There are four critical reasons to monitor Internet usage within your organization. Without having to single out any one user or play Internet Cop, these four reasons should be more than enough to convince you that at the very least, some aggregate reporting and proactive defense measures are essential to protect the organization and the employees themselves. Together with each reason, I will share my own first-hand experience that made me appreciate the use of Internet monitoring.

Malware
Viruses don’t just spontaneously come into existence on your network. They get in through user actions; the majority of which include downloads of infected files or accessing compromised sites. These actions are often the results of perfectly innocent and well-meaning actions, since the site you trust completely today, might find itself hacked tomorrow. By monitoring users’ Internet activities, proactively scanning downloads (executable files, documents and scripts contained within web pages), and checking for things like cross-site scripting attacks and obfuscated URLs, an Internet monitoring system helps to protect your users from threats outside your control, like a vendor website that has been compromised. The last virus incident I was involved in occurred because a user accessed a file sharing site with the computer set aside for shipping. Because this was a standalone machine in an unsupervised area, it was easy for a user to surf the web, and the antivirus software had stopped working but was not being properly monitored. Internet monitoring caught the infected file before it got to the desktop, and that alert let us know we had a machine requiring attention.

Compliance
Compliance issues can come up when users access personal webmail sites, file sharing sites, or attempt to download copyrighted materials. By establishing a policy that prohibits these actions, and then implementing a technology that enforces this policy, a company can show good faith in meeting the requirements of any legislation or contractual obligations. A couple of years ago, a competitor filed a lawsuit against my employer. Part of the complaint alleged that users accessed this competitor’s website to download software using a third party’s credentials, which violated licensing agreements. Having logs to show that this did not occur proved very useful in court.

Productivity
There are perfectly legitimate reasons for users to access websites during work hours. There are also plenty of distractions that can lead a user to accidentally burn through an hour of their day, even though they might have started out with the intention to just check something quickly. While I am completely in favor of allowing users some recreational access to the Internet, it is easily something that can be misused. By monitoring the sites responsible for the largest amount of time spent online by employees, a company can bring up the subject in team or company meetings, without singling out any individual. A few years ago, a supervisor whose department was chronically behind schedule was found to be spending most of his day on gaming sites, instead of seeing to his team’s needs. HR addressed this with the supervisor, and the team immediately started meeting their goals.

Costs
One of the largest expenses for many IT groups is their monthly bandwidth bill. If anything seems slow, users are bound to complain, so it is a constant effort to stay on top of bandwidth utilization reports, and to buy bigger pipes as usage climbs. Of course, sometimes the top bandwidth consumers are not what the business had in mind when it allowed Internet access to everyone. Being able to tell just what is using up all the bandwidth,and to then decide whether a larger circuit or a conversation with a user is the proper course of action, can save hundreds to thousands of dollars a month. In this case, a remote site with a pair of bonded DS1s complained regularly that they needed a bigger pipe; applications timed out regularly and response was unacceptable. In reviewing the logs of the Internet Monitoring, we determined that some user was streaming movies all day, every day. By blocking that category of site without having to identify the user, the problems with application timeouts were eliminated, and we avoided spending thousands more to get a larger circuit into this (very) remote office.

In each case above, Internet monitoring directly contributed to solving a problem, without requiring the security team to spend all day watching what others were doing. In all four reasons, I personally found that the Internet monitoring solution we implemented paid for itself in the costs saved or avoided. By adding an Internet monitoring solution to your environment, you can add another layer of protection to your defense for both your business and your employees.

Web monitoring can be a critical part of your defensive strategy, preventing violations of policy, protecting against malware, and conserving bandwidth.

Web monitoring software is normally installed on a server at your border, or on an existing proxy server such as Microsoft’s Forefront TMG 2010. It protects your users in several ways, including assessing your users’ Internet access, and permitting or denying access to websites based on whitelists, blacklists, or categories. It can work with URL lists that are constantly updated and categorized to block access to sites deemed inappropriate by company policies. It also protects your users by scanning webpages for malicious scripts and downloads for malware, using multiple antivirus engines to scan downloaded content.

One of the biggest benefits to this approach is that the protection is in real-time, and can keep users out of harm’s way rather than simply logging that they did something wrong. Many times, users may click a link that they think is harmless, only to find out after the fact that it went somewhere they shouldn’t. Even safe sites might be compromised; scanning downloads helps to protect users from malware posted to hacked sites.

