IT Security – the outlook for 2008

Written by Saran on December 28, 2007

Wireless networks and ways of protecting them will top most of the IT Security issues for the coming year. Predictions place wireless networks to slowly take over the now existing networks and development into WiMax which has more coverage area in terms of distance compared to WiFi is making this a fast reality. Players in the WiMax development include the biggest names in the wireless network area such as Intel, Samsung, Motorola and many more. Innovations will continue to push the technology to better and improved performance like never before.

Studies also show that more and more workers are turning to wireless computing for their network and office needs doing what they do in the most unlikely places such as coffee shops and anywhere else they can get a stable and sustainable connection. It also raises ethics issues for people will no longer be out of reach of networks and equally their jobs. Family time and other more casual needs for privacy and quiet time will be secondary for your boss can always reach you anywhere on the planet there is coverage of a network.

The death of satellite based communications has spurred rapid development of Voip allowing anybody connected to the internet instant access to telephone-like services without the use of dedicated telephone lines. This saves on telephone bills and has been in use heavily initially with call centers and has now shifted to mainstream use so more is to be expected of the technology in the years to come which may ultimately result in the death of the standard telephone service many opting for high-speed internet access instead.

The release of the Quad-core processors and planned development of more multi-core microprocessors fuels the future of laptop supercomputers which may come in following years. This and all of the better and improved technology will allow computing to soar into new heights making them a mainstay in our everyday lives for the future.

[tags]Multi-core Processors, Mobile Computing, Mobile Workforce[/tags]

Tags: ,

Categories: General, IT Security Basics, Network Security, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Storage, Wireless Security

Leave a Comment

Network Assessment tools – for a better/secure network

Written by Saran on December 25, 2007

In the time when people are going more and more mobile making the telecommuting concept a true reality, the existence of the wall-less office has slowly been realized. The shift to WiFi and other wireless networking solutions has allowed people to work like never before without the wires that tied them physically to desks. More and more areas like metropolitan areas are putting up hot spots that allow constituents to work within specific areas which already have existing wireless networks. Even offices have shifted to the technology due to cheaper implementation without the expensive wires needed for each and every workstation. Maintenance of said wired networks also proved to be a very challenging task due to the restricted spaces and conduits which housed them behind walls, ceilings and under the floors. WiFi allowed then network to function without physical connections allowing mobile devices to be connected and linked to the network which could be taken anywhere in the office.

The wireless office has indeed given us more in the area of freedom but it has also created a more vulnerable network for control on who gets which access and other security issues quickly emerged. Software and hardware systems like Retina from eEye Corporation allowed network engineers and managers to analyze and address security loopholes such as unauthorized devices connected to the network like the occasional iPhone and most other unauthorized wireless devices. It also serves as an analysis tools on the proper placement and function of wireless antenna which can be analyzed based on signal strength. Weak signals can mean re-positioning the antenna system or worse it could be a signal of a pending failure for a specific network device. It can also show the effectivity of the network in terms of utilization and bandwidth that is being effectively shared/used by the users.

[tags]Network Invetory, Network Usage, Maximizing Internet Use[/tags]

Tags: , ,

Categories: Cryptography, General, IT Security Basics, Network Security, Privacy & Anonymity, Real-World Issues, Security Policies, Wireless Security

Leave a Comment

Passwords and back-up…still the best defense against data loss

Written by Saran on December 22, 2007

Security experts agree and still recommend that passwords be as tough as possible to prevent access to information on computer systems/networks. Yeah, it sounds very redundant and has become a bit tiring to read but it truly is the best protection ever for a computer may it be in the office or home. Encryption is one of the most promising technologies that has swept the IT security arena but even these robust encryption technologies (hardware/software based) protection technologies can be circumvented given enough time and resources.

