Computer Security - Preventing Social Engineering Attacks


Social Engineering in its basic form is hacker talk for manipulating computer users out of their username and password. Social engineering really goes beyond just usernames and passwords. A well planned social engineering attack can destroy companies. All of the most devastating information thefts have used some sort of social engineering attack. Social engineering is so effective because computer admins and security experts spend all their time patching systems and not training employees about information security. Information security goes beyond patching computers, it is a combination of physical security, computer/network policy and employee training.

This article will describe many of the common security flaws that information thieves take advantage off and how you can prevent them.

1. Web sites Information - Company web sites are the best place to start when gathering information. Often a company will post all their employees names, email addresses, positions and phone numbers for everyone to see. You want to limit the number of employees and phone numbers listed on a web site. Also, live active links to employee email addresses should be avoided. A common mistake is a company's email user name will be the same as their network logon, example: email address of jsmith@nocompany.com has a user name of jsmith for the network with the same password for email and the network.

2. Phone Scams - Scamming someone on a phone is very simple. Company employees need to be trained to be courteous but cautious when giving callers information over the phone. One hacking scam is a hacker will call a company posing as computer salesmen. The salesmen will ask the secretary what type of computers they have, do they have a wireless network and what type of operating systems they run. Hackers can use this information to plan their attack on the network. Train your employees to refer any IT related questions to Tech Support.

3. Outside Contractors - Outside contractors should have a security liaison to monitor their activities. Security liaisons should be briefed on what work the contractor is hired to perform, area of operation, identity of contractor and if the contractor will be removing items from the work site.

4. Dumpster Diving - The easiest way to get information about anyone is to go through their trash. Shredders should be used in all cases or shredding services should be hired. Also, the Dumpster should be in a secure location and under surveillance.

5. Secretaries - They are your first line of defense, train them to not let anyone into your building unless they are for certain whom they are. Security cameras should be place in the main entrance way and also on the outside of the building. A thief who is probing your network will test to see if he is challenged upon entering the building, cameras can help identify patterns and suspicious people.

6. NO PASSWORDS - Make it company policy that the tech department will never call you or email you asking for your username or password. If somebody does call and ask for a password or username red flags will go up every where.

7. LOG OFF - Social Engineering attacks get the hacker into the building and they will usually find many workstations where the user hasn't logged off. Make it company policy that all users must log off their workstations every time they leave it. If the policy is not followed then the employee should be written up or docked pay. Don't make a hacker's job any easier than it already is.

8. Training - Information security training is a must for any size company. Information security is a layered approach that starts with the physical structure of the building down to how each work station is configured. The more layers your security plan has the harder it is for an information thief to accomplish his mission.




Sign up for the most popular wireless networking news letter on the internet. Simple and Secure http://www.wirelessninja.com




Preventing Online Fraud


Nowadays, there are a lot of scams aiming at users of the online banking facility. There are several services which offer protection from identity thieves such as LifeLock. However, many identity thieves don't want to simply steal your identity information. They don't want to just take advantage of the good credit history by stealing your checking account. Instead, they want to steal your money. Many banks have take precautions on these cyber criminals by offering various types of online protection services. As an end-user, you have the most responsibility to protect your financial information. You must not solely rely on the bank to protect your financial information. You must take the initiative to look out for fraudsters on the internet. There are two common types of online frauds including keylogging and phishing. Phishing involves installing malware onto the computer while keylogging uses software to capture the keystroke you type onto the keyboard. Both methods will steal the login credentials of the end-user.

Keylogger software, also known as Trojan software is designed to be automatically installed in the user's computer through a virus. Keylogging software is dangerous because the fraudster will know every single word you type into the fields of the online banking login form. With the keylogging software, they can steal all your personal information such as account number, user ID, password and etc. To avoid becoming the victim of keylogging software, you can install the antivirus software on your computer. The antivirus software can detect and inform you about the Trojan software that is operating in the background. Once you detect the antivirus software, you can delete it. There are both free and commercial versions of the keylogger software. The commercial version of the keylogger software is better because it is equipped with a full range of features. You should constantly update your security patch.

In phishing, the internet fraudsters will attempt to request for personal information through email. Usually, the email will state the intention on doing business. The email will look as if it is from an important organization. The email will have similar appearance as the organization's email. The email will ask you to click on a link that redirect you to the login form and update the personal information in the online banking account. Normally, the link will lead to a different website that looks exactly like the bank website. No matter what email you receives, be sure not to click on the link in the email. If you click on the link in the email and type in your login information, they will be able to track your identity information. They can use the login information to access your online banking account. You must pay attention to the URL of the link. Some financial institutions will use watermarks. If you don't see the watermark at the login page, it is advised that you don't login. If you receive a phishing email, you must report it to your financial institution.

If you are not sure whether the request is valid, you can manually type in the web address of the URL listed in the phishing email. To protect yourself from online fraud, you must change the password frequently. You should change the password to your banking account every 6 months. You should never reveal the ID or password to your online banking account. You should not reveal the login credentials to other people. It is important that you only sign up with a financial institution that provides two factor authentications. When accessing the online banking account via a wireless network, you must make sure it is secure.




About the Author: Billy Horner, is a professional writer for the financial industry. Permission to reprint this article is granted if the article is reproduced in its entirety, without modification, including all information. Please include a hyperlink to: Banco Trasatlantico which provides offshore banking and banking blog.




TAKE HANDWRITTEN NOTES with iPad

Many years ago, I had a meeting at Apple�s headquarters in Cupertino. The Apple employee I�d come to talk to walked into a conference room with an armload of tech. He put his PowerBook on the table, followed by his Newton MessagePad. After a few minutes this guy realized that he needed to take notes on what I was saying, and guess which device he used�neither! He pulled out a paper notepad and started writing.

Regardless of how good a real or virtual keyboard may be, sometimes there�s no substitute for the immediacy and flexibility of pen and paper. So it should come as no surprise that quite a few iPad apps try to emulate the experience of writing in a physical notebook. And if you�re trying to remain inconspicuous in a meeting, �writing� on an iPad (perhaps concealed in a notebook) is less likely to attract attention than typing.

All these apps let you use your fingertip as the pen. However, you may find it difficult to write accurately with your finger, especially at smaller sizes, and your fingertip may block your view of what you�re writing. So you might pick up an iPad-compatible stylus, such as Ten One Design�s Pogo Sketch (http://tenonedesign.com/products.php?application=iPad, $14.99) or any of several models made by DAGi (http://www.dagi.com.tw/front/bin/rcglist.phtml?Rcg=2), which are notable in that many have transparent tips that make it easier to see what you�re doing. However, be aware that with any stylus, if you rest your hand on the iPad as you write, you can make stray marks or prevent the app from seeing your input. That means you may have to adopt an unnatural and uncomfortable writing position.

Examples of apps that let you write notes by hand include:

� Jot: Jot lets you write or sketch on a mini whiteboard, optionally adding typed notes, labels, and comments. You can also share your jots by email or show them on an external VGA display. (Tabula Rasa, $7.99)

� Penultimate: This app tries to look exactly like a plain notebook (with plain, lined, or graph paper). You can write or draw with the pen, erase, and delete�and show your work on an external VGA display. Interestingly, the app also attempts to filter out any stray marks made by resting your wrist on the iPad while you write, which is both uncommon and helpful. (Cocoa Box Design, $3.99)

� Write Now XL for iPad: Write or draw in a variety of colors and line widths, with any of several page backgrounds�and even change the offset so that your fingertip doesn�t cover what you�re writing. (JetWare, $2.99)

� WritePad for iPad: Unlike the others here, WritePad performs handwriting recognition�what you write is immediately turned into editable text. You can type in WritePad if you prefer, but you can�t draw�the lines themselves aren�t saved, only the text. In my brief testing both with and without a stylus, accuracy left something to be desired, although it�s supposed to improve with training. (Stan Miasnikov, $9.99)

Although these apps focus on handwritten input, scads of other apps support handwriting along with typing and/or audio recording.

Source of Information : TidBITS-Take Control of Working with Your iPad 2011

Data at Risk: Mobile Computing, Apps and User Data


Mobile computing is a paradigm shift away from personal computers and their infrastructure toward very large flexible networks of loosely connected platforms. It has new platforms, operating systems, applications (apps) and exciting new approaches to old problems. As the paradigm shift gains momentum, the application of the technology expands to include areas never considered when the technology was designed. Risk mitigation requirements tend to be glossed over as the devices' ease of use, affordability, and accessibility compels use. Users are often naive regarding the risks to their information, enjoying the benefits of use without giving a lot of thought to potential dangers.

