Since you are reading this I’ll assume that you are aware that there are some fundamental precautions you need to take before you connect to the internet with your new machine. I’m hopeful that you are reading this on your old machine.
This is a good opportunity to review those precautions.
Patch your operating system. Download and install all available patches and service packs by connecting to Windows Update. According to Swedish security company Sophos, 50% of unpatched and unprotected systems will be infected with malicious code within 12 minutes of being connected to the Internet.
Install a firewall. Windows XP comes with a basic firewall, and if you are running Windows Vista, it does come with a more robust firewall (Windows Firewall) than XP, as well as anti-spyware utilities (Windows Defender). However, the consensus is; third party applications are usually more effective. Keep in mind that the XP firewall offers only minimal protection.
There are a number of free firewalls that are worth considering. The following are two that do the job particularly well.
Comodo Firewall
The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 8 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!
ZoneAlarm
The free version of ZoneAlarm lacks the features of ZoneAlarm Pro’s firewall. Its program control asks you regularly whether to allow programs; for some this can be intrusive and annoying. But it’s been around forever it seems, and it can’t be shut down, or out, by mal-ware.
Install anti-virus software. There is no doubt that an unprotected computer will become infected by viruses and malware within minutes of first being connected to the internet. There are many free versions of anti-virus software available and the programs that have a well justified reputation are listed below.
avast! 4 Home Edition
This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be remove any other way.
AVG Anti-Virus Free Edition
Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.
Install Spyware and Adware Software. It’s not only a virus that can put your computer down for the count, but a multitude of nasties freely floating on the Internet. Listed below are a number of free programs that offer very good protection against malware.
SpyCatcher Express
SpyCatcher does a good job of cleaning out spy-ware and at stopping further infestation.
Ad-Aware 2007
Many software reviewers consider Ad-Aware 2007 Free as the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version is real-time protection is not included.
WinPatrol
Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.
ThreatFire 3
ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. I highly recommend this one!
If you are now on the Internet, and you have not yet taking the precautions as outlined above, you are extremely vulnerable and it is critical that you take the following precautions:
Stop surfing the Web and patch your operating system. Only then download the protective software as noted above, or software that you are familiar with that will do an appropriate job of protecting your computer.
Do not visit any other websites until you have done this!
Additional security precautions:
Establish a password for the administrator account. Only you should have access to the administrator settings on your PC. Unfortunately, XP installs with open access to the administrator’s account. Be sure to change this.
Create a new password protected user account. Using this account for your general day-to-day activities adds another layer of protection to your computer. A user account does not have the same all-access permissions as your administrator account, and in many cases this extra layer of protection will restrict malware from gaining a foothold on your PC.
Good luck and safe surfing.
Source
Showing posts with label vulnerabilty. Show all posts
Showing posts with label vulnerabilty. Show all posts
Friday, May 9, 2008
Thursday, April 10, 2008
Know what's happening in your wireless network?
Network Scanning: Find Out What’s Really on Your Wireless Network
By John Edwards
If you've never used a wireless network scanner, you may be surprised by what it can tell you about your network and the data that lies within its reach.
A growing number of businesses are deploying 802.11 wireless networks for both internal use and public access. Regardless of the network's purpose and configuration, a wireless network scanner is necessary for assuring its continued operation and security. Popular open-source wifi network scanners include NetStumbler and Kismet. These products, and most other network scanners, can help you learn the following things about your wireless network.
Overall Vulnerability: Network scanners are often used in conjunction with a laptop or other portable computer to sniff out wireless networks from a moving vehicle — a practice known as wardriving. Performing the same activity while strolling down a street or through a business site is called warwalking. There's also warbiking, warskating and probably war-go-karting happening as well. In any event, while you yourself may never use a network scanner for wardriving or similar activities, you can be certain that other people are doing so in order to test your network's availability, size and configuration, as well as its potential vulnerability.
NetStumbler and some other network scanners work actively, sending messages that are designed to probe any encountered access point for information, such as its SSID (service set identifier), MAC (machine access code) numbers and the name of the network it's connected to. If your network is secure, you have nothing to worry about. If, on the other hand, you suspect that your network may be vulnerable to intruders through the lack of security measures, you may want to perform your own wardrive in order to check for potential soft spots (such as improperly configured access points that allow unrestricted network access or those that spew too much identification information). Vendors such as AirMagnet Inc. and Aruba Networks Inc. offer technologies that are designed to lock down wireless networks.
The Presence of Rogue Access Points: This is perhaps the most useful network-scanner application. A rouge access point is an access point that exists without permission of the wireless network's administrator. Rogue access points are often installed by employees to create stealth wireless networks that circumvent security measures installed on the company wireless network. A network scanner lets you sniff out, pinpoint and eradicate unauthorized access points.
