Wednesday, 17 December 2014

Pocket Protection



Are you concerned about security on your mobile device? It's no secret that mobile users have been hacked in the past and had their personal information stolen. But is mobile security getting any better? Here are a few things you need to know about the current state of mobile security.

Apps Can Protect You Or Hurt You

Image via Flickr by William Hook
Many app developers understand the risks that occur by having a mobile device and using it to access different networks, files, and applications. That's why several trusted app developers have released security apps designed to warn you of dangers and to keep your data safe. For instance, the 360 Security - Antivirus&Boost app for Android is designed to protect your device from malware and viruses. Others like Find My iPhone will help you locate a lost or stolen device and even lock your smartphone so that thieves can't access your private data.


The downside to smartphone applications is that even though there are apps that can protect you, others can hurt you. For instance, you might think you're downloading a seemingly safe application when in reality there's a virus piggybacking on the download. Furthermore, top-rated apps may become prime targets for hackers, meaning that even the best apps aren't always completely safe.


The good news is that an increasing number of app developers are using encrypted data to keep your information further from the reach of hackers. For instance, the cloud storage service Spideroak encrypts data at every stage of the process, making it a bit safer than options like Dropbox that don't.

It's In the Fine Print

Before you download an app, be sure you're checking what the app has permission to access on your device. An application may not be damaging in the way that it installs malware and viruses without your consent. In fact, you may simply be giving the app permission to access your files. If an app does compromise your privacy, it could be because you've allowed it access to do so, though.


The good news is that in app stores like Google Play, you'll see a list of what the app is asking permission to access. You'll want to read through the full list before accepting the terms, so that you're not surprised later by how the app gains access to and uses your information.

File Sharing Raises Concerns

Mobile devices and their complementary cloud-based storage apps raise many concerns, particularly for businesses. The security threat here is that people are concerned that sharing files could lead other users to forward sensitive information. The further this information is distributed, the more vulnerable it is.


According to 2013 research into the state of mobile security, the second top concern with BYOD aka Bring Your Own Device was that users would be able to forward company data onto cloud-based storage services. This grave concern fell behind only that of lost or stolen devices.


It's clear how this may raise concerns for businesses allowing individuals to bring their own devices to work. As an individual, however, this should also be a concern. That's because even if you delete sensitive data on your device, such as photos, contact information, etc., it still survives on cloud storage services and on devices of anyone to whom you've forwarded the file. Even if you're the only one with the file, that digital data is never gone. Today, it's still a huge worry for many people about where the copies of their files are and how susceptible the information is to being breached.

The Bottom Line

While there are still a lot of concerns surrounding mobile security and the protection of your device -- including even physically protecting your phone from damage and water -- there have been improvements. For instance, more applications are taking security measures to encrypt their data and create constant updates to stay out of reach from hackers. In addition, operating systems like Google's Android 5.0 Lollipop OS are becoming more secure.



How do you feel about your device and its security?
Read more

Wednesday, 7 May 2014

5 Common Hacks & Advice on How to Defend Against Them



You may think that hackers are excessively clever people who are coming up with improbable hacks around elaborate security systems, and some are, but most rely on a few old tricks that have been around for years.

I am going to look at 5 common hacks that are used so that you can become aware of them, as knowledge is the first line of defense. I will then give you some actionable advice on what you can do to defend against these common hacking techniques.

Common hacks 1: Bait and switch

There have been countless ‘bait and switch’ scams over the years. I’m talking “years” as in over the last century. Things haven’t changed much in the computer age as bait and switch style hacks are still used.
Commonly, they’ll buy legitimate advertising space on websites. The hacker will switch the link contained within the ad from the approved one to a malicious one, or they’ll code the legitimate website to take the user to a malicious site. Clever hackers will give away something free, like a website counter, and allow thousands of websites to use it - and then switch it out for something like a nice fat JavaScript redirect.
How to defend: Given the large variety of bait and switch hacks out there, it’s difficult to give advice on them. The first point is to make sure that you understand that anything you don’t control can be manipulated. If it isn’t your web counter, someone can exploit it. If you didn’t find the website yourself, the ad can direct you somewhere you don’t want to be. These can be defended against by simply going to trusted resources for your web counters, or doing your own search for the content within the ad.

