Category Archives: Security tips
Some great advice and tips to follow when connecting your computer via Wi-Fi.
It’s a good idea to connect to public networks that require passwords when possible, as they tend to be more secure. Many public networks have a legal disclaimer stating network use and security. It pays to read these before connecting.
Turn Wi-Fi off We don’t mean you should turn your Wi-Fi off permanently, rather, when you’re not using your device, or are connected to another network, e.g., mobile data, turn your Wi-Fi connection off. If you have Wi-Fi on while connected to another network, your device can and will actively search for networks to connect to and often connect to an unsecure network, unintentionally exposing your information.
Use HTTPS when possible HTTPS stands for Hypertext Transfer Protocol with Secure Sockets Layer SSL. In layman’s terms this is a website that has been built with security of user’s data in mind. Many popular websites have a HTTPS version that can be accessed by typing in https://www.sitename.com. Using HTTPS makes websites a lot harder to hack, and it’s a good idea to get into the habit of using them when on a public network or connected to Wi-Fi outside of the office.
Use data not public hotspots Hotspots are public Wi-Fi connections usually provided by a company e.g., many coffee shops have Wi-Fi, this is a hotspot. These can be unsafe, so it’s much better to invest in a data connection for your device, or a mobile Internet stick, which are considerably safer as the data is encrypted before it’s transferred from the cell tower to your device.
Use a VPN A Virtual Private Network – VPN – connects multiple computers in different locations to the same network via the Internet. Many companies use this to connect and share data with satellite offices, as the data is encrypted and secure. The main benefit to VPNs is that you can connect to a public Wi-Fi network, and transfer data securely using the network’s bandwidth. Many businesses use some form of VPN, which makes it easy for you to keep your business data secure while out of the office.
There are also VPNs that allow you to securely access the Internet via a public Wi-Fi connection, while encrypting all data sent and making your computer anonymous.
The key is to make it as difficult as possible for someone to hack into your computer.
An interesting argument on how honeypots are an important key in the security arsenal.
Let’s start at the beginning, what is a honeypot? Put simply, it is a machine that is designed to tempt any unknowing attacker to target it, whilst being configured to trace the origins of the attacker and identify them. However, this can lead to the perception that honeypots can be a quagmire of risk and liability, as well as raising understandable concerns about willingly allowing an attacker to access your system under your control.
However, there are many forms of honeypots, and they can be used in many different ways. The idea of the honeypot as merely a host designed to be breached; sitting on the perimeter of your network is far from the whole picture. Let’s take a look over some different uses of honeypot style systems and consider their place in a well-equipped enterprise security program.
Building a fully-functional and interactive honeypot that resembles a real production system can be a daunting task, replete with risk (you would be, after all, building a machine with the intention of it falling
under the control of an attacker) but there are many other levels of honeypots before this level of complexity, and all of them present value to security monitoring.
Source: Do you need a honeypot?.
Very informative descriptions of some of the honeypot methods that are out there for use by organizations. As Conrad Constantine points out:
The use of honeypots, like everything in information security, is always evolving and the technique has a lot of potential to disrupt attackers by wasting their time and resources, directing them away from their true targets and forcing them to reveal themselves.
Some great basic tips for the average user to protect your computer:
Firstly, the most important computer security tip is to have anti virus software. These programs will not let your data be lost in case some viruses enter your system. They make backup files as well which allows you to retrieve any files that you lose. However, make sure that the anti virus you use is good software. Do not settle for any substandard program for it may harm your PC instead of doing any good to it.
Another very important point pertaining to computer security is that you should not open attachments with emails which you receive from unknown senders. Many of these emails are intended with the purpose of transferring viruses into your system. They can damage your files or the entire computer so better not open them.
Using strong passwords is also a very important tip to secure your computer. You should use long passwords with a mixture of digits and alphabets so that they cannot be easily hacked.
One major addition to this list that I would make is:
Change your user account so that it is NOT an Administrator account.
Are you placing active filters on data leaving?
