Keeping your business safe online

Keeping your business safe online Security threats are complex. Protecting your business from them isn’t. McAfee Total Protection for Small Business...
1 downloads 0 Views 4MB Size
Keeping your business safe online

Security threats are complex. Protecting your business from them isn’t. McAfee Total Protection for Small Business. A hassle-free security service that’s quickly installed, centrally managed, and automatically updated. McAfee® Total Protection™ solutions provide comprehensive security in a single service to protect against everything from viruses, spyware, spam, and phishing, to hackers and identity thieves. Total Protection simplifies security and provides always-on, always up-to-date protection across desktops, servers, and email.

YOUR OWN BUSINESS SECURITY TEAM From only $5 per person per month* *Based on current McAfee RRP as of Oct 12 2007 Australia 1800 644 646. Hong Kong 852 2892 9500. India 9122 6693 5278. New Zealand 0800 508 333. Singapore 65 6222 7555. Thailand 662 625 3058 to 61. Find your local reseller at McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. ©2007 McAfee, Inc. All Rights Reserved. crn1-1007

crn1-1007.indd 1

10/12/2007 7:35:20 PM

Foreword The single most important revolution for business in the last century has been the Internet. Its impact on business efficiency, distribution and marketing has been mind-boggling. It has broken traditional business models and created amazing success stories. But along with those revolutionary business opportunities, the Internet has also brought a new threat to business. There was a time, not so long ago, when a small business owner didn’t have much to worry about when it came to cyber crime. They weren’t always connected to the Internet, their business was not dependent on the Web, and malicious worms were generally something that affected other people. But then the Internet boom happened. Businesses large and small realised its potential for providing information to their customers and communicating with their clients and suppliers. eCommerce became a core component of company revenue. Dial-up modem connections became always-on broadband, everybody in the office got an email account and people could access their data from home and on the road. Inevitably, a criminal ecology has followed business onto the Web. According to statistics from Australia’s National Computer Emergency Response Team (AusCERT), one in five businesses were affected by cyber crime last year, and of the 201 businesses surveyed in its 2006 Computer Crime and Security report, the average loss of

by David Koch

revenue as a result of security failure was over $40,000 dollars – and that’s excluding one business that reported a loss of $40,000,000 due to computer crime*. Sadly, far too many businesses ignore these kinds of statistics and fail to act to protect their computer systems and data from criminals. We protect our premises, our stock, our staff but because eCommerce isn’t necessarily physical we ignore it. Rather than spend a few hundred dollars acquiring and installing security software, small business owners often wait until something bad happens before responding. By then, of course, it’s usually too late: you’ve lost revenue due to downtime, you’ve spent a great deal of money to repair your systems and you’ve lost the perhaps the most important commodity you have when it comes to online business – the trust of your customers. I know computer security can seem like a scary topic, filled with jargon that you don’t have the time or inclination to decipher, but it’s really not as complicated as it at first seems. There are some very simple things you can do that will protect your office systems from the vast majority of attacks, if only you take the time to do them. They won’t cost you a bundle, they won’t take up huge chunks of your day, and they could save you tens of thousands of dollars in the long run. Set aside a few hours to learn some computer security basics – you won’t regret it.

4. 6. 7. 8. 10. 12.

Today’s small business — online, networked and exposed The cyber criminal — targeting your business now Are you a danger to your business? The GadgetGuy’s jargon buster McAfee Total Protection for Small Business Protection at work: case studies from UniLodge Australia and the Association and Communications Events 14. What else can you do? *Read the full AusCERT study at

Today’s small business online, networked and exposed

By early 2007, over 510,000 Australian businesses – with the majority being small businesses – were connected to the Internet by always-on broadband, many without proper online security systems in place to protect them from the dangers of continual exposure to the Internet. Unfortunately, hoping nothing goes wrong, or when it does go wrong it’s fixable, is a poor strategy for business. Perhaps the biggest problem in so many small businesses is the owner’s false sense of security when it comes to online threats. Corporate espionage, server takedowns, virus infestations and data hacking is something that only happens to big enterprises, right? Wrong. Small businesses are just as vulnerable to cyber crime as large ones – more so, because so many are negligent when it comes to computer security. The money required to properly secure computer systems, and the time required to learn about the threats, is often seen as daunting. In reality, the combination of low-cost security software and a small number of sensible and readily enforceable company policies can go a long way towards protecting a company against most of the threats the Internet has to offer. Default settings inadequate It’s clear is that you can’t rely on the default settings of your networking hardware or computer systems to cover you against Internet threats. Operating systems have become better, with Windows XP and Vista now shipping with firewalls and very limited 4

