TCG :: News

Charleston anesthesiologist helps Indian soccer team train in city

Wed, 28 May 2008 14:20:18 GMT

An under-16 Indian national soccer team is coming to Charleston to train for an upcoming international tournament. The trip is the work of a local anesthesiologist, Dr. Francis Saldanha. Saldanha, who oversees the Day Surgery Center in Kanawha City, is paying for the team to come to West Virginia. An India native, Saldanha said he's pleased to help the boys play in the United States.

"From what I gather, the boys are tremendously excited and all of India is excited to see them come over here," Saldanha said. "It's excellent exposure and they'll be playing some pretty good clubs."

The team is scheduled to arrive July 1 for training and scrimmages to prepare for the Asian Federation Cup, a tournament scheduled for October in Uzbekistan.

The India team is one of 16 squads playing in the tournament. Other teams include national squads from Australia, Japan, China and South Korea.

Growing up in India, Saldanha said he always had a love for sports. He played cricket, field hockey and soccer, but said he was never a good athlete.

Still, Saldanha remained a sports fan.

He came to the United States in 1977 and made Charleston his home in 1981.

For many years, Saldanha worked to help athletics in India, but he could never do more than fund soccer programs at schools and academies across the country.

"I've always wanted to do something more for athletes in India," Saldanha said. "I never had an opportunity until recently."

Saldanha then heard about the success of the under-16 India team and how it qualified for the Asian Federation Cup.

Saldanha began to inquire about funding the team in some capacity. Then he decided to bring the team to West Virginia.

Saldanha described the effort to friend Brian Parrott.

Parrott, a vice-president of commercial lending for City National Bank, had known Saldanha for many years in a business capacity.

When Parrott found out about Saldanha's goal of bringing the team to the United States, he decided to help.

Parrott, a native of Vermont, grew up playing soccer and still takes part in local adult leagues.

Using Parrott's help, the two set out to get the team to the Mountain State.

The work included gaining approval from the All India Football Federation, the governing body of soccer in the country. They worked closely with Albert Colaco, the general secretary of the federation.

The men also had to get clearance from the U.S. Soccer Federation and the West Virginia Soccer Association.

Parrott said they were successful in getting quick approval.

"Everybody we talked to was so enthusiastic about helping us out," Parrott said.

Parrott said he hopes the trip will introduce soccer to a new audience in the area.

"My part of the partnership allows me to progress the level of soccer in the Kanawha Valley," Parrott said. "There's a lot of momentum being built up."

During their stay in Charleston, the squad will live in the Embassy Suites hotel. The team includes 24 players and six coaches.

Their schedule includes five scrimmages at Schoenbaum Stadium at Coonskin Park. They will also play a game against other travel teams at West Virginia University and another at Marshall University.

The team will face off against various soccer clubs from West Virginia, Ohio and South Carolina.

The first scrimmage will be July 6 at Schoenbaum Stadium.

They will head back to India on July 26.

Saldanha is leaving for India on Thursday to meet face-to-face with the team for the first time. He said Charleston would be the first trip to the United States for many of the boys.

Saldanha said he has high hopes for the team's success.

"They'll be up against some pretty formative groups," Saldanha said. "My hope is they get better with each tournament and become dominant."

Dr. Saldanha and the Day Surgery Center have been a customer of TCG since 2002. TCG created Transcription Management Software for the Day Surgery Center and Charleston Pain Management for doctors to administer their patient chart information electronically.

TCG Launches a Fortune 500 Corporate Web site

Wed, 23 Apr 2008 10:01:53 GMT

TCG is thrilled to announce the launch of another fortune 500 company's corporate Web site. The Web site was launched last week for a major retail and merchandising store and enables the company's marketing and PR staff to maintain site content, images and other content using TCG's content management tools. The site also includes tools for managing of product recall notices in multiple languages, executive and management staff pages, and product and service galleries. TCG’s content management system allowed them to consolidate content from multiple Web sites into a single corporate Web presence.

TCG worked with Google to implement a multi-site search tool allowing the company to search across all their other divisional Web sites from a single search interface from within their corporate site. The new corporate Web site was designed to be easy to use and the tools that TCG created, helped provide company staff with updating capabilities without the need for HTML knowledge or programming experience.

Currently, TCG is working on another project with this client to develop a Web site for their non-profit charity promoting and developing after school activities for inner city children. TCG has enjoyed working with this exciting new client and looks forward to working on many more projects together.

CASE Launches New Web site

Tue, 15 Apr 2008 15:09:34 GMT

The Council of American States in Europe, also referred to as CASE for short has launched their new Web site. Designed and created by Terradon Communications Group, the Web site was built to enable companies in Europe to partner, expand, invest and/ or sell to companies in the USA. The new Web site is very different from the last Web site and also has a new domain name invest-in-usa.org. The organization, together with the help of the Web site hopes to increase the amount of business generated around europe and offer european business a lucrative business opportunity for companies looking to invest in the USA. Case helps countries in Europe develop relationships oversees and is a great opportunity for all types of industries.

The Web site is generated to assist all types of industries such as food processing, tourism, aerospace, metal and steel, pharmaceutical, financial and much more. The Web site will display the latest events, state contact information, demographic information, testimonials and provide information on how to go about investing in the USA. The site also provides a lot of useful information about the different states that may be of interest to futore investors. Clink the link; http://www.invest-in-usa.org to learn more. CASE members are able to use TCG's content management sofwtare to make their updates and maintian and change the Web site whenever necessary.

Hatfield-McCoy is a big success

Mon, 03 Mar 2008 15:01:25 GMT

The economy of Southern W.Va. can be diversified, it turns out

For generations, West Virginians have both fretted about the need to diversify the economy of Southern West Virginia and lamented the difficulty of doing so.

"Tourism? In Southern West Virginia?" thought the skeptics. "Not likely."

Well, think again. The Hatfield-McCoy ATV Trail, offers recreation perfectly suited to what Southern West Virginia has to offer, and it's a runaway success.

In some places, as the Daily Mail's Cheryl Caswell reported this week, local residents are diversifying their economies at breakneck speed.

Executive director Jeffrey Lusk said that since the trail opened seven years ago, about 100 new businesses have opened to cater to visitors from just about everywhere.

The trail's slick and professional Web site ( http://www.trailsheaven.com ) gives some insight into the pulling power of rough roads through tough terrain. It turns out that is exactly what many Americans are looking for.

The site includes a note from riders who have done trails in Massachusetts and Michigan and are headed for West Virginia; a note from a grateful visitor thanking "Noah the Ranger" for pulling him out, "the woman who was working at the Bear Wallow Post Office who was so helpful, and "the dirt bike riders from the St. Louis area" who warned him of a safety problem.

