McAfee, one of the industry’s leading software developers of anti-virus software have through its Avert Labs has discovered a new Trojan that infects WindowsCE which was developed for the Microsoft PocketPCs. The Trojan, disables data and network security rendering it useless and can be installed via memory card. The Trojan has the nasty ability to defy removal through software methods with the exception of a total re-format and re-installation of the applications and OS from a secure and safe source. Infected users are also asked not to use flash drives or memory sticks with saved data for they can also contain the code which spreads the trojan.The Trojan was discovered in China and makes itself the home page of the heavily reliant PocketPCs on the web. Information regarding the device, serial number and other personal information are then sent to the author of the Trojan leaving it open to future attacks and installation of malware due to security that has been turned off by the said Trojan.
The Trojan has been found contained snugly within legitimate installers and Asia being one of the fastest growing areas for mobile devices it would only take a little time before the said Trojan aptly named InfoJack spreads and wreaks havoc on Asia’s growing mobile PC community. The US-CERT or Computer Emergency Readiness Team has already taken notice of the said Trojan and is closely monitoring for further developments. Them along with anti-virus developers are currently developing methods of defeating the perpetrator and hopefully also capture the crook who designed the said malware.
Tags: PocketPC, Trojan, US-CERT, Windoes CE
Categories: Backups, Cryptography, General, IT Security Basics, Malware, Network Security, News, Operating Systems, Real-World Issues, Spyware
As the evolution of the lowly hard drive goes with the increase of storage capacity into the terabyte range and hardware based-encryption it seems that data cannot be more secure once it is stored within the said hard disk. Well, according to WindowsIt Pro, not totally for based on their testing of several hard drives that come as wireless removable storage devices you connect to your USB 2.0 ports, it ain’t that secure after all. The device/s tested was even secured by a wireless security key that used rfid technology to unlock the drive for use by authorized users only (which in the real world is anyone who has the keychain key).
The name and brand which we would not name for obvious reasons have indeed admitted the weakness and that the advertised capability of the drive was wrong. As it turns out, the true 128-bit AES security system was used only by the RF chip and the controller on the drive which was easily defeated by removing the drive from the case and connecting to a now standard SATA drive connector. The drive was encrypted, but not at the ‘military grade’ levels that were advertised for the encryption chip used only a basic encryption level which was not up to par with accepted high-encryption standards.
Both the manufacturers of the controller boards, casing and key, have acknowledged the flaw and promise a more robust system (which is to use a more secure encryption chip that is said to come out this year but is still only in development) by the end of the year. So we guess the false advertising with regards to the encryption standard of the drives should be changed from ‘Strong 128-bit AES encryption’ to ’standard encryption’, which would only be fair for people do make choices based on the products qualities and capabilities.
Tags: data-security, Encrypted Hard Drives, encryption
Categories: Backups, Cryptography, General, IT Security Basics, News, Physical Security, Real-World Issues, Security Policies, Storage
The accessory cards for the standard PC has become so widespread that they come in many shapes and form allowing the connection of any number of security cameras. Triggered systems which rely on other security deterrents for activation allows the people monitoring the site to save on storage which used to be a bank of video recorders that were set to record in extended mode on a loop in a back office which was hopefully secure enough to prevent tampering and destruction by perpetrators. Off-site security allows monitoring over high-speed internet lines of the site without the danger of loosing valuable evidence in the form of video footage safely secured onto the company’s own storage servers or can be out-sourced to off-site data storage companies like Iron Mountain who specialize in secure and reliable data storage. The advent of high capacity hard drives like the Toshiba Terabyte Drive allows a huge amount of data to be stored with minimal hardware footprint. Seagate on the other hand has gone a step further by releasing hardware-based encryption in it’s hard drives which can be activated with the use of the Operating System making for one ultra-secure hard drive (well, till you forget the password or key to decrypt the drive making it useless or exceed the MTBF of the specified drive, ouch.. that’s 931 GB of lost data).
Security has become an ever present need and so is the drive to protect assets that are the essence of business organizations. These newer and cheaper versions of security systems add a level of security that assures us our assets stay safe and secure in the event of either man-made or natural disasters that are becoming quite common as life becomes harder and money is harder to come by turning people to a life of crime never before seen on this earth.
[tags]Securing Assets, Security[/tags]
Tags: Asset-Protection, Remote-Security-Systems, Security-Systems, Video-Surveillance, Wireless-Surveillance
Categories: Backups, General, IT Security Basics, Network Security, Privacy & Anonymity, Real-World Issues, Security Policies
Security cameras in its many shapes and forms have evolved into more of a necessity rather than a luxury usually available to those firms who could afford it. Developments in CCD technology and miniaturization of electronics components have allowed the price to fall steady making them widely available and easy to deploy. Similar to webcams, IP based security systems like the one from LPM, are now more and more becoming well accepted for like VoIP, it allows the video feed from a site hundreds of miles away to be sent over the internet to a security center in the company’s security center allowing centralized monitoring of warehouses and other facilities that would otherwise need security personnel saving in manpower costs.
