The Right Anti-Virus Solution

October 16, 2011 1 Comment

There is a great deal of confusion amongst individuals, businesses, and other organizations as to which Anti-Virus solution is right for them. On the outset, I would just like to say that no one Anti-Virus is perfect against every kind of a attack. Some AVs are better than others at fighting against Trojan viruses, while others are good at detecting root-kit viruses. Let’s go through various AV solutions for the home and the business/organization markets.

Home Anti-Virus

The home AV market is easier than most people think. A lot of people think they need to pay for an anti-virus solution in order to be protected better. My experience leads me to a different conclusion. I’ve tried a number of paid and free AV solutions, and I can safely suggest that for most people a free anti-virus will be sufficient. One of the most often questions I get asked is “If a free anti-virus works just as good as a paid one, then why do they offer it for free?”. That’s a valid question, and I tell them that most of the free AV programs out there either advertise to you, or they want to you upgrade to their paid version later on – which you don’t have to.

Here’s a list of the top three free anti-virus solutions that I think are very good for home use:

  1. AVG Free Anti-Virus – My preferred choice for myself and my clients.
    Download here: http://free.avg.com
  2. Avast Free Anti-Virus – A very solid and good choice for home users.
    Download here: http://www.avast.com/free-antivirus-download
  3. Avira AntiVir Personal – Works great with the boot up CD when your system is inaccessible.
    Download here: http://www.avira.com/en/avira-free-antivirus

Business/Organizational

Organizations have a different requirement for implementing AV solutions. As opposed to the home anti-virus solutions being free, I would recommend organizations purchase an AV solution as it would be coming with more support which their business requires. Typically organizations need robust AV solutions that come with multiple licenses and that have a customer support centre for customers to call when in need of help. Robust means that the AV solution should be fully integrated with the software components of the operating system, such that e-mail, downloads, firewall access, and software execution should all be under the control of the anti-virus. This approach may use a lot of system resources, but for businesses and other organizations it is critical to have computer systems as secure as possible. Multiple licenses are something that should be considered when purchasing a AV solution for your business/organization. Multiple licenses provide you the legal right to install the ant-virus software on as many computers as the license allows for. A call centre for the AV vendor should be present in case you need to call them up for any help regarding their software.

I would recommend the following Anti-Virus solutions for businesses and organizations:

  1. Kaspersky Anti-Virus – Very robust and comes with multiple licenses.
  2. Norton AntiVirus – Very good support system and good detection abilities.
  3. ESET Nod32 Antivirus – A very resource friendly AV that has good detection abilities.

Filed under Exabyticals, GPIT Tagged with , , , , , , , , , , , , , , ,

Security for Your Medical Centre – Part 2

September 30, 2011 Leave a comment

Statistics of IT Security Threats

This article is a continuation of Security for Your Medical Centre – Part 1. We will discuss various statistics related IT threats and security concerns. This article points out clearly the importance and significance of securing your IT infrastructure. Do not hesitate in any way from ensuring proper security measures, as not doing so can lead to damage and theft of your medical data.

Phishing Scams

Phishing scams come under social engineering attacks. They provide a fake e-mail or website that looks like an authentic one and tricks you into putting your username and password. Once they capture your username and password, they now have access to your bank account or whatever website they are pretending to be.

A disputed study by Trusteer showed that spear phishing a hundred LinkedIn users resulted in a failure rate of 68%. That would mean that around 30% of those targeted with phishing attempts disclosed their personal data. That is significant enough for medical centres to lose a substantial amount of money once their bank account information has been captured.

Cnet interviewed Michael Barrett, chief information security officer at PayPal (online payment processor) in April, 2011. This is what he had to say regarding the question of PayPal’s weakness to phishing attempts:

“I joined PayPal almost exactly five years ago and it’s fair to say the company had not realized at that point the true significance of phishing. But since that time we’ve put in place a number of defenses against it. It probably will never go away completely as a problem, but it can be substantially minimized. We’re at No. 8 on a list of most phishing sites, which is better than being No. 1. I’m not satisfied with being No. 8 and I’d really like to obliterate the crime completely, but I realize that will take another five years to get to that state. A few years ago we started digitally signing all our outbound e-mail and we worked with Yahoo and Google so if they saw e-mail that purported to come from us but wasn’t signed they would block it. That has been stunningly successful. Now we’re trying to get the whole industry to take up that type of approach. But it will take several more years of pushing to get the rest of the industry to do that.” (1)

Malware

Malware is software that is damaging to your computer in various ways. Spyware is a type of malware that infects a computer and relays information of your computer use to different parties.