In some cases, logging individual access may prove to be necessary. Web monitoring software can be set up for logging all access to the web by any or all users. Logs can be reviewed to ensure compliance with policy or to investigate violations. Just be sure that your written policies cover this and that you have disclosed this activity to your users. Check with your HR and legal counsel to make sure everything is in accordance with company policy and legal requirements, and look for software that can anonymize data if you have users within Germany, Italy, or other jurisdictions with privacy laws that might impact logging of users’ activities.

Here are some other key features to look for in a web monitoring solution:

• Multiple antivirus engines to scan downloads for malware
• The ability to terminate and inspect SSL traffic
• A constantly updated URL database to help block categories that violate policy
• Agentless install options to simplify deployment
• Policies that can be enforced by user, group or ip.addr, and by time of day.

Web monitoring software provides several key protections for your users, and your network. Whether you use this to review website access, or simply to prevent users from straying into the more questionable areas of the web, are entirely up to you. You can perform a periodic review of web access if management deems it necessary, or simply choose to use an automated process to block access to those parts of the web that don’t comply with company policy, but in all cases, protecting your users protects your systems.

Trying to manually update applications on more than a handful of systems is a Sisyphean task. Just as you get to the end of the process, more updates come out as new vulnerabilities are discovered, or bugs are squashed. Ignoring these applications is dangerous though, as many could become the source of a system compromise. Many do have their own automated method for checking for updates, but require the end user to acknowledge and install the update. These generally also require that the user have administrative rights to the operating system. Relying on end users to patch is neither practical, nor safe. Here are sixteen of the most popular applications that you might not be currently patching.

Browsers

Browsers can be especially dangerous to leave unpatched, as they are what users view websites with, and with their extensions, can include even more code that might inadvertently execute malware from a compromised site.

1. Mozilla Firefox
Many users swear by Firefox, which also has a rich portfolio of extensions and plugins. Users can check for updates manually by clicking Help, Check for Updates.

2. Google Chrome
Increasing in popularity, Google Chrome also has a growing number of plugins. Chrome checks for updates at each launch.

3. Opera
Opera also checks for updates automatically, and will prompt the user to install them when a recommended update is available.

4. Apple Safari
Apple’s Safari uses the Apple Software Update service to check for updates, and can be configured to install them automatically.

Media

Some may consider media players as not for business use, but between blended learning, content rich web based applications, and smart phone management, you will undoubtedly find most if not all of these on many workstations in your environment.

5. Apple iTunes
Apple’s iTunes application is required for the initial setup and ongoing management of iPhones and iPads. As these devices permeate the corporate environment, keeping these applications up to date will become more and more important. Like Safari, iTunes uses the Apple Update Service to check for updates, but the user must download and install the latest version.

6. Apple Quicktime
If you have iTunes, you have Quicktime, and just like iTunes, the Apple Update Service can check for updates, but the user must install them.

7. Adobe Flash Player
Flash is almost the de facto format for content-rich websites, and dynamic content on web based applications. Flash will check for updates automatically, but again, the user must download and install the update. Corporate users can register to download a network redistributable package, but must work out how to install that on their own.

8. Adobe Shockwave Player
Like Flash, Shockwave is frequently installed on laptops to access rich content on websites. It too has a redistributable package that can be deployed through a script.

9. Real Player
Many corporate training solutions use Real Player to deliver required courses to all users. RealPlayer has an auto update feature which requires that the user have admin rights.

Runtimes

Runtimes provide great functionality for application development, but come with the risk that malicious applications can be downloaded and executed.

10. Adobe Air
Adobe Air’s auto-update feature checks every two weeks to see if updates are available and then will prompt the user to install them. This requires that the user close any open Air apps, and that they have admin rights.

11. Java Runtime Environment
The Java Runtime will also check periodically for updates, and prompts the user to download and install them. As with the others in this list, it requires the user to have administrative rights.

Utilities

12. Adobe Reader
Adobe’s PDF Reader software is frequently updated. Current versions do check for updates and prompt the user to install them.

13. BlackBerry Desktop Software
The management application for BlackBerries checks for updates when launched, and will prompt the user to download and install the latest version.