Some companies have even turned to military-grade encryption which is tough and almost impossible to break but a wrong move along the way (encryption, transmission and decoding) can lead to catastrophic data loss. Carbonite has another approach to data security by actually backing up data offsite from subscriber’s computers may they be corporate or home users. The initial process of copying and indexing may take a few hours or even days depending on the amount of data to be copied but the subsequent back-up process which is simultaneous (which means that it works in the background when there is not much going on in terms of resource use) as one connects to the internet. So you can be working all day and stop fro a few minutes for a coffee break and return to a computer that has all the necessary information backed up by the system automatically.

Data loss due to hardware failure, software corruption due to malicious code (viruses and the likes) and people simply being reckless and deleting information without following the proper assessment of the information still cost a lot of money to recover from and the approach Carbonite uses is a better option. The system uses secure military-grade encryption which even the Carbonite servers cannot break and use adding to it the use of SSL in the transmission of the information for one mean back-up solution. As a user in the article says, it is like getting an insurance policy for your data. More on the said technology in the coming posts so do return and check us out from time to time for more information on the latest and hottest information from all over the world in terms of IT Security. Merry Christmas and a Happy New year to all.

[tags]Data Security, Data Backup, Strong Passwords[/tags]

Tags: , , ,

Categories: Backups, Cryptography, IT Security Basics, Network Security, Real-World Issues, Security Policies, Wireless Security

Leave a Comment

Spam a continuing cost for Businesses

Written by Saran on December 19, 2007

No, it’s not the luncheon meat though we hope it was. It’s those annoying unsolicited messages or email that fills your mailbox at home and in the office is costing businesses a lot of money according to a study conducted by Nucleus Research Inc. coming up with a figure of $712.00 per employee as cost of spam per year. This goes to show the amount of wasted resources such as time and effort by employee’s and the amount of traffic it taxes on already burdened network systems.

ISP’s have had to add provisions as well in the form of hardware upgrades to increase capacity and storage unknowingly due to these uncalled for messages. Software companies are making a buck from all this but according to Symantec, almost 70% of all email that passes through the internet is spam and it costs a lot to handle and get rid of. Even if a company has the proper intercept software to prevent them from getting in, storage space in terms of quarantined email still carries some cost till it is deleted and sent into oblivion.

Even at home, you are not spared from the rigors of going through your junk email even with spam filters. Some who don’t bother or simply do not know how to use them experience worse than their protected counterpart having to deal with hundreds upon hundreds of them in a day. Transmission, storage and interception all have costs when you look at it from the point of a business and they all have to stop. Unfortunately, till the makes of these unsolicited mail is stopped at the source this might be an impossible task. Take the sample of an economic impact, Nigeria being one of the most likely sources of spam suffers greatly for a search engine due to the lessened priority given to the results containing the word Nigeria. Email with the same name are also intercepted and junked by most scanners thus limiting the information getting through about the African country.

[tags]Email Scams, Wasted Time[/tags]

Tags: , ,

Categories: General, IT Security Basics, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies

1 Comment

Another Bummer – Lost UK Driver’s data

Written by Saran on December 16, 2007

In addition to the very much weak security regarding the handling of information by government agencies, the UK Government suffers yet another blow with news that information for almost three million UK drivers is missing from a facility in Iowa in the US. The contractor for the British Government has lost the said hard drive from it’s secure facility in the said state and that there has no news yet as to where the information has gone to.

This adds another blow to the already tarnished reputation of Prime Minister Brown’s government for the recent loss of at most 8 CD’s containing tax and child support information in the UK. The said disks are still missing to this point and the reason behind the loss still unclear. In related news, the British Transport office in Ireland has also lost information regarding 6,000 motorists containing information from driver’s license numbers, addresses, and many more driver related information including the type of vehicle they drive.

This is poor showing for the British which has suffered a great deal of criticism from it’s parliament on the way information is handled and how it is mishandled. The incidents highlights more and more the need for more stringent control of information and the transport of such beginning from the roots as to why such a junior British government official had access to copy and burn CD’s straight off a supposedly secure government server. The recent incident has the missing hard disk formatted specially but sources will not confirm whether the said disk was encrypted. The said special formatting would render the disk and the information it contains unusable at best which was for use on special machinery (computers).

