Our Company

We are committed to providing our customers with the best products on the market, as well as excellent support.  At IT Management Solutions, our primary goals are -

  • To provide professional and on time service to our clients.
  • To provide our clients with efficient, flexible and economic solutions to their network and computer needs using proven products and technology.
  • To develop a long term relationship by providing expertise that results in improved operating efficiency, security and productivity for our clients.

 

What we do

support.jpgSupport
Experience with the latest technology. More...
security.jpgSecurity
Protect your most valuable assets More...
What we do VoIP
VoIP solutions from leading vendors  More...
What we doConsultation
Professional, experienced consultants to aid you More...

Botnet Example Video

Have you ever wondered where all those SPAM emails are comming from or whwgrd_logo.jpgy your PC is running so slow?  Watchguard has an excellent video of a botnet in action.

Security Advisories

US-CERT Cyber Security Alerts
US-CERT Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits. Cyber Security Alerts are released in conjunction with Technical Cyber Security Alerts when there is an issue that affects the general public. Cyber Security Alerts outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.
SA10-068A: Microsoft Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities

SA10-040A: Microsoft Updates for Multiple Vulnerabilities
Microsoft Updates for Multiple Vulnerabilities

SA10-021A: Microsoft Internet Explorer Vulnerabilities
Microsoft Internet Explorer Vulnerabilities

SA10-013A: Adobe Reader and Acrobat Vulnerabilities
Adobe Reader and Acrobat Vulnerabilities

SA10-012B: Microsoft Windows and Adobe Flash Player 6 Vulnerabilities
Microsoft Windows and Adobe Flash Player 6 Vulnerabilities

SANS Internet Storm Center, InfoCON: green

Infocon: green
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication

Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication, (Wed, Mar 10th)
Yesterday Microsoft re-released KB973811 ==http://www.microsoft ...(more)...

What's My Firewall Telling Me? (Part 4), (Wed, Mar 10th)
Theres been a lot of discussion about the recent stories on parsing firewall logs - Mar ...(more)...

Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7, (Wed, Mar 10th)
Several readers have pointed us towards this advisory. This Microsoft advisory outlines a vuln ...(more)...

March 2010 - Microsoft Patch Tuesday Diary, (Tue, Mar 9th)
Overview of theMarch 2010 MicrosoftPatchesand their status. ...(more)...

SANS Internet Storm Center, InfoCON: green

Infocon: green
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication

Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication, (Wed, Mar 10th)
Yesterday Microsoft re-released KB973811 ==http://www.microsoft ...(more)...

What's My Firewall Telling Me? (Part 4), (Wed, Mar 10th)
Theres been a lot of discussion about the recent stories on parsing firewall logs - Mar ...(more)...

Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7, (Wed, Mar 10th)
Several readers have pointed us towards this advisory. This Microsoft advisory outlines a vuln ...(more)...

March 2010 - Microsoft Patch Tuesday Diary, (Tue, Mar 9th)
Overview of theMarch 2010 MicrosoftPatchesand their status. ...(more)...

Microsoft Security Bulletins
Microsoft Security Bulletins
MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
Bulletin Severity Rating:Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
Bulletin Severity Rating:Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.

MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.

MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Botnet Example Video PDF Print E-mail

We have been installing and maintaining firewalls for 10 years now, long before they were popular.  In doing security research at that time we came upon a new startup called WatchGuard.  We were immediately impressed with the ease of setup, reporting, and most importantly, protection provided.

At that point in time firewalls were very hard to configure correctly.  A lot of them required you to create a set of rules while logged into a command prompt.  Others had a very simple web interface, but still required you to create the rules, and then list them in the correct order.  Some firewalls took days to setup, configure, and test.

WatchGuard had a different solution.  It involved installing a "Control Center" application on a PC and using a pre-defined set of rules.  You did not have to worry about implementating them in the correct order either.  If needed you could add your own custom rules.  One of the things that immediately impressed us though were the proxy filters for smtp and http.  With these proxies we could eliminate most if not all viruses before they entered the network.  You simply configure the filter to only allow certain safe types of file attachments through.

Shortly after we had installed the WatchGuard Firebox on several networks several viruses spread rapidly on the internet through email.  The WatchGuard Firebox did exactly what we had expected.  It filtered out the viruses before they entered the network and these networks went on as if nothing was happening.  The clients we supported at the time that did not have a WatchGuard installed were immediately infected, even though they were running the latest anti-virus products and were updated daily.

What does this have to do with your network today?  A Lot.  As you know viruses are still spread through email and are a very real risk.  An even greater problem has risen though, especially in the past year.  This threat comes from trojans, spyware, and botnets.  These infections are not out to damage files on your PC as viruses were in the past.  They are after something more valuable - your resources and data.  These new infections are also delivered through websites, and any website is capable of infecting your PC.  Trojans are normally installed on your workstation to download other programs.  These other programs are capable of anything, from installing unwanted games, to key stroke loggers which record usernames and passwords.  Of all of these though the worst has to be botnets.  They are programs that are installed and controlled remotely by someone.  They are worse than your worst nightmare, capable of anything.  Anti-virus is useless against most botnets.  You can find information on what to date is the worst of these, the Storm, here .

So, what can you do to keep your network and data safe?  While nothing is 100% following these simple rules will greatly limit your exposure -

1) Educate your users.

2) Keep anti-virus and anti-spyware up to date.

3) Install a firewall that provides an smtp and http proxy.

To see how botnets are created and how they work WatchGuard has released 3 excellent videos.  The first video, Botnets Part 1 , explains how botnets are created.  Video 2, Malware Analysis: Botnets Part 2 , explains how botnets are used.  The third video, Malware Analysis: Botnets Part 3 , explains how to protect your network.

For more information on how to protect your network please feel free to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , or call us at (888) 740-9193.