Mobile devices that do not require users to be identified and authenticated are said to have anonymous users. Anonymity is an issue because it is impossible to impose accountability for user actions or mediate access to resources based on prior granted access. In effect all of the mobile devices' assets are available to any anonymous user solely based on physical access to the device. Availability is important as the applications supported by mobile devices expand to include electronic commerce transactions and manage privacy-related data. The transparency of apps is an issue, apps that store sensitive information have been found that store the information in intermediary files that are shared with third parties without the knowledge or consent of the user originating the information.

Computing technology paradigm shifts have tended to ignore issues that would complicate or slow their acceptance, information security is a case in point. The shift to client server and wireless networking both had periods when protection requirements remained unaddressed and serious problems arose, Mobile computing is following a similar path, ignoring old lessons does not make them any less important, it simply means they have to be relearned. At this point protection measures are well understood, so the path to a secure solution does not have to be as painful as earlier experiences would indicate.

Ignoring previous generation protection measures has tangible benefits for the platforms. Administration is greatly simplified and significant processing and other overhead is eliminated, performance benefits. Measures associated with user aggravation are eliminated, improving the user experience and satisfaction, facilitating acceptance.

Mobile devices rely on the Internet for much of their communications, eavesdropping or hijacking Internet sessions are well understood and common attacks executed to steal data, encryption will defeat this attack, when the measure is used. The reliability of communications is an important issue as time-sensitive apps rely on it to complete revenue-generating transactions and to provide a satisfactory user experience for a variety of activities. We are quickly moving beyond the issue of dropped calls.

The lack of common protection measures is a non-trivial issue, raising risks thought to have been minimized long ago. Device theft to allow the thief to use the device for its intended purpose is giving way to theft for the purpose of access to specific data, often for packaging with other stolen data for sale to a customer with ulterior motives. Stealing address books for sale to spammers is a nuisance compared to data theft with the intention of large scale fraud or identity theft.

Corporate entities are making apps available to current and potential customers who have little to no insight into the apps, trusting the provider to address data security requirements that are outside the provider's requirements sets or concerns. As provider expectations evolve to business critical levels, satisfying customer expectations will increase in importance to providers, complicating requirements and demanding increasingly sophisticated apps.

Corporations are also making mobile devices available to employees as productivity tools, without giving serious thought to the corporate data that will ultimately be processed, stored or transmitted by the devices. Configuration management of mobile computing platforms is, at best, informal. The easy access to apps introduces risks each time a new app is introduced. Allowing, if not encouraging sensitive information to be used with the platform places that information with exposure to a largely undefined and poorly understood set of risks for compromise, loss of integrity, and non-availability.

E-commerce apps that manage payment transactions and information are of interest to the Payment Card Industry's Data Security Standard (PCI DSS). Where the host mobile device does not provide basic protection measures, compliance with the DSS is unlikely, raising a variety of serious questions. The value of information associated with the next generation of transaction processing apps is increasing, incentivizing execution of sophisticated attacks to steal the highest value assets.

We remain in the early days of malicious activities targeting mobile devices. At least one large scale attack of mobile targets has recently occurred, more sophisticated attacks are likely as the technology's use grows and attack strategies are perfected. Attacks using malware remain to appear, although there seems to be no serious technical impediment to their occurrence other than the lack of recognized algorithmic vulnerabilities available for exploitation.

The integration of mobile computing into architectures supporting business critical applications remains an unexploited opportunity. How long this is true is in serious doubt, replacing the desktop PC has compelling economic drivers -- it has to happen. Tying mobile apps into servers is already occurring on an experimental basis. This will raise the stakes significantly for tablets and the other evolving mobile devices. Corporate requirements for robust solutions will put pressure on technology providers to enable the safe expansion of the application of the platforms beyond messaging and e-commerce, which goes full circle back to resolution of conventional protection needs.

Whether mobile computing technology is "ready for prime time" in large scale applications remains to be seen. Clearly a large number of lessons need to be learned by app developers and architects regarding compliance with statutory privacy requirements as well as less formal user confidentiality expectations. Early adopter tolerance for problems that can be interpreted as technical glitches is unlikely to exist in production environments with large user populations and big company revenues.

Mobile computing is in its early days, the lack of meaningful protection measure for the information processes, stored, and transmitted by the platforms is a serious concern. Use of the technology for new applications without consideration of the risks by users and technology providers raises the likelihood and scope of potential damage to be inflicted by well thought out and executed attacks. The bell has rung, class is in sessions.







IP Changer For Enhanced Online Shopping Security


By using an IP Changer you can make your online shopping more secure. Online shopping has grown rapidly and is finally being accepted as a major retail channel for all kinds of products. It is a multibillion dollar industry and growing so fast that it may not be too long before it becomes a measure means of day to day shopping. The concerns about secure transactions and safety of personal information that consumers need to provide have gradually been alleviated with secure sites and 128 bit or higher data encryption and transfer. Although rapid strides have been made in online shopping security there remained areas of vulnerability that have been plugged by a new technique using IP Changer.

As the security of online transactions increased so did online shopping. The important benefits from online shopping are convenience of 24/7 shopping from home avoiding traffic and crowds. You can easily comparison shop for quality and price rapidly and efficiently. You can save money from online coupons and specials and have merchandise delivered to you at times with free shipping. To top it off you save money on gas because you don't have to drive anywhere to shop.

Nevertheless, there are still strong reasons to be cautious because of scary identity theft in the form of your credit card, bank account, or social security numbers. Once stolen they can be used to create a financial, personal or medical catastrophes for you. Financial catastrophe by charging to your credit cards or taking new cards in your name or charging loans on bank accounts opened in your name or taking money out from your bank accounts. Personal catastrophe by using your social security number to take a driver's license and committing crimes under your identity. Medical catastrophe by using your social security number and as your imposter when getting medical attention at a doctor's office or a hospital. This can be extremely dangerous if the medical records get contaminated and next time you have a medical emergency you may be given medical treatment such as blood transfusion based on the imposter's medical records and history, thus endangering your life.

It is therefore very important that when you shop online and give your vital personal and financial information you take all the precautions to safeguard this information. Some of the precautions consumers can take are:

1. Use unique passwords

2. Use passwords that have 8 or more numbers, letters (both upper and lower case) and punctuation marks.

3. Make sure the e-commerce site is set up for encrypted secure transactions with SSL (secure socket level) certification.

4. Do not give out personal and financial information such as birth date, social security number, bank and credit card account numbers, security codes such as mother's maiden name over the phone or by e-mail or fax. Only provide minimal information required to complete the transaction over a secure internet connection.

5. Check out the e-commerce store's history and customer feedback and even check out online for any red flags against it including its standing with better business bureau.

6. Make sure the site has clear terms of agreement, security policies, warranties and return and refund policies clearly defined.

7. Be extra careful when shopping online from overseas companies.

8. Make sure your internet security software with antivirus, fire wall, anti-spy ware, anti phishing and anti mal ware features are updated and functioning properly.

Even with all these security features and precautions it should be noted however, that it is not fool proof especially when shopping online from public places such as hotels, libraries, airports or coffee shops over unsecured networks such as the wi fi networks. It is because there are many tech savvy cyber criminals that can find ways to penetrate your computer and network security (especially wireless networks) if they can get hold of IP Address of the computer you are using to shop online. IP address is a six digit number that is a unique identity tag for your computer provided by your internet service provider (ISP).

This is where new IP Changer software has come to the rescue. This software can route your internet connection through multiple serves called proxy servers located at a variety of locations with their own unique IP addresses. The IP changer software can rapidly Change IP with these proxy servers and at any given time present only a single IP address other than the IP address of your computer, thus hiding your actual IP address in the process. Simultaneously, all the data is transmitted in secure encrypted form. As a result you can transact online shopping anonymously and securely even over unsecured wi fi networks from home or public places.




Having been privy to very valuable insight into security concerns about online shopping immediately visit http://www.change-ip-proxy.com for more detailed information about IP Change and IP Changer.




Evaluation of Penetration Testing in Security


Penetration testing is also known as a pen test. It is used for evaluating the security of a computer system or network that suffers from the attack of malicious outsider and insiders. In this process, we use an active analysis of the system for any potential vulnerability.

