Making Sure Your Business Is Safe And Secure For Customers

It’s vital that you learn how to protect your business and keep it secure. This is not just to keep your investment safe but also your customer’s sensitive information. If you lose this, you could lose their trust, and that will cause you to suffer great losses in profit. That’s the bad news. The good news is that it’s relatively simple to protect your business from theft and hacking. We suggest you take these steps from day 1 to ensure you never have to worry about these issues in your company.

Click For Pic

1. Use Antivirus Software

Anti virus software should be seen as your first line of defense. You need to get the best protection for your computer network that you can buy. Once your antivirus software is installed, your business will be protected from Trojan software. But, you won’t be protected from hackers or a physical attack on your business. There are other steps to take.

  2) Simplify The Purchasing Experience

Although you want your business secure, you don’t want it to be hard for a consumer to make secure purchases. If it takes too long this, will affect your relationship with the customer and ultimately could result in you losing business. To ensure this does not happen, you can use one of the many mobile identity solutions. This software will check who is making a purchase quickly based on information already obtained. If the user has a password or an account with your business they can make purchases without inputting information. This keeps your business protected while ensuring purchases can be completed with ease.

 3) Passwords And Encryptions

Of course, if you have this type of service that means you are keeping the information customers provide you with. This could be bank card details as well as personal information. It’s vital that you keep this information protected. It needs to be behind passwords and encryptions. Also, do not make the mistake of using passwords that are made of personal information. The majority of crimes are committed by someone who knew the victim.

Remember, passwords and encryptions will not always stop a hacker. But it can slow them down long enough to get caught, particularly if you have additional security.

4) IT Support

Modern IT support teams will monitor a network and check for any digital break-ins. Hackers often leave digital footprints when they enter a computer network. If you have time, you might notice them but a business owner does not usually have the time in the day to check for these signs. If an IT support team is monitoring your system, they will see the signs and take preventive action.

5) Physical Security

Finally, remember to invest in physical security measures as well. Remember that if someone does break into your offices, they will not be looking to steal physical information. Often they will be looking to steal computer files, and that’s easier if they can access the main computer system. You can prevent this by setting up your office to deter criminals from ever considering a break in.

Read More

10 Worst Internet Security Mistakes

I would like to thank securitygeeks.net for allowing this guest post. I have found many or their tutorials and articles to be extremely useful and have made me consider new ways to take advantage of the technology in front of me. I would in particular like to direct readers to this other article on internet security after you finish reading this one.

The internet is getting increasingly popular for people to use (and use it to solve more of their problems), and thus it is getting increasingly popular for crime to happen over the internet as well. Hackers are not going to go away, and with identity theft being one of the most common crimes in the United States, your internet security is something you should be taking extremely seriously.

Luckily, there are a lot of things that people are doing wrong that are easily fixed in an hour or less. Here are ten of the worst mistakes that people should try to fix as soon as they possibly can.

1) “password”

When you are choosing your passwords, what do you normally do? Do you optimize your passwords to the best security you can manage, or do you just type in “password” all of the time and let it be?
You should never pick a simple password, anyone wanting to get at your data will probably try out this list of commonly used passwords before resorting to anything more time-consuming. Even if you use the same password everywhere (which you shouldn’t), you need a strong password to protect your data. Change it now if you need to.


2) Using Public Networks without Protection.

While public networks such as those found in cafés, libraries, and airports might be incredibly convenient for you and help you stay in contact with people better while saving you money on your data plan, they can be incredibly dangerous to your online security and anyone with the right equipment (which isn’t expensive or hard to use) can take a look at what you are uploading or downloading (this includes financial data) if you are not prepared.

To be prepared, you will likely want to use a VPN, which will create a barrier of sorts around your connection and safely connect you to an outside server which will do your browsing for you and send you the data you need over that secure connection. This way no one will able to steal your data or know what you are doing.



3) Using Questionable Websites

This one doesn’t need much explanation. If a website is offering something that looks too good to be true, it is likely too good to be true. Also, make sure the website is as secure as possible, and don’t give your information to anything you aren’t 100% comfortable with.


4) Downloading Unknown Files

Whenever you download any file whatsoever, you should make sure exactly what you are getting. If you allow a file to be downloaded and activate on your computer then you are giving permission for that program to wreak havoc inside of your computer before you can possibly fix it. If you aren’t sure what it is, I can promise you that you don’t need it (or at least from that website).


5) Not Using an Internet Security Suite

This should go without saying, but you need internet security programs on your computer for it to function as a machine that connects to the internet for more than two months. A lot of people still don’t use them, and it usually leads to their ruin.


6) Not Checking and Clearing Cookies

Cookies and small programs or bits of information that are usually saved in your browser when you check a website or do something on it you want saved. Most of the time cookies are a good and useful thing that will save you time re-navigating pages you use often.
That all being said, sometimes cookies can be malicious and they might track your computer or take in data that you don’t want going anywhere. Every once in a while you should go into your browser’s options or settings (depends on the browser) and delete any cookies you don’t feel comfortable having on your computer.


7) Giving Out Too Much Personal Information

Maybe you need a strong public internet presence for one reason or another, but a lot of people don’t need to have everything out there for people to find when they are just using the internet for E-mail and Facebook. Try to figure out your own footprint on the internet and what people can find out about you if they look. Try to get rid of whatever you don’t want.

