Tuesday, August 14, 2012

Ten Easy Ways to Boost Your Computer Security

These days it is very easy to take our computers for granted. It is almost as if they are part of our office or household furniture. However, we all have increasing amounts of sensitive data stored on our computers and it's worth being aware of the ongoing risks so here we take a look at the best ways to maintain and improve your computer security.

Of course adding some computer security features to a pc costs a little extra money, but it is essential to do to ward off attacks from the rogues out there determined to upset home pc users as well as large scale organizations. Viruses can vary in seriousness such as harmless but annoying e-mails or spam to programs delivered to PCs that can wipe out all the data stored on the computer.

Let's take a look at ten ways all of us can improve our computer security:

1. Password Protection - A good start to computer security is to put in a barrier to unauthorised users of your computer. Protect your login id with a password. That way you can ensure that only you can access confidential information on your computer. Never disclose your passwords to other people, don't write them down and try and make them unique with a combination of letters, numbers and other characters.

2. Operating System - Keep your operating system updated frequently. Turning on the auto-update in Windows Update will boost your computer security. Microsoft releases frequent fixes to vulnerable areas of computer security so this is critically important.

3. Anti Virus Software - Ensure your pc has up to date anti-virus software installed. This is a key element of computer security and will help detect and remove viruses as well as block spam e-mails.

4. Firewall - At the same time your computer security should be enhanced by adding a firewall especially if you are part of a network either at work or home. The firewall setting on your router should be switched on as these could leave you exposed to hackers or indeed your neighbours might be able to view what you are doing on the internet.

5. Regular Scans - Your anti-virus software may do regular background checks, but it is a good idea to run a scan at least once a week. This will help clean up your system by deleting unwanted cookies and temporary internet files.

6. E-Mail Attachments - Be very wary of attachments to e-mails sent to you, especially if they are from an unknown source. These could potentially carry a virus that will prove damaging to your computer. A good computer security tip is to ignore attachments from unknown sources and delete the e-mail. You can save any attachments or downloads to your desktop and scan them with the anti-virus software.

7. E-Mail Links - It is best not to visit websites by clicking links attached to an e-mail. Most links taking you to a home page asking for log-in or account details are scams. Any details entered here can be used by the hacker who set up the link.

8. Suspicious E-Mails - Ignore e-mails that look suspicious and delete them as these could breach your computer security. Ignore any e-mails purporting to be from your bank or someone else you hold an account with asks for personal details or passwords. This breach of computer security is sometimes known as phishing.

9. Websites - Be wary of websites you wish to enter. Some anti-virus programs offer warnings next to websites to indicate whether they can be trusted. Avoid clicking on a website if it is not rated as trustworthy.

10. Online Payments - If you need to make a payment online ensure that the payment screen is protected. The page will usually indicate that it is secure and may have a padlock image at the top of the page.
Anyone still not convinced may want to bear in mind some of the facts about viruses. In January 2007 a worm called Storm appeared on the scene. Nine months later it was believed that some 50 million computers had been infected by the worm. Computer security is so important to protect you and your personal data.
Indit Technology Distribution is a distributor of the world's best computer security solutions for small office home office (SOHO) and large corporate data networks in South Africa. Click here to see their range of computer security solutions [http://www.indit.co.za/products/backup-security-solutions/] here, which include Cyberoam, Acronis, Sophos and BioMatch.

Article Source: http://EzineArticles.com/?expert=Philip_Van_Zyl

Cloud Computing Security

One of the greatest game-changing innovations of this decade is cloud computing. The shift away from pure on-premises applications and data storage is already well underway, with consumers, small and midsize businesses, and even large enterprises putting applications and data into the cloud. The ever-present question however, is whether it is safe to do so. Cloud computing security is by far the biggest concern among those considering the technology. And if you're an IT manager, it's good to be paranoid. Losses from cybercrime and attack can be enormous, and the 2008 CSI Computer Crime and Security Survey show an overall average annual loss of just under $300,000.