The penetration testing is valuable because of following reasons:

1. It determines the feasibility of a particular set of attack vectors.

2. It identifies the vulnerabilities from the higher to lower sequence.

3. It identifies the vulnerabilities which is not detected by the automated network or scanning software.

4. It provides evidence to support increased investment in personal security and technology.

The penetration testing is a component of security audit. It has several ways to conduct the testing like black box testing and white box testing. In black box testing there is no any prior knowledge of the infrastructure to be tested. It is necessary for the tester to first determine the location and then extend the system for commencing their analysis. The white box testing provides the full information about the infrastructure to be tested and sometime also provides the network diagrams, source code and IP addressing information. There are some variations between black and white box testing which is known as gray box testing. The black box testing, white box testing and gray box testing are also known as blind, full disclosures and partial disclosure test accordingly.

The penetration testing should be carried out on any computer which is to be deployed in any hostile environment, in any internet facing site, before the system is deployed. By this we provide the level of practical assurance for that the system will not be penetrate by any malicious user. The penetration testing is an invaluable technique for any organization for the information security program. Basically white box penetration testing is often ally used as a fully automated inexpensive process. The black box penetrating testing is a labor intensive activity that is why it is required expertise to minimize the risk of targeted system. The black box penetration testing may slow the organization network response time due to network scanning and vulnerability scanning. It is possible that system may be damaged in the course of penetration testing and may be inoperable. This risk may be minimizing by the use of experienced penetration testers but it can never be fully eliminated.

The web applications of penetration testing are as follows:

� It is used for the knowing vulnerabilities in Commercial off the Shelf (COTS) application.

� For the technical vulnerabilities like URL manipulation, SQL injection, cross-site scripting, back-end authentication, password in memory, session hijacking, buffer overflow, web server configuration, credential management, etc.

� For knowing business logic errors like day-to-day threat analysis, unauthorized logins, personnel information modification, price-list modification, unauthorized fund transfer, etc.




Torrid Networks is a global leader in the information security services. Our strong leadership and passion for information security helped us build unique onsite-offshore service delivery model combined with unparalleled culture of customer satisfaction. We bring cutting-edge information security products in association with our global partners and early adoption of best practices and quality standards (closely emulating CMM Level 4 practices) helps us deliver excellence.

http://www.torridnetworks.com/




10 Reasons For Installing An Anti-Spyware System


While the World Wide Web is a blessing in many ways it presents dangers in the form of spyware, adware, Trojans and so on. While adware most often is not dangerous spyware can monitor your movements and your privacy is at stake. Thieves can use the internet to steal bank and credit card information or important files form your computer system. Once spyware has entered your system it is time consuming to remove it. So, it is important to adopt systems that protect your computer at all times like anti-virus software or anti-spyware systems. The reasons you need to install anti-spyware systems are many but the most important are:

1. A serious security breach can mean loss of business or even bankruptcy. Information on the computer system that contains financial customer information can endanger not just you but your customers too.

2. Cyber theft using spyware systems can destroy your personal or business credibility, customer base, and sales.

3. When a business is dependant on online traffic downtime due to infection by viruses or the effort to remove spyware can be a huge set back.

4. Important business plans and valuable research and marketing data destroyed by spyware can be devastating. Stealing files of a computer is like stealing a person's or business' intellectual property.

5. The existence of wireless connectivity can compromise your otherwise secure networks. Identity theft can give a criminal free access to your network of clients, as well as sales and financial data.

6. Spyware attacks can destroy your future goals and plans and put your family under threat. Personal information stolen off a computer can be used for criminal or illegal activities apart from indiscriminate use of bank accounts and credit cards.

7. Spyware can track your online activities and this can be sold to your competitors causing loss of sales and customer base.

8. Spyware systems can help competitors learn of your discount schemes or special offers well before you are ready to launch any marketing promotion. This means that you are exposing your business strategy online and giving others ideas that would have lead to increased profitability.

9. If you are in path breaking research of some kind your work could be stolen or data corrupted through spyware systems. This means years of research could be vulnerable and your standing in the scientific community could be compromised.

10. Spyware can expose your personal finance and investments to thieves and you could loose your nest egg because you failed to protect your system from cyber thieves.

The list of dangers due to spyware is endless and experts advice that the computers personal or business should be like an impenetrable fortress. You should be able to enjoy the joys and convenience of the World Wide Web without loosing your sanity and exposing yourself to cyber thieves.




Arthur Raise is a writer for http://www.1855antispyware.com , the premier website antispyware software, free antispyware software, super antispyware, microsoft antispyware software, antispyware reviews, antispyware giant software, antispyware software free download and many more.




Secure Your Clients' Confidential Data With Your Accounting Website Design


The absolute foundations of a firm's customer relations are confidence and trust. This makes information security and confidentiality one of the most significant duties you agree to when you choose to be a CPA. With office productivity becoming more and more dependent on online communications, and with the net becoming progressively more complex and vulnerable to internet crime, this can easily become a problem if your clients perceive you as uncertain about how online security works. Your CPA website is a main constituent of your online security strategy. Many of your clients are not especially internet savvy, and the data they routinely send you is very sensitive. To protect them you're going to want a perfunctory familiarity with your website and it's security features.

Of course, ground security is important. Let's just assume you have that covered. This means your network access is restricted to your own dedicated IP (your IT guy can tell you what that means), your computers require password protected logins, you keep your doors locked at night, and your office is protected by a good alarm system. It's fairly easy to secure your physical location, but once you start transferring data holes in your security become trickier to fill.

The weakest of weak links in any accounting firm is email.

Let me put this plainly. Email is a wonderful medium for routine communications, but it's ease of use has lured many accounting firms up the garden path. Don't allow your clients and staff to email confidential information.

When you send an email you send it "out there". Much of the process occurs on servers over which you have no control, and for which there is little or no accountability. There is a common misconception that when you send an email it goes straight to the recipient, but nothing could be further from the truth. Messages are routed through an vast network of mail servers. By the time it reaches it's destination it's likely passed through a dozen or so third party servers. If even one of these servers has been compromised by a hacker's virus or trojan, so has your email. Identity thieves harvest huge amounts of information in this way.

There are ways to make it harder to open the file. Passwords and encryption can slow a hacker down, but it won't necessarily stop one. Given time there's no password that can't be broken and every time computers become faster and more powerful encryption becomes easier and faster to hack.

Design your accounting website to compensate for these risks.

When you design your website include a Secure File Transfer feature. This feature allows your ISP server to connect directly to your web server and transfer the data. There are no third party servers relaying the information. Every client should have his or her own password protected directory on the server, rather like an online safe-deposit box, so that only you and they can access it. Encrypting the transfer adds another layer of protection that will protect your data from an "insider attack". The best of these systems will even let you store the data on the web server in an encrypted format making the system suitable for long-term document storage.

There are a few security standards you should know about.

Passwords

Passwords need to be protected from "brute-force" attacks by forcing a time-out if a login attempt fails more than a few times in a row. This will prevent automated programs from hacking the password by simply trying all the available permutations. The longer your password is the more secure it is. The absolute minimum safe password length is eight characters, and passwords should be alphanumeric (containing a mix of letters and numbers). Human beings are the most common cause of compromised passwords. Hackers call this "social engineering". You'd be shocked how many hackers get people's passwords by simply asking for them. Never tell anyone your password, and avoid leaving them written down anywhere that your staff and clients can find them.

Security Certificates

Security certificates are central to online encryption. They store the keys used to decrypt online data. Make sure you get your security certificate from a trusted source and you keep it up to date or your users will receive warnings from their browsers when they try to use it.

SSL and TSL

These are encryption protocols. SSL, or "Secure Socket Layer" is an older protocol that is still seeing widespread use. The second commonly found encryption protocol is much newer. The adoption of "Transport Layer Security" has been slow because many offices use older equipment or unsupported applications that are incompatible with it. Both work pretty much the same way. TLS has made some technical improvements, but the details are too technical to explain here. There is a third type called PCT, or "Private Communications Transport" that is relatively unused.

SAS 70

This is an accounting industry standard managed by the AICPA. It's a simple auditing statement. It's not just industry self-policing, though. Publicly traded accounting firms must be SAS 70 certified by law. A SAS 70 certification indicates that the security has been accepted by the auditor.

Gramm-Leach-Bliley Act

Also called the "Financial Services Modernization Act", this legislation includes rules that govern the privacy standards of all financial institutions which by definition includes any firm that prepares taxes. This rule has very particular requirements that has to be adhered to by all accounting firms, including in regards to information security. All accounting firms and other financial institutions to produce a written information security scheme, appoint an individual to manage security, scrutinize the security standards of every division working with customer info, establish a continuing program to monitor information protection, and keep these procedures current with changing technology.




Kenny Marshall is an internet marketing consultant and former VP of CPA Site Solutions, an Accounting Website Design firm.