The purpose of a firewall has been burned into the head of just about every person who uses the Internet, and the thought of functioning without protection from the bad people is sheer lunacy.
However, nearly all firewalls are unidirectional. They may protect you from nefarious pokes and prods from the nether regions of the Internet, but they’ll happily ship out any data you send from the inside. Only at the higher levels of enterprise IT do you see active filters for data leaving the network.
Paul Venezia makes a great point at the end:
As in so many facets of IT, to be forewarned is to be forearmed. The
quest for true network security and visibility is an ongoing struggle,
and even with all the notice in the world, there’s no winning this arms
race. But that doesn’t mean we can just quit. If you’re not watching
your outbound traffic now, plan on doing so as soon as possible. Whether
you start with something as “simple” as NTop or go for the big guns like the NIKSUN device, it’s a worthwhile investment of time and money — kinda like firewalls.
Read more at: The firewall threat you don’t know | Data Center – InfoWorld.
- Firewall Management 201: Firewall Policies are not a Black or White Decision (algosec.com)
- Stupid security mistakes: Things you missed while doing the hard stuff (infoworld.com)
- Beyond the Firewall: What You Need to Know About Threats and Security in 2012 (thesecuritysamurai.com)
Penetration Testing / Red Teaming requires the use of a lot of tools. I don’t mind getting called a “script kiddie” because I can accomplish more and faster when I don’t have to code every single task I need to do. This post is to point out companies that make this possible and give a small bit of thanks.
(If you’ve ever tried to convince a company to give something away for free, you can understand how big this really is) Some give a lot, some only one tool, but even one is more than some.
- The Definitive Guide to Penetration Testing Reports (ivizsecurity.com)
- Metasploit => tips, tricks, hashes and tokens (spiderlabs.com)
The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a corporate Intranet or Webmail login page — with a single click, and ships with an easy-to-use phishing lure creator.
An education package is bundled with the toolkit that allows administrators to record various metrics about how recipients respond, such as whether a link was clicked, the date and time the link was followed, and the user’s Internet address, browser and operating system. Lists of targets to receive the phishing lure can be loaded into the toolkit via a spreadsheet file.
The makers of the software, two longtime system administrators who asked to be identified only by their first names so as not to jeopardize their day jobs, say they created it to help companies educate employees about the dangers of phishing scams.
As pointed out, it’s almost a necessity to have something like this today.
It seems that not long ago, the idea of organizations phishing their own employees was controversial. These days, there are a number of organizations that offer this awareness training as a service. If you’d rather design and execute the training in-house, SPT looks like a great option.
With DDoS attacks on the rise, the traditional approaches to stopping them aren’t adequate anymore.
Whereas older DoS attacks would affect servers by using up resources–signaling the start of a conversation, with no intention to actually converse–a DDoS typically is designed to affect the network by creating so much traffic that the WAN link(s) become saturated, unable to carry “normal” traffic. You may have noticed at home that, if you stream a video, your Web browsing gets slowed down. A DDoS is the same concept taken to an industrialized (and weaponized) scale.
I asked Jim MacLeod, product manager at WildPackets his recommendation on thwarting these attacks. Via e-mail, e said that traditional approaches to DoS mitigation such as using ACLs (access control lists) or firewall rules to keep attack traffic from reaching the server are not adequate because three factors in a DDoS require a different reaction.
First, the attack is against the network infrastructure, not the servers. A firewall can only protect what’s behind it, so if it’s on premise, it can’t prevent the WAN link from being flooded. DDoS responses often require coordination with the WAN carrier to block the traffic upstream.
Second, the attack is going to come from a large number of IP addresses. The scale will make it impossible to add entries by hand for each node. While it’s possible to filter aggregated blocks of addresses to create fewer rules faster, the “wolves among the sheep” nature of botnets implies that the addresses will be widely dispersed rather than clustered together, so a lot of legitimate traffic would potentially be blocked too.
Finally, the speed at which the attack commences–sometimes referred to as a “thundering herd” effect–doesn’t leave much time to react to counter the problem.
So the best approach?
