ISC   Information Support Concepts, Inc
A Certified Woman Owned Business Enterprise (WBE)

Issue 38

Publisher:  Jack Burlin                                Editor:  Lori Schriver

August 4, 2008

IN THIS ISSUE
Your success story            Monthly featured product            Kevinisms            Trivia         

Articles of Interest:  Improving Web Security                   Water, Water Everywhere, But Not a Drop to Drink

Back to ISC Main Page
 

Your Success Story

"I was searching for the right type of 4-post racks for our servers, and could not get a good solution. It was then I contacted ISC. They were phenomenal in answering to my queries and immediately suggested a solution at affordable cost. They kept me posted on all shipment processes. I was especially delighted with their follow ups from ordering to installation to ensure our satisfaction. It was their smart suggestions and highly professional attitude which promoted me to order other server room accessories from them as well. I would highly recommend ISC to anybody for their future purchases."

Thanks,

Naufal Zamir Sheikh
Syracuse University

 Note:  See photos of this installation at the bottom of the newsletter.
 

Monthly Featured Product

KDB14 Base
(note the lacing points
at the rear)

KDE3 Ears

 

 

Both KDB14 and KDE3 Ears Together

 

top
 


Information Support Concepts (ISC) has discontinued the monthly product special. Since we are now running weekly specials with much deeper discounts, it made sense for the monthly special to be replaced.  We will now have a featured product each month, and direct our customers back to the weekly special for discounted items.

You can click on this link to see the current weekly product special! 

Middle Atlantic Products has just introduced a number of new products to the market.  Their "knock-down" shelves have been redesigned to increase ventilation.

The KDE and KDB knock-down shelves allow clients to mix and match a set of rack ears with an appropriate sized base.  This allows clients to configure shelves that have the right height and the right weight capacity, as well as the correct size surface to support components.  The re-design improves ventilation not only in the base, but in the ears as well, all without sacrificing strength.

As always, ISC personnel are ready to answer your questions, and can confirm what product will work for your specific application. If you have a question, just call us at 800-458-6255.

 

Improving Web Security
A Look At Common Threats & New Defenses To Stop Them

by John Brandon

 Excerpted from July 18, 2008 • Vol.30 Issue 29

 Locked-down networks, airtight VPNs for remote workers, impenetrable firewalls, a virus-blocking system that’s second to none: These are the hallmarks of a good security strategy. Yet, even when an industrious IT manager covers all the security bases, there is one pesky problem: Users within any organization can fall prey to a Web attack, typically one that bypasses a firewall, worms its way onto file servers, and can even attack an SQL database and self-replicate. It’s the human factor involved in a Web attack that can give data center managers the most headaches. Most traditional Web security tools use signature files (a list of known spyware and virus distribution sites) to block attacks, but there is room for improvement on these traditional, and in some cases untenable, approaches.

New Deceptive Attacks

One constant in the world of Internet security is that there is always a new attack on the horizon. The hacking communities, many of them based in foreign countries, are now seeking credit card information and business secrets from small companies that might not have the industrial-strength protection of a larger enterprise.

“We have researched why hackers are able to bypass the existing layers of security such as firewalls and virus scanners, and the answer was that computers are often attacked through the browser," says Jordy Berson, group product manager at Check Point, a company that makes Internet security products.

The latest threats tend to find weaknesses in the code corporate Web sites use, according to Christoph Alme, who leads the anti-malware lab for Secure Computing  in Germany. For
example, an SQL injection is an exploit that finds compromises in database code on a Web
server and attaches a malware program that turns the local client into a malware host.  Here is information on just such an attack:

The ASPROX botnet, which earlier ran amok by phishing users via email, has got a new weapon:  SQL injection.  Starting in Mid-May 2008, ASPROX was configured with an SQL Injection attack tool which hacks websites, adding even more hijacked PCs to its botnet army.  The same people behind ASPROX are also responsible for Danmec, a password-stealing trojan which spread in early 2008 using phishing emails.

What is SQL Injection.
Simply put, SQL injection is a malicious attack on a vulnerable website which allows commands to be submitted directly to the application's backend database.  Many custom ASP or PHP applications are vulnerable to SQL Injection attacks because they fail to perform proper input validation on their forms.

