Security for Your Medical Centre – Part 1

August 18, 2011 1 Comment

Security is essential for any medical centre running IT systems. These days there are more threats than ever before, and to keep guard is one of the requirements for any health IT infrastructure. This series on data security measures for your medical centre entails topics such as basic terminology of attackers, different attacking methods, statistics of IT security, and how to secure your network.  There are many types and classifications of threats and we will go through some of them in this part of the series so your organization has the insight and knowledge to properly understand these critical issues.

Why is Security for Your IT Systems Important?

If your security is breached it means that your data can be stolen, altered, or destroyed. Serious issues such as the loss of privacy and theft of information can land your company in legal turmoil. It is hard to determine how secure your network should be because the more secure your network is, the less accessible are the resources on the network. Your organization has to determine the fine balance between having more access to certain network resources, but having less security, or having less access to network resources and having more security.

Security Threats are Rising

Attack tools and methods have drastically evolved and have become easier for even novice users to break through data security walls using the simplest of tools. Here is a brief look at how attacks have evolved over the years:

  • 1985: Password guessing and code replication
  • 1990: Password cracking and war dialing (calling lists of numbers to hack into phone systems, fax machines, and computers)
  • 1995: Viruses, including Love Bug, Nimda, and Code Red
  • 2000: Trojan horses such as Back Orifice
  • 2005: Worms including Blaster, MyDoom, and Slammer
  • 2010: Packet sniffing, social engineering, and phishing

Attacks that once involved deep knowledge of computer and computer systems can now be performed by entry level computer enthusiasts. This is because many of the attack tools, such as password cracking, have been simplified to the extent where even beginners can take advantage of them. Some of these tools come with easy-to-use graphical user interfaces that make them easy to understand and use for beginners. This has resulted in people committing computer crime where they previously would not have.

Terminology You Should Know

White Hat: A hacker who seeks vulnerabilities in systems and exposes them for the purpose of having them be fixed. A white hat hacker is a good guy who uses his or her knowledge to improve the security of a system.

Hacker: A computer programming expert who can use his/her computing knowledge to bypass systems. This term is usually associated with a negative connotation and generally refers to anyone who bypasses security systems.

Black Hat: A hacker who gains unauthorized access to systems and uses it in a negative way. For example, one who steals information for monetary gains or compromises systems with a malicious intent.

Phisher: A person who sets up fake links to websites and dupes people into giving their personal information, such as passwords, and then uses that information for personal gain, i.e. stealing money from their bank account.

Attack Methods

There are many types of attacks and they can get confusing. A few attacking methods mentioned here are intended to give you a “heads up” on how these attacks are executed.

  1. Social Engineering: This is one of the simplest of attack methods. One simply dupes the other party into giving critical information that is in turn used to gain access. Phishing, as mentioned above, is of this classification. I have heard of companies who have had their security systems compromised simply by a phone call of a person pretending to be the president of the company, who had forgotten his/her password. The employee on the other end believes it is the actual president and offers him/ her access to the computer systems. This attack can be mitigated by constructing and following a security policy for your company.
  2. Viruses: These little pieces of software code can do a lot of damage to the integrity of your computer systems. These codes are written to infect computer systems and to either render them useless or take over the systems. Some of them ask for money in return for leaving the system unharmed. I would include worms, Trojan horses, and malware in this category as well. This attack method can be mitigated by using an up-to-date virus scanner.
  3. Password-cracking: One of the most used password-cracking methods is known as Brute Force. Basically this techniques cycles through different combinations of characters hoping that eventually it will get the right combination and break through the system. It is always recommended that the password you set should be a “strong” password, meaning that it should contain small and large letters, numbers, and unique characters, such as “$”, “@”, or “&”. Setting a strong password will hinder the brute force method.
  4. Sniffing: This method commonly refers to the ability of the hacker to “listen” in on network traffic and thereby discover the passwords. This can be easily accomplished by using network tools (i.e. WireShark) to drop in on computer conversations on the network and capture the usernames and passwords. There are many other techniques that allow the hacker to gain access, such as the man-in-the-middle technique that places the hacker in the middle of the conversation of two network computers, and then the hacker is able to intercept the username and password to gain unauthorized access.

