Network Based Security Attacks on Internet Users

Network based Security Attacks

Network is a collection of nodes connected to each other. These nodes can be a computer or computing devices (like mobile and PDA), peripheral devices (like printer, scanner), other networks (connect via bridge or router) or any service (like directory service, mailing service) etc. As the boom in networking has joined whole world in one network called the Internet, we have also joined with many new problems. These are due to malicious activity peoples who ? intentionally or unintentionally and for profit or without profit trying to harm us. To be protected and to be secure it is necessary to understand their way of action. This small note will help you understand these attacks.

Types of Attack ?

Network based security attacks can be categorized in following. This list is based on a server, a user accessing data on the server and data that the server holds.

1. Attack on availability ? making any part or whole network unavailable to users. Distributed Denial of Service (DDOS) is one of the best examples of network attack. In this the server is clogged in such a way that the server starts denying services to legitimate users.

2. Attack on confidentiality ? unauthorized access of any data. It can be active or passive. Eavesdropping is one of the best examples of such attack. In this network line is tapped or gained access.

3. Attack on Integrity ? attack on confidentiality and then modifying any part or whole data. One of the famous attack in this category is changing the secure HTTP content by using some local proxy.

4. Attack on authenticity ? creating data and sending it to users by faking themselves as authentic. Now days a very famous spamming technique called scams is cheating users world wide. In this a mail that is believed to be sent from any authorized bank is send. In the mail request of data is asked and a link that seems authentic in url text is given. The url can be like http://www.xyzbank.com/register/user.php but the url is something like [http://221.211.2.222/.http://www.xyzbank.com] which is incorrect. Many users are trapped by these scammers.

5. Attack on access control ? faking as an authentic user and utilizing all resource provided to that user. It is very common sometimes active sometimes passive, many users try to enter server?s computer and also many of hackers gained access in computers from defense labs to PC?s. A fresh case of this is use of Robots. These are small programs which were entered in the victim computer. These programs are capable of taking commands from network and then executing them on the victim?s computer. A teenager group has caught, since they break up in a hospital?s ICU computers and damaged vital schedules of it.

6. Attack on privacy ? Gaining access of user?s computer and spy on its usage and then selling this information to many business bodies, so that they can target their customers. It is now becoming one of the most common attacks. Spywares are installed on the victim?s computer and all surfing information is uploaded to some desired marketing site. This is later used as weapon of mass advertisement.

How to secure our data

There is no one panacea solution for this. Better practice of security can help. Some attacks can be reduced by using software and some by being careful.

Carefully handle your mail ? whenever you get mail regarding - providing any vital information like account no. and password, don?t jump on any conclusion. Mail the responsible authority with a copy of that mail and get what you have to do. Check that the link given and the URL text written are same. If you find something fraudulent, immediately contact police or responsible certification authority.

When you are about to purchase something through Internet, make sure that the seller is certified by CA (certifying authority) like VeriSign or any other renowned CA of your country. Also read the certificate and check if the certificate is not invalid and is not invoked by the CA.

Software that can help you

Many free software and patches for vulnerability are available. The best to have is a good virus scanner like AVG free virus scanner, running on your computer in real time. You should also know that virus scanner work on the basis virus available at the moment, so any old virus scanner will not find newly created viruses. For this you must install the updates time to time.

Other than virus scanners, there are many other softwares working against network based security attacks. I will not give any name of software but I will give you types of software that can be used. You can search them at http://www.download.com.

Firewalls ? there are many typed of firewalls that one can run, but we are concerned here about proxy based firewalls. Such a firewall setup a proxy server on your computer, this proxy scans all out going requests and incoming responses from your computer. This way they block any unauthorized access to your computer.

Spyware sweeper ? Spywares can be small software installed on your computer or cookies based online spy of your system. A Spyware sweeper first searches all possible locations of Spywares like cookies, your system registry, start up folder of your Windows and system?s root. After finding that, they ask you what action they should take, like, deleting, shielding or blocking such Spywares. If you browse the Internet using low security software like Internet Explorer, this is highly recommended that you should use a Spyware sweeper.

