Author Archive: Dave Bryant

Securing Your Wireless Home Network Using 19216811

Quite often users skip the security part when they are setting up their home network. Knowing the risks of having an unsecured network we have to think more about it and actually take some steps. When it comes to securing your home network the default IP address 192.168.1.1 can be used effectively. Most of the security tweaks can be done in the Configuration panel and as you already know you can access it by typing 192.168.1.1 into the address bar of your browser. Once you get there you can do the following to increase the security of your home network.

Change your SSID. If a person who wants to break into your home network knows your SSID we can say that he is already one step closer to doing it. Use the IP address 192.168.1.1 to access your Configuration panel and change your SSID into something more unique. At the same time SSID broadcast should be turned off.

Change the default username and password. Many users feel secure with the default settings and leave them like that. However it is strongly advised to change the default username and password. This is the first step on making your network more secure.

Enable MAC address filtering. It should be enabled as another layer of security. If you use it with wireless encryption, your home network security will be brought to a completely new level.

Enable strong encryption. Select and use the strongest encryption the wireless devices in your network support. This can be easily done in the Configuration panel and you can use the IP 192.168.1.1 to access it. WEP encryption will require from you to change your password on let’s say, a monthly basis. In order to prevent someone to crack your password always use numbers, capitals and special characters in your passwords.

Enable your firewall. The firewall on your router and other PCs in the network should be turned on. You can easily configure your firewall by accessing the Configuration panel and of course you can do that with the help of 192.168.1.1 IP address. By turning on the firewalls you can be sure that your network is completely safe from network intrusions.

Disable Auto-connection. Although this security measure has nothing to do with the IP 192.168.1.1 it is still worth mentioning. Your wireless device will try to connect to an open wireless network. When this is done the security is very low. Check if you have any enabled connections and disable them.



Source by William Z Taylor

Cyber Security, Stay On Top Of The Silent Killer

Introduction:

Sometimes, we as humans tend to push toward advanced zones just for the sake of it and in doing so; we usually miss out on some of the core areas and sticking to the basics. This can also be classified as jumping to the conclusion. You can never enjoy a fruitful end if the start was not right.

To stay on top, it will be a solution from the top drawer from you. In tech-smart and highly developed markets, one as a business owner, operating online must ensure that things are under control all the time. This will save one from heavy penalties and consequential losses that usually take place in the form of data loss, compromise of business and its clientele’s sensitive information.

Such losses usually result in issues like stoppages and delays, hence, make it extremely hard for the business to cope with the market competitions and client expectations.

Keep calm and stick to basics:

Although one will always have the facility of outsourcing such sensitive tasks to third-party IT security solution providers, it is still considered as a positive approach to getting the basics right from the start.

Experts associated with the domain of managed security services stresses upon some of the very core areas that shall always be monitored by one as a business owner to ensure that things dealt with in a smooth and timely manner. Some of them are:

Passwords used by you must be strong:

Avoid setting easy passwords because they can be compromised easily. Many people tend to use simple and easy passwords such as 1234 or ABCD with their business or their name before or after it are those who mainly end up in becoming the victim of such threats. It becomes a cakewalk for smart hackers to figure out and crack such passwords before they get into your networks, systems and online presence’s code.

A secure password, therefore, is a must-have thing and to ensure that you are on top of this requirement, you will need to make it a smart and robust blend of characters, alphabets, and numerals. By doing so, you are making it almost impossible for hackers to get into your system code.

Minimize the number of password attempts:

If you think that your six-digit password is enough to secure you, you must revise your approach. By ignoring this and opting for a six digit pin, you are helping the attackers in creating more than a million unique possibilities to get into the sensitive domains of your business and damage the information. They have got hold of tools that will take just a few moments to crack such weak passwords.

You can rely on smart password managing software:

For some people, coming up with complicated passwords is a tough task. They merely believe that they are not good at it. They can use password managing software and obtain passwords with difficult combinations. This will help them in impressively securing the proceedings and information.

Prefer On-screen keyboard if working shared networks:

Hackers today have tools known as key-logging software; in shared network environments, a hacker uses this tool to record the keystrokes. To stay on top of this threat, one must prefer the on-screen keyboard while feeding in sensitive information.

Make backups regularly:

Experts associated with the cyber security are of the view that one must ensure making regular backups. This will make it easy for you to restore the systems in case someone breaches in and tries to manipulate the data. Once done, one must not forget to change the passwords again. The activity of changing passwords must be carried out regularly; relying on one password for a long time may not be classified as a smart approach.

