Thursday, 27 November 2014

How the new Sony hack proves security isn’t taken seriously


By 


Sony Pictures was crippled this week when cybercriminals forced the shutdown of their internal systems.

Imagine getting into work on Monday morning, booting-up your PC and being greeted with this:


It feels like something out of a cheesy 90’s spy-thriller but this is the reality that Sony Pictures employees had to deal with on Monday…and are still dealing with 4 days later.

Yes, Sony’s internal network had become the next victim of cybercrime in this recent spate of hacking. It’s a clear message for organisations: invest in your cybersecurity or this could happen to you.

Warning messages threatening to release data ‘secrets’, if undisclosed demands were not met, appeared on all internal computers, preventing login. The message also displayed ‘#GOP’ – pointing to a group named Guardians of Peace.

As of Thursday morning, the network remains down on many Sony offices and according to information reportedly shared by employees, it could be down for weeks.

Hackers also targeted Twitter accounts associated with Sony Pictures, leaving the same message and calling out Sony Pictures CEO:
























You, the criminals including Michael Lynton will surely go to hell. Nobody can help you.

If that wasn’t enough, the digital image also showed Michael Lynton’s head, edited into some form of Night Of The Living Dead landscape. These hackers clearly want to capitalise on the fear they can strike into the world’s biggest businesses.

One reddit user, posted a copy of a message allegedly displayed on the hacked network. The redditor explained, “I used to work for Sony Pictures. My friend still works there and sent me this. It's on every computer all over Sony Pictures nationwide.”

The post explained how the public could gain access to the 217.6mb .ZIP file, allegedly containing lists pulled from the organisations internal network.: “These two files are the lists of secret data we have acquired from SPE,” and that “Anyone who needs the data, send an email titled To the Guardians of Peace to the following email addresses.” A list of e-mail addresses attached to anonymous email services like Yopmail and Disgard.email followed.

Reddit users jumped at the opportunity to scour the allegedly leaked filed. A thread on the breach claims that the .ZIP file contains passwords of Sony employees, copies of passports of actors associated with Sony films and masses of Outlook archival data.

How Sony responded

In the typical damage-mitigating style of big companies experiencing big problems, Sony issued a statement saying the firm is investigating the ‘IT matter.’
Well that’s a relief.

Hack me once, shame on you

Sony is no stranger to being hacked. The infamous PlayStation Network hack of 2011, in which 77 million personal details were stolen, resulted in complete outage of the service for 24 days.
At the time it was one of the largest data breaches in history and remains a black mark on the Japanese company’s reputation.

As recently as August 2014 we watched as another major attack, once again, befell the PlayStation network. The service was forced offline once more, though this time for a single day.

Could your business survive a hacking attack?

Clearly, Sony has failed to invest sufficiently in their cybersecurity and organisations must learn from their costly mistakes.

Organisations need to begin investing in professionals with the skills necessary to prevent intrusions like Sony’s from ever happening.

Qualifications like EC-Council’s Certified Ethical Hacker (CEH) are valuable to keep organisations secure. By employing or training professionals and helping them to achieve certifications like the CEH, businesses can proactively defend and prevent these crippling attacks.

Ethical hackers can conduct staged penetration tests against your business – will your defences hold up against a real hacker? Either way, you’ll get real insight into how you can improve your security and protect your organisations valuable data. After all, the techniques that Ethical hackers use are identical to those employed by cybercriminals.

The need for certified ethical hackers is real and with every data breach this point is hammered home.
20% of small and medium sized businesses have been targeted by cybercriminals in the past year, costing the global economy $500 billion annually. And it’s getting worse: reports already predict an increase in cybercrime next year.

In fact, with more advanced hacking tools, we can expect more targeted attacks on businesses small and large.

Sony’s latest breach is a strong message to businesses: invest in cybersecurity or face the consequences.  