8) Neglecting to Update Your Computer

As incredibly annoying as those Windows security updates can be, forcing your computer to restart, they are usually there for a reason. If you are not updating often enough, you are vulnerable to whatever breach or loophole in the security that was patched up in the update (and that everyone knows about now that there was an update about it). Try to update any security related programs you have on your computer as soon as an update is available.


9) Failing to Keep Up to Date on Current Events

While this doesn’t mean that you need to have your head in the virtual tech newspapers every morning, you should try to stay abreast about whether any major websites are currently under attack or if there are any reports about a security leak which you might need to respond to. A quick glance over the major news sites and checking your email frequently should be enough to keep you informed.


10) Not Having a Backup Plan

Despite most people’s best efforts, sometimes there will be nothing you can do to prevent a security problem that will require your active attention. For this you should have a plan of what you are going to do and how you are going to quarantine the problem and keep your important information safe.

This means that you should try to have some backup drives in use and perhaps use a safe cloud storage program so you can restore everything you need to. Time will be of the essence, and you will not want to waste your time backing up your possible compromised files.

I hope that these security tips help you to create a strong defense against hackers and malware that intend to make your day a nightmare. Thank you for reading.

Read More

Just How Safe Are Cloud Solutions from Hackers?

I would like to thank securitygeeks.net for allowing this humble guest post, and would also like to thank them for all of the other interesting and informative articles that they provide. In particular I would like readers to check out their articles on security and app development.

Cloud computing and cloud storage are some of the most recent big developments in the technology sector, with millions of users tapping into the service and making the most of offsite solutions for either themselves or their company. That being said, you are trusting your data and/or computing to be done off-site where it is relatively out of your control. This leads to the question of “Just how secure are cloud solutions from those who want to get at my data?” To answer that, we’d need to look at it from both the server end and the user end, and ask a few other questions.

User-End Security

A lot of how much you can depend on the security of cloud storage depends on you. If a hacker gets into your user data and uses it to log into some of your accounts, even the safest measures by a company looking to keep you safe won’t be of any help.

Your biggest risk is if a hacker manages through one method or another get ahold of your password and username and then uses that to directly log into your account and create all sorts of problems for you, possible even trying to steal your account outright. If this should happen your financial data is also likely at risk due to the method you likely paid for the cloud service, so you need to change your password to a strong one and change it often.

Also you should keep an eye out on who you share your files with, otherwise a hacker might take advantage of someone else and use that connection to get at you in some manner over the cloud. Try not to give permission where it is not needed and you should be relatively safe, but not completely immune to hackers.

Server-End Security

Most information technology companies take the security of their customers very seriously, knowing that if there were ever even a minor data breach that were to get publicized enough, they would lose costumers or users by at least the hundreds of thousands. In addition, many of the companies that offer cloud computing are the safe ones that have their own security departments and will have the best minds in the field constantly figuring out ways to think ahead of hackers.

However, hackers will often work together to crack a server with a large enough reward, and as we have learned from the recent celebrity leaks, cloud storage is not invulnerable. Also, a single employee can easily create a major breach whether it is through malice or negligence. That is not a risk to take lightly, and hackers will take advantage of every last thing they can find (or make new breaches when there are none readily apparent).

That all being said, hackers are not the only thing you should think about, and you need to focus for at least a little while on how much you trust the company you are having store your data. Do you think they are going to use it themselves for research purposes? How do you think they would react if they found out if they got hacked? Would they warn their customers?

Public Networks

You should also note that, if you use a cloud solution, that means you are going to need a constant internet connection. If you are using a laptop or smartphone on the go this likely means that you will be using a public network. Public networks are dangerous, especially with the amount of data that cloud solutions send and receive all of the time. 

On unprotected public networks hackers in the vicinity with extremely simple setups can read all of the data is sent over the network, and this can include passwords, usernames, financial information, and many of the things that are sent over cloud computing and storage. This makes using cloud computing unprotected very risky in public places.

If you really want to use it, though, and there are certainly benefits (laptops often don’t have much storage space compared to other computers), then you will like want to use a solid Virtual Private Network. With it your computer will establish a safe connection with a secure outside server that no one else will be able to access. Over this connection you will be able to send your cloud computing data and you will be able to safely do whatever you need to while out in public.

What Will You Use It For?

A lot of how much you should rely on the security of cloud solutions depends on what you use them for. Most hackers are not really interested in your music collection or your family photos from that trip to Venice last year. They will however be interested in documents relating to your place of business, any financial or personal data that you might have, or anything incriminating that they can use against someone in a desperate situation. If you have extremely sensitive data, you’re better off using a flash drive and a safe.

Therefore try to write down a list of different processes you’d use cloud computing for and what types of data you’d store on external servers. If there is nothing worrying, then you’re probably safe. If not, then take a closer look at other options because hackers might use it should the worst happen.

Conclusion

So, to answer the title question in short:  Not particularly, although you can take some decent precautions so it is fine for basic use. Thank you for reading and I hope that this article helps you make a more informed decision about which services you buy for your computer.

