1. Click Subscription of Mr.Chris Farrell Membership $4.95 7 day Trial For Newbies/Dummies - Not Criminal IM Coach/Mentor.
2. Click DirecTV For US Satellite TV Subscription. Also Dish Network Call Now Toll Free : 877-287-3983 for an Obligation Free Chat.
3. Click 100DayLoans.com for cash advance payday loan 100 days repayment,SUBJEST to your State Laws Also Credit Reports and Scores
4. CLICK Coupon Codes & My Web Hosting Reviews/Recommendation
affiliate_link__affiliate_link__ ______

Wednesday, July 27, 2011

US-CERT Publishes Recommendations for Preventing Cyber Security Attacks

By Justin Lee,July 22, 2011

A screenshot of US-CERT's front page


(WEB HOST INDUSTRY REVIEW) -- The United States Computer Emergency Readiness Team (http://www.us-cert.gov/) announced on Friday it has published a Technical Security Alert in response to the increasing number of high-profile incidents, which have impacted both government and privatesector computer networks.

The report comes just weeks after LulzSec ended its 50-day hacking spree, launching attacks against the websites of many organizations, including PBS, Fox and the CIA.

The Technical Security Alert provides the recommendations for preventing cyber attacks, starting with the deployment of a host intrusion detection system to help block and identify common attacks.

The TSA also suggests that organizations should use an application proxy in front of web servers to filter out malicious requests, ensuring that the "allow_URL_fopen" is disabled on the web server to help limit PHP vulnerabilities from remote file inclusion attacks, and limiting the use of dynamic SQL code by using prepared statements, queries with parameters, or stored procedures whenever possible.

Organizations should follow the best practices for secure coding and input validation, as well as use the secure coding guidelines.

Other recommendations include reviewing US-CERT documentation related to DDoS attacks, and disabling active scripting support in email attachments unless required to perform daily duties.

The alert also highlights specific measures for organizations to protect their password and account, including using a two factor authentication method for accessing privileged root level accounts, using a minimum password length of 15 characters for administrator accounts, and using alphanumeric passwords and symbols.

Additionally, organizations should implement guidance and policy to restrict the use of personal equipment for processing or accessing official data or systems, develop policies to carefully limit the use of all removable media devices, except where there is a documented valid business case for its use, and introduce guidance and policies to limit the use of social networking services at work.
The full Technical Security Alert document can be viewed on US-CERT's website.