iLine

Mar 1, 2002 12:00 PM

An unprotected security risk: Digital copiers and printers

A survey commissioned by Sharp Electronics, Mahwah, N.J., has revealed that IT professionals remain largely unaware of the security risks posed by digital copiers and printers. Such equipment contains a hard drive that can store thousands of pages of potentially sensitive document data — unsecured hard drives represent a relatively simple target for data theft. Seventy-seven percent of survey respondents either did not believe or did not know that copiers and printers are equipped with hard drives. The most common threats to digital copier/printers come from intruders who either steal the hard drives containing confidential or sensitive document data, or who reprint documents directly from the machine after the earlier print command was canceled. In response, Sharp has developed data security solutions concerning office peripheral hard drives. One such solution, the Data Security Kit, has won “Common Criteria” certification from the National Information Assurance Partnership (NIAP), a joint program of the National Security Agency and the National Institute of Standards and Technology. The “Common Criteria” program sets and maintains an emerging global standard for information technology security evaluations.

Don't underestimate the value of lost, stolen computers

An independent study of hundreds of IT professionals at medium and large-sized companies has found the value of lost or stolen computers is often underestimated by as much as 1,500 percent. The study, conducted by San Francisco-based Socratic Technologies and commissioned by Kensington Technology Group, San Mateo, Calif., also found that, while nearly every company has established computer security procedures, a lack of individual employee accountability often negates the effectiveness of those measures. In one section of the study, respondents were asked to provide a cost estimate associated with the loss of a laptop computer. The Initial estimates averaged $3,700 — but when respondents took into account all aspects of costs involved (lost productivity, lost revenue, lost data, the procurement of new hardware, and the replacement of critical data), estimates nearly tripled to $10,500. The figure, however, remains short of the loss estimates indicated in the CSI/FBI Computer Crime and Security Survey (spring 2001), which found that company losses from stolen computers can run as high as $60,000.

Cyber-attacks continue to increase

Cyber-attacks were verified 128,678 times among 200 worldwide clients of Riptech, Alexandria, Va., from July to December 2001. “This report should clearly illustrate that the Internet security threat is real, pervasive and perhaps more severe than previously anticipated,” the report concludes. According to the CERT Coordination Center, a government-funded computer emergency-response team at Carnegie Mellon University, Pittsburgh, security breaches and cyber-attacks were up 50 percent from 2000 to 2001. About 41 percent of the companies surveyed by Riptech experienced “critical attacks,” and needed to be addressed immediately before compromising the entire computer system.

Bioscrypt, Brivo collaborate on biometric access control

Bioscrypt Inc., Mississauga, Ontario, has entered a technology and marketing collaboration with Brivo Systems Inc., Arlington, Va., to offer a Web-based biometric physical access control security solution. The complete offering will combine Bioscrypt's Veri-Series line of fingerprint biometric readers with the Brivo Access Control System, which uses secure wireless wide area networking (WWAN) to communicate to its application hosting center.

Carnegie Mellon offers range of security education

Carnegie Mellon University's H. John Heinz III School of Public Policy and Management, Pittsburgh, will establish a Master of Science in Information Security Policy and Management (MISPM) degree. Launching in May 2002, the program will include cyber-security, physical security, terrorism and other security management issues. The university has also formed a Center for Information Security, which will perform research and provide education in the areas of information security, technology, management and policy.

Argus Systems, university open research center

The College of Engineering at the University of Illinois at Urbana-Champaign and Argus Systems Group, Inc., Savoy, Ill., have jointly launched the Center for Advanced Research in Information Security (CARIS). The Center will be located in the UI Department of Computer Science. Through its research findings, CARIS hopes to increase university and community awareness of information security issues, and will strive to influence appropriate and effective public policy in the area of information assurance. The Center aims to establish itself as a leader in new approaches to securing critical computing architectures for government and commercial networks. CARIS will challenge current assumptions about security architectures and methodologies and establish new areas of research related to integrated security technologies.