anti-spyware, but they’re still not anywhere near the standard required for proper security. There’s no anti-virus, the firewalls are unintelligent and there is virtually no protection against malicious websites, phishing scams and email viruses. The default setup of a new PC is generally insecure, and it’s up to you to secure it. Likewise, networking hardware is getting better – wireless access points, for example, are now rarely shipped with the wireless network switched on and open, but they still use administrator passwords and addresses (which many companies neglect to change) that are easy for anyone to guess. What if? This lack of security in the default setups of computers leaves many companies vulnerable to massive losses as a result of data breaches. You may not immediately think you have much data that’s worth caring about, but when you start considering the possibilities, you may find you have something worth worrying about after all. What if you suddenly lost all your financial records, or the credit card details of all your customers was stolen from your database (as happened recently to Roses Only)? What if all your PCs became unusable for hours or days, how much would that cost you? A single virus infestation could cause any of these problems. The attack may not necessarily be specifically directed at you – most cyber attacks cast a broad net, trying to sweep up as many companies and individuals as possible – but you should make sure that you’re not one of them.

Top 5 Internet attacks According to McAfee’s David Marcus, Security Research and Communications Manager at McAfee Avert Labs, the five most common types of Internet attacks are: 1. Trojans (mainly password stealers aimed at financial institutes and online gamers) 2. Bots (mainly used for spamming, DoS and DDoS attacks) 3. Spam 4. Phishing sites 5. Browser-based malware

Five dangers of cyber crime to your business 1. Loss of customer data. Your database of customers and appointments is perhaps one of the most valuable assets your company has. You can’t afford to lose it. 2. Loss of financial data. Records of transactions, invoices or orders are needed for both tax and cash flow reasons. 3. Loss of time. While you’re getting your business system up and sputtering again after a computer failure, you’re losing staff time as well as customers. 4. Exposure of private financial details. And we’re not talking about just yours – for example, allowing your customers’ credit card details out into the wild, as has happened several times recently, is a public relations nightmare. You can’t afford to lose the trust of your customers. 5. Extortion risks. Some cyber criminals like to take the direct route. For instance, a particular class of virus known as ‘ransomware’ will encrypt documents on your computer systems, and demand money if you’d like to have your file unencrypted and usable again. A hacker might do something similar personally, or a thief might even steal your physical equipment and try to ransom it back to you.

The cyber criminal targeting your business now

Since at least 2005, if not well before that, the very nature of the security threat has fundamentally changed. The popular image of the backyard hacker developing software to take down remote systems for kicks no longer applies. The major threats come from highly organised criminal groups whose goal is not necessarily to destroy your PCs, but to harness the capabilities of the Internet to spy on your business, steal your data, trick your staff and hijack the processing power of the networked computer systems for their own ends. They’d like to gather the credit card details of your clients, trick you into revealing passwords and data that they’d find useful or saleable, and perhaps even steal your data and blackmail you for its return. The side effect of this is that criminal hacking has become highly professionalised, with virus developers being paid by the hour by develop systems that are very much targeted at eking profit out of businesses and individuals. Increasingly sophisticated According to McAfee’s 2007 Virtual Criminology Report, cyber criminals are employing increasingly sophisticated methods of breaching computer security systems. They’re using VoIP services, elaborate phishing schemes that target specific individuals, email viruses with topical headlines, social networking services like FaceBook and MySpace, and techniques as simple as dumpster diving to get their hooks into businesses large and small. As security software has developed, so 6