---

About the Author:

Caroline enjoys writing about internet security. She recommends www.securethoughts.com as a great resource for learning about protecting your data and staying safe online.

Read More

Top Tips to Secure Your Android Phone from Getting Hacked

Your mobile devices or even mine for that matter, house every sort of data imaginable. Think of all those selfies and the videos, synced bank accounts, Social Media as well as email accounts or contacts with their full details. It goes without saying that by storing all the information on a single (or multiple) device, we all face potential threats from hackers, who stealthily gain access to your smartphone or tablet and steal valuable information without your knowledge. The situation is worse in the case of Android phones.

One of the biggest weaknesses of the Android platform lies in the way in which the apps on a device communicate crucial information with servers. As is obvious, most of this communication is unencrypted and paves the way for hackers to exploit this vulnerability. Other than the issue with encryption, third-party advertising software can also leave your Android smartphone exposed to hackers. This is just the tip of the iceberg.

The scenario is scary because a hacker can not only access crucial/sensitive data, but also use your identity on various Social Media accounts and act as an imposter, carry out financial transactions from your bank accounts, hold your device hostage and most importantly, spy on your day to day activities and leak out sensitive information about you. Sounds scary right? What if I also tell you that these hackers can put your smartphone in a Botnet and carry out an array of illegal and fraudulent activities? Yes. Therein is the actual threat.

How to detect whether or not your Android device has been hacked?

Now there are no steadfast rules, but some telltale signs that will surely help you detect whether or not your Android device has been hacked. Take a look at the pointers that I have compiled to know which are these signs.

• You get a long mobile bill that you have no clue about and it includes calls that you never made and SMSes that you never sent. The same holds true with bank transactions, which you never carried out. Both are signs of your mobile data being compromised at some or the other point of time.
• Your mobile acts weird, even when the device is new. For example, certain apps might open and close on their own or send out texts without you doing as much as tapping the screen for approval is a sign of your device being hacked.
• Your mobile battery is draining faster than ever. Of course, there are many other factors that can lead to this such as apps that consume a lot of battery power when they run in the background. But we can’t rule this point out.
• Your phone runs extremely slow and keeps on getting hanged or restarts several times in a day. This can be caused by a malware or a hacker trying to modify some data in your device.

These situations can easily be done away with, if you know some top tips that are listed below to secure your Android phone.

1. Always keep the software of your device updated: One of the key loopholes that malicious software look forward to is the outdated software of mobile operating systems. Therefore, when you update the software on your smartphone, you automatically reduce the risks of falling prey to hackers and malware. So, the next time an update notification pops up on your screen, remember to tap it and approve.
2. Avoid third-party app stores: Always make it a point to download and install apps on your Android device from Google Play Store instead of a third-party app store or even some random websites. These are unreliable sources and you never know which of the apps will be infested with potential malware that will do you immense harm. Additionally, set up a separate PIN to make all the purchases on Google Play to stop unauthorized purchases.
3. Use data encryption settings: Use encryption settings on your device to protect the data. This includes your Google accounts, application data and download information and you can enable it by going to the Security tab in Settings and checking Enable Encryption.
4. Let go of the auto-complete feature: Make it a point to turn off the auto-complete feature on your smartphone. Even if you do feel lazy and irked to type the data every time, you can be sure that your personal data will not be up for grabs to the hackers. Similarly, avoid using the ‘show password’ feature that are available for a number of apps and websites.
5. Don’t store your passwords in an app: Some people use apps that let them store all their passwords such as that of different apps, email accounts, Social Media accounts and even credit card or mobile/net-banking, in one place. This is a strict no-no. Even though the app is high quality and comes with several security features and functionalities, it is software at the end of the day that can be tampered with.
6. Avoid charging your phones in public charging points: The constant use of mobile phones drains out battery, leading us to rush and charge our devices at the kiosks, especially when we are on the go. There are also fake charging points, which are the size of a shoe-box with power supply cords attached to them. These are placed by Juice Jackers to gain access to your phones. Here is how you can outsmart them.
7. Don’t use public/Free Wi-Fi: Free Wi-Fi is definitely one of the perks that technology has bestowed upon us all. But wait. Before you use the unlimited Wi-Fi connection that comes free of cost and that too in a public network, think twice. Sending personal data over unsecured Wi-Fi makes your Android phone more vulnerable to hackers than you can ever imagine.
8. Turn off your Bluetooth: Turn off your phone’s Bluetooth when not in use. Hackers can use unprotected Bluetooth networks to gain access to your device. If you do want to pair it with another device, use passcode. Do not allow any device to automatically pair with yours as this can lead to data theft and transfer of malicious code.
9. Browse safely: I know, this is a basic step and you all are aware of the fact that browsing safe is the thumb-rule of ensuring security on the internet. But sometimes, when we are in a hurry, we hastily click on some links without a second thought. This can lead to the download of malware on your device without your knowledge.
10. Delete browsing history on a regular basis: It is also important to delete your browsing history including cookies, cache and stored passwords, if any. Removing your virtual footprints will help your private information stay private and away from a hacker. Also, remove any temporary files stored in your phone on a regular basis.

To Conclude

In an era where practically everything is dependent on our mobile devices, taking precautionary measures to secure them does come in quite handy. Use these simple but effective tips and you will not lost sleep over your Android phone’s security!