Criminals can also install a rogue access point within the range of a company wireless network to hijack the connections of legitimate users. The crooks can then use the connections to eavesdrop on transmitted information and potentially even gain entry to the company's main internal network.
Hardware Problems: A network scanner is indispensable for checking the state of wireless network hardware, particularly access points. By measuring signal strength, the scanner can help you quickly identify access points that are inoperative or performing poorly.
The Location of Weak and Dead Spots: Network coverage can be impaired by walls, trees and a variety of other man-made and natural objects. A network scanner can help you locate poor coverage areas, which can then be bolstered with additional access points.
The Sources of Wireless Interference: Wireless networks are subject to interference from neighboring 802.11 installations, as well as from a variety of consumer and business technologies, including cordless phones, motors and various types of industrial equipment. By showing signal strength as you move about, a network scanner can help you track down interference sources that generate signals on the same frequency as the wireless network.
Improperly Aimed Directional Antennas Used for Long-Haul Connections: Many companies use point-to-point wireless connections to link together 802.11 hotspots across a business campus or other geographical site. Aiming directional antennas requires precise adjustments to ensure continuous connectivity and maximum performance. By measuring signal strength, a network scanner makes antenna aiming a faster, more exact and less troublesome task.
Source: ITSecurity
By John Edwards
If you've never used a wireless network scanner, you may be surprised by what it can tell you about your network and the data that lies within its reach.
A growing number of businesses are deploying 802.11 wireless networks for both internal use and public access. Regardless of the network's purpose and configuration, a wireless network scanner is necessary for assuring its continued operation and security. Popular open-source wifi network scanners include NetStumbler and Kismet. These products, and most other network scanners, can help you learn the following things about your wireless network.
Overall Vulnerability: Network scanners are often used in conjunction with a laptop or other portable computer to sniff out wireless networks from a moving vehicle — a practice known as wardriving. Performing the same activity while strolling down a street or through a business site is called warwalking. There's also warbiking, warskating and probably war-go-karting happening as well. In any event, while you yourself may never use a network scanner for wardriving or similar activities, you can be certain that other people are doing so in order to test your network's availability, size and configuration, as well as its potential vulnerability.
NetStumbler and some other network scanners work actively, sending messages that are designed to probe any encountered access point for information, such as its SSID (service set identifier), MAC (machine access code) numbers and the name of the network it's connected to. If your network is secure, you have nothing to worry about. If, on the other hand, you suspect that your network may be vulnerable to intruders through the lack of security measures, you may want to perform your own wardrive in order to check for potential soft spots (such as improperly configured access points that allow unrestricted network access or those that spew too much identification information). Vendors such as AirMagnet Inc. and Aruba Networks Inc. offer technologies that are designed to lock down wireless networks.
The Presence of Rogue Access Points: This is perhaps the most useful network-scanner application. A rouge access point is an access point that exists without permission of the wireless network's administrator. Rogue access points are often installed by employees to create stealth wireless networks that circumvent security measures installed on the company wireless network. A network scanner lets you sniff out, pinpoint and eradicate unauthorized access points.
Criminals can also install a rogue access point within the range of a company wireless network to hijack the connections of legitimate users. The crooks can then use the connections to eavesdrop on transmitted information and potentially even gain entry to the company's main internal network.
Hardware Problems: A network scanner is indispensable for checking the state of wireless network hardware, particularly access points. By measuring signal strength, the scanner can help you quickly identify access points that are inoperative or performing poorly.
The Location of Weak and Dead Spots: Network coverage can be impaired by walls, trees and a variety of other man-made and natural objects. A network scanner can help you locate poor coverage areas, which can then be bolstered with additional access points.
The Sources of Wireless Interference: Wireless networks are subject to interference from neighboring 802.11 installations, as well as from a variety of consumer and business technologies, including cordless phones, motors and various types of industrial equipment. By showing signal strength as you move about, a network scanner can help you track down interference sources that generate signals on the same frequency as the wireless network.
Improperly Aimed Directional Antennas Used for Long-Haul Connections: Many companies use point-to-point wireless connections to link together 802.11 hotspots across a business campus or other geographical site. Aiming directional antennas requires precise adjustments to ensure continuous connectivity and maximum performance. By measuring signal strength, a network scanner makes antenna aiming a faster, more exact and less troublesome task.
Source: ITSecurity
Thursday, April 3, 2008
Top Security Breaches - 2007
David Hakala on January 22, 2008
Every year sees a fresh crop of security breaches. Most go unreported, unless they involve consumers' personal data, at which point companies are required to give timely public notice of security breaches. The following list of 2007's worst security breaches consists mainly of such reportable incidents. The incidents are sorted in descending order of severity based on how many individuals were potentially affected.