Data Security for Your Medical Centre – Part 2
The next article in this series takes a look at the statistics of IT security.

Filed under Medical Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security for Your Business – Part 2

May 25, 2011 Leave a comment

Statistics of IT Security Threats

This article is a continuation of Security for Your Business – Part 1. We will discuss various statistics related IT threats and security concerns. This article points out clearly the importance and significance of securing your IT infrastructure. Do not hesitate in anyway from ensuring proper security measures, as not doing so can lead to damage and theft of your business data.

Phishing Scams

Phishing scams come under social engineering attacks. They provide a fake e-mail or website that looks like an authentic one and tricks you into putting your username and password. Once they capture your username and password, they now have access to your bank account or whatever website they are pretending to be.

A disputed study by Trusteer showed that spear phishing a hundred LinkedIn users resulted in a failure rate of 68%. That would mean that around 30% of those targeted with phishing attempts disclosed their personal data. That is significant enough for businesses to lose a substantial amount of money once their bank account information has been captured.

Cnet interviewed Michael Barrett, chief information security officer at PayPal (online payment processor) in April, 2011. This is what he had to say regarding the question of PayPal’s weakness to phishing attempts:

“I joined PayPal almost exactly five years ago and it’s fair to say the company had not realized at that point the true significance of phishing. But since that time we’ve put in place a number of defenses against it. It probably will never go away completely as a problem, but it can be substantially minimized. We’re at No. 8 on a list of most phished sites, which is better than being No. 1. I’m not satisfied with being No. 8 and I’d really like to obliterate the crime completely, but I realize that will take another five years to get to that state. A few years ago we started digitally signing all our outbound e-mail and we worked with Yahoo and Google so if they saw e-mail that purported to come from us but wasn’t signed they would block it. That has been stunningly successful. Now we’re trying to get the whole industry to take up that type of approach. But it will take several more years of pushing to get the rest of the industry to do that.” (1)

Malware

Malware is software that is damaging to your computer in various ways. Spyware is a type of malware that infects a computer and relays information of your computer use to different parties.

In 2007, Kaspersky Labs was seeing new malware samples every two minutes, but in 2010, just three years later, that had increased to one new sample every two seconds.

This is what InformationWeek has to say about small businesses and virus threats:

“Small business respondents’ other top concerns were Trojan applications (60%), malware designed by criminals expressly to steal data (59%), data leaks (56%), spyware (55%), and fake AV (52%). Spam and phishing threats ranked lowest. Most of today’s antivirus software suites protect against many viruses and worms. But when it comes to data-stealing malware, 21% of small U.S. business respondents said that their IT department could do a better job of protecting end users. Notably, only 47% of small businesses install security software to help stop such malware, 30% offer related security policies, and 28% provide relevant education or guidance.” (2)

Some are touting Cloud resources as the answer to fighting back malware spread. That remains to be seen.

Security Breaches – Hacks

It’s interesting to note that organizations attribute 59% of all security breaches to human error. This can occur if the network administrator has failed to set up the proper security barriers, or it can occur by inadvertently giving our information that a hacker can use to compromise the system.

About half of all organizations consider IT security a top priority. This stat indicates two scenarios. One, namely that there are pockets of IT infrastructures that don’t need high security. Perhaps these are small businesses that have a wireless network setup, and they don’t see themselves as a potential target from hackers. The network is small and their data isn’t all that critical. The second is that IT security is seen as a big issue for larger organizations. They have important data that cannot be leaked and as such they are prime targets for hackers. Hackers use stolen company data to sell to competitors and it is quickly becoming a lucrative business. Larger organizations need security for their systems and that entails purchasing the right equipment and having it administered properly.