The Digital Divide - The Advantages And Disadvantages Of The World Wide Web


The internet represents a world without boundaries, a digital domain both removed from and parallel to our own, where information of any kind can be discovered, downloaded or mail-ordered, and every desire, carnal or platonic, and interest is catered to at the push of a button. From its Cold War origins to the internet boom of the nineties, the World Wide Web has also been feared by those who are ignorant to what the net can offer, or are well aware.

The web did not truly blossom until the mid-nineties, when phone line suppliers and broadband companies began to capitalise on the foreseeable phenomenon. Within but a decade the net has outgrown its initial techno-geek user base and is now an integral part of Western society. Arguably, what was once defined as cyber-culture no longer exists; the net has been embraced by mainstream society and beyond. With internet access steadily expanding into developing countries, and over 1 billion people using the internet worldwide, further growth is inevitable.

The obvious benefit of online communication is that of remote access; real time conversation, email, 24 hr banking, and online shopping being several examples. Cyberspace presents a form of global communication that operates regardless of time or place, restricted only to the accessibility of internet access points. Handheld technology, such as WAP mobile phones and wireless connections, has increased this access furthermore, and broadband also offers a form of communication in which the distance or period of communication does not affect the cost.

The Web has presented us with a comprehensible online library, a decentralised information resource that via internet search engines, such as Google and Yahoo!, offers instant access to a vast amount of information. Increased bandwidth capacity has made access to digital media, such as Mp3s and video files, convenient and fast, and also brought about a certain preservation of digital information, a good example being ROM emulation, the copied images of retro video games that would no longer be available to the public outside of unauthorized distribution.

In the industrialised world, the Web has brought about the growth of a new form of journalism, and a freedom of speech unattainable through other mediums. The growth of weblogs/blogs, forums, newsletters and personal homepages has presented the user with an affordable way to voice their own concerns, views and interests. Unlike traditional magazines and newspapers, internet sites can survive without finances, and can present appeal to a niche market without marketing concerns. Online, every user can have their say; regardless of whether it is accurate, valid, or worth reading.

Withstanding the boom, and partial crash, of the dotcom enterprises of the late nineties, online shopping has broken numerous trading boundaries, and now provides the buyer with unlimited choices, regardless of location. Amazon provides search engines that are used to track rare books both new and old, and items such as international antiques and collectables can be tracked down with little effort. Mp3 albums and DVD quality video can purchasable and downloaded directly within the hour, eliminating postage costs and shipping times altogether. Though the large corporations arguably dominate the online market as they do the 'real world', smaller businesses and aspiring professionals have prospered from the low-cost advertising and small scale financing that the Web, and market-sites such as eBay, offer, and can effectively promote themselves alongside their conglomerate competitors by focussing on a specific market.

With this growth of online trading, companies are forever attempting new marketing methods. With many browsers now featuring automatic pop-up filters, the business world will test new ways to monitor potential clients. With companies finding new ways to monitor and exploiting search engines, user privacy is an increasing concern.

Despite this promise of communicational possibilities, the rift between the acceleration of access points in industrialised countries compared to that of developing countries is widening faster, with internet growth in the third world impeded by both financial and structural limitations, referred to as 'digital divide', an economic phenomenon that distinguishes developed from developing countries, where factors of geography, socio-economic status and ethnicity prove crucial.

Encouragingly, many developing countries are seeing the number of internet access points double each year, but another divide that looks less likely to close is the language barrier. With English the most requested language on the Web, and the majority of multilingual sites catering predominantly for the western languages, many minority languages have suffered online, impeded by the dominance of the Latin alphabet and QWERTY keyboard. Nevertheless, 35.6% of the world's internet users are based in Asia, with Chinese and Japanese being the second and third most frequent languages, respectively.

Unarguably the digital sceptic's greatest ammunition is the abundance of both easily accessible pornography and online crime. Porn is the Web's largest and most financially profitable industry, having flourished from the Web's lack of censorship and private nature, and the availability of sexually explicit sites to young children is a growing concern to many parents. Parental filters and adult verification filters are easily bypassed by computer literate youngsters. Though not technically illegal, many adult sites tread ambiguously, selling products and services from a country/state in which they are legal, to a consumer located where they are not.

Credit card fraud, privacy invasion and personal security are a constant concern to many internet users, with online criminals forever developing new ways to steal credit card details and bank information, despite the effectiveness of antivirus programs and firewalls. Scams such as 'phishing', in which the internet subscriber receives a seemingly legitimate email demanding their personal banking details, are increasing common.

Another widespread concern has been online piracy. With the music and film industries claiming to have lost billions from internet piracy, file sharing is a practice that has become increasingly commonplace despite the legal issues. The tension between protecting intellectual property and promoting creativity and the free flow of ideas is evident.

Whereas in the Western world there has been much debate over the benefits of a complete lack of censorship, in other regions such as the Middle East, the internet is considered a security threat by less democratic governments, and political and religious sites have been censored from the public by government controlled filters. With the People's Republic of China arresting individuals for accessing non-sanctioned websites, the antithesis of the Western attitude, one that is itself criticized for doing little to police the Web, where paedophilia and Nazism sites are rising. The net potentially allows those who would previously have be been observers to become participants.

All taken into account, it is easier to be sceptical than favourable. The greatest advantage that the Web has brought to the Western world, one that no number of concerns can detract from, is the level and range of free speech, globally decentralised and for the most part, unmonitored. This double-edged blade encompasses both the darkest depravity of the Web, and the broadening of democratic boundaries; for every opportunity online communication offers, exploitation is to be expected. Cyberspace offers a separate world that parallels our very own, for bettor or worse, and is all the more interesting because of it.




Carl Doherty created http://www.shelfabuse.com under supervision of his doctor, who conceived the criticism and categorisation of every film that Carl watches as a way of tackling his obsessive compulsive disorder. Carl has now watched 23 films, and is not entirely sure he liked any of them. Carl currently resides in Southend-on-Sea where he shares an abandoned warehouse with a buffy-tufted marmoset named Tautilus Samson. Together they have all sorts of adventures. He is currently completing his second non-fiction book How to Build a Quantum Flux Capacitor in 8 Easy Steps, the sequel to the bestselling Manipulating Time and Space on a Budget. Or maybe not.

Read more of Carl's comic, graphic novel, and film related features and new movie reviews at http://www.shelfabuse.com




The Heart of a Network is Network Security


The computer age has developed so quickly that there are more applications to it than users to implement them and make complicated tasks much easier. The number of computers however, has increased tremendously thereby furnishing each household with at least two or more computers. Offices can easily provide advanced PCs for each of their workers whether their job requires it or not. The fact that in most cases there is usually more than one computer in the same establishment, calls for the networking of computers, a network technician, and of course proper network security, to provide security against hackers and sensitive data theft.

To link up a group of computers in a given space, there are several approaches that one can use. Some methods are simple and cheap while others are complicated and involve high initial cost. The options vary with the way the PCs are connected to each other and to the modem. Internet Service Providers will mostly recommend linking the modem to a hub from which network cables can connect the individual PCs. This might be simpler if you ignore the additional monthly costs of configuring individual IP addresses for all the PCs, which can be quite expensive.

A professional network technician will suggest cheaper methods of networking without involving any monthly charges. However, he will also take into account the necessary adjustments to improve network security and to make it resistant towards any virus in the form of malware and prevent the infiltration of any hacker on your private information.

There are two types of security that have to be installed by the network technician, namely information security and network security. Information security is preventing loss of data by malware attack and hacker attacks, or due to mistakes of the members belonging to the organization. This type of security is restricted to the internal boundaries of the network. Network security is worked on a larger scale and is responsible for protecting the data belonging to the network from being placed in the wrong hands of a hacker. It draws a boundary around the network against any outside sources.

Network security begins as soon as a user enters the network, by authenticating the user before he or she has access to any private information belonging to the network. Authentication can vary from network to network depending on the level of security required. Sometimes, for home networks, a username and password will suffice. This is one factor security. Two-factor security is the scanning of some object in your possession that can validate your identity, for example, a passkey, ATM card, security card, etc. Three-factor security will screen the person for some character that he or she possesses naturally. For example, retinal eye scans, fingerprint scans, etc, is three-factor authentication.

Following the authentication, the network technician can further install a firewall to prevent unauthenticated users from gaining access to information they do not have the right to possess. Blocking of malware and Trojans has to be done by installing anti virus software or IPS systems. Depending on the requirement, network technicians will install the appropriate software to ensure that there is no threat towards your network under any circumstances.




