this article http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/…

This is kind of a big deal, as it underscores that Mac OS X Lion machines simply fail at LDAP, a basic part of enterprise network integration.

In short, if you bring these Macs into your environment, once authenticated, they simply don’t care which password is entered, they simply say “yer in!”…

Those of you who believe Macs are super secure need to rethink that philosophy and accept that there are problems with all OSes that pose a threat.  About a week ago, I posted about a threat that involves a pure Mac server network, without any Microsoft involvement, just as bad as this current LDAP issue, no, actually worse.

If you would like to discuss integration of Macs into your Greenville / Upstate, SC Microsoft Windows environment, please give us a call at 864.990.4748 or email info@homelandsecureit.com…

I’ve posted this before…  External, portable, USB hard drives are convenient to store some data on, but dang it, don’t put everything on one and trust that it is forever and always going to be there for you.

These devices use 2.5″ hard drives like you would find in a notebook computer, and while there is nothing wrong with those drives, they do tend to be a little more fragile and have a shorter life-span than their 3.5″ brethren.

Case in point….  Today, I was going to copy some data from my daughter’s old computer to an external usb drive…   While the data made it over there, it was the straw that broke the camel’s back and other things started happening. The huge collection of music that resided on the drive became unstable. It was taking long periods of time to open the files, some were damaged and thousands were missing.

Running recovery software only resulted in finding parts of files, because when I started copying my daughter’s files to that drive, they overwrote sectors where parts of the other files had been…    There’s no recovering that.

Thankfully, I had a backup, but what if I did not?

The moral of this story is – backup, backup, backup…   Use something like an online cloud backup system or multiple hardware devices, and do it often.   DO NOT put all your eggs in one basket and trust some >100 dollar usb drive. Doesn’t matter if you are using a Microsoft Windows PC, Mac OS X, Linux, or an Commodore 64, back it up!

Should you need help determining which backup solution is right for you or your business, please give us a call at 864.990.4748 or email info@homelandsecureit.com. We are one of Greenville / Upstate South Carolina’s premier computer & server backup specialists and we have a disk, tape, cloud or NAS solution to suit your application!

Trend Micro Titanium 2012

Trend Micro has unveiled their Titanium update for 2012!

Keep your identity, data and social network protected from a new generation of threats. Staying safe online these days is about more than just avoiding malware. You have to protect your device, your privacy, your personal data, your social network, and your family against an army of new threats. Given that abandoning the Internet completely isn’t really an option, how do you accomplish all these goals at once? The new Trend Micro Titanium 2012 is packed with powerful new and enhanced features to help you protect the many aspects of your digital life-and can do it in a way that’s fast, simple, and easy to manage.

Nobody wants security software that hogs disk space, presents constant pop-ups and alerts, or that’s complicated to install—so Titanium 2012 provides automated security with a small footprint that anyone can use. Titanium 2012 offers the strong, fast security that gave Titanium its name—but this new version includes powerful features and enhancements to keep you protected from the next generation of threats:

• New social networking protection
• New easy to customize console
• New fake AV cleaner
• New proactive botnet protection
• New proactive PE virus protection
• New method to detect packer-encrypted malware
• Enhanced virus and spyware detection and cleaning
• Enhanced behavioral monitoring
• Enhanced rootkit detection and removal

The new Titanium 2012 is still powered by the Trend Micro™ Smart Protection Network™ infrastructure, our cloud security infrastructure that stops threats in cyberspace or “the cloud.” Smart Protection Network monitors the Internet 24/7, worldwide. It gathers and analyzes threat data, blocking viruses and other malware before they can reach your PC. And because processing is done in the cloud, Titanium 2012 uses less of your PC’s memory and disk space.

If you would like more information about Trend Micro’s Titanium 2012 Maximum Security product or any of the other Trend Micro products, from endpoint to server, from home to enterprise, please call us at 864.990.4748 or email info@homelandsecureit.com.

We specialize in providing Trend Micro licensing, sales, consultation, installation and support to Greenville / Upstate SC small, medium and enterprise business clients. We offer and recommend Trend Micro Worry-Free Business Security as the primary line of defense for small/medium businesses! From one computer to 1000!

When we offer computers, servers, VoIP phone systems and other network equipment that reaches a certain amount, we always recommend clients consider leasing…

According to our leasing partner, as one of the fastest growing methods for acquiring capital equipment and software, leasing might be a wise decision for your organization:

• Lease or finance new equipment and software with as little as 0, 1 or 2 payments down instead of costly down payments required by traditional banking relationships.
• Fixed rate financing allows for easier budgeting for capital intensive products and confidence with cash flow for day to day operations.
• Supplement your working capital and expand your choices of funding options with a reputable third party leasing firm (like our partner).
• Optimize your cash flow during peak and slower months by seasonally adjusting payments and obtain the equipment necessary to become more efficient.
• Take advantage of current tax deductions with lease payments that offset current earnings rather than paying for equipment with company equity.
• Gain control of your operational priorities by segmenting any capital expenditures with monthly payments and cash flow for short term needs like inventory and payroll.

The process of securing an equipment lease or finance is far less complex and cumbersome than going to the bank.

Considering a purchase of multiple desktop or notebook computers? How about a new server? A new VoIP phone system? Then call us at 864.990.4748 or email info@homelandsecureit.com if you are in the Greenville / Upstate, SC area, and let’s talk about how leasing / financing could help your business.