Every time I attend a "Security Guru's" meeting, I'm amazed
by how much time and effort is spent on discussing complex
hacking and computer compromise of computer networks and
systems.
One person is going on about the latest "heap corruption"
vulnerability and another is discussing man-in-the-middle
techniques for compromising remote access systems.
Most of these vulnerabilities are very difficult to
successfully exploit. Some of them require specific host
platforms, special tools, in-depth knowledge of many
programming languages, and a lot of luck.
I'm not saying there are not tons of vulnerabilities and
exploits like these, it's just that they are not always easy
to take advantage of, and therefore, may not present
themselves as high risk events for most organizations.
It's The Little Things The Will Get You Every Time
During security assessments, there are times when I am able
to successfully exploit a "technical" vulnerability to gain
system or internal network access. For instance; during a
recent assessment, I identified a web application server
that appeared to be vulnerable to an IIS / ASP vulnerability
that would allow an attacker to dump all .ASP code on the
server. After some effort and a little C/C++ code, I was
able to take advantage of this exploit. After perusing
through the .ASP code on the server, I was able to gain
important information that resulted in the comprise of an
internal system.
However, the reality is it is the simple things that are the
biggest problem. Most times, internal network compromise is
the result of one or more of the following:
The installation of a web support application that has
little to no security features to begin with;
The installation of support software that has a well-known
default password for the admin account. And, the person
installing the software never bothers to change the
password;
Improperly configured communications devices such as routers
and switches;
Important, and sometimes critical documents left on web
servers. Information that only internal or technical people
should have access to;
Poor password and authentication policy. Users using weak
passwords to access accounts, especially remote access
devices that are present on the Internet;
Test servers that the have been forgotten about and are
still present on the Internet;
Poor network border architecture For instance; installing a
firewall and forgetting that there are other network that
need to be protected or should be placed behind the
firewall.
The above is just a handful of "Little Things" that get
overlooked and can result in the undoing of your networks
security measures.
As an example; Many organizations provide their internal and
external customers with a public FTP service. Most times,
this is done to allow people to easily post "non-critical"
or public information and share it with other associates.
Recently, I identified just such an FTP server. The server
allowed anonymous logons, however it contained
sub-directories that were secured. These secure directories
were only accessible by the people who owned the account. It
was obvious to me that I was not going to easily compromise
these accounts. On the other hand, sitting right in the
anonymous "root" directory was a .zip file that was rather
large. I downloaded the file, which took quite a while,
unzipped it on my desktop, and guess what it contained? It
was a compressed file of the entire FTP server, including
the secure directories.
I would bore you with what I found within these directories.
The bottom line is, I should have never had access to the
information they contained.
Conclusion
The bottom line is this; it really is the little things that
will come back to haunt you when it comes to computer
security. No system should ever be rushed into production.
This is one of the most common causes for poorly secured
systems. The team in charge of implementing new technology
needs to be educated on how to securely deploy new systems.
And if you are installing support software from outside
vendors, make sure you thoroughly review their products
security features. Also, make sure they fully disclose any
known bugs or improperly functioning features.
Wednesday, January 31, 2007
Is the Internet Insecure Because of You
We can simply blame this all on the big corporate companies; they seem to be a very good escape goat however, this is not the case; your privacy is totally up to you. Certificates ensure that all the data that is transferred between you and the internet is secure and encrypted. Recently in New Zealand there was a short certificate outage on a banks website. During this outage only one out of 300 users took this security warning seriously.
This is a rather large concern, as many users on the internet have the same belief that their data is safe and secure. By the end of 2005 it is estimated identity fraud will cause up to 5 trillion dollars world wide. We, the users of the internet must keep ourselves safe, secure and pay attention to those security warnings. I have compiled some good tools and tricks that will help keep you much more anonymous and secure.
1) Get rid of the internet explorer:
First and foremost Microsoft Internet Explorer is the highest risk to your internet experience. Not only is the most popular internet browser, but is also the most popular for attacks from Viruses and Spyware. Internet explorer is also too integrated with the windows operating system. Have you ever wondered how a dialler or online casino got onto your desktop?
I personally recommend Opera; they have a nice clean browser. The usability is easy and best of all, it uses tabbed browsing.
2) Protect your Connection.
Make sure you have an active firewall operating; Firewalls stop intruders from entering your connection and causing havoc. Hackers can easily gain access to an unprotected network and steal private information.
With the release of SP2 for Windows XP, Microsoft have incorporated a free personal Firewall. If you have broadband your router should have an inbuilt Firewall, and make sure this is enabled, Zonealarm also offer a free Firewall. You must always do what you can to protect yourself.
3) Don’t share those files:
One of the most common security flaws besides running Windows XP, is having File sharing enabled. To disable File Sharing please do the following:
Click Start Menu, select settings.
Click on Network Connections.
Right-click on the Local Area Connection icon and on the menu that appears, choose Properties.
In the General tab under “This connection uses the following items”, highlight “File and Printer Sharing for Microsoft Networks”. (If File and Printer Sharing is not listed, then file sharing has not been setup). You may skip the rest of these instructions.
Click Uninstall.
When you are asked if you are sure you want to Uninstall File and Printer Sharing Click Yes.
You may now close the Local Area Connection Properties window.
You must restart for your computer for the effects to work.
3) Hide your IP address:
Your IP address is just like your phone number, it links directly back to you. There are many reasons you may wish to hide your IP address. Preferable you do not want to be tracked around the web, it’s just as bad as having a GPS in your mobile phone.
I have found a great tool that gives free anonymous surfing: Primedius. This tool is free for a limited time. I don't guarantee this service but I believe it performs to basic anonymous web-surfing standards.
4)Check those certificates:
Your internet connection is not secure, the data that travels between you and the site you may be browsing may pass through over 25 other computers. If you are sending very confidential information such as credit card payments, make sure the address starts with an https. Also check that the padlock on your browser is locked, and is valid for the specific site. This will ensure that you have a 128 bit encrypted connection with the website.
If you want secure email you may also have your emails encrypted too. A good free vendor is Hushmail. Your email security is more at risk than your web browsing; you must ensure your emails are safe.
5) Kill the spyware
Spyware are little programmes that can easily be picked up by surfing any website or downloading files. Spyware can pickup information from where you surf to your credit card details, this information then can be sold.
Microsoft has released a beta version of their upcoming anti spyware removal tool. This too works well, and I highly recommend this tool. Zonealarm also offer a free online spyware detector.
The information I have passed to you should be seriously considered. The internet is a very unsecure environment; you must ensure your data is safe from outside prying eyes. Make sure you are careful with any transaction you make. Never fool for any kind of email promotion, anyone who tries to sell to you through spam advertising is not trustworthy. Also make sure to check the links from anything you click on, I have found numerous fake Paypal sites that try to steal your login and password.
Remember... it is up to you!
This is a rather large concern, as many users on the internet have the same belief that their data is safe and secure. By the end of 2005 it is estimated identity fraud will cause up to 5 trillion dollars world wide. We, the users of the internet must keep ourselves safe, secure and pay attention to those security warnings. I have compiled some good tools and tricks that will help keep you much more anonymous and secure.
1) Get rid of the internet explorer:
First and foremost Microsoft Internet Explorer is the highest risk to your internet experience. Not only is the most popular internet browser, but is also the most popular for attacks from Viruses and Spyware. Internet explorer is also too integrated with the windows operating system. Have you ever wondered how a dialler or online casino got onto your desktop?
I personally recommend Opera; they have a nice clean browser. The usability is easy and best of all, it uses tabbed browsing.
2) Protect your Connection.
Make sure you have an active firewall operating; Firewalls stop intruders from entering your connection and causing havoc. Hackers can easily gain access to an unprotected network and steal private information.
With the release of SP2 for Windows XP, Microsoft have incorporated a free personal Firewall. If you have broadband your router should have an inbuilt Firewall, and make sure this is enabled, Zonealarm also offer a free Firewall. You must always do what you can to protect yourself.
3) Don’t share those files:
One of the most common security flaws besides running Windows XP, is having File sharing enabled. To disable File Sharing please do the following:
Click Start Menu, select settings.
Click on Network Connections.
Right-click on the Local Area Connection icon and on the menu that appears, choose Properties.
In the General tab under “This connection uses the following items”, highlight “File and Printer Sharing for Microsoft Networks”. (If File and Printer Sharing is not listed, then file sharing has not been setup). You may skip the rest of these instructions.
Click Uninstall.
When you are asked if you are sure you want to Uninstall File and Printer Sharing Click Yes.
You may now close the Local Area Connection Properties window.
You must restart for your computer for the effects to work.
3) Hide your IP address:
Your IP address is just like your phone number, it links directly back to you. There are many reasons you may wish to hide your IP address. Preferable you do not want to be tracked around the web, it’s just as bad as having a GPS in your mobile phone.
I have found a great tool that gives free anonymous surfing: Primedius. This tool is free for a limited time. I don't guarantee this service but I believe it performs to basic anonymous web-surfing standards.
4)Check those certificates:
Your internet connection is not secure, the data that travels between you and the site you may be browsing may pass through over 25 other computers. If you are sending very confidential information such as credit card payments, make sure the address starts with an https. Also check that the padlock on your browser is locked, and is valid for the specific site. This will ensure that you have a 128 bit encrypted connection with the website.
If you want secure email you may also have your emails encrypted too. A good free vendor is Hushmail. Your email security is more at risk than your web browsing; you must ensure your emails are safe.
5) Kill the spyware
Spyware are little programmes that can easily be picked up by surfing any website or downloading files. Spyware can pickup information from where you surf to your credit card details, this information then can be sold.
Microsoft has released a beta version of their upcoming anti spyware removal tool. This too works well, and I highly recommend this tool. Zonealarm also offer a free online spyware detector.
The information I have passed to you should be seriously considered. The internet is a very unsecure environment; you must ensure your data is safe from outside prying eyes. Make sure you are careful with any transaction you make. Never fool for any kind of email promotion, anyone who tries to sell to you through spam advertising is not trustworthy. Also make sure to check the links from anything you click on, I have found numerous fake Paypal sites that try to steal your login and password.
Remember... it is up to you!
Monday, January 29, 2007
Cracking passwords using Rainbow tables
Most network security analysts are aware of password auditing tools such as Lopthcrack. Perhaps not everyone though has heard of Rainbow tables. Using Rainbow tables that have been pre-generated can dramatically decrease the amount of time it takes to crack/audit passwords. This is very much a huge step forward for both the network security analyst as well as the black hat hacker. Password audits are nothing new, but it would behoove us all to download the Rainbow tables, which at last count total 4 GB’s worth, and test our companies passwords.
Bugs for dollars
The initiative started some time ago that pays a security researcher for their work is gathering yet more steam. This time some people were offered significantly more then the paltry several thousand. It always struck me as exceedingly cheap that an exploit would be bought for only a few thousand dollars. More often then not, a lot of billable hours go into researching and developing an exploit. Were Microsoft serious about security then they would start buying exploits as well. Then again though, doing so might very well bankrupt them -). Seriously though, Microsoft should start to consider paying for such exploits, or hire better talent for their Q&A.
System administrators and accountability
System administrators (sys admins) perform a very important role in any corporate network. They are the first line of defense and all to often also the last line. This then begs the question of are they being held to account? By this I mean, is the sys admin being given the proper guidance in what is expected of them, and then the supervision to ensure they are doing so? All to often corporate networks are rooted by old exploits, or conversely by relatively new ones. The sys admin responsible often says they did not think, or were too busy, to check the vendor site for patches. That is an unacceptable excuse of course. With this scenario in mind you may want to include in the sys admin’s duties daily checks of the vendor sites for patches. That simple step would go a long way towards ensuring the safety of your networks.
Sunday, January 21, 2007
Home Security Systems
Building a house, setting it up for your requirements, and ensuring that it all gets done just as you wanted all take a lot of planning, time, and effort, apart from the obvious financial implications. In most cases, people put in their life’s savings to ensure that they get it all right.
In the midst of all this, along comes a person who, in a matter of hours has the potential to take it all away or, at best, ruin things for you. In order to avoid such a horrifying scenario, one needs to take a serious look at home security systems. These systems act as deterrents and, in most cases, help in catching the culprit too.
Technology has made gigantic leaps in all fields, and home security is no exception. One can buy burglar alarms to suit one’s budget and get effective protection. Now, one can even use the Internet for security. This is far superior to conventional systems where breaks in the circuit were the key to raising an alarm and alerting the occupants. With Internet connectivity, the alarm sends silent signals to a call center, and help is then sent to the system’s physical address or geographical location.
Monitored systems are also linked to agencies, which, in turn, send help. The alarms trigger off a signal at the agency’s office, causing an immediate response. Magnetic doors and windows, motion detectors, hard-wired systems, camera surveillance systemsall go a long way to protect the security of one’s house and related assets.