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 24 November 2014

Find out why Firebrand has been named for the fifth year running in the Top 20 IT training companies


























For five years running Firebrand has been recognised in the Top 20 IT Training Companies according to TrainingIndustry.com

Firebrand's selection for the 2014 Top 20 IT Training companies list was based on the following criteria:  

  • Leadership and innovation in IT training
  • Breadth of IT training and delivery methods offered
  • Company size and growth potential
  • Strength of clients 
  • Geographic reach

Commenting on the award Firebrand UK Managing Director, Emma Seaman said:

"Winning this accolade five years in a row stands as testament to Firebrand's ongoing commitment to providing high quality accelerated learning."

Emma went on to say:

"I’d like to take this opportunity to thank all of our customers, whose support helps us continue to win awards for excellence."  

Author Bio

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.




Wednesday, 19 November 2014

Windows Server 2003 – How to start planning your migration today


Rest in peace
_

Just like Windows XP before it, Windows Server 2003 now too faces its end of life. On July 14th 2015, Microsoft will be ending extended support for all versions of Windows Server 2003/R2.

But despite constant warning from Microsoft, many organisations have yet to even begin their
migration. These businesses will continue running the outdated software at their peril: huge financial costs and security risks are estimated for those running Windows Server 2003 past end of life.

11 million systems are still running Windows Server 2003, HP estimates. Clearly, many view it as an issue for next year. This could be a crippling problem when considering the estimated time for migrating a datacentre of 100+ servers can take from 3 to 18 months.

If you’re amongst that 11 million, now is the time to begin planning your migration. Here’s a birds-eye view of your migration process.

What does end of support mean for Windows Server 2003?

As of July 14th 2015, Microsoft will no longer be providing patches and security updates for this now 10-year-old software. You can expect the following:

No updates

Once end of life hits you’ll be on your own. Don’t expect any more updates, bug fixes or patches of any size.

Software like this needs continual work and even after 10 years, Microsoft are still working on critical updates for Windows Server 2003. In fact, 2013 saw Microsoft complete 37 of these critical updates.

Without the maternal care of Microsoft, critical issues and bugs affecting Windows Server 2003 will stay unfixed. You’ll be left open to cybersecurity vulnerabilities and will be more at risk of malicious attacks and data breaches.

Compliance loss

Your business will almost certainly fail to meet your existing compliance standards. HIPAA, PCI, SOX & Dodd-Frank require regulated industries to use supported platforms. Once end of life hits, Windows Server 2003 will lose its status as a supported platform and your business will lose out as a result.

In particular, adherence to PCI is required for businesses that want to host Visa and MasterCard transactions on their websites. Lose it and your crippling your businesses ability to make money online. For other standards, lack of compliance could result in high transaction fees and penalties which in itself could massively increase your costs.

Maintenance costs

Running legacy software is inevitably going to be expensive. Without Microsoft’s support, you’ll have to implement your own intrusion detection systems, advanced firewalls and network segmentation.

A TechNet post from Alex Fu cites a hefty £120,000 a year cost for custom support. Plus, practice director of Microsoft Solutions, David Mayer, estimates the price tag to be £900 per server, per year.

Compatibility woes

Without Microsoft’s support, new software and hardware products will not be built to be compatible with Windows Server 2003. You’ll likely run into compatibility issues from the outset and as time passes, these issues will only grow in scale.


How to migrate your Windows Server 2003

Migrating is hard work and takes time. However, Microsoft is on-hand to deliver resources to ease the passing of Windows Server 2003. Take a look at Microsoft’s Endof Service section before you plan your migration. 

Microsoft’s recommended four step migration process is as follows:

1. Discover

Your first step is to determine which applications and workloads are running on your Windows Server 2003. Download the Microsoft Assessment and Planning Toolkit to help assess your current infrastructure and migration project.

2. Assess

Next, categorise your applications and workloads by their type, importance and degree of complexity. During this process you should be keeping a look out for migration issues.

3. Target

Choose a migration destination for each application and workload in your data centre or in the cloud. Microsoft are clearly focusing on cloud technology. Their public cloud solution, Azure, currently comes with a one month freetrial – now’s the time to migrate to the cloud. 