---

About the Author:

Jason Geater leads the team at Solvusoft. They offer consumer PC optimization products that help with computer errors, edit file types, and protect online privacy.

Read More

7 Common Mistakes that may invite Cyber/Web Security Risks

Most organizations today, howsoever small or large are conversant with cyber security and the risks it addresses. Both the frequency and cost of breaches have continued to grow across technologies, security processes, employee training and customer data. According to Symantec threat report, more than 552 million identities were exposed through security breaches in 2013. The increased use of mobile devices for internet has also sparked a rising threat with 38% of users encountering some kind of vulnerability.

Hackers have continued to grow with technology. However, it doesn’t take much to make your data secure and confidential. Here are some of the top reasons why many businesses, comprising of both banks and ecommerce platforms have been exposed to an unwarranted third party.

1. Weak and common passwords

Inspite of the repeated threats, users both individuals and businesses have continued to used passwords that can be easily exposed. Four out of every five incident occurs on the basis of hunch. 20% of users would have their birth date, their pet’s name or even their girlfriend’s name as a password! Personal information is easily guessable and if you are using it as a password to your email address or bank account, you can already guess the risk. Google also suggested that strong passwords must be a combination of characters, numbers and special characters (#, *, etc) and nothing close to something that could be guessed. Below are top 10 passwords which reportedly most used password sin 2014 by users.

1	123456
2	password
3	12345
4	12345678
5	qwerty
6	123456789
7	1234
8	baseball
9	dragon
10	football

Report: Splashdata

Another thing to note here would be that 12 percent of users have stored or shared their passwords through text massages, written it down on paper, on the desk, etc. This can encourage a breach.

2. Not using SSL certificates

SSL certificates are applicable to websites. SSL or Secured Socket Layer acts as a cipher code that can only be recognized by the users at both ends – the customer and the seller. Even if the information is hacked by a third party, the data is rendered incomprehensible. Using SSL certificates not only secures the information passed online but also helps build the customer’s trust.

SSL Certificates are most important factor for every business including eCommerce because it prevents cyber threats and secure online transaction details with high encryption feature. ClickSSL is leading SSL Certificates provider in the business which provides major types of SSL Certificates from trusted brands and allows businesses to secure their website from cyber threats.

3. Using untrustworthy plugins and software

The evolution of open-source era has really made web and app development easier. However, you never know the real motive. Hidden in the script could be some lines of codes that can give access to critical information once you have installed it in your system. Whenever you are downloading a third party software or plugin, ensure that it comes from a trusted developer and vendor.

4. Not hiring Cyber Security Specialist

The complicacy of cyber crime has matched shoulders with technological innovation. Consequently, only a professional has the key and knowledge to identify bottlenecks and curb a threat before they start to work to the advantage of the hacker(s). A cyber security professional doesn’t just ensure that you have a secure website but also gives you precisely tailored advice and tools to make your platform invulnerable. Consequently, most big businesses and brands have started investing in cyber security that ever before.

5. Missing device protection

Mobile devices can be easily stolen. Without necessary access protection installed into the device itself, it can be a wealth of information for a cyber criminal. Again, more than 86% of users use free Wi-Fi without checking for a secure connection. Any transaction made while using this connection makes your information vulnerable. Expert’s advice to always logout after a session has ended; using secure connections and always password protect access devices.

6. Clicking every advertisement randomly

Most pop up ads and redirected web search are for malicious purposes. Use internet wisely and never click of anything without knowing where it will lead to just because it made you curious. In recent article on ComputerWorld says that malicious ads on major sites helping attackers to compromise many computers.

7. Missing backups

Syncing information is vital as it serves a way to retrieve lost information after a cyber attack and wipe-up. You never know when there could be a breach and you land up in emergency.

Cyber crime is always well organized and done by some of the smartest minds. They are aware of every bottleneck and loopholes and it is your job to ensure complete protection.

---

About the author:

Niraj Bariya working as a Online marketing executive at OLBUZ having more than 1.5 yrs of experience. He loves to write about Digital Marketing, Social Media & eCommerce industry. Connect with Niraj Bariya on Linkedin.

Read More

5 Common Hacks & Advice on How to Defend Against Them

You may think that hackers are excessively clever people who are coming up with improbable hacks around elaborate security systems, and some are, but most rely on a few old tricks that have been around for years.

I am going to look at 5 common hacks that are used so that you can become aware of them, as knowledge is the first line of defense. I will then give you some actionable advice on what you can do to defend against these common hacking techniques.

Common hacks 1: Bait and switch

There have been countless ‘bait and switch’ scams over the years. I’m talking “years” as in over the last century. Things haven’t changed much in the computer age as bait and switch style hacks are still used.

Commonly, they’ll buy legitimate advertising space on websites. The hacker will switch the link contained within the ad from the approved one to a malicious one, or they’ll code the legitimate website to take the user to a malicious site. Clever hackers will give away something free, like a website counter, and allow thousands of websites to use it - and then switch it out for something like a nice fat JavaScript redirect.