In 2007, Kaspersky Labs was seeing new malware samples every two minutes, but in 2010, just three years later, that had increased to one new sample every two seconds.

This is what InformationWeek has to say about small organizations and virus threats:

“Small organization respondents’ other top concerns were Trojan applications (60%), malware designed by criminals expressly to steal data (59%), data leaks (56%), spyware (55%), and fake AV (52%). Spam and phishing threats ranked lowest. Most of today’s antivirus software suites protect against many viruses and worms. But when it comes to data-stealing malware, 21% of small U.S. organization respondents said that their IT department could do a better job of protecting end users. Notably, only 47% of small organizations install security software to help stop such malware, 30% offer related security policies, and 28% provide relevant education or guidance.” (2)

Some are touting Cloud resources as the answer to fighting back malware spread. That remains to be seen.

Security Breaches – Hacks

It’s interesting to note that organizations attribute 59% of all security breaches to human error. This can occur if the network administrator has failed to set up the proper security barriers, or it can occur by inadvertently giving our information that a hacker can use to compromise the system.

About half of all organizations consider IT security a top priority. This stat indicates two scenarios. One, namely that there are pockets of IT infrastructures that don’t need high security. Perhaps these are small organizations and medical centres that have a wireless network setup, and they don’t see themselves as a potential target from hackers. The network is small and their data isn’t all that critical. The second is that IT security is seen as a big issue for larger organizations. They have important data that cannot be leaked and as such they are prime targets for hackers. Hackers use stolen company data to sell to competitors and it is quickly becoming a lucrative business. Larger organizations need security for their systems and that entails purchasing the right equipment and having it administered properly.

The cost of an individual data breach – including lost business and the burden of responding to the incident – in 2010 increased 13% year-over-year for U.K. companies. That roughly equals $3 million for each breach, which is quite substantial. Needless to say, every organization, small or big, should pay close attention to its IT security needs.

Viruses

Medical centres still fear the virus according to a new survey of 1,600 end users in Germany, Japan, the United Kingdom, and United States. Conducted by antivirus vendor Trend Micro, viruses are the leading concern for 63% of small organizations.

A CompTIA stat shows that 33% of law firms admit to experiencing a security issue such as a virus. That’s only law firms, if you total firms from other fields the number is much higher.

Conclusion

The presentation of stats and facts in this article is only intended to create an awareness of various cyber threats. Cyber security is a huge issue and should not be taken lightly.

References

(1) http://news.cnet.com/8301-27080_3-20052310-245.html#ixzz1MvDmlGv5
(2) http://www.informationweek.com/news/security/vulnerabilities/228200171

Filed under Medical Tagged with , , , , , , , , , , ,

Security for Your Medical Centre – Part 1

August 18, 2011 1 Comment

Security is essential for any medical centre running IT systems. These days there are more threats than ever before, and to keep guard is one of the requirements for any health IT infrastructure. This series on data security measures for your medical centre entails topics such as basic terminology of attackers, different attacking methods, statistics of IT security, and how to secure your network.  There are many types and classifications of threats and we will go through some of them in this part of the series so your organization has the insight and knowledge to properly understand these critical issues.

Why is Security for Your IT Systems Important?

If your security is breached it means that your data can be stolen, altered, or destroyed. Serious issues such as the loss of privacy and theft of information can land your company in legal turmoil. It is hard to determine how secure your network should be because the more secure your network is, the less accessible are the resources on the network. Your organization has to determine the fine balance between having more access to certain network resources, but having less security, or having less access to network resources and having more security.

