Internet Security Technologies : Firewall

A firewall is an application that allows the user to control and filter packets flowing in and out of the network. Firewalls effectively block probes like ping, operating system fingerprinting, port scans and other types of intrusions. Many companies offer free firewall for personal use only.

A firewall may be software or hardware. A firewall is at the entry point of the network it protects. The most basic firewall performs packet filtering. In packet filtering, the firewall is the first program that receives and handles incoming network traffic and the last to handle outgoing traffic. The policy of filtering the packets may be based on allowing or disallowing packets based on:

• source IP address
• destination port
• protocol

Circuit Relay or Circuit Level Gateway provides additional security. This operates on the Transport Layer. This firewall also determines whether the connection between both ends is valid according to a set of configurable rules. It then opens a session and permits traffic from the allowed source for a limited time period.

Application level gateway acts as a proxy for applications. It performs all data exchanges with the remote system on behalf of the applications. It also allows or disallows network traffic according to specific rules. This is the most secure type of firewall.

Source

Posted in Info, Network Security, Web Security Comments Off

SSL (Secure Socket Layer) :

Netscape Communications Corporation developed SSL for providing security and privacy over the Internet. The protocol supports server and client authentication. Since the protocol is application-independent, it allows other protocols like HTTP, FTP, and Telnet to be transparently layered on it. An Secure Socket Layer (SSL)-enhanced browser encrypts the data sent from the browser to the server. SSL uses encryption and certificates to authenticate websites and web users.

Ssh (Secure Shell) :

Ssh is a program used to:
1. log into another computer over the network
2. execute commands in a remote system
3. move files from one system to another

Ssh provides:
1. strong authentication and secure communication over unsecured channels
2. secure connections and secure forwarding of arbitrary TCP connections
3. provides encrypted communication
4. Ssh is proposed as an alternative to the traditional BSD ‘r’ commands-rlogin, rsh, and rcp. It replaces Telnet. The free version of the SSH protocol suite can be downloaded from http://www.openssh.com/.

Source

Posted in Info, Network Security, Web Security Comments Off

Internet Security Technologies : Encryption

Encryption is the process of rendering data unreadable for snoopers. The designated receiver must have the correct key to decrypt the data. Hackers can intercept data over the network by eavesdropping, tampering, or impersonation. The strength of the encryption depends on the key length.

An encryption system can be of two types: public or private. In public key encryption, a pair of keys called the public key and the private key is used. The public key can be given to anyone and the sender uses it to encrypt the message. The receiver then uses his private key to decrypt the message. The private key is obviously not revealed. In private key encryption, the same key is used to encrypt and decrypt the data. The private key must be sent to the receiver through a secure connection.

Source

Posted in Info, Network Security, Prevention, Web Security Comments Off

SharePoint Server 2010, without doubt, is a bunch of exciting features and options, some of which were not available in Microsoft SharePoint Server 2007. And one of the features that really enthuses me in SharePoint 2010 is the Logging Database feature. Logging Database, named as WSS_Logging, helps aggregate logging data or information from the server farm into one central location. SharePoint aggregates all of the raw logging data accumulated in the text files under the 14 hive and imports it into this wonderful logging database. This is the only database in SharePoint that Microsoft will be happy to let the developers directly read, query and build reports against it. For someone who spends time in front of customers helping them to maintain a healthy and stable farm, logging database will be a constructive app in SharePoint 2010 and SharePoint Foundation.

The logging database by default contains the following information from all servers within the farm and it is fully supported to query this database directly.

• ULS Logs
• Event Logs
• Selected Performance Monitor Counters:
o % Processor Time
o Memory Available Megabytes
o Avg. Disk Queue Length
o Process Private Bytes (OWSTIMER and all instances of w3wp)
• Blocking SQL Queries
• SQL DMV Queries
• Feature Usage
• A host of information on search crawling and querying
• Inventory of all site collections
• Timer job usage

The Logging Database in SharePoint Server is one of the many new concepts that will make the life of many SharePoint administrators quite a bit more enjoyable. So catch up on this soon! There is a lot of juice in the SharePoint family of products including Server 2010, SharePoint Foundation, SharePoint Server 2007, and associated free SharePoint templates!

Posted in Business, Computers And Technology, Internet And Businesses Online, Network Security, Web Security No Comments »

5. Swedish Urology Group — Urine Trouble!
Victims: “Hundreds”
Class Action Outrage Scale: 1 out of 10 lawyers

Doctors lost three hard drives containing patients’ personal information, and we mean personal!

