Sunday, October 19, 2008

Enrolling in Enhanced Security Online Banking

How to get started? The first step is to enroll in Enhanced Security by following one of the two enrollment options.


Enrolling at prompt when logging into Online Banking: After logging into Online Banking click Add extra security to my account and this computer if you are logging in at a computer you normally use for accessing Online Banking. This will place secure coookies on that computer. Choose Add extra security to my account only if you are at a public computer in a library, a friend’s house, or elsewhere you don’t want others accessing your account. This will set up the account but will not place the secure cookies on that computer. Enrolling at a later time from User Options Menu in Online Banking: Go to User Options located at the top right corner of the page. Choose Enhanced Security from the list. Click Add extra security protection to this computer and click Submit .

What happens after my account is enrolled? On computers that you have ‘added the extra security’ you will login as usual. The secure cookie has been placed on the PC so you will be able to login with your member number and password. On computers that don’t have the extra security you will be asked to validate your identity by answering your challenge questions correctly before the login is successful and seeing your account information. The future of enterprise security has long been summed up in one word: convergence. For years, pundits, analysts and others have predicted that at some point in the future, companies will begin to take a holistic view of their security operations. The building security you encounter at the front desk when you swipe your card in each morning will no longer be a separate system from the security you encounter when you sit down at your desk and log-on to your computer. When converged, these typically disparate systems will be connected and will communicate as a way to validate your identity when you access your office or your company’s network. However, combining these parallel but different universes requires both cultural and technological changes to your organization.

A company’s physical and logical information networks and user interfaces have been completely separate for years. Building access, or physical security, systems are typically put in place by either the owner of the building or, in the case of larger businesses, by the corporation’s security department. Network and data security, or logical security, systems are the domain of the IT department. Each developed separately within the organization—corporate security departments developed to protect physical assets through locks, surveillance and alarm systems—and are typically staffed by people with backgrounds in law enforcement, not technology; in contrast, protecting a company’s information and knowledge assets has been one of the main tasks of IT since day one. This role has evolved into protecting both company and employee data since the dawn of the Internet age. At this point, many companies are hesitant to embrace convergence, asking questions such as, Why should I consider a converged solution? What is the benefit? Doesn’t this seem like more trouble than its worth? Won’t this be costly from both an implementation and a human capital perspective? And, do the benefits outweigh the costs? Merging the cultures of these two areas is not an overnight process—and ever since the buzz started about convergence, companies felt that merging physical and logical access systems could take even longer. But this is starting to change with new, more intelligent solutions that help companies add these capabilities while maintaining the operation of their existing security systemsg: After logging into Online Banking click Add extra security to my account and this computer if you are logging in at a computer you normally use for accessing Online Banking. This will place secure coookies on that computer. Choose Add extra security to my account only if you are at a public computer in a library, a friend’s house, or elsewhere you don’t want others accessing your account. This will set up the account but will not place the secure cookies on that computer. Enrolling at a later time from User Options Menu in Online Banking: Go to User Options located at the top right corner of the page. Choose Enhanced Security from the list. Click Add extra security protection to this computer and click Submit
What happens after my account is enrolled?On computers that you have ‘added the extra security’ you will login as usual. The secure cookie has been placed on the PC so you will be able to login with your member number and password. On computers that don’t have the extra security you will be asked to validate your identity by answering your challenge questions correctly before the login is successful and seeing your account information. The future of enterprise security has long been summed up in one word: convergence. For years, pundits, analysts and others have predicted that at some point in the future, companies will begin to take a holistic view of their security operations. The building security you encounter at the front desk when you swipe your card in each morning will no longer be a separate system from the security you encounter when you sit down at your desk and log-on to your computer. When converged, these typically disparate systems will be connected and will communicate as a way to validate your identity when you access your office or your company’s network. However, combining these parallel but different universes requires both cultural and technological changes to your organization. A company’s physical and logical information networks and user interfaces have been completely separate for years. Building access, or physical security, systems are typically put in place by either the owner of the building or, in the case of larger businesses, by the corporation’s security department. Network and data security, or logical security, systems are the domain of the IT department. Each developed separately within the organization—corporate security departments developed to protect physical assets through locks, surveillance and alarm systems—and are typically staffed by people with backgrounds in law enforcement, not technology; in contrast, protecting a company’s information and knowledge assets has been one of the main tasks of IT since day one. All banks uses secure dedicated server to store their website data these dedicated servers must be secure servers i.e. they should have best antivirus softwares running on & most secure SSL certificates must be installed on the server.

This role has evolved into protecting both company and employee data since the dawn of the Internet age. At this point, many companies are hesitant to embrace convergence, asking questions such as, Why should I consider a converged solution? What is the benefit? Doesn’t this seem like more trouble than its worth? Won’t this be costly from both an implementation and a human capital perspective? And, do the benefits outweigh the costs? Merging the cultures of these two areas is not an overnight process—and ever since the buzz started about convergence, companies felt that merging physical and logical access systems could take even longer. But this is starting to change with new, more intelligent solutions that help companies add these capabilities while maintaining the operation of their existing security systems

Security need for fincanical institutions

Your online security has always been concern for banks. That’s why a new feature for Online Banking, Enhanced Security, is so important. The new security service is free, easy, and most importantly gives you extra protection from fraud and identity theft.