Network block ? even if your computer is secure and virus ? Spyware free, other computer attached to your computer network can setup them. This can be cured by using network blockers. These are firewall software that runs in real time and alert you with all LAN based packets coming to your system. Such software provide you facility to unblock few parts of your network also.

Conclusion

Finally, I can say that never curse others who damaged your computer or information, curse yourself that you were not able to block them.

?If you actively not attack them, they will actively attack you.?

Be careful, be updated and know all moves of your opponents (malicious software) before they even have taken any step. If you want to be simple user of network based system, them you are candidate of being victim also. A smart move can thwart your opponents and help you stand unaffected in swamp of malicious software.

Manu Dutt Tripathi is a young energetic computer professional working as a consultant DBA in leading IT firm of Bangalore, India. He has a master degree in computer science. He is a active member of many technical forums and help users and computer professional through out the world.

More such ideas can be found at http://manudutt.wikispaces.com

Computer Security - Preventing Social Engineering Attacks

Social Engineering in its basic form is hacker talk for manipulating computer users out of their username and password. Social engineering really goes beyond just usernames and passwords. A well planned social engineering attack can destroy companies. All of the most devastating information thefts have used some sort of social engineering attack. Social engineering is so effective because computer admins and security experts spend all their time patching systems and not training employees about information security. Information security goes beyond patching computers, it is a combination of physical security, computer/network policy and employee training.

This article will describe many of the common security flaws that information thieves take advantage off and how you can prevent them.

1. Web sites Information - Company web sites are the best place to start when gathering information. Often a company will post all their employees names, email addresses, positions and phone numbers for everyone to see. You want to limit the number of employees and phone numbers listed on a web site. Also, live active links to employee email addresses should be avoided. A common mistake is a company's email user name will be the same as their network logon, example: email address of jsmith@nocompany.com has a user name of jsmith for the network with the same password for email and the network.

2. Phone Scams - Scamming someone on a phone is very simple. Company employees need to be trained to be courteous but cautious when giving callers information over the phone. One hacking scam is a hacker will call a company posing as computer salesmen. The salesmen will ask the secretary what type of computers they have, do they have a wireless network and what type of operating systems they run. Hackers can use this information to plan their attack on the network. Train your employees to refer any IT related questions to Tech Support.

3. Outside Contractors - Outside contractors should have a security liaison to monitor their activities. Security liaisons should be briefed on what work the contractor is hired to perform, area of operation, identity of contractor and if the contractor will be removing items from the work site.

4. Dumpster Diving - The easiest way to get information about anyone is to go through their trash. Shredders should be used in all cases or shredding services should be hired. Also, the Dumpster should be in a secure location and under surveillance.

5. Secretaries - They are your first line of defense, train them to not let anyone into your building unless they are for certain whom they are. Security cameras should be place in the main entrance way and also on the outside of the building. A thief who is probing your network will test to see if he is challenged upon entering the building, cameras can help identify patterns and suspicious people.

6. NO PASSWORDS - Make it company policy that the tech department will never call you or email you asking for your username or password. If somebody does call and ask for a password or username red flags will go up every where.

7. LOG OFF - Social Engineering attacks get the hacker into the building and they will usually find many workstations where the user hasn't logged off. Make it company policy that all users must log off their workstations every time they leave it. If the policy is not followed then the employee should be written up or docked pay. Don't make a hacker's job any easier than it already is.

8. Training - Information security training is a must for any size company. Information security is a layered approach that starts with the physical structure of the building down to how each work station is configured. The more layers your security plan has the harder it is for an information thief to accomplish his mission.