14. 7-Zip
One of the two most common compression utilities, there is no setting in the program for automatically checking for updates.

15. WinZip
The other of the two most common compression utilities, again, there is no setting in the program for automatically checking for updates.

16. Pidgin
The Pidgin Instant Messaging application includes a plug-in called Release Notification that, when enabled, will check for updates and notify the user that they should download and install the latest version.

Fortunately, most of these (and many more) can be updated by commercial patch management software such as GFI LANguard. Others may require a manual install method like a login script or batch file. If you have these applications deployed on your network, make sure you are updating them on your workstations and servers.

Let’s start with the initial point: what to do if you need to repair PST files. Here are three points:

Inbox Repair Tool

If you have a corrupt PST file, you will see this error message when you try to open it:

Errors have been detected in the file <file_path>. Quit all mail-enabled applications, and then use the Inbox Repair Tool.

Every current version of Outlook comes with a version of the Inbox Repair Tool called scanpst. Scanpst.exe can be found in either drive:\Program Files\Common Files\System\Mapi\LocaleID\scanpst.exe or drive:\Program Files\Microsoft Office\Office14 (Outlook 2010.) The scanpst.exe tool can scan a PST file for damage, and can recover it in many cases.

OST Crop Tool

When a PST has grown past its maximum supported size, the Inbox Repair Tool may not be able to repair it. If you run the scanpst. exe and it cannot repair the file, you may want to use the OST Crop Tool. This will not recover all of your email, but it will truncate the corrupt file down to a size that may be accessible. You can download that tool from http://www.microsoft.com/downloads/details.aspx?FamilyID=B33B1DFF-6F50-411D-BBDF-82019DDA602E&amp;displaylang=en

Third party PST repair tools

The market is full of PST repair tools from several third party sources. Some offer free versions, while others cost money up front. There are too many to list in this short article but a search on Google for ‘repair PST’ will serve you well. Read them carefully, and I strongly suggest making a copy of the PST to be repaired just in case, but that advice is good even if you are using the Microsoft tools above.

But what if you didn’t have to worry about repairing PST files in the first place?

Why do your users have PST files anyway? Is it because they have a small inbox limit, or is it because the system automatically deletes email over a certain age? Whatever the reason, knowing the problems that might arise, requiring PST repair and placing data at risk, is only half of the equation. You do need to provide an alternative and that is where email archiving software comes into play. A good email archiving software eliminates the need for PST files by creating an archive that can be accessed even when Exchange is offline, and that can provide virtually unlimited mailboxes. There are also tools like the PST Exporter that can transfer messages from PST files into the archive, ensuring ongoing access to email and eliminating the risk and performance impact from PSTs on the network.

Good email management includes maintaining access to email. Email archiving software is a great way to accomplish this, and can eliminate the risks and the headaches associated with PST repair.

The top three Patch Management Do’s

1)      Do deploy a system that can patch more than just the operating system
Consider all the third party apps and plugins, like PDF readers, media players and codecs, browser plugins, and more that are on all of your systems. Adobe, Apple, and others release patches several times a year, and many times these are in response to exploits already in the wild. Manually updating Flash on every workstation you have could cost more than the price of a patch management system, and you will need to update Flash more than once a year.

2)      Do test patches before deploying them
While every vendor does everything they can to test patches before releasing them to customers, it is impossible to test every single possible combination of software, configuration, and option that could be in the wild. Too many times has a patch been deployed, only to break a mission critical function. Have a set of test servers and workstations, and make sure you QA any patches before you deploy them. VMs that you can snapshot and revert are great for this.

3)      Do establish regular maintenance windows for patching
I once worked for an organization that needed the CIOs of seven different divisions to all agree on a maintenance window. If any one of the seven had something else to do on a planned maintenance weekend, the maintenance got postponed. It took a year before we could implement the upgrade that took less than an hour, because they would never approve a 2AM Sunday morning window because something else might be going on. The point is, patching must take priority, and having a regularly scheduled window that supersedes other concerns helps make sure you can get systems patched.

The top three Patch Management Don’ts

1)      Don’t assume you will hear about issues before they are a problem

Subscribe your IT distribution list to the security advisories for every vendor you use. Add their RSS feeds to your reader. Follow security related accounts on Twitter. When a zero day exploit hits, you want to know about it ASAP.