Enhanced Security is a superior security technology that protects your accounts from unauthorized access. It identifies you as the true “owner” of your accounts by recognizing not only your password but your computer as well. If we don’t recognize your computer – you’ve logged in from a public computer or one you haven’t used before– we’ll ask you to answer your Challenge Questions as an additional line of defense to prevent unauthorized access. With Enhanced Security, you’ll be protected from whatever computer you’re using, whether you’re at home or on the go.

Enhanced security is designed to: Defend against identity theft and fraud. Provide security from any computer, wherever you are. Make it easy for you to bank online anytime, anywhere. To protect all of our members’ accounts, Enhanced Security will be required on all Online Banking accounts starting December 6, 2006. Enhanced Security meets requirements outlined by the FFIEC, a federal governing agency for financial institutions. The agency has mandated that all financial institutions have additional security in place as soona as possible. The security changes are for the benefit of members by ensuring that their confidential account data is protected from would be hackers.

Friday, October 10, 2008

Symantec acquired MessageLabs for £401.2m

Antivirus software expert Symantec has gone on a buying spree.

Symantec is to extend its online messaging security services offering with the acquisition of MessageLabs for around £410m.

MessageLabs has more than eight million end-users in more than 19,000 organisation, ranging from small businesses to Fortune 500 companies.

MessageLabs email filtering services cover much the same technological function as Brightmail spam filtering appliances, another Symantec acquisition. "I'm not concerned at all that we can have Brightmail on premise and MessageLabs, and that the two will work with each other," Thomspson said.

CEO of MessageLabs Adrian Chamberlain said"Joining with Symantec we can leapfrog into new markets we might not have been able to access for years. In addition there's the potential for us to develop Symantec protection products as an online service, expanding the portfolio, as well as creating a potential to cross-sell existing products."

Subject to regulatory approval, the firms hope the deal will be completed by the end of the year.

Tuesday, October 7, 2008

Microsoft® Internet Security and Acceleration (ISA) Server 2006

Microsoft® Internet Security and Acceleration (ISA) Server 2006 provides controlled secure access between networks, and serves as a Web caching proxy providing fast Web response and offload capabilities, as well as secure Web publishing for remote access. Its multiple layered architecture and advanced policy engine provide granular control of the balance between the level of security you need and the resources that are required. As an edge server connecting many networks, ISA Server handles large amounts of traffic compared to other servers in an organization. For this reason, it is built for high performance. This article provides guidelines for deploying ISA Server with best performance and adequate capacity.


Executive Summary
In most cases, the available network bandwidth and especially that of the Internet link can be secured by ISA Server running on available entry-level hardware. A typical default deployment of ISA Server securing outbound Web access for Hypertext Transfer Protocol (HTTP) traffic requires specific hardware configurations for various Internet links. These hardware configurations are shown in the following table. (For details, see Web Proxy Scenarios in this document.). For better speed & security, host your website on Dedicated server in India.

Sunday, October 5, 2008

Antivirus news - Oct,5

Athletics Win With Antivirus
RedOrbit, TX - Oct 5, 2008
"Penn State works like most education institutions with a focus on best-practice results from any software purchases, while adhering to a tightly managed (more)



ZoneAlarm Internet Security Suite 2009 - ZDNet Asia
ZoneAlarm Internet Security Suite 2009
ZDNet Asia, Asia - Oct 5, 2008
To find out how we test antivirus (and now Internet Security suite) software, see CNET Labs' How we test: Antivirus software page(more)


The School of Hacking
Newsweek - Oct 5, 2008
Their professor, George Ledin, has showed them how to penetrate even the best antivirus software. Ledin insists that his students mean no harm,(more)

Kaspersky debugs critical bugs in antivirus its products

Antivirus vendor Kaspersky has released Maintenance Pack 2 for Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 to close a number of security holes, some of which are critical. For instance, attackers can exploit flaws in the installed ActiveX controls AxKLProd60.dll and AxKLSysInfo.dll to download or delete files from a victim’s computer. This is also possible with the ActiveX control SysInfo, which allows an FTP transfer to be launched on the user’s computer without authentication and without prompting the user. In all three cases, however, the victim first has to visit a malicious website using Internet Explorer. While the Maintenance Pack does remedy the holes, it does not do so by correcting the flaws, but instead deletes the vulnerable controls during installation.


In addition, two heap overflows have been found in Kaspersky products. One of them can be triggered by specially prepared ARJ Archives in an on-demand scan: the scanner can be brought down and code injected and launched. The other overflow is the result of a flaw in the hook function of the driver klif.sys which can be exploited to execute code with kernel privileges. According to the experts at security service provider iDefense who made the discovery, these holes are very difficult to exploit. Finally, yet another flaw in this driver allows programs to be executed with the highest privileges (ring 0). The flaws have been remedied in build 6.0.2.614.


Users are advised to download and install the product updates as quickly as possible.