Educate your staff about cyber security:

A team that is fully trained will make things easy for managed security solution providers. This will also help them to understand the instructions and do accordingly. One can save time, improve the processes and cap potential threats for good. Business operations become smooth and secure if the staff members are adequately trained.

Closing lines:

Technology is in its prime form. Things are not going to stop here though; they will continue to improve because this is an ongoing process. Hackers and attackers know this better than anyone else; therefore, they are always keen to stay on top. You can outsmart them by ensuring a regular backup in the form of managed services plus working in close collaboration with the experts that are hired by you.



Source by Netasha Adams

Become a More Capable Networking Professional With CCNA Security Training

The field of networking offers endless opportunities for growth, and all you have to do is masters a new skill to become ready for a whole new set of responsibilities. As an entry level network administrator, your job will include setting up networks, and making sure that they are online all the time. You can easily get a better job, and a higher salary, by learning how to secure the networks that you set up. The CCNA security program is the perfect way to learn how to create as well as secure networks at the same time. With internet security threats being taken more seriously, completing CCNA security training will help you find a great job with an organization that requires a professional well versed with networking concepts as well as security.

About the CCNA security program

Cisco started the CCNA security training program to meet the growing need for networking professionals who were also skilled in keeping the network safe. It is an entry level program and will help you keep the network of your organization safe and free from intrusion. The course teaches you the following things:

  • The latest security threats
  • How to secure a network
  • How to set up Authentication, Authorization and Accounting
  • How to set up firewalls on Cisco devices
  • How to ensure intrusion prevention
  • How to secure an entire LAN
  • Basics of cryptography
  • How to implement a VPN
  • How to set up Adaptive Security Appliance on a Cisco based network

The program covers every aspect of securing a small network, and can be attempted by anyone with a basic knowledge of networking concepts. It is a great program to do once you have completed CCNA training, and will make for a great addition to your resume. CCNA security certification is the basic level for getting step in to network security industry.

Make a career in network security

Networking is a very wide industry and has a lot of specializations. Security is one domain within this industry and is seeing a rise in the demand for trained professionals. Completing CCNA security training and then getting certified will help you enter this specialization and start working a network security specialist. Once you have secured a good job, and accumulated some experience, you can also pursue advanced security programs that Cisco offers to move even further ahead in your career as a skilled security personnel in the networking industry.



Source by Rama Krishna N

Wireless Networking Security: WPA to WPA2

WPA upgrade to WPA2

TO upgrade your wireless network security to WPA2 follow these steps:

1. Upgrade your wireless router’s firmware to the latest firmware. Linksys and Dlink wireless routers manufactured in the last two years will have WPA2 compatible firmware ababilable.

2. Download the windows xp patch for WPA2

3. Download your wireless adapter’s most up to date firmware.

4. After you install your new firmware and driver restart your wireless router and computer.

5. Now go to your wireless routers web interface, proceed to the security tab and choose WPA2. You will have the options of WPA2 Mixed , WPA2 RADIUS and WPA2. Mixed WPA2 will let you use either AES or TKIP encryption. WPA2 by default only uses AES. WPA2 radius uses AES and will authenticate users via a RADIUS server. Home users should use WPA2 mixed or WPA2. Enter in your passphrase and logout.

6. Some wireless adapter will not let you use windows xp zero confifuration utility to run WPA2. Some companies will make you utilize their third party software for WPA2 support. This is often the case if you are using Windows 2000 or using a older adapater. To configure your adapter go to the adapter properites choose wirleess networks and choose which network you want to configure. Choose the same WPA2 option that you selected on your wireless router and enter the passphrase.

7. Don’t forget to make your passphrase as compicated as possible to avoid brute force attacks



Source by Eric Meyer

A New Model For Cyber Security

Digital communications in conjunction with the use of the modern internet have grown exponentially to the point that to communicate digitally has become an indispensable facet of everyday life. From cellphones, to netbooks to email, blogs and online portals, the transfer and exchange of electronic data controls the way many interact with each other and communicate both personally and for business. Now with the current trend moving towards “cloud” computing where all a persons or companies keep important documents stored and accessed online or in the “cloud”, cyber security has now become the number one priority of many.

