This has been proven true by incidents broadcast around the world in minutes or hours after they have happened. Many have suffered the consequences of such incidents in the UK, US and mostly each and every place on earth where people have had their information taken and used for no good before there was even a sign that there was a problem.

Big business has been reminded again and again that complacency is it’s worst enemy and they have failed again and again at the area. Why? Well first, total protection is almost always imperfect and somebody out there with enough intent and resources can break-in however expensive the protection methods may be. Next is that the best systems for protection is always the ones that cost too much yet they still remain vulnerable and hackable. Contrary to most ad’s you see in print, the internet or your Television there is no one true solution to protection, for if the hardware and software measures succeed in protecting you, the human behind the computer/s are always the biggest risk. That is why even the most expensive solutions are used in conjunction with other solutions to provide the best of both worlds combining physical and software solutions hoping that combination will be enough protection from the continuous influx of attacks from the web and elsewhere. Encryption is nice but it takes a lot of computing power to implement making it too expensive for implementation on all levels of the company. All of these high-tech solutions and hardware would be nothing if the people using the various computer systems in the said organization fail to use them so the weakest link in every system is still the human. Strict adherence and compliance is the key with systems that process information somewhat autonomously already in use doing the searching and classification of information without the user’s input. This uses the latest in Artificial Intelligence with minimal intervention or input from the users.

Tags: IT Security Basics

Categories: Cryptography, General, IT Security Basics, Network Security, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies

2 Comments

Wireless networks are becoming increasingly common these days, ranging from home use to businesses. Increased mobility within the network’s range and the reduced cost of installing a LAN without cabling are but some of the advantages you can get when using Wi-fi. It’s major disadvantage lies in the higher security risks of unscrupulous users hacking into your personal data and gaining access to the Internet to your network. Here are a few precautions you could take to ensure your network security:

Change the default administrator passwords. Default administrator passwords to network devices are easily available online and well-known to hackers. Most routers allow you to change this easily.

Turn on data encryption. This allows you to scramble the messages and data sent through the network. Most devices come from the manufacturers with this option turned off, so users have to activate this. Also note that all Wi-fi devices in your network must share the same data encryption settings to work together.

Disable SSID broadcast or change the default SSIDs. SSID is short for service set identifier, and is attached to the header of all packets in a wireless network. It also uniquely identifies your network. This is broadcast at regular intervals, and hackers can use this to identify vulnerable networks. Also, change your SSID from the default, and refrain from using IDs that can reveal who owns your router and where it’s located.

Restrict the computers that can access your network. You can do this by filtering the MAC (Media Access Control) addresses to those of the devices in your network.

Install antivirus software and firewalls. This might seem obvious, but after the initial install most users forget to update their virus definitions. Computers on a wireless network needs the same protection as other computers.

Tags: IT Security Basics, Real-World Issues, Tips, Wireless Security

Categories: IT Security Basics, Real-World Issues, Tips, Wireless Security

Comments Off

Fuzz testing may sound like a term far removed from the IT world, but fuzzing is a good way of discovering weaknesses in a network, application or server before others do. Fuzzing involves bombarding a program with randomly generated data to see if it’ll withstand the overload. If it fails, either by crashing or not executing a specific code, then there’s a defect you need to find and correct. Hackers can use fuzzing to find what bugs exist in an application, for example, a web browser, and then create specific code to exploit the application’s weaknesses. But if these bugs are discovered before they can be exploited then a way can be found to fix these exploitable bugs.

Testers can use fuzz testing to find out if the current software being used have easily exploitable vulnerabilities. It is probably the closest approximate to a real-world situation when data coming into a system or application doesn’t always follow validation rules. While fuzzing, testers keep a record of all the data they create, so it’s easy can keep track of what specifically caused any errors. It’s also relatively cheap to perform fuzz testing, and it can be used to compare the security of different programs and operating systems. Open source fuzzing tools and tests for different applications and systems are now available online. Though fuzzing doesn’t guarantee to find every error-producing event and bug that can occur on your system, it does give an idea of where intruders might try to attack. Errors like buffer overruns and attacks on cross-site scripting can be prevented by fuzz testing.

[tags]fuzzing,bugs,buffers,phishing,pharming,software,errors,intruders[/tags]

Tags: buffers, bugs, errors, fuzzing, intruders, IT Security Basics, pharming, phishing, software, Tips

Categories: IT Security Basics, Tips

Comments Off

Are you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Tags: e-commerce, IT Security Basics, online-security, Operating Systems, passwords, phishing, Security Policies, Tips

Categories: IT Security Basics, Security Policies, Tips

Comments Off

If you are using Linux and you have been wondering what you can use to make your system secure via a firewall, you could try out tools with graphical user interface and all those other stuff. In any case, there’s also another method: using iptables.