The best security systems are the ones incorporated by professionals who specialize in this field. Ask around and do your groundwork before you decide on a system or agency. Read the fine type of how much protection you can actually count on. And you’ll find that a little research and a bit of investment will go a long way in protecting your assets.
Virtual House Tours Could Offer Too Much Information
We are becoming more aware of the dangers of the internet these days with articles of online predators hiding behind screen names, posing as imposters controlling their victims as if they were puppets on a string, sucking them into a "Web Of Deception."
Computers are used in the transmission of crime often in three capacities. They may be the target of the offense, the tool used in the offence or they may contain evidence of the offence. Everything from sex predators, e-mail scams, fraud and even burglary. Yes, even burglary enters into the equation with the possibility that burglars could target homes via the internet.
The real estate industry's version of armchair viewing, otherwise known as "Virtual Tours," could be giving the "bad guys" too much information. Too much information about your most important investment: your home.
Selling your home is stressful enough without the added stress of a break and enter.
Virtual tours are increasing in popularity as they give home buyers a real impression of the inside of the home and a vivid look at the outside surroundings. Some realtors may deny or play down the dangers of advertising your home on the internet; however, this concern affects not only home sellers but also home buyers whose future home may have been advertised on the internet.
Once a home has been exposed on the internet, particularly on "Virtual Tours," it could remain a risk for robbery for several months as information may have been downloaded and stored on a thief's computer.
Having a home available for anyone to inspect can represent a grave danger. The only people who should be allowed to inspect your home are those who have been identified and qualified. The Internet allows anybody who owns a computer and is hooked up to the web to take a tour through your home.
I don't want just anybody looking through my home, unless they are a genuine buyer accompanied by a realtor.
The safe procedure is quite simple. The homebuyer usually checks out an area before they buy a home. They visit with the real estate agent, who takes great care to ensure that only genuine buyers are allowed to inspect your home.
If you must advertise your home on the internet, make sure that you go over the details with your realtor very carefully. Details like removing precious items before the filming of the tour or having their computer professional remove them through a Photoshop software program after the segment has been filmed. It is very important as a home owner to view the video before it is displayed over the internet, checking for security deficiencies.
Meeting with your real estate representative and ironing out the details is crucial. After all, you are the person holding the strings when it comes to protecting your home.
Information Security Awareness Training - Wireless And Security
Wireless computing gives us freedom of getting online without any restriction in time and space.
Now you can take your laptop and get connection to the Internet wherever is offered wireless service. It can be a library, café or even beach. You can also purchase a wireless base station, called a router, for your home so you can get online anywhere in the house or in the immediate vicinity outdoors. But from information security awareness side, you need to do some thing to employ these options safe.
What is Wireless network and how it's work?
Wireless (Wi-Fi) or 802.11 networks is a method of connecting a computer to other computers or to the Internet without linking them by cables. This network uses radio waves, just like cell phones and radios do. This communication, across wireless network, is similar two-way radio communication.
1.Routers collect the signal and decode, and then send information to the Internet using a physical, wired Ethernet connection.
2.Wireless adapter on your laptop translate data into radio signal and transmit it using antenna.
3.And vice versa... (howstuffworks.com)
Why this kind connection is so unsafe?
Because these transmissions occur in one frequency and mostly they don't have protection against unauthorized access. So, that's means that anyone in range can pick up the signal or transmit on the same time.
From what wireless network are at risk?
*From peoples who listening transmitted information - eavesdroppers.
*From anyone in the range who can connect to your network - hackers.
*From unauthorized users who use your broadband internet connection without your permission.
What can protect your wireless connection?
*Encryption - use encryption to scramble over the network. Better use Wi-Fi Protected Access (WPA), than Wired Equivalent Privacy (WEP), because it is stronger.
*Anti-virus and anti-spyware software and a firewall - these things should be on every computer independent wireless network using or not.
*Caution - turn off your wireless network when you know you won't use it and also turn off identifier broadcasting on your wireless router. So your computer won't send a signal to any device in the vicinity announcing its presence.
*Limitation - allow only specific computers to access your wireless network and modify your router's pre-set password for administration to something only you know.
Now you can take your laptop and get connection to the Internet wherever is offered wireless service. It can be a library, café or even beach. You can also purchase a wireless base station, called a router, for your home so you can get online anywhere in the house or in the immediate vicinity outdoors. But from information security awareness side, you need to do some thing to employ these options safe.
What is Wireless network and how it's work?
Wireless (Wi-Fi) or 802.11 networks is a method of connecting a computer to other computers or to the Internet without linking them by cables. This network uses radio waves, just like cell phones and radios do. This communication, across wireless network, is similar two-way radio communication.
1.Routers collect the signal and decode, and then send information to the Internet using a physical, wired Ethernet connection.
2.Wireless adapter on your laptop translate data into radio signal and transmit it using antenna.
3.And vice versa... (howstuffworks.com)
Why this kind connection is so unsafe?
Because these transmissions occur in one frequency and mostly they don't have protection against unauthorized access. So, that's means that anyone in range can pick up the signal or transmit on the same time.
From what wireless network are at risk?
*From peoples who listening transmitted information - eavesdroppers.
*From anyone in the range who can connect to your network - hackers.
*From unauthorized users who use your broadband internet connection without your permission.
What can protect your wireless connection?
*Encryption - use encryption to scramble over the network. Better use Wi-Fi Protected Access (WPA), than Wired Equivalent Privacy (WEP), because it is stronger.
*Anti-virus and anti-spyware software and a firewall - these things should be on every computer independent wireless network using or not.
*Caution - turn off your wireless network when you know you won't use it and also turn off identifier broadcasting on your wireless router. So your computer won't send a signal to any device in the vicinity announcing its presence.
*Limitation - allow only specific computers to access your wireless network and modify your router's pre-set password for administration to something only you know.
Getting Traffic To Your Web Site
Traffic, traffic, traffic. Any article you care to read about having a successful web site will always stress the importance of traffic. It is absolutely essential if you want to succeed in any internet based business. You can have the best designed web site, a great product to promote or sell, but without traffic, you have nothing.
Whether you already have a web site and not getting enough traffic, or thinking about starting up one, traffic has to be at or near the top of your list of priorities. To help you generate more traffic for your web site, here are some surefire ways to increase your traffic.
1) Invest in ppc (pay per click) advertising with the major search engines. Google’s Adwords and Yahoo’s Overture provide great advertising schemes that are very popular and assure you targeted traffic. While this is a surefire way to generate traffic, the downside is the expense which can be quite considerable if you are in a very competitive niche. While some shy away from spending money to increase traffic, this is a guaranteed way to bring potential customers to your web site.
2) Exchange, trade or buy links. When you exchange links with other sites, both of you benefit from those exchanges as the traffic one site generates can flow on to the other. This is especially beneficial to you if the other site has a higher page ranking. The search engines crawl high PR sites regularly and will follow the links to your site and hopefully rank your site higher as well. The more links you trade with other sites the more traffic you can expect. Just remember early on in your traffic generation program, to keep the links within the same or similar niche.
3) Use Viral Marketing. Viral marketing allows you to advertise your company or product with minimal or without any cost at all. This method involves attaching your link to a variety of media such as a funny video, entertaining games, interesting articles or a gossip. With this method, people get infected with the creativity and entertainment of the medium and pass it on to others. Your link will be seen and investigated.
4) Search Engine Optimization. Ensure that you use proper keywords/keyword phrases that relate to your site’s content when you design your web site. Search engines look for certain keywords that they show in their results page. Having the right keywords/keyword phrases is a high requirement in ranking well in search engine results and thereby getting lots of traffic.
5) Write and submit Articles Submit your original articles to article distribution sites. You can write these yourself or have others do it for you. Make sure that you attach a description as well as a link to your web site in the resource box at the conclusion of your article. As well as directing readers to your site, you will also get backlinks to your web site which will increase your web site’s ranking.
6) Join forums and contribute to discussions.
Show your expertise and credibility by making constructive comments. People will begin to trust you and your site will benefit from the traffic of those wanting to visit it to get more information about you or your product.
These are just a few methods you can use to generate traffic to your web site. Obviously there is a limit to how much detail can be explored and each of the above topics merits an article in its own right.
Internet Bank Accounts
Internet banking is a system that allows people to manage their bank accounts and investments over Internet conveniently 24 hours a day. With Internet banking, one can manage their accounts in a fast, easy and simple manner from the comfort of their home, workplace, or anywhere else where the Internet is available. Many banks do not charge any additional fees for Internet banking. For personal, business and offshore accounts, Internet banking is the best way to access accounts confidentially. There is no doubt that Internet banking is fully secure and that it takes only few minutes to register a new account.
Through Internet banking, people can use all the services of a particular bank, but the most useful ones are international bank transfer and E-broking. Internet banking is the safest and fastest way to transfer money from an account to any other bank accounts all over the world in any different currency. Through e-broking one can easily invest in the stock market all over the world by placing orders over the Internet.
Internet banking is no different than traditional banking. People can view their Internet bank account and credit card balances, monitor transactions, pay credit bills, open term deposits, and update their personal details. They can set up, change, or cancel standing orders and view or cancel direct debits.
Security is the top priority with Internet banking. All transactions are encrypted using military-based technology. Accounts are protected by a coding system that can be opened by entering several passwords. To access one's account you will need to enter the agreement number, personal password, and a code that is unique to each session and determined by a strike list or a smart card that generates a new security number every time. There are countries that restrict the use of encryption and Internet banking is not available in these places. Security, freedom and flexibility make Internet banking a smart choice.
Thursday, January 18, 2007
Hiring Network Security Professionals
Why Would I Need to Hire a Security Professional?
The FBI has estimated that industrial espionage by foreign spies costs US companies $200 billion per year. Companies also face theft from current and former employees, trading partners, and the potential threat from terrorist cyber-attackers. The Gartner Group estimates that fully 70% of all thefts that cause loss to businesses are from insiders.
How To Judge A Candidate
The most important qualification for any security professional to have is experience. Five or more years of experience directly related to security is enough to have seen the trends, understand the mind-set of hackers, and see the common uses and mis-uses of networks.
With the high demand for network security professionals, and the drought of experienced candidates, businesses have been willing to settle for less experienced candidates. A number of organizations have assembled training courses and certification exams to help bring novices to a reasonable level of security understanding.
Certifications
There are a number of certifications offered for security professionals. No one standard has been generally accepted throughout the community, and it will be a while before one emerges at the top of the heap. The top contenders are:
* CISSP. This exam is considered to be the most difficult, and most comprehensive security exam.
* Security+. This exam was developed jointly between government, educational and business. It tests many important aspects of the security professional's knowledge.
* TICSA. Offered by TruSecure, a security services vendor, this exam is being heavily promoted. Check for discounts on exam fees.
* SANS GIAC Certification. The Global Incident Analysis Center offers a baker's dozen certifications in the security arena. These certifications are, for the most part, vendor neutral. However, they do offer Unix and Windows specific certifications.
There are a number of vendor-specific exams. These include some for Cisco and Microsoft. In general these exams only show competence in implementing and using vendor-specific hardware and network architectures, and are not broad enough for most business security needs.
Above all, ensure that any security professional you are looking to retain has substantial experience and good references. Look at what they've done for other companies similar to yours, how many years of experience they have and get references.
The FBI has estimated that industrial espionage by foreign spies costs US companies $200 billion per year. Companies also face theft from current and former employees, trading partners, and the potential threat from terrorist cyber-attackers. The Gartner Group estimates that fully 70% of all thefts that cause loss to businesses are from insiders.
How To Judge A Candidate
The most important qualification for any security professional to have is experience. Five or more years of experience directly related to security is enough to have seen the trends, understand the mind-set of hackers, and see the common uses and mis-uses of networks.
With the high demand for network security professionals, and the drought of experienced candidates, businesses have been willing to settle for less experienced candidates. A number of organizations have assembled training courses and certification exams to help bring novices to a reasonable level of security understanding.
Certifications
There are a number of certifications offered for security professionals. No one standard has been generally accepted throughout the community, and it will be a while before one emerges at the top of the heap. The top contenders are:
* CISSP. This exam is considered to be the most difficult, and most comprehensive security exam.
* Security+. This exam was developed jointly between government, educational and business. It tests many important aspects of the security professional's knowledge.
* TICSA. Offered by TruSecure, a security services vendor, this exam is being heavily promoted. Check for discounts on exam fees.
* SANS GIAC Certification. The Global Incident Analysis Center offers a baker's dozen certifications in the security arena. These certifications are, for the most part, vendor neutral. However, they do offer Unix and Windows specific certifications.
There are a number of vendor-specific exams. These include some for Cisco and Microsoft. In general these exams only show competence in implementing and using vendor-specific hardware and network architectures, and are not broad enough for most business security needs.
Above all, ensure that any security professional you are looking to retain has substantial experience and good references. Look at what they've done for other companies similar to yours, how many years of experience they have and get references.