Methods to protect data as encryption, antivirus software, firewalls, and access passwords have been around long before the modern day data revolution, but unfortunately none of such have grown as effective security solutions to accommodate the modern day modes of digital communication. Devices which can connect to the global data network or Internet, have become increasingly smaller and more intelligent. For example with just a modern cellphone, a person can access their email, post updates to blogs, and access personal or corporate documents all through the internet.

The typical security approach in the past has been based on the model to restrict access using firewall systems or detect intrusions as viruses using signature based scanning systems. All such solutions are based upon the concept to restrict, channel, hide and limit access to data. A firewall, for example, borrows its name from “fire retardent walls” which are designed to create safe areas where fire cannot pass because of the material from which they are constructed. In this case any external access that has not been deemed necessary to an internal or public network is considered fire and simply blocked. Antivirus solutions and the Virus signature model have also proven inadequate because of the turn around time required to update signature files and the amount of resources such systems use to scan 1000’s of files. It is like the concept of sending the police to everyones house in a city of millions of people to try and find where the bad guys are hiding. With modern computers containing several 1000 files, and the ever changing almost polymorphic nature of modern viruses, the signature based scanning model no longer is practical.

The problems with the current approaches, is with the increasingly widespread use of digital networks, there has never been any method in which to dynamically update firewalls or signature databases to accommodate for new types of access and threats. Almost daily there are new applications which are constantly becoming necessary for people to effectively gain access to digital services and equally new threats. The current security model was never meant to be a solution that determines quickly between good activity and bad. In fact it restricts the freedom of the entire group to protect from the potential threats of a few. A truly useful security system has to be able to allow and maintain access to the group and then only limiting or denying access to those activities that are out of line with the established norm of operations.

Each security technique brings with it a cost of ownership and generally firewalls, antivirus software, VPN networks, and access control methods serve more to limit access to modern day digital networks than actually protect them. System administrators and corporate IT security directors can no longer feasibly follow the restrict everything model since in the end they are merely restricting legitimate access and extremely limiting the ability of their users to take full advantage of the digital information revolution and doing little to prevent actual “hackers” or unauthorized access to their networks.

A truly effective cyber security solution has to be as dynamic and flexible as the score of every changing applications and digital services and digital access devices being used. It is no longer a feasible model to restrict everything, or scan everything, as this only serves to hinder users from taking advantage of the increased productivity and power brought by the modern digital networks and internet and is a tremendous use of computing resources.

The cybersecurity security model for data networks can defined as something which protects data and data systems by denying access to unauthorized users, preventing downtime of authorized services by unauthorized activities (Denial of Service attacks), and preserving the overall functional state of health of a digital network at 99%.

1)Protecting of data and data systems from unauthorized access

As more and more information is being stored online as financial information, credit card numbers, classified documents and information that cannot fall into unauthorized hands, data protection is the top concern of cybersecurity. Unfortunately there have been many famous security breaches of important data as millions of credit numbers stolen, to theft of corporate trade secrets and even concerns of foreign countries retrieving national security information by the use of trojans and other intrusion methods.

Methods for intrusion include

The installing of backdoor network intrusion applications hidden in or disguised as legitimate applications that enter inside a network by authorized users inadvertently opening infected emails or websites.

Brute force attacks, where common user names and weak passwords are exploited by systems that try millions of combinations of username, password sets to gain access.

Exploits in operating systems as Microsoft windows that allows a secure or authorized service to be exploited by found flaws in the softwares design.

Theft or breach of internal networks by employees or persons normally authorized with allowed access to the systems, or who hold access to certain areas where by internal snooping they are able to find passwords and authcodes to secure areas. (Notes left on desks, computers left logged in to secure areas.

Exposing of data to external breach by placing documents on USB pendrives and laptops in order to present such data in meetings outside of the network. Many times employees place a document on a USB pen that is for a presentation at a remote location, but they happen to also have secure documents unrelated to the current meeting which got left on their USB. Then they place their pen drive in a third party computer in order to present 1 document, not knowing that particular computer has a trojan which quickly copies all of the data on their USB to an unauthorized 3 party location.

2)Preventing downtime of authorized services by unauthorized activities

Brute force attacks, scanners and denial of service attacks can cause a network, its servers and main access routers, to be brought down to the point that the network is no longer usable in any form. Such attacks cause considerable damage and downtime to networks on a daily basis. The ability to detect such attacks and cut them off at the source farthest away from the core network and its services is very important to the overall health of a strong cybersecurity program.

3) Preserving the overall functional state of health of a digital network.