What are iptables?

iptables are used by system administrators in creating rules for packet filtering, as well as NAT modules. It might seem a little too weird for those who have not much experience on the command line but this is essential so that people would be able to make sure that they are secure, especially if they are connected. Sometimes you never know what’s going on in the background, right? But with tools like this, you’d manage.

There are different states of connection and the nice thing about iptables is that it monitors the state of the connection. It could do redirects and modify or stop data packets. Because of its ability to detect the state of the connection, it is considered as better compared to ipchains.

Making rules

The system administrator makes the rules for the iptables. These rules determine how to deal with network packets. They are grouped into chains.

a. filter table – For filtering packets, obviously.
b. nat table – This sets up how rewriting ports and packets.
c. mangle table – Does it sound terrible? Mangle? But as the name implies, there is some mangling involved because it adjusts packet options.

The thing about these chains, these rules is that the packets that go through these chains would be evaluated according to the rules.

As one of the people I know have told me, you must make sure that you check out the settings of your computer first. Before you even think about downloading anything, make sure you are not vulnerable to some attacks that could happen. Make sure that the important ports are closed and that you’re in stealth. Stay tuned for more IT security tips and news to help you in your everyday life.

Tags: computers, IT Security Basics, Network Security, networking, security

Categories: IT Security Basics, Network Security

Comments Off

There are different ways of creating passwords for your computer and online accounts. It seems like these days, the usual six characters as length of passwords is not enough. There are sites that when you sign up and you give your desired password, they will let you know whether or not your password is strong. Most of the sites that have it even point out that it is better to have characters that are more than six characters long. For another, they usually recommend that you have numbers and letters in your password. Mixing up uppercase characters along with it is also recommended. Sounds tough, right? Because the the passwords would seem random or something like it.

Here are some tips from different people so that you could have more secure passwords that you could easily remember:
1. Use two words with six characters each.
If you have two words, you have a twelve character long password. But here’s the clincher. You have to make some funky code that you would be replacing some of the letters with numbers. So it could be that every two letter you could replace the letters with numbers that have some signifance or maybe some random numbers.
There are people would use the names of their pets and something else that is totally random and those are combined by mixing the letters, alternating each letter.
2. Use some other language and make a phrase. Then turn it into leet speak.
It is similar to the first suggestion. However this takes it a step further because it will involve other countries’ languages. It is as if you are writing code indeed.
3. Have around three sets of passwords.
Rotate among these three passwords that you have. And change your passwords every so often. At least this makes it more difficult for others to find you your passwords.

Tags: IT Security Basics, Tips

Categories: IT Security Basics, Tips

Leave a Comment

Blogs are popularly being read on RSS aggregators these days. That or via Atom feeds and recently, it has been said that attackers could use Javascript to take advantage of this. According to an article on USA Today, this could be any kind of information as long as it is in this format. In the said article, you could also find out the list of vulnerable readers: Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader.

This kind of news is actually not so new. Mark Pilgrim was one of the bloggers who has written about this before. He even set up an experiment of sorts, wherein subscribers to his blog feed saw a screen full of platypi. He has mentioned in his blog entry that the difficulty with RSS is that there is a lot of arbitrary HTML and it could include Javascript — it could be malicious Javascript as designed by some attackers. Mark Pilgrim even listen down the elements that should be stripped off by RSS readers, just to be safe:
script tags, embed tags, object tags, frameset tags, iframe tags, meta tags, link tags, style tags, style attributes from every tag.

If you are always subscribing to different blogs, forums and mailing lists through RSS, you should be careful about it. If there are comments RSS, you could also take precautionary measures by not subscribing to it. It is possible to get attacked through the RSS of comments. Aside from that, if you have set up your own personal aggregator, make sure that you have a ‘smart’ aggregator which strips off the said tags. If you have an aggregator on your computer, check if it is vulnerable. Maybe you could install something else that isn’t prone to attacks via RSS. It is better to be secure after all.

Tags: IT Security Basics, Malware, News, Tips

Categories: IT Security Basics, Malware, News, Tips

Leave a Comment

Living at home means that you have to share your computer with other people. In some companies, people also share workstations in case that they have different work shifts. In any case, it is important for you to make sure that your files are safe. Especially those that you use for work and those that contain confidential information.