2)      Don’t assume your systems are patched

Whichever system you use, make sure you check the reports and verify that the patches you pushed were successfully deployed to all systems. Running security scans after that is another great way to confirm that all your systems were successfully updated. And don’t forget about those users who work remotely. They need to be patched too, and might not connect to your internal network often.

3)      Don’t use a solution that only patches the operating system
Setting every system to update automatically is better than nothing. Using WSUS helps you centralize your patching, and creates some great reports. And while the price is hard to beat, you get what you pay for. Patching only the operating system and Office products leaves many third party apps unpatched, and that may lead to a system to be exploited. This may sound a lot like the first DO, but it is that important, and worth repeating.

If you follow the first three points, and mind the last three, you are well on your way to deploying a successful patch management strategy that will help secure your systems, and your job.

If you want to implement a network security scanning and patch management tool, GFI LANguard is your own ‘Virtual Security Consultant’. Download your free thirty-day trial.

Email archiving is a solution that offers great flexibility for the email admin. You can literally archive every single email in and out of your company if you wish, simply log things like sender, recipient, and subject, or anything in between. If you want to implement an email archiving solution, here are ten tips for ensuring you have all your bases covered.

1. Enable Auditing
   Good email archiving solutions offer an auditing function that stores logs in a tamper proof fashion. If you are involved in a legal action, these logs can be submitted as evidence of the existence of, or the non-existence of, any particular email.
2. Locate the archiving system at a central point
   Small companies may have only one egress point, but larger companies may have a distributed network and site server that can send or receive email. Set up your archiving so that all mail is caught no matter which site is involved. Use SMTP routing queues if necessary to enforce this.
3. Create sensible policies
   Users will send and receive personal email. There isn’t anything wrong with that as long as your policies clearly define what is acceptable and what is not, and inform users that archiving is in use. You might also consider creating archiving rules that will archive all emails to or from client, partner, and vendor domains, but ignore emails from other domains.
4. Consult with HR
   Make sure you work with your Human Resources department when publishing your written  policies, to ensure you are in compliance with company policies, and that user notification is in place.
5. Consult with Legal
   Also involve your legal department (or corporate counsel) to make sure your archiving meets any contractual requirements or legal orders.
6. Consult with Audit
   Email archiving can factor into external audit reports for things like SAS70, or can be invoked into meeting requirements for Sarbanes-Oxley. Work with your auditors to take advantage of, and to make sure you are supporting, any requirements for certification or accreditation.
7. Migrate existing PSTs into the archiving system
   And then use a GPO to disable the ability to create PSTs. Not only do PSTs present the risk of lost data, they can severely impact network performance.
8. Provide users easy access
   Whether that is through a snap-in in Outlook, or a web based interface, make sure users have a ‘self-service’ option to search for and find archived emails and to recover deleted messages.
9. Make sure the solution works in your environment
   Appliances may be the right choice for some, but many companies are moving towards virtualisation. Whether that is with VMware or Microsoft’s Hyper-V, make sure your solution works with your platform of choice.
10. Ensure there isn’t any way around the system
    Audit and discovery are great, but if a user has a way to circumvent the archiving solution, that could bring the logs into question. Make sure the firewall blocks outbound SMTP from anything other than systems that are a part of the email infrastructure, and the proxies block access to personal webmail sites.

With these ten tips, you have plenty to consider when evaluating email archiving.

1. Awareness

When it comes to patching, one of the most important things for you to do is to be aware of what is out there. All the major vendors include mailing lists that you can subscribe to so that you receive notifications of patches. It won’t hurt to subscribe to some of the other mailing lists like those from SANS or Bugtraq that let you know when there are vulnerabilities, even when patches aren’t released yet. Subscribe your IT or security team’s distribution list to make sure nothing is missed while someone is on vacation. See the end of this post for links to some of the major mailing lists.

2. Include applications

A growing number of exploits take advantage of applications that open or execute file types. Windows Update can take care of your operating system and Microsoft applications, but almost every computer on your network will have third-party applications, including PDF readers, media players, and other line of business applications. Make sure you stay informed of patches for all the applications that are a part of your image.