Preserving the health of a digital network is not just in the prevention of attacks and unauthorized activity but also in the preservation of core services and data access that its authorized users depend upon. It is not a viable solution to stop an attack or prevent potential attacks by also preventing or limiting authorized access. A cybersecurity solution has to be able to isolate and prevent attacks and breaches to its integrity by at the same time not limiting or denying access to its resources by authorized users.

It is clear from the many different ways that security can be breached in data networks, and the overwhelming dependence on such networks that the current security methods are not only no longer adequate to protect such networks, but themselves serve to further cause more security problems and network access issues. As such an urgent need has arisen to change the current mode of approach to cybersecurity and create a new dynamic model that is able to constantly adapt to the ever changing needs to protecting data networks.

A new IDS model must be created that has to adhere to the following goals:

The goal of any IDS system must be to preserve the integrity of the network in which it protects and allow such network to function in its ideal operating state at 99.99%. An IDS system must be lightweight and dynamically deployed. An IDS system cannot itself become another intrusion and must not break the first rule by comprising the networks integrity in using too much computing and network resources in its attempts to protect the network.

An IDS system must be able to constantly adapt to an ever changing environment and self update its own signature records based on evolving threats. An IDS system must not require extensive hands on resources to constantly update its signature files and require manual verification that the threats it detected are actual and not false. An IDS system has to be able to simultaneously protect the network against attacks, unauthorized use and downtime, without preventing nor limiting network access and use of network resources to authorized clients. As such it must be unobtrusive at all times and preserve the network in an open state where its core services and resources are 99.99% available to the networks authorized users while detecting, isolating and preventing unauthorized activity.

Truly only research in proactive defense mechanisms will hold usefulness in protecting the digital networks of now and in the future.



Source by Brandt Hott

Cyber ​​Security and the Networked World

Many people view the growing nature of the Internet of things in one of two ways. They either see it as a world where literally every person, place and thing can literally talk to each other through sensors and wireless connectivity, and see this as a massive boon for mankind.

Other people see this same world as being quite horrific, and bringing up huge issues in terms of privacy and security, and do not believe it will ever really happen.

The internet of things essentially refers to a process where pretty much every device that we use at home and at work, everything we wear, everything we use will in some way be connected to each other wirelessly.

This process allows manufacturers and governments to collect huge amounts of information about people in a way that has never been foreseen or planned for. This information is now being collectively referred to as big data, and there is a huge industry trying to work out how this information can be used, largely for the benefit of manufacturers and supposedly for the benefit of government planning in transport and urban development.

The reality is that all major manufacturers of virtually every product on the planet are now either putting sensors into their devices, or planning how to, in order to enable the internet of things to happen.

While there are certain technical difficulties to overcome, a whole range of what are being referred to as internet of things platforms are being developed, which will in the end enable a seamless integration of these devices.

People may doubt that this will happen, will happen quickly or at all. Sadly this is wishful thinking for a number of reasons.

The main reason is that the main beneficiary of the internet of things is well in fact be a vast range of businesses and corporations who stand both to slash costs hugely and increase profits significantly at the same time.

That of itself will drive the Internet of things.

This to an extent is already happening in supermarkets, and is a really good example of how this process will work.

All products in supermarkets have a barcode, at the checkout this barcode is swiped against a screen and is added to the shoppers bill.

At the same time, the barcode feeds into the inventory system of the supermarket and sets in motion a process right back to the distribution center, and extremely the production process itself.

In addition, supermarkets are now broadly installing self-service checkout tills that means the individual customer has to swipe the products themselves, thus reducing the need for staff even more.

Whilst there are huge social and libertarian issues involved in all this, the issue of privacy and cyber security is huge, and is likely in many ways to get overlooked in the rush for profit and cost-cutting.

The amount of personal information being processed by all manufacturers of these devices and products is colossal, and all potentially at risk of being hacked or compromised in some type of data break. This could lead to a massive erosion of trust in a number of systems currently used, and could lead to significant growth of identity fraud and theft for a whole range of individuals.



Source by Peter Main

Network Security – NIC-Based Intrusion Detection Systems

Overview

The goal of an intrusion detection system is to detect inappropriate, incorrect, and unusual activity on a network or on the hosts belonging to a local network by monitoring network activity. To determine if an attack has occurred or if one has been attempted typically requires sifting through huge amounts of data (gathered from the network, host or file system) looking for clues of suspicious activity. There are two general approaches to this problem — signature detection (also known as misuse detection), where one looks for patterns of well-known attacks, and anomaly detection, that looks for deviations from normal behavior.