Common hacks 2: Cookie theft

Cookie theft, also known as session hijacking, enables people to assume your online identity on popular websites. This allows them to log into your accounts, taking over your social media accounts, as well as making purchases in your name.
To make matters even worse, there’s even a program called Firesheep that allows people to do this with a few clicks while using another trick we’ll talk about next, the fake wireless access point. All it takes is a few clicks, and they’ll take over your identity.
How to Defend: Try to always use websites that have secure development techniques and the latest cryptography. A tool that can help you do this while using Google Chrome is called KB SSL Enforcer.
The KB SSL Enforcer plug-in forces your browser to go to the most secure version of websites. This will be the one that starts with HTTPS, with the ‘s’ being ‘secure’ and referring to TSL cryptography. It is not 100% protection, but it does make things more difficult. If hacking you is a challenge, hackers are more likely to move on to someone who hasn’t read this list!

Common hacks 3: Fake Wireless Access Points

Everyone loves free wifi, including hackers. How this hack works is a hacker will set themselves up in a public location, a coffee shop, restaurant, airport, or public library as examples. They’ll establish a fake wireless access point (WAP) of their own and name it something that makes it sound official: “McDonalds Free WiFi” or “Laguardia Free Connection.”
Those who are looking to make a quick connection, for free, will then establish a connection to these WAPs. There are two ways that a hacker can steal information. The first is that they can set it up so that you have to enter a username and password to connect. Most people use a common username and password for these quick “set it up and forget it” accounts. Hackers will then take that information and use it to try to log into your Twitter, Facebook, Amazon, iTunes and other popular accounts. This is one example of online identity theft.
The other way that a fake WAP will work is by the hackers just sifting through the information that is going through the connection and taking whatever isn’t protected or encrypted.
How to defend: First, ask the proprietors of the establishment what the correct name is for their WiFi. That’s the easy one. Next, be sure to always use a unique password and login for public WiFi. It may be a pain, but it’s your best form of online protection.
To protect against those who sift through and steal information that isn’t encrypted, use a personal VPN to encrypt all of your communication. You can read more about top VPN services over on the blog I work for.

Common hacks 4: False file names

This work by tricking people into clicking on files that look enticing, like BeyonceNipSlip.avi, but are actually files full of malicious code when opened.
One of the most famous examples of this right now is one known as the Unicode character switch. It fools computers into displaying a file that is actually BeyonceNipSlip.exe (an executable file that can tell your computer to do things) as the less harmful looking BeyonceNipSlip.avi (.avi being a video file).
You then open it thinking you’re going to see a video of a small slice of heaven (sorry, clearly Beyonce biased), and instead get a computer full of something bad.
How to defend: This is one of those instances where you have to do your homework. If someone is sending you a file, be sure that you know what the full name is with the extension. If you don’t know who is sending you the file...don’t open it! If you have a virus scanner which allows you to scan individual files before opening them, put it to work.

Common hacks 5: Wateringhole attacks

Watering hole attacks can be related to point 3, but with more focus and malice. Hackers will scope out a common place where employees of their target company hang out for drinks, dinner, or even online social platforms - a ‘watering hole.’
These employees are often more relaxed about their security, but since they’re with co-workers they’re still prone to discussing business matters. The hackers will then either install fake WAPs in the physical location that they gather to get company credentials, or they’ll install harmful JavaScript redirects into the online places that these people visit.
The hackers will then use the login details or compromised workstations to gain access to the inner workings of a company. Notable wateringhole attacks have happened to Apple, Microsoft, and Facebook.
How to defend: Making it known to your employees is the first step. They can not use their same credentials on their workstation and on these types of sites, or in these locations. Like it or not, in today’s digital world, your employees have to act as if they’re always at work.