Security Threats are Rising

Attack tools and methods have drastically evolved and have become easier for even novice users to break through data security walls using the simplest of tools. Here is a brief look at how attacks have evolved over the years:

  • 1985: Password guessing and code replication
  • 1990: Password cracking and war dialing (calling lists of numbers to hack into phone systems, fax machines, and computers)
  • 1995: Viruses, including Love Bug, Nimda, and Code Red
  • 2000: Trojan horses such as Back Orifice
  • 2005: Worms including Blaster, MyDoom, and Slammer
  • 2010: Packet sniffing, social engineering, and phishing

Attacks that once involved deep knowledge of computer and computer systems can now be performed by entry level computer enthusiasts. This is because many of the attack tools, such as password cracking, have been simplified to the extent where even beginners can take advantage of them. Some of these tools come with easy-to-use graphical user interfaces that make them easy to understand and use for beginners. This has resulted in people committing computer crime where they previously would not have.

Terminology You Should Know

White Hat: A hacker who seeks vulnerabilities in systems and exposes them for the purpose of having them be fixed. A white hat hacker is a good guy who uses his or her knowledge to improve the security of a system.

Hacker: A computer programming expert who can use his/her computing knowledge to bypass systems. This term is usually associated with a negative connotation and generally refers to anyone who bypasses security systems.

Black Hat: A hacker who gains unauthorized access to systems and uses it in a negative way. For example, one who steals information for monetary gains or compromises systems with a malicious intent.

Phisher: A person who sets up fake links to websites and dupes people into giving their personal information, such as passwords, and then uses that information for personal gain, i.e. stealing money from their bank account.

Attack Methods

There are many types of attacks and they can get confusing. A few attacking methods mentioned here are intended to give you a “heads up” on how these attacks are executed.

  1. Social Engineering: This is one of the simplest of attack methods. One simply dupes the other party into giving critical information that is in turn used to gain access. Phishing, as mentioned above, is of this classification. I have heard of companies who have had their security systems compromised simply by a phone call of a person pretending to be the president of the company, who had forgotten his/her password. The employee on the other end believes it is the actual president and offers him/ her access to the computer systems. This attack can be mitigated by constructing and following a security policy for your company.
  2. Viruses: These little pieces of software code can do a lot of damage to the integrity of your computer systems. These codes are written to infect computer systems and to either render them useless or take over the systems. Some of them ask for money in return for leaving the system unharmed. I would include worms, Trojan horses, and malware in this category as well. This attack method can be mitigated by using an up-to-date virus scanner.
  3. Password-cracking: One of the most used password-cracking methods is known as Brute Force. Basically this techniques cycles through different combinations of characters hoping that eventually it will get the right combination and break through the system. It is always recommended that the password you set should be a “strong” password, meaning that it should contain small and large letters, numbers, and unique characters, such as “$”, “@”, or “&”. Setting a strong password will hinder the brute force method.
  4. Sniffing: This method commonly refers to the ability of the hacker to “listen” in on network traffic and thereby discover the passwords. This can be easily accomplished by using network tools (i.e. WireShark) to drop in on computer conversations on the network and capture the usernames and passwords. There are many other techniques that allow the hacker to gain access, such as the man-in-the-middle technique that places the hacker in the middle of the conversation of two network computers, and then the hacker is able to intercept the username and password to gain unauthorized access.

Data Security for Your Medical Centre – Part 2
The next article in this series takes a look at the statistics of IT security.

Filed under Medical Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security for Your Business – Part 2

May 25, 2011 Leave a comment

Statistics of IT Security Threats

This article is a continuation of Security for Your Business – Part 1. We will discuss various statistics related IT threats and security concerns. This article points out clearly the importance and significance of securing your IT infrastructure. Do not hesitate in anyway from ensuring proper security measures, as not doing so can lead to damage and theft of your business data.

Phishing Scams

Phishing scams come under social engineering attacks. They provide a fake e-mail or website that looks like an authentic one and tricks you into putting your username and password. Once they capture your username and password, they now have access to your bank account or whatever website they are pretending to be.