"Just a heads up to all the fine people that make H&M the #1 destination on the East Coast for ATV enthusiasts," writes a visitor from Florida. "A number of Michigan clubs would like to know . . ." begins another inquiry. "Coming from Pittsburgh, Pa.," begins a third.

Gilbert, Mingo County? A boom town? Yes, said Kendall Simpson, who owns a convenience store and campground near the Bearwallow Trailhead and owns or is a partner in an ambulance service, an automotive center, a motel and the Crooked Trail Steak and Ribs restaurant.

"You can stand in Logan and not see the results" of the trail system, he told Caswell. "You can stand in Man and not see the results. "You can stand in Gilbert and feel the results."

Eighty-one percent of the people who ride the trails 25,000 last year come from out of state, and the impact they have is going to increase.

The system has added trails in Wyoming County and in McDowell County, where a KOA campground has since opened. Trails in Wayne, Lincoln, Mercer and Kanawha County are on the drawing board.

It is an achievement. Much credit is due to all the people who shared the vision and are making it happen.

The Hatfield & McCoy Trails is a customer of Terradon Communications Group

TCG Launches New Web Site

Mon, 03 Mar 2008 15:00:09 GMT

The time has come for the new face of TCG to shine brightly. The new Web Site is designed to showcase the best that TCG has to offer - a modern, crisp design, a suite of best-of-breed search technologies - all built atop the TCG's flagship Content Management System (CMS) product.

The new site features a series of technical and consulting service briefs, as well as a solutions gallery showcasing past projects, by industry and application. Also debuting with the new site are a series of CMS packages designed to meet the needs of various businesses and organizations. These also can be found within the solutions section of the site.

The Really Simple Syndication (RSS) capabilities included within this news section allow you to stay up-to-date on TCG news using your favorite RSS Reader. TCG blogs will follow in the coming months, featuring technical advice, opinions, and techniques designed to help our clients take full advantage of our CMS products.

The TCG Support site is now also included within this main site, providing a more seamless means to communicate with our customers. This allows customers to access one site for all current and future business needs.

The new Terradon Communications is here. Many changes are in store for this year - it is an exciting time at TCG.

Governor Honors 40 State Firms

Thu, 24 Jan 2008 12:21:00 GMT

Forty West Virginia companies, including 10 from Kanawha and Putnam counties, were recognized by Gov. Joe Manchin Tuesday for their entry into new international markets.

Manchin presented the companies with the Governor's Commendation for International Market Entry, which honors companies that successfully exported to 66 new countries.

In the first six months of 2007, West Virginia exports grew 17 percent, while U.S. exports grew only 10 percent, Manchin said in a news release. In 2006, West Virginia's exports totaled $3.2 billion.

Kanawha County businesses recognized include Convey Weigh of Dunbar, Chile, Cyprus; Cyclops Industries Inc. of South Charleston, Canada, Mexico, United Kingdom; Gilco Lumber Inc. of South Charleston, Egypt, Portugal; Kanawha Manufacturing Company of Charleston, Qatar, Venezuela; The Moore Company of Charleston, Guatemala; Preiser Scientific Inc. of St. Albans, Latvia, Mongolia, South Africa; and Terradon Communications Group of Nitro , Germany.

Putnam County businesses include Clark Truck Parts of Poca, United Arab Emirates, Costa Rica, Saudi Arabia, Ghana; Eagle Research Corp. of Scott Depot, Argentina, Australia, Czech Republic, The Netherlands; and The Metalwood Bat Company of Eleanor, The Netherlands.

WV Executive Magazine Article on TCG President

Thu, 24 Jan 2008 12:21:00 GMT

Terradon Communications Group's President, Thomas Y. Kittredge, was featured as one of the magazine's "Young Guns" for the year 2000. Twenty individuals are selected from 300 nominees statewide.

Thomas Y. Kittredge, President of the recently formed Terradon Communications Group (formerly the Communications Department of Terradon Corporation), began working with web-based technologies in 1995 as an architect and project manager of software tutorials on CD-ROM. Tom began this job while finishing course work at the University of Denver. In fact, Tom moved from an internship into the role of scriptwriter for training videos before being asked to head the firm’s inaugural CD-ROM development efforts. This upward move required just one year. While designing CD-ROMs was stimulating, Tom’s entrepreneurial spirit eventually lead him home to West Virginia with hopes of establishing a consulting career in the burgeoning Internet arena.

The early days of Terradon’s Communications Department (late 1997) found Tom managing, marketing, programming, testing code, writing copy, facilitating community meetings, and developing newsletters in support of Terradon’s environmental and engineering consulting efforts. While most of Tom’s previous duties have been delegated to other Terradon Communications Group team members, he continues to guide the organization’s strategic vision and associated processes. Additional duties include managing the day-to-day operations, consulting for an international client-base, architecting web applications, and ensuring that client needs are met in an effective manner and with the proper technologies. Tom focuses on fostering a team environment on a daily basis: "When someone comes to work for us, I tell them that the reason they’re here is for the team to tap their gray matter. I want every member of the team, from an intern to a Java programmer, proactively contributing to the cause. I feel blessed to be surrounded by brilliant people who are not afraid to barge in my office with an improvement to one of my ideas. I wouldn’t have it any other way!"

This collaborative spirit exudes in Tom’s philosophy within the workplace, "A large part of my job is making certain that our team works smart. The web development arena moves fast, so our internal processes must be efficient and effective in creating an evolving product offering. If you do not incorporate new techniques and technologies into your organization, you become a commodity." Tom’s dedication to the dynamic is exemplified in Terradon’s Web Wizards, a suite of e-business management tools that have reached Version 3.01 in less than a year.

Tom aims to continue the current course of growing the Terradon Communications Group, "Without a single turnover and an over 100% growth rate in the last year, I feel as though my baby is growing up."

Personal Quote: "It’s not where you live, it’s how you live".

West Virginia Executive

Computer World Article - Net consortium to launch fee-based security alert

Thu, 24 Jan 2008 12:20:52 GMT

The Internet Software Consortium (ISC), which develops the server software most commonly used to direct traffic on the Web, is moving to create a fee-based information-sharing club that officials at the organization said is meant to give software vendors and other companies early warnings about security holes affecting its products.

The disclosure of the plans for the information exchange comes just one week after security analysts at the CERT Coordination Center at Carnegie Mellon University and Network Associates' PGP Security subsidiary issued simultaneous warnings about significant security vulnerabilities in multiple versions of ISC's widely used Berkeley Internet Name Domain (BIND) server.

