Distributed by Guardian Digital, Inc.
12 July 2004
Volume II, Issue VII 

 In Every Issue

Guardian Digital, Inc.
165 Chestnut Street
Second Floor
Waldwick, NJ 07463

(201) 962-7300


(201) 866-625-4728




©Copyright 2004, Guardian Digital, Inc. All Rights Reserved.

Behind the Shield Unsubscribe



In this issue of Behind the Shield, Guardian Digital's chronicle of Internet and open source security news, we'll cover company highlights, thoughts from our CEO and revealing points on how Guardian Digital products are rapidly changing the face of open source for business.

Read on to learn how Guardian Digital is currently supplying network security applications to one of the largest equity security exchanges in the United States.

Guardian Digital Supplies Security Solutions for One of New Jersey's Largest Automotive Sales Companies

For the last 40 years, Sansone Auto has been providing New Jersey drivers with affordable cars & trucks. Over that time, technology has rapidly evolved, making the sale and financing of an automobile achievable with a simple click of the mouse. With their entire organization depending on networked applications and sensitive corporate and company information being stored on the system, it was essential for the organization to implement robust security solutions to inhibit intrusions, viruses and other common threats. Turning to Guardian Digital, Sansone Auto implemented Internet Defense and Detection System, a fully open source intrusion detection and prevention solution. With comprehensive graphical reporting and an innovative attack severity rating system, system administrators at Sansone are more capable then ever to keep their system secure and consistently efficient.

Read Full Article

Guardian Digital Chosen to Provide Chicago Stock Exchange with Secure Internet Infrastructure Solution

Chicago Stock Exchange SolutonChicago Stock Exchange, one of the largest equity security exchanges in the United States, recently implemented Guardian Digital's award-winning EnGarde Secure Linux company-wide as their secure operating platform. After testing a number of competitors including offerings from Microsoft, Chicago Stock Exchange found EnGarde to be by far the easiest to implement and consistently proved itself to be highly secure and reliable.

"Companies are realizing that they must invest in solutions that actually work rather then those that simply make them feel good. For this, Guardian Digital offered us rock solid, stable options," states Dave Coder, security architect and manager of network services at Chicago Stock Exchange.

Learn More

Industry Note

Getting to the Bottom of Patch Management

Over the years, patch management has become exponentially important to the continued security and success of the world's corporate networks. With 959 new viruses and worms released last May alone, and operating systems and application patches being released daily, an effective patch management strategy has become a critical business practice to corporations of all sizes. Unfortunately for smaller businesses and strained IT departments, patch management can be quite burdensome. Vulnerabilities are being exploited faster then patches are being implemented, and as a result, entire networks are being shut down, costing businesses millions of dollars every year in lost productivity and revenue.

The Computer Emergency Response Team (CERT), the leading security incidents and vulnerability coordination organization, reports that over 95% of network intrusions can be prevented by keeping networked systems up to date with the appropriate patches. However, insufficient communication about security issues with customers often times leads to patches not being applied correctly or quickly enough to thwart attacks - the servers are being compromised more quickly than any time in the past. With new vulnerabilities being announced daily, and exploits being carried out at virtually the same time as the vulnerability is announced, it seems nearly impossible for IT administrators to be able to know exactly which programs need patches, where to find them, and how to test and deploy them in such a condensed period of time. For example, the Microsoft Blaster worm, which affected 120,000 vulnerable computers in its first 36 hours of inception, was released only 26 days after the vulnerability was found, giving Microsoft little time to release a patch and administrators insufficient time to secure the fix.

Although seemingly difficult, it is possible to employ an efficient and effective patch management strategy to any organization regardless of available resources, and a great level of assurance that compatibility with previous versions will be maintained. Following simple guidelines like knowing your IT inventory, prioritizing the patching of systems and programs, defining policies, executing security patches as they become available, and most importantly, correctly implementing each patch, can make patch management simpler to manage, efficient and cost-effective. Additionally, there are many software solutions and vendor-based services an organization can use to further ease this task.

Knowing system maintenance with special regard to patch management can be arduous, Guardian Digital offers, through the Guardian Digital Secure Network, advisories and automatic system updates intended to keep administrative costs down without sacrificing security. Patch management is a business issue that no company, large or small, can afford to disregard. Vendor services such as the Guardian Digital Secure Network provide solutions to all the patch management issues described above and should be considered when looking to implement a more effective patch management strategy.

Dave Wreski, CEO Guardian Digital, Inc.

At a Glance
EnGarde WorkGroup Suite

EnGarde Secure Workgroup Suite is a comprehensive connectivity solution designed to increase productivity and security of any network. The perfect compliment to EnGarde Secure Linux Professional, EnGarde WorkGroup Suite includes browser-based administration, file and print sharing functions, network management, VPN support, as well as local and remote e-mail capabilities. Engineered to be secure, EnGarde WorkGroup Suite is an ideal solution for Internet and intranet connectivity needs.