A disputed study by Trusteer showed that spear phishing a hundred LinkedIn users resulted in a failure rate of 68%. That would mean that around 30% of those targeted with phishing attempts disclosed their personal data. That is significant enough for businesses to lose a substantial amount of money once their bank account information has been captured.

Cnet interviewed Michael Barrett, chief information security officer at PayPal (online payment processor) in April, 2011. This is what he had to say regarding the question of PayPal’s weakness to phishing attempts:

“I joined PayPal almost exactly five years ago and it’s fair to say the company had not realized at that point the true significance of phishing. But since that time we’ve put in place a number of defenses against it. It probably will never go away completely as a problem, but it can be substantially minimized. We’re at No. 8 on a list of most phished sites, which is better than being No. 1. I’m not satisfied with being No. 8 and I’d really like to obliterate the crime completely, but I realize that will take another five years to get to that state. A few years ago we started digitally signing all our outbound e-mail and we worked with Yahoo and Google so if they saw e-mail that purported to come from us but wasn’t signed they would block it. That has been stunningly successful. Now we’re trying to get the whole industry to take up that type of approach. But it will take several more years of pushing to get the rest of the industry to do that.” (1)

Malware

Malware is software that is damaging to your computer in various ways. Spyware is a type of malware that infects a computer and relays information of your computer use to different parties.

In 2007, Kaspersky Labs was seeing new malware samples every two minutes, but in 2010, just three years later, that had increased to one new sample every two seconds.

This is what InformationWeek has to say about small businesses and virus threats:

“Small business respondents’ other top concerns were Trojan applications (60%), malware designed by criminals expressly to steal data (59%), data leaks (56%), spyware (55%), and fake AV (52%). Spam and phishing threats ranked lowest. Most of today’s antivirus software suites protect against many viruses and worms. But when it comes to data-stealing malware, 21% of small U.S. business respondents said that their IT department could do a better job of protecting end users. Notably, only 47% of small businesses install security software to help stop such malware, 30% offer related security policies, and 28% provide relevant education or guidance.” (2)

Some are touting Cloud resources as the answer to fighting back malware spread. That remains to be seen.

Security Breaches – Hacks

It’s interesting to note that organizations attribute 59% of all security breaches to human error. This can occur if the network administrator has failed to set up the proper security barriers, or it can occur by inadvertently giving our information that a hacker can use to compromise the system.

About half of all organizations consider IT security a top priority. This stat indicates two scenarios. One, namely that there are pockets of IT infrastructures that don’t need high security. Perhaps these are small businesses that have a wireless network setup, and they don’t see themselves as a potential target from hackers. The network is small and their data isn’t all that critical. The second is that IT security is seen as a big issue for larger organizations. They have important data that cannot be leaked and as such they are prime targets for hackers. Hackers use stolen company data to sell to competitors and it is quickly becoming a lucrative business. Larger organizations need security for their systems and that entails purchasing the right equipment and having it administered properly.

The cost of an individual data breach – including lost business and the burden of responding to the incident – in 2010 increased 13% year-over-year for U.K. companies. That roughly equals $3 million for each breach, which is quite substantial. Needless to say, every organization, small or big, should pay close attention to its IT security needs.

Viruses

Small businesses still fear the virus according to a new survey of 1,600 end users in Germany, Japan, the United Kingdom, and United States. Conducted by antivirus vendor Trend Micro, viruses are the leading concern for 63% of small businesses.

A CompTIA stat shows that 33% of law firms admit to experiencing a security issue such as a virus. That’s only law firms, if you total firms from other fields the number is much higher.

Conclusion

The presentation of stats and facts in this article is only intended to create an awareness of various cyber threats. Cyber security is a huge issue and should not be taken lightly.

References

(1) http://news.cnet.com/8301-27080_3-20052310-245.html#ixzz1MvDmlGv5
(2) http://www.informationweek.com/news/security/vulnerabilities/228200171

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The New Grounds for Cybertheft

April 5, 2011 Leave a comment

Theft used to be limited to stealing of physical goods or the classic burglar robbing the bank for cash. Now the concept of theft has radically changed as the digital age advances and the lines between the physical and virtual become blurred. Most people know cybercrime for its stealing of people’s money from their bank accounts through hacking, but new reports, from companies like McAfee, indicate that cybertheives are targeting intellectual data such as company trade secrets, proprietary patents, and valuable company information.