How to defend: Given the large variety of bait and switch hacks out there, it’s difficult to give advice on them. The first point is to make sure that you understand that anything you don’t control can be manipulated. If it isn’t your web counter, someone can exploit it. If you didn’t find the website yourself, the ad can direct you somewhere you don’t want to be. These can be defended against by simply going to trusted resources for your web counters, or doing your own search for the content within the ad.

Common hacks 2: Cookie theft

Cookie theft, also known as session hijacking, enables people to assume your online identity on popular websites. This allows them to log into your accounts, taking over your social media accounts, as well as making purchases in your name.

To make matters even worse, there’s even a program called Firesheep that allows people to do this with a few clicks while using another trick we’ll talk about next, the fake wireless access point. All it takes is a few clicks, and they’ll take over your identity.

How to Defend: Try to always use websites that have secure development techniques and the latest cryptography. A tool that can help you do this while using Google Chrome is called KB SSL Enforcer.

The KB SSL Enforcer plug-in forces your browser to go to the most secure version of websites. This will be the one that starts with HTTPS, with the ‘s’ being ‘secure’ and referring to TSL cryptography. It is not 100% protection, but it does make things more difficult. If hacking you is a challenge, hackers are more likely to move on to someone who hasn’t read this list!

Common hacks 3: Fake Wireless Access Points

Everyone loves free wifi, including hackers. How this hack works is a hacker will set themselves up in a public location, a coffee shop, restaurant, airport, or public library as examples. They’ll establish a fake wireless access point (WAP) of their own and name it something that makes it sound official: “McDonalds Free WiFi” or “Laguardia Free Connection.”

Those who are looking to make a quick connection, for free, will then establish a connection to these WAPs. There are two ways that a hacker can steal information. The first is that they can set it up so that you have to enter a username and password to connect. Most people use a common username and password for these quick “set it up and forget it” accounts. Hackers will then take that information and use it to try to log into your Twitter, Facebook, Amazon, iTunes and other popular accounts. This is one example of online identity theft.

The other way that a fake WAP will work is by the hackers just sifting through the information that is going through the connection and taking whatever isn’t protected or encrypted.

How to defend: First, ask the proprietors of the establishment what the correct name is for their WiFi. That’s the easy one. Next, be sure to always use a unique password and login for public WiFi. It may be a pain, but it’s your best form of online protection.

To protect against those who sift through and steal information that isn’t encrypted, use a personal VPN to encrypt all of your communication. You can read more about top VPN services over on the blog I work for.

Common hacks 4: False file names

This work by tricking people into clicking on files that look enticing, like BeyonceNipSlip.avi, but are actually files full of malicious code when opened.

One of the most famous examples of this right now is one known as the Unicode character switch. It fools computers into displaying a file that is actually BeyonceNipSlip.exe (an executable file that can tell your computer to do things) as the less harmful looking BeyonceNipSlip.avi (.avi being a video file).

You then open it thinking you’re going to see a video of a small slice of heaven (sorry, clearly Beyonce biased), and instead get a computer full of something bad.

How to defend: This is one of those instances where you have to do your homework. If someone is sending you a file, be sure that you know what the full name is with the extension. If you don’t know who is sending you the file...don’t open it! If you have a virus scanner which allows you to scan individual files before opening them, put it to work.

Common hacks 5: Wateringhole attacks

Watering hole attacks can be related to point 3, but with more focus and malice. Hackers will scope out a common place where employees of their target company hang out for drinks, dinner, or even online social platforms - a ‘watering hole.’

These employees are often more relaxed about their security, but since they’re with co-workers they’re still prone to discussing business matters. The hackers will then either install fake WAPs in the physical location that they gather to get company credentials, or they’ll install harmful JavaScript redirects into the online places that these people visit.

The hackers will then use the login details or compromised workstations to gain access to the inner workings of a company. Notable wateringhole attacks have happened to Apple, Microsoft, and Facebook.

How to defend: Making it known to your employees is the first step. They can not use their same credentials on their workstation and on these types of sites, or in these locations. Like it or not, in today’s digital world, your employees have to act as if they’re always at work.

---

About The Author:
Marcus is the resident security writer over on the Best VPN Providers blog. He writes about internet security issues, occasionally goes on rants about the government, but doesn't go too far off the rails...most days.

Read More

Cyber Security Defense Strategy: 7 Steps to Effective Network Segmentation

Many of today's networks have a flat structure that sets up no barriers between disparate systems. Organizations may wall off SCADA systems from the rest of the network, but they fail to limit unnecessary communication paths between other network nodes. Too often, systems like CCTV, manufacturing control, alarms and building access control live on the perimeter of a network with no limits on internal access. For example, attackers can compromise the workstation that maintains access control functions. They can then disable door keypads, compromise building security, steal data and manipulate power distribution.
In a world that has seen exponential growth in cyber security threats, network segmentation limits an attacker’s movements, protects proprietary information and prevents unauthorized access to sensitive data. The process brings together logical groups of users, applications and assets. It then ensures that these groups don't interact unnecessarily with one another. The key is to balance segmentation for cyber security with the organization's need for agility and rapid workflow. It's a long-term process, and the implementation timetable will differ depending on the size and complexity of the organization.