Note that remote hackers played a role in a small minority of cases. Most data losses occurred because laptops, tapes or disks were not properly secured. It is a never-ending struggle to get users to adhere to physical security protocols.
Jan 17, 2007: The TJX Companies Inc. (which operates T.J. Maxx, Marshalls and other stores) announced that it suffered an “unauthorized intrusion” into its computer systems that process customer transactions. The company subsequently revealed that the hackers had access to between 46 million and 215 million customer records for 17 months. The costs of this breach have reportedly reached $216 million, and the lawsuits are still flying.
July 3, 2007: Some 8.5 million customer records were stolen by a database analyst employed by Certegy Check Services Inc., a subsidiary of Fidelity National Information Services. The theft included credit card and bank account data, as well as other personal information. In November 2007, the employee pled guilty to conspiracy and fraud charges. A California class-action lawsuit against the company and its parent alleging negligence remains pending.
Sept. 15, 2007: Online stockbroker TD AMERITRADE’s computer system was infiltrated by hackers, who stole up to 6.3 million customer contact records including names, addresses and phone numbers. The hackers were able to install a backdoor program on the company's server, which gave them access.
April 10, 2007: A CD containing the personal information of 2.9 million Medicaid and child health care insurance recipients was lost in shipping. Officials would not reveal whether the data was encrypted. The data was being shipped from an Atlanta office of Affiliated Computer Services Inc., which manages claims for the state, to another contractor in Maryland.
Aug. 23, 2007: Monster revealed that intruders using legitimate usernames and passwords entered its system and made off with 1.3 million jobs seekers' records, including email addresses, names, home addresses and phone numbers.
Sept. 28, 2007: A laptop containing the personal information — including Social Security numbers — of 800,000 employment applicants was stolen from the offices of a third-party vendor that manages application data for fashion retailer Gap Inc.
July 20, 2007: SAIC, a Pentagon contractor, failed to encrypt data on 580,000 military households before transmitting it over the Internet. The data included names, addresses, birth dates, Social Security numbers and health information. The data was stored on an unsecured server.
June 15, 2007: In Ohio, a backup tape stolen from a 22 year-old intern’s car contained the names and Social Security numbers of all 500,000 state employees, plus 225,000 similar records of taxpayers.
Oct. 4, 2007: The Massachusetts Division of Professional Licensure, responding to public-records requests from marketers, mailed out disks containing the names and addresses of 450,000 licensed professionals in the state. Then, the division hurriedly mailed letters to all 450,000 professionals saying that their Social Security numbers had been included inadvertently. All but two of the disks were recovered.
May 19, 2007: Hackers broke into the network of the Illinois Department of Financial and Professional Regulation in January 2007 and accessed nearly 300,000 records regarding licensed professionals and applicants for licenses. The breach was discovered on May 3, 2007.
Aug. 23, 2007: A laptop containing 280,000 records about city retirees was stolen from a consultant to the City of New York Financial Information Services Agency as he sat in a restaurant.
Dec. 5, 2007: The names and Social Security numbers of 268,000 blood donors were on a laptop stolen from Memorial Blood Centers in Duluth, Minn.
March 30, 2007: Three laptops were stolen from the offices of the Los Angeles County Child Support Services. The data included 130,500 Social Security numbers — most without names — 12,000 individuals’ names and addresses, and more than 101,000 child-support case numbers.
May 19, 2007: A computer was stolen from the Texas Commission on Law Enforcement Standards and Education. It contained the names, home addresses, driver-license numbers, birth dates and Social Security numbers of every licensed law enforcement officer in the state — some 230,000 individuals.
Oct. 30, 2007: Three backup tapes containing 230,000 records of The Hartford Financial Services Group Inc.'s customers were misplaced.
Oct. 23, 2007: West Virginia Public Employees Insurance Agency notified 200,000 current and past members of its insurance programs that a computer tape containing names, addresses, phone numbers and Social Security numbers was lost while being shipped via United Parcel Service of America Inc.
May 14, 2007: A virus that could have allowed a hacker access to 197,000 records about students at College of Southern Nevada attacked a server, but the school is not sure whether any data was actually taken.
Jan. 26, 2007: Tapes containing names, Social Security numbers and other data regarding 196,000 Wellpoint Anthem Blue Cross Blue Shield customers were stolen from a lockbox held by one of the company’s contractors.
Nov. 16, 2007: Tae Kim, a former auditor for the U.S. Department of Veterans Affairs, was arrested after being caught using fraudulent credit cards. His home computer contained 1.8 million records on Veterans Affairs medical patients pertaining to 185,000 unique individuals.
Source
Every year sees a fresh crop of security breaches. Most go unreported, unless they involve consumers' personal data, at which point companies are required to give timely public notice of security breaches. The following list of 2007's worst security breaches consists mainly of such reportable incidents. The incidents are sorted in descending order of severity based on how many individuals were potentially affected.