Most work on signature and anomaly detection has relied on detecting intrusions at the level of the host processor. A problem with that approach is that even if intrusion activity is detected, one is often unable to prevent the attack from disrupting the system and over utilizing the system CPU (e.g. in the case of denial-of-service attacks).

As an alternative to relying on the host’s CPU to detect intrusions there is growing interest in utilizing the NIC (network interface card) as part of this process, too. The primary role of NICs in computer systems is to move data between devices on the network. A natural extension to this role would be to actually police the packets forwarded in each direction by examining packet headers and simply not forwarding suspicious packets.

Recently there has been a fair amount of activity in the area of NIC-based computing. Related to the work on NIC-based intrusion detection systems is the use of NICs for firewall security. The idea is to embed firewall-like security at the NIC level. Firewall functionality, such as packet filtering, packet auditing, and support for multi-tiered security levels, has been proposed and, actually, commercialized in 3Com’s embedded firewall.

Rationale

The rationale for coupling NIC-based intrusion detection with conventional host-based intrusion detection is based on the following points:

· Functions such as signature- and anomaly-based packet classification can be performed on the NIC, which has its own processor and memory. This makes it virtually impossible to bypass or to tamper with (as compared with software-based systems that rely on the host operating system).

· If the host is loaded with other programs running simultaneously (with the intrusion detection software), then an intrusion detection system that relies on host processing may be slowed down, thereby adversely affecting the bandwidth available for network transmissions. A NIC-based strategy will not be affected by the load on the host.

· With centralized intrusion detection systems one encounters a problem associated with scalability — however, this is not the case with NIC-based intrusion detection. Each individual NIC can handle the in-bound and out-bound traffic of the particular processor/local area network it is connected with, thus effectively distributing the work load.

· NIC-based strategies provide better coverage and functional separation since internal NICs can detect portscans while NICs at the firewall can detect host-scans.

· The NIC-based scheme is flexible, dynamically adaptive, and can work in conjunction with existing host-based intrusion detection systems. The host-based intrusion detection system can download new rules/signatures into the NIC on the fly, making the detection process adaptive.

The Challenge

The current disadvantage to NIC-based intrusion detection is that processing capability on the NIC is much slower and the memory sub-system is much smaller when compared with the host. The task of implementing algorithms on the NIC presents several new challenges. For example, NICs typically are not capable of performing floating point operations. As a result, algorithms implemented for the NIC are forced to resort to estimates based on fixed-point operations. There is also a need to limit the impact on bandwidth and latency for normal, non-intrusive messages. So, the challenge becomes how best to use the NIC’s processing capabilities for intrusion detection.

IDS Algorithms

There are two general approaches to the problem of intrusion detection: signature detection (also known as misuse detection), where one looks for patterns that signal well-known attacks, and anomaly detection, that looks for deviations from normal behavior. Signature detection works reliably on known attacks, but has the obvious disadvantage of not being able to detect new attacks. Though anomaly detection can detect novel attacks, it has the drawback of not being able to discern intent. It can only signal that some event is unusual, but not necessarily hostile, thus generating false alarms.

Signature detection methods are better understood and widely applied. They are used in both host based systems, such as virus detectors, and in network based systems such as SNORT and BRO. These systems use a set of rules encoding knowledge gleaned from security experts to test files or network traffic for patterns known to occur in attacks. A limitation of these systems is that as new vulnerabilities or attacks are discovered, the rule set must be manually updated. Another disadvantage is that minor variations in attack methods can often defeat such systems.

Anomaly detection is a harder problem than signature detection because while signatures of attacks can be very precise, what is considered normal is more abstract and ambiguous. Rather than finding rules that characterize attacks, one attempts to find rules that characterize normal behavior. Since what is considered normal could vary across different environments, a distinct model of normalcy can be learned individually. Much of the research in anomaly detection uses the approach of modeling normal behavior from a (presumably) attack-free training set. Because we cannot predict all possible non-hostile behavior, false alarms are inevitable. Researchers found that when a vulnerable UNIX system program or server is attacked (for example, using a buffer overflow to open a root shell), that the program makes sequences of system calls that differ from the sequences found under normal operation.