It may seem like a leap of faith to put your valuable data and applications in the cloud, and to trust cloud computing security to a third party. Yet faith is not a part of the equation, nor should it be. Every enterprise needs to know that its data and applications are secure, and the question of cloud computing security must be addressed.

In fact, the cloud does have several security advantages. According to NIST, these cloud computing security advantages include:
  • Shifting public data to a external cloud reduces the exposure of the internal sensitive data
  • Cloud homogeneity makes security auditing/testing simpler
  • Clouds enable automated security management
  • Redundancy / Disaster Recovery

All four points are well taken. Cloud providers naturally tend to include rigorous cloud computing security as part of their business models, often more than an individual user would do. In this respect, it's not just a matter of cloud computing providers deploying better security, the point is, rather, that they deploy the precautions that individual companies should, but often don't.

A common security model
Most application providers impose some level of security with their applications, although when cloud application providers implement their own proprietary approaches to cloud computing security, concerns arise over international privacy laws, exposure of data to foreign entities, stovepipe approaches to authentication and role-based access, and leaks in multi-tenant architectures. These security concerns have slowed the adoption of cloud computing technology, although it need not pose a problem.

The very nature of a cloud platform is that it imposes an instance of common software elements that can be used by developers to "bolt on" to their applications without having to write them from scratch. This advantage is especially useful in the area of security. The cloud "platform as a service" brings an elegant solution to the security problem by implementing a standard security model to manage user authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Consequently, any SaaS application that runs on the common platform would immediately benefit from the platform's standardized and robust security model.

Superior physical security through cloud computing provider
Lack of physical security is the cause of an enormous amount of loss, and insider attacks account for a surprisingly large percentage of loss. And while the specter of black hats hacking into your network from a third world country is very much real, very often, the "black hat" is in reality a trusted employee. It's the guy from the Accounting department who you have lunch with. It's the lady who brings you coffee in the morning and always remembers that you like two sugars. It's the recent college grad with so much potential, who did such a great job on that last report.

Of course, insiders can attack your network and data regardless of where it is located, given enough incentive and information, but physical proximity of the actual hardware and data makes it much easier to gain access, and cloud data centers tend to have better internal physical security protocols, including locked rooms, regulated access, and other protections against physical theft and tampering.

Conclusion: Superior security through the cloud
Besides physical security, technical security is of the utmost importance. Hosting your own servers and applications requires extra measures. A larger organization may need to deploy dedicated IT staff to security only. Cloud computing, on the other hand, builds cloud computing security directly into the cloud platform. While the company still must maintain in-house security in any case, the provider ensures that the applications and data are safe from attack.

We tend to think that retaining control over everything is inherently more secure, when this is not the case. Smaller companies especially may lack the skilled security staff in-house, and even larger firms often just don't have the resources to dedicate to implementing rigorous security on an ongoing basis. A cloud computing provider on the other hand, which offers a detailed service level agreement and retains skilled security staff in-house, will often provide superior security when compared with the in-house alternative.
For more information about cloud computing, please visit http://www.cloudipedia.com for a free copy of "Cloud Computing Made Easy." Cloudipedia is a property of Virtual Global, a provider of cloud-enabled enterprise IT solutions and the TeamHost™ cloud computing platform for building SaaS applications without programming.

Article Source: http://EzineArticles.com/?expert=Danny_Blacharski

Computer Security Cables

Computer security cables are used to ensure the physical security of a computer. Several types of computer security cables are available. There are black, putty and heavy duty computer high strength security cables. Computer security cables are a very effective method of preventing computer losses. A desktop or notebook secured with a lock and cable prevents a thief from walking off with your property and data.

Computer security cables are available in the market at varying prices. A unique black shell design with overlapping seams, coupled with a crimp ferrule strain relief results in both protection against leakage and enhanced mechanical strength. These features ensure a highly reliable cable that will pass the most severe emissions testing, while providing years of trouble free service. It also saves cost and adds an alternative cable entry direction.

A unique stamped steel internal enclosure offers hundred percent shielding and a strong strain relief. Cable assemblies with inline or reverse entry connector orientation can be produced with modest minimum requirements. Computer security cables give the equipment protection from theft.