The cost of an individual data breach – including lost business and the burden of responding to the incident – in 2010 increased 13% year-over-year for U.K. companies. That roughly equals $3 million for each breach, which is quite substantial. Needless to say, every organization, small or big, should pay close attention to its IT security needs.

Viruses

Small businesses still fear the virus according to a new survey of 1,600 end users in Germany, Japan, the United Kingdom, and United States. Conducted by antivirus vendor Trend Micro, viruses are the leading concern for 63% of small businesses.

A CompTIA stat shows that 33% of law firms admit to experiencing a security issue such as a virus. That’s only law firms, if you total firms from other fields the number is much higher.

Conclusion

The presentation of stats and facts in this article is only intended to create an awareness of various cyber threats. Cyber security is a huge issue and should not be taken lightly.

References

(1) http://news.cnet.com/8301-27080_3-20052310-245.html#ixzz1MvDmlGv5
(2) http://www.informationweek.com/news/security/vulnerabilities/228200171

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Usage Based Billing for the Internet: Canada’s Economic Folly

April 29, 2011 Leave a comment

What is Usage-Based Billing?

Usage-based billing (UBB) is something that was introduced to the CRTC in 2008 by Bell. What it does is, it puts a cap on the amount of Internet you consume and applies a fee for every gigabyte you use thereafter. What’s the problem with that? Well, it stifles Canada’s economy’s by downsizing the amount of consumer business done on the Internet, it limits the number of YouTube videos you can watch, and it makes sure that you get a minimum amount of Internet for a maximum amount of price. This great idea was put forth by Bell, in attempts to make sure that the 2% of its customers that use more Internet than others, makes the rest of the 98%, who don’t use much Internet, pay for it when they go over. It was also done in response to limit Bell’s competitors in the Internet service providers business.

How it Affects Canadians

Consumer use of the Internet is only increasing. With the advent of smartphones, tablets, and laptops, leisurely use of the Internet from home is consuming more and more gigabytes. It is projected that by 2015, video and Internet use will surpass 2.1 billion gigabytes in Canada. Who benefits from this? Service providers like Bell do. This proposed ruling was actually accepted by the CRTC to take place in March of 2011, but outrage over this from many Canadians caused the CRTC to review its case. The Conservative government has expressed concern over this ruling and has vowed to make sure Canadians are put in priority and not “taxed” over communicating over the Internet.

The Case for More Internet

We need more Internet for less. Simple. It costs less than a penny to route 1 gigabyte of data through the Internet. Bell is ready to charge you upwards of $5 a gigabyte. Gouging? I most certainly think so.

The Internet has become a universe in itself. In fact, companies are taking the Internet to outer space in the International Space Station and to planets in the future. We can’t be taxed over using the Internet because it has become so ubiquitous as a means of communication that we all rely on it. From businesses to schools, and from recreation to revolutions, the Internet is not only expanding our knowledge of things, but is accelerating it at an unbelievable pace. Putting a cap on how we interact in the digital domain will severely affect our economy and our social lives. Facebook, Twitter, and all of the social media sites will be taxed.

If we reverse the CRTC’s decision, we can expand our economy and better compete with countries like Japan who make our Internet service look a like snail in terms of how fast they have it there. The more we regulate Internet use, the less flexibility we’ll see our industries. On the contrary, having a less regulated Internet can spur new innovations and help place Canada at the top in the IT world.

What Can You Do About It?

Luckily we have an advocacy group that is doing a real good job on protesting this ridiculous UBB ruling. The group is called Open Media and you can visit their website at: www.openmedia.ca. Be sure to sign in on the petition to make you voice heard to the government and to the CRTC. Last I heard, we had close to half a million signatures. Let’s trump this decision once and for all for the sake our digital freedom!