About The Author:
Marcus is the resident security writer over on the Best VPN Providers blog. He writes about internet security issues, occasionally goes on rants about the government, but doesn't go too far off the rails...most days.
Read more

Tuesday, 29 April 2014

Cyber Security Defense Strategy: 7 Steps to Effective Network Segmentation

Many of today's networks have a flat structure that sets up no barriers between disparate systems. Organizations may wall off SCADA systems from the rest of the network, but they fail to limit unnecessary communication paths between other network nodes. Too often, systems like CCTV, manufacturing control, alarms and building access control live on the perimeter of a network with no limits on internal access. For example, attackers can compromise the workstation that maintains access control functions. They can then disable door keypads, compromise building security, steal data and manipulate power distribution.
In a world that has seen exponential growth in cyber security threats, network segmentation limits an attacker’s movements, protects proprietary information and prevents unauthorized access to sensitive data. The process brings together logical groups of users, applications and assets. It then ensures that these groups don't interact unnecessarily with one another. The key is to balance segmentation for cyber security with the organization's need for agility and rapid workflow. It's a long-term process, and the implementation timetable will differ depending on the size and complexity of the organization.

1. Take an Inventory of Machines

Few organizations know exactly how many machines they own. They also may not know who's using those machines, and they may not even know where to find what they have. For this reason, taking an exhaustive inventory of every machine is crucial to starting the network segmentation process. These machines may fall into these categories and more:

  • Windows and UNIX servers
  • Development servers
  • Financial servers and workstations
  • HR servers
  • Security devices
  • Other network infrastructure

In particular, pay attention to equipment that’s controlled by system administrators. One compromised system administrator laptop can give an attacker access to a wide range of functions and employee credentials.

2. Decide How to Protect Each Machine

A Windows server in one location may not need the same level of protection as a Windows server in another location. Therefore, after taking a machine inventory, categorize the machines according to the type of protection that each machine requires. Once you know what you have and what it does, then you can make decisions regarding how to protect each asset.

3. Take an Inventory of Personnel Including Which Machines They Can Access

Make a list of every person in the company and which machines they can access including workstations, notebooks and mobile devices. Then, ask yourself whether these people actually need every machine they have. In the previous step, you decided how to protect each machine according to its characteristics and functions. Now, make more decisions about protection by factoring in whether the receptionist or the CEO is using the machine.

4. Create an Initial VLAN to Isolate a Low-Maintenance Group

Instead of trying to tackle a company-wide segmentation, start by creating a virtual LAN (VLAN) for a low-maintenance group of workers. Good choices include the legal department, accounting and human resources. Start by monitoring the group and monitoring all traffic in and out of the servers so you can understand what the group accesses and how workflows actually happen. As you learn to understand your initial group, you can expand your segmentation efforts to other groups.

5. Create a Default Deny Ingress Rule for Each Group

Starting with your pilot group, develop a default deny ingress rule so that other users, machines and applications can't interact with that segment of the network. Every time you implement a new default deny ingress rule, prepare for some problems. For instance, if the CEO can no longer access a desired financial report, prepare to apologize profusely and to quickly fix the problem.

6. Prepare for New Equipment Needs and Personnel Training

Old equipment may not be able to handle your segmentation. For example, you might have to purchase a new router if the old one can't implement your new access control list. Also, you'll have to train personnel to navigate through your segmented network. They should understand why they no longer have access to certain areas.

7. Refine Your Groups Over Time

No matter how much time you spend trying to understand business drivers and workflows, you're going to make mistakes that people will find disruptive. Refine your group structure and protection strategies as you learn, and give yourself a generous timeline to implement a full network segmentation strategy.
Read more

Friday, 25 April 2014

Need for Speed: How to Keep All Your Devices Running Quickly and Smoothly


Have you noticed that your computer, tablet, or phone is not running like it used to? Your device may run super fast when it’s brand new, but after awhile it is common for it to slow down. There are several reasons that your device might be acting sluggish, but know that these problems aren't just due to old age. There are a few things you can do to help get your device back to it's top performance level. Read ahead to learn about a few ways you can help your device speed along and prevent it from slowing down in the future.

Get Rid of Unnecessary Files and Apps

Tablets and smartphones tend to get filled up fast with apps, because it’s so easy to connect and download them. This can result in too many apps piling up on your device, many of which you never use. Go through your apps from time to time and delete the ones you don’t need. You can even delete those that you only use once in awhile and download them again when you need them. You'll be surprised at how many apps you accumulate over time, and even more surprised at how much your device speeds up once they are cleared away.

Protect Against Viruses

PC users know that viruses have the potential to wreak havoc with their computers. The same is true for some tablets. Like Mac computers, iPhones and other Apple devices don’t have a high risk of viruses, but if you have an Android or Windows device, you should head to the app store and download a good anti-virus app. There are plenty of anti-virus apps and programs, some are free, and some cost money, but the most important thing is that you download one of these protection systems as soon as possible.

