Archive for category Computer
Why use FIM in the first place?
For most people, the answer is ‘because my auditor/bank/security consultant said we had to!’ Security standards like the PCI DSS mandate a requirement for regular file integrity checks, including log file backups/archives, and this is the initial driver for most organizations to implement FIM.
Unlike anti-virus and firewalling technology, FIM is not yet seen as a mainstream security requirement. In some respects, FIM is similar to data encryption, in that both are undeniably valuable security safeguards to implement, but both are used sparingly, reserved for niche or specialized security requirements.
How does FIM help with data security?
At a basic level, File Integrity Monitoring will verify that important system files and configuration files have not changed, in other words, the files’ integrity has been maintained.
Why is this important? In the case of system files – program, application or operating system files – these should only change when an update, patch or upgrade is implemented. At other times, the files should never change.
Most security breaches involving theft of data from a system will either use a keylogger to capture data being entered into a PC (the theft then perpetrated via a subsequent impersonated access), or some kind of data transfer conduit program, used to siphon off information from a server. In all cases, there has to be some form of malware implanted onto the system, generally operating as a Trojan i.e. the malware impersonates a legitimate system file so it can be executed and provided with access privileges to system data.
In these instances, a file integrity check will detect the Trojans existence, and given that zero day threats or targeted APT (advanced persistent threat) attacks will evade anti-virus measures, FIM comes into its own as a must-have security defense measure. To give the necessary peace of mind that a file has remained unchanged, the file attributes governing security and permissions, as well as the file length and cryptographic hash value must all be tracked.
Similarly, for configuration files, computer configuration settings that restrict access to the host, or restrict privileges for users of the host must also be maintained. For example, a new user account provisioned for the host and given admin or root privileges is an obvious potential vector for data theft – the account can be used to access host data directly, or to install malware that will provide access to confidential data.
File Integrity Monitoring and Configuration Hardening
Which brings us to the subject of configuration hardening. Hardening a configuration is intended to counteract the wide range of potential threats to a host and there are best practice guides available for all versions of Solaris, Ubuntu, RedHat, Windows and most network devices. Known security vulnerabilities are mitigated by employing a fundamentally secure configuration set-up for the host.
For example, a key basic for securing a host is via a strong password policy. For a Solaris, Ubuntu or other Linux host, this is implemented by editing the /etc/login.defs file or similar, whereas a Windows host will require the necessary settings to be defined within the Local or Group Security Policy. In either case, the configuration settings exist as a file that can be analyzed and the integrity verified for consistency (even if, in the Windows case, this file may be a registry value or the output of a command line program).
Therefore file integrity monitoring ensures a server or network device remains secure in two key dimensions: protected from Trojans or other system file changes, and maintained in a securely defended or hardened state.
File integrity assured – but is it the right file to begin with?
But is it enough to just use FIM to ensure system and configuration files remain unchanged? By doing so, there is a guarantee that the system being monitored remains in its original state, but there is a risk of perpetuating a bad configuration, a classic case of ‘junk in, junk out’ computing. In other words, if the system was built using an impure source – the recent Citadel keylogger scam is estimated to have netted over $500M in funds stolen from bank accounts where PCs were set-up using pirated Windows Operating System DVDs, each one with keylogger malware included free of charge.
In the corporate world, OS images, patches and updates are typically downloaded directly from the manufacturer website, therefore providing a reliable and original source. However, the configuration settings required to fully harden the host will always need to be applied and in this instance, file integrity monitoring technology can provide a further and invaluable function. Read the rest of this entry »
Touch screen computers are the most talked about devices of recent, and for good reasons. These are computers that you can use simply by touching its screen with your hands. This type of computer is most ideal for those people that would like to be able to use their computer with a certain level of ease and comfort. If you haven’t used one of these computers before, I’m sure you will be surprised by how easy they are to get to grips with.
It’s not a device that you would expect to be able to immediately be able to use, but the reality is that it is. It’s also the reason why it’s so popular amongst the masses today. The practicality of this device is what makes it that obvious purchase for a great many people. When you compare this device to your traditional computer system, it’s fair to say that the touch screen is going to cost considerably more. However, that’s because of the amount of value you’re getting out of it. Is it really worth purchasing a system that your unlikely to ever use on a regularly basis. You might as well invest heavy and purchase the best possible system you can get for the money.
With the touch screen computers, there are a number of additional accessories that you do not have to purchase, but would otherwise have to if you purchased a regular machine. The good thing about this revelation is that, not only are you getting the most value for your money when you purchase the computer, but you also get to save money, as you no longer have to go out and purchase the various peripherals that you’ve become accustomed to. Read the rest of this entry »
If you are shopping for a day trader computer system for your home or office that has multiple monitors, then it’s important to learn why you need them all to match. Unfortunately, there are still some day traders out there who are using mismatching monitors. This only raises the risks of incompatibility issues that can slow down your flow of work. Not to mention, having mismatching monitors just looks unprofessional.
Why Monitor Sizes Should Match
Other than having a trading space that looks cluttered and unattractive, having multi monitor trading computers that don’t have matching screens can overwork your video card. You want to make sure that the settings on your graphics card are correct for the monitors that you have as well. The size that you end up choosing for your day trader computer system all comes down to your own preferences. Today, widescreen flat panels are all the rage and these come in a variety of sizes.
How to Reduce Issues with Matching Video Outputs
Multi monitor trading computers require dual or triple monitor video graphics cards. With a typical computer, you will only find one, which is unable to connect more than two monitors. You can find brands like Nvidia that offer these. It’s important that your video outputs are all configured correctly to reduce technical issues. Another tip is to have all of the video cards the exact same model. Some people will have one DVI output and the other a VGA output, which is asking for problems. You should go with DVI output cards if you have to choose between the two. You can purchase an inexpensive adapter if you would like to connect your monitors that have HDMI inputs. Read the rest of this entry »