Personal Information Still Hot

The market for hacked bank accounts and personal information is still hot. Links have been made to the mafia and underground street gangs that use that information to do identity theft – posing as someone else with forged documents. Most of this information is available on IRC chat rooms, where anyone can join the low-profile chat sessions and scroll through lists of credit card numbers, social insurance numbers, and various sensitive personal information being sold for nominal amounts. Believe it or not, stealing of personal information is quite easy. Sniffers and packet grabbers can easily be used to catch data from wired and wireless networks. Social engineering is even easier as people are duped into giving their information thinking that they are accessing a real website, while they’re only accessing a fake website created to capture personal information.

Intellectual Theft

The more lucrative market for cybertheft is based on stealing company secrets. Proprietary information such as patents, company plans, R&D information, etc are all areas where higher level of hacking is occurring. Doug Cooke, director for sales engineering for McAfee Canada, said that while companies do good in protecting credit card information,

“…they don’t do as well in protecting intellectual capital like trade secrets.”(1)

This information can be sold to competitors both national and international. This leads us to a whole different discussion about how hacking is used against competitors on a regular basis to edge the other out, but what Cooke does say about this new level of cybercrime is that:

“We think cybercriminals are now researching the companies they want to go after.”(2)

This is scary news for any business. Not only are these hackers targeting trade secrets, they are precision planning their attacks, and that means more damage for the companies being attacked. This type of crime seems far easier to get away with as compared to credit card theft where the credit card companies actually try to hunt down the cybercriminals.

Small and medium business can protect themselves to a large extent by using proper procedures to guard their network. Although most networks can be broken into, having better security measures does help reduce the impact of an attack. For this, I would refer you to my article series on Security which you can access here: http://soulistech.com/2011/03/25/security-for-your-business-part-1/

References
(1) http://www.echannelline.com/usa/story.cfm?item=26699
(2) http://www.echannelline.com/usa/story.cfm?item=26699

Filed under GPIT Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Virtualization For Businesses

April 3, 2011 Leave a comment

One of best ways to streamline business infrastructure is to use a process called virtualization. Virtualization basically reduces the need for physical hardware as it uses software environments to create and share hardware resources. On one physical desktop computer you can run multiple operating systems, each sharing the hardware of the desktop computer to give portals to “virtual” computers.

Benefits of Virutalization

What benefit does this serve? Well, firstly, it reduces the need to purchase individual computing hardware and allows a single structure of hard disks, memory, and video graphics to be used in multiple environments within a single core operating system – Windows, for example. This saves money as you only need to purchase one physical computer. What you can do with the virtual machines, that use software applications like Microsoft’s Virtual PC or VMWare Workstation, is to run multiple servers for your company. Domain controllers, each serving a specific purpose, can all be handled on one physical machine. This also reduces the physical imprint as there s less required space.

Safe Environment for Testing

Another benefit that virtualization holds is that it allows new software to be tested in a secured environment. Since a virtual computer does not affect the operation of the host OS (operating system), it makes for a great tool to test different OS’s and applications alike. If you wanted to see how Ubuntu would work, but didn’t want to erase your current computer configuration, you could simply create a virtual machine and load Ubuntu on it and see if you like it or not. Also, you could test certain software to see how it works or to see if there are any conflicts with any other software configurations. Say, you wanted to see how Microsoft Office 2010 worked, you could install it on a virtual machine and test it out.

Backup and Restore Virtualized Data

The ease of transport of virtual machines makes it a great way to backup and restore computer images in a short amount of time. If the location of one virtual machine needs to shift to a physically different computer, all that is needed is to the virtual machine file along with its virtual disk file and you can setup that computer in minutes on the other machine. This can serve as an effective tool in disaster recovery where one physical machine goes down, and another is used to host the virtual machine files.