Paul Vixie, chairman of the Redwood City, Calif.-based ISC, said in an interview that the new fee-based exchange is aimed at opening up more direct communication channels with software vendors, Internet service providers and other companies when holes are found in BIND and the other software that his organization develops.

"ISC found that speaking to vendors through the CERT advisory process was somewhat awkward and made for extra work on both sides," Vixie said. "The next time we learn, through CERT or otherwise, that there is an attackable bug in code that we've published, we hope to have a direct and very private communications forum with the people who run the Internet infrastructure or who need lead time to prepare patches for their customers."

However, ISC's plans to set up an exclusive information-sharing service have sparked a heated debate among some security analysts and technology users, many of whom posted their concerns last week on various online discussion boards. Some called ISC's plan the first step down a "slippery slope" that could lead to a time when the only people who will get the information needed to protect their networks will be those who are willing to pay a fee.

"What kind of an edge do they really think they'll be providing to IT staffs and security administrators?" asked Keith Morgan, a network security specialist at Terradon Communications Group in Nitro, W. Va., in an interview. "And why would anyone pay for it? I think this is a pretty poor precedent."

Morgan added that he sees nothing that distinguishes the ISC's planned exchange from the numerous other free security alert forums that are already in place. "It's extremely rare that the developers of any given piece of software find their own security flaws," he said. "Almost 100% of the time, it's a third party that discovers and publishes security vulnerabilities . . . I wouldn't even consider subscribing."

A spokesman at Pittsburgh-based CERT declined to comment on the ISC's plan. However, John Tritak, director of the U.S. Department of Commerce's Critical Infrastructure Assurance Office, said he thinks that the consortium's information-sharing effort is a step in the right direction.

"The government's policy so far has been that we want industry to better organize itself to better share information," Tritak said. "The question is whether or not information sharing overall has been enhanced as a result of this decision. I can't help but think this is to the benefit of everybody."

Eventually, Tritak added, software developers and security vendors will probably develop a more streamlined procedure for reporting and publicizing vulnerabilities. But for now, "it's more important than anything else for [the technology] industry to take ownership of this issue," he said. "We need to encourage that."

Amit Yoran, CEO at Riptech, a network security monitoring firm in Alexandria, Va., said he doesn't see big problems with the formation of another information-sharing mechanism. But, he added, there are still many questions about how ISC plans to share and disseminate information about vulnerabilities.

"I would be surprised and let down if [ISC] does not participate in some of the existing forums," said Yoran, the former director of the Vulnerability Assessment and Assistance Program for the U.S. Department of Defense's Computer Emergency Response Team. "It is imperative that any critical infrastructure information . . . gets to the people who need to know it. I'm not convinced that doing it in a fee-for-service approach is the best way to do that."

Defending the ISC's plans, Vixie said the organization will still use the CERT Coordination Center to announce security holes in its products on a widespread basis. "Nothing ISC has historically done will stop," even with the advent of the fee-based service, he said.

by Dan Verton

Computer World Article - Microsoft MCSE training faulted

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Microsoft MCSE training faulted quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the August 13, 2001 edition of Computer World.

(August 13, 2001) IT professionals and trainers are blaming insufficient security training offered under the nationwide Microsoft Certified Systems Engineer program for contributing to the spread of Code Red and other damaging viruses.

In an e-mail newsletter sent out last week to its 96,000 members, the Bethesda, Md.-based SANS Institute, a research and education organization for systems administrators, urged MCSEs to take a free class offered by the institute on how to reconfigure and patch Windows-based systems against the vulnerabilities exploited last month by the Code Red worm. The core courses required to attain MCSE certification don't provide the level of security training engineers need to protect their systems, according to SANS Institute officials and other industry experts.

MCSE trainers and students contacted by Computerworld last week said they agree with the organization. Most noted that while basic security is covered as part of the Microsoft Official Curriculum for MSCE certification, in-depth security training is optional and not a core requirement.

The shortfalls in MCSE training are "one of the root causes of lax security in the private sector," said Keith Morgan, chief of information security at Terradon Communications Group LLC, a Nitro, W.Va.-based network security services company.

"Every MCSE that comes through our door has to be quizzed on his level of security understanding," said Morgan. "Most of them have to be trained in even the most basic of security principles. It costs us time and money."

MCSEs design, install, support and troubleshoot information systems based on Microsoft Corp. software.

Alan Paller, director of the SANS Institute, said the recent outbreak of the Code Red worm, which took advantage of vulnerabilities in Microsoft's Internet Information Services (IIS) software and a misconfiguration in the Internet Server Application Interface (ISAPI), is a perfect example of how MCSE training falls short.

"It is a situation where MCSEs had no idea that there is a fundamental vulnerability in IIS and ISAPI mapping and so had no way to protect their systems other than after-the-fact patching," said Paller.

"One of the saddest dimensions of information security is that hundreds of thousands of people earned MCSE certifications without being required to demonstrate any competence in security," stated the SANS newsletter.

Robert Stewart, general manager of training certification at Microsoft, countered that each of the four core classes required for MCSE certification covers various aspects of security.

"There are definitely items and sections of the core exams that focus on security," said Stewart. In fact, the Windows 2000 Server administration course includes a "pretty big piece on security," he said. "And you can't pass through the gate and become an MSCE without passing it."

MCSE students are required to take five core exams on how to configure, design and administer a Windows 2000 network. (Windows 2000 certification replaced NT certification this year.) However, of the four core design courses offered, only one is geared specifically toward security - and it's optional.

"There's nothing specific on security," said Bob Hillary, vice president of academic affairs and chairman of the IS department at New Hampshire Community Technical College, a major MCSE training center, in Portsmouth. "It's not that MCSE training is without security, but it's an elective. Just as they have an 'MCSE plus I' for their Internet certifications, they should have an 'MCSE plus S' for security," said Hillary.

Although the in-depth security course is an elective, Stewart said, the fact that Microsoft has designed a specific course on security demonstrates the company's commitment.

MCSE training is conducted by dozens of private service providers throughout the country. Microsoft, through its training Web site, "makes no warranties or representations with regard to their services."

Terry Lewis, an MCSE training instructor at Emergent Technologies Inc. in Reston, Va., agreed that security training is "very basic" and should be enhanced. However, to do that, the five-day core courses would have to be lengthened, he said.

"In Microsoft's defense, I don't think that in a certification training environment you can teach the in-depth subject of security," said Lewis. "Should there be more security? Absolutely. Is there any time that can be thrown out of the current courses and devoted to security? No."

Dan Verton
Computer World

Computer World Article - ISC Plans to Launch Fee-Based Security Alert Service

Thu, 24 Jan 2008 12:20:52 GMT

The following article, ISC Plans to Launch Fee-Based Security Alert Service quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the February 12, 2001 edition of Computer World.