PCSoft is a Sydney based Computer Services Company, providing networking solutions, network security services, support for hardware and software upgrades, computer repairs and maintenance, and Internet security tools like spyware blockers and spyware removers with same day onsite support, repair and service anywhere in the Sydney area - Call us today - http://pcsoft.com.au/




Office Security - 10 Great Tips For a More Secure Workplace


Today, businesses must address and prepare for security threats that are larger and more varied than ever before. With each technological advancement that allows innovative, effective business strategies, comes a security threat that is equally innovative and equally effective.

Any assessment of an office security system should begin with specific security needs and the impacts they will have on your business as a whole. You may need a facility secure enough for UL 2050 certification or you may simply need to ensure your employees safety before and after business hours. Regardless, here are ten important ways to improve your office security system.

Effective Communication: First and foremost is communicating information to and between employees. Many companies use email alerts to warn employees about would-be hackers. Likewise, be certain that employees remain updated on procedures and potential visitors. By letting employees know what and who to expect, they are better equipped to recognize suspicious activities or persons. In order to avoid complacency, try to use a single source of information that becomes part of an employee's routine. This could be a daily server broadcast or informational email. Whatever the source, it should be brief, practical, and include positive news as well as precautionary information.
Key Control: Assign the responsibility of locking or unlocking the office to as few individuals as possible. Eliminating the "first in, last out" method ensures that all access points are secured regularly. Create a procedure for those responsible for opening or closing your office that includes checking washrooms, closets, or anywhere someone might be able to hide. Hard keys should be numbered and assigned to specific individuals. employees assigned keys should periodically be asked to produce their keys to verify a master registry.
Site-Wide Policies: Something as simple as a "clean-desk" policy, training all employees to clear and secure their desks of valuable equipment or information before leaving for the day, drastically reduces potential theft. Mandating employees to have and display ID badges or access cards at all times increases the visibility of any unauthorized persons. Don't include job titles on any directory accessible to the general public as many criminals will use a name and title to justify their presence in restricted areas. Finally, make sure to maintain a "chain of possession." Any deliveries should be handed to a person and not left in a hallway or on an unattended desk.
Small Investments: All computers, laptops especially, should be secured with cable or plate locks to avoid "walk-off." Docking stations are relatively inexpensive ways to protect electronic devices when not in use. Pay close attention to high-risk targets like state-of-the-art equipment, postage meters, check writers, and company checkbooks. Improve doors by installing peepholes and keypads. Utilize two locked doors surrounding a small lobby or foyer. This type of "airlock" system eliminates piggybacking, a method criminals use to gain entry by catching a locked door as an employee exits.
Anti-Virus: While it is extremely unusual for a company not to have anti-virus software in this day and age, it is impossible to overstate its importance. High-end protection from viruses, spyware, malware, Trojans, and worms is one of the shrewdest investments an office can make. This includes firewall protection for your main system, security for your wireless Internet routers, and securing backups of all data, preferably off-site, for recovery in the event of a cyber attack.
Lights, Camera, Layout: Be aware of "dark spots" both inside and outside your office. Install adequate lighting in parking lots and outdoor break areas for employee safety, eliminate blind areas in stairwells, and arrange hallways and offices to remove any places where someone could conceal himself or stolen items. Short of CCTV, discussed below, it may be worthwhile to install recording security cameras at key areas like loading bays and access points like after-hours entrances.
Reception: Among the more complete solutions is to employ one or more full time receptionists. From a security system standpoint, this person allows for close inspection of credentials and identification and funnels security information through a single point. If it is impractical to have each visitor greeted and checked-in by a person, consider a dedicated phone line in your lobby or at your front door that goes only to a designated receiver. This method, combined with a sign-in station, can be a cost effective strategy for many offices.
Access Control System: One of the difficulties with hard keys is reacting when one is lost or stolen. With an access control system, businesses can issue access cards to employees while maintaining complete control over what each card will open. Moreover, access control systems minimize risk by allowing only enough access to complete a job. Thus, employees, contractors, or visitors can be restricted by area or time of day. Two things are critical with access control systems. First, allow "total access" to as few individuals as possible. This will clarify who is authorized to be where and thereby enable employees to recognize and report infractions. Second, monitor the use of each card. By reviewing card activity, you can determine who needs access to where and at which times, streamlining routines and defining access.
Closed Circuit Television (CCTV): For higher end security system needs, CCTV is one of the most effective methods of protection. Through limited broadcast, each camera can be monitored through a single interface. Depending on the specifics of the system, footage can be monitored by an employee or digitally recorded. Place cameras strategically to achieve the maximum coverage for a single unit. Likewise, cameras or corresponding signs that are visible to guests and employees can be effective deterrents and create a safe environment. It is important to remember, however, that as effective as CCTV is, it should be used efficiently and in tandem with other measures. For example, installing a unit in an entry with an "airlock" door system allows extended footage of a person(s) entering or exiting the premises.
Proper Training: Above all, make sure each of your employees is adequately trained to use security equipment and follow procedures. Investment and planning in the best security system will have little impact if individuals are unclear on precaution and intervention. This may be as simple as making sure employees keep doors and windows secure or protect their personal belongings, but often entails specific training on identifying and responding to suspicious items, persons, or events.




About this Article This article was commissioned by Security Integrations and written by Braden Russom to offer businesses some key steps to take towards a more secure workplace. Security integrations is an upstate NY Security firm specializing in complete security systems for government, manufacturing, and other industries where the highest security is necessary. One of a few companies in New York State to hold UL 2050 Certification, they serve New York (NY), Pennsylvania (PA), Massachussetts (MA) and New Jersey (NJ). Their website is http://www.securityintegrations.com




Importance of Internal Network Security


With today's advancement of technology, Information Technology resources and even network resources play an important role not only in the corporate world but also in educational institutions, personal use at home, and any individual that is inclined to use technology. The use of a computer today is enhanced by connecting it to the internet. But connecting it to the internet poses a possible threat to the computer devices. These threats are why it is important to maintain network security. The internet provides possible opportunities for unfamiliar threats including unauthorized persons, viruses, and worms.

Internet connections open a venue for a lot of useful software and easy information sharing across the globe. However, sometimes private networks handle sensitive information that is not supposed to be shared with outside users. This information is susceptible while on the internet to attacks, IP spoofing, and other intrusions. The worst case scenario is when managers find out too late that their system has been compromised and they have lost valuable information.

While there are security measures for computer networks, the sad reality is that most people don't know the importance of internal network security systems. It is basically the most important component in network configuration as well as network management. An effective network will provide a secured information system to the entire company.

Internal security deals with detection and prevention of any unauthorized access to the computer network. These security procedures and techniques may come in the form of software that protects the entire network infrastructure from any illegal access, misuse, or any other threats that may destroy the integrity of the network. An effective internal security solution provides a safe venue for computers and programs to perform their operations in the most reliable and efficient way.

With a good internal security solution, the network will be ensured of its accountability, integrity, and confidentiality. It will be capable to withstand any external and internal threats such as network security issues, attacks, worms, and other intrusions. Network security solutions typically depend on the network usage. For home use, users can have security applications such as firewalls and encryption solutions. Other internal network solutions also include authentication and user verification, access controls, and intrusion detection.

An effective network security can bring a lot of benefits to the corporate world such as enhanced IT processes, productivity, and efficient services. It provides the most secured and protected data that meet the quality standards set by the company. Lastly a good security solution ensures that only authorized people can have access to the network resources of the company.




Jason considers internal network security something that should be thought about frequently within a business (perhaps on a monthly basis). It might be a good idea to bring in an expert to help you figure out how to set up a good system. Look for an expert in IT infrastructure management to help get everything set up correctly.




A Glorious Week of Identity Theft


Dark reading reports Eight defendants were arraigned in a Brooklyn court for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services. An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford and seven other defendants. When identity theft defendants named Courtney, Gabe, Marsha, Saul and Ron are involved in a $22 million identity theft scheme, then you know it's just a matter of time until someone named Britney or Brad will get busted too! It's the identity theft apocalypse!

ABC News reports that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A "Segvec", "SoupNazi," and "j4guar17," whose motto was "Get Rich or Die Tryin'" was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity.

Information week reports in the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year. Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

Cnet reports Rogue Facebook apps steal log-in data, send spam. Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims' friends. So far, six malicious applications have been identified: "Stream," "Posts," "Your Photos," "Birthday Invitations," "Inbox (1)," "Inbox (2)" according to a blog post by Trend Micro researcher Rik Ferguson. The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called "sex sex sex and more sex!!!," which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn't appear to be malicious and may have been compromised somehow to begin the distribution of the spam, he said.