1. Take an Inventory of Machines

Few organizations know exactly how many machines they own. They also may not know who's using those machines, and they may not even know where to find what they have. For this reason, taking an exhaustive inventory of every machine is crucial to starting the network segmentation process. These machines may fall into these categories and more:

• Windows and UNIX servers
• Development servers
• Financial servers and workstations
• HR servers
• Security devices
• Other network infrastructure

In particular, pay attention to equipment that’s controlled by system administrators. One compromised system administrator laptop can give an attacker access to a wide range of functions and employee credentials.

2. Decide How to Protect Each Machine

A Windows server in one location may not need the same level of protection as a Windows server in another location. Therefore, after taking a machine inventory, categorize the machines according to the type of protection that each machine requires. Once you know what you have and what it does, then you can make decisions regarding how to protect each asset.

3. Take an Inventory of Personnel Including Which Machines They Can Access

Make a list of every person in the company and which machines they can access including workstations, notebooks and mobile devices. Then, ask yourself whether these people actually need every machine they have. In the previous step, you decided how to protect each machine according to its characteristics and functions. Now, make more decisions about protection by factoring in whether the receptionist or the CEO is using the machine.

4. Create an Initial VLAN to Isolate a Low-Maintenance Group

Instead of trying to tackle a company-wide segmentation, start by creating a virtual LAN (VLAN) for a low-maintenance group of workers. Good choices include the legal department, accounting and human resources. Start by monitoring the group and monitoring all traffic in and out of the servers so you can understand what the group accesses and how workflows actually happen. As you learn to understand your initial group, you can expand your segmentation efforts to other groups.

5. Create a Default Deny Ingress Rule for Each Group

Starting with your pilot group, develop a default deny ingress rule so that other users, machines and applications can't interact with that segment of the network. Every time you implement a new default deny ingress rule, prepare for some problems. For instance, if the CEO can no longer access a desired financial report, prepare to apologize profusely and to quickly fix the problem.

6. Prepare for New Equipment Needs and Personnel Training

Old equipment may not be able to handle your segmentation. For example, you might have to purchase a new router if the old one can't implement your new access control list. Also, you'll have to train personnel to navigate through your segmented network. They should understand why they no longer have access to certain areas.

7. Refine Your Groups Over Time

No matter how much time you spend trying to understand business drivers and workflows, you're going to make mistakes that people will find disruptive. Refine your group structure and protection strategies as you learn, and give yourself a generous timeline to implement a full network segmentation strategy.

Read More

Not Your Mom's Antivirus Software: 7 Ways That Antivirus Is Evolving to Meet Today's Threats

When antivirus was developed, an antivirus software provider would learn about a piece of computer malware. It would then record the code and enable its software to scan a computer for the malware signature. Soon, security companies began to share information about the viruses they detected. Consumers benefited from their combined efforts to stop malware in its tracks.

As the Internet has expanded and the number of connected devices has grown, the sheer volume of malware from phishing emails, from malicious websites and from other sources is more than signature-based antivirus solutions can handle. Also, today's malware is designed to morph and change to evade signature-based detection.

By nature, antivirus software is reactive. It may protect individual machines from known threats, but it doesn't stop attacks until those malware signatures are detected. Fortunately, the best antivirus software is evolving to handle today's threats. Instead of becoming obsolete as some experts have argued, antivirus has evolved in seven primary ways to become more relevant than before.

Behavior-Based Blocking

Antivirus software and deep discovery tools can detect malware based on how a snippet of code behaves. By using data analytics to review the patterns associated with known malware, behavior-based blocking identifies code with similar characteristics or operating patterns to existing malware. In addition to pattern analysis, behavior-based blocking tools analyze the reputation of the source that transmitted the code. They also sandbox suspicious pieces of code, running code in a silo to expose malware without infecting the network or end-user devices.


Web Browser Integration

Today's antivirus solutions can analyze websites and prevent users from opening pages containing malicious code. Working as a browser extension, antivirus software can greenlight safe pages and red-light potentially dangerous pages. Many antivirus extensions also incorporate privacy tools, and they allow parents to control which sites their children can browse.

Network Access Monitoring

Modern antivirus tools log network access events. They record each time a user accesses a database, a set of files or a server and make note of any unusual patterns. For example, the software may send out an email alert if a user tries to access data from an unfamiliar IP address. Also, IT can review employee logs to see if data was accessed using an unfamiliar browser or from an unusual location.

Whitelisting Approved Sites

Instead of just blocking known malicious websites, applications or data, today's antivirus tools allow IT to take a whitelisting approach to security. By default, end users have access to nothing online unless it's authorized by IT. Whitelisting removes the burden of trying to detect every possible malicious site or application. Instead, users are given access to only what they need, and they avoid exposing the company to dangerous or malicious sites that may escape threat detection tools.



Early Warning Services

Security companies are competing to sell products, but they also work as a community to protect consumers and businesses from malware threats. When one company's antivirus tools detect a new threat, that company shares the information to keep threats from spreading.

Web Crawling

Some antivirus tools offer Web-crawling tools that crawl websites looking for malicious executable code. The tools then blacklist dangerous websites from the company network, and they provide an early warning to other security companies that keep the malware from spreading.