The Internet Software Consortium (ISC), which develops the server software most commonly used to direct traffic on the Web, is moving to create a fee-based information-sharing club that officials at the organization said will give software vendors and other companies early warnings about security holes affecting the ISC's products.

The disclosure of the plans for the information exchange came just one week after security analysts at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh and Santa Clara, Calif.-based Network Associates Inc.'s PGP Security subsidiary issued simultaneous warnings about significant security vulnerabilities in multiple versions of ISC's widely used Berkeley Internet Name Domain (BIND) server.

Paul Vixie, chairman of the Redwood City, Calif.-based ISC, said that the new fee-based exchange is aimed at opening more direct communication channels with software vendors, Internet service providers and other companies when holes are found in BIND and the other software developed by the ISC.

"ISC found that speaking to vendors through the CERT advisory process was somewhat awkward and made for extra work on both sides," Vixie said.

However, the ISC's plans to set up an exclusive information-sharing service have sparked a heated debate among some security analysts and technology users.

"What kind of an edge do they really think they'll be providing to IT staffs and security administrators?" asked Keith Morgan, a network security specialist at Terradon Communications Group LLC in Nitro, W.Va. "And why would anyone pay for it? I think this is a pretty poor precedent."

John Tritak, the director of the U.S. Department of Commerce's Critical Infrastructure Assurance Office, called the consortium's plan a step in the right direction.

"The government's policy so far has been that we want industry to better organize itself to better share information," Tritak said. For now, "it's more important than anything else for [the technology] industry to take ownership of this issue," he said.

Amit Yoran, CEO of Riptech Inc., a network security monitoring firm in Alexandria, Va., said that although it's imperative that information be shared, he's "not convinced that doing it in a fee-for-service approach is the best way to do that."

Dan Verton
Computer World

Computer World Article - How To Lock Down Windows 2000

Thu, 24 Jan 2008 12:20:52 GMT

The following article, How To Lock Down Windows 2000 quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the November 19, 2001 edition of Computer World.

(November 19, 2001) Windows 2000 Server, Microsoft Corp.'s premier network operating system, isn't a tool you get to know all at once. Because of security concerns, many users find they must spend time getting fully acquainted with the complicated and robust platform before considering an enterprise rollout. Introduced in February of last year, Windows 2000 Server now offers a bevy of new security features, including certificate services and Kerberos network-authentication services. It also comes with new wizards and tools to help administrators with installation and security settings. But the complexity built into the operating system's 30 million lines of code makes securing it all the more difficult. Here are some practical things administrators can do to lock down Windows 2000.

Match Security to Business Needs

THE PROBLEM: Like all operating systems, Windows 2000 isn't secure right out of the box. The tendency among most administrators, say experts, is to simply click the Install All icon. But with an operating system as complicated as Windows 2000, that may prove more challenging from a security perspective than some can handle.

"When they click Install All, they turn on all of the sample code and demonstration programs and all of the problems that come with those," says Chris Rouland, director of the X-Force vulnerability research unit at Internet Security Systems Inc., a consulting firm in Atlanta.

"It would be nice if all software vendors produced software with default values that leaned toward security and lack of functionality, as opposed to less security and more functionality," says Marty Lindner, an incident-handling team leader at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh. Related to this out-of-the-box functionality is the fact that Windows 2000 added many independent features that are secure in stand-alone mode but that can create more holes if implemented poorly as part of the Windows 2000 environment, says Lindner. Recent examples include the holes discovered in Microsoft's Internet Information Server (IIS). Although it's a separate product, IIS is tightly integrated with Windows 2000. "IIS can only run on Windows, so in that sense, it is tightly coupled to the Windows environment. But implemented poorly, it can get you in a lot of trouble," he says.

THE FIX: Rouland suggests that users separate their Windows 2000 servers logically by function (for example, file servers, print servers and e-mail servers) and then install and activate only the features and services that are required for that system and that match the security level required by their businesses.

Stay Up to Date With Patches

THE PROBLEM: Managing security patches, vulnerability alerts and service pack releases has become one of the major challenges facing all systems administrators. Although there are many vendor and independent security organizations, including Microsoft, that offer automated patch-notification services, users still face the daunting task of keeping track of what they've installed.

"The biggest issue with Windows 2000 machines is keeping the patches up to date," says Mandy Andress, president of ArcSec Technologies Inc., a consultancy in Dublin, Calif. "The biggest reason why many organizations do not stay up to date with their patches is they are afraid that installing the patch will create a problem and their systems will not function properly," she says. "This is why testing patches before installing them in a production environment is a best practice that needs to be followed."

What problems can this cause? One of the biggest has been when a security patch unravels security protections installed previously by either other patches or service pack releases. Likewise, service packs can reverse the benefits of security patches.

"The largest issue here is human error," says Scott Culp, a program manager on Microsoft's security team. Users should have a plan and test things before deploying them, he says. Microsoft's Secure Windows Initiative is making a concerted effort to "get better about the quality of the patches that we release and ensuring that they don't have side effects," says Culp.

"Microsoft security patches have been known to break third-party applications," says Keith Morgan, chief of information security at Terradon Communications Group LLC, a Nitro, W.Va.-based content-management company.

THE FIX: Microsoft has released free tools designed to improve patch management, says Culp. Microsoft Personal Security Advisor scans a system, indicates which patches are needed and recommends how to make the system more secure, he says.

Another tool, Hfnetchk, is built for administrators who monitor large server farms. "It comprises the total of the world's knowledge about Microsoft security patches . . . and it even understands what patches supersede others," says Culp.

A Windows 2000 tool called Qchain allows users to install a string of patches together, instead of installing them individually, says Morgan. Administrators should take advantage of this feature for deploying patches, he says. "This can be a major time and productivity saver and also helps to take the user out of the picture," Morgan adds.

Lindner recommends that users check the authenticity of the patches they install. Although a CD may say "Microsoft" on the label, there have been isolated cases where the authenticity of the source has been questioned, says Lindner. "You need to verify the integrity of the patches you are downloading. You can't trust things at their face value."

Shield the Administrator Account

THE PROBLEM: Hackers who gain administrative access to a network can cause great damage to systems and mission-critical data. They can delete information, change file directory structures, install malicious code and conduct a host of other attacks.

THE FIX: You can make it impossible, or at least very difficult, for hackers to gain access to your network and the almighty administrator account if you know what services you have running, know what applications are running on top of your operating system and closely manage user and administrator accounts.