“Organised crime is seizing the potential of the digital space we live our lives through today for financial gain. The increasing take-up of broadband and new technologies such as voice over internet (VoIP) services present new opportunities for hi-tech criminals.” Greg Day, McAfee Security Analyst

have the hackers, and it requires systems more sophisticated than a basic firewall and an old-style signature-based antivirus package to stop them. The report also notes that, in the near future, mobile devices are going to become a major target for hackers as well. Smartphones and PDAs, which are essentially small computers, now have alwayson Internet access and could be vulnerable to all the same kinds of attacks as PCs. Given their capacity for email, they can also be used for phishing and similar attacks. How organised crime is profiting from the Net Cyber criminals have developed many ways to profit from cyber attacks. Here are some examples: - Collecting financial data (including credit card numbers and pins) and selling the results to the highest bidder - Hijacking email addresses for use in spam - Collecting company information for use in extortion attempts - Force-installing adware on systems for a fee - Running various confidence scams using email and websites

Are you a danger to your business? Not all security breaches are the work of criminal hackers attacking your company over the Internet. Either by negligence or malice, a significant number of security breaches are the work of staff members. According to the McAfee 2007 Virtual Criminology Report, criminal groups are targeting employees and sponsoring undergraduates to steal data from inside businesses using virtually undetectable transfers to USB keys and other mobile devices. The stolen data is then held for ransom or sold to anyone who will pay for it. Of course, the most common kind of security breach is unintentional. The modern mobile workforce has many advantages – working from home or the road, accessing data anywhere at any time – but from a security perspective it can be problematic. For convenience, copies of confidential data can and will probably be copied to USB keys, removable hard disks, notebook computers, mobile handsets or emailed to insecure home email accounts. Staff will bring their own insecure notebooks to work, or take work notebooks home and connect them to their home ADSL connection, which may or may not be secure. In Europe, McAfee found that a quarter of workers connected their private gadgets to their work network, and another quarter took work notebooks home and connected them to their home network. With all this data moving outside of the control of the business, the potential for data leaks is enormous.

Protecting your mobile equipment Here are some tips for dealing with the chaos that teleworking can bring: 1. Create and enforce company policies about what data can be taken on what devices. Encourage and enable situations where users can access data remotely without having to make local copies of it. Secure VPNs (virtual private networks) are good for this purpose. 2. Institute access controls on server data, so that only authorised persons can access it. 3. Use encryption software, available for both handhelds (like PDAs and smartphones) and notebook computers. That way even if a device is lost or stolen, the data cannot be accessed. 4. Acquire business notebooks and devices with biometric and other security measures, such as fingerprint readers and smart card readers. 5. Create revokable access mechanisms. Universal passwords are a bad idea – per-user passwords are easier to revoke in the case a stolen device. 6. Any personal equipment, such as privately owned notebooks and PCs, that will have company data on them should have the same security measures applied as the company-owned notebooks. At the very least they should have a current security suite. Managed service suites (like McAfee Total Protection for Small Business) are perfect for this kind of application, since you can monitor and manage the security on the private computers no matter where they are, and you don’t have to blindly trust your staff member to do the right thing.

The GadgetGuy ’s jargon buster ™

Software that delivers advertising to your PC, perhaps in the form of popups or sidebars with scrolling adverts.

A ‘zombie’ is a computer with a remote control Trojan installed. It works normally, but the Trojan remains as a silent agent, waiting for its ‘master’ (often the creator of the Trojan) to take control of the system. A bot is an application running on a zombie, installed by the zombie master to undertake some task – often a denial of service attack (see DDoS opposite) or sending out spam. A botnet is a group of bots infected by the same Trojan, and can be used in conjunction to perform distributed attacks.

(Distributed Denial of Service) A DoS or DDoS attack is an attempt to ‘choke up’ a Net connection or server, typically by flooding it with junk data. Botnets are often used for DDoS attacks – hundreds of computers work to shut down an Internet connection or server.

The practice of sifting through garbage bins (commercial or domestic) for documents that have been thrown away as ‘rubbish’, but which might be useful to the dumpster diver.

Software or hardware that blocks network traffic. A firewall tries to distinguish ‘good traffic’ from ‘bad traffic’. Good traffic is allowed to pass, bad traffic is blocked. 8

A catch-all term for software that does undesirable things to your computer. Viruses, worms and Trojans are all forms of malware.

Using email or a fake website to trick people into giving up private information, such as credit card details. The most common example is the email that purports to be from a bank. The email asks the receiver to go to a specific website and log in using their Net banking username and password. The site looks real enough, but in reality all it is doing is harvesting the user’s details. A technique called spear phishing is an evolution of that – it targets specific individuals to make the phishing attempt sound more plausible.

