Ten Tips Organizations Can Use to Better Protect Their Proprietary Data and Customers' Personal Information From the Holiday Grinch

Content Monitoring and Security Expert Dr. Doug Jacobson Outlines Several

Ways Data Theft and Misuse by Employees During Holiday Season Can Lead To

Major Bahumbugs

Nov 15, 2006, 00:00 ET from Palisade Systems

    AMES, Iowa, Nov. 15 /PRNewswire/ -- Content security expert and founder
 of Palisade Systems, Dr. Doug Jacobson, today announced the following top
 ten tips organizations should consider when protecting their proprietary
 data and their customers' personally identifiable information from the
 holiday Grinch, (aka accidental prone and/or malicious employees). The tips
 follow a new study by research firm Harris Interactive, that estimated 49
 million adults in the United States were informed about their personal
 information being lost, stolen or improperly disclosed in the last three
 years. The loss of consumers' personal information, especially during the
 holiday season, was a result of a continuing trend where employees
 maliciously and/or accidentally send out sensitive data without
 authorization over electronic communications.
     Top Ten Tips for Protecting Proprietary Data and Consumers' Personally
 Identifiable Information From the Holiday Grinch
     1)  If you're not monitoring employees' outbound electronic
         communications, consider doing it immediately
     2)  Understand how employees can send customer data outside your
         company -- through the network, laptops, PDAs, backup transport.
     3)  Perform an audit on the amount of network communication protocols
         employees have access to, since there are nearly 200 protocols
         employees can use to send data outside your network
     4)  Develop policies for the appropriate handling, use, and securing of
         customer data and make sure every employee understands what data is
     5)  Educate your employees on how to properly handle private data as well
         as how to keep their computers free of security threats, such as worms
         and spyware.
     6)  Be sure to communicate your company's procedures and processes for
         protecting confidential data to your clients.
     7)  Hire a third party to perform an annual audit of your security
         practices.  Through penetration tests your company will better
         understand how adequately protected you are with your existing network
         security infrastructure.
     8)  Adopt a multi-layered security strategy to protect private data.  The
         strategy should include solutions to enforce access controls on
         information and provide private content protection.
     9)  Track where your customers' sensitive data is being sent to. Consider
         purchasing technology designed to make sure that sensitive data is
         being sent to the correct IP address by an employee.
     10) Encrypt data if customer information is being transmitted or stored on
         a network.
     Over 190 Ways the Grinch Can Steal Your Presents (Network Protocols
 Employees Can Use To Transmit Sensitive Data)
     1)   AOLWebmail
     2)   GoogleMailSend
     3)   Hotmail
     4)   YahooMail
     5)   IMAP
     6)   IMAPS
     7)   POP
     8)   POP3S
     9)   SMTP
     10)  LPR
     11)  Microsoft-DS
     12)  NetBIOS-SSN
     13)  NFS
     14)  AresStartup
     15)  AudioGalaxyWeb
     16)  BearShareXferEnc
     17)  BitTorrent
     18)  BlubsterXfer
     19)  DirectConnectHub
     20)  DirectConnectXfer.
     21)  EDonkey (including OverNet)
     22)  EDonkeyXfer
     23)  FiletopiaXfer FreeNet
     24)  FurtherClient
     25)  Gnutella
     Also these that are based on the Gnutella protocol:
     26)  Bearshare
     27)  BearshareXferEnc
     28)  Bodetella
     29)  Cooltella
     30)  Furi Launcher
     31)  Furi Updater
     32)  Gnewtella
     33)  Gnewtella 2
     34)  GnOtella
     35)  GnuCache
     36)  Gnucleus
     37)  Gnujatella
     38)  Gnumm
     39)  Gnuspace
     40)  Gnutella for Mac
     41)  Gnut
     42)  Gnutella.it
     43)  Gobobo
     44)  GTK-Gnutella
     45)  Hagelslag
     46)  Limewire
     47)  Mactella
     48)  Morpheus
     49)  MyGnut
     50)  MyTella
     51)  N-Tella
     52)  Newtella
     53)  PeaGnut
     54)  Pi
     55)  Pygnut
     56)  Reflector
     57)  SeachLord
     58)  Shareaza
     59)  Gnute
     60)  Gnutmeg
     61)  Gnutella Crawler
     62)  Tellaseek
     63)  Toadnode
     64)  Gnutella2UDP.
     65)  GnutellaXfer
     End Gnutella protocols
     66)  IRC-DCC-Send.
     67)  KaZaA (including Morpheus)
     68)  KaZaAXfer
     69)  Napster
     Also these that are based on the Napster protocol:
     70)  Amster
     71)  BeNapster
     72)  Blazter
     73)  Capster
     74)  Console Napster CLT
     75)  DeWrapster
     76)  DiaRRIA
     77)  DJnap
     78)  Fanster
     79)  File Navigator
     80)  NapAmp
     81)  Napigator
     82)  Napkin
     83)  NapMan
     84)  Napsack
     85)  Napster for Beos.htm
     86)  Napster/2
     87)  Napsterminator
     88)  Napster - Linux
     89)  Napster Server Manager
     90)  Gnapster
     91)  Gnome-Napster
     92)  GTK-Napster
     93)  Hackster
     94)  iNapster
     95)  JNap
     96)  J Napster
     97)  Jnerve
     98)  KNapster
     99)  Koog Epsilon
     100) Lopster
     101) Macstar
     102) Macster
     103) Music City
     104) MyNapster
     105) Napster Unban
     106) Netstreak iAssimilator