For example, Morgan creates a user account to run only IIS services, which have proved to be a major vulnerability in recent months. He then places appropriate restrictions on the service account. "What we try to do is mimic a Unix-style environment, where a service account has its own file system and security environment," says Morgan.

Microsoft, however, already offers two IIS-specific tools for Windows 2000, says Culp. One, IIS Lockdown, interviews users and automatically shuts off all nonessential services. The other, URL Scan, keeps an automated lookout for requests that users define as unusual and then throws away any server request that matches the profile.

Andress says there's no single thing an administrator can do to protect the administrator account from being compromised. Strong perimeter security, patch management, cutting off all nonessential services and monitoring and auditing are all key, she says. Automated tools only get you so far, says Andress.

Lyndner agrees. "You can also have a patched machine but do really stupid things, like store scripts in unprotected directories that allow people to run them without permissions," he says.

When it comes to locking down Windows 2000, automated tools make your life easier if you know what you're doing, says Lyndner. "But if you rely on the tools to help you to know what you are doing, you're destined to fail."

Dan Verton
Computer World

Computer World Article - Firm tracks threats, not vulnerabilities

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Firm tracks threats, not vulnerabilities quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the July 9, 2001 edition of Computer World.

(July 09, 2001) Companies today are at as much risk of falling victim to security information overload as they are of getting hacked. The number of security advisory services that claim to offer a way to stay ahead of the hundreds of technical vulnerabilities discovered each day has made it virtually impossible for companies to know for sure if they're getting the right information. TruSecure Corp., a Reston, Va.-based security firm, claims it has an answer. Using the client base of 36,000 Internet-connected systems it monitors, TruSecure is developing a threat database that it says will rightfully shift the discussion toward a more effective security model: from one of what vulnerabilities are out there to one that highlights what hackers are actually doing.

Other organizations use a similar approach, but the TruSecure database would power the first alert service based exclusively on threat data pertaining to hacker activity and not on vulnerabilities in general. "A vulnerability without a threat isn't worrisome," said Peter Tippett, TruSecure's chief technologist. "We're focused on risk . . . where there are both vulnerable systems and people shooting."

The threat database will complement TruSecure's vulnerability database. It will be offered in conjunction with the company's quarterly list of the top 10 hacker exploits that it says are responsible for 99% of all successful network intrusions.

"If we focus on protecting against the stuff that really happens, then we're protecting against the relevant stuff," he said. "A quarterly upgrade of systems gets you a twentyfold reduction of risk." TruSecure couldn't say when the database would be completed.

Other security experts and analysts agreed with Tippett's general argument and acknowledged the need for threat information. But most questioned the ability of any one vendor to collect enough detailed information to be able to determine what exploits hackers are actually using. They also pointed to potential problems with TruSecure's focus on what Tippett calls "the easy stuff."

"They're completely right. Looking at a hundred vulnerabilities a day does nothing for you," said Tim Belcher, chief technology officer at security monitoring firm RipTech Inc. in Alexandria, Va. "However, I'm sure that without a very good monitoring base, it would be very difficult to tell what is being done successfully."

One organization that tries to offer both vulnerability reporting and threat data is the CERT Coordination Center at Carnegie Mellon University in Pittsburgh.

"We go to great pains to understand which vulnerabilities are most serious and which are most likely to be exploited by hackers," said Shawn Hernan, team leader for vulnerability handling at CERT.

Hernan also warned against focusing too much energy on the easy exploits.

"Intruders are adaptive and trying to get too simplistic just causes the intruders to pick something else," he said. "If you fix the top 10 [vulnerabilities], they'll pick No. 11 or No. 26."

John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., acknowledged that analyzing threats has its merits. But he also questioned the ability to know for sure what exploits are being used and warned that by focusing too much on random attacks, some companies could be lulled into thinking they aren't vulnerable to specific, targeted attacks.

"If the vulnerability exists, sooner or later someone will shoot at it," said Keith Morgan, chief of information security at Terradon Communications Group LLC in Nitro, W.Va. "Plug them all. But plug the hot ones first."

Dan Verton
Computer World

Computer World Article - Disaster recovery planning still lags

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Disaster recovery planning still lags quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the April 1, 2002 edition of Computer World.

(April 1, 2002) Two months after the Sept. 11 terrorist attacks, the lack of corporate disaster recovery and business continuity planning was still widespread, according to a newly released survey.

Conducted in November by accounting and consulting firm Ernst & Young International, the survey polled 459 CIOs and IT directors from companies of various sizes worldwide. The survey results, released in late March, found that only 53% of those companies had business continuity plans to keep operations going in the event of a major disaster and that less than half had IT security awareness and training programs for employees.

Nathaniel Meyer, a spokesman for New York-based Ernst & Young, said the survey targeted midsize to large companies in all economic sectors throughout 17 regions of the world, including the U.S. and Europe. None of the companies surveyed were small businesses, Meyer said.

The Larger Picture

Some CIOs and security experts contacted by Computerworld last week said they weren't sure of the significance of the results without having a breakdown of the sizes of the companies surveyed. Some also questioned any expectation that companies would necessarily have disaster recovery plans in place just two months after the attacks if no such plans had already existed. Others, however, said two months was plenty of time, given the nature of the wake-up call.

Nancy Bryant, CIO at 1st City Savings Federal Credit Union in Los Angeles, said there's no reason that companies shouldn't be able to put a basic business continuity plan in place within two months. "It doesn't need to have the fancy writing, but a bare-bones plan could be in place within two months," said Bryant. "We're not talking a great outlay of money, either."

Bryant said she has outfitted all of her employees at six branch offices with remote capabilities, and the company is prepared to move to a co-location facility if the main office is affected by a disaster.

"A company can put in the structure, policies and procedures of a continuity plan and can convene a steering committee of all the parties that would need to be involved in such a plan," said Alan Paris, a partner at Capco, a financial services consulting firm located near ground zero in Manhattan. "They can also do an assessment of readiness. Within two months, you can certainly do that much."

Sean Scott, CIO at law firm Womble Carlyle Sandridge & Rice PLC in Winston-Salem, N.C., said six months is a more realistic expectation, given the number of people and positions in a midsize or large enterprise that must be involved in a recovery plan.

But Keith Morgan, chief of information security at Terradon Communications Group LLC, a Nitro, W.Va.-based content management firm, said the survey results pertaining to disaster recovery plans "should terrify executives."

Rick Fleming, vice president of operations at Digital Defense Inc., a security firm in San Antonio that conducts audits for the financial industry, said of the survey finding that "things really are that bad, maybe worse."

"These numbers are generous and probably reflect awareness of the typical Fortune 500-type company that [Ernst & Young] works with," said Fleming. "It only gets worse as the company size gets smaller."

