Employee’s love them, Network Administrators hate them, the advent of more function packed handheld devices have sparked a re-evaluation of the threat these small devices pose. Traditionally, networks were quite safe for to gain access to it you needed to be hooked up to the network, physically with a LAN cable. Now that the shift to wireless has become the network engineer’s best friend the network has surely been simplified and companies are switching to the new technology. Thy no longer needed wires and all existing computers are either replaced with ones that support Wi-Fi or bought individual dongles that allowed connection within the office. That was still an easy security agenda for they usually had a range of a couple of hundred feet.
Then came wireless internet hotspots which commercial developers started to put up to get more workers out of the office into their shops allowing them to work while, say having coffee. That’s where the problems began for the more office correspondence left the walls of the office, the more harder was it to secure. VPN’s were implemented that allowed a secure channel within existing networks making it a bit better. But that was still quite vulnerable to attack and security experts needed a better way of securing corporate data where-ever the user might be. Projections by business and security analysts estimate volume to increase to 100 million email transactions to and from outside the office locations that is still causing nightmares as the next step is found in the drive to secure this network without physical bounds.
[tags]Handheld Computing, Mobile Computing[/tags]
Tags: hackers, internet, security, Vulnerabilities, Wireless
Categories: Cryptography, General, IM, IT Security Basics, Instant Messaging, Network Security, News, Real-World Issues, Security Policies, Wireless Security
The evolution of the internet has given us the Web 2.0 which is a more open form of the previous internet. The traditional internet had people and companies make their own web sites on their own computers or servers, with anybody else just logging in and getting (actually it’s more of reading) the stuff that you need and leave without getting a chance to tell the site’s owner if the information was either very helpful or a complete waste of time. Net 2.0 has allowed the opening up of borders between the said linked computers allowing people to become more interactive in their use of the web. You search for an article on the web through a search engine and find yourself in a blogging site. The information you find is very much useless so you leave a comment telling the owner such. He then reads the post and makes the information on the blog more informative thus giving him feedback on the contents of the site. This was totally unheard of in the old internet days when, what you see was what you got (literally).
The social Net 2.0 has allowed users to influence the way the internet is setup along with the information it contains. Companies get instant feedback from users thus allowing them to improve customer services. The problem, exploits or another form of malicious code that is up to no good. Imagine a social web site like MySpace where you have a page that you share over the net with your pal’s. A hacker finds a hole in the security net and leaves a few short lines of code in the form of a hidden program. It then takes all information you send and receive or use, such as purchase information from internet-based companies. This exploit, turns your page or rather the information gathered from it into his personal atm machine, using the information he has leeched and goes on a shopping spree online. Sounds crazy? You figure it out. Google found almost half a million of such exploited sites out of only 4.5 million surveyed sites (which is only a fraction of the total computers linked on the internet).
You do the math….
Tags: Exploits, identity-theft, Privacy-Issues, security
Categories: General, IT Security Basics, Malware, Network Security, Privacy & Anonymity, Real-World Issues, Spyware
In the news, the British Prime Minister Brown has expressed concern regarding the recent security breach that left about half of the British population’s addresses and banking information out in the open, well somewhere out there. The said information was lost while in-transit through the British Post system contained within two computer data disks. This headline dated November 21’st of this year highlights the need for greater security with regards to the handling and safekeeping of vital personal information.
The event happened when a Junior official of the British Government’s Finance Department downloaded the information off a government website for use on another agency. It was then sent through courier service to that agency which was not named but when the disks didn’t arrive after a few days alarm bells started to ring and the police was brought into the investigation to help with the case. The problem was so great that the British Prime Minister apologized to the British public when speaking in Parliament much to the disgust of the MP’s and the public in general.
This event sparks new urgency in the way we handle and treat information even those categorized as personal. The information that was lost had information that was needed for the processing of millions of child and senior benefits support processing which is expected to result in outrage and disgust among many of the affected individuals.
Government’s from around the world spend millions of dollars in safeguarding information of all sorts and questions do arise from such cases such as why a junior officer had access and was even allowed to copy the said information out of a government server down to computer disks.
Tags: banking-information, information-security, lost-information, personal-data, Security Policies
Categories: General, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues
The last post tackled the damage an internal threat might do to a person on the outside of a business organization. This post deals more with the threat from within from the viewpoint of the targeted organization itself. The problem with an internally planted backdoor or some other form of malware is that it is integrated with the programs themselves that are supposed to provide security to the system. The system that is affected can most of the time be freed of these stated threats by re-installing the said application with a version that is free of the problem code.
Just imagine the amount of information that has to be moved, re-processed and re-stored just to make up for a few lines of code that has been very well placed, hidden from view. Firewalls were supposed to prevent intrusion to links of the organization from the outside and inside but if the firewall was not to know the workings of the said code, it would recognize it as a legitimate process and allow the transfer of data without taking a second look. Corporate espionage has rival companies trying to get at the other’s secrets in hopes of getting ahead of other competitors. In the US, the FBI and other Internal security forces continuously monitor such activities such as the problem when stocks were manipulated within the Stock Exchange itself to boost the value of a particular stock to favor investors.