4. The Nature Conservancy — Think of It as Recycled Data
Victims: 14,000
Class Action Outrage Scale: 9 out of 10 lawyers

Someone at the Conservancy was thinking locally but acting globally by apparently visiting a website of questionable provenance. The site was poisoned with malware. Soon, malicious hackers were clear-cutting names, home addresses, birthdates, Social Security numbers of employees and their dependents, and, yes, direct deposit bank account numbers. Let’s hope there’s been a climate change in the group’s security department.

3. TSA, Part II – Still Doing DHS Proud!
Victims: 100,000
Class Action Outrage Scale: 3 out of 10 lawyers

Thieves stole a computer hard drive with the names, Social Security numbers, dates of birth and bank account and routing information of current and former employees, including federal air marshals. Don’t worry, though. How easy could it be to pose as an air marshal with only that information?

2. Her Majesty’s Revenue and Customs — One Regrets the Error
Victims: 25 million
Class Action Outrage Scale: 10 out of 10 lawyers

Two CDs containing personal data on about 7 million families went missing in the mail, and the HMRC chancellor resigned. Frankly, we included it just so we could quote sentences like: “The chancellor seeks the advice of the Serious Organised Crime Agency,” and “Mr Cable said he sincerely hoped the discs would not fall into the hands of ‘the criminal fraternity,’” and “Police have visited London rubbish tips in their hunt for missing computer discs.” Makes the worst breach in Britain’s history sound kind of lovely.

1. TJX — ’Sorry About That. Here’s a Gift Card. Come Back Soon for our Sale!’
Victims: Millions of bargain shoppers worldwide
Class Action Outrage Scale: 8 out of 10 lawyers

No breach got more ink this year than TJX’s, which involved some, OK, tens of millions, OK, 50 million, all right all right around 100 million credit and debit card records. Priceless moments included TJX’s defense in press accounts that “our security was comparable to many other major retailers” and the portion of TJX’s proposed settlement with consumers in which the company would hold a three-day “Customer Appreciation Sale” and give some customers $30 store vouchers. (Sorry about the e. coli in the meat in our store; here’s a gift card to buy more meat in our store). After consumer advocates raised a stink, the vouchers were changed to $15 checks. Sad as the whole episode was for consumers, TJX’s stock has remained healthy. Don’t you just love a bargain?

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security Comments Off

Unfortunately, many Microsoft Windows users are unaware of a common security leak in their network settings.

This is a common setup for network computers in Microsoft Windows:

• Client for Microsoft Networks
• File and Printer Sharing for Microsoft Networks
• NetBEUI Protocol
• Internet Protocol TCP/IP

If your setup allows NetBIOS over TCP/IP, you have a security problem:

• Your files can be shared all over the Internet
• Your logon-name, computer-name, and workgroup-name are visible to others.

If your setup allows File and Printer Sharing over TCP/IP, you also have a problem:

• Your files can be shared all over the Internet

Computers that are not connected to any network can also have dangerous network settings because the network settings were changed when Internet was installed.

Source

Posted in Network Security Comments Off

How can you protect your computer against the above-mentioned Internet security incidents? There are a number of free Internet security programs available online that you can use for this purpose. Given below is a checklist of few simple things you do:

• Assess your risk/risk potential
• Use good antivirus software. There are a number of free Internet security solutions that you can download for this purpose.
• Keep all your software up-to-date (download and apply updates and patches regularly)
• Check your security settings
• Use a firewall (hardware/software)
• Create tough-to-crack passwords (ideally 13 characters long, that includes numbers)
• Conduct regular security maintenance

Source

Posted in Network Security, Prevention, Web Security Comments Off

The FBI called for new legislation that allows the federal police to keep close look at internet activity to track down illegal activities. This seem to go beyond a current plan to monitor traffic on federal-government networks, and that the bureau should have a broad “omnibus” authority to conduct monitoring and surveillance of private-sector networks as well. This could violate the Fourth Amendment’s guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication

Source

Posted in Info, Network Security, Threats, Web Security Comments Off

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate – search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security Comments Off

A man is convicted to serve five years in jail after being convicted of being the creator of a botnet that had in it’s peak infected almost half a million computers, spreading spam and adware. The man, Jeanson James Ancheta at a young age of 21 is set to serve a total of 57 months in prison, which is considered to be one of the the longest ever sentence for computer crimes. He drew the curiosity of government cyber-security people when he tried to infiltrate computers owned by the US Naval Warfare Center and the Defense Information Systems Agency, both of which were being constantly attacked by hackers and botnets. Please tell me more! »

Posted in Information, Network Security Comments Off