Steel cables are not the most attractive cables. There are adhesive mount cables. Specially designed plates are affixed to your computer case, your monitor is safe with a strong adhesive compound and the cables are then threaded through loops in the plates and secured with a padlock. Fiber optic cables are also widely used.

Security cables can be chosen from PC security cables, laptop security cables and unique solid mounts using steel security plates with super adhesives. A variety of locking devices include case locks to protect the CPU. It is advisable to choose from computer security cables that let you add security plates to secure all your peripherals on one cable. These systems use straight end cable assembly.

Security cables are available in a variety of lengths. Most security cables are coated with clear vinyl. Laptop security cables are an inexpensive way to protect a laptop from being stolen. Standard, medium sized and thick security cables are available.

Computer Security provides detailed information on Computer Security, Computer Security Systems, Computer Network Securities, Computer Security Software and more. Computer Security is affiliated with Information Security Systems [http://www.e-InformationSecurity.com].

Article Source: http://EzineArticles.com/?expert=Kent_Pinkerton 

How to Choose the Best Computer Security Suite for Your Needs

Before you begin reading this article, there is something that it is critical to understand. Simply put, there is no such thing as a completely secure web browser or operating system. While any of the major security suites and associated products will greatly reduce your exposure to security risks, they are not silver bullets that will stop everything that may come your way. Any product that claims to eliminate 100 percent of your security risks should be looked at very carefully.

Now that we have the ground rule out of the way, let's consider security suites and computer security. There are a variety of means by which the security of a computer can be breached. Among the most common threats are crackers, phishing, Trojans, viruses, and worms. Potential security risks can also be introduced through spyware, malware, or email attachments, and something called port scanning.
Dshield.org, a Florida-based non-profit company, provides "platform for users of firewalls to share intrusion information". What they do is work with software vendors to allow for a common reporting platform of port scanning activity detected by software. Port scanning is when software scans another computer system looking for open ports to connect to. Port scanning is often a prelude to other types of attacks, and is used by many viruses and worms to propagate themselves.

Among the more interesting items reported by DShield is the "survival time". What this means is how long an unpatched computer will be able to "survive" online before being attacked. Over the course of the past year, the survival time for an unpatched Windows system is approximately 100 minutes. If you have an unpatched Windows system, you can expect it to be attacked in about an hour an a half. Clearly, you need to take matters into your own hands to protect the security of your computer systems.
There are some simple steps you can take to quickly and easily protect your computer.

1. Never run unfamiliar programs on your computer. While it may seem to be common sense, many of the most widely-spread attacks have involved spyware and email attachment worms. The rule is simple: Don't open the attachment if you don't recognize the sender.

2. Never allow others to have unmoderated physical access to your computer. If you have sensitive or confidential information on your computer, if you allow others physical access to the system, they may either inadvertently or intentionally breach the security of the computer.

3. Always use strong passwords. Be sure none of your passwords are easy to guess. Many people use the names of pets or children, or anniversaries or birthdays. Given how many passwords seem to be needed, another common mistake is for someone to use the same password for everything from their picture-sharing website to their online brokerage. By using only one password, if one system is compromised, all systems you have access to can be compromised. Also, if you absolutely must write your password down, never leave it attached to the computer. I recently saw the proprietor of a small business peering under her keyboard to login to her computer.

4. Be sure to keep your operating system and all installed applications up to current patch levels. Most security experts share the opinion that almost all network-based security attacks would stop if users kept their computers up to date with patches and current security fixes. Almost all of us forget to do this regularly. New Trojans, worms, and viruses are being distributed and created every day. Almost all of them are trying to exploit newly-discovered weaknesses in operating systems and applications.

5. Backup backup backup! It can't be said enough that it is vitally important to keep regular backups of any and all important data. Even if your system is kept secure from worms, viruses, and Trojans, it is still vulnerable to fire, theft, flooding, hardware failure, and any number of other things that can destroy your most valuable data. Given the ease and availability of CD and DVD burners, there are no excuses for not keeping your data backed up.

