April 2, 2011 in Internet by EnJ

Tips to Fight Off Spyware

Thease are serveral tips to prevent you from contacting anything you don’t want to. If you implement all of these tips, the possibilities of you contacting any spyware are nil.

SPYWARE PREVENTION

#1. The very first thing to do (if you haven’t done it already) is to install a good spyware blocker.

#2. Install a good firewall.

In the computer world, a firewall is a barrier against anything that would compromise the security of a computer and keeps out things such as spyware, viruses, malware, hackers, etc.

The internet is a public network, which means that any computer that is connected to the internet can connect to another one. A firewall scans any incoming and outgoing data and upon examination stops or approves that data. On its own it cannot fight all of the malignancies out there trying to gain access to computers. However, combined with other security measures (i.e. anti-spyware programs) it becomes an essential part of computer security.

When your firewall is in place, check your settings. Firewall settings can be confusing so read the help files and don’t hesitate to ask someone who is “good at the computer stuff” to either configure it for you or explain how to do it. If that isn’t an option, then do as I do – Google it! Once you’re up and running, there are a couple of online firewall scans that you can run to see if it’s working properly.

After you’re through with that, then hop online if you want to and check out one of the online scans that test your firewall security. Depending on what comes up, you can keep your current settings or adjust them accordingly.

Here are the names of a couple of online firewall scans:

Hackerwatch.org
Malwarehelp.org

#3: Update, update, update!

#4: Be Safe!

To lessen the chances of spyware and stealing, make up a really good password (don’t use something like JDoe1111) to all of the online websites you have personal information on – all of them. Hackers have amazing password cracking capabilities, so the longer and more jumbled the password, the better. And don’t use the same one for each account because if they get one account, they get them all. Just don’t forget to write them all down!

Okay, enough already. To sum all of this craziness up:

#1: Make sure you have a good spyware blocker program installed.

#2. Make sure you have a good firewall installed. Build a fence to keep the thieves away!

#3: Update your entire security “system” regularly – more than regularly!

#4: Be safe! Do with your computer what you would do in your normal life. Don’t go to unsafe neighborhoods. If someone rings your doorbell and you don’t know who it is, don’t open the door. Make sure that all of your personal information and valuables are put in a place where nobody (except maybe your other half) has access to it.

January 26, 2011 in Internet by EnJ

Common Types of Network Attacks

Without security measures and controls in place, your data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.
Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.
Eavesdropping
In general, the majority of network communications occur in an unsecured or “cleartext” format, which allows an attacker who has gained access to data paths in your network to “listen in” or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.

Data Modification
After an attacker has read your data, the next logical step is to alter it. An attacker can modify the data in the packet without the knowledge of the sender or receiver. Even if you do not require confidentiality for all communications, you do not want any of your messages to be modified in transit. For example, if you are exchanging purchase requisitions, you do not want the items, amounts, or billing information to be modified.

Identity Spoofing (IP Address Spoofing)
Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet.
After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. The attacker can also conduct other types of attacks, as described in the following sections.

Password-Based Attacks
A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password.
Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user.
When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.
After gaining access to your network with a valid account, an attacker can do any of the following:
• Obtain lists of valid user and computer names and network information.
• Modify server and network configurations, including access controls and routing tables.
• Modify, reroute, or delete your data.

Denial-of-Service Attack
Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
• Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.
• Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.
• Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.
• Block traffic, which results in a loss of access to network resources by authorized users.

Man-in-the-Middle Attack
As the name indicates, a man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data.
Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you because the attacker might be actively replying as you to keep the exchange going and gain more information. This attack is capable of the same damage as an application-layer attack, described later in this section.

Compromised-Key Attack
A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resource-intensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key.
An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack.With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.

Sniffer Attack
A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.
Using a sniffer, an attacker can do any of the following:
• Analyze your network and gain information to eventually cause your network to crash or to become corrupted.
• Read your communications.

Application-Layer Attack
An application-layer attack targets application servers by deliberately causing a fault in a server’s operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following:
• Read, add, delete, or modify your data or operating system.
• Introduce a virus program that uses your computers and software applications to copy viruses throughout your network.
• Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network.
• Abnormally terminate your data applications or operating systems.
• Disable other security controls to enable future attacks.