Here are some tips for you:

• Make sure you are using a password that is not easy to guess.
  If people know you well enough, they could probably figure out what password you will use. People tend to use passwords based on words, names and dates that important to them. Examples are pets‘ names and anniversaries. If you do this, chances are those who know you will be able to log in your computer using your account. Try changing your passwords every so often and make sure that they will be easy for you to remember but difficult to guess. Think of some cipher for it.
• Set permissions on your files and directories.
  You could set that your files and directories will only be accessible to you. Do a chmod on them. Then again, whoever has root access will be able to get through. Maybe it would be easy for you to do this if you are the one with root access.
• Protect your files with passwords.
  Although not everyone agrees with this, some people do this for their own sake. They feel better to have password protected files. A drawback, of course, is that if it has a difficult password to remember, you might as well have deleted your files.
• Log out of your account or profile.
  If you have set your file permissions that you are the only one who can view, edit and execute the files, it will be pointless if you don’t log out. When you are the one who is still logged on, you leave your entire session open for intrusion.

Hopefully these tips have helped you deal with some of your dilemmas with regards to sharing your computer with other users.

Tags: computers, General, IT Security Basics, omputers, people, Privacy-&-Anonymity, Real-World Issues, security, Tips

Categories: General, IT Security Basics, Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

The future (not actually that far off) sees computer systems that are powerful enough to map out the human face which is known as facial recognition, scanning it into a database that takes a full-360 degrees picture mapping the individual face into a digital fingerprint of sorts allowing no need for invasive security systems. Imagine walking towards your workplace which is studded with cameras that constantly takes pictures of your face and compares it to a digitized database of many other faces in the system. As you get to your terminal, you get immediate access (for the system has seen you as the rightful owner of the computer terminal) to all you stuff without having to physically go through invasive security systems (like the one seen on the sci-fi movie the Minority Report). In the movie, society has evolved into a centralized environment where there are security scanners tied into all major computer systems such as media advertising boards located in major city center’s. Advertising that is suited to one’s preferences and such other information are obtained on a person through retinal scanners that continuously scans one’s location and other information such as the case in the plot which has a rogue officer of the law being subject of much fuss. This gives an insight into the possible future of the human race and how much information technology play’s a part in that future world where nothing is secret and just about anything with the right access can get enough information about you. Hot Forest’s introduction of biometrics-technology based interface system (initially a mouse) that have embedded medical grade sensors that monitor blood pressure and other vital bodily functions to indicate the productivity of their staff based on baseline information collected as the system is implemented. Their system, ‘OPTIMAL OFFICE’ monitor’s the health of their employees through sensors (heart rate monitors) and software helping management create a less stressful workplace. This allows offices to monitor their employees productivity by monitoring their blood pressure which is a sure sign of stress or too much of it allowing better management and control.

The system works and begins to provide important information about an employee who uses the system for more than 2 hours allowing the collection and collation of vitals which are compared and rated according to standards set by the medical field as either healthy or hazardous to one’s health. Management is then alerted to whether they are under or over stressed based on these information allowing the conduction of adjustments or other health analysis tests. This is said to promote a better office for healthy people who work happily are more productive. Though many see the system as too invasive, it may offer an insight on what tomorrow would hold for us as technology become’s more of a necessity rather than an addition to the way we live day by day.

Tags: Biometrics, Facial Recognition, Future Tech, IT Security Basics, Vein Mapping Technology

Categories: General, IT Security Basics, Network Security, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies

1 Comment

The threat of IT security has reached such a level that even Interpol has gotten involved in the action. Many crime syndicates operate beyond the normal bounds of borders and business organizations that the Policing Agency has information for all concerned regarding the security and intrusion prevention of computer systems.

The said Interpol IT Security document aimed for investigators of crimes related to IT security, highlights the need for an established set of rules that should be enforced for all people in business or other locations such as the home and elsewhere. In the said document, there is an extensive article that deals with information interception which is now becoming the most prevalent form of attack on networked computers. Firewalls are also not that effective if not configured properly and the addition of an internal and other security is needed to increase the level of protection that is needed. File deletion as may of us in the IT community knows deletes only the directory entry of the said file and not the file itself. It can be compared to deletion of a filing cabinet label without actual removal of the folder that contains the document itself. Utilities like Wiperaser Ultra for clearing deleted data are available on the market which routinely scans all tagged free-space on a hard drive and erases all the data contained within. There are also utilities available for the recovery of deleted files like software from Handy Recovery, a data recovery software which can prove valuable in security breach investigations checking for unauthorized files in an employee’s workstation. There are even recovery companies who specialize in recovery of data from tragically destroyed hardware such as those that have suffered fire damage and many more such as SalvageData whose specialty is to recover information from damaged hardware.

Tags: Cyber-Crime, Interpol-It-Security, IT Security Basics

Categories: General, IT Security Basics, Malware, Network Security, Operating Systems, Real-World Issues, Security Policies, Storage, Tips

Leave a Comment