MacLeod suggests that the key to combating DDoS attacks is to turn the attack’s strength into its weakness. Industrial-scale attacks will be diverse in source addresses, but fairly homogenous above the IP layer. Many of these attacks are surprisingly simple from a protocol perspective, but they rely on brute force, not cleverness. What you need to find is a signature or behavior within the packets common to the attack traffic, but not on your normal traffic. If your packet analyzer dashboard has visualizations or expert analysis, your tool may even identify a useful characteristic for you.
The ultimate key to making prevention a priority is to have a mitigation plan.
1. Mobile security
While computer networks remain the traditional targets for cyberattacks, the growing usage of mobile devices for seeking information and everyday financial transactions is driving an increase in cybercrime. Financial applications like digital wallets and pocket ATMs are targets, as are QR codes, those square, barcode-like images that you scan with your phone’s camera. Hackers can redirect you towards a website that contains viruses or other malicious content with the intent to steal sensitive data, like credit card or bank account information, track your location, or even send SMS messages to premium rate numbers.
Mobile applications can be risky business too. Earlier this year, Google removed 60 applications carrying malicious software from its Android Market. Some of the malware revealed private information to a third party, replicated to other devices, destroyed user data or even impersonated the device owner.
2. Social media
The free sharing of personal information via Facebook, Twitter, Foursquare, etc., will continue to contribute to personal cyberthreats and those targeted to companies. You can expect to see more viral threats which can infect everyone on a user’s friends list. A profile or comment on a social media platform gives smooth-talking scammers something personal to work with in their social engineering schemes designed to steal or delete users’ personal information. A wayward comment from an unthinking employee can reveal corporate information not meant to be exposed which can lead to data theft and security breaches.
3. Malware attacks
Zero-day malware (malicious software) and well-planned attacks will continue to increase from a rise in 2011. Experts predict that attackers will target devices on networks like printers and routers as well as more traditional targets. Small business owners and home users especially need to protect their environments against malware and the tactics of organized cybergangs that are increasingly used today.
Head over to the source to see some additional cyberthreats that are predicted.
- Brace Yourself: 2012’s Top Cyberthreats (news.dice.com)
- Future-Proof Your Network Against Advancing Cyberthreats: A Sourcefire Seminar Series (sourcefire.com)
It’s a fair question considering this.
Judging from the headlines appearing this week on tech Web sites, you’d guess anyone using a browser other than Internet Explorer was a fool.
After all, IE version 9 scored a whopping 99.2 percent in NSS Labs’ worldwide test (PDF) of the ability of top browsers to detect socially engineered malware. IE 8 wasn’t far behind at 96 percent–the difference attributed by NSS Labs to the Application Reputation component added to IE 9‘s SmartScreen technology.
By comparison, the four other browsers tested were veritable social-malware sieves: Google Chrome 12 had a 13.2-percent detection rate, Firefox 4 and Safari 5 detected 7.6 percent, and Opera 6.1 percent.
Such dramatic results should be easy to corroborate, but a search for similar results from other sources came up empty. Every other browser comparison I could find rated Firefox, Chrome, and (usually) Opera above IE in terms of security. In fact, SecurityFocus lists 62 current vulnerabilities in IE 8, some dating back more than two years. The site reports 17 vulnerabilities in IE 9 (note that some of the vulnerabilities for each browser are listed as “retired”).
By comparison, there are no vulnerabilities reported currently for Chrome 13, Firefox 6, Safari 5, or Opera 11.
Whichever browser you prefer, ensure that you’re using the most recent version. Google Chrome updates automatically, IE gets its patches as part of Windows updates, and Safari is kept current via Apple Software Update. To set Firefox to update automatically, click Tools > Options > Advanced > Update (Windows) or the Firefox menu > Preferences > Advanced > Update (Mac) and make sure “Automatically download and install the update” is selected.
- Chrome Improves Anti-Malware Blocking Score by 340% (pcworld.com)
- Microsoft IE9 Blocks Malware Best (informationweek.com)
- Updated: Choosing the Safest Browser, Part One (benwoelk.wordpress.com)