Note that remote hackers played a role in a small minority of cases. Most data losses occurred because laptops, tapes or disks were not properly secured. It is a never-ending struggle to get users to adhere to physical security protocols.
Jan 17, 2007: The TJX Companies Inc. (which operates T.J. Maxx, Marshalls and other stores) announced that it suffered an “unauthorized intrusion” into its computer systems that process customer transactions. The company subsequently revealed that the hackers had access to between 46 million and 215 million customer records for 17 months. The costs of this breach have reportedly reached $216 million, and the lawsuits are still flying.
July 3, 2007: Some 8.5 million customer records were stolen by a database analyst employed by Certegy Check Services Inc., a subsidiary of Fidelity National Information Services. The theft included credit card and bank account data, as well as other personal information. In November 2007, the employee pled guilty to conspiracy and fraud charges. A California class-action lawsuit against the company and its parent alleging negligence remains pending.
Sept. 15, 2007: Online stockbroker TD AMERITRADE’s computer system was infiltrated by hackers, who stole up to 6.3 million customer contact records including names, addresses and phone numbers. The hackers were able to install a backdoor program on the company's server, which gave them access.
April 10, 2007: A CD containing the personal information of 2.9 million Medicaid and child health care insurance recipients was lost in shipping. Officials would not reveal whether the data was encrypted. The data was being shipped from an Atlanta office of Affiliated Computer Services Inc., which manages claims for the state, to another contractor in Maryland.
Aug. 23, 2007: Monster revealed that intruders using legitimate usernames and passwords entered its system and made off with 1.3 million jobs seekers' records, including email addresses, names, home addresses and phone numbers.
Sept. 28, 2007: A laptop containing the personal information — including Social Security numbers — of 800,000 employment applicants was stolen from the offices of a third-party vendor that manages application data for fashion retailer Gap Inc.
July 20, 2007: SAIC, a Pentagon contractor, failed to encrypt data on 580,000 military households before transmitting it over the Internet. The data included names, addresses, birth dates, Social Security numbers and health information. The data was stored on an unsecured server.
June 15, 2007: In Ohio, a backup tape stolen from a 22 year-old intern’s car contained the names and Social Security numbers of all 500,000 state employees, plus 225,000 similar records of taxpayers.
Oct. 4, 2007: The Massachusetts Division of Professional Licensure, responding to public-records requests from marketers, mailed out disks containing the names and addresses of 450,000 licensed professionals in the state. Then, the division hurriedly mailed letters to all 450,000 professionals saying that their Social Security numbers had been included inadvertently. All but two of the disks were recovered.
May 19, 2007: Hackers broke into the network of the Illinois Department of Financial and Professional Regulation in January 2007 and accessed nearly 300,000 records regarding licensed professionals and applicants for licenses. The breach was discovered on May 3, 2007.
Aug. 23, 2007: A laptop containing 280,000 records about city retirees was stolen from a consultant to the City of New York Financial Information Services Agency as he sat in a restaurant.
Dec. 5, 2007: The names and Social Security numbers of 268,000 blood donors were on a laptop stolen from Memorial Blood Centers in Duluth, Minn.
March 30, 2007: Three laptops were stolen from the offices of the Los Angeles County Child Support Services. The data included 130,500 Social Security numbers — most without names — 12,000 individuals’ names and addresses, and more than 101,000 child-support case numbers.
May 19, 2007: A computer was stolen from the Texas Commission on Law Enforcement Standards and Education. It contained the names, home addresses, driver-license numbers, birth dates and Social Security numbers of every licensed law enforcement officer in the state — some 230,000 individuals.
Oct. 30, 2007: Three backup tapes containing 230,000 records of The Hartford Financial Services Group Inc.'s customers were misplaced.
Oct. 23, 2007: West Virginia Public Employees Insurance Agency notified 200,000 current and past members of its insurance programs that a computer tape containing names, addresses, phone numbers and Social Security numbers was lost while being shipped via United Parcel Service of America Inc.
May 14, 2007: A virus that could have allowed a hacker access to 197,000 records about students at College of Southern Nevada attacked a server, but the school is not sure whether any data was actually taken.
Jan. 26, 2007: Tapes containing names, Social Security numbers and other data regarding 196,000 Wellpoint Anthem Blue Cross Blue Shield customers were stolen from a lockbox held by one of the company’s contractors.
Nov. 16, 2007: Tae Kim, a former auditor for the U.S. Department of Veterans Affairs, was arrested after being caught using fraudulent credit cards. His home computer contained 1.8 million records on Veterans Affairs medical patients pertaining to 185,000 unique individuals.
Source
Subscribe to:
Posts (Atom)