Boston U expands IT training opportunities

The Boston University Corporate Education Center (BUCEC), Tyngsboro, Mass., has expanded its IT security training in response to heightened need for greater enterprise security. BUCEC is offering Security Certified Program (SCP) courses, a new addition to its IT curriculum. SCP is a vendor-neutral security certification program for Security Certified Network Professionals and Security Certified Network Architects.

Protection software a slam dunk for NBA franchise

The Los Angeles Clippers, a National Basketball Association franchise, has chosen Password Protection and Information Retrieval Technology (PPIRT) software from the Cyber Group Network, San Bernadino, Calif. The software provides several methods of protection against unwanted intrusion into lost or stolen data housed on a computer.

Tempe school offers computer security degree

The University of Advancing Computer Technology, Tempe, Ariz., is the first accredited institution in the United States to offer an applied science degree in the field of Computer and Network Security. The program was created in response to industry concerns about the increasing dangers of security intrusions, hacks, vulnerabilities and deliberate electronic viruses.

Waveset, RSA form partnership

Waveset Technologies Inc., Austin, Texas, and RSA Security Inc., Bedford, Mass., have formed a strategic partnership to help secure valuable enterprise resources from unauthorized user access. Under the partnership, Waveset joins the RSA Secured Partner Program to provide integration of Waveset Lighthouse with RSA SecurID authentication software and RSA ClearTrust Web access management. The combined solution, protected by RSA SecurID two-factor user authentication, helps enterprises deploy a comprehensive management solution that administers RSA SecurID user definitions and attributes and RSA ClearTrust entitlements as part of a complete identity management architecture.

Payment association's PKI to be protected

The Canadian Payments Association has signed an agreement with Kyberpass Corp., Ottawa, to deliver authentication software for its Public Key Infrastructure (PKI), currently being developed as a national trust framework to support Internet payment applications. A key component of the CPA's PKI, the Kyberpass e-Transaction TrustPlatform is designed to stimulate the use of payment applications via the Internet with trust in identity, safety and privacy. “A sound trust infrastructure is paramount to setting the highest security standards for financial transactions,” says Marc Parent, director of information systems and technology at CPA.

Fairfax, Va., hospital turns to biometrics

Inova Fairfax Hospital, Fairfax, Va., has implemented biometric technology by Bioscrypt Inc., Mississauga, Ontario, for user authentication and access to its electronic medical records. Combined with Fairfax-based eko systems' Frontiers — a hardware and software solution — clinicians can expedite and simplify physiological data capture and data entry and ensure privacy of patient records with fingerprint authentication.

Tulsa meeting HIPAA standards with biometrics

The Emergency Medical Services Authority (EMSA), Tulsa, Okla., has selected network security software from BioconX Inc., Minneapolis, and fingerprint ID units from Sony Electronics Inc., Park Ridge, N.J., to safeguard access to its network and applications. “Implementing biometrics to control access to our IT assets is a critical element in our security strategy to comply with HIPAA (Health Insurance Portability and Accountability Act),” says Steve Williamson, EMSA president and CEO.

Absolutely dealing with PC theft

Absolute Software, Vancouver, B.C., has introduced a new sales and marketing initiative designed to help reduce claims related to lost or stolen PCs. As part of the initiative, The St. Paul Companies, a provider of insurance products and services, will offer Absolute's Computrace Plus PC tracking and loss control service to its customers in the high-tech sector. “In the high-tech field, losses related to lost or stolen PCs are on the rise and are the major cause of claims related to theft,” says Thomas Arch, assistant vice president of global technology underwriting for The St. Paul Companies. In other news, Absolute's tracking software was successful in recovering five stolen lap-top computers in the U.K., and several of the thieves were arrested.

Genex wins Tibbett's Award

The U.S. Small Business Administration recently awarded the 2001 Tibbett's Award to Genex Technologies Inc., Kensington, Md., a developer of three-dimensional (3-D) imaging. The Tibbett's Awards were established by Roland Tibbetts, the founding father of the Small Business Innovation Research Program (SBIR). The Tibbett's Awards provide national recognition for the innovation, business achievement, and technological advances of small businesses, projects, and entrepreneurs.