Hardware Resource Sharing

Virtual machines share the hardware resources. This means that the physical RAM, hard drive, and graphics adapter is shared amongst the virtual machines. Virtual disks are files that the virtual machines use to store data on their hard drive. There are usually options that allow you to allocate a fixed amount of hard drive space for each virtual machine and some even allow you to set a capacity, but only use as much as is needed and thereby using less actual disk space.

Legacy Systems Support

Virtualization also comes in handy when you need to keep an instance of a legacy system running. For example, some of your software is only compatible with Windows 98, but you’ve moved onto newer OS’s, you can create a virtual machine that runs Windows 98 and allows you to run your legacy applications.

I’ve used virtual machines for training and testing purposes. Virtual machines are great when you’re studying for courses like MCITP, where you need multiple servers and workstations. One single computer can handle the whole virtual network and there’s no worry in messing things up. I would highly recommend the use of virtual machines so that your company can benefit from the advantages outlined above.

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Cloud, The Computer and the Human Brain

March 29, 2011 Leave a comment

Comparing the human brain with the computer is like comparing a car to a bicycle. The human brain has developed in great detail over the evolutionary patterns of time, whereas the computer is a creation of our brain in infancy. What we can do to revolutionize our IT industry is to think and innovate along the lines of creating the computer similar to how the human brain works, thereby unleashing the tremendous power of calculation and memory. To achieve a state of high efficiency, similar to that of the brain, requires innovated resource management, much like the services of the Cloud.

Let’s start off with the CPU. The CPU is the “core processing unit” of the computer. It manages many parts of the hardware to make them work together. It also processes numbers and gives rise to calculations. The hotter the temperature of the CPU, the more ware is done to its parts The human brain, in contrast, uses different parts of the brain to calculate certain functions and does not use one central location to process everything like the CPU. The cooling for the brain is done through the blood circulatory system, which is similar to overclocking a CPU and using liquid cooling. Some parts of the computer do resemble the functions of the brain, such as the processing unit on graphics cards. The video processing is established much like how our rear parts of the brain use the optical centre to process vision from our eyes – a separate unit for separate functions. In fact, dreams are known also to activate the optical centre of the brain while we are asleep. In this regard, we can enhance the functions of the computer by providing each separate part of the computer with its own CPU, giving rise to more processing power. By this, I mean we can create a high-powered processing unit for audio, video, accessing system memory, inputs ( i.e.: keyboard and mouse), and for external devices like the USB and eSATA.

Memory is another hardware element that is limited in a computer. Our brains have almost limitless abilities to store information. Whenever some new information is analysed by our brains, a new neuro-pathway is created. To mimic this in a computer is hard to do as hard drives and RAM come in limited quantities. Motherboards come with limitations on how much RAM and how many hard drives can be added.

One method of creating a limitless memory system like the brain, is to use the Cloud. The Cloud has the potential of possessing limitless memory. Hard drives can be stored on servers throughout the world, which functions much like a brain. It is known that our memory doesn’t store recollections in one single area; in fact, the recollection of, for example, an elephant, would use different locations of the brain to provide you with he memory of what an elephant looks like. Similarly, the Cloud can be used to allocate memory from different parts of the world.

Just as computers have audio units, so do our brains. Specific areas of the brain control how we hear and interpret sounds. Outsourcing the audio to the Cloud would require too much bandwidth and it would probably be best suited for being local to the PC.

Nevertheless, the Cloud has enormous potential to transform our computers into a working mesh like our brains. The CPU can be outsourced to the Cloud where multiple CPU’s or super computers process the information and send it back via the web. This is already happening, memory resources on the Cloud, as mentioned earlier, are working much like how our brains store information that is to be recalled. Thus, the similarities and contrasts between the Cloud, the computer, and the human brain are many and both can help each other in fields of medicine and technology.

Filed under GPIT Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security for Your Business – Part 1

March 25, 2011 2 Comments

Security is essential for any business running IT systems. These days there are more threats than ever before, and to keep guard is one of the requirements for any IT-business infrastructure. This series on data security measures for your business entails topics such as basic terminology of attackers, different attacking methods, statistics of IT security, and how to secure your network.  There are many types and classifications of threats and we will go through some of them in this part of the series so your organization has the insight and knowledge to properly understand these critical issues.