The technology has evolved to a point that all one needs for IP-based security surveillance monitoring is a peripheral card one installs into the standard PC and the necessary cameras that are desired. Another deterrent of security systems of past was the requirement for extensive cabling which can be quite costly if one wishes to monitor a large area which needs to have all supporting cabling installed (power, video feed cables, audio cables, etc.). The advent of the many wireless radio communication technologies have also contributed to ease of implementation allowing wireless communication between a site’s central console and it’s subordinate cameras, who then send the information through the internet to it’s security base which can be a few blocs to hundreds of miles away.
[tags]Security Systems, Video Surveillance, Remote Security Systems, Asset Protection [/tags]
Tags: Asset-Protection, IP-Based-Surveillance, Remote-Security-Systems, Security-Systems, Video-Surveillance
Categories: Backups, General, IT Security Basics, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Storage
USB has been around for quite sometime and was designed to replace the interface capabilities of the old legacy standard. Today, most PC’s, Laptops and other peripherals have USB ports or have the capability of connecting to one such as keyboards, mice, digitizing pads, digital camera’s, video camera’s, flash disks and the device types goes on and on. They have become so common that many security experts warnings on their danger have gone unheeded, till now that is. Recent security holes and other problems associated with malware and viruses that have been transmitted through the USB port have risen to the point security people had to listen. These interface ports are quite convenient and easy to use that even the most beginner can plug an infected device such as a flash disk loaded with malware or viruses that they easily get through standard security. They are so small that physically banning them can be next to impossible and I’m sure you’ve read the several articles regarding the iPod which was connected to the corporate network…etc. Expert’s advice that to minimize their use for no good, disable them on-board or do not bother connecting them at all at the hardware level. This would render them truly unusable for some people however innocent of the workings of a PC or other computer type can enable them in the control panel easily. Unbeknownst to many, most devices that have flash memory can be used to store files other than video or pictures for they can be formatted using the operating system’s format utility or the propriety software such as iPod’s iTunes which can have even the most basic iPod Shuffle function as a flash disk allowing transport of say documents and other such files.
Tags: Flash-Drives, USB-devices, USB-Dongles
Categories: Backups, General, IT Security Basics, Malware, Network Security, Operating Systems, Physical Security, Security Policies, Storage, Tips
Security experts agree and still recommend that passwords be as tough as possible to prevent access to information on computer systems/networks. Yeah, it sounds very redundant and has become a bit tiring to read but it truly is the best protection ever for a computer may it be in the office or home. Encryption is one of the most promising technologies that has swept the IT security arena but even these robust encryption technologies (hardware/software based) protection technologies can be circumvented given enough time and resources.
Some companies have even turned to military-grade encryption which is tough and almost impossible to break but a wrong move along the way (encryption, transmission and decoding) can lead to catastrophic data loss. Carbonite has another approach to data security by actually backing up data offsite from subscriber’s computers may they be corporate or home users. The initial process of copying and indexing may take a few hours or even days depending on the amount of data to be copied but the subsequent back-up process which is simultaneous (which means that it works in the background when there is not much going on in terms of resource use) as one connects to the internet. So you can be working all day and stop fro a few minutes for a coffee break and return to a computer that has all the necessary information backed up by the system automatically.
Data loss due to hardware failure, software corruption due to malicious code (viruses and the likes) and people simply being reckless and deleting information without following the proper assessment of the information still cost a lot of money to recover from and the approach Carbonite uses is a better option. The system uses secure military-grade encryption which even the Carbonite servers cannot break and use adding to it the use of SSL in the transmission of the information for one mean back-up solution. As a user in the article says, it is like getting an insurance policy for your data. More on the said technology in the coming posts so do return and check us out from time to time for more information on the latest and hottest information from all over the world in terms of IT Security. Merry Christmas and a Happy New year to all.
[tags]Data Security, Data Backup, Strong Passwords[/tags]
Tags: Carbonite, data-security, hardware-failure, Online-remote-data-back-up
Categories: Backups, Cryptography, IT Security Basics, Network Security, Real-World Issues, Security Policies, Wireless Security
Flash drives have become commonplace in just about anyplace where we use computers. These compact digital storage devices have replaced floppy disks, cd’s and other bulkier forms of storage that used to be the easiest way to transport data from point A to B. It also has the convenience of being as small as a keychain or an eraser so it fits just about anywhere like your coat pocket.
Enough of the good sides and to the bad sides of this technology for they are truly a security risk for they can become a propagation media for many problems such as viruses, worms and even be used to sneak information in and out of the workplace. Tis’ true that many a security programs such as programs that check for viruses and other problematic stuff contained within them but it is still very hard to determine if it does indeed pose a threat to the company or others who might be using the systems they are connected to.
