HDFC Bank Secures IT Governance

By NWC News Network

HDFC Bank has entered into a $7.4 million, three-year strategic Enterprise Level Agreement with Symantec for IT compliance, enterprise security and storage management related consulting and implementation services. HDFC Bank will use Symantec’s solutions and services to automate and standardize processes for compliance with SOX, Basel II, COBIT, ITIL and ISO 27001, automate incident management and event correlation across all security devices, network devices, applications, servers, operating systems and databases, secure messaging environment, protect network endpoints. These will be supplemented by Veritas NetBackup, Veritas Volume Replicator and Veritas Storage Foundation. According to an HDFC Bank spokesperson, Symantec’s IT Compliance solution will provide automated evidence collection for not only IT-based controls but also for procedural/process based controls. HDFC Bank has a network of 754 branches and 1,906 ATMs across 327 towns and cities in India.

Spammers Go 'Out of Office'

By Anoop K Menon

Adding another trick to their toolkit, spammers are now abusing the "out of office" feature of e-mail services to relay their junk messages into the inboxes of unsuspecting Internet users.
McAfee Avert Labs has come across instances where spammers set up Web-based e-mail accounts and configure auto responders with spammy messages. The miscreants then sent e-mail with fake "from" addresses - the spam targets - to their newly created Web-mail accounts while the ‘from’ addresses subsequently receive the spammy ‘out of office’ notices. This may sound like a convoluted way to send spam, but spammers do it to trick spam filters. An automatic reply from a well-known Web-based e-mail service will look legitimate to many spam filtering tools.
Unlike spam sent by botnets, the auto reply spam will have a legitimate sender and will be signed with the correct signatures used to sign e-mail messages, such as DKIM, DomainKey or Sender ID.Further, the auto-responder spam does not look like a typical out of office reply. The message subject does always contain "Re:" because that's added by the Web mail service, but the spammer controls the rest of the subject line and the message body text. In the examples McAfee Avert Labs has seen, the fact that the mail is an auto responder could be determined only by carefully looking at the e-mail headers.
McAfee claims that their anti-spam products can block this through a combination of header and message content checks. Kartik Shahani, Regional Director, India, McAfee, explains “If the header says ‘out of office,’ the mail cannot have any attachment. Typically, people don’t set “out of office” response with a three page response. The byte sizes of such ‘out of office’ emails tend to be small, and other than contact details they don’t contain attachments or content in terms of images, etc. If the email has an attachment or its byte size is big, the chances are that it is definitely not a legitimate ‘out of office’ mail.”
Should Indian enterprises be wary of this new form of spam attack? Giving his personal opinion, Shahani noted that in India, very few people actually put an ‘out of office’ reply because they either carry their mail with them on their handsets or are on it all the time by habit. In the West though, people rely on ‘out of office’ reply because they turn email-phobic after working hours or during vacations. But it doesn’t harm one to take precautions, he advised.

AccessIn a Flash (Drive)

By W David Gardner & Howard Marks, Informationweek

EMChas ntegrated flash drives in its Symmetrix DMX-4 storage line, in a move it claims will offer dramatically improved access speeds while using 38 percent less energy than mechanical drives.
Component manufacturer STEC is supplying EMC with its Zeus-IOPS flash drive line. STEC’s flash drives utilize the industry standard 3.5-inch hard disk form factor and
provide access times that are measured in microseconds, as opposed to the milliseconds in which hard drive access is measured, STEC says. The new flash drive technology is supported by EMC’s Symmetrix software management suite, as well as its new Virtual Provisioning technology.
EMC’s use of solid-state flash technology in its IT products is a big performance advantage over competitors, says Steve Duplessie, an analyst at the Enterprise Strategy G r o u p. “This could very well be one of those killer advantages that only appear every 10 to 15 years,” he says. STEC’s new generation of flash drive technology is optimized for random I/O. Most consumer flash devices use multilevel cell technology, which requires a single block of data to be read or written at a time, seriously affecting random write performance.
The STEC Zeus-IOPS drives use static RAM caches and single value cells to boost performance to 10 times that of a 15,000-rpm hard drive. STEC’s benchmarks claim a remarkable 9,000 IOPS (I/O operations per second). The drives have Fibre Channel or SATA interfaces and can plug in to a Symmetrix system the same as rotating drives.
EMC says flash technology should appeal particularly to companies that need trigger-fast access and rapid transaction processing speeds, such as financial institutions. Certainly, users should see a significant performance boost if they can identify the portions of their data that are accessed often enough to justify the premium price EMC is sure to charge for flash solid-state drives.
The STEC drives EMC is using cost around $14,000. Expect that EMC’s competitors —Hitachi Data Systems, Network Appliance, and the other enterprise storage players — already are fine-tuning their RAID controller microcode to support solid state drives and will make their me-too announcements over the next six months or so.