The risks the information we entrust to companies who serve us is great and sure they do take all necessary preventive measures as much as they could, but a threat from within is truly an adversary to be dealt with.
Tags: back-doors, hidden-code, Malware, trojans
Categories: General, IT Security Basics, Malware, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies
It Security, is a cat and mouse business comprised of people trying to get the best of the other. People are always trying to get into a company’s servers to get information and the other half is the ones who are trying to prevent them from doing so.
This is quite a difficult task for these people use very sophisticated techniques in the form of code to do so. One very difficult problem is that if the treat and protector are the same. In the industry, these security experts are a select few and many have been all over the place in terms of companies they have worked for. With ever soaring prices paid for privileged information either for industrial espionage or personal gain it does pose a serious temptation to these professionals.
Most maintain their integrity by playing by the rules, but a few fall to the lure of a quick buck. Many instances of threats to many companies being discovered to have originated from within are on the rise and companies are going to lengths to getting people to look after the other. After all, we are only humans and many of us do need the extra cash but don’t you think there’s a more honest way to make it. People just don’t realize the importance of their information stored within say an insurance company of which they are a client of. If that information were to leak out into the open that can reek havoc on the finances of an individual or worst a whole client list full of it. Such leakages have ruined companies before resulting in bankruptcy and subsequent closure.
So to you guys, keep it clean for all of us depend on it. Maybe not me, but a whole lot of other innocent people out there can fall victim to a tragedy just because of a CD full of information you get paid a few hundred bucks for. And a warning, never ever think that no one is watching for someone surely is…
Tags: corporate-espionage, internal-security, Real-World Issues
Categories: General, IT Security Basics, Network Security, Operating Systems, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies
Many of us have been using Windows XP for quite sometime in it’s many forms and versions. We have Media Center Edition, Windows XP SP1 and the one which is now most common Windows XP SP2. An independent demonstration of vulnerabilities by the British Government and Private industry (which was also an indirect drive to get more people to shift to the more recently released Windows Vista) to show a wide open gap in the security measures implemented by computers still using Windows XP SP1 without any protection (anti-virus, firewall and other upgrades implemented by the parent company after the products were released to the public).
The test involved two officers from a special task force that handles crimes such as those related to computer fraud, piracy etc. It showed how easy it was to get hold of tools that searched for vulnerabilities on a computer running the said Operating system without the owner/user even knowing about it. These tools are widespread on the internet and can be downloaded for free. After getting knowledge of the vulnerability list which can include open ports and much other wireless vulnerability, the second officer then proceeded to make a program in MS-DOS which was then sent and executed onto the victim computer.
Viola, in a matter of minutes the second officer has gotten hold of many vital files such as password lists, credit card information, bank statements and other personal information that may be stored into the said victim unit under a quarter of a minute.
Many such vulnerabilities have been discovered in the XP generation of Operating Systems since its release in 2003 and Microsoft has continued to come out with patches to resolve such issues. Vulnerabilities such as simple programs that can disable the windows firewall have been publicly released on the internet and are quite numerous. To date, Microsoft has managed to keep up with these vulnerabilities but XP remains open malicious attack. Asked for their opinion, a Microsoft executive replied that it truly was alarming but that all those vulnerabilities have been addressed with the release of XP SP2 and all subsequent updates and patches.
Tags: Media-Center, windows-xp, Wireless Security, Wireless-networks, XP-SP1-and-XP-SP2
Categories: General, IT Security Basics, Malware, Network Security, News, Operating Systems, Real-World Issues, Security Policies, Wireless Security
Many events both as a result of actions by man or by nature that have spelled disaster to all of us who rely on the internet for communications and many other neat stuff we just like to do. Many of us forget how complicated the Internet really is and that a failure in the many parts that make it up can ruin all our day’s. The recent earthquake in Taiwan that resulted in a collapse of one of the net’s major arteries to and from Asia to the rest of the world resulted in billions of damages in terms of revenue of internet based companies all around the world. Sabotage still remains a major risk to the information highway for a properly placed explosives device can disrupt internet traffic if it were to sever the fiber optic and high speed copper based links that inter-connects all our computers.
May it be natural or man-made disasters; there is good news and bad news for all of us. First the bad news, for the net however great a leap it has become from its first implementation will fail again. It is just a matter of when and not if it will happen. All technology has an Achilles heel that can bring it down to its knees. The good news, well it would be good to know that the cables used on newer inter-link installations may they be under ground or water is protected by some of the most technologically advanced materials in the world. Kevlar and Nomex are synthetic materials that form the sheathing or casing that protects these cables which makes them so tough allowing them to withstand the rigorous conditions under the sea or under ground. What better way to protect these sensitive and vital cables that with the same materials used for bullet and fire proof vests and coats used by the police and firemen.
They are quite expensive and costly to lay but they do allow us to stay connected. One of the best news for us is the laying of new links between the continents rather than having to rely on one single cable. Many links have been laid across the seas to form a redundant web on inter-connected links that allows a severed path to travel through another path.