Even the portable media players have the capability to be formatted to not only carry music but information as well. Products like the Apple’s Ipod series can be configured to carry video, audio and data in the form of files and documents. The only sure way to screen these products for stolen information is to scan them individually for any suspicious data/information. Their ability to connect to just about anything that has a USB port tends to raise the risks further.
Responsible use and strict control in their use and bringing into the workplace might sound a bit too paranoid but when conducted in the proper manner might provide some protection. Entry into restricted areas such as data centers and other server areas must also be looked into due to the potential for information leakage and the introduction of viruses and other dangerous programs.
Tags: data-security, Flash-disks, Mp3-Players, portable-digital-data-storage
Categories: Backups, General, IT Security Basics, Malware, Network Security, Real-World Issues, Storage
Information is knowledge so information is power. Much so that data that is used, stored and shared within a business environment as all of us know is the subject of too much security that has data centers locked up away from the actual site. Some companies even have armored or secure clean rooms where if something was to happen in the actual office or work site the data center can survive anything under a nuclear blast. But most it professionals still forget the importance of integrity of data that is stored within these data centers.
Yes they have been secure for all the years the several servers have been sending and retrieving data to and from the data center but is the information that we work so hard to keep intact accurate? What if some malicious code somewhat managed to sneak past the thousand dollar anti-virus and other protective software? And has been wreaking havoc within the data center walls? I mean, they do not have to destroy or corrupt the data for as simple alteration of making 1’s into 0’s could be enough to reduce all the information stored within useless.
That is where redundancy comes in which many people now consider to be an old fashioned approach and a waste of important resources. Say a back-up tape/s of all the initial data that is updated with current data say yearly and processed with the same information that entered the data center in a parallel run to see if all was well. It might seem to be a lot of work and investment of manpower but it is assured to keep the integrity of all the information within, going in and out of all data centers. Say a 1,000,000.00 pension suddenly turned into a 1,100,000.00 pension, wouldn’t that ruin your day?
That’s why companies like RSA’s Enterprise Data Security offer in Data security and control systems to prevent such problems from arising in the first place. In any system, the weakest link is till the human operator who can easily misplace a file or other data that can make or break a company. So instead of having to develop their own systems for the same purpose, most opt to hire someone to do that job for them which allows the business to do what it was put up to do, earn a profit.
Tags: Data-integrity, Real-World-threats, security
Categories: Backups, General, IT Security Basics, Network Security, Privacy & Anonymity, Real-World Issues, Security Policies, Storage
It would only be normal to find shared folders in the default setup of Windows operating systems. This can be easily seen once a person would go to the explorer option of his computer where shared folders are waiting to be accessed. This is automatically made for access if people connect to a network and would not set the security policies and accessibility on a restricted basis which only allows administrators to access them.
The importance of setting security levels to avoid such access to folders is important. Not al people are aware of the harmful things an unauthorized user may do once he gets the chance to intrude in another person’s workstation. Aside from probable back-ups, a person may lose the files contained in such folders if he is not careful. Hence it is best to do the precautionary measures before hand to avoid unwanted avoidable circumstances would ensue.
[tags]shared folders, security policy, network security[/tags]
Tags: Network Security, security-policy, shared-folders
Categories: Backups, Cryptography, IM, IT Security Basics, Instant Messaging, Network Security, Physical Security, Privacy & Anonymity, Security Policies, Storage, Tips
Information gathered by a company will always be important and they should not be shared, disclosed or disregarded in any way, since they are the life stream that a company or organization thrives on. Normally, information would be stored in databases and only authorized personnel would have access to them for reference and study on current and probable studies for overall organizational performance.
The security of information is usually left to the jurisdiction of the database administrator and information technology section of companies. While some would consider this department as all computers and no importance, the position they actually hold is important and should be given notice.
Many would consider IT people as expendable, but the truth of the matter is, they bring the secret and the backbone of a company’s information gathering background, and should breaches be experienced, they would be the first ones to know how to do it.
[tags]information security, database administration, servers, network administration[/tags]
Tags: database-administration, information-security, network-administration, servers
Categories: Backups, IT Security Basics, Network Security, Privacy & Anonymity, Storage, Tips
McAfee, one of the industry’s leading software developers of anti-virus software have through its Avert Labs has discovered a new Trojan that infects WindowsCE which was developed for the Microsoft PocketPCs. The Trojan, disables data and network security rendering it useless and can be installed via memory card. The Trojan has the nasty ability to defy removal through software methods with the exception of a total re-format and re-installation of the applications and OS from a secure and safe source. Infected users are also asked not to use flash drives or memory sticks with saved data for they can also contain the code which spreads the trojan.The Trojan was discovered in China and makes itself the home page of the heavily reliant PocketPCs on the web. Information regarding the device, serial number and other personal information are then sent to the author of the Trojan leaving it open to future attacks and installation of malware due to security that has been turned off by the said Trojan. 