Filed under GPIT Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

IPV6 – The New Internet Scheme

April 18, 2011 1 Comment

Believe it or not, the Internet has run out of addresses. This means we need to transition to a new addressing scheme, IPv6, that facilitates our growing need for Internet addresses and that helps our businesses grow. To access company networks and the Internet, each device or computer is assigned a logical address. That basically means that the address assigned to the computer or device (ie. smartphone) is temporary and can be easily assigned to any other device regardless of physical location. The Internet addressing scheme is known as IP – Internet Protocol. We’ve been using version 4 of the IP addressing scheme ,also known as IPv4, for quite some time.

IPv4 Limitations

The main problem with IPv4 is that there aren’t enough addresses for all the computers and Internet devices in the world, and that can result in lost connectivity. An IPv4 address is composed of 32 bits, or 32 ones and zeros. Any combination would result in a specific address. These 32 bits are represented in decimal form in the following notation as an example: 192.168.1.101. This results in a total theoretical base of 4,294,967,296 addresses that can be used. Since, we have run out of these addresses we need a new scheme that provides us with more addresses. This new scheme is called IPv6.

IPv6, The Savior

IPv6 uses 128 bits and that gives us 212˄8 (approximately 340 undecillion or 3.4×103˄8) addresses. That’s enough for 5×10˄28 addresses for each of the 6.8 billion people alive (as of this writing). This, for now, solves our problem with the limited addresses that IPv4 yields. This also saves us from using NAT (Network Address Translation) technologies, which usually results in security problems for devices inside the company network. The IPv6 protocol header is more efficient for routing of network data than the IPv4 header. This results in more efficient processing of data. Mobility with IPv6 is better than IPv4; as it allows mobile devices to move between networks while keeping the same IP address.

How to Transition to IPv6

IPv6 is installed on all new Microsoft Windows operating systems. This includes Windows Vista, Windows 7, and Windows Server 2008. The network infrastructure itself also needs to be IPv6 capable. This means that the routers and layer 3 switches need to upgraded in order to process the extra address bits of IPv6. There are a number of techniques that you can use to gradually shift your business to using IPv6 from IPv4. Names and a brief description of each transition scheme is listed below:

Dual-Stack
This technique uses both IPv6 and IPv4 at the same time. Each network devices is usually capable of both protocol versions. If not, then it only communicates with those devices that are of its own protocol version. This method of transition is meant to slowly transfer control from IPv4 dependant devices to IPv6 devices.

4to6
These are IPv4 addresses that are mapped to an IPv6 address. The last 32 bits of the IPv6 contain the IPv4 address. This allows both IPv6 and IPv4 to run at the same time.

Tunneling
Tunneling involves encapsulating an IPv6 into a IPv4 header. The network uses two IPv6 points on an IPv4 infrastructure to transmit the data. There are many types of tunneling methods such as 6to4, Teredo, and ISATAP.

As you can see, there are a number of benefits and ways to transition your business from IPv4 to the new IPv6 addressing scheme. There is some security concern regarding IPv6 and the use of unidentified addresses to generate SPAM. IPv4 addresses that generate SPAM are blacklisted and are usually blocked, but since IPv6 opens up a new lot of available addresses, this can be used to generate SPAM. Although, eventually the IPv6 addresses would also be blacklisted, it may take sometime. Nevertheless, the transition to IPv6 is continuing, albeit at a slow and gradual pace, and the new avenues that it opens up for placing new devices on the growing Internet will be needed for some time to come.

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Is Software Piracy Ethical?

April 12, 2011 1 Comment

We’ve heard of the legend of Robin Hood, the lone vigilante who steals from the rich and gives to the poor. The right being done by the granting of provisions not available to the poor from those who have more. Right or wrong, this same ethical issue faces many people in the digital and technological world. There are thousands of hackers, even underground groups, that pirate software and distribute it through torrents and news groups to the world at large. Software IT giants such as Microsoft are unable to keep up with the rate of how their software is being pirated, and small companies like RAR Labs are facing a harsh stream of cuts in profits by hackers who hack and distribute their software.