Tags: , ,

Categories: General, IT Security Basics, News, Physical Security, Real-World Issues, Security Policies

1 Comment

New Email Scam

Written by Saran on December 13, 2007

A new twist into the old email scam books, the fraudulent scam that asks for money from unsuspecting friends and acquaintances listed in your address books. True, many have been victimized by the said ploy wherein people gain access to your address book and sending out email that solicits cash funds to be wired to a location somewhere around the world. The scam began in Africa when a journalist began receiving unexpected calls and email regarding his misfortune in the African continent where he was supposedly on vacation and stuck in a hotel without any cash funds or other form of identification.

The incident used Yahoo which the perpetrator has broken into and taken the liberty of obtaining all the names and email addresses contained in the popular email facility service’s files. These addresses were then sent fake email messages telling the unfortunate story of you getting into misfortune somewhere and that you are in dire need of cash which you are supposed to pay back as soon as you return from the said trip ending the ordeal. It is a fake emergency message though and there have been many reports of similar cases happening using all the email services around. How the thieves got into the address book getting the necessary information is still a mystery and the guy who reported it first (who happens to be in the journalism business) had to go through a long process of getting all the account information from yahoo through phone after a lengthy conversation to prove that he was actually who he claimed to be. So, people be alert for the said scam and be sure to verify all incidents with the senders as well as alert all members of the family and your friends of such crazy behavior.

Tags: , ,

Categories: General, IM, Instant Messaging, IT Security Basics, News, Privacy & Anonymity, Real-World Issues

Leave a Comment

PCI DSS – The Answer to Credit Card Fraud

Written by Saran on December 10, 2007

PCI DSS or short for Payment Card Industry Data Security Standard, is designed as a security protocol that has been agreed upon by industry for applications in Credit card payment systems. Due to ever increasing problems and losses incurred by firms due to credit card fraud they have agreed to implement a data security protocol that encrypts data in transit to the various local card centers. The standard calls for a unified set of rules or parameters to be used in card centers to prevent and maintain security at all levels from the retail store where the data is collected, in-transit as it travels through the internet and as it is processed and stored in the data centers.
IBM has introduced the first PCI-DSS End to End system for implementation on the HughesNet Broadband Network Service. At a time when compliance is at a mere 50% these types of data security become imperative to prevent more losses and other problems associated with fraud and other criminal activities. The standard also applies and recognizes the needs of wireless networks through which a set of analytic and diagnostic processes are required. The PCI Standards Security Council who formulated the said standards are in constant process of reviewing and revising the said set standards as needed due to the ever-changing status of the internet and the business that goes through it.
Around 90% or more of most credit card transactions go through a public network in one stage or another as it makes its way to the central data center which makes it vulnerable to attack. The adoption of cheaper high-speed internet has companies turning to the public net opposed to the previously expensive dedicated T1 lines usually used by businesses. It also allows transaction data to be transferred through one single phone line thus lowering overhead costs making it the better choice for businesses.

Tags: , , , ,

Categories: Cryptography, General, IT Security Basics, Network Security, Physical Security, Real-World Issues, Security Policies

Leave a Comment

It Security – Interpol

Written by Saran on December 7, 2007

The threat of IT security has reached such a level that even Interpol has gotten involved in the action. Many crime syndicates operate beyond the normal bounds of borders and business organizations that the Policing Agency has information for all concerned regarding the security and intrusion prevention of computer systems.