Secure FTP Hosting
He secure transport of some of the most important documents in many top financial organizations, health care departments, corporate houses, and of course for individuals has, of late, become a cause of serious concern that needs to be addressed. These transactions may involve monetary payments through credit cards, bank transfers and so on. The documents that are transferred daily consist of billions of dollars of transactions through banking institutions, share certificates and sensitive personal and financial data, besides a variety of long e-books, texts, audio-visual data, music, photos, images and graphics. And their encryptions may not sometimes be secure enough to resist the online breaches.
The importance of Secure FTP Hosting cannot be overemphasized, as the hackers are working hard overtime to breach the security of the IT infrastructure. It is therefore imperative that the privacy of customers’ accounts should be strictly maintained, so that no one should be able to access the files of another user. There may, of course, be exceptions. If someone wants to share files among multiple users, they can be simply told to login with the same username and passwords. In such a situation the site administrator can maintain a master FTP account allowing full access to all files and folders.
If you ever have any questions about secure FTP hosting, you should contact an FTP security expert in your company. Security is an ongoing duty for anybody who works with large numbers of computers. Also, stay up to date on the latest security threats issued by the various Internet security companies in the industry.
The importance of Secure FTP Hosting cannot be overemphasized, as the hackers are working hard overtime to breach the security of the IT infrastructure. It is therefore imperative that the privacy of customers’ accounts should be strictly maintained, so that no one should be able to access the files of another user. There may, of course, be exceptions. If someone wants to share files among multiple users, they can be simply told to login with the same username and passwords. In such a situation the site administrator can maintain a master FTP account allowing full access to all files and folders.
If you ever have any questions about secure FTP hosting, you should contact an FTP security expert in your company. Security is an ongoing duty for anybody who works with large numbers of computers. Also, stay up to date on the latest security threats issued by the various Internet security companies in the industry.
Do I Need a Firewall
"I've heard conflicting reports on whether or not I should be using a firewall. Some people say they are only needed for dialup users. Others say you MUST have a firewall if you have a highspeed DSL or cable connection. Can you give me some advice on this?"
What Happens When You Yell "MOVIE!" in a Crowded Firehouse?
Well all the firemen go running into the streets, of course. Okay, it's a bad joke. But it illustrates the point that even people who are supposed to be experts in computer safety are often confused about firewalls. Here's the scoop on WHO needs a firewall, WHAT they do, and WHY you might be wasting your money on firewall software.
First, let's look at what a firewall is supposed to do. A firewall is hardware or software that limits access to a computer from an outside source. If your computer will ever be connected to the Internet, a firewall is an essential tool needed to prevent malware and hackers from accessing or damaging your computer.
So YES... you do need a firewall. Without a firewall, your computer can be compromised within SECONDS after connecting to the Internet. If you're a dialup user, it might take a little longer, but it will happen. The reason for this is the automated hacking drones that are constantly scanning Internet-connected computers, looking for any vulnerability. What Kind of Firewall Do I Need?
The real question is "Do I need a software-based firewall or a hardware-based firewall?" If you have a highspeed Internet connection such as DSL or cable, and you have a router between your DSL/cable modem and your computer, most likely you already have a hardware-based firewall, and that's all you need. If your router has NAT (network address translation), or your modem has a built-in router with NAT, you have a hardware firewall which effectively makes your PC invisible to the attacking hordes. If you're not sure if you have a NAT router, do a web search for your router's make and model and you should be able to find the manufacturer's specs or a review that answers the question.
If you have a highspeed modem that is connected directly to your computer (no router in between), chances are you do NOT have a hardware firewall in place. And if you have a dialup connection, you definitely don't have a hardware firewall. So in the absence of a hardware firewall, you absolutely need a software-based firewall.
What About the Windows XP Firewall?
If you have Windows XP, and the SP2 security updates have been applied, then you probably have a software firewall in place. Not sure if you have the essential SP2 updates? Click on Help/About in Internet Explorer and look for "Update Versions: SP2" on the info popup. If you don't have SP2, drop everything, click on Tools/Windows Update in Internet Explorer and get the latest fixes from Microsoft. Yes, it's that important.
To verify that the Windows XP firewall is turned on, click on Start / My Network Places / View Network Connections, then click on Change Windows Firewall Settings. On the next screen, you can turn the firewall ON or OFF. If you have a hardware firewall, there is no need to run a software firewall in addition. If you do turn off the Windows firewall, you should tell Windows that you have your own firewall solution, or it will nag you about the firewall every time you start up your computer. To do so, click Start / Control Panel / Security Center. Then under Firewall, click the Recommendations box. On the next screen, check the box labeled "I have a firewall solution that I'll monitor myself." Other Software Firewalls
I know there is heated debated on this topic. Some people claim that you MUST have a software firewall to protect you from malware that might be trying to make an OUTBOUND connection for nefarious purposes. My position is that anti-virus and anti-spyware programs should be installed to remove and prevent the malware in the first place. Sure, you can install ZoneAlarm, Black Ice, or Norton Internet Security, but my experience shows that many users are confused and unnecessarily alarmed by the constant stream of "warnings" that these programs present. Lots of good programs DO need to make outbound connections (ie: your browser, email client, FTP, media players, etc.) so if you're not very careful you'll end up blocking them, and then they don't work correctly. I've also seen cases where software firewalls malfunction and either interfere with certain programs or end up blocking ALL connections. And don't get me going about all the times when my software firewall prevented me from using a shared folder or a networked printer... arrgh!
A Word About Laptops
If you have a laptop that's connected to the Internet through your home network, thre's no difference in terms of the firewall setup. But if you take that laptop on the road and make a wired connection (as in a hotel room with a network cable) or go wireless (in the airport or a coffee shop), you are no longer protected, so it's a very good idea to turn on the software firewall.
To summarize, YES you need a firewall. My personal opinion is that if you have a hardware firewall, don't bother with a software firewall. Can you run both? Yes, but the "benefits" may be outweighed by the problems
What Happens When You Yell "MOVIE!" in a Crowded Firehouse?
Well all the firemen go running into the streets, of course. Okay, it's a bad joke. But it illustrates the point that even people who are supposed to be experts in computer safety are often confused about firewalls. Here's the scoop on WHO needs a firewall, WHAT they do, and WHY you might be wasting your money on firewall software.
First, let's look at what a firewall is supposed to do. A firewall is hardware or software that limits access to a computer from an outside source. If your computer will ever be connected to the Internet, a firewall is an essential tool needed to prevent malware and hackers from accessing or damaging your computer.
So YES... you do need a firewall. Without a firewall, your computer can be compromised within SECONDS after connecting to the Internet. If you're a dialup user, it might take a little longer, but it will happen. The reason for this is the automated hacking drones that are constantly scanning Internet-connected computers, looking for any vulnerability. What Kind of Firewall Do I Need?
The real question is "Do I need a software-based firewall or a hardware-based firewall?" If you have a highspeed Internet connection such as DSL or cable, and you have a router between your DSL/cable modem and your computer, most likely you already have a hardware-based firewall, and that's all you need. If your router has NAT (network address translation), or your modem has a built-in router with NAT, you have a hardware firewall which effectively makes your PC invisible to the attacking hordes. If you're not sure if you have a NAT router, do a web search for your router's make and model and you should be able to find the manufacturer's specs or a review that answers the question.
If you have a highspeed modem that is connected directly to your computer (no router in between), chances are you do NOT have a hardware firewall in place. And if you have a dialup connection, you definitely don't have a hardware firewall. So in the absence of a hardware firewall, you absolutely need a software-based firewall.
What About the Windows XP Firewall?
If you have Windows XP, and the SP2 security updates have been applied, then you probably have a software firewall in place. Not sure if you have the essential SP2 updates? Click on Help/About in Internet Explorer and look for "Update Versions: SP2" on the info popup. If you don't have SP2, drop everything, click on Tools/Windows Update in Internet Explorer and get the latest fixes from Microsoft. Yes, it's that important.
To verify that the Windows XP firewall is turned on, click on Start / My Network Places / View Network Connections, then click on Change Windows Firewall Settings. On the next screen, you can turn the firewall ON or OFF. If you have a hardware firewall, there is no need to run a software firewall in addition. If you do turn off the Windows firewall, you should tell Windows that you have your own firewall solution, or it will nag you about the firewall every time you start up your computer. To do so, click Start / Control Panel / Security Center. Then under Firewall, click the Recommendations box. On the next screen, check the box labeled "I have a firewall solution that I'll monitor myself." Other Software Firewalls
I know there is heated debated on this topic. Some people claim that you MUST have a software firewall to protect you from malware that might be trying to make an OUTBOUND connection for nefarious purposes. My position is that anti-virus and anti-spyware programs should be installed to remove and prevent the malware in the first place. Sure, you can install ZoneAlarm, Black Ice, or Norton Internet Security, but my experience shows that many users are confused and unnecessarily alarmed by the constant stream of "warnings" that these programs present. Lots of good programs DO need to make outbound connections (ie: your browser, email client, FTP, media players, etc.) so if you're not very careful you'll end up blocking them, and then they don't work correctly. I've also seen cases where software firewalls malfunction and either interfere with certain programs or end up blocking ALL connections. And don't get me going about all the times when my software firewall prevented me from using a shared folder or a networked printer... arrgh!
A Word About Laptops
If you have a laptop that's connected to the Internet through your home network, thre's no difference in terms of the firewall setup. But if you take that laptop on the road and make a wired connection (as in a hotel room with a network cable) or go wireless (in the airport or a coffee shop), you are no longer protected, so it's a very good idea to turn on the software firewall.
To summarize, YES you need a firewall. My personal opinion is that if you have a hardware firewall, don't bother with a software firewall. Can you run both? Yes, but the "benefits" may be outweighed by the problems
Tuesday, January 16, 2007
Virus Hoaxes - As Bad As The Real Thing
A computer virus can cause a great deal of damage to your computer or can lead to the theft of your data. This can result in programs that don't work, real time money that is stolen, and time that is lost.
Hoaxes can cause the same problems.
Typically a hoax will arrive in your email and warn you of a brand new threat to your computer. Once the email outlines how the new virus works it asks you to forward the mail to others in your email address book. This is a chain letter that can cause a great deal of damage.
Virus hoaxes can travel far and wide. If each person who gets it sends it to ten other, and each of these ten people send it to ten more people, the list is endless. Once six generations have passed over one million false email will have been sent. By the seventh generation this number will be ten million. By the eighth generation it will be 100 million emails that have no purpose and are using up space on networks.
This problem can cause routers and servers to crash and slow down.
Many times a hoax will be sent with good intentions. For example, there was a warning in email about a virus that was called the "Deeyenda". It has been circulating since 1995. The email says that the Deeyenda virus is known to the FCC and should be passed on.
This email is false. A virus can't be run and activated just by you reading the email. As well, the FCC does not send out warnings about any viruses. They do send out information about spyware. A last comment: there is no Deeyenda virus.
A hoax can do a lot of damage. Some hoaxes will warn you to delete files on your computer that might have the virus. These files are often unknown to most users and are crucial to the correct running of your computer. If you delete them you might not notice the effect immediately. At least until you reboot your system and it won't start.
How to Fight Virus Hoaxes
The first thing that you have to do is recognize a hoax.
A good clue about a hoax is when a lot of technical words are used. A hoax called "good times" had this warning: "If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor". Although this might sound impressive there is no nth-complexity infinite binary loop. As well, no computer processor can be harmed if it's used a lot. It may be slow because you're running a lot of processes but it certainly won't stop working.
Some hoaxes will contain a reference to an organization that really exists such as the FCC or a legitimate company that sells antivirus software. You can easily verify this information if it's a real warning. And if it is real you should expect to see references of it somewhere, such as on television, as well as the Internet.
Make sure that you never buy anything from someone who claims they can fix any virus infection your computer might have. There are plenty of authentic vendors of antivirus software, many of whom have products that you can download or have services you can use via the Internet. You can verify all this information by reading trade reviews and testimonials from sources you can trust.
Don't end up being a victim.
Hoaxes can cause the same problems.
Typically a hoax will arrive in your email and warn you of a brand new threat to your computer. Once the email outlines how the new virus works it asks you to forward the mail to others in your email address book. This is a chain letter that can cause a great deal of damage.
Virus hoaxes can travel far and wide. If each person who gets it sends it to ten other, and each of these ten people send it to ten more people, the list is endless. Once six generations have passed over one million false email will have been sent. By the seventh generation this number will be ten million. By the eighth generation it will be 100 million emails that have no purpose and are using up space on networks.
This problem can cause routers and servers to crash and slow down.
Many times a hoax will be sent with good intentions. For example, there was a warning in email about a virus that was called the "Deeyenda". It has been circulating since 1995. The email says that the Deeyenda virus is known to the FCC and should be passed on.
This email is false. A virus can't be run and activated just by you reading the email. As well, the FCC does not send out warnings about any viruses. They do send out information about spyware. A last comment: there is no Deeyenda virus.
