More and more companies have geared towards technology as far as using it to aid their daily operations and storing transactions for records of individual transactions. Most users are given certain privileges and rights for access towards the main server that holds the programs altogether. User policies and access are defined and declared, so that each can have specific access and user restrictions to avoid any discrepancies and problems that may occur. Such would only be natural for technology relying companies, since developed and installed programs would usually be prone to modifications and debugging along the way.

It is the duty of the appointed administrator in close relation with department heads to determine the level of access to provide to the users who will be using the system. Levels are meant to define with regards to finding up to which level access will be granted to most users who will be inputting and referring data into the system. Besides, access levels and security policies are a good way to safeguard information and avoid eventual sabotage for the entire systems in unlikely situations both internally and externally.

Tags: Network Security, Operating Systems, Programming, Security Policies, Tips

Categories: Network Security, Operating Systems, Programming, Security Policies, Tips

Comments Off

Anyone would often be advised to regularly change his password in any access points such as e-mails, log on servers and websites. Reason for this is to increase the need for security as far as gaining access and safeguarding files and pertinent information that is usually stored.

With the large number of hackers that have been cropping up one by one, various means to steal passwords,also known as phishing, or hack accounts have been their main course of action. While some would disregard such acts, the real pain begins once important messages, attachments and relevant information are tampered. True that some would not need to change passwords regularly, but just to be on the safe side, it is best to maintain a regular schedule of updating password security and make it a combination of numbers and letters to establish a more secure and harder way of being cracked or accessed by anyone today.

[tags]password theft, passwords, hacking, cracks, codes, security[/tags]

Tags: codes, cracks, Cryptography, hacking, IT Security Basics, Network Security, password-theft, passwords, Programming, Real-World Issues, security, Security Policies

Categories: Cryptography, IT Security Basics, Network Security, Programming, Real-World Issues, Security Policies

Comments Off

Electronic mail has become the buzz of the town in recent years and while some use e-mail as a means of cheaper and faster ways of sending messages and files over the Internet, it cannot be discounted that some use e-mail as a form of exploit as well, by send unrecognized files to various recipients who in the same way may not know the harmful effects that such files would bring to their personal workstations.

While there are various means of supplying computer protection such as firewalls and anti-virus protection for single and networked computers, some harmful file just tends to get past them. That is why there are specific softwares used for specific infections, particularly the Trojan developed files that do their work unnoticed.

So the next time you get mail from someone who has an attachment with questionable file name extensions, better think twice before clicking or opening it. It may cause more pain than enjoyment in most cases.

[tags]spyware,malware,trojans,security[/tags]

Tags: IT Security Basics, Malware, security, Security Policies, Spyware, Tips, trojans

Categories: IT Security Basics, Malware, Security Policies, Spyware, Tips

Comments Off

With the vast number of viruses and spyware that most people contract in their everyday exposure to the web, the need for consistent and reliable anti-virus protection software is the foremost concern of most people. To date, the awareness for such deceiving acts done over the Internet without the user even noticing it is rampant. Such viruses have caused discomfort and havoc in more cases than one and it has been the battle cry of most security software developers to adhere and answer such miscues that usually occur everyday.

[tags]malware, spyware, virus, security, anti-virus[/tags]
Network and workstation security has always been the subject of most people, especially the vulnerability that most computer stations are prone to. Updates and patches are usually the way to update reliable anti-virus software partners, but in most cases, there will always be a loophole to which hackers and advanced technology harassers would be able to come up with. Hence the needs to find a reliable software partner that can truly protect a workstation from such harmful intrusions evolve and change in time. It is just a matter of being up to date with regards to their reliability and efficiency in providing a safe surfing and exposure level once they are logged on to the World Wide Web.

Tags: anti-virus, IT Security Basics, Malware, Network Security, Programming, Real-World Issues, security, Security Policies, Spyware, virus

Categories: IT Security Basics, Malware, Network Security, Programming, Real-World Issues, Security Policies, Spyware

Comments Off

At the rate that hackers and more people are becoming wiser as far as discovering technology and its flaws today, the best way is to have ready back-up procedures for databases and important documents and spreadsheets just in case of system intrusion and crashes. While it is true that most companies are continuously developing software to be able to limit such malicious intentions, it cannot be discounted that the safest way is to have ready back-ups which can be easily restored at any time of their liking.

The question is when to back-up and what to back up. For most people, backing up periodically is the common practice. But for more important documents and reference materials, archiving them as often as possible is the safest way to be sure. People should not wait for the last minute to back-up their files since with the fast pace of technology comes the fast pace development of hackers today.