What is ASPROX.
ASPROX is a new kind of threat that combines multiple malicious attack vectors:  The initial compromise utilizes the botnet and SQL Injection.  Once a vulnerable site is compromised, javascript code is inserted into its database and the website displays links to multiple malware downloads.  Then, any website user that clicks these links can be infected with the botnet.

The goal of ASPROX is to plant the malicious javascript on thousands of websites, and secretly infect new victims while they are surfing the web, building up the ASPROX bot family.  So, how widespread is it.  Our statistics show ASPROX has already infected more than 250,000 websites and is spreading rapidly.

What can I do about an ASPROX infection.

  • Clean the infected database.  We have partnered with database consulting companies to help you through this process.  If you have your own internal database managers, we have documentation to help them address this in-house.

  • Audit your ASP source code for proper input validation.  See Microsoft's recommendations here:
    http://msdn.microsof.com/en-us/library/ms998271.aspx

     

Another trick is to use a Flash-based banner to distribute malware. The hacker uses legitimate ad networks and Web sites, but once you click the banner, you are taken to a malware site, and the local PC becomes infected.

New Scams, New Defenses

Another recent technique for battling Web threats has to do with “the cloud" (computing that
takes place on the Internet rather than inside a company firewall) and protecting an SME before malicious code even appears on a browser. Trend Micro has developed cloud computing
software than runs as a hosted service and examines traffic in the cloud, an effective measure
that does not slow bandwidth.

In the end, the job of IT is to track not only new emerging threats but to respond with new tools that block these threats as quickly as possible. Older tools can continue to protect key systems, and the new tools fight the latest threats, adding up to a comprehensive solution.
 

A key defense not covered in this article is Intrusion Prevention

ISC offers Intrusion Prevention to keep
hackers out of your network,
and thwart SQL injection attacks!

Don't put your hardware in danger!
Call the Rackmount Ranger!
800-458-6255.

Kevinisms

A Kevinism is a funny or intriguing statement or idea from our Vice President of Sales, Kevin Hunt.  Kevin is a big fan of Sandra Bullock, Pizza Inn black olive pizza, The Washington Redskins, and Dr. Pepper (not necessarily in that order).  He is not a big fan of Chinese food, seafood, or other types of "dead" stuff.

Kevin generally orders a veggie burger when eating at a restaurant that offers them.  Both Bennigan's and Chili's offer basically the same black bean burger as a replacement for any of the regular hamburgers on the menu.

Kevin usually tries to confuse the waiter by asking for the "bean burzhay" (pronouncing "bean burger" in a French accent), "well done, no pink."  He sometimes reminds me of Steve Martin as Inspector Clouseau (in the Pink Panther remake) trying to say "hamburger."  Some of the waiters get it but most don't.

Then Kevin tries to get the waiter to say that bean burgers are popular by asking some kind of leading question.  Not wanting to provide a negative reply, the waiters always agree with Kevin.  Kevin then turns to the rest of us and claims validation that more and more people are ordering the veggie burgers. 

Wanting to nip this kind of activity in the bud, I asked to see the manager.  When he arrived, I asked a simple and straight forward question that could not be twisted by Kevin.  I wanted to know the percentage of veggie burgers sold each month compared with their regular burgers.  Since the manager orders both types on a monthly basis, he knew the answer right away.  He orders 48 veggie burgers and 968 regular burgers each month.  The total is 1016, and the veggie burgers make up approximately 4.7%.

Kevin would like us to think the percentage is growing, but we all know better.

top


 

SIGN UP TO RECEIVE
The ISC Newsletter

   

Subscribe!

 

 

Subscribe a Friend!

 


Trivia Question

Here is another Saturday Night Live question from classic television.

Q:  What character's catch phrase was, "Baseball been bery bery good to me!"    

All correct answers will be placed into a pool for a random drawing at the end of the month.  The winner will receive a free laptop cooler, plus free ground shipping. Send your answers to: Jack Burlin

See next month's newsletter for the winner and the correct answer.

Answer from July's Newsletter.

Q:  Can you name all seven of the original "not ready for prime time players?" 