A hoax can do a lot of damage. Some hoaxes will warn you to delete files on your computer that might have the virus. These files are often unknown to most users and are crucial to the correct running of your computer. If you delete them you might not notice the effect immediately. At least until you reboot your system and it won't start.
How to Fight Virus Hoaxes
The first thing that you have to do is recognize a hoax.
A good clue about a hoax is when a lot of technical words are used. A hoax called "good times" had this warning: "If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor". Although this might sound impressive there is no nth-complexity infinite binary loop. As well, no computer processor can be harmed if it's used a lot. It may be slow because you're running a lot of processes but it certainly won't stop working.
Some hoaxes will contain a reference to an organization that really exists such as the FCC or a legitimate company that sells antivirus software. You can easily verify this information if it's a real warning. And if it is real you should expect to see references of it somewhere, such as on television, as well as the Internet.
Make sure that you never buy anything from someone who claims they can fix any virus infection your computer might have. There are plenty of authentic vendors of antivirus software, many of whom have products that you can download or have services you can use via the Internet. You can verify all this information by reading trade reviews and testimonials from sources you can trust.
Don't end up being a victim.
The 10 Most Rampant Computer Viruses
Every day new computer viruses are created to annoy us and to wreak havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.
Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.
Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.
Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.
Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.
Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.
Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.
Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).
Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".
Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
Virus: W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, PĂ©cs (SNAF Team)”
Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.
Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.
Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.
Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.
Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.
Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.
Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).
Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".
Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
Virus: W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, PĂ©cs (SNAF Team)”
Home Network Security Revealed
Some home computer users have become experts without knowing it. Just a short time ago terms such as "wireless" and "router" were only known by computer professionals and experts. Not so any more. These days switches, hubs, Ethernet cards, firewalls, routers, and other buzzwords related to networking have become common in many homes.
Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.
The one thing that home users are lacking is education is how to secure themselves from hackers.
However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...
A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.
PORTS FOR ROUTERS
The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.
A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.
If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.
But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.
You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.
You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.
And most of the time, that will be all....
If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.
The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.
WIRELESS NETWORKS
There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.
What you need to do is lock down the wireless network. You can learn how to do this by reading the manual and then configuring your passwords as well as any other security features that are included.
You don't need to devote your life to becoming a security or network expert just so that you keep your resources safe. However, when you're connected to the Internet through a router there is more risk than if you were connected through dial-up or as a single user.
Take some time today to learn what you can about network security so that you don't spend that time after your network is broken into.
Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.
The one thing that home users are lacking is education is how to secure themselves from hackers.
However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...
A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.
PORTS FOR ROUTERS
The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.
A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.
If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.
But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.
You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.
You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.
And most of the time, that will be all....
If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.
The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.
WIRELESS NETWORKS
There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.
What you need to do is lock down the wireless network. You can learn how to do this by reading the manual and then configuring your passwords as well as any other security features that are included.
You don't need to devote your life to becoming a security or network expert just so that you keep your resources safe. However, when you're connected to the Internet through a router there is more risk than if you were connected through dial-up or as a single user.
Take some time today to learn what you can about network security so that you don't spend that time after your network is broken into.
Wednesday, January 10, 2007
The Two Things You Must Know About Your Private Information Before It's Too Late
Our society is maintained by information: information about who we were, who we are, and in some cases who we will become. We live in the Information age, a time where movement of information is faster than physical movement. Some say that we live in a new type of society called an Information Society, in which the creation, distribution and manipulation of information has become a significant economic and cultural activity. Matthew Lesko, a columnist, made this point clear when he wrote, "Information is the currency of today's world." Sir Francis Bacon an English statesman from the 1500s proclaimed wisely that, "Knowledge is power." His words echo today in the familiar truism, "Information is power."
In our lives today we experience how the personal information that we keep, that we share and that we lose, moves us through a waxing and waning dance of power and powerlessness. Keep your information safe and you protect your home, your assets, your family and maybe even your life. Share your information and in return you hope to receive valuable goods and services. Lose your information and the things that you enjoy and love can come crumbling down around you.
Today, instead of on paper, most of our private information is stored in electronic format on hard drives. This technology allows our world to do business as never before imagined. Business is faster, less expensive and requires far less labor than even one generation ago.
However, throughout history we discover that technological advancement has a price. Pollution and stress invades our environment and often our bodies. The loss of certain skills once familiar drives us toward a dangerous dependency. Now high-tech scam artists and thieves prey on victims around the world at the speed of light and neither needs to be awake for the crime to occur. With these things in mind we are moved to the realization that now is the time for each of us to examine the state of, and the danger to, our personal information.
Your private information is vulnerable in two ways. It is vulnerable to loss and theft. We can compartmentalize your storage locations into two frameworks, your local, personal computer storage and your online storage. These frameworks each have their strengths and weaknesses.
Your local, offline information can be stolen by someone breaking into your house, car or wherever you keep your computer. Your data can be destroyed by a hard drive crash, a fire or flood. It is difficult and time consuming to keep consistent, daily backups of your hard drive then store them at a location other than your computer. You can never be sure if your computer is at this very moment infected with spyware, adware, trojans, back doors, key loggers, bots or viruses. Each one is capable of taking control of your computer and sending your valuable, private information from your hard drive to anywhere in the world.
Many people enjoy keeping notes and documents online. People every day are discovering the convenience of having their thoughts, to-do lists, diaries, customer lists or essays available from any computer in the world. Business people, real estate agents, sales people and others are now getting more work done more efficiently thanks to the wellspring of online document authoring sites.
Now freed from the task of daily backups and concerns about loss and theft due to an infected computer, only one thing remains from making online document authoring and storage the perfect solution: privacy.
Unless you see that the address of the website you’re on begins with the five letters https, your login ID and password are sent in plain text through unknown places over the Internet. Your documents and everything you type is available to be seen, captured and used by criminals and scam artist devious enough to use that which was supposed to be private.
Once your information is on the remote computer, do you know how your data is stored? Do you know who has access to it? Perhaps it’s a computer technician who think it’s fun to read about other people’s lives and secrets. Perhaps it’s someone who sells information on the side to make a little extra money. You just can’t know. And unfortunately, none of these sites seem to care enough about your privacy to encrypt your documents to prevent this from happening.
However, one web site has come forward to address all of these issues. It securely moves your data and documents over the Internet encrypted by the same method used by financial institutions to move their sensitive data. It encrypts your documents on the server at the same level of encryption the government uses for their top-secret documents. It also has a unique, multi password system providing a further layer of security and privacy. With these safeguards in place it is easy to see why this web site’s motto is "Even we can’t read your documents."
If you have electronic information that must be protected from the two threats to your data, loss and theft, then you need to check out the web site referenced in my bio or "About the Author" section. Do it now before it’s too late.
In our lives today we experience how the personal information that we keep, that we share and that we lose, moves us through a waxing and waning dance of power and powerlessness. Keep your information safe and you protect your home, your assets, your family and maybe even your life. Share your information and in return you hope to receive valuable goods and services. Lose your information and the things that you enjoy and love can come crumbling down around you.
Today, instead of on paper, most of our private information is stored in electronic format on hard drives. This technology allows our world to do business as never before imagined. Business is faster, less expensive and requires far less labor than even one generation ago.
However, throughout history we discover that technological advancement has a price. Pollution and stress invades our environment and often our bodies. The loss of certain skills once familiar drives us toward a dangerous dependency. Now high-tech scam artists and thieves prey on victims around the world at the speed of light and neither needs to be awake for the crime to occur. With these things in mind we are moved to the realization that now is the time for each of us to examine the state of, and the danger to, our personal information.
Your private information is vulnerable in two ways. It is vulnerable to loss and theft. We can compartmentalize your storage locations into two frameworks, your local, personal computer storage and your online storage. These frameworks each have their strengths and weaknesses.
Your local, offline information can be stolen by someone breaking into your house, car or wherever you keep your computer. Your data can be destroyed by a hard drive crash, a fire or flood. It is difficult and time consuming to keep consistent, daily backups of your hard drive then store them at a location other than your computer. You can never be sure if your computer is at this very moment infected with spyware, adware, trojans, back doors, key loggers, bots or viruses. Each one is capable of taking control of your computer and sending your valuable, private information from your hard drive to anywhere in the world.
Many people enjoy keeping notes and documents online. People every day are discovering the convenience of having their thoughts, to-do lists, diaries, customer lists or essays available from any computer in the world. Business people, real estate agents, sales people and others are now getting more work done more efficiently thanks to the wellspring of online document authoring sites.
Now freed from the task of daily backups and concerns about loss and theft due to an infected computer, only one thing remains from making online document authoring and storage the perfect solution: privacy.
Unless you see that the address of the website you’re on begins with the five letters https, your login ID and password are sent in plain text through unknown places over the Internet. Your documents and everything you type is available to be seen, captured and used by criminals and scam artist devious enough to use that which was supposed to be private.
Once your information is on the remote computer, do you know how your data is stored? Do you know who has access to it? Perhaps it’s a computer technician who think it’s fun to read about other people’s lives and secrets. Perhaps it’s someone who sells information on the side to make a little extra money. You just can’t know. And unfortunately, none of these sites seem to care enough about your privacy to encrypt your documents to prevent this from happening.
However, one web site has come forward to address all of these issues. It securely moves your data and documents over the Internet encrypted by the same method used by financial institutions to move their sensitive data. It encrypts your documents on the server at the same level of encryption the government uses for their top-secret documents. It also has a unique, multi password system providing a further layer of security and privacy. With these safeguards in place it is easy to see why this web site’s motto is "Even we can’t read your documents."
If you have electronic information that must be protected from the two threats to your data, loss and theft, then you need to check out the web site referenced in my bio or "About the Author" section. Do it now before it’s too late.
Hacking: An Inside Job
"Leaving your Web applications insecure makes no more sense than building a brick wall but using a gate made from chain link fencing." – James Gaskin
Whenever the President of the United States travels anywhere there are numerous individuals charged with making sure the President is secure and unharmed from attack. This is the premise behind Internet security. The work you have done on your site is the product of valuable time and energy. For some business owners the website represents significant research and creative energy. It is possible for a vulnerable website to be hijacked and remade in the image of something that only resembles your website in name only or to have safeguarded data copied for the use of a third party.
One of the biggest mistakes a website owner can make is allowing the work to be left unguarded. As reported in recent years hacking of a computer system can occur both from within a company or from a remote location, which makes the use of Internet security so important.
“Advances in firewall technology (making them easier to install and configure), improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race.” – Dr. Charles C. Palmer
Some hackers argue they are not involved in felonious activities, but are simply seeking knowledge and using the internet to find answers, however the U.S. Government views the activity as a felony and punishable by applicable state and federal laws.
It should be noted that the term hacker has been adjusted. No longer is the term ‘hacker’ only used to describe someone gifted at programming and is able to break a website code to gain access to information. Today a hacker is also someone who misappropriates company data. Typically this scenario occurs from an inside and often trusted source.
“System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities.” – Dr. Charles C. Palmer
In many cases, business are now making a non-disclosure agreement a part of the hiring procedure to provide an extra legal recourse in the event that data is electronically removed and used in ways unauthorized by company heads.
“If a stranger came into your house, looked through everything, touched several items, and left (after building a small, out of the way door to be sure he could easily enter again), would you consider that harmless?” – Dr. Charles C. Palmer
Taking security issues seriously is needed in the development of a web-based business infrastructure. It may be worth exploring both on-site and off-site security features as a means of ensuring the long-term usability of your website.
Whenever the President of the United States travels anywhere there are numerous individuals charged with making sure the President is secure and unharmed from attack. This is the premise behind Internet security. The work you have done on your site is the product of valuable time and energy. For some business owners the website represents significant research and creative energy. It is possible for a vulnerable website to be hijacked and remade in the image of something that only resembles your website in name only or to have safeguarded data copied for the use of a third party.
One of the biggest mistakes a website owner can make is allowing the work to be left unguarded. As reported in recent years hacking of a computer system can occur both from within a company or from a remote location, which makes the use of Internet security so important.
“Advances in firewall technology (making them easier to install and configure), improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race.” – Dr. Charles C. Palmer
Some hackers argue they are not involved in felonious activities, but are simply seeking knowledge and using the internet to find answers, however the U.S. Government views the activity as a felony and punishable by applicable state and federal laws.
It should be noted that the term hacker has been adjusted. No longer is the term ‘hacker’ only used to describe someone gifted at programming and is able to break a website code to gain access to information. Today a hacker is also someone who misappropriates company data. Typically this scenario occurs from an inside and often trusted source.
“System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities.” – Dr. Charles C. Palmer
In many cases, business are now making a non-disclosure agreement a part of the hiring procedure to provide an extra legal recourse in the event that data is electronically removed and used in ways unauthorized by company heads.
