Image source:www.youtubeic.com
Remember what your computer teachers or anyone good enough, told you not to tell your “secret words” (Meaning, not just your passwords) to anyone? Well, some hackers send malicious softwares or malwares to capture your keystrokes, copy your precious data, or even control your computer to hack another person. Okay, maybe you know about that too, and even the “hackers use websites for these purposes” thing. But! Did you know that Youtube is not that different from these sites? That’s right. Youtube has these links, and you might just open these things since these links looks trust worthy, and your “friend” sent this link. In short, Youtube is not different from Myspace now. Well, to save yourself from these hackers, just use the search engine in Youtube, or if the link is not in youtube, copy the link and paste it to yahoo or google, and their protection might show the true face of that page. But if you think that its such a hassle, then just don’t open it.

Posted in Hacks, Info, Information, Network Security, Prevention No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate - search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

Here are some simple ways on how to could keep yourself same from threats and vulnerabilities on the Internet.

• Install anti-spyware and anti-virus on your personal computer
• Update your operating system and software (especially your anti-virus and anti-spyware) promptly for security patches and other important updates.
• Install Firewall too. Most operating systems have built-in firewall all you have to do is to enable them.
• Avoid visiting malicious websites.
• Avoid downloading files that are malicious (especially .exe files).
• Do a regular maintenance of your personal computers (Update, Defrag, Virus scan and other things that can improve the security and stability of your system).

Image source: www.reliabletechaz.com

Posted in Prevention, Threats, Tips, Web Security No Comments »

If you are fond of renting personal computers from the nearby Intenet café, be sure that your private information like e-mail address, browser history, cookies and others are still safe. How can you keep your private information safe? Here are some steps if you are using Internet Explorer:

1. On Internet Explorer, click on Tools
2. Click Internet Properties.
3. Now select Delete cookies, Delete Files, Clear History.
4. After everything else you click OK.

You private information are now delete on the workstation you rented. If you are using Mozilla Firefox all you have to do is click Tools then click Clear Private Data.

Image source: www.digitalbattle.com

Posted in Prevention, Threats, Tips, Web Security No Comments »

There are many pieces to intrusion prevention and like a puzzle, you must put them all together before you start surfing the net; miss just one piece and you’ve left yourself wide open to attack!

This is what you need to help prevent intrusions including the web security services you should use on a regular schedule.

For those of you that don’t want to read all the details and are ready to jump right into the web security audit, then follow the five steps below.

• Take the Firewall Test, it’s fast and very accurate.
• Take the Anonymous Surfing and privacy test.
• Test the Intrusion Prevention Software.
• Take the Popup Test.

Posted in Network Security, Prevention, Tips, Web Security No Comments »

I rely heavily on my e-mail accounts for communication with friends, school and even work. E-mails helped me very much communicating people who are away from me. This is the cheapest way to communicate with people outside the country and even with the country. Here’s a few tips on how can you protect yourself from e-mails and spam that are being spread through e-mails:

• Keep your e-mail private. Don’t post your e-mail anywhere
• Don’t open and or download emails coming from suspicious senders.
• Always scan the files you downloaded from your e-mail (attachments).
• Use different e-mail accounts for different purposes (school, work, family, etc.)
• Update your spyware remover and anti-virus.
• Use the latest and updated version of your internet browser.

Image source: www.uvsc.edu

Posted in Prevention, Tips, Web Security No Comments »

Internet Security Technologies : Encryption

Encryption is the process of rendering data unreadable for snoopers. The designated receiver must have the correct key to decrypt the data. Hackers can intercept data over the network by eavesdropping, tampering, or impersonation. The strength of the encryption depends on the key length.

An encryption system can be of two types: public or private. In public key encryption, a pair of keys called the public key and the private key is used. The public key can be given to anyone and the sender uses it to encrypt the message. The receiver then uses his private key to decrypt the message. The private key is obviously not revealed. In private key encryption, the same key is used to encrypt and decrypt the data. The private key must be sent to the receiver through a secure connection.

Source

Posted in Info, Network Security, Prevention, Web Security No Comments »

Distributed Denial of Service (DDoS) Attack

How is a DDoS executed against a website?

A website DDoS is executed by flooding one or more of the site’s web servers with so many requests that it becomes unavailable for normal use. If an innocent user makes normal page requests during a DDoS attack, the requests may fail completely, or the pages may download so slowly as to make the website unusable. DDoS attacks typically take advantage of several computers which simultaneously launch hundreds of thousands of requests at the target website. In order not to be traced, the perpetrators will break into unsecured computers on the internet, hide rogue DDoS programs on them, and then use them as unwitting accomplices to anonymously launch the attack.

Is there a quick and easy way to secure against a DDoS attack?

No. From a simplistic perspective, the best solution is to secure computers from being hijacked and used as attack platforms. This cuts the problem off before it can ever manifest. Thus many experts suggest that we “pull together as a community” to secure our internet computers from becoming unwitting accomplices to such malicious intruders. Unfortunately, for every business that has the knowledge, budget, and inclination to make such changes, there are many more which lack such resources.

Plus, the attackers are most likely going to use non-commercial computers as attack platforms, because they are usually easier to break into. University systems are a favorite, because they are often understaffed or the systems are set to minimum security levels to allow students to explore the systems as part of their education. Further, this is not just a national problem. Any internet server in the world could be used as an attack platform.

Still, the simplest and most effective solution for preventing DDoS is through a global cooperative effort to secure the internet. The first step in the process, therefore, is concerned with scanning your internet computers to make sure they are not being used as unwitting DDoS attack platforms. This is not just good internet citizenry, however, because this also serves to document and verify that your internet computers are not suspect when DDoS attacks occur.

Source

Posted in Info, Prevention, Tips, Web Security No Comments »

1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).
2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack.
3. Disallow all remote administration unless it is done using a one-time password or an encrypted link.
4. Limit the number of persons having administrator or root level access.
5. Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet.
6. Monitor system logs regularly for any suspicious activity. Install some trap macros to watch for attacks on the server (such as the PHF attack). Create macros that run every hour or so that would check the integrity of password and other critical files. When the macros detect a change, they should send an e-mail to the system manager.
7. Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin.
8. Remove the “default” document trees that are shipped with Web servers such as IIS and ExAir.
9. Apply all relevant security patches as soon as they are announced.
10. If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.
11. If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site. It would also be good to limit these connections only to a minimum number of secure machines and have those machines reside within your Intranet.
12. Run the web server in a chroot-ed part of the directory tree so it cannot access the real system files.
13. Run the anonymous FTP server (if you need it) in a chroot-ed part of the directory tree that is different from the web server’s tree.
14. Do all updates from your Intranet. Maintain your web page originals on a server on your Intranet and make all changes and updates here; then “push” these updates to the public server through an SSL connection. If you do this on a hourly basis, you can avoid having a corrupted server exposed for a long period of time.
15. Scan your web server periodically with tools like ISS or nmap to look for vulnerabilities.
16. Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help you recover from an intrusion and strengthen your defenses.

Source

Posted in Prevention, Tips, Web Security No Comments »

How can you protect your computer against the above-mentioned Internet security incidents? There are a number of free Internet security programs available online that you can use for this purpose. Given below is a checklist of few simple things you do:

• Assess your risk/risk potential
• Use good antivirus software. There are a number of free Internet security solutions that you can download for this purpose.
• Keep all your software up-to-date (download and apply updates and patches regularly)
• Check your security settings
• Use a firewall (hardware/software)
• Create tough-to-crack passwords (ideally 13 characters long, that includes numbers)
• Conduct regular security maintenance

Source

Posted in Network Security, Prevention, Web Security No Comments »