Is It Stealing?

For centuries stealing was considered an act where a physically tangible property was robbed of from someone else. Item X belonged to person A, but person B unlawfully and physically obtained item X. This was the classical notion of stealing. Now, in the digital age, we have intellectual rights and laws that are meant to protect a person’s idea, a physically intangible item. Physically intangible material X is now the property of person A and person B cannot copy or use it in any manner unless granted permission by person A. So this raises the question, does stealing only apply to physically tangible materials? Some think so -the hackers. There are many people who freely distribute software and use it because they hold the notion that “stealing” only applies to physical things. Software to them is immaterial and therefore doesn’t qualify as “stealing”. I’ve heard the argument from a religious leader who stated that if a person has the ability to reproduce a patented item, it is not sinful or “immoral” as that person used his or her intelligence and skill to make it. He or she did not physically snatch something away. This can turn into a long argument as you can see, but it does leave us with a poignant dilemma: is software piracy “stealing”?

Taking From The Rich and Giving to The Poor

If piracy is stealing, what does that mean for the millions of people worldwide who depend and rely on pirated software to write their homework, their reports, listen to music, watch movies, and run their businesses on pirated software? Many of these people cannot afford to buy a $400 Microsoft Office suite or pay $30 for a Blu-ray movie. I know of small business start-ups that need graphic software to run their design business, but can’t afford the expensive licensing fees that range from $500 to $3000. From operating system costs to making PDF documents, licensing fees are expensive and are limited to a certain amount of workstations, usually one. The fact is, that it wouldn’t have been possible for businesses and normal underpaid workers to carry on had it not been for pirated software. In effect, software piracy makes businesses, and businesses make software companies. It’s a symbiotic relationship.

Does Pirated Software Help Software Makers?

There are people who seem to think that pirated software actually helps propel proprietary software forward by giving it the mass following it needs to succeed. Legitimate questions arise in this case that ask “Would Microsoft Word be so ubiquitous if it wasn’t for piracy?” A statistic from Microsoft puts software piracy at:

“According to Microsoft business group president Jeff Raikes, speaking to the Morgan Stanley Technology conference in San Francisco , they estimate that 20% to 25% of software is pirated in the US alone.” (1)

Some estimates place that as having upwards of 50 million Americans using pirated software. Certainly software makers know this, and among the pirated users are some who actually end up paying for the software. According to some, Bill Gates has even hinted to the fact that ‘software theft can help build market share more quickly’. Charles Piller of Los Angeles Times shares an interesting perspective about how software piracy actually helps in making Microsoft a standard:

“The proliferation of pirated copies nevertheless establishes Microsoft products as the software standard. As economies mature and flourish and people and companies begin buying legitimate versions, they usually buy Microsoft because most others already use it.” (2)

Microsoft has even admitted that software piracy prevents free, open-source alternatives such as Linux from chipping away at Microsoft’s monopolies, especially in developing nations. (3)

I leave the question to you. Is software piracy ethical?

References

(1) http://www.autotelic.com/no_really_-_windows_is_free
(2) http://labnol.blogspot.com/2006/04/network-effect-software-piracy-helps.html
(3) http://labnol.blogspot.com/2006/04/network-effect-software-piracy-helps.html

Filed under GPIT Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The New Grounds for Cybertheft

April 5, 2011 Leave a comment

Theft used to be limited to stealing of physical goods or the classic burglar robbing the bank for cash. Now the concept of theft has radically changed as the digital age advances and the lines between the physical and virtual become blurred. Most people know cybercrime for its stealing of people’s money from their bank accounts through hacking, but new reports, from companies like McAfee, indicate that cybertheives are targeting intellectual data such as company trade secrets, proprietary patents, and valuable company information.