“If a stranger came into your house, looked through everything, touched several items, and left (after building a small, out of the way door to be sure he could easily enter again), would you consider that harmless?” – Dr. Charles C. Palmer
Taking security issues seriously is needed in the development of a web-based business infrastructure. It may be worth exploring both on-site and off-site security features as a means of ensuring the long-term usability of your website.
“Phishing” on the “Pharm”: How Thieves Combine Two Techniques to Steal Your Identity
Bob squinted at the email and began to read:
“Dear eBay User, as part of our security measures, eBay Inc. has developed a security program against fraudulent attempts and account thefts. Therefore, our system requires further account verification…”
Security Measures. A threat to suspend his account to prevent “fraudulent activity”. The email went on to say that there were “procedural safeguards with federal regulations to protect the information you provide for us.”
Bob clicked the link and was confronted with an authentic looking logon page, just waiting for him to input his user name and password and confirm what ebay supposedly didn't know.
He almost did it. The page looked absolutely authentic, and he had already been “set up” by the email message. His fingers were poised over the keyboard when he happened to glance at the URL.
There was something very, very wrong with it.
“Pharming” to Fleece Sheep
The art of “pharming” involves setting up an illegitimate website that is identical with its legitimate prototype, for example the ebay page Bob was almost suckered into using, and redirecting traffic to it.
“Pharmers” can do it in two ways:
1. By altering the “Hosts” file on your computer. The Hosts file stores the IP address of websites you have been accessing. By inserting a new IP address into the database field corresponding to a website, your own computer can be redirected to the pharmer's website. Any information you give the bogus site is immediately hijacked by the pharmer.
2. Hijacking the DNS (Dynamic Name Server) itself. A DNS matches the names of address with their IP addresses. If this server can be coerced into assigning new IP addresses to traditional names, all computers using the name resolution provided by the DNS server will be redirected to the hijacker's web site.
Once that happens, it's time to be fleeced.
down on the pharm
“Pharmers” hijack your “hosts” file or DNS servers using Spyware, Adware, Viruses or Trojans. One of the most dangerous things you can do is to run your computer without some form of Internet Security installed on it.
Your security software should be continually updating its virus definitions, and be capable of warning you if something has been downloaded from a web site or through email. It should be able to remove it, “quarantine it”, or tell you where it is so that you can remove it by hand.
You should also have Spyware and Adware programs installed, and be aware of any change in Internet browsing patterns. If your home page suddenly changes, or you experience advertising pop ups (which may pop up even when you are not hooked up to the Internet), you should run a Virus, Spyware or Adware scan.
Thanks to the efficacy of these protection programs, pharming is a lot more difficult than it used to be. It isn't as easy to hijack a computer as it once was.
So, the “pharmers” have teamed up with the “phishermen” to get you to visit the bogus web page yourself, and enter all the information they need.
PHISHING TO catch YOU on THE PHARM
As Bob discovered, the page he had been taken to by the bogus email message was identical to the ebay logon page. Identical in every way except for the URL.
Out of curiosity, he checked the URL for the ebay logon by accessing ebay directly and clicking on the logon link. The two URL's were nothing alike, except the bogus one did have the word “ebay” in it twice - just enough to make it look authentic.
By combining the two techniques, the phishermen/pharmers had avoided the high tech problems associated with downloading a Virus that could get past his protection software. They had gone straight for the throat.
Bob's throat.
your ONLY REAL IDENTITY THEFT PREVENTION AND protection
The bottom line is that the only real protection against the pharmers and phishermen is YOU. There are three things you must consider when you read any email demanding information:
· Why do they want it? Be extremely skeptical when they say they have to “update their records”, “comply with federal regulations”, or prevent fraud. They are the ones initiating the fraud.
· Why can't this be done at the website? Why not invite you to access the website directly and provide this information? The answer is because the bonafide company doesn't need an update.
· What does the URL look like? Is it a series of subdomains some of which have the name of the bonafide company? Most likely the subdomain is set up with a free hosting company.
· Have they provided partial information about you as a guarantee that the email authentically comes from the legitimate source? Be very careful of this one. This technique is effective for “pretexting”, impersonating a person or company, and was used in the Hewlett Packard scandal to collect information. Just because they know your first and last name (and any other information - known only to the legitimate source) doesn't mean the email is legitimate. They probably hijacked the information off the server.
the bottom line
The bottom line is: don't provide any information at the behest of an email, no matter how authentic it looks, or how authentic the page it directs you to looks. If you must log in, do so at the parent site itself.
Your Identity Theft prevention and protection is, in the final analysis, up to you.
Don't be the next sheep fleeced by the pharmers who caught you with the phisherman's hook. Being dropped naked into their frying pan is NOT a fate you want.
SSL: Site Security And Privacy
Netscape began using Secure Socket Layer (SSL) in 1994 as a means of sending sensitive data over the web. The newer edition of the service is called Transport Layer Security (TLS), although even this is routinely known by the SSL designation.
Before the introduction of SSL it was difficult to ensure privacy over the web in online transactions. There was a general distrust of the ability to conduct online transactions and a fear that an individual’s credit card information could be picked up by a third party and used for unauthorized purchases.
What makes SSL unique is an encryption technique that sends credit card and other personal data through the web. This encryption technique makes the information totally useless to anyone who does not have decoding abilities. If a third party were to intercept the information it would be useless to them.
The use of SSL Digital Certificates also provides a unique level of trust because a certificate verifies the users authenticity. This is an important step in instilling trust in potential customers. Many savvy consumers will avoid an online retailer entirely if they do not use SSL.
Without the proper use of SSL, information such as credit card numbers, third parties with less than positive motivations could obtain passwords and personal identification numbers.
A 128-bit key that is harder to break and typically protects personal account information than the 40-bit key. If your name and address is all that is being protected a 40-bit key may be used; the higher bit the key, the greater level of encryption. Most financial institutions only use 128-but keys for the security of their client’s data.
As an online marketer you will likely be asking your visitors for personal data. Don’t be surprised if your potential customer determines their willingness to do business with you based on the security of your website. Many customers will look for the SSL symbol and will move along if the don’t find it. SSL use can also be recognized by a lock symbol in the lower right hand corner of your browser window. If the symbol is unlocked then SSL is not in use on the site.
SSL should be enacted on pages requiring a password or might contain personal data most clients would like to keep private. Some sites will place SSL on some pages and forget other pages that are equally as sensitive. For the sake of your personal experience with ecommerce you should implement SSL protocol
Before the introduction of SSL it was difficult to ensure privacy over the web in online transactions. There was a general distrust of the ability to conduct online transactions and a fear that an individual’s credit card information could be picked up by a third party and used for unauthorized purchases.
What makes SSL unique is an encryption technique that sends credit card and other personal data through the web. This encryption technique makes the information totally useless to anyone who does not have decoding abilities. If a third party were to intercept the information it would be useless to them.
The use of SSL Digital Certificates also provides a unique level of trust because a certificate verifies the users authenticity. This is an important step in instilling trust in potential customers. Many savvy consumers will avoid an online retailer entirely if they do not use SSL.
Without the proper use of SSL, information such as credit card numbers, third parties with less than positive motivations could obtain passwords and personal identification numbers.
A 128-bit key that is harder to break and typically protects personal account information than the 40-bit key. If your name and address is all that is being protected a 40-bit key may be used; the higher bit the key, the greater level of encryption. Most financial institutions only use 128-but keys for the security of their client’s data.
As an online marketer you will likely be asking your visitors for personal data. Don’t be surprised if your potential customer determines their willingness to do business with you based on the security of your website. Many customers will look for the SSL symbol and will move along if the don’t find it. SSL use can also be recognized by a lock symbol in the lower right hand corner of your browser window. If the symbol is unlocked then SSL is not in use on the site.
SSL should be enacted on pages requiring a password or might contain personal data most clients would like to keep private. Some sites will place SSL on some pages and forget other pages that are equally as sensitive. For the sake of your personal experience with ecommerce you should implement SSL protocol
Monday, January 1, 2007
VOIP Security Guide
Revolutionizing the world of telephony, VoIP has become one of the fastest growing technologies of today. It has quickly gobbled up the market for the traditional and well established tools for communicating over large distances, by making them look antiquated and expensive.
Voice over Internet Protocol (VoIP) is basically a process which converts your voice into digital signals that travel over internet. Its most prominent feature is its affordability. With VoIP you can make long distance calls at a fraction of cost that you used to pay to your telephone companies. It is primarily because of the fact that transferring digital signals over internet is quite cheaper than transferring analog signals over the traditional telephone lines.
However, nowadays VoIP is in the news not for the great savings in long distance calls that it offers but for the security concerns attached to it. As VoIP runs through internet, the information exchanged can be intercepted by anyone at any time. Moreover, because of its popularity VoIP has become a soft target for the hackers. In the absence of a strong firewall system, hackers may capture sensitive information such as credit card number and bank details. They can even launch denial of service attacks and shut down a voice conversation, or send spam or virus over the internet to disrupt the services. Another vulnerability that the IT sector is worried about the hacking of VoIP networks for making free calls. According to industry sources, a new generation of “phreakers” may be able to manipulate the data switched through a hybrid TDM-VoIP network which will allow them to exploit the billing system to make free calls. Another menace that is plaguing the VoIP networks is ‘caller-id spoofing’. There are some hacking websites that allow people to control the phone number that appears on the receiver’s caller-id display. Moreover, they can modify their voice with the help of voice modification software. Thus, they have become a useful tool for private investigators and pranksters.
VoIP service providers are now trying to secure their customers from these threats through the tunneling and encryption processes. These techniques prevent the hackers from capturing the information packets as they pass through the internet. Most of the service providers are using Layer 2 tunneling and an encryption method called Secure Sockets Layer (SSL) to prevent anyone from getting the confidential information. However, despite of all these possible threats the IT segment is still enthusiastic about the cost savings and the added functionality that VoIP offers to their business. Most of them consider VoIP as a reliable and robust system and the security concerns not so serious to hamper the progress of VoIP.
Thus, although the attacks on the VoIP systems are at a nascent stage but they may gain teeth and hit the consumers sharply as the hackers become aware of the details of this service. Thus, it is necessary for the concerned authorities to understand the criticality of the situation and be ready to take the necessary preventive measures to prevent any major impact of these threats on VoIP in future.
Spyware, Adware and Your Computer
Virus is a harmful program which when gets executed on a computer may manipulate the information stored in the computer or replicate the files stored in the computer. All computer viruses are not lethal. The lethal nature of the computer virus depends on the programming of it. Some computer viruses like I-ray, just replicate the winfile.exe and other folder files. They create the copy of the folder inside the same folder, thus increase the hard disk covered space. But if nothing done at a proper time it can create severe problems even crash the system.
These days Spyware and Adware is becoming more nuisance for the computer than the usual viruses. Now you must be thinking how Spyware and Adware is different from normal virus. So let me explain you the difference between all of them (according to me based on my 10 years experience.).
Spyware and Adware are two forms of viruses which spread through internet. These are comparatively less lethal than other viruses, but still it creates a lot of havoc as it prevent the proper functioning of internet on any computer and as we all know today that internet is a vital component in our life.
It creates unusual internet traffic in your computer, which in turns slow downs the internet speed of your computer and also increases the consumption of bandwidth on it. Thus you have to pay hefty bandwidth charges to your ISP.
Adware creates problem by pop up windows and changing internet explorer homepage to some other websites (like some kind of search portal). It creates lot of problem while surfing the internet.
Now, you must be very clear about the problems created by these kind of viruses. If your computer get infected with it then you must try to remove it with any good anti- spyware program, some of them can be freely downloaded from the internet. Also increase the security settings of the internet explorer and also disable java on the browser, it will help in checking the problem to an extent.
Finding The Right Browser
IE is a very good browser in many respects, but the bad guys just love to hack at it and bombard you with nasty bugs. However, there is a better browser available that's not subject to all these viruses and attacks. Internet Explorer is the most popular browser that is used for surfing the net today. Users need a secure and reliable internet browser that will not let harmful viruses and spyware invade computers when browsing the interent. The most widely accepted browser as far back as anyone can remember is Internet Explorer. In the browser generation we are now seeing other browsers enter the market like firefox, opera and others.
Now, Firefox is the main rival of IE. Since new alternatives like Firefox and Opera have come out we now know that, yes there is faster browsing out there. Most of Firefox's advantages are MSIE's disadvantages, and vice-versa. Firefox allows you to “open in tabs. There has also been a joke circulating among Firefox fans that there is only one thing that is more secure in Internet Explorer than in Firefox and that is a feature that has not been implemented yet in Internet Explorer.
There is a strong integration with IE with Microsofts OS, though there is a positive side and a negative side to this because this enhances security problems. The Firefox team made a conscious decision to support neither ActiveX nor VBScript, activex and vbscript are not standards in the web society are often the problem when it comes to security vulnerabilities when using IE. Internet Explorer version 7 has been improved a great deal to help users a glimpse of the type of functionality you can expect from the new Windows Vista, it will not only do this but is fixes many security problems and introduced many new features into the browser. If you end up at a site that you think is questionable, and it does not have the appropriate security certificate, IE7 will now warn you by displaying messages.