Microsoft also offer destination for each application or workload, including:

  • Windows Server 2012 R2
  • System Center 2012 R2 (Private Cloud)
  • Microsoft Azure (Public Cloud)
  • SQL Server 2014
  • Office 365

4. Migrate

Choose a migration plan and get going. Microsoft do provide a quality Migration Planning Assistant which covers in-depth the previous 4 steps. If that’s not enough, you can attend official training courses, from training providers like Firebrand, designed to teach you everything you need to know about the platform you are migrating to.


Migration resources to get started with

Microsoft Virtual Academy – curated and built by Microsoft, these well-made guides can be an invaluable source of knowledge.

We recommend studying:

Windows Server 2003 End of Life: Infrastructure Migration – this Channel 9 video (1 hour, 17 minutes) digs into the process of migrating your infrastructure. The demo-intensive session explores workload migration and foundation services like DHCP, DNS and File/Print.

Windows Server 2003 End of Life Migration: Planning for Your Workloads – watch this Channel 9 video (1 hour 8 minutes) for an organised and systematic view of migration strategies and destinations.

Migration Deployment Toolkit – this collection of processes, tools and guidance for automating desktop and server deployments may prove invaluable during your migration.

Time is certainly running out for the 11 million who haven’t yet migrated. This isn’t a problem for next year and if you treat it like that, you'll certainly regret it.


By 

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Microsoft Azure is down


By 


Update 1: Many Azure hosted websites in Europe are still experiencing down time.
Update 2: Azure has fully recovered,

Run for the hills, Microsoft Azure is facing a temporary loss-of-service.

According to Microsoft's official Azure status page, the following issues are:
  • Storage - North Europe and West Europe - Partial Service Interruption
  • Websites - West Europe - Advisory (Limited Impact)
  • Application Insights - Multi-Region - Advisory

Microsoft's Azure status page isn't entirely accurate...





8 hours ago, reports began to fly in regarding Microsoft's Azure cloud platform experiencing widespread outages. The issue affects all Azure customers with virtual machines in all regions other than the new Australian data center.

Both work and play have been affected by the outages, with hundreds reporting that Xbox live is also experiencing issues. Users have been unable to sign in or open the friends app.

Though the issues appear to have been fixed for 

UK based businesses took to Twitter to voice their concern over the ongoing downtime:





About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 18 November 2014

Big Data: A big security challenge



By Debra Littlejohn Shinder

Big Data – the collection of large and complex sets of data that include both structure and unstructured information – is widely touted as one of the most important current trends in computing, along with Bring Your Own Device/mobility and of course, the cloud. In fact, the convergence of these technologies is seen by many as the top IT challenges of this decade. 

Much has been said and written about the security implications of BYOD, mobile devices and cloud services, but the security aspects of big data don’t seem to get quite as much attention. This is true even though companies are accumulating and analyzing huge amounts of information – not just terabytes, but petabytes – and some of it could cause big problems if it fell into the wrong hands. 

Image courtesy of Renjith Krishnan at FreeDigitalPhotos.net
After all, the real point of collecting such massive amounts of data is not just to be a data hoarder; the objective is to subject it to analytics that can provide the company’s decision-makers with insights into aspects of their business that can have an impact on the organization’s efficiency, reputation and bottom line. But we all know that information that can be used for good can also be used for nefarious purposes, and if those business insights became public and/or were revealed to competitors, the impact on the company could be very negative indeed.

The security challenge of big data is complicated by another of those hot trends we mentioned above; many companies don’t have the storage capacity on premises to handle the amounts of data involved, so they store all that data in the cloud. Some do so in the mistaken believe that turning their data over to a cloud storage provider means they also get to hand off all of the responsibility for securing that data. 

For some companies, this might even be a reason for the decision to store the data in the cloud in the first place. You could argue that large cloud providers have far more resources to put into securing the data than your organization does. Cloud data centers are heavily guarded fortresses that employ high dollar physical and technological security mechanisms. 