Sign up for the most popular wireless networking news letter on the internet. Simple and Secure http://www.wirelessninja.com

Computer Security - 7 Tips to Keep Your PC Safe From Internet Attacks

When it comes to PC safety, many of us live in a world of complete ignorance about the dangers out there on the internet. We simply don't think we will be the victim of a cyber attack, but without a doubt it will happen eventually.

Unfortunately, much of the well-meaning advice we get on the subject of internet security is still not enough to combat the cyber-crime that is becoming more widespread. The best we can do is take preventative steps to make the baddies job more difficult.

It happens to the most security-conscious of us...

Even though many of us could be highly vigilant and never open electronic mail attachments from folks we don't know, and look to make sure an ecommerce site is safe before entering our bank card info it can still happen.

The fact is, nobody is completely safe online, but taking computer security seriously is a big help.

There is little doubt that spyware and adware, malware, and insidious virus assaults make any pc with internet access vulnerable to attack. But, not all web security breaches are instantly apparent. As a matter of fact, most people are often unsuspecting that their seemingly safe browsing session is fraught with hidden dangers.

Now that you understand the scale of the problem, here are seven pointers to assist you to surf the Internet safely and protect your PC from attack.

1. Protect yourself from ID theft.

When making a purchase on an ecommerce site, make sure that the page where you enter your personal info is secure, as specified by "https" in the URL shown in the browser address bar. And never download ''warez' and cracked software as you can guarantee they contain trojans that will spy on you and steal your private information.

Obviously, the most ridiculous thing you could ever do is download a cracked antivirus program or some other computer security program as it will contain exactly the things that it is supposed to protect you from. Always buy computer software from a reputable source or you are just asking for trouble.

2. Be careful before you click on an email link.

Many cyber-criminals impersonate respectable companies, and send out a "phishing" e-mail that asks you to click on an email link. By no means click on email links unless you are sure of the source. Usually you can just hover over an email link to see the actual internet address it goes to, but not always. If it looks suspicious, then don't click on it as it will more than likely send you to a website that is designed to steal your financial details.

3. Update anti-virus, anti-spy ware, and firewall software often.

The worst part is, hackers and others who engage in cyber-crime seem to forever be one jump ahead of the latest computer security software. In the case that your computer protection is outdated, you're vulnerable so keep it up to date. Most software can be configured to do this automatically, which is a good thing for those who are forgetful or too busy to check for the latest security updates.

4. Use an internet browser and computer operating system that has good security features.

Make certain your browser settings provide you with optimal privacy and security, and make sure that you update your operating system regularly to reap the benefits of the latest security patches. Many browsers now block malware and you can also install software that will integrate with your browser to protect you whilst surfing.

5. Use secure online passwords at all times.

For example, create a single password for every site you go to, and keep them in a secure place. Use letters, numbers and other symbol mixtures in an effort to outmaneuver automated password detection programs. The harder your password is to guess the more safer you will be,so don't be lazy and skip this vital point. There are some open-source password keepers that will create and store all your passwords in case you forget them.

6. Make sure you do regular backups.

In the case your PC ever does get a virus infection or a worm, your important data could also be lost. Be sure that you regularly back up any important data and store them in a safe place. It might take a little setting up but you will be glad that you did if ever disaster strikes and your valuable data is corrupted or destroyed.

7. Be geared up for all eventualities.

If something does go wrong, such as your computer being hacked or contaminated with a virus, or for those who by chance reveal private data, plan a course of action to remedy the situation and stop further problems in the future. Like they say, prevention is better than cure.

Conclusion

Protecting your financial and private info from all the threats in cyberspace can appear to be an impossible mission. Thankfully you can find many software vendors who make it their business to supply individuals and companies with robust computer security solutions.

They will help to keep your computer secure from the many threats which stem from the modern bandits of our time, who infest the internet and make safe computing more and more difficult for us innocent surfers.