A software update designed to fix problems in the shipped versions of products. For example, a security flaw might be found in a piece of software after it has shipped to retailers. So the software developer writes a ‘patch’ that fixes the flawed parts, and distributes that patch over the Internet.

Unwanted email (the equivalent of junk mail), usually advertising, sent out by mass mailers. A spam filter detects and removes spam from email inboxes.

Spyware is software that sits on your computer and monitors your activity, creating and possibly sending reports to hostile parties.

A person who uses readily available Internet tools to perform basic attacks on computer systems. For instance, a person who uses a downloadable port scanner to find vulnerabilities (such as file shares and open directories on a Windows system), then perhaps uses a downloaded password hacking program to access those vulnerabilities.

A type of program that installs malicious software (such as viruses) while under the pretence of doing something else. Over time, the term Trojan has become almost synonymous with a type of virus that sits resident on the computer to create a ‘backdoor’ that hackers can exploit to get into the host system. The Trojan on an infected system will often advertise itself to the creator of the Trojan or other parties, although a good software firewall will prevent that advertisement from getting out (and it will also stop remote hackers from getting in a accessing the backdoor).

A program that injects itself into an executable program to perform a signature check and warns if there have been any changes.

Malicious software that ‘infects’ a computer system, causing it to do undesirable things (like deleting files, dialling 1800 numbers on the modem or sending private data to remote parties over the Internet). Anti-virus software detects and removes viruses.

A form of virus that replicates itself over a network. When a worm infects a system, it will use that system to try and infect other systems. The classical example is the email worm; the worm sends out a copy of itself to every user in the host PC’s email address book (and the recipients, seeing that the sender is someone they know, might be inclined to trust the email enough to open the file).

McAfee Total Protection for Small Business Many small businesses don’t have the technical expertise inhouse to implement and monitor rocksolid security, so McAfee has come up with a way to implement security as a managed service. Called McAfee Total Protection for Small Business, this solution implements all-in-one suite-level security on all licensed PCs in an office, without the need for an onsite systems administrator or any technical staff at all. Easy on the network Unlike the kinds of security suites you might be used to, McAfee Total Protection for Small Business uses a light and unobtrusive client on desktops. Staff will almost never get popups or security warnings, since all security alerts will be routed to the offsite or onsite IT manager to deal with as they see fit. The IT manager can then resolve that problem without the user ever knowing there was one. In spite of the light client, Total Protection for Small Business provides each desktop in an office full protection against remote and internal threats. It includes a state-of-the-art firewall, award-winning anti-virus and anti-spyware (including a continual system monitoring agent), email anti-spam and anti-virus filters as well as browser protection that detects and blocks visits to dangerous Web pages. The Advanced version of Total Protection for Small Business adds email server tools, which are very useful if you run your own email server. Its server-side tools include 10

spam protection and virus detection, ensuring that these threats never even reach staff desktops. Easy to install The entire solution is designed to be remotely manageable. Rather than installing a full suite on each PC, Total Protection for Small Business installs an antivirus, anti-spyware and firewall agent on each network PC. Installing the agent is as easy as clicking on a link in a Web browser on each PC you want the protection to apply to. There’s no need to carry discs around, and it’s easy for a remote systems administrator to send Web links to staff that will allow them to install the required agent on their PC. Easy to manage Because it works as a managed service, you or your designated tech manager (who may be offsite), can manage the security systems by visiting the Total Protection SecurityCenter, a Web page with tools to monitor and modify the security status of all the secured PCs. It can provide stats on current problems, detail who’s anti-virus and anti-spyware is up to date (and force updates if necessary), manage individual firewall settings, get a complete log of security events (such as attempted attacks on PCs), create groups and group policies, and set scanning schedules and policies. The management console is designed from the ground up to be easy to use, so expensive calls to your tech support manager can be minimised.