EnGarde WorkGroup Suite allows organizations to build a low-cost alternative to proprietary file & print solutions, access corporate network remotely and securely, and manage system access. A complete package that extends security and productivity features to the corporate network, this workgroup productivity suite is robust, easy to set up and requires no previous Linux experience to configure or maintain.

Learn more about Guardian Digital EnGarde WorkGroup Suite

Guardian Digital In the News

Processor.com: Guard Your Networks with Wireless Protection Products

Guardian Digital's small business security and productivity management system, Internet Productivity Suite, is featured in Processor magazine for its comprehensive design and special attention to wireless security.

Read Full Article


LinuxPipeline: Guardian Digital Upgrades Open Source Secure Mail Server

Guardian Digital CEO, Dave Wreski sits down with LinuxPipeline and SecurityPipeline editor Mitch Wagoner to talk about the launch of next-generation Guardian Digital Secure Mail Suite.

Read Full Article


Guardian Digital Mailbag

Q. There has been a lot of government intervention regarding corporations and IT security in recent years. Can you explain why these laws are needed?

A. As we have established many times over, Internet and network security is essential to the success of any business. But certain businesses not only house their own confidential information, but also that of their customers. Organizations such as banks and insurance companies keep very personal, highly confidential consumer information on their network. If their network is compromised, not only is the livelihood of the business at risk, but that of their customers can be threatened as well. As a result, the United States government has passed several mandates requiring certain businesses to take measures to comply with federal regulations.

The laws in question include HIPAA (Health Insurance Portability and Accountability Act) and Sarbanes-Oxley Act. HIPAA requires those in the medical or insurance industries to ensure the privacy of confidential patient information. Sarbanes Oxley, on the other hand, was passed in response to the Enron issue and other major accounting scandals, requiring the CEO and CFO of publicly traded companies to validate financial statements and other accounting information.

Although on the surface these laws have very little to do with IT security and more to do with privacy and accountability, network security applications have become compliance solutions for the organizations effected. The reason for this is the simple fact that a majority of organizations (especially large corporations) conduct almost all their business electronically and on the Internet. The days of paper files and "snail mail" are seemingly over. Business-critical communications, financial records, customer information and other corporate data is stored on corporate networks. If a corporate network lacks sufficient security to keep intruders out, that information becomes vulnerable to interception and exploitation. By aptly securing corporate networks, the integrity of private information remains in tact allowing organizations to comply with appropriate federal regulations.

The Behind the Shield editors encourage their readers to submit questions. The most frequently asked questions will appear in future issues. We look forward to answering all your inquiries! Email us at info@guardiandigital.com




Hints & Tips from Experts

Outsourcing Security

In recent years, outsourcing for IT security assistance has become a very popular trend among small to medium sized organizations. Not having the man power in-house to handle everything necessary, outsourcing certain tasks seems like a viable option, however there are security factors to keep in mind when looking to do so.

The most frequent IT services outsourced are usually services such as vulnerability scanning, monitoring, consulting, and forensic analysis. These are vastly important services when referring to network security. As with anything else, trusting an outside source with the security of a network can be risky. Is the outsourcing firm legitimate, honest, and willing to provide the most optimum services? To answer these questions, thoroughly check on the company in question. Visit the location, ask for references, and examine their financial background and the way the do business. Make sure they are professional, capable and stable. Finally, if an organization decides to go forward, they should insist on a strong service agreement and some insight and involvement into the services the outsourcer will be providing.

Guardian Digital is pleased to provide Behind the Shield readers with informative expert advice on what network security really means. Each month a new topic of interest will be chosen to supply you with useful tips and information not offered elsewhere. This month, we'll have a brief discussion on steps to take when considering outsourcing IT security services.

Partner Profile

Through national and multi-national partners like SpeedTech, Inc. in Italy, Guardian Digital is able to provide their productivity and security solutions to customers worldwide.

SpeedTech, Inc. is Italy's premier information technology company. Offering a wide array of high quality products and services, SpeedTech provides everything from system & database administration to networking & security solutions. Software development, technology consulting, and project management services are also available. Encompassing competencies in a multitude of different sectors, SpeedTech adeptly provides complete and customized solutions for each of their many clients.

Guardian Digital was selected as a partner due to exceptional security and simplified management of its products. Utilizing Guardian Digital's products, SpeedTech is able to provide secure server solutions to its customers in less time and at a fraction of the cost.

For further information on SpeedTech, please visit their website at: www.speedtech.it




If you wish to unsubscribe from this newsletter, please click here.