Image courtesy of Stuart Miles at FreeDigitalPhotos.net
This line of reasoning makes sense – but the cloud shouldn’t be an excuse to abdicate your ultimate responsibility for the protection of your sensitive information. If there is a breach, your customers will blame you, not the cloud provider, because you are the one to whom they entrusted their information. This does double if you’re doing business in a regulated industry – financial, healthcare, a publicly traded corporation, a retail business that processes payment cards, etc. You won’t be able to pass the buck if you’re found to be out of compliance or in violation of standards. 

As with information security in general, the key to securing big data is to take a multi-layered approach. One important element in protecting the huge quantity of data that often contains bits and pieces of personal information about many individuals is de-identification – the separation of identifying information from the rest of the information pertaining to a person. Unfortunately, the counterpart to de-identification is re-identification, the art and science of putting all those pieces back together to discern identities from the de-identified data. 

In a report last summer, Gartner concluded that over 80 percent of organizations don’t have a consolidated data security policy across silos, and that in order to prevent breaches, they need to take a more data-centric approach to security. 

Of course, many of the security concerns and solutions that apply to big data are the same ones that apply to protecting any sensitive data. However, one thing that makes big data especially challenging is that it often passes through many more different systems and applications in the process of turning all that unstructured mess into useful information. 

Companies may use applications and storage methods for which security was not a design priority, so that they have to tack on security solutions after the fact. Since much of big data is unstructured, it’s often stored in non-relational databases such as NoSQL, which were not built with security in mind. Traditional firewalls and other security solutions weren’t designed to handle distributed computing that is at the heart of big data. Automated moving of data between tiers in a multi-tiered storage system can make it difficult to keep track of where the data is physically located, which poses a security issue.

Close attention to “middleware” security mechanisms, extensive and accurate logging of data tracking, and real-time monitoring are essential components of a security strategy that encompasses the challenges of big data.

You can find more information about securing data in the cloud here.  

Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.

Monday, 17 November 2014

PRINCE2 vs. PMP - which certification should you choose?


By 


PRINCE2 and PMP are both well-known and respected project management certifications. But it’s not always easy to know which one to achieve. And whilst they’ll both give your project management skills a boost, what’s the use if you can’t apply your new knowledge in the workplace?

Let’s pit these two certifications against each other and take a look at what they can do to boost your career.

Introducing PRINCE2 & PMP

PRINCE2 - Projects in Controlled Environments

Originally developed by the UK’s Office of Government Commerce, it is now regarded as the de-facto standard for project management in the country. It also exerts a visible influence across Europe and Australia.

With over a million total PRINCE2 exams taken, it’s also the most popular project management methodology in the world.

According to arras People’s 2013 UK Project Management Benchmark, the PRINCE2 is held by 63% of all project management professionals.


PMP Project Management Professional

PMP is built around PMI’s Project Management Body of Knowledge (PMBoK). Administered and created in the USA, the PMP has become the primary project management certification for North America.

Despite being less known in Europe than PRINCE2, it’s certainly not unknown and is increasingly gaining in popularity.

According to arras People’s 2013 UK Project Management Benchmark, the PMP is held by 9% of all project management professionals.


What do these certs cover?

PRINCE2

There are two levels of certification within the PRINCE2: Foundation and Practitioner. You’ll have to pass both to become a registered PRINCE2 practitioner.

PRINCE2 is a project management methodology that covers the management, control and organisation of a project. You’ll learn a flexible and adaptable framework that suits a wide variety of different projects.

This certification follows a sophisticated and clearly defined methodology that outlines detailed steps and processes that your project needs to achieve success in a controlled environment.

The well-laid out and standard approach that PRINCE2 uses is designed to be as generic as possible. As a result, the PRINCE2 processes are recommended for just about any kind of project.

PRINCE2 also helps to eliminate ambiguity by laying out clear roles and responsibilities of the team including: project executive, project manager, senior supplier, financier and senior user.