Personal Information Still Hot

The market for hacked bank accounts and personal information is still hot. Links have been made to the mafia and underground street gangs that use that information to do identity theft – posing as someone else with forged documents. Most of this information is available on IRC chat rooms, where anyone can join the low-profile chat sessions and scroll through lists of credit card numbers, social insurance numbers, and various sensitive personal information being sold for nominal amounts. Believe it or not, stealing of personal information is quite easy. Sniffers and packet grabbers can easily be used to catch data from wired and wireless networks. Social engineering is even easier as people are duped into giving their information thinking that they are accessing a real website, while they’re only accessing a fake website created to capture personal information.

Intellectual Theft

The more lucrative market for cybertheft is based on stealing company secrets. Proprietary information such as patents, company plans, R&D information, etc are all areas where higher level of hacking is occurring. Doug Cooke, director for sales engineering for McAfee Canada, said that while companies do good in protecting credit card information,

“…they don’t do as well in protecting intellectual capital like trade secrets.”(1)

This information can be sold to competitors both national and international. This leads us to a whole different discussion about how hacking is used against competitors on a regular basis to edge the other out, but what Cooke does say about this new level of cybercrime is that:

“We think cybercriminals are now researching the companies they want to go after.”(2)

This is scary news for any business. Not only are these hackers targeting trade secrets, they are precision planning their attacks, and that means more damage for the companies being attacked. This type of crime seems far easier to get away with as compared to credit card theft where the credit card companies actually try to hunt down the cybercriminals.

Small and medium business can protect themselves to a large extent by using proper procedures to guard their network. Although most networks can be broken into, having better security measures does help reduce the impact of an attack. For this, I would refer you to my article series on Security which you can access here: http://soulistech.com/2011/03/25/security-for-your-business-part-1/

References
(1) http://www.echannelline.com/usa/story.cfm?item=26699
(2) http://www.echannelline.com/usa/story.cfm?item=26699

Filed under GPIT Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Virtualization For Businesses

April 3, 2011 Leave a comment

One of best ways to streamline business infrastructure is to use a process called virtualization. Virtualization basically reduces the need for physical hardware as it uses software environments to create and share hardware resources. On one physical desktop computer you can run multiple operating systems, each sharing the hardware of the desktop computer to give portals to “virtual” computers.

Benefits of Virutalization

What benefit does this serve? Well, firstly, it reduces the need to purchase individual computing hardware and allows a single structure of hard disks, memory, and video graphics to be used in multiple environments within a single core operating system – Windows, for example. This saves money as you only need to purchase one physical computer. What you can do with the virtual machines, that use software applications like Microsoft’s Virtual PC or VMWare Workstation, is to run multiple servers for your company. Domain controllers, each serving a specific purpose, can all be handled on one physical machine. This also reduces the physical imprint as there s less required space.

Safe Environment for Testing

Another benefit that virtualization holds is that it allows new software to be tested in a secured environment. Since a virtual computer does not affect the operation of the host OS (operating system), it makes for a great tool to test different OS’s and applications alike. If you wanted to see how Ubuntu would work, but didn’t want to erase your current computer configuration, you could simply create a virtual machine and load Ubuntu on it and see if you like it or not. Also, you could test certain software to see how it works or to see if there are any conflicts with any other software configurations. Say, you wanted to see how Microsoft Office 2010 worked, you could install it on a virtual machine and test it out.

Backup and Restore Virtualized Data

The ease of transport of virtual machines makes it a great way to backup and restore computer images in a short amount of time. If the location of one virtual machine needs to shift to a physically different computer, all that is needed is to the virtual machine file along with its virtual disk file and you can setup that computer in minutes on the other machine. This can serve as an effective tool in disaster recovery where one physical machine goes down, and another is used to host the virtual machine files.

Hardware Resource Sharing

Virtual machines share the hardware resources. This means that the physical RAM, hard drive, and graphics adapter is shared amongst the virtual machines. Virtual disks are files that the virtual machines use to store data on their hard drive. There are usually options that allow you to allocate a fixed amount of hard drive space for each virtual machine and some even allow you to set a capacity, but only use as much as is needed and thereby using less actual disk space.