Current network anomaly detection systems such as NIDES , ADAM , and SPADE model only features of the network and transport layer, such as port numbers, IP addresses, and TCP flags. Models built with these features could detect probes (such as port scans) and some denial of service (DOS) attacks on the TCP/IP stack, but would not detect attacks of the type where the exploit code is transmitted to a public server in the application payload. Most current anomaly detectors use a stationary model, where the probability of an event depends on its average rate during training, and does not vary with time. While most research in intrusion detection has focused on either signature detection or anomaly detection, most researchers have realized that the two models must work hand-in-hand to be most effective.

Results

The quantitative improvements that were observed for NIC-based IDS when tested against Host-based IDS can be attributed to the fact the operating system of the host does not have to be interrupted with the detection process. Thus on heavily loaded hosts admissible network traffic proceeds at a consistent rate provided the computational and memory resources of the NIC are not stretched. The benefit of having the NIC do the policing is that it can actually prevent network-based intrusions from wrecking havoc on host systems — since the intrusive packet, if caught, never reaches the host operating system. In effect, the NIC acts as a basic shield for the host. If the NIC cannot catch up with the rate the packets are arriving, it can begin dropping the packets as this may be indicative of a denial-of-service attack. If the NIC were to become overwhelmed by a such an attack, the host would be spared from it. It is preferable to sacrifice only the NIC to the attack rather than the entire host machine. However, from a technology perspective we are not far away from 1GHz NIC processors (with appropriately larger memory). With those projected systems one can anticipate that NIC-based intrusion detection will do better both from a quantitative standpoint and from a a qualitative standpoint (as less restrictive and more robust algorithms may be employed).

Final Comments

Last year CyberGuard Corp. announced the availability of the SnapGear PCI635, an embedded firewall network card that fits into standard peripheral slots in PC desktops and servers. The card allows deployment of advanced network security functions, such as virtual private network and firewall and intrusion detection, that protect individual servers and desktops from internal and external threats. The PCI635 can also be configured to prevent desktop users from tampering with security settings, further reducing the threat of security breaches from people on the internal network.

Because this is a NIC-based firewall/VPN/IDS device that is independent of the host, the PCI635 makes the desktop system immune to Windows vulnerability exploits. This is important since software-based security solutions can be rendered useless if the OS is exploited, compromising the computer and potentially the internal network. The intrusion detection system (IDS) is based on Snort and increases security by identifying known security attacks.



Source by Steve Leytus

Network Security: Vulnerability Scans, Penetration Testing, and Social Engineering

Because of ever-changing threats and updated industry compliance, network security is now more important than ever for businesses and organizations. Not doing so makes your company’s files and information vulnerable to outside attackers, those who can illicitly enter, steal, and exploit your property. Aside from no longer maintaining industry compliance, your company likely loses business, as customers no longer trust your strategy or, worse, serve you with a lawsuit.

A network security strategy, on the other hand, goes far beyond antivirus software and a firewall. In fact, all aspects of your electronic information should be updated, recorded, and saved with security in mind.

Nevertheless, audits are an essential aspect of such a strategy, and a certified professional can conduct one, if no one on staff has the credentials to do so. Such professionals do an internal and external vulnerability audit, examining the perimeter and interior for weak points an intruder can enter; a penetration test on all vulnerabilities; and social engineering to examine the non-technical sides of your system.

Vulnerability scanning identifies hosts and their various attributes, be it outdated software, missing patches or configurations, applications, and compliance. All aspects are compared with a database of known vulnerabilities, and any targets then serve as points to address in a penetration test.

A penetration test involves ethical hacking techniques. A trained professional, one well-versed in such simulated attack protocol, must do this. During the test, he or she identifies all places an intruder could get through or around, and once identifying the vulnerabilities, he or she launches an attack on the system. As an attack progresses, the professional takes note of how well a system handles the intrusion, the complexity of techniques needed to break through the perimeter or exterior, the measures in place to reduce a system breach, and how such instances are identified and defended.

Penetration tasks have four stages: planning, discovery, attack, and reporting. Planning and discovery are preparation and encompass vulnerability scanning. The professional also gathers IP addresses, employee names and contact information, and application and service information. The attack stage verifies the vulnerabilities and ethically exploits them. For a successful attack, the professional recommends safeguards to reduce these instances in the future. However, vulnerabilities are often grouped together, and attacking one leads to another not previously identified. The attack and discovery stages, in this case, loop back and forth through the process.

Social engineering addresses the non-technical side of network security – mainly, that employees are not always aware of the latest threats. In exploiting the human side of vulnerabilities, a network security professional has conversations and interviews in person, over the telephone, instant message, or email. The professional is essentially launching a phishing scheme, attempting to get employees to unwittingly reveal usernames, passwords, account number, and other company information.

