There is a lot of risk over the internet, and this is compounded by the fact that it is changing constantly. If you subscribe to a few newsletters and bulletins or read blogs like this one, you would go a long way in being aware of the latest dangers. You could subscribe to Microsoft Security Bulletins for the earliest notification of the discovery and fixes available for instable programs. If you want to be alerted of live viruses, you could subscribe to the following: Symantec AntiVirus Research Centre Newsletter, Trend Virus Info, McAfee Dispatch and Sophos Email notification.

Posted in Network Security, Tips No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate - search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

Here are some simple ways on how to could keep yourself same from threats and vulnerabilities on the Internet.

• Install anti-spyware and anti-virus on your personal computer
• Update your operating system and software (especially your anti-virus and anti-spyware) promptly for security patches and other important updates.
• Install Firewall too. Most operating systems have built-in firewall all you have to do is to enable them.
• Avoid visiting malicious websites.
• Avoid downloading files that are malicious (especially .exe files).
• Do a regular maintenance of your personal computers (Update, Defrag, Virus scan and other things that can improve the security and stability of your system).

Image source: www.reliabletechaz.com

Posted in Prevention, Threats, Tips, Web Security No Comments »

If you are fond of renting personal computers from the nearby Intenet café, be sure that your private information like e-mail address, browser history, cookies and others are still safe. How can you keep your private information safe? Here are some steps if you are using Internet Explorer:

1. On Internet Explorer, click on Tools
2. Click Internet Properties.
3. Now select Delete cookies, Delete Files, Clear History.
4. After everything else you click OK.

You private information are now delete on the workstation you rented. If you are using Mozilla Firefox all you have to do is click Tools then click Clear Private Data.

Image source: www.digitalbattle.com

Posted in Prevention, Threats, Tips, Web Security No Comments »

QOS

Represents the level of consistent download capacity provided by your Broadband or DSL providor. The higher QOS percentage, the higher the overall quality of the internet connection. High quality plus internet speed provides better connections for VoIP (voice over IP), Citrix and other high traffic applications.

This figure should come in around 80 or higher yet. This does not mean that you won’t find success at lower speeds, but on average, the speed test should report >= 80.

RTT

The Round Trip Time (RTT) reports the total time in milliseconds (ms) to send a small data packet in our internet speed test and obtain a reply back. The faster (smaller) the RTT, the better broadband speed you’ll have.

For Voice over IP, round trip delays can occur when results exceed 250 mSec or 150 mSec one way which is also considered the maximum desired one-way latency to achieve high-quality voice.

Max Pause

Max Pause is the longest pause recorded during the Broadband Speed Test data download. This should be a very small number. If not, it could indicate Internet speed congestion or a bad broadband connection.

Posted in Info, Tips No Comments »

There are many pieces to intrusion prevention and like a puzzle, you must put them all together before you start surfing the net; miss just one piece and you’ve left yourself wide open to attack!

This is what you need to help prevent intrusions including the web security services you should use on a regular schedule.

For those of you that don’t want to read all the details and are ready to jump right into the web security audit, then follow the five steps below.

• Take the Firewall Test, it’s fast and very accurate.
• Take the Anonymous Surfing and privacy test.
• Test the Intrusion Prevention Software.
• Take the Popup Test.

Posted in Network Security, Prevention, Tips, Web Security No Comments »

I rely heavily on my e-mail accounts for communication with friends, school and even work. E-mails helped me very much communicating people who are away from me. This is the cheapest way to communicate with people outside the country and even with the country. Here’s a few tips on how can you protect yourself from e-mails and spam that are being spread through e-mails:

• Keep your e-mail private. Don’t post your e-mail anywhere
• Don’t open and or download emails coming from suspicious senders.
• Always scan the files you downloaded from your e-mail (attachments).
• Use different e-mail accounts for different purposes (school, work, family, etc.)
• Update your spyware remover and anti-virus.
• Use the latest and updated version of your internet browser.

Image source: www.uvsc.edu

Posted in Prevention, Tips, Web Security No Comments »

Here are some tips for you to have a more secure password for use with your e-mail and other Internet accounts:

• Use a combination of UPPER and lower case.
• Use numbers and letters
• Never use your birthday as your password.
• Use symbols like . , ! @ and others
• Never use the same password for all your online accounts
• Never save / write your passwords somewhere else.
• Never share it to someone else. If you really need to share it with someone, please change it as soon as possible.
• If you feel that your password is not secure anymore it is very easy to change it.

Having a hard to guess password will increase the security of your e-mail accounts and or accounts you use online.

Image source: buckeyesecure.osu.edu

Posted in Tips, Web Security No Comments »

Distributed Denial of Service (DDoS) Attack

How is a DDoS executed against a website?

A website DDoS is executed by flooding one or more of the site’s web servers with so many requests that it becomes unavailable for normal use. If an innocent user makes normal page requests during a DDoS attack, the requests may fail completely, or the pages may download so slowly as to make the website unusable. DDoS attacks typically take advantage of several computers which simultaneously launch hundreds of thousands of requests at the target website. In order not to be traced, the perpetrators will break into unsecured computers on the internet, hide rogue DDoS programs on them, and then use them as unwitting accomplices to anonymously launch the attack.

Is there a quick and easy way to secure against a DDoS attack?

No. From a simplistic perspective, the best solution is to secure computers from being hijacked and used as attack platforms. This cuts the problem off before it can ever manifest. Thus many experts suggest that we “pull together as a community” to secure our internet computers from becoming unwitting accomplices to such malicious intruders. Unfortunately, for every business that has the knowledge, budget, and inclination to make such changes, there are many more which lack such resources.

Plus, the attackers are most likely going to use non-commercial computers as attack platforms, because they are usually easier to break into. University systems are a favorite, because they are often understaffed or the systems are set to minimum security levels to allow students to explore the systems as part of their education. Further, this is not just a national problem. Any internet server in the world could be used as an attack platform.

Still, the simplest and most effective solution for preventing DDoS is through a global cooperative effort to secure the internet. The first step in the process, therefore, is concerned with scanning your internet computers to make sure they are not being used as unwitting DDoS attack platforms. This is not just good internet citizenry, however, because this also serves to document and verify that your internet computers are not suspect when DDoS attacks occur.

Source

Posted in Info, Prevention, Tips, Web Security No Comments »

1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).
2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack.
3. Disallow all remote administration unless it is done using a one-time password or an encrypted link.
4. Limit the number of persons having administrator or root level access.
5. Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet.
6. Monitor system logs regularly for any suspicious activity. Install some trap macros to watch for attacks on the server (such as the PHF attack). Create macros that run every hour or so that would check the integrity of password and other critical files. When the macros detect a change, they should send an e-mail to the system manager.
7. Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin.
8. Remove the “default” document trees that are shipped with Web servers such as IIS and ExAir.
9. Apply all relevant security patches as soon as they are announced.
10. If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.
11. If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site. It would also be good to limit these connections only to a minimum number of secure machines and have those machines reside within your Intranet.
12. Run the web server in a chroot-ed part of the directory tree so it cannot access the real system files.
13. Run the anonymous FTP server (if you need it) in a chroot-ed part of the directory tree that is different from the web server’s tree.
14. Do all updates from your Intranet. Maintain your web page originals on a server on your Intranet and make all changes and updates here; then “push” these updates to the public server through an SSL connection. If you do this on a hourly basis, you can avoid having a corrupted server exposed for a long period of time.
15. Scan your web server periodically with tools like ISS or nmap to look for vulnerabilities.
16. Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help you recover from an intrusion and strengthen your defenses.

Source

Posted in Prevention, Tips, Web Security No Comments »