Join the God Side, Jesus is Coming…….

Archive for November, 2009

Secure on-line shopping tips for Cyber Monday

Source: examiner.com

Cyber Monday“, the Monday after Thanksgiving when we begin our holiday online shopping activities in earnest, is upon us. More of us than ever will be tickling the keyboards to use this convenient shopping method this year.

One recent survey reported that 55 percent of surveyed shoppers plan to do their holiday shopping online in 2009, up from 49 percent last year. As the number of online shoppers increases however, so do the threats to our online security.

One rising threat is “SideJacking“, as hackers break into a wireless Internet connection to steal data, like credit card numbers. SideJackers frequently target businesses, public hot spots and even residential areas where personal home networks can be discovered and accessed from the street. These threats, plus common phishing scams, malware and viruses, and spyware place personal information at risk for identity theft.

Minimal steps we should all take to secure our home networks include:

  • Install and / or update an Internet security and antivirus / antispyware software,
  • Set up a firewall for our home network. This will make it difficult for hackers to gain access to valuable personal information.
  • Be wary of opening e-mails with attachments that come from unknown sources. They can contain viruses, spyware, worms or other elements that may be harmful to a user’s computer.
  • When engaging in online commerce, look for “https” at the beginning of a web site URL to ensure the Web site is secure. Avoid making purchases on sites where URLs that don’t begin with an “https” address.
  • Power down your home wireless network if you are going to be away for extended periods of time

The government provides an outline for anyone who thinks his or her data or identity may have been stolen, explaining steps for recourse. More information on avoiding becoming a victim is available at: http://www.us-cert.gov/cas/tips/ST05-019.html.

Advertisements

Five ways to lose your identity (and wallet) this holiday season

Source: computerworld

The holiday season is almost here, and even in a recession huge numbers of people will likely be shopping online for gifts this year.

The rush by shoppers to the Web makes the season a great time for online retailers. It’s also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

For those unwary consumers, Computerworld this year offers a handy list of tips that can help maximize the their exposure to online fraud.

Tip #1: Open all attachments from strangers and click on all embedded links in such e-mail messages.

Tip #2 Respond to Dr (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country.

Tip #3 Install a peer-to-peer file-sharing client on your PC. and configure it so all files, including bank account, Social Security and credit card numbers along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network.

Tip #4 Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as 123456 and abcdef and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers.

Tip #5 Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and anti-virus and anti-spyware tools updated make life hard for hackers. Users can help them out by making sure their anti-virus software and anti-spyware tools are at least 18-months out of date, or not using them at all.

Complete Vulnerability Management

Source:banktech

Vulnerabilities are like fish in the sea. We can identify the different species and explore their individual varieties but there will always be others to discover. On average, 20 new vulnerabilities are found each day across equipment vendors, operating systems, and software applications. All companies should be implementing a comprehensive vulnerability management program, one that includes vulnerability detection, external and internal vulnerability assessments, frequency, application testing, policy scanning, remediation, and configuration.

Conducting a vulnerability scan is useful in identifying exploitable operating systems, services, and applications both inside and outside of a network.

External vulnerability assessments have always been considered the most critical because Internet accessible devices are most exposed to attackers. However, hackers have developed methods that compromise the vulnerabilities of systems residing on the internal network as well, which means organizations must test more frequently for vulnerabilities now than they have in the past. It is recommended that external vulnerability scans be run weekly for optimum security and monthly for best practice.

Internal scans can be run less frequently – monthly for optimal security and quarterly for best practice. Administering secure application and policy testing is also recommended. All of this information must then be passed on to an IT administrator who can then remediate identified security weaknesses and correct misconfigurations as quickly as possible.

Keep keys safe so your data remains secure

Source: NewHorizon-ITPRO

You wouldn’t just leave the keys to your car lying on the front seat in plain site when you leave the vehicle in the parking lot, would you? Yet, many people go to the time and trouble to use encryption to protect their data and then choose to store the decryption keys on the local machine where the encrypted data is stored. If an attacker gets access to the system and finds the key, he can decrypt the data.

For best security, you should export the key to a floppy disk or removable flash memory drive. This is called “offline storage.” Make several copies and keep them in different locations, just as you have an extra set of car keys made that you keep in a secure place in case of a loss

Avoiding Social Engineering and Phishing Attacks

Do not give sensitive information to anyone unless you are sure that they
are indeed who they claim to be and that they should have access to the
information.

How do you avoid being a victim?

* Be suspicious of unsolicited phone calls, visits, or email messages from
individuals asking about employees or other internal information.

* Do  not  provide  personal  information  or information about your
organization,  including its structure or networks, unless you are
certain of a person’s authority to have the information.

* Do not reveal personal or financial information in email, and do not
respond to email solicitations for this information.

* Don’t send sensitive information over the Internet before checking a
website’s security

* Pay attention to the URL of a website.

* If you are unsure whether an email request is legitimate, try to verify
it by contacting the company directly.

* Take advantage of any anti-phishing features offered by your email
client and web browser.

What do you do if you think you are a victim?

* If you believe you might have revealed sensitive information about your
organization,  report  it  to  the  appropriate  people within the
organization, including network administrators.

* If you believe your financial accounts may be compromised, contact your
financial institution immediately and close any accounts that may have
been compromised.

* Immediately change any passwords you might have revealed.

* Consider reporting the attack to the police, and file a report with the
Federal Trade Commission (http://www.ftc.gov/).

Understanding Denial-of-Service Attacks

Source: US-CERT

You may have heard of denial-of-service attacks launched against websites,
but you can also be a victim of these attacks. Denial-of-service attacks can
be difficult to distinguish from common network activity, but there are some indications that an attack is in progress.

What is a denial-of-service (DoS) attack?

In  a  denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting your
computer and its network connection, or the computers and network of the
sites you are trying to use, an attacker may be able to prevent you from
accessing  email,  websites, online accounts (banking, etc.), or other
services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker
“floods” a network with information. When you type a URL for a particular
website into your browser, you are sending a request to that site’s computer
server to view the page. The server can only process a certain number of
requests at once, so if an attacker overloads the server with requests, it
can’t process your request. This is a “denial of service” because you can’t
access that site.

What is a distributed denial-of-service (DDoS) attack?

In a distributed denial-of-service (DDoS) attack, an attacker may use your
computer  to  attack another computer. By taking advantage of security
vulnerabilities  or weaknesses, an attacker could take control of your
computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is
“distributed” because the attacker is using multiple computers, including
yours, to launch the denial-of-service attack.

How do you know if an attack is happening?

* unusually slow network performance (opening files or accessing websites)
* unavailability of a particular website
* inability to access any website
* dramatic increase in the amount of spam you receive in your account

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a
DoS  or  DDoS  attack,  but there are steps you can take to reduce the
likelihood  that  an  attacker  will use your computer to attack other
computers:
* Install and maintain anti-virus software

* Install a firewall, and configure it to restrict traffic coming into and
leaving  your  computer

* Follow good security practices for distributing your email address

 

Three tips to safeguard your system

Source: SOPHOS

Pillar 1: URL / Reputation Filter

Pillar 2: Real-time Behavioral Malware Scanner

Pillar 3: Protocol/Content Filtering

* Don’t forget update your System and your favorite Web Browser ( One of the main door to your system)

Tag Cloud