Safety is comprised when the threat of internet crooks create and execute large-scale hoaxes such as ID theft and phishing. With the introduction of IE7 they have added a new feature called Phishing, Phishing is stealing your identity by bringing to sites that mimic other websites. What is phishing, phishing is when people send emails and falsely portray that they are from a bank or credit card company in hopes you will give you personal information to them. This is done by you clicking on a link in an email and entering your information, you think the site you are entering you information is the real site but it is not.
Just hit "Delete Cookies" and they will be gone, but as you surf the internet more, they will slowly come back. Note: Some sites may store cookies to use your personal information without your consent. Choose a level for internet privacy policy, cookies to be allowed or disallowed, but make sure you don’t allow third party cookies onto the computer.
Now, Firefox is the main rival of IE. Since new alternatives like Firefox and Opera have come out we now know that, yes there is faster browsing out there. Most of Firefox's advantages are MSIE's disadvantages, and vice-versa. Firefox allows you to “open in tabs. There has also been a joke circulating among Firefox fans that there is only one thing that is more secure in Internet Explorer than in Firefox and that is a feature that has not been implemented yet in Internet Explorer.
There is a strong integration with IE with Microsofts OS, though there is a positive side and a negative side to this because this enhances security problems. The Firefox team made a conscious decision to support neither ActiveX nor VBScript, activex and vbscript are not standards in the web society are often the problem when it comes to security vulnerabilities when using IE. Internet Explorer version 7 has been improved a great deal to help users a glimpse of the type of functionality you can expect from the new Windows Vista, it will not only do this but is fixes many security problems and introduced many new features into the browser. If you end up at a site that you think is questionable, and it does not have the appropriate security certificate, IE7 will now warn you by displaying messages.
Safety is comprised when the threat of internet crooks create and execute large-scale hoaxes such as ID theft and phishing. With the introduction of IE7 they have added a new feature called Phishing, Phishing is stealing your identity by bringing to sites that mimic other websites. What is phishing, phishing is when people send emails and falsely portray that they are from a bank or credit card company in hopes you will give you personal information to them. This is done by you clicking on a link in an email and entering your information, you think the site you are entering you information is the real site but it is not.
Just hit "Delete Cookies" and they will be gone, but as you surf the internet more, they will slowly come back. Note: Some sites may store cookies to use your personal information without your consent. Choose a level for internet privacy policy, cookies to be allowed or disallowed, but make sure you don’t allow third party cookies onto the computer.
Computer Security Tips for Privacy and Identity Protection
Anti spyware software, anti virus software, and a good personal firewall provide the best protection against the majority of internet security threats that exist today. Although everyone using the internet should be using these products, I find that most casual internet users are only running an antivirus program. Without the added protection of a software firewall and anti spyware software, there are still some things you can do to help ensure your personal information doesn’t get stolen by malicious spyware and you don’t become the victim of identity theft due to a phishing scam.
Following are a list of computer security tips that will help protect you and/or minimize the damage if your personal information gets stolen:
* Never use the same user id you use for email or internet logon for anything else. Maintaining separate user id's for important accounts will help minimize the security risk in the event someone gets hold of your ID.
* Never use your email password for anything else. This will prevent unauthorized access to your email account.
* Store passwords in an encrypted file or password manager program with encryption. This ensures that your passwords cannot be accessed in the event an intruder or spyware application gets hold of your password list.
* Never click on links in emails, particularly from banks. Manually go to the site and log in. This is a common phishing scam. Unscrupulous people send emails that look legitimate. The links they give you normally take you to a copy of a legitimate website. Inputting your account information onto these fraudulent websites will allow thieves to gain access to your real account.
* Unless absolutely necessary, never download and install freeware. If you do download free software, only download from developer’s site. Many copycat sites exist that are fraudulent. Downloading from them will most certainly install spyware on your system.
* Use parental control software if children use the computer. This will prevent access to questionable websites where spyware can secretly be installed.
* Browser (Internet Explorer, Firefox, etc…) security setting should be set to high. This prevents many sites from installing certain types of spyware and adware on your PC.
* Never click on pop up ads as this can install spyware on your system. One click is all it takes to have spyware secretly installed.
* Avoid browsing to questionable websites. Sites that contain illegal, immoral or lewd content are often havens for spyware. Simply viewing some of these sites is all it takes to infest your computer with spyware.
* Excessive pop ups usually mean adware is installed on your system. Use an adware remover to detect and destroy. A good rule of thumb is to never click on a popup ad, as this could install spyware on your system.
* If computer appears to run very slowly, suspect spyware. Install a spyware remover and scan your PC.
These tips are by no means a replacement for anti-spyware software and a personal firewall, but should help ensure that you remain safe until you can get your computer properly protected
Following are a list of computer security tips that will help protect you and/or minimize the damage if your personal information gets stolen:
* Never use the same user id you use for email or internet logon for anything else. Maintaining separate user id's for important accounts will help minimize the security risk in the event someone gets hold of your ID.
* Never use your email password for anything else. This will prevent unauthorized access to your email account.
* Store passwords in an encrypted file or password manager program with encryption. This ensures that your passwords cannot be accessed in the event an intruder or spyware application gets hold of your password list.
* Never click on links in emails, particularly from banks. Manually go to the site and log in. This is a common phishing scam. Unscrupulous people send emails that look legitimate. The links they give you normally take you to a copy of a legitimate website. Inputting your account information onto these fraudulent websites will allow thieves to gain access to your real account.
* Unless absolutely necessary, never download and install freeware. If you do download free software, only download from developer’s site. Many copycat sites exist that are fraudulent. Downloading from them will most certainly install spyware on your system.
* Use parental control software if children use the computer. This will prevent access to questionable websites where spyware can secretly be installed.
* Browser (Internet Explorer, Firefox, etc…) security setting should be set to high. This prevents many sites from installing certain types of spyware and adware on your PC.
* Never click on pop up ads as this can install spyware on your system. One click is all it takes to have spyware secretly installed.
* Avoid browsing to questionable websites. Sites that contain illegal, immoral or lewd content are often havens for spyware. Simply viewing some of these sites is all it takes to infest your computer with spyware.
* Excessive pop ups usually mean adware is installed on your system. Use an adware remover to detect and destroy. A good rule of thumb is to never click on a popup ad, as this could install spyware on your system.
* If computer appears to run very slowly, suspect spyware. Install a spyware remover and scan your PC.
These tips are by no means a replacement for anti-spyware software and a personal firewall, but should help ensure that you remain safe until you can get your computer properly protected
Web 2.0 - You Can Bet On Its Success
Internet and Internet technologies have definitely entered their web 2.0 era. Unlike its previous era, web 2.0 has got lot of advancements in its technology part. There are more robust and proven business models and marketing strategies available in the web 2.0 era as compared to its previous one. Even though there is not as much buzz as it was there in the late 90's and early 2000, web 2.0 is still attracting a lot of people (both business people and users) towards it. Now, the web user base is increasing at over 70% all over the world. Even the East Asian countries are also joining the party.
The most important thing that has triggered this web 2.0 era is the technology. Now there are many cutting edge technologies available to make the life of web programmers very easy and at the same time increasing the experience of web users in a big way. Web programming technologies like Java, Dot Net framework, PHP and many more have made the development of websites very easy and robust. The GUI can be made very rich by making use of these technologies and embedding them with some designing technologies like Flash and so on.
Security was one of the major concerns for the users to make any type of online transactions, especially transactions that involve money in the web 1.0 era. This security limitation has greatly been reduced by internet security technologies like SSL. SSL is the short form of Secure Socket Layer. This protocol is been designed by Netscape with the aim of making the online transactions very secure and robust. Now, if any website has got a SSL certificate, then the customers can feel very secure about the transactions which they do on that website. In the same way, internet security has gone a long way in the web 2.0 era. Now, people can feel very confident of all the transactions even with the transactions that involve huge amounts of money.
Another major thing that is in the advantage of the web 2.0 is the rapid increase in the penetration of the internet through out the world. In web 1.0 era, more than ninety percent of the internet user base is from the United States of America and a few other developed countries only. However, this has changed now. Even in countries like INDIA, internet is penetrating quite fast now. More than 3 %( 110 million) of the Indians have access to internet now. This trend is much the same way in the rest of the world.
With all the above advantages, web 2.0 is definitely a lot better than web 1.0 and people can surely bet on its success in a big way
Security Online Schools
Online Security Schools, colleges, and universities can provide education via the Internet for certificates and degrees in various areas of security. Pursuit of certificates, Associate of Arts (AA), Associate of Science (AS), Bachelor of Arts (BA), Bachelor of Science (BS), Bachelor of Business Administration (BBA), Master of Arts (MA), Master of Science (MS), Master of Business Administration (MBA), and doctorate (PhD) degrees in security are all possible through Online Security Schools.
Programs offered in Online Security Schools allow students to study at a convenient pace, since online schools are presented entirely over the Internet and available at all times. Internet venues provide for interacting with classmates and instructors through online bulletin boards and e-mail in most online security school programs. Online course orientation may be required prior to beginning online security courses.
Many Online Security School degrees are possible, as are specializations in the different types of security. Students can choose Computer and Information Systems Security, Internet security, or cryptology, or choose other types of security, such as criminal justice, security officers, loss prevention, forensic sciences, and much more.
Information systems security is vital to the massive amounts of sensitive technological information handled by large and small corporations and businesses today. Online Security Schools provide studies that include analysis, design, and implementation of security systems, security monitoring, and countermeasures. Administration of security systems will entail courses in management, information security requisites, and the security aspects of information technology programs and software. Specialized degrees in Information Technology in Online Security Schools can include PC technology, network technology, information systems, communications systems, operating systems, database applications, software engineering, and much more.
An education in Security can also include law enforcement and protective services, including Homeland Security, forensics, wardens of prisons, policemen, etc. Online Security Schools provide many options for education in this realm. Online Security Schools offer self-paced training courses for students who wish to change their vocations or advance their careers, and for working professionals who need to boost their expertise.
Programs offered in Online Security Schools allow students to study at a convenient pace, since online schools are presented entirely over the Internet and available at all times. Internet venues provide for interacting with classmates and instructors through online bulletin boards and e-mail in most online security school programs. Online course orientation may be required prior to beginning online security courses.
Many Online Security School degrees are possible, as are specializations in the different types of security. Students can choose Computer and Information Systems Security, Internet security, or cryptology, or choose other types of security, such as criminal justice, security officers, loss prevention, forensic sciences, and much more.
Information systems security is vital to the massive amounts of sensitive technological information handled by large and small corporations and businesses today. Online Security Schools provide studies that include analysis, design, and implementation of security systems, security monitoring, and countermeasures. Administration of security systems will entail courses in management, information security requisites, and the security aspects of information technology programs and software. Specialized degrees in Information Technology in Online Security Schools can include PC technology, network technology, information systems, communications systems, operating systems, database applications, software engineering, and much more.
An education in Security can also include law enforcement and protective services, including Homeland Security, forensics, wardens of prisons, policemen, etc. Online Security Schools provide many options for education in this realm. Online Security Schools offer self-paced training courses for students who wish to change their vocations or advance their careers, and for working professionals who need to boost their expertise.
The Hidden Dangers of Adware
Adware in the purest sense of the word is not a dangerous thing, designed only to display targeted advertising to you while browsing the internet. It was originally developed by marketers to be non intrusive and use very little system resources. You can easily recognize adware by the display of pop up advertisements on your computer screen, often appearing when you perform searches or land on different websites.
Adware can be very annoying, and in the past few years much of adware’s functional characteristics have begun to resemble spyware. A large percentage of adware today includes code that tells the advertiser something about you. It often relays information about which sites you visit on the internet, how much time you spend on each site, and what type of content you viewed. Although marketing people consider this information to be harmless to you, most users consider this type of data gathering to be an invasion of privacy. Adware that is delivered in the form of email often tells marketers when you opened the mail, how long you looked at it, and what you did with it.
Spyware is similar to adware, but much more dangerous. Instead of transmitting information about your web behavior to marketers, spyware is designed to steal confidential information such as account numbers, names, addresses, etc… As adware continues to evolve into a more sophisticated marketing tool, much of it is now capable of gathering “non-marketing” information that is more sensitive in nature. This new type of hybrid adware is sometimes referred to as “adware-spyware”.
Adware is normally included in downloaded software known as “freeware”. In exchange for using free software, you agree to the installation of adware. Most free software includes a statement about the included adware in a license agreement that usually goes unread. Other adware comes in the form of email, with code hidden in embedded graphics or even in the HTML code. If you forward an adware email to someone, they can get it too. Like spyware, adware installs very quickly, often without the users knowledge. Adware is not a virus, so antivirus software will never detect it.