The said Interpol IT Security document aimed for investigators of crimes related to IT security, highlights the need for an established set of rules that should be enforced for all people in business or other locations such as the home and elsewhere. In the said document, there is an extensive article that deals with information interception which is now becoming the most prevalent form of attack on networked computers. Firewalls are also not that effective if not configured properly and the addition of an internal and other security is needed to increase the level of protection that is needed. File deletion as may of us in the IT community knows deletes only the directory entry of the said file and not the file itself. It can be compared to deletion of a filing cabinet label without actual removal of the folder that contains the document itself. Utilities like Wiperaser Ultra for clearing deleted data are available on the market which routinely scans all tagged free-space on a hard drive and erases all the data contained within. There are also utilities available for the recovery of deleted files like software from Handy Recovery, a data recovery software which can prove valuable in security breach investigations checking for unauthorized files in an employee’s workstation. There are even recovery companies who specialize in recovery of data from tragically destroyed hardware such as those that have suffered fire damage and many more such as SalvageData whose specialty is to recover information from damaged hardware.

Tags: , ,

Categories: General, IT Security Basics, Malware, Network Security, Operating Systems, Real-World Issues, Security Policies, Storage, Tips

Leave a Comment

Credit Card Fraud Peak Season

Written by Saran on December 4, 2007

True, the holiday’s is the hottest time when credit card fraud runs into the millions of dollars. There are many incidents of fraud out on the market and shopping is a very casual task many take for granted. A leading credit card company from the US reported losses in the millions of dollars that they do not readily publicize for it has an impact on their customers confidence in their systems.
There is no true protective measure for something as small and compact as a credit card which in the wrong hands can cost you a few hundred dollars or even max out your credit limit. Crime syndicates use the said tactic for their illegal activities where they have people who handle these fraudulent transactions. There is still a wide open gap when it comes to credit card which may be covered by newer fool-proof security. The addition of biometrics to the standard card swipe can provide an added level of security along with fingerprinting.
Simple steps can also be taken to prevent these actions towards you such as being careful where and when you use your credit cards. When paying, be sure to have in plain sight the reader or terminal where the card is swiped to be sure they are used only for the intended purchase a card fraud scheme wherein a separate card reader is used to record the information contained within the card has been going on for a long time where the captured information can be used for purchases. Before signing the print-out or receipt, be sure to check all details such as the purchase amount and other such vital information. If you do end up loosing a credit card or your whole wallet, immediately call your card company so the said card can be tagged as stolen so further purchases are not billed to you. If there happens to be any inaccuracies in your card’s statement, call information at once for there may be a problem with your card of worst somebody may have already copied the information from your original card. Vigilance and awareness is the key so be on the lookout for any dubious people around you. Keep safe people and a Merry Christmas to all.

Tags: , , ,

Categories: General, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Tips

Leave a Comment

The Security problems of Torrents

Written by Saran on December 1, 2007

torrents.jpgEver since it was introduced, torrents have flourished into one of the world’s most widespread file sharing protocols in use today. It was introduced as a method of sharing huge files without the worries of heaving one source or having to consider the varying bandwidth’s people are linked to the internet through all the world’s providers ( different providers offer different bandwidths and speeds and they vary from country to country). The system is a no-fuss file transfer protocol that does not rely much on bandwidth. Another advantage is that there is no spy-ware or pop-up advertising on bit-torrents.

The system has a server that hosts the bit-torrent file sharing system and all the users have a client side program that connects to that said server facility. When a user conducts a search, the server provided the user with the most likely source of the said file and allows the user to get the said file from those sources that are mirrored or specified in the server’s database. The future of bit-torrents is to eliminate the need for centralized servers running the host applications and to get both server-side and user or client side programs installed onto a pc without a need for the remote server.

Now for the dark side, the said ongoing improvement of eliminating the server side of the system is to eliminate the need for toughened security at the server end where one can get the history and IP addresses a user has gone through. There is also growing concern for the said file sharing technology has now being used as a propagation grounds for pornographic materials over the internet. Do a quick search on torrents sites and you’ll se what I mean. Also, being a straight-forward file sharing system, as the data travels through the internet anyone intercepting the said file can easily get any information they want for the simplified processing and file transfer is accomplished by taking away most of the security features other systems employ. The elimination of security makes transactions (file transfers) faster but less safer and vulnerable to attack.

Tags: , ,

Categories: General, IT Security Basics, Malware, Network Security, Real-World Issues, Spyware

Leave a Comment