USA Today reports Hackers harness Twitter to do their dirty work. A cyber gang has begun experimenting with setting up free Twitter accounts, then sending out Tweets from the popular micro-blogging service that are really coded instructions to botted PCs to carry out criminal activities. Anti-virus maker Symantec has isolated several samples of infected PCs carrying a unique new infection, dubbed "Sninfs."

The PCs most likely got infected when their users unwittingly clicked to a tainted web page or on a corrupted link carried in an email or social network message, says Marc Fossi research and development manager at Symantec Security Response.




Robert Siciliano http://IDTheftSecurity.com




An Overview of Computer Network Security


The realm of computer networking has allowed efficient communication between various computing devices such as computers, servers, mainframes and peripheral devices such as printers, scanners etc. Once a computer becomes a part of a network, it is possible to share information and data easily and with minimum hassle. However, this data sharing has given rise to a host of security issues and thus computer network security is one of the most highly talked about topics these days. In actual, the computers in a network are always at the risk of unauthorized access from hackers in the network. A prime example of this is the Internet where insufficient security measures can lead to your valuable and highly confidential information being stolen.

Considering the increasing number of Internet crimes and an even greater need for privacy and strict security; a number of network security software are now available in the market, which can help protect your computers. This software has been designed to provide computers with network security by scanning and detecting any potential security risks in your computer. The detected files are then accessed by the program and corrected (if possible).

Most of the times, network administrators working in large bossiness or organizations have to cater to the problems of network security individually. In addition, in order to improve the security separate software for every separate function may also be used. For home networks it is advised to make use of single comprehensive network security software that protects the computer from any security threats and invasions while also offering faster problem solving and solution finding.

Effective network monitoring is the key to computer security. In order to efficiently manage a network, the activity logs from various servers or firewalls and even routers has to be closely guarded and reported. Good network security software will help you by doing just that.

Computer network security depends greatly on the end point security for it is through this node that all the data flow is managed. Unless a proper security measure is not taken to control this data flow; hackers and users from all over the network will have minimum trouble introducing various viruses and worms into your system and hence successfully stealing your confidential data. Computer network security is also greatly enhanced by making use of an intrusion prevention system. As network scams get more and more sophisticated with time, it is crucially important that you take equal measures to secure your computer.

Moreover, when a particular network is being designed or planned, data security considerations must be taken into account as a lot of data is generally stolen during the transfer process.




Wifinotes.com is great site where you can learn about wifi wireless technology, wifi wireless network, mobile communications, IT Certifications and also find computer networking tutorials.




Fight Cybercrime With an Online Talk Show


Although the Internet basically provides everyone a positive experience, attacks against our personal privacy and security are reaching epidemic proportions. These cyber-attacks are occurring in our own homes and businesses. Our personal computers are being used as zombies to attack the computers of other people, their businesses, and our nation. Identity theft and assorted crimes committed online, commonly referred to as cybercrime, has grown to epidemic proportions.

As an average computer and Internet user, you may not be aware of these threats nor have any idea about the dramatically increasing risks you face when your computer is connected to the Internet. And when you do become victimized, sometimes it seems that there is nothing you, the average computer-and-internet user, can do to fight back.

Internet Safety Advocates are on a campaign for Internet safety awareness and protection. With a mission is to bring critical awareness to individuals, families, and small business owners, they provide access to the necessary tools and ongoing expertise to help the public secure their computers and stay securely protected.Using the internet as a way to fight back, Internet Safety Advocates found a talk show as another way to continue to fight cybercrimes.

Online talk shows allow Internet Safety Advocates to expand their cybercrime-fight abilities by allowing:


both domestic and international audiences to participate;


listeners anywhere in the world to listen at no cost to them;


English-speaking listeners anywhere in the world to call-in at no cost, and


each show to be recorded and archived as a podcast for listeners to review at their leisure.




Thus, if you plan to start your own online talk show for whatever reason, I encourage you to utilize one that is, not only user-friendly, but offers the following features and benefits:


it has one-click Flash-based Voice over Internet Protocol (VoIP) feature. (This enables listeners to interact with the show from their Web browser without the need for long-distance fees or a traditional landline or wireless phone.)


It has an integrated telecom-based back-end infrastructure. (This means that for the listener no software downloads are needed.) Listeners who wish to participate during his live internet radio show must simply have a microphone connected to their computer and be logged onto the talk show's site in order to connect directly with the host. Once those steps are completed, the listener simply clicks a button on the show's web page to interact directly with the host.





If you've been wanting to fight back cybercrime and didn't know exactly where to get start, here's an option available to you. And the best part is that you won't spend an arm and leg of your tight budget because the entire service is free. You can't ask for better than that! If you run into difficulties or have questions, please feel free to contact me.




Etienne A. Gibbs, Internet Safety Advocate and Educator, recommends to individuals and small business owners the protection package he uses. For more information, visit www.SayNotoHackersandSpyware.com/.




Detecting Network Sniffers


Overview

A packet sniffer is a program or device that eavesdrops on network traffic and gathers data from packets. Sometimes such wiretaps are carried out by the network administrator for beneficial purposes (like intrusion detection, performance analysis, etc.). On the other hand, malicious intruders may install packet sniffers in order to retrieve clear-text usernames and passwords from the local network or other vital information transmitted on the network. Vulnerable protocols (with clear-text passwords) include: telnet, pop3, imap, ftp, smtp-auth and nntp. Sniffers work because ethernet was designed to be shared. Most networks use broadcast technology -- messages for one computer can be read by another computer on that network. In practice, computers ignore messages except those that were sent directly to them (or broadcast to all hosts on the network). However, computers can be placed in promiscuous mode and made to accept messages even if they are not meant for them -- this is how a Sniffer works.

People assume that computers connected to a switch are safe from sniffing -- but this is not really so. Computers connected to switches are just as vulnerable to sniffers as those connected to a hub.

How a Sniffer works

A computer connected to a LAN has 2 addresses -- one is the MAC address that uniquely identifies each node in a network and which is stored on the network card. The MAC address is used by the ethernet protocol when building frames to transfer data. The other is the IP address, which is used by applications. The Data Link Layer (layer 2 of the OSI model) uses an ethernet header with the MAC address of the destination machine. The Network Layer (layer 3 of the OSI model) is responsible for mapping IP network addresses to the MAC address as required by the Data Link Protocol. Layer 3 attempts to look-up the MAC address of the destination machine in a table, called the ARP cache. If no MAC entry is found for the IP address, the Address Resolution Protocol broadcasts a request packet (ARP request) to all machines on the network. The machine with that IP address responds to the source machine with its MAC address. This MAC address then gets added to the source machines ARP Cache. This MAC address is then used by the source machine in all its communications with the destination machine.

There are two basic types of ethernet environments -- shared and switched. In a shared ethernet environment all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. All the computers on the shared ethernet compare the frame's destination MAC address with their own. If the two don't match, the frame is quietly discarded. A machine running a sniffer breaks this rule and accepts all frames. Such a machine is said to have been put into promiscuous mode and can effectively listen to all the traffic on the network. Sniffing in a shared ethernet environment is passive and, hence, difficult to detect.

In a switched environment the hosts are connected to a switch instead of a hub. The switch maintains a table that keeps track of each computer's MAC address and the physical port on the switch to which that MAC address is connected. The switch is an intelligent device which sends packets only to the destination computer. As a result, the process of putting a machine into promiscuous mode to gather packets does not work. However, this does not mean that switched networks are secure and cannot be sniffed.

Though a switch is more secure than a hub, you can use the following methods to sniff on a switch:

� ARP Spoofing -- The ARP is stateless, that is, you can send an ARP reply even if none has not been asked for, and such a reply will be accepted. For example, one technique is to ARP Spoof the gateway of the network. The ARP cache of the targeted host will now have a wrong entry for the gateway and is said to be Poisoned. From this point on, all the traffic destined for the gateway will pass through the sniffer machine. Another trick that can be used is to poison a host's ARP cache by setting the gateway's MAC address to FF:FF:FF:FF:FF:FF (also known as the broadcast MAC).

� MAC Flooding -- Switches keep a translation table that maps MAC addresses to physical ports on the switch. This allows them to intelligently route packets from one host to another. The switch has a limited amount of memory for this work. MAC flooding makes use of this limitation to bombard a switch with fake MAC addresses until the switch can't keep up. The switch then enters into what is known as a `failopen mode', at which point it starts acting as a hub by broadcasting packets to all the machines on the network. Once that happens sniffing can be performed easily.

Detecting Sniffers on the Network

A sniffer is usually passive -- it just collects data -- and is especially difficult to detect when running in a shared Ethernet environment. However, it is easy to detect a sniffer when installed on a switched network. When installed on a computer a sniffer does generate some small amount of traffic -- which allows for its detection using the following types of techniques:

� Ping Method -- a ping request is sent with the IP address of the suspect machine but not its MAC address. Ideally, nobody should see this packet as each ethernet adapter will reject it as it does not match its MAC address. But if the suspect machine is running a sniffer it will respond since it accepts all packets.

� ARP Method -- this method relies on the fact all machines cache ARPs (i.e. MAC addresses). Here, we send a non-broadcast ARP so only machines in promiscuous mode will cache our ARP address. Next, we send a broadcast ping packet with our IP, but a different MAC address. Only a machine which has our correct MAC address from the sniffed ARP frame will be able to respond to our broadcast ping request.

� On Local Host -- if a machine has been compromised a hacker may have left a sniffer running. There are utility programs that can be run which report whether the local machine's network adapter has been set to promiscuous mode.

� Latency Method -- is based on the assumption most sniffers do some kind of parsing, thereby increasing the load on that machine. Therefore it will take additional time to respond to a ping packet. This difference in response times can be used as an indicator of whether a machine is in promiscuous mode or not.

� ARP Watch -- to prevent a hacker from ARP spoofing the gateway there are utilities that can be used to monitor the ARP cache of a machine to see if there is duplication for a machine.

How To Protect Against Sniffing

The best way to secure a network against sniffing is to use encryption. While this won't prevent sniffers from functioning, it will ensure the data collected by sniffers is un-interpretable. Also, on a switched network, the chances are ARP spoofing will be used for sniffing purposes. The machine that the hacker will most likely ARP-spoof is the default gateway. To prevent this from happening it is suggested the MAC address of the gateway be permanently added to each host's ARP cache.

Additional suggestions include:

Use SSH instead of telnet.

Use HTTPS instead of HTTP (if the site supports it).

If concerned about email privacy, try a service such as Hushmail (www.hushmail.com), which uses SSL to ensure that data is not read in transit. Also, Pretty Good Privacy (www.gnupg.org) can be used for encrypting and signing emails to prevent others from reading them.

Employ a sniffer detector. For example, the software package PromiScan is considered the standard sniffing node detection tool and is recommended by the SANS (SysAdmin, Audit, Network, Security) Institute. It is an application package used to remotely monitor computers on local networks to locate network interfaces operating in a promiscuous mode.




Steve Leytus is a senior software engineer and develops applications for NutsAboutNets.com. For more information about AirSleuth 2.4 GHz Spectrum Analyzer and other low cost, PC-based diagnostic tools for installing, optimizing and trouble-shooting 802.11 (Wi-Fi) wireless networks please visit www.NutsAboutNets.com.




Discover Your Laptop's Greatest Security Vulnerability, Windows Ad-hoc Mode


Not everyone in this world is as computer savvy as we would like to be and many are afraid to ask about computer technology out of sheer embarrassment. Well, if you are unclear about what the deal is with Ad-Hoc mode in windows is, search no further. This article will break down for you what Ad-Hoc is, why it was created, the differences between XP/Vista ad hoc modes and how to use it.

What is Windows Ad-Hoc mode?

Ad-Hoc is the ability to connect from one computer (or mobile device) to another without having to by pass an access point. These access points are like wireless networks that you log into and that secure the network for you. Ad-Hoc technology should only be used with people that you know and that there is a certain reason why you are using it. Such as passing documents off from one computer to another. Once you are done, you should disable the feature, which is discussed later in the article.

If you need to send applications, photos, music, movies, documents, software, etc. to another person, you can do it from a direct connect from one computer to another without having to go through a service provider. This is great in times that the internet is not functioning well and you have the two computers in relatively close distances.

Why does Ad-Hoc exist?

Ad-Hoc is ideal, especially between colleagues and students, who want to share files. With Ad Hoc technology, you are able to connect directly to another computer without an intermediate party. However, if you are not very technologically adept, it is safer to have your computer working through an access point because it is more secure. Computers often can have information stolen or corrupted by using an Ad-Hoc source.

Differences between Ad-Hoc in Windows XP and Windows Vista

There is not really any difference between Ad-Hoc in these two systems. Ad-hoc is available in both systems and they are compatible with each other. For example, a computer running on Windows XP is able to be part of the ad hoc network of a user that has a computer running on Windows Vista and vice versa. It seems that Windows XP can control pop ups from ad hoc networks that are in range where as Windows Vista likes to give its user the option that an ad hoc system is around you even though you have disabled the technology. In terms of use, it is used exactly the same in the two Windows applications and has the same sending capabilities (applications, photos, music, movies, documents, software, etc). The only difference may be how to get navigate to your wireless adapter. However, after finding the wireless adapter, the options and directions to enable and disable the Ad hoc networking system in your Window's computer should be exactly the same.

Using Ad-Hoc

Configuring the Ad-Hoc system on Windows XP can be relatively simple and problem free. You can have up to nine people who are on your as- hoc network but you will be limited by distance since this wireless technology does not reach very far. First, go to the wireless adapter and click on the properties tab which will prompt you to click on the wireless networks tab. Then you click on configure my wireless network settings. Then once you see Advanced options, click on that. Here you will be able to enable the computer to computer option also known as ad hoc. To add ad hoc networks, click the close button and then Windows will ask you which sites you would like to add to your ad hoc network. Click on the network and then click on add. Then you will have the further option of enabling and disabling this feature.

To disfigure the connection, you follow the same steps but when it asks if you want to connect to an ad hoc system, simply unclick that option and you will have disabled the feature. Make sure to disable the networks that you added to your ad hoc network.

Ad hoc is an excellent option for those who need to send documents or applications quickly and in a limited range such as in an office building floor, a house or classroom. The use of Ad hoc can be hazardous to your computer if you always keep it configured, so try to disable it after using it. Ad hoc is not necessary because you can use your wireless adapter to commit the same work of sending applications and receiving them as well, yet sometimes it proves to be faster just using direct computer to computer technology.

Security is key. Only join ad hoc networks where you are a friend, colleague or family member of people you know. Therefore, none of your documents will be compromised. Many times using ad hoc is looked down upon in, especially in business because employees by pass all of the security measures. However, on the other side of the coin, those who are paranoid about the government or employer snooping through private documents, there is not much they can do in regards to the ad hoc system.

Ad hoc is not very difficult to use so you should not be deterred by it. Play around with it for a while. If it benefits your style and makes the world a bit less complicated, then go for it. If it is a pain, then dimply disconnect it and you will never have to deal with it again. At least now you know what ad hoc is, why it was created, the differences between the ad hoc system in the Windows XP and the Windows Vista versions (or lack there of) and how to enable and disable your ad hoc networking system. Piece of cake, right?




Best Rated Laptops Security Guide

Laptop security, everything you need to know to protect your property, personal data and identity.

http://www.best-rated-laptops-guide.com/laptop_security.html




Versatile Software Support


The relevant software's are updated and installed on your computer to benefit you significantly, since everyday, breakthroughs are achieved in the world of science and technology and the area of computer software is only a part of it.

Computers being an important part of our life are borne with few problems occasionally. At that hard time online technical support helps you and everybody look for resources providing computer technical support. The support works efficiently for all issues either software or hardware.

The software supports services ensure not only the protection of equipments but also create a back up for your data, and protect your network from cyber crimes such as hacking, e-mail bombing, unauthorized access and virus attacks.

Online Microsoft Windows Vista Support will diagnose and troubleshoot issues with your Windows Vista operating system. Online computer support technicians resolve all the issues of operating systems at their level best and help to satisfy the customer's needs and enhance their goodwill too.

Microsoft support intends to learn you vital and significant changes in Microsoft products and users must learn and get accustomed to, and your learning experience is going to take much less time if you are new to Word, Excel, PowerPoint or Outlook.

A line of OS produced by Microsoft for use on personal computers, including home and business desktops, notebook computers, and media centers is Windows XP having universal hardware support and better graphics which makes it a better OS. Windows XP is enhanced by its important features as security and wireless support.

Online Microsoft support is a type of remote computer repair assisting in great help to things like computer optimization support. Excellent customer care is provided as online technicians are oriented as such. Each issue however big or small, is equally important and expected to receive the same amount of attention and expertise.

Microsoft Windows XP Support is provided for its versatile version, where Windows XP Home Edition is targeted at home users and Windows XP Professional is targeted at power users, business and enterprise clients offering additional features such as support for Windows Server domains and two physical processors.

You must go for online support services for setup and installation of Antispyware, if you are looking for successful defense tools and procedures. Highly trained tech support experts offer flexibility, low maintenance and centralized consoles to remove spyware and other wrong things.

Setup and installation of Antispyware software by technical experts is most required for protection against online malware threat by continually scanning for viruses, including Trojans and worms.

Setup and installation of Windows 7 is very simple, likely to other Windows operating system with online technical support. The different options are Internet, Windows 7 installation disc, or USB flash drive. In each you get the option of setup.exe. You have to double click that file to run the installation wizard. After that, the setup runs automatically and you need to just follow the on-screen prompts. Make sure that you have entered the valid product activation key.




SupportMart ensures availability of online technical support 24 hours a day and seven days a week just by click of a mouse and provides all sort of supports for operating systems, virus removal, software supports services, Laptop Repair, Microsoft support, email setup, PC software etc. To know more about online PC repair and technical support with their nominal packages log on to http://www.supportmart.net




How Secure is the Information on Your Resume With a Potential Employer?


Resumes provide employers with plenty of personal information, sometimes too much. Many job applicants include vital information like Social Security numbers, driver's license numbers and dates of birth. This makes it crucial for employers to take security measures to protect the identities and personal information of both job applicants and employees. Some companies do nothing more than store resumes in cardboard boxes in unlocked storage closets.

Exposing Personal Information When Resume Writing

If you have applied for a job in the past 10 years, you may be at risk for identity theft, especially if you provided any sensitive personal information. Even if you didn't get the job, many companies keep executive resumes on file where any employee can access the information. Even worse, with today's online applications, e-mailed resumes, and electronic storage, identity thieves don't even have to work for a company to get this information. A corrupt recruiter or computer hacker can hijack resumes electronically. Criminal rings have even posted fake job listings to capture the sensitive data of applicants.

Many companies don't take the necessary safeguards to protect the information provided on resumes, and most companies don't inform applicants about security practices before requesting resumes. The down economy has worked to make this situation even worse, as desperate job hunters hand over information they normally wouldn't in hopes of getting a job.

The good news is that employers now recognize the importance of protecting this sensitive data. Security breaches lead to lawsuits. In addition, job applicants can also take their own security safeguards when writing resumes.

Unsecured Data Stolen from Executive Resumes

Even employment agencies with applicant tracking systems (ATS) designed to protect job applications and executive resumes often leave data open to theft to anyone walking by an unsecured computer or due to stolen laptops or lost, stolen, or misplaced USB drives. Small companies are less likely to have security measures in place while large companies are more likely to mishandle sensitive data, leading to the capture of the Social Security numbers and other personal information of applicants and employees.

Is ATS at Fault?

Forrester Research found in a recent study that more than 62 percent of the 200 the companies surveyed experienced a security breach due to insecure ATS software in the previous 12 months. Most of these breaches were due to a SQL injection attack. A computer hacker can use a Web site's online form to get control of a database in a SQL injection attack. While there are security measures to block these attacks, hackers are never far behind in finding new ways to get into these databases.

Or Is It a Handling Problem?

Technology is definitely part of the problem, but even the world's best software won't protect the sensitive data of job applicants if employers are reckless in handling this information. With a protocol that is too relaxed, any employee within a company can gain access to executive resumes simply by looking on the right computer or getting into the right database to learn the social security number, driver's license number, date of birth, and other vital data of applicants and employees.

What's the Solution?

Companies need to realize what exactly the confidential data on executive resumes is, where it goes and how it gets there (e-mailed, regular mail, interoffice delivery, and so on), and how to prevent this information from getting to the wrong people and/or leaving the company altogether. Some big-name software companies like Symantec now have the technology to offer solutions to the problem of mishandled data provided by applicants through resume writing. This software searches the entire network of a company looking for sensitive data, including on USB drives attached to computers. It can block this data from leaving the company's network and will identify potential hackers or negligent employees. However, this advanced software will only help if the company a job seeker applies to have this software and uses it as recommended.

Unlike online ecommerce websites that have strict security practices that make buying online safe for consumers who want to purchase by credit card, few employers take precautions to protect the sensitive data contained on executive resumes or employee records. When undertaking the process of resume writing, the best advice is to keep your personal information private by not including it on executive resumes.




Matthew Rothenberg is editor-in-chief for TheLadders.com, a company offering resume writing advice, especially for executive resumes.




iPad To Don�t

One of the inexplicable omissions in the original iPhone OS�and still the case in iOS 4 on the iPad�is a lack of tasks. Sure, you can view and sync your calendars, but any to-do items on those calendars will be missing, and none of the iPad�s built-in apps displays or syncs to-do items from your Mac or PC.

I don�t know why this is, or whether Apple will ever provide an official remedy, but in the meantime, oodles of third-party developers will be happy to sell you (or even give you) apps that manage to-do lists ranging from simple to elaborate. For example:

� 2Do: A beautifully designed app, 2Do has tons of features and high ratings�but note that if you want to sync over the air with MobileMe, you must make an extra in-app purchase of $2.99. (Guided Ways Technologies, $6.99)

� BusyToDo: Although this app currently runs only at iPhone size on an iPad, it�s the only one of these that syncs directly and wirelessly to your iCal (or BusyCal) to do list via MobileMe. (BusyCal, $4.99)

� GoTasks: This easy-to-use app syncs to-do items between your iPad and Google Tasks. (Evgeniy Shurakov, free)

� OmniFocus for iPad: Many regard this app (along with its Mac counterpart) as the ultimate Getting Things Done-style task manager�expensive, but worth it. (The Omni Group, $39.99)

� Sorted: If you want a simple, elegant, and inexpensive task manager without lots of bells and whistles, this iPad app from Si may do the trick. (Si, $0.99)

� Task PRO: Among other features, this universal app lets you divide a task into subtasks, and view or edit tasks on your computer using a Web browser. (AlifSoft, $1.99)

� TaskTask HD: This app syncs tasks with an Exchange server. (RyanGregg.com, $4.99)

� Things for iPad: This somewhat pricey but well-designed task manager syncs with the software�s Mac and iPhone/iPod touch versions. (Cultured Code, $19.99)

Source of Information : TidBITS-Take Control of Working with Your iPad 2011

Immaculate Benefits Of A Network Penetration Test


In the recent times, ethical hacking has come out to be a trendy term in the cyber world. It is well known fact that hacking is illegal as well as unethical. If you penetrate in someone's network and extract his information, then it is legally unacceptable. Hacking has come out to be a serious problem for numerous people across the world and they are in the search for a possible way out.

Irrespective of their size and potential every business organization wishes to safeguard its network and information from hackers who are always on the lookout for it. You need to be wary of them and look for solution such as network penetration test. Webmasters are trying to get proficiency in this field because this is the most sought field.

All about Network Penetration Test:

The problem of hacking is not new among us, as it has been looming for past many years. Over the years, you may find that the methods used by hackers have become sophisticated, so it is tough for a normal person to safeguard their network.

The anti-hacking devices one can get in the market cannot complete the techniques used by hackers, so there is need for some better techniques. It is essential for you to know that penetration testing can efficiently deal with the problem of hacking. This testing offers immaculate baseline for the design of the security system for your website.

Reasons for opting this testing:

There are numerous for performing this testing and every reason is important in its own. This testing can guarantee you with a safer website security as well as protection of your sensitive information.

It can be helpful in testing the responsiveness of the organization against different forms of security breaches.

Organizations can evaluate their security methods, identify gaps if any and eradicate them instantly before any data theft occurs.

It builds a strong wall around the network of the organization which makes it impossible for the hackers to steal the sensitive information.

Strategies employed for the Network penetration test:

Wireless penetration is greatly important for every organization, so you need to also go for it in order to avoid all possible troubles. This industry is evolving drastically, so you can upgrade your network by taking its assistance. On the daily basis a new technique is coming up for testing the penetration of the network, but there are certain techniques which are famous for their effectiveness.

Penetration test of network externally: Your partner can perform the test from another computer or system. This is the reason it is called external testing of the network. There is no need for the revelation of the website for performing this form of testing.

Internal Wireless Network Test: This form of testing is performed within the environment of the network or your organization. People using WiFi are prone to thefts within their organization, so there is grave need for performing this test.

You need to incorporate these things in your organization if you wish a safe technological environment. The best part of these tests is that they are reliable and one can bank on them.




At strategicsec.com, you can get comprehensive wireless penetration test and in-depth data security thereby giving you an assurance of complete protection of your network from hackers.




 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Information Computer and Technology - All Rights Reserved
Template Modify by Creating Website
Proudly powered by Blogger