 A:  The seven original members were Dan Aykroyd, John Belushi, Chevy Chase, Jane Curtin, Garrett Morris, Laraine Newman, and Gilda Radner

The winner was John Borjorquez.  Congratulations!

 

top

 

 

 

              Water, Water Everywhere, But Not a Drop to Drink
 

 

There have been a lot of funny things that I have seen over the years, but this in one of the few that I can remember actually having participated in.  The memory is very vivid because at the time it felt like being in a movie.  Here is what happened.

When I attended Syracuse University (see this month's success story above) I lived in a 12 story dormitory called Brewster Hall.  The dormitory building was made of poured concrete and had two wings arranged perpendicular to each other, and a bank of three elevators that opened into a lobby between the two wings.  The lobby was kind of the common area for each floor, and besides the elevators there were three telephone booths, a water cooler, a fire extinguisher, and some buzzer buttons that could be used to alert the people in the dorm rooms if they had a phone call.  There was also an emergency stairwell adjacent to the elevators.  Other stairwells were at the opposite ends of the two wings.

The lobby had a table and some chairs in it.  The only carpeted area on each floor was the lobby and the hallways.  Dorm rooms had linoleum floors.  Being poured concrete, the carpeting was on a pad, but directly beneath that was concrete.

Having water fights in the dorm was a forbidden activity, but that did not keep people from doing it.  The problem was that when the carpet got wet, it took some time to dry and would usually mildew (with the attendant smell).  The biggest prohibition was using the fire extinguisher in a water fight, because then the extinguisher would be empty, and or course you did not want an empty extinguisher on your hands if there was ever a fire.

Sometimes the people on one floor would play a joke on another floor.  This was accomplished by filling a galvanized trash can about 1/3 to ˝ full of water and positioning it very carefully on the elevator.  You tilted the trash can so it leaned up against the elevator doors.  The trash can was on the inside of the elevator, but you had to get it to balance properly from outside the elevator, just as the doors closed.  Having already pushed the button for the target floor, the elevator would go there, the doors would open, and the trash can would tumble through the doors and spill water into the lobby.  Fortunately, once people experienced this prank a few times, it lost its appeal.  However, in the Spring, there would still be the occasional water fight.

On a very warm Saturday in May 1971, some of us with nothing better to do started a water fight in the lobby.  One of the guys conspicuously absent was named David, and he lived in Rochester, NY which is about an hour West of Syracuse.  David was a sophomore, but he had a girl friend who was just graduating from high school.  The girl friend was considering Syracuse as her college, so that day she and her parents drove into Syracuse to tour the campus.  They met up with David and he showed them around.

While driving around the university, the father noticed his car did not have enough coolant and started to overheat.  Wanting to top off before going back to Rochester, he sent David to find some water to fill his radiator.

At this time, three or four of us were involved in this water fight.  In water fights of this type, you filled up your wastebasket with water (from the sinks in the bathroom), and tried not to empty the wastebasket on someone else unless you were pretty sure you could escape without being hit yourself.  Then you went back to the bathroom to reload.  So there was a lot of jockeying for position and a lot of faking going on in this water fight.

As we were doing our best to find an opening to douse someone without getting doused ourselves, the central elevator opened and David burst into the lobby saying, “Quick! I need some water!"

Well, I don’t know if you have ever seen a film where the characters do a “double take," where they look at each other, look away, and then look back again, but I swear we had four people do a double take, and three seconds later, David got doused with four wastebaskets full of water.  Considering our response to his emergency to be inadequate, David cursed us and jumped back on the elevator.  We did not see him again until the next day.

That was the end of the water fight, but we really had a good laugh over it, and the memory of that “double take" moment is still very fresh.

 Thanks for reading, and I hope you enjoyed this month's newsletter. 
Please direct your comments to Jack Burlin.

top
 



Dual Four-Post Adjustable Racks



Special Brackets for Four-Post Applications

© 1998-2018 All Rights Reserved  -  But feel free to forward this or email it to all of your friends. 
For reprint permission, please call 800-458-6255

Copyright iscdfw2.com, 1998-2019

Information Support Concepts, Inc.

Mansfield, Texas
ISC   Information Support Concepts, Inc