Legacy Systems Support

Virtualization also comes in handy when you need to keep an instance of a legacy system running. For example, some of your software is only compatible with Windows 98, but you’ve moved onto newer OS’s, you can create a virtual machine that runs Windows 98 and allows you to run your legacy applications.

I’ve used virtual machines for training and testing purposes. Virtual machines are great when you’re studying for courses like MCITP, where you need multiple servers and workstations. One single computer can handle the whole virtual network and there’s no worry in messing things up. I would highly recommend the use of virtual machines so that your company can benefit from the advantages outlined above.

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Cloud, The Computer and the Human Brain

March 29, 2011 Leave a comment

Comparing the human brain with the computer is like comparing a car to a bicycle. The human brain has developed in great detail over the evolutionary patterns of time, whereas the computer is a creation of our brain in infancy. What we can do to revolutionize our IT industry is to think and innovate along the lines of creating the computer similar to how the human brain works, thereby unleashing the tremendous power of calculation and memory. To achieve a state of high efficiency, similar to that of the brain, requires innovated resource management, much like the services of the Cloud.

Let’s start off with the CPU. The CPU is the “core processing unit” of the computer. It manages many parts of the hardware to make them work together. It also processes numbers and gives rise to calculations. The hotter the temperature of the CPU, the more ware is done to its parts The human brain, in contrast, uses different parts of the brain to calculate certain functions and does not use one central location to process everything like the CPU. The cooling for the brain is done through the blood circulatory system, which is similar to overclocking a CPU and using liquid cooling. Some parts of the computer do resemble the functions of the brain, such as the processing unit on graphics cards. The video processing is established much like how our rear parts of the brain use the optical centre to process vision from our eyes – a separate unit for separate functions. In fact, dreams are known also to activate the optical centre of the brain while we are asleep. In this regard, we can enhance the functions of the computer by providing each separate part of the computer with its own CPU, giving rise to more processing power. By this, I mean we can create a high-powered processing unit for audio, video, accessing system memory, inputs ( i.e.: keyboard and mouse), and for external devices like the USB and eSATA.

Memory is another hardware element that is limited in a computer. Our brains have almost limitless abilities to store information. Whenever some new information is analysed by our brains, a new neuro-pathway is created. To mimic this in a computer is hard to do as hard drives and RAM come in limited quantities. Motherboards come with limitations on how much RAM and how many hard drives can be added.

One method of creating a limitless memory system like the brain, is to use the Cloud. The Cloud has the potential of possessing limitless memory. Hard drives can be stored on servers throughout the world, which functions much like a brain. It is known that our memory doesn’t store recollections in one single area; in fact, the recollection of, for example, an elephant, would use different locations of the brain to provide you with he memory of what an elephant looks like. Similarly, the Cloud can be used to allocate memory from different parts of the world.

Just as computers have audio units, so do our brains. Specific areas of the brain control how we hear and interpret sounds. Outsourcing the audio to the Cloud would require too much bandwidth and it would probably be best suited for being local to the PC.

Nevertheless, the Cloud has enormous potential to transform our computers into a working mesh like our brains. The CPU can be outsourced to the Cloud where multiple CPU’s or super computers process the information and send it back via the web. This is already happening, memory resources on the Cloud, as mentioned earlier, are working much like how our brains store information that is to be recalled. Thus, the similarities and contrasts between the Cloud, the computer, and the human brain are many and both can help each other in fields of medicine and technology.

Filed under GPIT Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security for Your Business – Part 1

March 25, 2011 2 Comments

Security is essential for any business running IT systems. These days there are more threats than ever before, and to keep guard is one of the requirements for any IT-business infrastructure. This series on data security measures for your business entails topics such as basic terminology of attackers, different attacking methods, statistics of IT security, and how to secure your network.  There are many types and classifications of threats and we will go through some of them in this part of the series so your organization has the insight and knowledge to properly understand these critical issues.