Ready to deal

By Tim Wilson, Darkreading.Com

Aprice war that’s driving the going rate to send 1 million spam emails below $100 may be at least partially responsible for a recent increase in spam and botnet activity on the Internet. The operators of Nugache, one of the Web’s most sophisticated emerging botnets, appear to be expanding their network and slashing prices, says researcher Paul Henry, VP of technology evangelism at Secure Computing.
“There’s a price war going on, and Nugache is becoming the bargain basement,” Henry says. Such bot-driven e-mails are used to fuel pump-and-dump stock campaigns and other scams.
Botnets also are changing to avoid losing the zombie computers they have. Henry has seen them installed with a hacked version of antivirus software, so the PC will appear protected. Or the botnet will patch vulnerabilities on a PC so it won’t be seen as a risk.

EmployeeBehavior Impacts IT Security

By NWC News Network

Indian IT managers estimate that employees spend five hours per week on surfing non-work related Web sites during the working day leading to a productivity loss of approximately Rs 160,000 per employee annually. This was a key finding of the SOS ‘State of Security’ survey commissioned by Websense and undertaken by The Nielsen Company, India to assess the impact of the Internet at work and gauge the awareness of Internet security risks among IT managers.
The top sites accessed by employees were Banking & Finance Web sites (74 per cent), Personal e-mail/ chat sites (62 per cent) and news/media sites (53 per cent). Another key finding was that most IT managers (53 per cent) believe they would be held responsible if employees are found leaking confidential company information. This belief is particularly strong with IT managers in Mumbai (81 per cent). In fact, employees accessing restricted data on the Internet (37 per cent) emerged as the second most important reason that IT managers believe will cause them to lose their job. Moreover, 46 per cent of IT managers admitted that employee behavior towards IT security is a key challenge to implementing and maintaining IT security.

India in Second Life

By NWC News Network

Indian presence in Second Life just got stronger through IBM and CRY (Child Rights and You). IBM has expanded its Business Center for India in Second Life with live sales "avatars" based in India. While the avatars will directly help customers or ensure they connect with the right IBM expert, signing contracts, payment or exchange of sensitive information would take place by telephone or through the Web. CRY is the ‘first Indian non-profit organization working on child rights’ to have an office in Second Life. The space offers ‘avatars’ an opportunity to experience, via displays, videos, community development stories and photo essays, the situation of marginalized children and contribute to its amelioration.

Quad-Core Mainframe anyone?

By Antone Gonsalves, Informationweek

IBM has introduced the System z10 mainframe, which the company said is the equivalent of nearly 1,500 x86 servers, with a smaller footprint and lower energy costs. The new computer can consolidate x86 software licenses at up to a 30-to-1 ratio. In selling the expensive machine, IBM focuses on the mainframe's ability to consolidate the data center into a "policy-driven system that doles out, manages, and tracks" IT resources. Policy-driven functions include authorization management and utilization management. The former refers to the use of encryption algorithms that enable z10 administrators to control access to specific business services. For example, an employee may have entry-level clearance to search employee records for histories of volunteer work for a corporate report, but not be able to access salary, promotion, and human resources information.
Besides the z/OS, the z10 supports Linux, and IBM is working with Sun Microsystems to run OpenSolaris on the mainframe.

IT Takes It Easy

By NWC News Network

According to the Gartner EXP Worldwide Survey of CIOs, Indian companies report stronger than average IT budget increases of around 13 per cent versus the world average of 3.3 per cent for 2008. The increased spending is directed primarily towards building new business capabilities, with 30 per cent of IT spend allocated for business growth and 19 per cent towards business transformation.
According to Gartner, Indian firms are spending their budgets more on hardware and software than people. These allocations will change over time as the infrastructure matures. Currently, Indian CIOs are focused more on generic IT than distinctive solutions required to drive growth.

blog comments powered by Disqus