For most people, enabling auto-updates, using safe email practices, and using a password-protected screensaver provides adequate security. If you would rather take some additional measures to improve the security of your computer, you should consider purchasing a comprehensive security suite.
While there are many packages out there, you should start with asking yourself some basic questions: Are you the only user, or are there multiple users? If there are multiple users, are any of them children? Do you need to password-protect individual files, your desktop, or someone's internet access? How much are you willing to spend? What kind of system are you running?

Once you are able to answer those questions, you can begin to research which of the available security suites is best able to meet your needs. Consumer Reports, ZDNet.com, and PC Magazine are just a few of the very informative websites available that offer information and insight into security suites.
There are many different security suites available today. Be sure to conduct your research carefully to find the one that best meets your needs. Listed below are some of the more popular choices, along with what PC World had to say about them.

1. Symantec Norton Internet Security 2006. Symantec's suite produced top-tier malware detection and cleanup scores, but it would benefit from a more streamlined interface and fewer pop-up alerts.

2. McAfee Internet Security Suite 2006. The excellent malware detection and cleanup scores of McAfee's full-featured suite make up for its terrible installation routine.

3. Panda Platinum 2006 Internet Security. Panda has superior heuristics, a top-notch firewall, and speedy on-demand scanning, but its interface needs better organization.

4. F-Secure Internet Security 2006. This suite's five scanning engines--including one for rootkits--produced excellent malware detection scores but the slowest scan speed.

5. Trend Micro PC-cillin Internet Security 2006. Trend Micro's interface, speed, and features (including an antiphishing toolbar) were better than its malware detection scores.

Mike Tetreault is an accomplished developer and systems architect. He is also the managing principal of Macrocosmic Technologies [http://www.macrocosmictech.com] and its PrivacyOnTheGo [http://www.privacyonthego.com/] product line which offers a solution to the security and privacy issues faced by people who use multiple or public computers.

Article Source: http://EzineArticles.com/?expert=Mike_Tetreault

Saturday, May 5, 2012

Smartphone Development Threat

The Open Source Security Threat
Fast moving mobile phone development has made Open Source software development a popular approach. One particular reason for the popularity of open-source in organizations is that it has been proven to cut costs. The value of this development methodology is not just the design of the software but the marketing opportunity it provides to organizations and individuals. Open source platforms are provided by Google (Android), Palm (GNU/Linux), Nokia (Maemo) and Apple (iPhone).
The open source model allows much greater creativity as it differs from the more corporate centralized development models that have been used to date (BlackBerry is an example). The essence of open source is public collaboration which results with a peer production development of open source software in particular in the mobile phone software industry.

Fast Development
The open source community is developing very fast these days, galvanized by mobile phone developers. Open source software development however, does have potential security risks both for corporations and individuals. Too often the open source communities that offer their software for free don't appear to be as mindful of security practices as their commercial counterparts, which charge for software and support.
New prospects for social engineering, such as figuring out when you are away from your home for crime purposes (sites like PleaseRobMe.com) do just this. Of the same ilk, facial recognition technology and the tagging of users in photos on social media sites blur the work-home boundaries even more. For example, police officers have already come under attack, after their identities were breached by social media and facial recognition technology.

Near Field Contact
NFC (Near Field Contact) technology is an interesting example of innovative technology that aims to deliver convenience for consumers. However, it will introduce a new dimension of challenges for security professionals making mobile devices much more interesting as a target to steal money. There is a push to build NFC technology into mobile devices, enabling users to make payments or pass on personal information with a simple swipe of a mobile device over a reader. This will further transform the smartphone into the single device from which most aspects of your life are driven making it even more attractive to cybercriminals.

Third Party Applications
Mobile devices are also starting to define their architectures based on modern working practices - BlackBerry (for example), has introduced a feature which provides two isolated working environments on the same device (sandboxing), allowing you to separate work and play data. Even those with a strong security reputation like BlackBerry have been victims (of exploitation and breaches) too. While malware attacks for mobile devices are undoubtedly different, they are still entirely possible.
There are those that believe that the open source nature of Linux (for example) provides a primary vehicle for making security vulnerabilities easier to identify and fix. The main advantage here is that the community can review the source code and make the code more secure, which in turn facilitates potential security best practices. Users and time will decide whether this is actually the case. The advent of social websites such as Facebook, MySpace and Twitter have led to a surge in third party application development for desktops, laptops, tablets and smartphones.