[tags]backup,archiving,network security[/tags]

Tags: archiving, backup, Backups, IT Security Basics, Network Security, Security Policies, Storage, Tips

Categories: Backups, IT Security Basics, Network Security, Security Policies, Storage, Tips

Comments Off

For most people, the computer is just a form of word processing and tool for search queries to aid them in their daily needs, both at work and at home. As long as a person is able to use a personal desktop and surf and produce the needed reports, nothing else matters.

With the rising count of malware and spyware today, it is best to note that firewalls and networking security have become one of the necessities that help safeguard computers and local intranets today. Unlike in the early years, hacking and intrusion have become rampant that has eventually raised the level of consciousness for most people who safeguard their files and documents.

With the growing number of things to do over the web such as blogging, writing and graphics designing, the need to also protect their own workstations exposed through different ports is a priority today. It is not only a matter of being able to use a unit but also a matter of maintenance from unwanted public intrusions through the World Wide Web.

[tags]firewall, security, internet[/tags]

Tags: firewall, internet, Malware, Network Security, security

Categories: Malware, Network Security

Comments Off

802.11 Wired Equivalent Privacy (WEP) doesn’t provide enough security for most enterprise wireless LAN applications. Because of static key usage, it’s fairly easy to crack WEP with off-the-shelf tools. This motivates IT managers to use stronger dynamic forms of WEP.

The problem to date, however, is that these enhanced security mechanisms are proprietary, making it difficult to support multi-vendor client devices. The 802.11i standard will eventually solve the issues, but it’s not clear when the 802.11 Working Group will ratify the 802.11i standard.

As a result, the Wi-Fi Alliance has taken a bold step forward to expedite the availability of effective standardized wireless LAN security by defining Wi-Fi Protected Access (WPA) while promoting interoperability. With WPA, an environment having many different types of 802.11 radio NICs, such as public hotspots, can benefit from enhanced forms of encryption.
Inside WPA

WPA is actually a snapshot of the current version of 802.11i, which includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms. The combination of these two mechanisms provides dynamic key encryption and mutual authentication, something much needed in WLANs.

As with WEP, TKIP uses the RC4 stream cipher provided by RSA Security to encrypt the frame body and CRC of each 802.11 frame before transmission. The issues with WEP don’t really have much to do with the RC4 encryption algorithm. Instead, the problems primarily relate to key generation and how encryption is implemented.

TKIP adds the following strengths to WEP:

48-bit initialization vectors. WEP produces what’s referred to as a “keyschedule” by concatenating a shared secret key with a randomly-generated 24-bit initialization vector (IV). WEP inputs the resulting keyschedule into a pseudo-random number generator that produces a keystream equal to the length of the 802.11 frame’s payload. With a 24 bit IV, though, WEP eventually uses the same IV for different data packets. In fact, the reoccurrence of IVs with WEP can happen within an hour or so in busy networks. This results in the transmission of frames having encrypted frames that are similar enough for a hacker to collect frames based on the same IV and determine their shared values, leading to the decryption of the 802.11 frames. WPA with TKIP, however, uses 48-bit IVs that significantly reduce IV reuse and the possibility that a hacker will collect a sufficient number of 802.11 frames to crack the encryption.

Per-packet key construction and distribution. WPA automatically generates a new unique encryption key periodically for each client. In fact, WPA uses a unique key for each 802.11 frame. This avoids the same key staying in use for weeks or months as they do with WEP. This is similar to changing the locks on a house each time you leave, making it impossible for someone who happened to make a copy of your key to get in.

Message integrity code. WPA implements the message integrity code (MIC), often referred to as “Michael,” to guard against forgery attacks. WEP appends a 4-byte integrity check value (ICV) to the 802.11 payload. The receiver will calculate the ICV upon reception of the frame to determine whether it matches the one in the frame. If they match, then there is some assurance that there was no tampering. Although WEP encrypts the ICV, a hacker can change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver. WPA solves this problem by calculating an 8-byte MIC that resides just before the ICV.

For authentication, WPA uses a combination of open system and 802.1x authentication. Initially, the wireless client authenticates with the access points, which authorizes the client to send frames to the access point. Next, WPA performs user-level authentication with 802.1x. WPA Interfaces to an authentication server, such as RADIUS or LDAP, in an enterprise environment. WPA is also capable of operating in what’s known as “pre-shared key mode” if no external authentication server is available, such as in homes and small offices.

An issue that WPA does not fix yet is potential denial of service (DoS) attacks. If someone, such as a hacker or disgruntled employee, sends at least two packets each second using an incorrect encryption key, then the access point will kill all user connections for one minute. This is a defense mechanism meant to thwart unauthorized access to the protected side of the network.