Tags: Communications, Copper-based-Internet, Data Cabling, fiber-optic, internet, Kevlar, Nomex
Categories: General, Network Security, News, Real-World Issues
Flash drives have become commonplace in just about anyplace where we use computers. These compact digital storage devices have replaced floppy disks, cd’s and other bulkier forms of storage that used to be the easiest way to transport data from point A to B. It also has the convenience of being as small as a keychain or an eraser so it fits just about anywhere like your coat pocket.
Enough of the good sides and to the bad sides of this technology for they are truly a security risk for they can become a propagation media for many problems such as viruses, worms and even be used to sneak information in and out of the workplace. Tis’ true that many a security programs such as programs that check for viruses and other problematic stuff contained within them but it is still very hard to determine if it does indeed pose a threat to the company or others who might be using the systems they are connected to.
Even the portable media players have the capability to be formatted to not only carry music but information as well. Products like the Apple’s Ipod series can be configured to carry video, audio and data in the form of files and documents. The only sure way to screen these products for stolen information is to scan them individually for any suspicious data/information. Their ability to connect to just about anything that has a USB port tends to raise the risks further.
Responsible use and strict control in their use and bringing into the workplace might sound a bit too paranoid but when conducted in the proper manner might provide some protection. Entry into restricted areas such as data centers and other server areas must also be looked into due to the potential for information leakage and the introduction of viruses and other dangerous programs.
Tags: data-security, Flash-disks, Mp3-Players, portable-digital-data-storage
Categories: Backups, General, IT Security Basics, Malware, Network Security, Real-World Issues, Storage
The wireless revolution has fast taken over the world with more and more people opting for the convenience of not being tied to a specific place due to …. what else wires. This revolution was brought about by the first and primitive beginnings of the garage door openers, cellular phones and many more. The technology has proven to be a very successful one, but like many new technologies they do have problems and detractors who say it is too much a risk to go wireless.
True to this, many fear of the amount of information that is simply just being transmitted for anyone with the right equipment and know-how to grab and use for personal gains. Yes there are security programs, certificates and other proven authentication systems out on the market that do allow secure and safe computing without wires but they have a long way to go to provide a foolproof way of doing it. Radio waves are invisible yet present all around us and is a form of radiation however minute or insignificant the amount may be. To this effect, many schools have dismantled wireless networks that were hastily put up without extensive health risk studies. This was done for wireless equipment saves schools and other enterprises from having to hardwire data ports anywhere a connection to the school network or internet is needed(copper wires are very expensive and so is the installation costs). Another study by the Health Physics Society and the WHO shows more proof and information regarding the said effects of the technology on the human body.
So till we get to understand the phenomenon better and try to reduce the risks with improvements better be cautious( Not to totally avoid all wireless technology based products) and use common sense in the use and purchase of such equipment.
Tags: Health-Risks, internet, Wireless
Categories: General, News, Real-World Issues
Information is knowledge so information is power. Much so that data that is used, stored and shared within a business environment as all of us know is the subject of too much security that has data centers locked up away from the actual site. Some companies even have armored or secure clean rooms where if something was to happen in the actual office or work site the data center can survive anything under a nuclear blast. But most it professionals still forget the importance of integrity of data that is stored within these data centers.
Yes they have been secure for all the years the several servers have been sending and retrieving data to and from the data center but is the information that we work so hard to keep intact accurate? What if some malicious code somewhat managed to sneak past the thousand dollar anti-virus and other protective software? And has been wreaking havoc within the data center walls? I mean, they do not have to destroy or corrupt the data for as simple alteration of making 1’s into 0’s could be enough to reduce all the information stored within useless.
That is where redundancy comes in which many people now consider to be an old fashioned approach and a waste of important resources. Say a back-up tape/s of all the initial data that is updated with current data say yearly and processed with the same information that entered the data center in a parallel run to see if all was well. It might seem to be a lot of work and investment of manpower but it is assured to keep the integrity of all the information within, going in and out of all data centers. Say a 1,000,000.00 pension suddenly turned into a 1,100,000.00 pension, wouldn’t that ruin your day?
That’s why companies like RSA’s Enterprise Data Security offer in Data security and control systems to prevent such problems from arising in the first place. In any system, the weakest link is till the human operator who can easily misplace a file or other data that can make or break a company. So instead of having to develop their own systems for the same purpose, most opt to hire someone to do that job for them which allows the business to do what it was put up to do, earn a profit.
Tags: Data-integrity, Real-World-threats, security
Categories: Backups, General, IT Security Basics, Network Security, Privacy & Anonymity, Real-World Issues, Security Policies, Storage
Employee’s love them, Network Administrators hate them, the advent of more function packed handheld devices have sparked a re-evaluation of the threat these small devices pose. Traditionally, networks were quite safe for to gain access to it you needed to be hooked up to the network, physically with a LAN cable. Now that the shift to wireless has become the network engineer’s best friend the network has surely been simplified and companies are switching to the new technology. Thy no longer needed wires and all existing computers are either replaced with ones that support Wi-Fi or bought individual dongles that allowed connection within the office. That was still an easy security agenda for they usually had a range of a couple of hundred feet.