     107) N-Dream Plug-In for Napster
     108) OpenNap
     109) Pakster
     110) Rapster
     111) Riscster
     112) Snap
     113) Socks2HTTP
     114) Spyster
     115) TekNap
     116) TKNap
     117) Unwrapper
     118) Webnap
     119) Wrapster
     120) XMNap
     121) Napster Xfer
     End Napster protocol
     122) SoribadaXfer
     123) SoulSeekLogin
     124) SoulSeekXfer
     125) Twister
     126) CVS-PServer
     127) CVSup
     128) FTPActive
     129) FTPControl
     130) FTPPassive
     131) AIMLogin
     132) AIMMsg
     133) AIMXfer
     134) GoogleTalkLogin
     135) ICQLogin
     136) ICQMsg
     137) IRCLogin
     138) IRCMsg
     139) MSNMessengerLogin
     140) MSNMessengerXfer
     141) YahooMsgrLogin
     142) YahooMsgrMsg
     143) RealMedia 1, 2, and Multi Rate.
     144) ShoutCast
     145) WindowsMedia
     146) CitrixICA
     147) GotoMyPCShare
     148) REXEC
     149) RLogin RLogin
     150) RSH
     151) SSH
     152) Telnet
     153) VNC
     154) WindowsTerminalServer
     155) XWindows
     156) Q.931
     157) Session Initiating Protocol (SIP)
     158) Skinny
     159) HTTP_Servers
     160) Socks4/5
     161) HTTP-Proxy
     162) HTTP_URLList_Remote_Proxies
     163) HTTP
     164) HTTP-ACTIVEX
     165) HTTP-AVI
     166) HTTP-EXE
     167) HTTP-Audio-MPEG
     168) HTTP-Video-MPEG
     169) HTTP-QuickTime
     170) HTTP-RAR
     171) HTTPS
     173) HTTP-Video-Flash
     174) HTTP-Zip
     175) HTTP-HEAD
     176) HTTP-POST
     177) AOL-TCP
     178) BOINC
     179) Compuserve-TCP
     180) Finger
     181) Gopher
     182) IDENT
     183) iTunes
     184) NNTP
     185) WakeOnLan
     186) Custom
     187) DiagVPN
     188) DNS Query
     189) EthernetAddresses
     190) EthernetNotAddresses
     191) Everything
     192) HTTP_Hosts
     193) HTTP_URLs
     194) HTTP_URLList
     195) LogUnmatched
     196) SSL
     How the Grinch Can't Steal
     Palisade Systems is the only vendor in the emerging content monitoring
 and filtering market capable of not only monitoring these protocols, but
 also blocking their use and delivery of information to the receiver.
 Content monitoring and filtering products are a breed of emerging
 technology that specifically focuses resources on the applications and
 protocols responsible for the delivery of outbound communication, instead
 of most network security products that prevent inbound security threats
 like viruses, spyware, worms, DoS attacks, etc.
     About Dr. Jacobson
     Doug Jacobson is an Associate Professor in the Department of Electrical
 and Computer Engineering at Iowa State University. Dr. Jacobson joined the
 faculty in 1985 after receiving a PhD degree in Computer Engineering. Dr.
 Jacobson is currently the director of Iowa State University's Information
 Assurance Center, which has been recognized by the National Security Agency
 as a charter Center of Academic Excellence for Information Assurance
 Education. He is also director of the Internet-Scale Event and Attack
 Generation Environment (ISEAGE), a U.S. Department of Justice funded test
 lab, which is the only lab in the world designed to simulate, investigate
 and recreate the largest cyber attacks over the Internet. In addition to
 his work at the university, Dr. Jacobson is the founder and CTO of Palisade
 Systems, Inc.
     Dr. Jacobson works with local law enforcement and is a computer
 forensics analyst for the Iowa State University Police department. He's a
 recipient of the coveted "Meet the Challenge Award" from the FBI's
 InfraGard program. The "Meet the Challenge Award" is given annually by
 InfraGard to the individual most responsible for raising awareness of
 information security in the community. Dr. Jacobson's current funded
 research is targeted at developing robust countermeasures for network-based
 security exploits and large scale attack simulation environments. His
 latest project is the formation of the Center for Information Protection.
 Sponsored by the National Science Foundation (NSF), it's the first NSF
 Industry/University Cooperative Research Center to coordinate information
 security research efforts between business, academic and government
     Several of Dr. Jacobson's projects have led to patents and have been
 successfully transferred to the high-tech industry. Furthermore, Dr.
 Jacobson has received two R&D 100 awards for his security technology and
 has two patents in the area of computer security and has given hundreds of
 presentations in the area of computer security and has testified in front
 of the U.S. Senate committee of the Judiciary on security issues associated
 with peer-to-peer networking.
     About Palisade Systems, Inc.
     Founded in 1996, Palisade Systems, Inc., is a leading provider of
 enterprise content security and data protection solutions with over 500
 customers across North America and Europe. Palisade security appliances
 help organizations proactively secure intellectual property and private
 client information from leaking outside the network, define and enforce
 access to internal network resources, and enforce compliance with federal
 privacy and industry security regulations. Palisade Systems customers
 include prominent clients in healthcare, financial services, insurance
 industries, along with universities and school districts. For more
 information, please visit http://www.palisadesys.com or contact Palisade's
 sales department at 1.888.824.0720.

SOURCE Palisade Systems