Application Isolation

Instead of detecting threats and then quarantining them, some antivirus tools isolate applications from a computer's operating system. Applications work as they should, but if any code from the application attempts to make changes to the operating system, the suspicious code is isolated and then discarded when the application is closed. Bromium creates a microenvironment for every task an application executes. Its vSentry solution detects any code's attempt to propagate, persist or compromise the microenvironment. Polymorphic malware can be eliminated even on unpatched computers, and IT can have a full view of the attack forensics.

Ignore the hype that says antivirus is obsolete; it's still an important component of any security strategy. Security companies are constantly incorporating value-added services into their antivirus solutions. Simply put, today's security programs have made significant advances from your mother's antivirus software.

Read More

Bitdefender Internet Security 2014 Review

There are some hassles that can slow down the fastest ever computer, so if you want to enjoy the features of the technology, and then you should not stick to the security measures of the yesteryears, which are not compatible to the needs of your computer. Updated anti-virus program is what your system needs. Installing a basic antivirus is not enough to keep your system free from the hazards and threats of the hackers. You need to give much more to the PC. Plenty of antivirus software are available in the market can offer good protection; however, they are not adequate. Only a very few antivirus software can offer you complete protection like the Bitdefender Internet Security 2014.

Bitdefender- What can you get?

Bitdefender Antivirus is widely acknowledged and has won many awards for the efficiency. Bitdefender, who you can trust to the core, has three different services- Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security. Of all these, the Bitdefender Internet Security 2014 is the software that is easy to use and getting recommendations by the users.

Bitdefender Internet Security Features

Let us take a look at some of the most striking features of Bitdefender Internet Security.

Auto-Pilot Mode

With the Auto Pilot mode the user do not need to interact much with this software, which is often required with other software. The Auto Pilot mode ensures that your computer gets the maximum security. No need to struggle with the pop up messages that spring up on the screen and irritate you!

User Friendly Interface

Moreover, you do not have to worry about the security messages and notifications. Whenever you feel that you are at leisure, you can find the user-friendly box, which lets you access the notifications. . You can easily know the security status of your computer through the color codes. Green, red and yellow colors are used to denote security status and the numeric indicator tells you about the pending tasks. The best thing about the notifications is that you would not be clogged up with notifications. Only four notifications are shown at a time based on the importance of the notice.

In total there are 8 panels, antivirus, anti-spam, parental control, wallet, firewall, update, and Safego. The greatest advantage is that the user has complete control over the display of the panels. You can choose the panels you want to view most in the startup.

Advance Photon Technology

Bitdefender offers security against all the threats one faces in the online world and this is possible because of the fastest scanning technology used by this software. The photon technology is discreet, fast, has a user friendly approach and does not slow down the system during scanning.

Two-way Firewall

The two-way firewall not only protects you from the unauthorized hackers, but also protects both you're incoming and outgoing connections from the intruders.

Cool Desktop Widget

You can use Bitdefender Internet Security desktop widget 2014 with Windows 8 and XP. The use of the widget is that you can know the status of the security in your system and also the events that are awaiting your response or action. A graphical interpretation of the software’s antivirus protection can be seen in the widget. The widget also shows the firewall capability of the software.
Besides these, some of the other advanced features are strong parental control, enhanced Cloud Antispam and Bitdefender Safepay options.

Pros

The advantages of the Bitdefender Antivirus include the easy installation, ease of use, strong management of passwords, auto pilot mode, social media monitoring, password encryption and apt for home and business use.

Cons

There are a few setbacks too. The advanced features cannot be used as easy as the other features. The drag and drop option is not available for the encoded files.

Wrap Up

Overall, the Bitdefender Internet Security 2014 is the best antivirus protection you can give to your system. In the AV-Test, it has come out as the best of all the antivirus software available in the market.

Read More

[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

Among the various functions that the ike-scan can perform, it discovers hosts of IKE and also fingerprints these using a back-off pattern for retransmission. Here are some more of its functions:

Discovers:

The scan determines particular hosts that are running IKE within the IP range provided. This action is a result of the displaying hosts that respond to the ike-scan requests for IKE.

Fingerprint:

This set up helps in determining what kind of IKE implementation in network security the hosts are using. In some of the cases, it also determines the software versions that they are running. This is carried forward in dual ways. First way is done by fingerprinting with UDP back-off that involves the procedure of recording the times of the packets of IKE response from the hosts aimed, and also comparing the retransmission pattern with the existing patterns. The second procedure is done by fingerprinting with the Vendor ID that compares payloads of Vender ID from the VPN servers with the patterns of vendor id already known.



User Enumeration:



This works for some VPN systems where valid usernames of VPN are discovered.

Transform Enumeration:

It finds out which transform characteristics are allowed on the VPN server for Phase-1 of IKE. For example, hash algorithm, encryption algorithm, etc.

Key cracking that is pre-shared:

The ike-scan performs brute-forced cracking of passwords or offline dictionary for IKE Aggressive mode which has Pre-shared Key authentication. This one uses ike-scan in order to obtain parameters like hash and psk-crack, which in turn is a part of package of ike-scan, and perform the cracking.

There is a detailed description of the concept of retransmission back off fingerprinting in the fingerprinting paper of UDP back off that is supposed to be included in the kit of ike-scan as UDP Backoff Fingerprinting Paper.