To find out how to protect your computer from internet attacks and allow you to surf the internet in safety please visit PCRegistryMedic.com for advice on many aspects of safe computing

Is the United States Cyber-Safe? Experts Respond to the Recent Cyber Terrorist Attacks

U.S. officials have been short on public explanations and reassurances following the recent cyber attacks affecting many U.S. and South Korean security and financial institutions but emergency notices were sent to federal agencies and departments alerting them of the situation and advising precautions with the wake of the cyber terrorists attacks that are suspected to have originated in North Korea.

Amy Kudwa, spokeswoman for the Homeland Security Department, said the agency's U.S. Computer Emergency Readiness Team issued a notice to federal departments and other partner organizations about the problems and "advised them of steps to take to help mitigate against such attacks."

Just last year, following similar cyber attacks that were linked to China, security experts warned that America was more vulnerable to a cyber-attack than other forms of conventional threats.

In May, President Obama announced the establishment of an inter-agency cyber-security office and the Pentagon added a military Cyber Command to supplement the civilian effort.

Despite the warnings and these cyber-safety steps, this past week key U.S. agency web sites, including Treasury Department, Secret Service, Federal Trade Commission and Transportation Department sites, were affected by the cyber terrorist attacks in the U.S. and many South Korean institution web sites, including bank web sites were strangled as well.

While the U.S. government hasn't been very vocal, many security experts have helped to explain the outcome of the cyber terrorist attacks and gives the rest of us a realistic picture of just how significant these cyber attacks were.

- A spokesperson for Keynote Systems, a California-based mobile and website monitoring company, describe the outcome of the cyber attacks as "significant outage."

- The chief technology officer for SANS Internet Storm Center described the cyber attacks as a "pretty massive attack," although "nothing really terrible sophisticated. If just floods the websites," and "prevents the websites from responding."

- Ben Rushlo, director of internet technologies at the firm, described the transportation departments web site problems as "very strange." Rushlo added, "Having something 100% down for a 24-hour-plus period is a pretty significant event."

Questions Linger Over North Korean Involvement

Cyber experts seem to agree that the cyber attacks originated from a place with in North Korea but they have differing opinions on what this means. Is this a communist nation attack via a technology battlefield or was this simply an attack orchestrated by hackers using zombie computers from North Korea?

- Philip Reitinger, deputy under secretary at the Homeland Security Department, said in an interview with the Associated Press that, "the far-reaching attacks demonstrate the importance of cyber security as a critical national security issue." The fact that a series of computers were involved in an attack, Reitinger said, "doesn't say anything about the ultimate source of the attack." "What it says is that those computers were as much a target of the attack as the eventual Web sites that are targets," said Reitinger, who heads DHS cyber security operations. "They're just zombies that are being used by some unseen third party to launch attacks against government and non-government Web sites."

- Rod Beckstrom, former head of the U.S. cyber-security center says, "If Pyongyang is behind the attacks, it probably establishes a new pattern of behavior. If this is them, they are now in the club. And they're probably only going to get better."

Jack Thomas Tomarchio, head of Nicor Cyber Security is concerned about North Koreas involvement because "they play by their own set of rules, so it is more difficult to calibrate how they're going to respond." Tomarchio also says that, "The attacks overall show that the federal government is still very vulnerable in terms of its cyber security and that agencies have miles to go to plug the holes.."

This was only a DOS, or denial of service attack, but attacks like this one make us more fearful of attacks such as an attack on the FAA tracking of airlines or the New York Stock Exchange monitoring of stock prices. Sure, this seems a movie of the week theme that couldn't really happen, but after 9-11 and a series of cyber terrorists attacks, Americans are learning to never say never.

"This is not Pearl Harbor. I'm not trying to alarm the country," Tomarchio adds, "But we do have a serious intrusion problem."

Lisa Carey is a contributing author for Identity Theft Secrets: prevention and protection. You can get tips on Identity theft protection, software, and monitoring your credit as well as learn more about the secrets used by identity thieves at the Identity Theft Secrets blog.