At the end of a security scan, the professional provides a report, listing all vulnerabilities and offering guidance for reducing all potential risks.



Source by Irene Test

Are You Waiting for the Government to Solve Cyber Security?

Hello My Friends:

I was reading an article on how our beloved government is intending to enter the fray against cyber security malefactors, read that cyber criminals, who have made a lifetime of hacking into our government and business computer systems. Their main purpose, of course, is to use viruses and assorted malware to intrude on your computer systems.

Of course the problem with those people is the damage they intentionally do in the computer system as well as web sites in general. Viruses and malware make your life so much more difficult. Even if these people don’t do specific damage within the cyber system, they show others how and those people are intent on damage for whatever reasons. Sometimes anger at a particular business or type of business and sometimes simply a nihilistic personality.

Our Government’s Hope to Abolish Cyber Security Intruders!

We are going to have a new government agency taking over the process of performing background checks of existing and potential government employees. They are going to create a brave and courageous band of cyber security warriors.

Yes, that’s right! We are going to end computer viruses and malware by building a new federal agency that will perform background checks to eliminate all the cyber criminals.

Think back a number of months and we all heard how the Office of Personnel management (OPM) had its files hacked and lots of personal information stolen from something like twenty-two million past and current federal employees. I also remember how this example of government ineptitude cost the Director’s job.

Anyway, OPM’s press secretary told the New York Times that they needed to utilize a large and trained cyber security work force and have them protect against and even respond to cyber criminals.

Cyber Security Specialists are going to leap up on the wall and endanger all the Malware and Viruses!

Hurrah for cyber security warriors.

Right! Kind of makes your hair all wavy, doesn’t it.

We all know now that all the cyber criminals are worried to no end.

The new agency will be called the National Background Investigations Bureau (NBIB). These cyber warriors are going to run background checks for the Department of Defense (DOD) and are going to design and build the new agency’s information technology and computer security systems to accomplish that feat.

The Federal News Radio reported that it will also operate the data storage and security of the new system. We understand that the NBIB and its healthy staff will work within the Office of Personnel Management. We are going to have a Presidential appointee to run it. It seems to be a bit unclear exactly when the new agency will actually begin, but work on the project is sure to begin sometime this year. Or so.

You probably remember how President Obama ordered a 90 day review of government’s information security policies and practices. That was in July. Most of us were thrilled at the prospect that the global problem of virus protection being solved.

Anyway, he is asking for an additional $95 million to pay for the new agency.

You probably also remember how this is the second time he has addressed the problems associated with the government’s background clearance process. After an IT contractor killed twelve people in the Washington Navy Yard office in September of 2013, he called for a complete evaluation of the security screening procedure of contract employees. In March of 2014 the administration announced it had accepted thirteen of the recommendations. These recommendations included a ongoing review of workers and contractors rather than the sporadic checks they were doing. Also they wanted better access to state and local information for federal background checks, and consistent background requirements for federal employees and contractors.

And so now you see all the solutions now available? I don’t either. If you have been waiting for the federal government to solve any of our problems with cyber criminals hacking computer systems, good luck.

Typical governmental much ado about nothing.

Thanks for coming.

Jim



Source by Jim Rush

Cyber Security Tips for Small and Medium Business

Keeping business data safe is the number one concern of business nowadays. Due to the rising security breaches on several companies, data security against unwanted intrusion is on everyone’s mind. No matter big or small, IT security is the biggest challenges organizations face. When it comes to small or medium enterprise the impact of security threat is even more severe. Cyber criminals love to target small business largely due to the fact that SMBs cannot afford to implement strong security protocols. Nothing can be hundred percentage safe, but at the same time SMEs can advance the protection environment by acquiring a strong understanding of their external web presence and ensuring it is secure by undertaking penetration testing and minimizing exposure by taking action such as regularly updating security patches.

What is Data breach and how it happens?

Data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. The most common concept of a data breach is an attacker hacking into a network to steal sensitive data. A number of industry guidelines and government compliance regulations mandate strict governance of sensitive or personal data to avoid data breaches. It is a scenario where your company or organizations’ data is stolen. When we check into the company folder and find all information is gone, client files, logs, billing information have all been compromised. Then it is clear that your business is becoming a victim of a data breach cyber-attack.