The specified program sends requests Main Mode or Aggressive Mode, also known as IKE phase-1 to the specified hosts and displays the responses it receives. The ike-scan works with the retransmission and retries with back off to cope up with the loss of pocket. It also confines the amount of bandwith consumed by the IKE packets that are outbound. IKE is actually the Internet Key Exchange protocol that is the key authentication mechanism and exchange used by IPsec. Almost all the modern systems of VPN implement IPsec and most of the IPsec VPNs use IKE to enable key exchange. The Main Mode is the mode among many others for phase-1 of the IKE exchange. The other mode that is defined in similar way is the aggressive mode. The main mode is preferable implemented as far as the RFC 2409 section 5 is concerned. This proves that all implementations of IKE are expected to support the main mode. Many of them also support the Aggressive Mode.

Building and Installing

Firstly, to obtain the project source code you need to Run git clone https://github.com/royhills/ike-scan.gitRun cd ike-scan to enter source directory

Then to b able o install a viable ./configure file Run autoreconf

Run ./configure or ./configure --with-openssl to use the OpenSSL libraries

For building the project Run make

Run make check to verify that everything works as expected

Run make install to install

---

Author Bio:
Maegan Pulman is a freelance IT consultant and technology enthusiast. She is active in local and international IT events and is always on the lookout for the latest industry trends.

Read More

Understanding the Link between Social Media, ID Theft and Your Credit

Image by http://usopenborders.com

Chances are, not everyone on your social media site is someone you would haphazardly hand your credit card to. Yet, many people are treating social media sites like a trusted best friend or even an ATM when they share photos, travel plans, birthdays and addresses publicly with the world. Because of the lasting damage that identity theft can have on credit scores and long-term financial health, it’s important to break the link between social media, ID Theft and your credit.


According to the Bureau of Justice Statistics, identity theft is broken down into three segments:

• Unauthorized use or attempted use of existing credit cards
• Unauthorized use or attempted use of other existing accounts, such as checking accounts
• Misuse of personal information to obtain new accounts or loans, or to commit other crimes.

Consumers most at risk of identity theft are those who don’t regularly check their bank accounts and credit scores, which are most often children and the elderly. According to a 2012 report from Carnegie Mellon CyLab, children are targeted 35 times for identity theft more than adults, and 15 percent of the victims are under the age of five. Kids that have grown up in the social media environment are not afraid of what they share. They also don’t apply for credit and don’t have as much activity around their bank accounts so it takes longer to see if their identity has been compromised.

While the older generation is less apt to participate on Twitter, they are also less likely to apply for a mortgage, car loan or other purchase that requires a credit check. Years can go by before any unusual activity is noticed on their credit scores.

However, 12 million Americans fell victim to identity theft last year and they certainly weren’t all children and elderly. In fact, every three seconds, someone in the United States becomes a victim of identity fraud, according to Javelin Strategy & Research 2013 Identity Fraud Report. This means over 5% of all U.S. adults were affected by identity theft in 2012.

Think you’re not at risk? Go to http://protectyourprofile.org for a realistic look into what criminals could obtain from your Facebook account. It recently won a 2013 Marcom Gold Award for the realism of the experience.

Social Media’s Role

Information in social media can let criminals piece together enough of a story to steal identities without being caught. “Hackers can take family names, addresses, phone numbers and use that data to try and figure out passwords. These people can sell your information to other criminals in their network and it’s worth a lot on the black market,” says David Anderson, directory of product at Protect Your Bubble.com.

For example, a Facebook user can be duped into giving up personal information through fake posts asking for likes, votes, or clicks. These messages look legit because they appear to be sent by a friend. The user many not think twice about entering contact details like a phone number to participate in a contest, special or poll. Once they enter this personal information, they become susceptible to identity theft as criminals start to share data that may ultimately result in capturing payment credentials like credit or debit card numbers.

In fact, just this December hackers swooped in to capture login information from over 2 million Twitter, Facebook, LinkedIn and Google accounts. Facebook accounted for over half of the compromised accounts and left victims vulnerable and uncertain about just how much information the hackers consumed.

How to Break the Link

On social media, consumers must personally self-manage information and stay on top of security settings to keep their credit secure. According to the National Cyber Security Alliance, no individual, business, or government entity is solely responsible for securing the Internet.

Everyone has a role in securing their part of cyberspace because individual actions have a collective impact on making the Internet more secure. What role can you play? Here are five simple steps you can take to unlink your social media account from your credit and from the risk of identity theft.

1.  Take the time to review credit card statements each month for fraudulent charges.
2.  Remember when you share information on social media, it’s not in a bank vault.
3.  Choose a secure password that doesn’t include your birthday or pet name. Make passwords at least 8 characters long, combining uppercase and lower case letters, numbers and symbols.
4.  Alternate passwords for different accounts. Using the same password on Facebook as your online banking is a huge risk.
5.  Never send money based on a Facebook post or message. If you get a request from a friend that seems out of character, be aware that their account may have been hacked and ask them directly rather than assuming it is a legitimate request.

Don’t let thieves ruin your credit or financial stability. Learn more about keeping your identity and finances safe at http://us.protectyourbubble.com/id-theft. Please take steps to protect yourself and share this information with others to help fight against identity theft.

---

About Author: Dechay Watts is Chief Content Strategist at Sprout Content.

Read More