Close Programs and Apps When Not in Use

Tablets and smartphones are not really designed for easy closing of apps, and generally all the apps you use stay open all the time. You can get a task manager, which is an app that will automatically close multiple apps with one touch. Similar programs exist for computers. These can close unnecessary background processes that are using memory. You may not realize how many apps you have running, but if your battery starts to drain quickly, this could be because you're running too many apps at once. Closing out of programs you have been using will help out a great deal when it comes to giving your device a little speed.

Avoid Flashy Personalization Options

Devices and computers promote cool technology like “live” wallpapers that move and high quality graphics and icons on the desktop. According to professionals of thelocalcircuit.com who specialize in laptop repair in Denton, TX, these things use a lot of memory and slow down your device. Resist the temptation to use flashy personalization options and go with basic wallpapers and icons because these can really put the brakes on your device and make it difficult to complete simple tasks.

Clean Your Screen

For touch screen devices and computers with touch screens, something as simple as neglecting to clean your screen can slow things down. If you don't clean your screen regularly, tiny substances will build up on the surface of the screen. You might not even be able to see anything on the screen, but that doesn't mean there isn't anything there. Cleaning your screen will allow the device to recognize your touch more quickly, allowing you to perform tasks right away. Plus, cleaning your screen will clear away any germs or bacteria that might be lurking on the surface.

Keeping you device at top speed is easy; it just takes some regular maintenance on your part. A good method is to run through a short series of maintenance tasks on the same day you do a regular backup. That should keep your computer and devices in top shape and keep you more content as you quickly run through tasks without any loading or extra frustration.
Read more

Thursday, 24 April 2014

Why is Security for Your Business Important?


Did you know that in 2010, over 1000 workplace homicides took place in the United States according to the CDC? Did you know that 2% of all sales revenue, on average, is stolen annually by employees?

Did you know that having on-site security reduces your chances of being robbed by 85%?

These are just a few of the reasons why every business, regardless of size, income level, or specialty, needs to focus on protecting their business both physically and electronically.

Workplace Homicide and Assault

Workplace assaults reach in the tens of thousands annually. Each instance opens a company up to a potential lawsuit. These lawsuits can add up to millions of dollars in damages and legal fees for the companies and so investing in some security can be a very smart move.

Strong HR polices aren't always a deterrent from homicide or assault in the workplace. Having on-site security present can reduce liability in the event of something unfortunate happening. Security can also reduce the chances of an attack occurring at all. When managing a large company and mixing all different types of personalities you should definitely invest in some physical security to protect your employees and the company's assets.

Theft

Theft is a major problem in the workplace. Whether it be physical property stolen or intellectual property stolen it can pose a serious problem. Companies report between 2 and 5 percent of their income has been lost due to theft both within the company and outside. This can be theft of office supplies, computer equipment, or currency by employees. It can also mean theft of merchandise by customers which could be avoided if precautions are taken. With items like security locks from Security Centers in Southern California you can be sure to protect your business from thieves.

A security detail can monitor the entire company to ensure profits are not walking out of the door. The cost to protect against theft is a fraction of the overall cost of theft in a company. A visible security guard can reduce theft by as much as 50% or investing in some anti theft security software can help guard your property from malicious intentions.

Identity Fraud

Identity theft costs American companies nearly $25 billion per year. Scams pilfer another $2 billion from corporate coffers. While no one can completely prevent all forms of identity theft or scams, having security teams monitoring email traffic for key words or known phishing attempts can dramatically reduce the likelihood that it happens in your company.

Having a computer security expert working to protect your business can save another 3 to 7 percent of anticipated profits annually. Corporate security is not longer about physical security. Computer security is just as important.

Experts expect the rates of computer scams and identity theft to continue. Estimates put total losses at over $50 billion annually by 2020.

Hiring a team of security professionals and security software can help protect your online and physical assets can seem expensive but the price of not acting can be significantly greater if your business is compromised.
Read more
 

Follow Us

Receive all updates via Facebook. Just Click the Like Button Below

Total Pageviews


DMCA.com

Latest News

Pentesting Tools

Gags