"Until now, disaster recovery planning was mostly seen as an IT thing," said Paris. "So it's particularly surprising that so many CIOs would not have a plan in place."

Dan Verton
Computer World

Computer World Article - Cybercrime Reporting Procedure Draws Fire

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Cybercrime Reporting Procedure Draws Fire quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the February 18, 2002 edition of Computer World.

(February 18, 2002) The FBI and the Secret Service last week announced support for a controversial set of standard procedures that businesses can use to report serious hacking incidents and other Internet-related crimes.

A panel of federal and private-sector security experts, including Howard Schmidt, the newly appointed vice chairman of the president's Critical Infrastructure Protection Board, helped draft "The CIO Cyberthreat Response & Reporting Guidelines." The effort was cosponsored by CIO Magazine, a sister publication of Computerworld.

The guidelines instruct CIOs to report only major incidents that result in damage to property or loss of significant revenue or that indicate a noteworthy trend or new type of attack. According to the guidelines, companies shouldn't "report routine probes, port scans or other common events," because law enforcement simply doesn't have the resources to investigate those incidents.

Some experts wondered if the reports IT groups file will be as useful as closing the gate after the horse has already left the barn. "Will they be able to stop or recognize malicious acts before damage is done, or before we fill out these forms?" asked Steven Sommer, CIO at Hughes Hubbard & Reed LLP, a law firm in New York.

Probably not, said Keith Morgan, chief of information security at Terradon Communications Group LLC, a Nitro, W.Va.-based content management company. "If you want really useful information, log and track the scans," said Morgan. "The scans tell you what systems are actively searching the net for vulnerable hosts. The information that may be of the most value is exactly what they're asking you not to send."

There's also concern that the level of reporting and information-sharing necessary will remain elusive as long as the government continues to ignore industry's need to protect proprietary data from potential exposure under the Freedom of Information Act (FOIA).

"Without assurances of how this information will be handled, I would advise enterprises to avoid this like the plague," said John Pescatore, an analyst at Gartner Inc. in Stamford, Conn. "The information on the form is a hacker's and [news] reporter's dream. We still have no definition about Freedom of Information requests. Will this information be exempt from FOIA? Antitrust? It seems like a very unnecessary effort until all of this is defined."

Sommer said he has similar concerns about the use of information provided to the government. "The real question is, What will they do with the information?" he asked.

"We are not interested in highlighting the vulnerabilities of a company's system," said James Mackin, a spokesman for the Secret Service. "Underreporting of these crimes is unfortunately the norm, and we are trying to take steps to improve in that area."

Dan Verton
Computer World

Computer World Article - Corporate America Is Lazy, Say Hackers

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Corporate America Is Lazy, Say Hackers suggests Terradon Communications Group's standard content management techniques as industry best practices while quoting Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the July 22, 2002 edition of Computer World.

(July 22, 2002) When a group of Web vandals hacked into USA Today's Web site July 11 and inserted false news stories, the Internet security community got a taste of how serious Web page defacements can be. While most security professionals consider Web page defacements nothing more than a nuisance, hackers and analysts said the newspaper got off easy. Subtle changes to the site could have been much more damaging, they said. In addition, the hack demonstrates the continued vulnerability of Web sites as a result of poor administration.

Although the defacement led to only minor downtime for USA Today's Web site, companies should fear the economic ramifications of such hacks, said Peggy Weigle, CEO of Sanctum Inc., a security consultancy in Santa Clara, Calif.

"Imagine a press release being posted that says the CEO and CFO are resigning due to undisclosed ethical or financial concerns. The stock price would likely plummet immediately," said Weigle. Companies should always audit Web applications before "taking them live" on the Internet, she said.

Hackers Find Open Doors

"We found in our auditing that 90% of all attacks stem from poor configuration and administrators that do not consistently update the software they use," said EPiC, the leader of a white hat hacker group known as Hack3r.com.

A hacker who goes by the nickname Hackah Jak agreed. "I can in minutes code a scanner to scan the Internet for 2-year-old known vulnerabilities," he said. "I've hit a lot of workstations this way and then worked my way through the network to the server."

A hacker nicknamed RaFa was the leader of the World of Hell defacement group, which racked up thousands of Web site defacements before disbanding last year. He said that in addition to making simple configuration mistakes, most administrators don't keep up with the updates and patches released by software vendors.

"They don't update services running on the system, and they set up permissions and software settings the wrong way on the Web server," said RaFa.

However, the real problem isn't laziness; it's trust, said Genocide, the leader of the Genocide2600 hacker group. Most administrators and managers simply trust that their systems are secure, he said.

"That is their first and biggest mistake," Genocide said.

Ways to Protect Web Content

1. Use message authentication and document-signing technologies.

2. Deploy digital rights management software.

3. Subscribe to automated security/patch notification services for the software vendors you do business with.

4. Audit Web server configurations, applications, guest accounts and user permissions before going live.

5. Consider content management software that offers digital hashing of HTML documents and images.

Sources: Bill Malik, an analyst at KPMG LLP in stamford, conn., and Keith Morgan, chief of information security at Terradon Communications Group LLC in Nitro, W.Va.

Dan Verton
Computer World

Computer World Article - Brinks Breaks Into Net Security Market

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Brinks Breaks Into Net Security Market quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the March 19, 2001 edition of Computer World.

The company that once guarded the bat used by Hank Aaron when he broke Babe Ruth's home run record in 1974 and the diamond Richard Burton gave to Elizabeth Taylor has quietly entered the Internet security market.

Irving, Texas-based Brinks Inc. is best known for its armored cars and 142 years of experience guarding bank loot. Now, Brinks' home security subsidiary, Brinks Home Security Inc., has teamed with Hyperon Inc. to offer an intrusion detection and response service to companies that can't afford a full-time IT security staff.

Brinks Internet Security, as the alliance AT A GLANCE The Initiative Combines Brinks’ real-time monitoring and response capabilities with Hyperon’s intrusion-detection systems Monthly charges range from $2,000 to $7,500, depending on level of service Services include basic alarms through full response between Brinks Home Security and Hyperon is called, marks the first time a traditional brick-and-mortar security firm like Brinks has entered the Internet security market, although Pinkerton has a network security consulting unit.

Hyperon is a consulting and outsourcing firm that specializes in intrusion detection and incident handling. It places an intrusion detection system on a customer's network that is monitored remotely through a central monitoring facility.

Fifteen Brinks agents have been deployed to the new Brinks Internet Security venture, which is co-located with Hyperon in Wilmington, Del. Some monitoring will also take place at Brinks' operations center in Irving, where 120 Brinks agents monitor the homes and businesses of 700,000 Brinks clients.