If your computer is suddenly running very slowly, is plagued with pop-up ads, or if your browser home page has changed, chances are you have adware on your computer. If you have adware you probably have spyware too, as they both tend to go hand in hand.
Adware and spyware can sometimes be difficult to remove, and it’s best to use adware removal software. Because the two are so closely related, most good spyware removers will find and kill adware too. Since new adware and spyware is introduced into the internet every day, you may have to try several adware removers before you find one that will detect and destroy all the adware on your computer. Many free adware removers are available, but it’s best to get a paid version of this software that will protect you from future problems.
Due to the danger and prevalence of adware and spyware on the internet today, it is now considered a standard practice to use anti-spyware/anti-adware software. For the best anti-adware software, consider McAfee AntiSpyware, Spyware Doctor, Sunbelt Counter Spy, Adaware, Webroot Spy Sweeper, or eTrust Pest Patrol.
How To Protect Your Child Online and Keep Homework Safe
With school starting back, children will spend a lot more time on the computer. Nightly homework, research, special projects, and term papers will soon be routine again, and internet access will be required for everything.
For responsible parents of school-age children who rely on computers and the internet for school work, two security issues come to mind. The first has to do with protecting kids from online predators and inappropriate websites. The other thing to be concerned about involves protecting the homework, term papers, and projects that our children work so hard to create.
If you have school-age children who use computers, it’s important to use parental control software to protect them online, and to ensure that their valuable data and documents are safely backed up. The easiest way to protect your child and his/her computer data is to use parental control software and subscribe to an online data backup service.
Parental Control Software
Net Nanny is by far the best internet protection software you can buy for a child’s computer. It includes a powerful web filtering tool that blocks access (via a customizable “blacklist”) to websites that are known for illicit material and/or online predators. An internet timer lets you control how long children can stay on the internet each day, as well as specify times that the internet is accessible. Privacy protection prevents personal information such as account numbers, address, passwords, and user id’s from leaving the computer, and will not allow predators and scammers to track your child’s internet browsing habits.
It also includes a pop up blocker, which prevents any inappropriate “surprises”, as well as application controls that let you block access to instant messaging, online games, or chatrooms if desired. Net Nanny is affordable (around $40), is easy to install, and can be completely customized for up to 12 different users. Net Nanny provides “age appropriate” protection for kids between the ages of 5 to 17.
Online Backup
Computer hard drives have a lifespan, and can “crash” at any time, making all your data inaccessible. A computer virus can instantly corrupt all the data files on a computer, and spyware can cripple a system so badly that the only way to restore the computer to working order is to reformat the hard drive – often resulting in data loss. With a computer that a child uses, the most common cause of data loss is accidental deletion.
The computer that your child uses often contains valuable “works in progress” such as term papers, research, and book reports. “Murphy’s Law” indicates that the computer hard drive will crash just before an important paper is due, often taking month’s worth of hard work with it. You can easily back up your hard drive yourself by copying all the data to a CD on a daily basis, but most people find this is “too much trouble”, or forget to do it regularly.
The best way to ensure that your child’s hard work is never lost is to use an online backup service. Carbonite internet backup is the easiest and most cost-effective method I’ve seen, costing only $5 per month for unlimited “continuous” backup. With Carbonite, you “set it and forget it”. There is no need to remember to backup daily, Carbonite automatically does it for you. If you need to restore after a crash, simply install the Carbonite software (free download) and select the files you want to restore. Carbonite is free to try, and the cheapest data protection you can buy.
The best way to keep your child and his/her valuable school work safe is to use Net Nanny along with Carbonite online backup.
For responsible parents of school-age children who rely on computers and the internet for school work, two security issues come to mind. The first has to do with protecting kids from online predators and inappropriate websites. The other thing to be concerned about involves protecting the homework, term papers, and projects that our children work so hard to create.
If you have school-age children who use computers, it’s important to use parental control software to protect them online, and to ensure that their valuable data and documents are safely backed up. The easiest way to protect your child and his/her computer data is to use parental control software and subscribe to an online data backup service.
Parental Control Software
Net Nanny is by far the best internet protection software you can buy for a child’s computer. It includes a powerful web filtering tool that blocks access (via a customizable “blacklist”) to websites that are known for illicit material and/or online predators. An internet timer lets you control how long children can stay on the internet each day, as well as specify times that the internet is accessible. Privacy protection prevents personal information such as account numbers, address, passwords, and user id’s from leaving the computer, and will not allow predators and scammers to track your child’s internet browsing habits.
It also includes a pop up blocker, which prevents any inappropriate “surprises”, as well as application controls that let you block access to instant messaging, online games, or chatrooms if desired. Net Nanny is affordable (around $40), is easy to install, and can be completely customized for up to 12 different users. Net Nanny provides “age appropriate” protection for kids between the ages of 5 to 17.
Online Backup
Computer hard drives have a lifespan, and can “crash” at any time, making all your data inaccessible. A computer virus can instantly corrupt all the data files on a computer, and spyware can cripple a system so badly that the only way to restore the computer to working order is to reformat the hard drive – often resulting in data loss. With a computer that a child uses, the most common cause of data loss is accidental deletion.
The computer that your child uses often contains valuable “works in progress” such as term papers, research, and book reports. “Murphy’s Law” indicates that the computer hard drive will crash just before an important paper is due, often taking month’s worth of hard work with it. You can easily back up your hard drive yourself by copying all the data to a CD on a daily basis, but most people find this is “too much trouble”, or forget to do it regularly.
The best way to ensure that your child’s hard work is never lost is to use an online backup service. Carbonite internet backup is the easiest and most cost-effective method I’ve seen, costing only $5 per month for unlimited “continuous” backup. With Carbonite, you “set it and forget it”. There is no need to remember to backup daily, Carbonite automatically does it for you. If you need to restore after a crash, simply install the Carbonite software (free download) and select the files you want to restore. Carbonite is free to try, and the cheapest data protection you can buy.
The best way to keep your child and his/her valuable school work safe is to use Net Nanny along with Carbonite online backup.
VOIP Calling: Crucial Issues Regarding Security
There are a number of security issues associated with VoIP. Eavesdropping is a concern with both PSTN (Public Switched Telephone Network) and VoIP calls, but there are also other concerns that are unique to VoIP technology.
Since VoIP data is travelling through the Internet the same as any other kind of data, it is vulnerable to the same kind of attacks. There are many software tools available to hackers who wish to retrieve information that is being transmitted over the Internet, and these tools are just as effective with voice data as with any other kind of data.
While this may not be a concern when you are calling your Aunt Mary, it is a big concern for businesses that may routinely use telephone communication for discussing sensitive business information. Due to the increasing popularity of VoIP, security is a big concern and is receiving a lot of attention.
There are a number of points in the transmission of a VoIP call that a hacker can retrieve information from. As well as retrieving actual conversations, hackers could also get information like user identities and VoIP phone numbers. With this information, a hacker can make phone calls with someone else’s identity.
Attackers could also record phone calls to listen to conversations and possibly even to restructure voice data to create conversations that never actually existed. Log files could also be accessed and altered.
There are a number of ways these security concerns can be addressed. The first is with encryption that provides the same kind of security as when sending credit card information over a secure data connection. The second is to separate VoIP data from other Internet traffic by using a Virtual Local Area Network (VLAN). Both of these methods can adversely affect call quality, but could be used optionally if the calls are sensitive.
Another security threat that hasn’t actually been seen yet is the possibility of sending viruses with VoIP data. Viruses could potentially overload VoIP networks causing delays and reduction in sound quality.
VoIP is not invulnerable to spam either. In fact, there is already a name for it—SPIT—“Spam over Internet Telephony.” This refers to receiving unwanted marketing calls from companies trying to sell services or products.
For the individual consumer, VoIP security is mostly a matter of preventing others from eavesdropping on conversations. Some VoIP service providers offer voice security through the means of encryption or separate data routes. Regular precautions for transferring files always need to be followed. Any data or program that is downloaded should be checked for viruses, and a firewall should be in place for protecting your computer from the Internet.
Hardware VoIP devices, on the other hand, are more vulnerable to attack. Some types of equipment can be rendered unstable or don’t even work if they receive certain types of data. Some Internet phones are also susceptible to data piracy, revealing private information under specific conditions.
Businesses in particular need to be concerned about security issues surrounding VoIP. Since many businesses operate their own gateways and other equipment for connecting to the Internet, they are more susceptible to the Denial of Service (DOS) attacks or other kinds of malicious hacking.
Since VoIP data is travelling through the Internet the same as any other kind of data, it is vulnerable to the same kind of attacks. There are many software tools available to hackers who wish to retrieve information that is being transmitted over the Internet, and these tools are just as effective with voice data as with any other kind of data.
While this may not be a concern when you are calling your Aunt Mary, it is a big concern for businesses that may routinely use telephone communication for discussing sensitive business information. Due to the increasing popularity of VoIP, security is a big concern and is receiving a lot of attention.
There are a number of points in the transmission of a VoIP call that a hacker can retrieve information from. As well as retrieving actual conversations, hackers could also get information like user identities and VoIP phone numbers. With this information, a hacker can make phone calls with someone else’s identity.
Attackers could also record phone calls to listen to conversations and possibly even to restructure voice data to create conversations that never actually existed. Log files could also be accessed and altered.
There are a number of ways these security concerns can be addressed. The first is with encryption that provides the same kind of security as when sending credit card information over a secure data connection. The second is to separate VoIP data from other Internet traffic by using a Virtual Local Area Network (VLAN). Both of these methods can adversely affect call quality, but could be used optionally if the calls are sensitive.
Another security threat that hasn’t actually been seen yet is the possibility of sending viruses with VoIP data. Viruses could potentially overload VoIP networks causing delays and reduction in sound quality.
VoIP is not invulnerable to spam either. In fact, there is already a name for it—SPIT—“Spam over Internet Telephony.” This refers to receiving unwanted marketing calls from companies trying to sell services or products.
For the individual consumer, VoIP security is mostly a matter of preventing others from eavesdropping on conversations. Some VoIP service providers offer voice security through the means of encryption or separate data routes. Regular precautions for transferring files always need to be followed. Any data or program that is downloaded should be checked for viruses, and a firewall should be in place for protecting your computer from the Internet.
Hardware VoIP devices, on the other hand, are more vulnerable to attack. Some types of equipment can be rendered unstable or don’t even work if they receive certain types of data. Some Internet phones are also susceptible to data piracy, revealing private information under specific conditions.
Businesses in particular need to be concerned about security issues surrounding VoIP. Since many businesses operate their own gateways and other equipment for connecting to the Internet, they are more susceptible to the Denial of Service (DOS) attacks or other kinds of malicious hacking.
Network Security - All About Firewalls
The Importance of Firewalls to Network Security
Most networks should have a firewall in place before they are up and running. A firewall is the most common form of network security employed by companies large and small. If you own a personal computer your anti-virus software company may at one time or another have offered you firewall protection.
A firewall on a home network is just as important as one on a corporate network. Why? Most smaller networks have as many security issues that larger corporate networks have. A firewall helps protect a network against potential data loss, corruption and hackers.
What Is A Firewall
A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network. It is called a firewall because it prevent information or data loss from one place to another. Typically a firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network. A firewall provides a series of filters that screens information allowing only safe information to pass through to your network.
In a large company, multiple computers are often linked using network cards. Companies usually provide multiple connections to the Internet. In order to protect all of these computers a firewall is necessary so that only certain people can access corporate computers through the Web (those that are authorized to do so). While a firewall is not foolproof it basically does a good job of protecting computers from Internet threats at their connection points.
Most networks should have a firewall in place before they are up and running. A firewall is the most common form of network security employed by companies large and small. If you own a personal computer your anti-virus software company may at one time or another have offered you firewall protection.
A firewall on a home network is just as important as one on a corporate network. Why? Most smaller networks have as many security issues that larger corporate networks have. A firewall helps protect a network against potential data loss, corruption and hackers.
What Is A Firewall
A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network. It is called a firewall because it prevent information or data loss from one place to another. Typically a firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network. A firewall provides a series of filters that screens information allowing only safe information to pass through to your network.
In a large company, multiple computers are often linked using network cards. Companies usually provide multiple connections to the Internet. In order to protect all of these computers a firewall is necessary so that only certain people can access corporate computers through the Web (those that are authorized to do so). While a firewall is not foolproof it basically does a good job of protecting computers from Internet threats at their connection points.
Email Fraud - Beware of 419 Fraud
Email Fraud is no more news. We regularly, hear of successful frauds committed on the Internet through the use of fraudulent mails. 419 fraud is a code name for an Email Fraud originating from Nigeria.
Take note, do not be deceived 419 fraud is a code name for an email fraud that promises contracts involving large sums of money. It is not peculiar to Nigeria alone but mostly originates from Nigeria.