3. Test before you deploy

All vendors test their patches before releasing them, but it is virtually impossible for a vendor to test every possible combination of hardware, application, and driver, and they cannot test your proprietary applications developed internally. Have a set of machines that you deploy patches to first and test to make sure you don’t introduce any problems to your systems. Take advantage of virtualisation technologies when you can, or use your IT department and secondary servers if you have to, but make sure you test all patches before you roll them out to the entire organization, or to key servers.

4. Schedule maintenance windows

Patching requires time, bandwidth, and reboots, and all of these can interrupt normal processes. Even companies that run their business 24×7 need to have some established maintenance windows for normal patching, and a process in place to push emergency patches in the event of a zero-day exploit. By having a scheduled maintenance window, business operations can plan around, or at least be prepared for, potential disruptions when key systems reboot after patching.

5. Use a patch management system

Manual patching is time and labor intensive, error prone, and impossible to report upon. There are several excellent low cost patching systems on the market that can push patches, audit systems, and generate reports for management and security assessments.

6. Include a roll-back plan

No matter how much vendors test their patches, and how thoroughly you test your systems, there may come a time when a patch causes an issue, and you will need to roll it back. Make sure that when you push patches, everyone is aware, and if problems crop up after deployment, be prepared to first check those patches to see if they are a possible cause, and to uninstall them if necessary. With these six concepts at the foundation of your patching plan, you are well on your way to making patching a routine part of your administration, instead of a painful process that causes disruptions to the network. Here’s a list of mailing lists that you may want to subscribe to so as to always be up-to-date:

• http://www.sans.org/newsletters/ – Subscribe to the SANS Institute newletters
• http://technet.microsoft.com/en-us/security/cc307424.aspx – Register to receive Microsoft’s security newsletter
• http://technet.microsoft.com/en-us/security/dd252948.aspx – Register to receive Microsoft Technical Security Notifications
• http://www.us-cert.gov/cas/signup.html – CERT Mailing Lists and Feeds
• http://seclists.org/bugtraq/ – Bugtraq Mailing List
• http://seclists.org/ – SecLists.Org Security Mailing List Archive
• http://www.linux-sec.net/ML_FAQS/ – Mailing lists for specific Linux/Unix distros
• http://lists.apple.com/mailman/listinfo/security-announce – Apple Security Mailing List

4. Network Scanning

There are several million systems on the Internet, so you may be asking yourself why any hacker would try to break into your network? Often, the answer is as simple as ‘because they can’. No matter how small your network is, or how limited your perceived scope may be, network scanners can probe millions of connected systems in hours, and do so in a completely automatic way that could be running while the attacker is at work, or out on the town, or even asleep.

Ping sweeps are used to see if a host is connected to the network, and can be combined with, or followed by port scanners. These tools will probe your connected hosts to see what type of operating system they use, what services they are running, and their output can then be fed into more sophisticated attacks against the specific versions your systems are running.

Defend your systems by using a firewall to block access to unapproved services, change your default banners, and as previously mentioned, keep up with your patches. Consider implementing Intrusion Detection Systems that can alert you when your network is being scanned, or the more advanced Intrusion Prevention Systems, that can automatically respond to such scans by slowing down responses or dynamically blocking the offending system.

5. Social Engineering

A chain is only as strong as its weakest link, and unfortunately, your network security chain’s weakest link is usually going to be its users. Social engineering attacks look to take advantage of people’s natural tendencies to trust others, to respect authority, to be helpful, and to do things that offer them advantage. Phishing emails induce users to click on links to websites and submit personal information by tricking users into thinking they are on a trusted site. Other emails or instant messages can appear to come from a contact or respected company and contain links to download software or view a website, which, when doing so, introduces malware including key loggers, remote access Trojans, and viruses. The more brazen social attacker may just call up a user while pretending to be the helpdesk, convincing them to give out their username and password; or they may call the helpdesk and pretend to be a senior lead of the company, requesting that their credentials be reset. These are all events that happen to networks across the globe daily.

Here, your defence in depth includes making sure you have security and acceptable use policies that are shared with and understood by your users; that you maintain strong anti-virus software on all desktops and servers; that you scan all inbound and outbound email for malware, phishing links, and sensitive information; and by ensuring that your IT staff does not do anything that encourages users to violate policy, like asking users for their password to fix a problem.