Business Enabler

Brinks' entry into the network security market makes it clear that "the assets that make up a company's value are changing," said Russ Gates, global managing director of technology risk consulting at Arthur Andersen LLP in Chicago. One of the challenges for Brinks will be looking at security as a strategic business enabler and not strictly as a protective barrier, he said.

"Brinks is not known as a high-tech company," said Bob Allen, chief operating officer at Brink's Home Security. "This is an expansion of the brand name and a logical extension that gets us into the high-tech market."

Brinks and Hyperon plan to issue a "Protected by Brinks" logo for use by e-commerce sites as a sign of assurance, said Allen.

The companies are just now entering into discussions with several financial services companies and plan to extend the service to the manufacturing industry, said Hyperon CEO Jim Molini.

Although physical and IT security will eventually merge, "now is not the time," said Steve Hunt, a security analyst at Cambridge, Mass.-based Giga Information Group Inc. "The market is too distracted and end users spread too thin to replace a system that already works well enough. Neither Brinks nor Hyperon will be able to reach the e-business purchasers or the CIOs in order to make a sale that bridges the two security worlds."

A network administrator at an Internet service provider in Virginia said he liked the idea of combining physical with Internet security but added that the saturation of the market could make it tough for Brinks to win major customers.

Keith Morgan, a network security specialist at Nitro, W. Va.-based Terradon Communications Group LLC, a software developer for Fortune 500 firms, said it's the Hyperon-Brinks combination that could make a difference with users, not simply the Brinks name. "The skill set required for data security just doesn't compare at all with physical [security]," he said. However, "everyone loves a one-stop shop."

Dan Verton
Computer World

Computer World Article - BIND patches leaked to underground, ISC says

Thu, 24 Jan 2008 12:20:52 GMT

The following article, "BIND Patches Leaked to Underground, ISC Says" quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the November 18, 2002 edition of Computer World.

The Internet Software Consortium (ISC) is under fire for the fee-based procedures it follows to notify the Internet community of vulnerabilities in Berkeley Internet Name Domain (BIND) software used for routing traffic on the Internet.

When word reached the ISC on Oct. 25 that "serious" BIND vulnerabilities had been discovered, the first companies to receive notification were the paying members of ISC's early-alert notification service. The rest of the Internet security community had to wait until a patch was released Nov. 12 to be notified of the new holes in the software. And even then, some security administrators said they couldn't locate a patch as much as 12 hours after the public announcement was made - about nine hours longer than it took for the patches to be leaked to the hacker underground.

Although the ISC, which maintains BIND, doesn't charge for patches, it does charge companies to be added to an early notification list, said Lynda McGinley, the consortium's executive director. Fees vary depending on the type and size of the subscription. An individual pays roughly $100 per year, while a large company can expect to pay $50,000 per year to be a member of the ISC forum, she said.

"Forum members with the early security notification option pay for ISC to validate their authenticity as someone who is not distributing patches to the underground," said McGinley. She added that notifications of the latest vulnerabilities "were leaked to the underground within a few hours of us sending them out to what we thought were valid users." That demonstrates the importance of the validation process, she said.

Michael Brennen, president of FishNet Inc., a Web hosting firm in Plano, Texas, was one of the many BIND users who couldn't locate patches for more than 12 hours on Nov. 12. "Deliberately withholding patches for root access security bugs is irresponsible in the extreme," he said. "Whether or not it is extortion is for others to decide. Personally, I don't want to be held hostage. I can't live with this anymore."

The latest vulnerabilities, discovered by Atlanta-based Internet Security Systems Inc. (ISS), affect BIND Versions 4 and 8, up to and including Release 8.3.3, according to ISS. "Eleven of the 13 root servers run Version 8.3.3," said Dan Ingevaldson, team leader of the ISS X-Force.

Lasting Problem

Jerry Brady, chief technology officer at Waltham, Mass.-based Guardent Inc., said he thought the patches came out a little late. "The recommendations were to either patch the old code or move to a new release of BIND, which is kind of daunting to the average user," said Brady. "As a result, this vulnerability will probably hang around for a long time."

Mike Schiffman, director of security architecture in the San Francisco office of Cambridge, Mass.-based @Stake Inc., said that while he doesn't know what ISC officials knew, or when they knew it, he does know that vulnerability data was made available before patch information was made available to the public. "When you withhold this type of information, no good can come of it," said Schiffman. "I can tell you with a reasonable degree of certainty that there are thousands of DNS [Domain Name System] servers that are vulnerable, and DNS is critical infrastructure on the Internet."

Keith Morgan, chief of information security at Terradon Communications Group LLC, a Nitro, W. Va.-based content management firm, said delivering early-warning information to a "paying elite" is a conflict of interests that should be criminal. "This is a company exploiting security flaws in its own software to turn profit," said Morgan.

However, McGinley said nearly all of the subscription funds go toward verifying the identity of early notification recipients. "BIND is a free product, and we'd like to keep it that way," she said.

Dan Verton
Computer World

Coming Home: Firms Luring Many Natives Back To Mountain State

Thu, 24 Jan 2008 12:20:52 GMT

Greg Fox was one of the few people in the northbound lane of Interstate 77 when he drove home last year to take a job at Terradon in Nitro.

When he crossed the state line, he sighed with relief. He didn't expect to find a job in West Virginia comparable to the one he had in Charlotte, N.C. For several years, he religiously searched the Internet employment ads. Last year, Terradon, an Internet and engineering firm, placed an ad.

"For me, it was a very easy decision to make," Fox said. After graduating from West Virginia University in 1988, he moved to Philadelphia, then Cleveland, then Charlotte. He was tired of big city realities like crime and long commutes.

“This is where I grew up. You get it in your blood,” said Fox, a Parkersburg native.

He’s one of several natives who came back to the state to work for Terradon. In nearby cubicles, transplants trade tales of sub-standard living in places like Washington and Atlanta.

“I really like the state compared to the hassle of a big city, or the madness of Silicon Valley. This is definitely the place to be,” said Keith Morgan, 29, a software programmer who moved home from Northern Virginia to work for Terradon.

Like elsewhere in the nation, West Virginia technology executives search endlessly for qualified workers. Homesick natives have turned into a fruitful option.

Non-natives think of the state as a haven for coal mines and steel mills, not technology firms. Also, for non-natives, the move to West Virginia can be a difficult transition.

Scott Kapin, 26, left San Diego to work at the Institute for Software Research in Fairmont. Kapin, 26, likes the state’s scenic beauty and his job as a researcher for NASA.

But he misses the restaurants, organic produce, young people, bars and beaches of Southern California. “The lack of diversity is something that’s taken a lot of getting used to,” Kapin said.