Facebook & Third Party
Facebook, the fastest growing of these social websites allows publishers to develop third party applications to improve the Facebook experience. Closer inspection of most third party applications reveal to the users that they all require your 'login and password' details. It appears that most Facebook users don't believe this is a risk to their identity. Maybe it isn't, but how do you manage the risk of your 'login and password' details falling into the hands of a cybercriminal? The major risk is if you are paying for third party software, the software might steal your financial login data as well as installing malicious software on your smartphone. The final infiltration will occur (as the last security flaw) when the mobile user connects to their PC via either Bluetooth or USB, and you receive a cross platform infection from the third party software to your PC. There are no instances I know of where this has happened yet, but in time this attack vector will surely appear.

In Conclusion
It is the development of open source software that may well lead to these security issues and many others to be discovered. New functionality breeds fresh opportunities for the bad guys. New features like augmented reality, facial recognition and integrated social media could leave users open to new kinds of abuse. Augmented reality, for example, connects location information with a user's social media "friends", enabling them to identify digital contacts nearby. We will find out in the coming years whether open source software development has opened up a security hornets nest. Users meanwhile, need to embrace the Security Suites offered by companies like Bullguard, Kaspersky Mobile 9, ESET, Panda, AVG, Trend Micro, Webroot, F-Secure, Norton, etc. to lock down their systems.

Using the Keystrokes Dynamic for Systems of Personal Security

Access to computer systems is usually controlled by user accounts with usernames and passwords.  Such scheme has little security (Hu. J et al. (2008), Pavaday. N and Soyjaudah. K.M.S (2007)) if the information falls to wrong hands. Key cards or biometric systems (Adrian Kapczynski et al. ( 2006), Gláucya C. Boechat et al. (2007), Anil Jain et al. (2003), Duane Blackburn et al. (2007)), for example fingerprints (Lin Hong and Anil Jain, (1998)) is being used nowadays to improve the security. Biometric methods measure biological and physiological characteristics to uniquely identify individuals. The main drawback of most biometric methods is that they are expensive to implement, because most of them require specialized hardware to strengthen security. On the other hand keystroke dynamics (Fabian Monrose and Aviel D. Rubin (2000), Jarmo Ilonen, (2003)) consist of many advantages like (i) It can be used without any additional hardware (ii) Hardening the existing security.

Keystroke analysis (Christopher S. Leberknight et al. (2008)) is of two kinds Static and Dynamic. Static keystroke analysis essentially means that the analysis is performed on typing samples produced using the same predetermined text for all the individuals under observation. Dynamic keystroke analysis implies a continuous or periodic monitoring of issued keystrokes and is intended to be performed during a log-in session, after the authentication phase has passed.

One area where the use of a static approach to keystroke dynamics may be particularly interesting is in restricting source level access to the master server hosting a Kerberos (Gabriel. L. F. B. G. Azevedo et al. (2007)) key database. Any user accessing the server is prompted to type a few words or a pass phrase in conjunction with his/her username and password. Access is granted if his/her typing pattern matches within a reasonable threshold of the claimed identity. This safeguard is effective as there is usually no remote access allowed to the server, and the only entry point is via console login. Alternatively, dynamic or continuous monitoring of the interaction of users while accessing highly restricted documents or executing tasks in environments where the user must be alert at all times (for example air traffic control), is a ideal scenario for the application of a keystroke authentication system. Keystroke dynamics may be used to detect uncharacteristic typing rhythm (brought on by drowsiness, fatigue etc.) in the user and notify third parties.

Monday, May 9, 2011

Mastering the Nmap Scripting Engine

Most security practitioners can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap's high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 125 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking.

Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and will discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts to meet the needs of your network. Finally they take a quick look at recent Nmap developments and provide a preview of what is soon to come.

http://nmap.org/presentations/BHDC10/