You don’t need previous project management experience to achieve this qualification and even experienced professionals can benefit from the PRINCE2.

PMP

Unlike the PRINCE2, the PMP is structured around the PMBoK and is a project management standard. You’ll become familiar with PMBoK processes and accepted project management techniques to enable you to evaluate your own projects.

It is therefore more of a theoretical and referential guide to assist you in the management of projects.
This certification evaluates your advanced knowledge of project management. As such you are expected to have existing project management experience.

To even apply for the PMP you’ll need at least 5 years of project management experience with 7,500 hours leading and directing projects. You’ll also need 35 hours of project management education (which can actually be gained by completing a PRINCE2 course).


How long will your certification last?

PRINCE2

As a Registered PRINCE2 Practitioner you must be be re-registered within 3-5 calendar years of your original certification. Failure to pass the Re-Registration examination after five calendar years as a Registered Practitioner will result in withdrawal of your registered status.

PMP

After achieving your PMP qualification you must participate in PMI’s Continuiing Certification Requirements (CCR) program to maintain your active certification status.

During the three-year cycle, you must attain 60 professional development units (PDUs). Once your three-year cycle is up, it starts all over again.

You’ll be obtaining PDUs by engaging in project management activities related to your PMP certification. PDUs are split into two categories: Education PDU and Giving Back to the Profession PDU. For more information on how you obtain PDUs, take a look at PMI’s official PMP handbook.


Industry needs and cultural differences

We recommend you thoroughly research your project management certification choices depending on the industry you work, or want to work in. Every industry will treat these certifications differently - you don’t want to achieve a cert which might prove to be less valuable than its counterpart.

When job-hunting in the UK and the EU as a whole, we recommend first taking the PRINCE2. As we mentioned earlier the PRINCE2 is immensely popular - especially in the UK where it is favoured by government.


Benefits – the bottom line

PRINCE2

1. Possibly the best introduction to project management

With its lack of prerequisites, PRINCE2 provides the ideal entry-level qualification for a career in project management. With a clear methodology, the PRINCE2 can take beginners and quickly transform them into educated project managers.

2. Improved career and employment prospects (in the UK and EU)

The PRINCE2 can improve your career prospects across the UK and EU. Due to its popularity in Europe and strong government ties, it is viewed favourably by employers.

 3. A standardised and complete methodology

The PRINCE2 provides a clear methodology that you can continually apply to almost any project. Plus, by using the same approach across every project, you’ll eliminate confusion through the use of common procedures, documents and processes.

PMP

1. Improved salary prospects

The PMP demands tougher prerequisites. It’s harder to achieve and as a result it commands higher salaries.

PMI Project Management Professional jobs display an average advertised salary of £60,000 according to data from ITJobsWatch.co.uk

2. You’ll have up-to-date skills

Unlike PRINCE2, PMP demands commitment to your project management career. As a result of the Continuing Certification Requirements, you’ll need to stay active within the project management community. This means, whether you want to or not, you’ll be continually sharpening your skills. Make no mistake; employers will be aware of this factor.

3. PMI Membership

When you obtain your PMP certification, you can gain PMI Membership. As a PMI member you’ll get exclusive access to publications, networking opportunities and professional development opportunities. You’ll be able to easily connect with peers, grow your career using an expansive collection of knowledge resources and get access to a premium job board for project management.


So who won?

The smoke has cleared and incredibly, both project management certifications are still standing.

This guy just loves project management
morguefile / Ambro
Our project management instructor argues that, in a perfect world, you would have both certifications.  PRINCE2 provides a tried-and-true methodology whilst PMP provides the skills and knowledge required by the Project Manager to carry a project through to completion.

Achieve both and you’ll possess an encompassing and rounded approach to project management.

We recommend you thoroughly research both certifications, depending on what your long-term goals are, which side of the world you’ll be working from and in what industry.

Find out more about PMP and PRINCE2 here.

Related Articles:

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.