Remember that security is an ongoing process, not a goal. Every day, new challenges arise, new systems and software are added to your network, and new vulnerabilities are discovered in operating systems and applications. By following best practices, keeping up with developments in information security, and subscribing to the security alert notifications from your vendors, you are well on your way to maintaining a secure network. Always change default credentials on every system that connects to your network. Sanitize any input your applications allow. Keep up with patches for all operating systems and applications. Use firewalls and intrusion defense. Maintain good policies and educate your users on how they are responsible for network security too.

About the Author: Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like “The Transporter,” but for data, and without the car; and with a little more hair.

While the famous Chinese general may not have had hacking techniques in mind when he penned The Art of War some 2500 years ago, there is great merit in knowing your enemy, and the techniques s/he may use against you. If you are a network administrator, a critical part of your job is defending your systems. Knowing what these attacks are, and how to defend against them, will help immensely with the task of protecting your information systems from harm. While there are thousands of potential attacks, and many books and countless websites that cover them to the tiniest detail, the following five general categories can help you defend against the lion’s share of threats facing your systems.

1. Attacking Defaults

These days, essentially every piece of hardware and network application on the market comes with a set of default credentials; a username and a password that grant administrative access to the system. One of the most common ways of gaining unauthorised access to a system is by exploiting the fact that often, admins do not know, or do not care to change, these defaults.

Whether we are talking about a database application, a router, or a printer, defending against these attacks is simple. The first thing you should do when connecting a system to your network or installing an application on a server is to change the default credentials.

2. SQL Injection

Arguably one of the most devastating attacks against web based systems is the SQL Injection attack. Today’s dynamic websites often comprise much more than just a web server serving html code and graphics files to users. Ecommerce sites use database servers to host the backend information that is used to build interactive sites, present product information, and take orders. Even some of the most simplistic seeming websites may have a database on the backend. If the site provides a way for users to log on, or to submit information, you can bet there is a database behind the scenes.

SQL Injection attacks are when an attacker inputs SQL commands into the fields meant for other information, like usernames or search strings. A properly designed website will examine any data submitted by a user to make sure that the information is valid. A username typically will contain only letters; an email address might have letters and numbers, but only a few metacharacters like @, ., -, and +. If this input contains something a simple as a single quote ‘ sign at the end of the username, it could be interpreted by the database application as constructed SQL, and interpreted as a query. While it may not be a valid query, the database server may return an error that exposes information like the name of the database, its tables, and key fields. Continuing down this path, an attacker could submit SQL commands into the username field that could be executed to return the contents of the database, or to do things like drop tables.

To defend against this attack, your web applications must evaluate all submitted data for input that does not contain expected and allowed characters. Whether your application sanitizes user input by removing invalid characters, escaping any SQL specific characters before passing input to the database, or rejects it with a message back to the user asking them to try again using only allowed characters, it must act as the first line of defense to ensure that no commands can be passed to the database. Remember, even a command that fails, if executed by the database server, may reveal more information to the attacker that will make the next attack more effective.

3. Exploiting Unpatched Services

I have been in the information security field since 1997, and have been a CISSP since 2003. Of all the hundreds of security incidents I have been involved in, whether on behalf of an employer or for a client, I can still count on my two hands the number of intrusions that have not been the result of an attacker taking advantage of an unpatched system. Patching is time consuming, often difficult, and can sometimes introduce problems even as it is trying to prevent others, but the fact remains that you must patch your systems. Every operating system, whether it is installed on a computer or embedded as firmware on a piece of networking equipment, and every application your users run, has flaws. They were all written by humans, and mistakes were made. As these flaws are uncovered, updated code is released by the manufacturer to correct these issues, hopefully before a bad guy uses these flaws to exploit a system.

As an administrator, you must keep up with these patches, testing them as necessary, and deploying them to all networked systems. As operating systems and applications age, and fall out of support, you need to budget the necessary time and resources to update/upgrade these systems. Just because a vendor no longer issues updates for a system does not mean that there are no more security issues to be discovered.

The bad guys may frequently use any or all of the three hacking techniques we just covered, but there are still more you need to be prepared against. In the second part of this series, we’ll look at two more common hacking methods that you will be up against, and summarize some best practices to help you defend against them all.

About the Author: Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like “The Transporter,” but for data, and without the car; and with a little more hair.