Most common causes of data breaches

Protecting sensitive data is critical to the lifeline of an enterprise. What can be the most common causes of data breaches?

• Physical loss or theft of devices is one of the most common causes of data breaches: This is arguably the most straightforward of the common causes of data breaches. However, there are many different ways that this can occur. It could be that anyone of your laptop, external hard drive, or flash drive has been damaged, stolen, or misplaced.

• Internal threats like accidental breach (employee error) or intentional breach (employee misuse): This can occur when employees handling delicate data not clearly understanding security protocols and procedures. Data breach can also occur from a mental error, when an employee sends documents to a wrong recipient.

• Weak security controls are often top concerns for protecting an organization’s data: Incorrectly managing access to applications and different types of data can result in employees being able to view and transport information they don’t need to do their jobs. Weak or stolen password has been yet another main concern. When devices such as laptops, tablets, cell phones, computers and email systems are protected with weak passwords, hackers can easily break into the system. This exposes subscription information, personal and financial information, as well as sensitive business data.

• Operating system and application vulnerabilities: Having outdated software or web browsers is a serious security concern.

Tips to prevent Cyber threat

Amid the chaos and the hype, it can be difficult to get clear, accurate information about what’s really going on when a data breach occurs. While data breaches are certainly a complex issue, equipping yourself with basic knowledge of them can help you to navigate the news, to handle the aftermath, and to secure your data as best as you can. The increasing frequency and magnitude of data breaches is a clear sign that organizations need to prioritize the security of personal data.

Latest developments like embracing cloud, deploying BYOD etc. enhances the risk of cyber threat. Employee ignorance is also one of the major concerns. Hackers are well aware of these vulnerabilities and are organizing themselves to exploit. There is no need to panic, especially if you are a small business, but it is imperative to take a decision. Make yourself difficult to target and keep your business secure with these top 5 tips.

Here are the top 5 tips to prevent the cyber threat.

1. Encrypt your data: Data encryption is a great preventive control mechanism. If you encrypt a database or a file, you can’t decrypt it unless you have or guess the right keys, and guessing the right keys can take a long time. Managing encryption keys requires the same effort as managing other preventive controls in the digital world, like access control lists, for example. Someone needs to regularly review who has access to what data, and revoke access for those who no longer require it.

2. Choose a security that fits your business: Cracking even the most secure companies with elaborate schemes is now far greater than ever. So adopt a managed security service provider that can deliver a flexible solution cost effectively and provide a seamless upgrade path.

3. Educate employees: Educate employees about appropriate handling and protection of sensitive data. Keep employees informed about threats through brief e-mails or at periodic meetings led by IT expert.

4. Deploy security management strategy: Nowadays cyber-attacks are highly organized so organizations need to establish a strategic approach so that your entire environment works as an integrated defense, detecting, preventing and responding to attacks seamlessly and instantly.

5. Install anti-virus software: Anti-virus software can secure your systems from attacks. Anti-virus protection scans your computer and your incoming email for viruses, and then deletes them. You must keep your anti-virus software updated to cope with the latest “bugs” circulating the Internet. Most anti-virus software includes a feature to download updates automatically when you are online. In addition, make sure that the software is continually running and checking your system for viruses, especially if you are downloading files from the Web or checking your email.

Actions or measures that can be taken if any, malicious attack suspected in your network

• If when an unknown file is downloaded, the first step is to delete the file. Disconnect the computer from the network and have IT run a complete system sweep to ensure no traces are left.

• Whenever a key logger is detected on a computer, IT should immediately reset password on all related accounts.

• Businesses should have central administration capabilities on their local and cloud server. Controlling which users have access to what files/folders on the server ensures that essential business data is only accessible by authorized individuals.

• Have all business files backed up in a remote cloud server. If disaster recovery is necessary, all files backed up in the cloud can be imported back to the local server to prevent complete data loss.

Perfect Cyber Security involves:

• Determining what assets need to be secured

• Identifying the threats and risks that could affect those assets or the whole business

• Identifying what safeguards need to be in place to deal with threats and secure assets

• Monitoring safeguards and assets to prevent or manage security breaches

• Responding to cyber security issues as they occur

• Updating and adjusting to safeguards as needed

Every day businesses are under attack on multiple fronts, and realizing that data breaches can stem from several different source allows for a more comprehensive protection and response plan. Never assume that your data is safe because you have the best electronic protection, or because you don’t use POS terminals. Criminals want your data, and they will try anything to get it.



Source by Priya Sajeeth