Why is Security for Your IT Systems Important?

If your security is breached it means that your data can be stolen, altered, or destroyed. Serious issues such as the loss of privacy and theft of information can land your company in legal turmoil. It is hard to determine how secure your network should be because the more secure your network is, the less accessible are the resources on the network. Your organization has to determine the fine balance between having more access to certain network resources, but having less security, or having less access to network resources and having more security.

Security Threats are Rising

Attack tools and methods have drastically evolved and have become easier for even novice users to break through data security walls using the simplest of tools. Here is a brief look at how attacks have evolved over the years:

  • 1985: Password guessing and code replication
  • 1990: Password cracking and war dialing (calling lists of numbers to hack into phone systems, fax machines, and computers)
  • 1995: Viruses, including Love Bug, Nimda, and Code Red
  • 2000: Trojan horses such as Back Orifice
  • 2005: Worms including Blaster, MyDoom, and Slammer
  • 2010: Packet sniffing, social engineering, and phishing

Attacks that once involved deep knowledge of computer and computer systems can now be performed by entry level computer enthusiasts. This is because many of the attack tools, such as password cracking, have been simplified to the extent where even beginners can take advantage of them. Some of these tools come with easy-to-use graphical user interfaces that make them easy to understand and use for beginners. This has resulted in people committing computer crime where they previously would not have.

Terminology You Should Know

White Hat: A hacker who seeks vulnerabilities in systems and exposes them for the purpose of having them be fixed. A white hat hacker is a good guy who uses his or her knowledge to improve the security of a system.

Hacker: A computer programming expert who can use his/her computing knowledge to bypass systems. This term is usually associated with a negative connotation and generally refers to anyone who bypasses security systems.

Black Hat: A hacker who gains unauthorized access to systems and uses it in a negative way. For example, one who steals information for monetary gains or compromises systems with a malicious intent.

Phisher: A person who sets up fake links to websites and dupes people into giving their personal information, such as passwords, and then uses that information for personal gain, i.e. stealing money from their bank account.

Attack Methods

There are many types of attacks and they can get confusing. A few attacking methods mentioned here are intended to give you a “heads up” on how these attacks are executed.

  1. Social Engineering: This is one of the simplest of attack methods. One simply dupes the other party into giving critical information that is in turn used to gain access. Phishing, as mentioned above, is of this classification. I have heard of companies who have had their security systems compromised simply by a phone call of a person pretending to be the president of the company, who had forgotten his/her password. The employee on the other end believes it is the actual president and offers him/ her access to the computer systems. This attack can be mitigated by constructing and following a security policy for your company.
  2. Viruses: These little pieces of software code can do a lot of damage to the integrity of your computer systems. These codes are written to infect computer systems and to either render them useless or take over the systems. Some of them ask for money in return for leaving the system unharmed. I would include worms, Trojan horses, and malware in this category as well. This attack method can be mitigated by using an up-to-date virus scanner.
  3. Password-cracking: One of the most used password-cracking methods is known as Brute Force. Basically this techniques cycles through different combinations of characters hoping that eventually it will get the right combination and break through the system. It is always recommended that the password you set should be a “strong” password, meaning that it should contain small and large letters, numbers, and unique characters, such as “$”, “@”, or “&”. Setting a strong password will hinder the brute force method.
  4. Sniffing: This method commonly refers to the ability of the hacker to “listen” in on network traffic and thereby discover the passwords. This can be easily accomplished by using network tools (i.e. WireShark) to drop in on computer conversations on the network and capture the usernames and passwords. There are many other techniques that allow the hacker to gain access, such as the man-in-the-middle technique that places the hacker in the middle of the conversation of two network computers, and then the hacker is able to intercept the username and password to gain unauthorized access.

Data Security for Your Business – Part 2
The next article in this series takes a look at the statistics of IT security.

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Follow

Get every new post delivered to your Inbox.

Join 402 other followers