Debra Shinder WS Blog

If your organization uses Acronis True Image to create image backups, you need to be aware that the software isn’t working with Windows 8. The Secure Boot feature, which is designed to block rootkits, is preventing users from restoring their Windows 8 computers from image. That’s because Acronis uses a Linux-based Startup Manager with an unsigned boot loader.

The company is working to resolve the problem and says they already have a fix in testing that should be released in February. Until then, you may need to disable Secure Boot.

As we start off the new year, Gary McGraw offers us one important security principle for each year we’ve come into the new millennium. These 13 bits of advice will come in handy when you start to design a new system or infrastructure. Although some of them might seem too obvious to bother naming, it’s the most obvious that are often overlooked. And each principle is described in colorful, descriptive language that will help you to remember them.

It seems as if almost everyone these days has a Skype account, and businesses are using the VoIP service more and more frequently, too. And why not? It can save you a ton of money over landlines and even more “traditional” VoIP services. But popularity is always both a good thing and a bad thing for computer software and services; when a large number of people use it, that makes it a more attractive target for malware authors and distributors.

Everybody who’s anybody in tech security has been saying it for years: passwords need to go. Or at least, the reliance on passwords alone to protect our data and accounts just isn’t working in an uber-connected world where sophisticated attackers lurk in all the dark corners of cyberspace.

There has been some speculation that IT professionals aren’t as focused on security as they were a few years ago. The idea is that security is becoming more “baked into” the software, rather than requiring add-on programs or separate devices/appliances/servers, and/or that the ascendancy of the cloud will remove the need to worry about security because the cloud provider will handle all that, transparently, for you.

Implementing a Public Key Infrastructure is not an easy task, so network admins and security professionals who are charged with the responsibility can use all the help they can get. Windows Active Directory Certificate Services (AD CS) provides the tools you need, but figuring it out on your own can be a real challenge.

Address Space Layout Randomization (ASLR) is a key security feature that Microsoft has included on recent client and server operating systems, and it was enhanced in Windows 8. ASLR works by arranging the important data areas in memory randomly, to make it harder for attackers to find specific memory addresses in order to target their attacks. Forms of ASLR are also enabled on non-Microsoft operating systems (e.g., Linux, Solaris, OS X, iOS and Android).

We all know there is a lot of discussion around cloud security these days, as more and more companies contemplate moving some or all of their IT services into the cloud. There are still concerns, although these are being addressed in various ways by different cloud providers. As with any important business decision, the proper approach includes doing a risk assessment. This article looks at the cloud in terms of the four pillars of risk management.

Many companies have deployed Cisco’s wireless LAN controllers (WLCs), and if yours is one of them, be sure to take heed of the security advisory announcing that the WLC family of products has been found to have several vulnerabilities that could result in Denial of Service (DoS) attacks, remote code execution and/or unauthorized access. Cisco has released updates to address the four vulnerabilities so be sure to patch the products as soon as possible to protect against exploits of these vulnerabilities.

That would be Barracuda Networks.