Why is Security for Your IT Systems Important?

If your security is breached it means that your data can be stolen, altered, or destroyed. Serious issues such as the loss of privacy and theft of information can land your company in legal turmoil. It is hard to determine how secure your network should be because the more secure your network is, the less accessible are the resources on the network. Your organization has to determine the fine balance between having more access to certain network resources, but having less security, or having less access to network resources and having more security.

Security Threats are Rising

Attack tools and methods have drastically evolved and have become easier for even novice users to break through data security walls using the simplest of tools. Here is a brief look at how attacks have evolved over the years:

  • 1985: Password guessing and code replication
  • 1990: Password cracking and war dialing (calling lists of numbers to hack into phone systems, fax machines, and computers)
  • 1995: Viruses, including Love Bug, Nimda, and Code Red
  • 2000: Trojan horses such as Back Orifice
  • 2005: Worms including Blaster, MyDoom, and Slammer
  • 2010: Packet sniffing, social engineering, and phishing

Attacks that once involved deep knowledge of computer and computer systems can now be performed by entry level computer enthusiasts. This is because many of the attack tools, such as password cracking, have been simplified to the extent where even beginners can take advantage of them. Some of these tools come with easy-to-use graphical user interfaces that make them easy to understand and use for beginners. This has resulted in people committing computer crime where they previously would not have.

Terminology You Should Know

White Hat: A hacker who seeks vulnerabilities in systems and exposes them for the purpose of having them be fixed. A white hat hacker is a good guy who uses his or her knowledge to improve the security of a system.

Hacker: A computer programming expert who can use his/her computing knowledge to bypass systems. This term is usually associated with a negative connotation and generally refers to anyone who bypasses security systems.

Black Hat: A hacker who gains unauthorized access to systems and uses it in a negative way. For example, one who steals information for monetary gains or compromises systems with a malicious intent.

Phisher: A person who sets up fake links to websites and dupes people into giving their personal information, such as passwords, and then uses that information for personal gain, i.e. stealing money from their bank account.

Attack Methods

There are many types of attacks and they can get confusing. A few attacking methods mentioned here are intended to give you a “heads up” on how these attacks are executed.

  1. Social Engineering: This is one of the simplest of attack methods. One simply dupes the other party into giving critical information that is in turn used to gain access. Phishing, as mentioned above, is of this classification. I have heard of companies who have had their security systems compromised simply by a phone call of a person pretending to be the president of the company, who had forgotten his/her password. The employee on the other end believes it is the actual president and offers him/ her access to the computer systems. This attack can be mitigated by constructing and following a security policy for your company.
  2. Viruses: These little pieces of software code can do a lot of damage to the integrity of your computer systems. These codes are written to infect computer systems and to either render them useless or take over the systems. Some of them ask for money in return for leaving the system unharmed. I would include worms, Trojan horses, and malware in this category as well. This attack method can be mitigated by using an up-to-date virus scanner.
  3. Password-cracking: One of the most used password-cracking methods is known as Brute Force. Basically this techniques cycles through different combinations of characters hoping that eventually it will get the right combination and break through the system. It is always recommended that the password you set should be a “strong” password, meaning that it should contain small and large letters, numbers, and unique characters, such as “$”, “@”, or “&”. Setting a strong password will hinder the brute force method.
  4. Sniffing: This method commonly refers to the ability of the hacker to “listen” in on network traffic and thereby discover the passwords. This can be easily accomplished by using network tools (i.e. WireShark) to drop in on computer conversations on the network and capture the usernames and passwords. There are many other techniques that allow the hacker to gain access, such as the man-in-the-middle technique that places the hacker in the middle of the conversation of two network computers, and then the hacker is able to intercept the username and password to gain unauthorized access.

Data Security for Your Business – Part 2
The next article in this series takes a look at the statistics of IT security.

Filed under Exabyticals Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Follow

Get every new post delivered to your Inbox.

Join 402 other followers