Features of McAfee Total Protection for Small Business Anti-virus and anti-spyware for every PC in the office A high-quality managed firewall for each PC Real-time email scanning for security threats and spam Server-based email scanning for threats, so they never reach the desktop (Advanced version only) SiteAdvisor, a Web browser protection tool that detects and blocks malicious and phishing websites A simplified and unified management console that allows security management of PCs without the need for physical visits to the desktop Free 24/7 technical support from McAfee A low-cost subscription-based service

For your free 30 day trial of McAfee Total Protection for Small Business, go to

Protection at work UniLodge Australia With 94 PCs spread over 13 sites, UniLodge had a significant problem: how do you centrally manage that many PCs at that many sites with any consistency? A provider of student accommodation in Sydney, Melbourne, Canberra, Brisbane and Auckland, UniLodge required spam and virus management across all of its systems, but had a major issue managing small clusters of PCs in disparate locations. Originally it relied on traditional per-desktop solutions, similar to the consumer suites many people are familiar with. But according to Keith Hoult, Senior Project Manager at UniLodge, they needed a solution that would ease their management burden. They found it in McAfee Total Protection for Small Business. “We were trying to limit the hours lost managing individual PCs and servers across the group by ensuring all PCs from many of our small networks across Australia and NZ are protected and updated with a uniform standard,” said Hoult. The managed services model of McAfee Total Protection for Small Business allows UniLodge to do just that, he said. Total Protection for Small Business installs a complete and comprehensive security agent on each PC, but all the PCs are centrally managed through a Web-based console that can monitor and control the


security systems on the PCs individually, as well as create global and group-based security rules. Because the security policies and software can be centrally managed and monitored, UniLodge’s outsourced IT staff are not required to physically visit each PC to make changes to security policies. UniLodge, said Hoult, has a single contractor that monitors all the work stations in Australia and New Zealand. “A staff member at Leading Edge Information monitors the PCs on our network and provides monthly reports to our external IT support. The report details any PCs that may have outdated virus definitions, and ensures that all workstations are fully protected. This means our external IT support staff only become involved if we have an incident, which we haven’t since the installation of the managed solution.”

Association and Communications Events Like so many small businesses, Association and Communications Events (ACE) doesn’t have an inhouse IT manager. Ranked 27th on BRW’s Fast 100 list of fast-growing companies, ACE has grown in the last five years to a company with 18 staff and 20 PCs – enough to be a significant management problem, but not enough to justify a permanent onsite staff member. Instead it relies on a contracted offsite manager, which can be a problem when they need to physically visit PCs to update their security systems. Until recently, the company’s security regime comprised of consumer-style suites installed on each PC. “We were initially running the Norton suite individually on every PC. To manage each system we had to manually go to each PC,” said Anthony Sprange, Managing Director. “We also had to deal with a lot of error messages and firewall popups. All the staff want to do is switch the machine on and work, without dealing with popups.”

Spam also became a major problem for the company. “Everything we do involves working with telephone and email. We’re a company that uses email marketing to push out our message. It’s everywhere,” said Sprange. A consequence of that, said Sprange, is that the email addresses tend to be very public and get added to spam mailing lists. “In a single week we received four or five thousand emails,” he noted. Looking for a comprehensive suite solution that was manageable and discreet, ACE moved to McAfee Total Protection for Small Business Advanced. The managed services model of Total Protection for Small Business would allow the IT manager to monitor and control the security systems remotely, without the need for time-consuming and expensive office visits. Sprange also noted that the advanced version, with its server-side spam filtering, also allowed the company to “clean out the rubbish at the server, before it hit the in-trays”. In addition to sparing the company the need for visits from its remote IT manager, Sprange said the suite has had productivity benefits for staff. “McAfee is kind of a set-and-forget system. You don’t get all the popups we saw before; if something goes wrong and some setting needs to be changed, we can do that without going to the desktop.” In addition to saving time and money for calling in outside support, he also noted that the multi-user license model for McAfee actually shaved roughly 50 percent off the licensing fee. “For the cost of licensing one PC in the old system, we can now license two. It just made sense for us.”

What else can you do? As appealing as it is to just ‘buy’ security, even the very best security suites cannot cover all eventualities. Vigilance on the part of you and the other staff members is a must. Here’s a quick and easy ten-step guide that, in conjunction with good security software, should keep you business safe from criminals and accidents.

1. Educate The vast majority of successful attacks are not the result of some elite hack slipping past your computer’s firewall. They’re successful because a human was duped into doing something they shouldn’t have. Perhaps they received an email promising a fun game or a picture of a naked celebrity – if only they click on this link or open this file. Or a message that appeared to come from their bank that told them to go a specific website and enter their username and password. Education is the hardest part of getting security right, but it is essential, and here are three quick and easy to remember rules that will nullify a huge chunk of Internet risks: - Never, ever open an executable file (those with .exe, .vbs or .bat extensions, for example) received in an email, even from people you know. - Never respond to or act on requests in an email that would require you to give up confidential information. That includes emails that direct you to go to a website to enter that information. - Never install new software on a work system (or a personal system that you connect to the office network) without approval. ‘Fun’ applications – small games, screensavers, emoticon packs and desktop enhancers – are the worst carriers of malware, and should be avoided. 14

2. Use good passwords People hate them, but non-dictionary character strings that include both numbers and letters make the best passwords. Dictionary words, dates and names make poor passwords, because hackers can run what are called ‘dictionary attacks’ on the password – automated systems that run every word in a dictionary against the system. ‘Grapevine’, for example, is not a good password; ‘8kgye3df’ is. It’s also imperative that passwords on purchased hardware are changed from the default. A wireless access point set up with the default administrator password and ID is extremely vulnerable, and could be used to access your entire network. 3. Turn on wireless security Many wireless access points and routers are, unfortunately, shipped with wireless networking turned on, but with security turned off. Check your router manual, and turn on WPA or WPA2 security. Without it, anybody in range could access your wireless network, slipping in right behind your router firewall. 4. Create user accounts (with passwords) Every major operating system has the capacity to assign different users varying levels of authority over the system. In Windows Vista, for example, you can create Standard User accounts that don’t have the authority to install new software on a system. This prevents the

user from unintentionally (or intentionally) installing viruses or spyware on the system. Every account on every PC should be password protected, and all guest accounts should be disabled. 5. Remove unused software Unused software and services should be uninstalled or disabled on company computer systems. Most PCs don’t need file sharing switched on, although many PCs are shipped with it enabled. Also, when an employee leaves the company, their accounts should be deleted. Old user accounts are often a way for ex-employees to access your systems. 6. Format If you’re going to throw a computer out, make sure to format its hard drive first. 7. Patch All office computers – and any personal computers that attach to the office network – should be kept fully up to date. On Windows computers, Automatic Updates should be turned on, and the PCs should be periodically checked to see if they’re up to date. New vulnerabilities are being found in both Web browsers and operating systems all the time, and constant vigilance is required to keep them secure.

8. Create backups This seems obvious, but too few companies do it, and they often keep their backups onsite. Important documents should be backed up regularly – at least once a week, and more if they’re critical. External hard drives make a great way to do this, although the physical security of that hard drive then becomes very important. 9. Encrypt Important files should be encrypted using one of the various tools mentioned earlier in this booklet, especially if they’re taken offsite on a notebook, mobile or USB thumb drive. Encrypted files can only be accessed if the user has the proper password, which ensures that, even if the files are lost or stolen, they can’t be used against you. 10. Have insurance Insurance against financial hardships associated with data loss and theft is available, but given how difficult it can be to quantify the financial losses associated with this kind of event, it’s worth reading any insurance policy in detail. Companies have been wiped out because they misread insurance policies.

Get full-time security for your small business, from only $5 per person per month* FREE 30-DAY TRIAL OFFER

Most organisations employ engineers to protect their networks, but as a small to medium size business, can you afford a dedicated Network Manager at around $100,000 a year1? From only $5 per month per user, McAfee Total Protection is the proven cost-effective and simple solution. Viruses • Phishing • Spyware • Hackers • Spam

The first 200 Trial users will also receive ‘FREE’ McAfee VirusScan Plus for home! Visit the Total Protection site for a Trial, Demo and more: 1 Michael Page 2006/2007 Technology Salary Survey.*Based on current McAfee RRP as of Oct 12 2007. Australia 1800 644 646. Hong Kong 852 2892 9500. India 9122 6693 5278. New Zealand 0800 508 333. Singapore 65 6222 7555. Thailand 662 625 3058 to 61. Find your local reseller at McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. ©2007 McAfee, Inc. All Rights Reserved. crn2-1007

crn2-1007.indd 1

10/12/2007 7:38:13 PM