Computer Security - 7 Tips to Keep Your PC Safe From Internet Attacks

When it comes to PC safety, many of us live in a world of complete ignorance about the dangers out there on the internet. We simply don't think we will be the victim of a cyber attack, but without a doubt it will happen eventually.

Unfortunately, much of the well-meaning advice we get on the subject of internet security is still not enough to combat the cyber-crime that is becoming more widespread. The best we can do is take preventative steps to make the baddies job more difficult.

It happens to the most security-conscious of us...

Even though many of us could be highly vigilant and never open electronic mail attachments from folks we don't know, and look to make sure an ecommerce site is safe before entering our bank card info it can still happen.

The fact is, nobody is completely safe online, but taking computer security seriously is a big help.

There is little doubt that spyware and adware, malware, and insidious virus assaults make any pc with internet access vulnerable to attack. But, not all web security breaches are instantly apparent. As a matter of fact, most people are often unsuspecting that their seemingly safe browsing session is fraught with hidden dangers.

Now that you understand the scale of the problem, here are seven pointers to assist you to surf the Internet safely and protect your PC from attack.

1. Protect yourself from ID theft.

When making a purchase on an ecommerce site, make sure that the page where you enter your personal info is secure, as specified by "https" in the URL shown in the browser address bar. And never download ''warez' and cracked software as you can guarantee they contain trojans that will spy on you and steal your private information.

Obviously, the most ridiculous thing you could ever do is download a cracked antivirus program or some other computer security program as it will contain exactly the things that it is supposed to protect you from. Always buy computer software from a reputable source or you are just asking for trouble.

2. Be careful before you click on an email link.

Many cyber-criminals impersonate respectable companies, and send out a "phishing" e-mail that asks you to click on an email link. By no means click on email links unless you are sure of the source. Usually you can just hover over an email link to see the actual internet address it goes to, but not always. If it looks suspicious, then don't click on it as it will more than likely send you to a website that is designed to steal your financial details.

3. Update anti-virus, anti-spy ware, and firewall software often.

The worst part is, hackers and others who engage in cyber-crime seem to forever be one jump ahead of the latest computer security software. In the case that your computer protection is outdated, you're vulnerable so keep it up to date. Most software can be configured to do this automatically, which is a good thing for those who are forgetful or too busy to check for the latest security updates.

4. Use an internet browser and computer operating system that has good security features.

Make certain your browser settings provide you with optimal privacy and security, and make sure that you update your operating system regularly to reap the benefits of the latest security patches. Many browsers now block malware and you can also install software that will integrate with your browser to protect you whilst surfing.

5. Use secure online passwords at all times.

For example, create a single password for every site you go to, and keep them in a secure place. Use letters, numbers and other symbol mixtures in an effort to outmaneuver automated password detection programs. The harder your password is to guess the more safer you will be,so don't be lazy and skip this vital point. There are some open-source password keepers that will create and store all your passwords in case you forget them.

6. Make sure you do regular backups.

In the case your PC ever does get a virus infection or a worm, your important data could also be lost. Be sure that you regularly back up any important data and store them in a safe place. It might take a little setting up but you will be glad that you did if ever disaster strikes and your valuable data is corrupted or destroyed.

7. Be geared up for all eventualities.

If something does go wrong, such as your computer being hacked or contaminated with a virus, or for those who by chance reveal private data, plan a course of action to remedy the situation and stop further problems in the future. Like they say, prevention is better than cure.

Conclusion

Protecting your financial and private info from all the threats in cyberspace can appear to be an impossible mission. Thankfully you can find many software vendors who make it their business to supply individuals and companies with robust computer security solutions.

They will help to keep your computer secure from the many threats which stem from the modern bandits of our time, who infest the internet and make safe computing more and more difficult for us innocent surfers.

To find out how to protect your computer from internet attacks and allow you to surf the internet in safety please visit PCRegistryMedic.com for advice on many aspects of safe computing