You will be able to upgrade existing Wi-Fi-compliant components to use WPA through relatively simple firmware upgrades. As a result, WPA is a good solution for providing enhanced security for the existing installed base of WLAN hardware.

The eventual 802.11i standard will be backward compatible with WPA; however, 802.11i will also include an optional Advanced Encryption Standard (AES) encryption. AES requires coprocessors not found in most access points today, which makes AES more suitable for new WLAN installations.

Tags: IT Security Basics, Network Security, Real-World Issues, Security Policies, Storage, Tips, Wireless Security

Categories: IT Security Basics, Network Security, Real-World Issues, Security Policies, Storage, Tips, Wireless Security

Leave a Comment

A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A VPN enables you to send data between two computers across a shared or public internetwork in a manner that emulates the properties of a point-to-point private link. The act of configuring and creating a virtual private network is known as virtual private networking.

To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides routing information allowing it to traverse the shared or public transit internetwork to reach its endpoint. To emulate a private link, the data being sent is encrypted for confidentiality. Packets that are intercepted on the shared or public network are indecipherable without the encryption keys. The portion of the connection in which the private data is encapsulated is known as the tunnel. The portion of the connection in which the private data is encrypted is known as the virtual private network (VPN) connection.

VPN connections allow users working at home or on the road to connect in a secure fashion to a remote corporate server using the routing infrastructure provided by a public internetwork (such as the Internet). From the user’s perspective, the VPN connection is a point-to-point connection between the user’s computer and a corporate server. The nature of the intermediate internetwork is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.

VPN technology also allows a corporation to connect to branch offices or to other companies over a public internetwork (such as the Internet), while maintaining secure communications. The VPN connection across the Internet logically operates as a wide area network (WAN) link between the sites.

In both of these cases, the secure connection across the internetwork appears to the user as a private network communication—despite the fact that this communication occurs over a public internetwork—hence the name virtual private network.

Tags: IT Security Basics, Network Security, Privacy-&-Anonymity

Categories: IT Security Basics, Network Security, Privacy & Anonymity

Comments Off

This is something that is not really new news but it is important nonetheless. For Linux users, there are certain things that you cannot do if you do not have what is called ‘root access.’ Basically, if you are not the super user or admin, you will not have access to certain commands.

Why restrict access?

There are certain applications which you would not want your users to install on their computers. Take for example peer to peer apps. If you allow your users the permission to install them, you could have some people sucking up the bandwidth. In a company wherein downloads of files from clients are important for your daily operations, this is a scenario you would like to avoid. If there are users with such apps, you would have to really trace them and monitor them so you would be able to cut down their internet access. Also, another thing is that they might unintentionally download some things that would let your system be infiltrated by worms and all that.

Sudo and sudoers
One way that you could give users a bit of access as admin is to put them in a sudoers list. Sudo is the command to let a user act as if he is the super user or root. The nice thing about it this is that there is also control as to which commands in particular could be run by certain users. If you will use create a list of sudoers, or those users who will have sudo access, you have to use visudo or sudoedit because there is a particular format for the /etc/sudoers file.

[tags]linux,security,access[/tags]

Tags: access, IT Security Basics, linux, Operating Systems, Real-World Issues, security

Categories: IT Security Basics, Operating Systems, Real-World Issues

Comments Off

Do you use VoIP a lot at home or in your office? If you do, you have to make sure that you are updated when it comes to security issues. For one thing there’s spam over IP telephony. Spam doesn’t just come in the form of comments on blogs or email. You could also get it on VoIP. Good thing that there are companies such as Sipera which is trying to crackdown SPIT. It would surely be a hassle if you don’t deal with it because you might get calls for credit card offers and what-not.

One other thing that researchers are concerned about is that VoIP applications like Skype are open to hacker attacks such as denial of service. Cisco has dealt with it with their CallManager. But what about every other application out there? Are they all secure enough to use? That is why maybe it is time to have the specs out in the open so that there could be more people working on making it more secure.

VoIP sure is useful but people sometimes abuse it. Like in the article about phishing and VoIP, phishers try to make things set up so that they could appear as though they are banks and they would make users call a certain number. How terrible to pretend something they are not! Quite sinister, if I may add. That is why people have to be very careful when it comes to such calls. One must validate the claims and check out the source. Checking the background is going to be an essential.

We need to be responsible with the technology that we use. This is especially when we use it for business. We never know who will be affected.

Tags: Network Security, Privacy-&-Anonymity, Real-World Issues

Categories: Network Security, Privacy & Anonymity, Real-World Issues

Leave a Comment