Norwich University offers degree

Norwich University, a private military college in Northfield, Vt., is offering a new degree program in Information Assurance and Security Technology. The program takes advantage of Norwich University's unique relationship with key federal law enforcement and security agencies; the U.S. armed services; private industry and the Vermont Army National Guard.

Companies team for face recognition solution

Siedle North America, Broomall, Pa., a subsidiary of SSS Siedle, Furwangen, Germany, and Nexus Group Intl. Inc.'s AcSys Biometrics Corp., Burlington, Ontario, have entered into an agreement in which Siedle and AcSys' will offer a face recognition system. The technology will add to a line of modular and exclusive security and communication solutions.

NFR expands intrusion detection

NFR Security Inc., Rockville, Md., has acquired the Centrax host-based intrusion detection technology from CyberSafe Corp., Issaquah, Wash. NFR can now offer customers NFR Host Intrusion Detection, rounding out its intrusion detection offerings.

Cyota, Vasco combine forces

Payment security company Cyota, New York, and e-business security provider Vasco, Oakbrook Terrace, Ill., have partnered to cross sell products to their individual client bases. Cyota has integrated Vasco's Digipass security and authentication software into its SecureSuite product line.

Companies add fingerprint authentication to lines

Biometric fingerprint semiconductor products supplier AuthenTec Inc., Melbourne, Fla., has partnered with Novell Inc., Provo, Utah, a Net services software provider, to enable organizations to effectively control access to applications, databases, network resources and multiple platforms with fingerprint authentication.

Fending off e-mail viruses

CipherTrust, Atlanta, has introduced an intrusion detection system designed specifically for e-mail. The system, integrated into Cipher's IronMail security application, can provide monitoring, detection and response to e-mail application-level threats. The system acts as a complement to IDS and firewall protection.

Alcatel, Securitae ally to secure mobile VPN clients

Mobile users of Calabasas-Calif.-based Alcatel's Virtual Private Network now have an integrated security solution from Securitae Corp., Santa Clara, Calif., which controls access to the secure VPN tunnel existing between PCs and corporate VPN gateways.

Communications company chooses Guardent for security

Latin American communications company Convergence Communications Inc., Sunrise, Fla., has chosen 24-hour managed security services from Guardent Inc., Waltham, Mass. Guardent will protect Convergence customers' e-business applications and data by using firewalls, intrusion detection, vulnerability scanning, anti-virus, and VPN and URL filtering.

Smart card network earns honor

The WavePass Internet Smart Card Network from AmaTech USA, Chandler, Ariz., has won the Sesame 2001 Award for Best Application in e-Commerce. The Sesame Awards are part of the Cartes Exhibition, Paris, and honor innovation in smart card technology.

Encryption software approved

BSAFE encryption software from RSA Security Inc., Bedford, Mass., has received validation that it conforms to the Federal Information Processing Standards (FIPS) security requirements for cryptographic modules. The software includes MultiPrime technology licensed by Compaq Computer Corp., designed to process encryption/signing tasks.

SAGE technology to be taught at Texas A&M

Systems Advisory Group Enterprises (SAGE) Inc., Amarillo, Texas, has formed a research partnership with Texas A&M University based on SAGE's Process-Based Security technology. The agreement calls for the technology to be added to the course structure, so students can learn about the technology and its implementation.

Raytheon forms security subsidiary

Raytheon Co., Washington, has formed a wholly owned subsidiary, SilentRunner Inc., as part of its restructured Information Assurance Business unit. SilentRunner Inc., will provide internal network security analysis to safeguard intellectual property from information security breaches.

The Top 10 Computer Viruses

#1 W32/Nimda 27.2%

#2 W32/Sircam-A 20.3%

#3 W32/Magistr 12%

#4 W32/Hybris 6.2%

#5 W32/Apology 3.8%

#6 VBS/VBSWG-X 3.6%

#7 VBS/Kakworm 3.1%

#8 VBS/SST-A 2%

#9 W32/Badtrans 1.8%

#10 W32/Navidad 1.8%

Others 18.2%

Source: Sopho's Helpdesk

Want to use this article? Click here for options!
© 2009 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue