Steps to develop secure and trustworthy websites and web applications

submitted by Betha Aris CEH/CISA/CISSP, System Specialist

What role should the System Administrator and Developer play in the creation of more secure websites and web applications? Here is a step by step guide:

Securing the Web Server
Web server is one of the many public faces of an organization. Let’s take a look at some of the threats and solutions to secure the server:

• Operating System Hardening
  OS Hardening is a method to safeguard the Operating System from intrusions. It was developed due to the rise of computer hacking incidents. Before using, remove all non-essential tools and utilities so the security features of the system are activated and configured correctly.
• Protecting from Denial of Service Attack
  Denial of Service (DoS) attack is an attempt to make a computer resource unavailable to its intended users. The main types of DoS attack are Buffer Overflow, SYN Flood, Smurf Attack and Zombie attack. The ways to prevent this attack can be done by installing a good firewall to filter out potentially dangerous packets. Again, out-of-the-box System Administrator will likely be set up for ease of access to proactively search for damaging programs.

• Protecting the Server from Remote and Local Exploitation
  There are a bunch of gangsters: they want to control your network, they want to deliver your emails, they want to know who does what and they try to shut down everything. Open your eyes and keep up to date with Vulnerability Development news; also apply regular patch on the system.

Securing the Database
Database server is the foundation of virtually every electronic business, and the database hold sensitive financial data and must be guarded from competitors and unauthorized internal access. These are the actions you should also be taking to configure and operate a secure Database environment.

• Securing default user accounts
• Securing database access
• Audit data access
• Patch the database server from known and unknown vulnerability

Securing the Code
There are several ways hackers can manipulate the URL of a website to perform remote exploitation (SQL injection, XSS attack, RFI attack, Remote buffer overflow attack, etc). These are just some general tips about keeping your web-applications protected:

• Have your web code reviewed by a person to identify and correct vulnerabilities.
• Do not instantly trust open-source code. If you find a nice open-source CMS on the internet that you would like to integrate into your site, use common sense and audit the original code. You can search for various web exploits and then read through the code yourself.

Monitoring the System
In order to protect the network from intrusions, you can apply the following intrusion prevention: Apply host-based intrusion detection system or network intrusion detection system. These systems are highly configurable and feature detailed logging, analysis of attacks and security alerts. These two systems complement other forms of security systems and add another defense against the growing security threat faced by all organizations.

Vulnerability Assessment
There is a high amount of new vulnerabilities discovered on a daily basis and it is important to do regular network vulnerability scanning of all your systems to ensure that your configurations are correctly set and that you have the proper security patches applied.

• Regular Audit
  It is recommended to perform an IT audit procedure on a daily, weekly or monthly basis (depends on IT organizational policy) to ensure your computer is scanned for the latest threats and if at risk, you are immediately alerted.
• Keep the System Up to date
  Install and patch the system from trustworthy web sources as possible with the latest security updates.
• Vulnerability Scanning
  Vulnerability scanning can be used to conduct network reconnaissance, which is typically carried out by a remote attacker attempting to gain information from a network. You can use some various standard vulnerability scanners like Nessus Vulnerability Scanner that provides a view of your networks as seen by outsiders. It uses Nmap to scan for open ports and then attempts to determine what vulnerabilities may exist for the services it finds. It can then provide a detailed report that identifies the vulnerabilities and the critical issues that need to be corrected.

The Precision Group is a global business process outsourcing company with offices in Hong Kong, Isle of Man, Jakarta, London and Manila. It provides integrated middle and back-office support solutions, as well as creative and web services for the financial and professional services sector.
For more information, please visit our website at www.precision-group.biz

Outsourcing opportunities during recession

As written by Matthew Deayton, General Manager, Business Development

Outsourcing has become a key business tool for small and large companies across market sectors. But with the current economic downturn, have companies put a stop to outsourcing?
Based on our experience, the answer is a definite no. We are still grabbing business opportunities from the financial and professional services sector.

I recently attended a KPMG conference on outsourcing trend, and the advisory firm confirmed that the recession is opening new opportunities and focus on outsourcing, with companies seeking newer destinations to lower costs and get added benefits.

According to KPMG, the economic downturn’s impact on outsourcing varies by market. But it has emerged that demand for outsourcing from Asia Pacific is on the rise, creating large opportunity for local suppliers to develop their capabilities.

The focus of companies looking to outsource has also changed as economic outlook still looks gloomy. The World Bank expects the world economy to contract by 1.7% and global trade by 6.1% in 2009. While companies previously were willing to invest in outsourcing relationship more than longer term benefits, the recession has put the priorities on cost optimisation and sustainable innovation. In short, outsourcing has risen above just a mere cost cutting tool, to become more strategic to the overall business strategy.

In terms of outsourcing destinations, India is still popular but China is aggressively catching up, and other markets like the Philippines may get a second look.

The KPMG report said in aggregate, the majority of companies in Asia outsource to India at 55%, with China as the second most popular destination at 36%, Singapore at 20%, Hong Kong 16%, and the Philippines 7%.
KPMG said English is the main outsourcing language in India, but with its rapidly rising labour costs, English-speaking companies might give the Philippines, another English-speaking outsourcing destination, a second look.

The conference highlighted some of the key factors that make a location attractive to outsourcing, which included:

• Demographics – a large pool of well educated people available at a highly competitive cost
• Infrastructure – stable environment in which to operate, power, internet connectivity, access to the work place.
• Political Stability – giving confidence to potential clients that the operation is not going to be shut down due to political unrest.

There are other factors like rule of law, protection of intellectual property right, and track record. But the three factors stated above in bullet points were significant barriers for us to attract clients in Indonesia or the Philippines had we entered these markets several years back. Things have changed. Less of the well educated population are no longer attracted to go overseas as more opportunities open locally, the infrastructure has improved significantly, and the political stability is much more evident.

We are positioned in a perfect situation to be a key outsourcer of business processing, and we already have a core of well-experienced team in our specialised field of financial services. As China attracts more outsourcing to this side of Asia, all the region’s countries will benefit. In addition, having representative offices in Hong Kong and Manila positions us well to capture part of the market migrating south.

The Precision Group is a global business process outsourcing company with offices in Hong Kong, Isle of Man, Jakarta, London and Manila. It provides integrated middle and back-office support solutions, as well as creative and web services for the financial and professional services sector.
For more information, please visit our website at www.precision-group.biz

Marriage is a Journey

submitted by Fordyono Sukamto, Senior Account Executive

Marriage to some might be just simply mean finding a life companion or for others, it maybe a way of making a statement “it’s time to settle down”. There are many reasons as a matter a fact to why we choose to walk down the aisle. Whatever the reasons, Marriage is a journey for two.

For those who intend to enter this rollercoaster ride journey of marriage or just about to begin your own marriage journey, the following guide is your very own Marriage 101 to help you and your partner in creating a successful marriage relationship.

1. Before setting a ‘Wedding Date’
In summary, the first thing you need to do is ask yourself why you are getting married. If your motives are unrealistic, you may find yourself having unfulfilled expectations. You also have to learn to accept that living together and being married are different. Marriage is more than sharing a home and having sex. Likewise, communication plays an important key in maintaining a relationship. Always talk with one another about important issues before you walk down the aisle and deal with realities and expectations to keep your marriage strong. This may sound corny but you can always do a little research by talking to married couples, look up at books, or web to find out how to get married by getting a better idea, not forgetting different locales have different marriage licensing regulations.

2. Understanding the importance of communication in your marriage
Learn to keep your lines of communication open with one another. Be honest and never hide secrets with your partner. Create an understanding that everything in life has a process stage, likewise marriages. Maintaining a healthy marriage is a life long process. There will be times that fight, arguments will follow through disagreement, and the key is learning how to fight fairly. Happily married couples do not avoid an argument. They know how to handle conflict in healthy ways. Be willing to seek help through couple therapy if you find yourselves starting to be defensive, critical, or distant from one another. Do not wait too long to get help. Couples who postpone seeking professional advice often find that the damage to their marriage is too extensive to save it.

3. Issues Many Married Couples Have to Work Through Together
Many researches have shown and proven that ‘finance’ is the number one reason couples divorce. Therefore, the best way to avoid these before it is too late is to discuss money issues in your relationship regularly. The second highest is conflict over house chores. You cannot avoid talking about this topic.

Well, the third is a little bit tricky; a sexy, exciting marriage does not just happen. You need to stay intimate with one another and show your love and passion for one another on a daily basis. The fourth most common issue is kids. As having kids in your family can bring tremendous joy, they do however will create an impact on your marriage. Remember to schedule time just for the two of you. The fifth issue is involve with the outer circle is your in-laws. Whether you like it or not, your in-laws will be a part of your marriage so it is wise to learn how to set boundaries with your in-laws and how to enjoy them. Finally yet importantly, stress in your marriage tends to tear most couples apart. Learn coping skills to help you through the tough times.

4. Celebrating your marriage relationship
Eventually, we are the ones who decide the fate of our own marriage. The minute you are on board the journey, you are stick to it for life. Nonetheless, here are some tips for dummies; Create some spice and learn to have fun together. Celebrate special events such as birthdays and especially wedding anniversaries and lastly plan for holidays and how you will handle your in-law’s expectations.

I hope you enjoy reading this article and please note that I am not involved or responsible for any liabilities if none of the points worked out for you.

Brainstorming in Virtual Space: was it possible?

PART ONE

I was thinking of how should I conduct a successful brainstorming, which requires more than a bunch of people sitting in a room. I need a brainstorming technique to get the creative juices flowing so that even the most reticent participants feel free to contribute. Usually we keep an ordinary approach by doing a brainstorming session where the group members are communicating directly in the same room.

One good reference of how should brainstorming goes is from the book of The Art of Innovation: Lessons in Creativity from Ideo, America’s Leading Design Firm. Wrote by Tom Kelley, a general manager of Ideo Product Development, one of the world’s premiere product-development firms. Kelley points out that a poorly planned brainstorming session could cause more harm than good. That’s why Ideo follows strict rules for sparking good ideas. At Ideo, idea-generation exercises are “practically a religion,” Kelley says.

Some are simple truths: Morning meetings work best; 3 – 10 participants should take part; and cookies always spur creativity. Some, like those outlined below:

1. Sharpen the focus
2. Write playful rules
3. Number your ideas
4. Build and jump
5. Make the space remember
6. Stretch your mental muscles
7. Get physical

Thus when brainstorming rules apply, that means (1) we are trying to get as many ideas on the table as possible, and (2) we will come back as a collective group later and sort, organize and judge the ideas. But the two stages are kept distinctly separate.

Each person has to be very careful in an in-person meeting to suppress the judging and idea evaluation parts of themselves when brainstorming rules apply, in order to not ruin the creative idea generation spark that is kindled within other people.

I do have an interesting working environment. While I am in Jakarta office, my General Manager is in Hongkong, and some of our clients. Sometime we need to do skype call or phone call to discuss about the project.  But sometime this media is not suffice or adequate enough for any brainstorming session. Then this question will follow, when we can’t be together, but we still need some ideas and we have to keep still the brainstorming rules, how do we translate the guidelines of brainstorming but not in a usual place, such as virtual space?

To be continued…

Bajoy

Our Indonesia office will be closed

Our Indonesia office will be closed due to the “Ascension day of Jesus Christ” on Thursday, 21st May 2009. We will resume operation on Friday, 22nd May 2009.

Our Hong Kong office will maintain normal business hours as usual during this time.

We appreciate your understanding and apologise for any inconvenience this may cause.

Kind regards,

Client Services

The Precision Group is a global business process outsourcing company with offices in Hong Kong, Isle of Man, Jakarta, London and Manila. It provides integrated middle and back-office support solutions, as well as creative and web services for the financial and professional services sector.
For more information, please visit our website at www.precision-group.biz

The Chuck Norris Syndrome

Chuck Norris is the man who can do anything, and the universe is afraid of him. Not just the people in the universe, the actual universe itself. The abilities are collected in Chuck Norris facts, which include:

• Chuck Norris doesn’t read books. He stares them down until he gets the information he wants.
• Chuck Norris’ hand is the only hand that can beat a Royal Flush.
• Chuck Norris can lead a horse to water AND make it drink.
• Chuck Norris doesn’t wear a watch, HE decides what time it is.

In managing Projects clients can easily fall into three categories;

The first only needs a gentle nudge to get their project moving:
It’s not always that the client doesn’t know how to solve their problem, or perhaps what the problem is, but that they need someone else to say it for them. The tech people convince the management by confirming what they have been saying. In other cases, they just need a little push in the right direction.

The second group has the will to change and improve, but…:
They always talk about how the IT can help them improve the business but seems too disorganized to get things done. There is this weird sub-group of companies who pay consultants for answers they never intend to use. They know what they need to do but have some social roadblocks to solve.

The third group is perhaps the most hard to handle.
It’s a small group that wants us to make everything better without changing anything (anything at all), as if we could “chuck norris” the situation:

• The system works because Chuck Norris tells it to work
• Chuck Norris doesn’t need a test suite. The test suite needs Chuck Norris.
• CPUs run faster to get away from Chuck Norris
• Chuck Norris normalizes all schema just by inserting random data
• Chuck Norris can compile syntax errors
• Packets travel faster than the speed of light for Chuck Norris, but he can still catch them
• Chuck Norris has Internet 3
• Chuck Norris can parse invalid XML
• Chuck Norris can break Moore’s Law

The essence of Chuck Norris Syndrome is a believe that:

Chuck Norris can fix everything without changing anything. Don’t laugh… it really happen.
This issue has nothing to do with code, technology, open source, or closed. Rather, we’re discussing a basic human tendency toward stasis and inertia: the desire to avoid change or try something new.

Viewed this way, improving IT failures involves helping an organization become more flexible and adaptable. Being a business consultant is part of the job.

While there’s no silver bullet, simply being aware of the problem often helps.

The Precision Group offers payroll administration solution in Indonesia

6 May 2009 – The Precision Group has launched Precision Payroll, an efficient and cost-effective payroll administration service for both small and large corporations. The service is presently offered in Indonesia only but will be rolled out to other markets later.

To enhance its service offering, the Precision Group has partnered with leading bank HSBC and Indonesia-based tax adviser The Practice to provide corporations and employees an integrated and seamless solution encompassing payroll, banking and tax advice.

Jeremy Kemp, managing director at the Precision Group said, “We launched Precision Payroll in response to demands from companies for a reliable third-party payroll administrator. What we offer is an integrated and seamless solution that is cost-efficient and secure. We do the worrying for you so you can focus on managing your business”.

Precision Payroll deliverables include: payroll tax filing, HR information management, employee benefits management, sick leave and maternity leave administration, commission management, overtime management, with Web-based self-service functionality.

The Precision Group’s strategic partnership with HSBC and The Practice provides you added benefits, including:

• International banking standards for corporate and individual protection
• Preferential employee banking facilities including access to credit cards and personal loans with attractive rates
• An E-Tax system that automates seamlessly with the payroll process
• Automatic online authorisation facility for salary paymentsFree transfer fee in IDR to any banks in Indonesia

For more information on the Precision Payroll solution please contact us at (62) 21 2557 4573 or email payroll[at]precision-group[dot]biz

The Precision Group is a global business process outsourcing company with offices in Hong Kong, Isle of Man, Jakarta, London and Manila. It provides integrated middle and back-office support solutions, as well as creative and web services for the financial and professional services sector.
For more information, please visit our website at www.precision-group.biz

The Precision Group expands its foothold with Manila office opening

7 May 2009 - The Precision Group today announced that it has expanded its foothold in Asia with the opening of a Manila office. The Manila branch is being headed by Jojo Battung, concurrently the general manager for corporate service.

Jeremy Kemp, managing director of the Precision Group, said: “The Philippines’ business process outsourcing (BPO) industry is one of the fastest growing globally. We would like to take advantage of the opportunity to expand our business and our capabilities in this new geographical market and to new industries”.

“With our highly-skilled employees and driven business strategy, we are optimistic that we can grow our business in the Philippines within a short time. We aim to venture into new industries, such as travel and hospitality, logistics, legal and medical,” said Mr Kemp.

The Precision Group is a global business process outsourcing company with offices in Hong Kong, Isle of Man, Jakarta, London and Manila. It provides integrated middle and back-office support solutions, as well as creative and web services for the financial and professional services sector.
For more information, please visit our website at www.precision-group.biz

The Precision Group launches new website

7 May 2009 - The Precision Group today launched its new website to effectively communicate to the public our role as a global provider of outsourced solutions.

The website introduces our comprehensive range of services for the financial and professional services sector, comprising payroll administration, fund administration, IFA administration, asset management administration, institutional administration, creative & website services, Precision Language, and Precision Email Marketing. Each service line offers tailored and highly-efficient solutions to meet your individual business needs.

The website allows you to get to know us better – it provides an overview of our vision and mission, our dedicated team, our service excellence pledge and our commitment to social responsibility. We have also included a case study section to present in detail how our solutions have helped enhance the operational efficiency and enrich the bottom line of businesses.

Please visit our new website at http://precision-group.biz

Investing in Unit Linked Protection Products

as written by Vincencius Santoso, Account Manager – Business Development Division

For the past couple of years Indonesia had been a very lucrative target market for many Financial Institutions based in Europe. Instant example for this is the big columns in leading newspapers like Kompas or Jakarta Post posted their financial positions and Profit and loss statement these financial institutions had made within previous years. The questions are, what made these companies big, and what kind of attractions do they offer to the majority of Indonesians?

The answer is financial product, they could be varied in many forms like; easy mortgage, Reksadana, bonds and equity investments, foreign exchange, and insurances. Let us talk about insurance, first of all, we have long known that insurance is a good protective measures for any aspects of life that is fragile, either it’s medical insurance, life insurance, education insurance, car insurance, and many others. The point is protection against forces beyond control that might lead to great devastation for the parties affected, for instance the loss of income caused by the inability of an individual to work due to work hazard, or loss of car caused by crime. People sees insurance as an added value to protect themselves against life’s bitter realities that sometimes is, well, unavoidable and unpredictable. Many people think, it is always better to anticipate things before it actually happens.

However, often times these precautionary measures cost us just way too much and furthermore, people might think it is somehow such a waste to keep on paying premium that vanishes in thin air if it goes unclaimed. That’s the past insurance, insurance nowadays, especially life and medical insurance offers more than just a protection. They created a product, commonly known as unit linked product which enables client to enjoy life or medical protection with an added value of investment where their money is let grown by linking the premium paid to fund in particular.

So what is fund? Fund is one of money market instruments which consists of hundreds portfolio of equities within. The performance of these equities within would then determine yield or performance of fund in particular, while equities themselves would be linked with the performance of the companies within an industry. At this point people would normally buoyed by the fact that their money could grow at higher rates compared to bank’s time deposit, but be aware that since your money is now invested, there are risk associated with it. There is never an actual guarentee by any providers that your money will remain at least the same amount of money you have already paid. So before you get yourself into any unit linked insurance you need to identify your needs first, whether you are looking for a savings plan or you are looking for a protection plan with additional value of investment.

If you are looking for a savings plan and you are in need of this money on daily or periodical basis then the answer is regular saving account at the bank. But if you are looking into long term savings and protection plan, it might be worth looking into Unit linked insurance. The idea of saving on unit linked insurance would be based on this; basically the growth of fund in the long run would eventually grow upright and any downturn are generally happens on the short run only. So, when we are looking for at least 5 to 10 years of investing, it is a great alternative to conventional savings at the bank where the growth rates of this fund are generally grows at higher rates compared to what is offered by banks. Unless of course there is major crunch at money market like what the world is experiencing globally at the moment.

Looking or considering into unit linked insurance people? Id say, why not, you normally enjoys good life and health covers plus a long term saving in form of investment in managed funds or equity funds. But first of all you will need to consider your goals, analyze your financial position carefully so that this financial products able to assist you and giving you an added value rather than a burden caused by lack of information and knowledge on their terms and conditions plus incorrect information about risk associated with it and general understanding of the product features. Always remember to adjust these products to your needs and goals rather than you adjusting your financial positions to these, it is meant to assist you rather to be an unnecessary burden. Happy investing!!