WHY ARE PEOPLE FALLING VICTIMS TO 419 FRAUD
The 419 fraudster, uses social engineering neglected by most information security consultants to gradually convince the unsuspecting victim that the fictitious contract dangled before the victim is legitimate.
People are falling victims everyday why?
* They get close to you through regular chats over a long period of time, developing a kind of bond (friendship).
* They use the power of sympathy to play on their victims.
* They take advantage of the inbuilt desire in us to make money.
* They use the names of well-known organizations to perpetrate the crime.
* They use real life circumstances and situations, which are very reliable to commit fraud.
SAMPLE OF A TYPICAL 419 MAIL (EMAIL FRAUD)
This sample 419 Mail is Original(no correction of spelling mistakes).
Mr. Felix Afuwa
ECOBANK
Credit control Manager
Victoria - Island Branch
Tel.: 234-1774-8735
Fax: 234-1759-3019
Attention: XXXXXXXXXX
I am Mr. Felix Afuwa, the Credit Control Manager of ECOBANK - Victoria Island branch in Lagos Nigeria.
I am in charge of credit finances in the bank. The banking sector has a peculiar nature in my country as it concerns financial transactions; anything is possible for you to stay afloat with the enormous competition therein.
There was this foreigner Mr. John VanderPloeg who came at a time to deposit the sum of US$15.8million United States dollars in several installments on behalf of some multinationals for the prosecution of the Late General Sani Abacha to succeed himself as the civilian President of my country. What happened to this plot is left for prosperity to judge.
My reason for contacting you is because I want to find out if you could assist me with this situation.
This money has been in the bank for some time and due to the manner and purpose for which it was deposited, there was no next of kin provided for this transaction. Mr. John VanderPloeg I have on good authority was just an agent used for this purpose and has fled the country following a series of revelations on how the Abacha's plundered the Nigerian economy and more revelations coming up at the present Oputa panel 3years after the death of the dictator. At the end of this year the bank would mob the money up if nobody comes forward to lay claim.
Taking into cognizance the foregoing, I am in a position to make all necessary arrangement to portray you as the next of kin as it affects this transaction at the bank, so that this money can be immediately transferred on your request to another bank account abroad.
I am willing and ready to offer you 10% of the funds for you assistance.
Call me so that we can discuss further
Yours truly,
Mr. Felix Afuwa
TIPS ON HOW NOT TO BE A VICTIM OF 419 MAIL (EMAIL FRAUD)
* Do not open a mail you didn't solicit or request for.
* Any mail requesting for a certain sum of money or gifts before a contract is awarded do not reply, do not reply such mail.
* If at all you are interested in the business you never solicited for or asked for, please cross check with security agencies located in your country. Make sure you present a copy of the mail when reporting.
* Always let your spouse or friend know about any mail requesting for money or gift before business is transacted.
Advice
Fraudulent mails are sent out daily. Do not fall a victim by getting regular education on fraudulent mails through newsletter subscription, audio seminars, security e-courses, purchase of security ebooks. Don't be the next victim take security awareness education serious.
Take note, do not be deceived 419 fraud is a code name for an email fraud that promises contracts involving large sums of money. It is not peculiar to Nigeria alone but mostly originates from Nigeria.
WHY ARE PEOPLE FALLING VICTIMS TO 419 FRAUD
The 419 fraudster, uses social engineering neglected by most information security consultants to gradually convince the unsuspecting victim that the fictitious contract dangled before the victim is legitimate.
People are falling victims everyday why?
* They get close to you through regular chats over a long period of time, developing a kind of bond (friendship).
* They use the power of sympathy to play on their victims.
* They take advantage of the inbuilt desire in us to make money.
* They use the names of well-known organizations to perpetrate the crime.
* They use real life circumstances and situations, which are very reliable to commit fraud.
SAMPLE OF A TYPICAL 419 MAIL (EMAIL FRAUD)
This sample 419 Mail is Original(no correction of spelling mistakes).
Mr. Felix Afuwa
ECOBANK
Credit control Manager
Victoria - Island Branch
Tel.: 234-1774-8735
Fax: 234-1759-3019
Attention: XXXXXXXXXX
I am Mr. Felix Afuwa, the Credit Control Manager of ECOBANK - Victoria Island branch in Lagos Nigeria.
I am in charge of credit finances in the bank. The banking sector has a peculiar nature in my country as it concerns financial transactions; anything is possible for you to stay afloat with the enormous competition therein.
There was this foreigner Mr. John VanderPloeg who came at a time to deposit the sum of US$15.8million United States dollars in several installments on behalf of some multinationals for the prosecution of the Late General Sani Abacha to succeed himself as the civilian President of my country. What happened to this plot is left for prosperity to judge.
My reason for contacting you is because I want to find out if you could assist me with this situation.
This money has been in the bank for some time and due to the manner and purpose for which it was deposited, there was no next of kin provided for this transaction. Mr. John VanderPloeg I have on good authority was just an agent used for this purpose and has fled the country following a series of revelations on how the Abacha's plundered the Nigerian economy and more revelations coming up at the present Oputa panel 3years after the death of the dictator. At the end of this year the bank would mob the money up if nobody comes forward to lay claim.
Taking into cognizance the foregoing, I am in a position to make all necessary arrangement to portray you as the next of kin as it affects this transaction at the bank, so that this money can be immediately transferred on your request to another bank account abroad.
I am willing and ready to offer you 10% of the funds for you assistance.
Call me so that we can discuss further
Yours truly,
Mr. Felix Afuwa
TIPS ON HOW NOT TO BE A VICTIM OF 419 MAIL (EMAIL FRAUD)
* Do not open a mail you didn't solicit or request for.
* Any mail requesting for a certain sum of money or gifts before a contract is awarded do not reply, do not reply such mail.
* If at all you are interested in the business you never solicited for or asked for, please cross check with security agencies located in your country. Make sure you present a copy of the mail when reporting.
* Always let your spouse or friend know about any mail requesting for money or gift before business is transacted.
Advice
Fraudulent mails are sent out daily. Do not fall a victim by getting regular education on fraudulent mails through newsletter subscription, audio seminars, security e-courses, purchase of security ebooks. Don't be the next victim take security awareness education serious.
Child Safety Internet Program
In today’s highly technological era, the internet has become a wonderful tool for research. Children and adults rely on the internet, but according to some researches, the number of adults using the internet as their primary tool for research is outdone by the number of children using it. This is perhaps for the reason that even if you don’t have a computer at home, there is a great possibility that your child may get online at school or cafes in your neighborhood.
The use of the internet is to some degree beneficial for the growth of your children. They can be valuable for your child’s study that your children can learn about everything they wanted to know in just a matter of clicks. In other words, the internet can give them the chance to call on experts in almost any field for information. They can also play, keep in touch with their close and long lost friends, meet and deal with new people, and learn ideas and world views they never imagined before.
But just like any thing in the world, there is a downside to the use of the internet. Many experts often relate the situation of letting your child go online by himself to dropping him off in a large mall without your supervision. Of course, that is a way of giving your child the right for freedom. But the truth of the matter is, predators lurk anywhere online. These predators are so bad enough to take advantage of your child’s innocence and trust. Obviously, it is here where the problem occurs, and this is the reason that child safety internet programs were designed and developed.
The child safety internet programs are introduced to the public for one particular purpose – to protect your child from online bullies. I am actually using the term “bullies” here to refer to those scams, harassments, viruses, hackers, acts of molestations, and other unfavorable consequences with legal and financial undertones that tend to occur on the web, without your child knowing it. These bullies may take their form through pornography, hate sites, pro drugs sites, and other portals that promote the activity you think is not good for your child. With this condition being so common, the child safety internet programs are then a great tool for keeping your child free and safe from these bullies.
The child safety internet programs are now made available online. It is important to note that these child safety internet programs usually take in the form of classes, sessions or seminars that encourage people to enroll in. They can be taken through online classes, but there are also others that offer classes or sessions offline, depending on the area covered. Perhaps what’s nice to know about these child safety internet programs is that they are all given with affordable charges that participants must meet. But because they are supervised by different child safety promoters or companies, the fees and everything covered greatly vary. It is important then to find the child safety internet program that best suits your child’s needs, and perhaps the best helpful way to make this happen is to do a careful research about the child safety internet programs itself.
How To Secure Your Laptop
Laptops are quite expensive, hence the risk of being stolen. Laptops are smaller, easy to travel with, because of these, its patronage is on the increase. Laptops because of their new processing power is a delight of most companies today.
How Do I Secure My Laptop
Laptops these days contain vital data and are greatly used for remote data access. Its security should be top priority to all users. There are three aspects to consider in securing your laptop.
* Physical Security.
* Security Software.
* Security Consciousness.
Physical Security
Physical security involves physical barriers put in place to inhibit access to where your laptop is kept.
Such barriers, hinder the following circumstances;
* Theft of your laptop.
* Damage to your laptop.
* Theft of information on your laptop.
* Using your laptop to commit fraudulent activities.
The physical barriers should have the following features;
* The ability to properly lock the entrance to where your laptop is kept.
* An alarm system should be in place to notify you in case of a break in.
* An inbuilt security camera (cctv) should be placed where your laptop is kept. This is to monitor your laptop.
* All windows or doors must be screened to prevent prying eyes from seeing expensive information assets such as your laptop.
* The ability to fasten the laptop to a non-moveable object. This is stopping a thief from carrying the laptop away.
* The ability to trigger snap shots in case of a break in. These snap shots are directly targeted at the laptop.
Security Software
Access to your laptop can also be prevented using security software.
This security software prevents access to your desktop. It ensures that only the owner of the laptop has access to using the applications on the laptop.
Features of a Security Software
* It must prompt the user, to enter a user name and a password.
* The ability to generate audit report such as successful logins, failed logins should be an essential feature.
* The user should be able to lock the screen when not in use.
* Optional but also essential, the software should have the ability to beep when the screen is tampered with.
Security Consciousness
After all said and done, without security consciousness on the part of the user or laptop owner, every control put in place to deter access to the laptop would be futile.
Security Consciousness Tips
* Always lock the door to your office.
* Always carry your laptop with you.
* If not in use put it in a safe and lock it.
* Make sure when nature calls you activate the screen lock and all access doors to your office are locked.
* Always keep your laptop locked in a box and in the boot of your car when driving.
* Do not use your laptop in overcrowded places.
* All the necessary details about your laptop must be written and stored in a safe place i.e. serial number, brand name, model e.t.c.
* Insure your laptop against loss, such as damage, fire e.t.c.
Advice
Laptop security is an ongoing process. The need for regular information on laptop security is vital. The more informed you are on laptop security, the less vulnerable is your laptop to theft or damage.
How Do I Secure My Laptop
Laptops these days contain vital data and are greatly used for remote data access. Its security should be top priority to all users. There are three aspects to consider in securing your laptop.
* Physical Security.
* Security Software.
* Security Consciousness.
Physical Security
Physical security involves physical barriers put in place to inhibit access to where your laptop is kept.
Such barriers, hinder the following circumstances;
* Theft of your laptop.
* Damage to your laptop.
* Theft of information on your laptop.
* Using your laptop to commit fraudulent activities.
The physical barriers should have the following features;
* The ability to properly lock the entrance to where your laptop is kept.
* An alarm system should be in place to notify you in case of a break in.
* An inbuilt security camera (cctv) should be placed where your laptop is kept. This is to monitor your laptop.
* All windows or doors must be screened to prevent prying eyes from seeing expensive information assets such as your laptop.
* The ability to fasten the laptop to a non-moveable object. This is stopping a thief from carrying the laptop away.
* The ability to trigger snap shots in case of a break in. These snap shots are directly targeted at the laptop.
Security Software
Access to your laptop can also be prevented using security software.
This security software prevents access to your desktop. It ensures that only the owner of the laptop has access to using the applications on the laptop.
Features of a Security Software
* It must prompt the user, to enter a user name and a password.
* The ability to generate audit report such as successful logins, failed logins should be an essential feature.
* The user should be able to lock the screen when not in use.
* Optional but also essential, the software should have the ability to beep when the screen is tampered with.
Security Consciousness
After all said and done, without security consciousness on the part of the user or laptop owner, every control put in place to deter access to the laptop would be futile.
Security Consciousness Tips
* Always lock the door to your office.
* Always carry your laptop with you.
* If not in use put it in a safe and lock it.
* Make sure when nature calls you activate the screen lock and all access doors to your office are locked.
* Always keep your laptop locked in a box and in the boot of your car when driving.
* Do not use your laptop in overcrowded places.
* All the necessary details about your laptop must be written and stored in a safe place i.e. serial number, brand name, model e.t.c.
* Insure your laptop against loss, such as damage, fire e.t.c.
Advice
Laptop security is an ongoing process. The need for regular information on laptop security is vital. The more informed you are on laptop security, the less vulnerable is your laptop to theft or damage.
Subscribe to:
Posts (Atom)