“A lot of people in the high-tech field are not southern white males. There’s a very large Asian population. There’s a very large population from the Middle East. I could see how someone from that ethnic background would be uncomfortable,” he said.

Last year, the West Virginia High Technology Consortium in Fairmont asked 189 members about their staffing needs. In October, members said they needed 205 additional workers. By this fall, they predicted that number to triple to 692 available positions.

The Institute for Software Research in Fairmont needs more than 60 workers now. “We’re dying for them,” said Brain Griffith, technology recruiter.

He’s calling on recent West Virginia University alumni. “We’ve got work. We want you back,” Griffith said. “We’re paying top wages. We’re paying better than Pittsburgh.”

The 2000 Census showed that West Virginia’s population increased by .8 percent, or by about 15,000 people during the 1990s.

That’s a better report than the 1990 Census that showed a 7 percent drop in the state’s population during the 1980s.

George Hammond, director of the West Virginia Economic Outlook, studies West Virginia’s population shifts. It’s too soon to tell whether state natives who’ve moved home are a part of the 15,000 new people in the state.

“If we can generate the jobs at the wage rates that are going to be competitive, then we’ve got a good chance. Whether or not we have done that remains to be seen,” Hammond said.

Kelly Regan
Sunday Gazette-Mail

CNN.com Article - Survey: Suspicious server probes multiply

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Survey: Suspicious server probes multiply quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the February 21, 2001 edition of CNN.com.

(February 21, 2001) The number of suspicious probes and scans designed to find vulnerable domain name servers on corporate networks shot up 280 percent last month and continues to climb, according to IT managers and a new survey conducted by a network security monitoring firm.

A survey released last week by Alameda, Calif.-based Pilot Network Services Inc. found that suspected hackers made as many as 6,000 attempts last month -- compared to approximately 2,200 in December -- to locate vulnerable domain name servers across corporate networks. Pilot collected the information for the survey from its regional network operations centers, which monitor 70,000 corporate networks belonging to Pilot clients worldwide.

The spike in the number of scans came as no surprise to many users and security experts, who said hackers are stepping up their efforts to uncover corporate systems that haven't been fixed for vulnerabilities discovered last month in the Berkeley Internet Name Domain (BIND) server from the Redwood City, Calif.-based Internet Software Consortium (see "Groups warn of serious Internet security holes," link below).

In fact, many companies don't even know they are being scanned or if their networks have been compromised, security specialists said.

Meanwhile, other experts warned that hackers with track records of developing sophisticated automated hacking tools are already planning to cross-breed Internet worms, such as the recent Ramen worm (see "Ramen worm hits some Red Hat Linux servers," link below), with other DNS exploits, thus creating the potential for widespread network problems.

"There are a couple of worms on the horizon that will probably be the next breaking story," said Amit Yoran, CEO of Riptech Inc., a network security firm in Alexandria, Va. "In literally a matter of hours, a very large number of zombie hosts can be created for planned [distributed denial-of-service] attacks, multiple hopping points to cover your tracks and other activities."

IT managers across the nation also are reporting a rise in DNS-related probes, with many attributing the increase to the Jan. 29 public announcement of vulnerabilities in BIND.

Keith Morgan, a network security specialist at Terradon Communications Group LLC, a Nitro, W. Va.-based Internet software developer for Fortune 500 firms, said his company has detected more than 15,000 individual probes for vulnerabilities on its networks since October. But the scans recently shifted from those looking for vulnerable file transfer protocol servers to Port 53, where DNS resolution queries are handled in older versions of BIND.

"Our remote sites and VPN users connecting over both dial-up and broadband technologies are also reporting major increases in scans for DNS servers," said Morgan.

Sean Brown, a systems administrator at Applied Geographics Inc., a geographic information systems consulting firm in Boston, said he has seen a small rise in scans since Jan. 30. But the impact of those scans can be significant, he said. "I had only seen one Class C sweep for DNS in January before the announcement," said Brown, referring to a network that contains 256 IP addresses. "I've since seen four."

Although that may not seem like a lot, each scan is probably looking at an entire network of anywhere from 256 IP addresses up to 65,536, said Brown. "The number of potentially vulnerable systems is huge."

Companies belonging to the Information Systems Security Association (ISSA), an Oak Creek, Wis.-based nonprofit group, are also reporting an increase in BIND-related scans, according to an ISSA member who requested anonymity.

In addition, a spokesman for the CERT Coordination Center at Carnegie Mellon University in Pittsburgh confirmed that there has been a significant increase in the number of BIND-related scans.

Still, the cross-breeding of viruses and Internet worms to exploit security gaps in BIND represents a major shift in the way virus writers operate, said Chris Klaus, chief technology officer at Internet Security Systems Inc. in Atlanta.

"Now we're seeing an increase in the number of virus writers using the hacker mentality," Klaus said. Viruses are being designed that automatically search out compromised systems, he said. "If companies haven't thought of a way to routinely check their machines, they're sitting ducks."

DNS probes on the rise

Recent network security statistics:

Attempts to breach online security mechanisms rose 58 percent in January, to 5,568, from 3,534 last December.
Attempts to find vulnerable servers increased 280 percent to approximately 6,000.
Stealth scans are the most common types of malicious activity and increased 88 percent to 3,102.
Backdoor-G and NetBus Trojan scans have increased in number, while Hack-a-Tack and Back Orifice have decreased and appear to be out of favor.

Dan Verton
CNN.com

CNN.com Article - Microsoft training blamed for spread of viruses

Thu, 24 Jan 2008 12:20:52 GMT

The following article, Microsoft training blamed for spread of viruses quotes Terradon Communications Group's Chief Security Engineer Keith Morgan and appeared in the August 14, 2001 edition of CNN.com.

(August 14, 2001) IT professionals and trainers are blaming insufficient security training offered under the nationwide Microsoft Certified Systems Engineer program for contributing to the spread of "Code Red" and other damaging viruses.

MCSEs design, install, support and troubleshoot information systems based on Microsoft Corp. software.

Robert Stewart, general manager of training certification at Microsoft, countered that each of the four core classes required for MCSE certification covers various aspects of security.

Although the in-depth security course is an elective, Stewart said, the fact that Microsoft has designed a specific course on security demonstrates the company's commitment.

Security optional

Required core exams for Windows 2000 MCSE certification:

70-210: Installing, Configuring and Administering Microsoft Windows 2000 Professional
70-215: Installing, Configuring and Administering Microsoft Windows 2000 Server
70-216: Implementing and Administering a Microsoft Windows 2000 Network Infrastructure
70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure

Dan Verton
CNN.com