May 28, 2010 in Internet by EnJ

Tips for SSH Configuration

SSH has been around since around 1995. In some ways it became the backbone of remote network management and configuration in an enterprise. Most of Cisco routers to our Firewalls and servers support this protocol, what do we have to know to make sure it’s configured correctly?

SSH version 1 was shown to have significant flaws as early as 2001. While some of these flaws were coding errors, others are flaws that can allow for replay and other forms of attacks against the protocol itself. From time to time you may find that the administrators have configured the service as follows:
Protocol 2,1
What this means is that SSH version 2 is preferred, but the service can fall back to support version 1. There is no reason any public facing system should have version 1 enabled in any form!

• Verify IP Address Binding

The lazy way (default) of configuring SSH is to allow the service to run on all bound IP addresses. On internal networks this may not be such a big deal, but for a public facing system this is a bad idea! Your SSH service should be bound to a specific IP address, preferably one accessible only from the internal network. If an administrator needs to get to something remotely, require that they log into the VPN first and then connect to the internal facing SSH service.

• Use TCP Wrappers

The SSH daemon is perfectly capable of running by itself. The trouble with this is that it doesn’t enforce any connection restrictions beyond the authentication system. Requiring that TCP Wrappers be used to control access to SSH allows us to restrict connections to specific networks or hosts regardless of authentication credentials. This creates an additional level of defense and also protects us should our service be inadvertently configured to run on all interfaces.

• Require Key Based Authentication

SSH can be configured to use the local username/password database to authenticate users. In fact, this is the default. The problem is that this means that someone could potentially attempt to brute force entry into our system by repeatedly attempting passwords against a common user (like root). If we require users to use key based authentication we leverage strong cryptographic mechanisms for authentication (asymmetric keys) and make it infeasible for a brute force attack. Don’t just make sure that key authentication is turned on, make sure password based authentication is turned off!

• Don’t Permit Root Logons

Why do administrators like to log in a root? Let’s face facts: it’s easy and everything works! Of course, this is super bad because it can lead to all kinds of auditing and accountability issues. Be aware that blocking root logins through things like securetty configurations and PAM adjustments is likely not enough to keep someone from logging in as root via SSH!
To verify that root is not permitted to log in directly, look for this line: PermitRootLogin no

January 29, 2010 in Internet by EnJ

Top Scams di Internet

THE BARGAIN STORE SCAM

Penjahat cyber membuat toko online palsu. Produk yang sering ditawarkan di harga yang jauh lebih rendah, tetapi tidak ada paket akan dikirim. Rincian kartu Anda dapat dijual di pasar gelap.

Tips untuk konsumen:

Periksa sambungan pembayaran aman dengan mencari simbol gembok dan pastikan ada https pada panel alamat.

THE FANCY DRESS DISGUISE

Kartu dengan teman atau link ke klip video yang lucu mungkin berisi berbahaya tersembunyi ekstra, atau mungkin email phishing scam yang dikemas.

Tips untuk konsumen:

Sebelum Anda mengklik link. Apakah alamat terlihat berbeda dengan tempat kartu mengaku dari real-time Instalasi perangkat lunak analisis dapat membantu untuk mengurangi risiko ini.

THE DRIVE-BY

Cukup browsing yang terinfeksi Website atau situs berita memungkinkan kode akan dieksekusi yang mengeksploitasi kelemahan dalam software yang diinstal pada mesin.

Tips untuk konsumen:

Mana tersedia, anda harus selalu men-download update terbaru dan patch untuk melindungi dari serangan jenis ini. Banyak orang dewasa atau situs perjudian berisi link tersebut.

UNWANTED GIFTS FROM AV

Rogue Anti-Virus software adalah sebuah contoh. Jangan tertipu, tidak ada scan, bukan hanya mereka akan mengklaim telah menemukan virus pada komputer Anda. Anda tidak benar-benar terinfeksi tetapi hal ini dapat mendorong Anda untuk men-download atau bahkan membayar mereka (palsu) Anti-Virus Software yang notabene adalah perangkat lunak berbahaya.

Tips untuk konsumen:

Bila Anda mencari barang-barang populer, search engine optimization (SEO) keracunan mendorong terinfeksi URL untuk bagian atas hasil pencarian. Hati-hati saat men-download perangkat lunak atau mengakses situs Web

THE JIGSAW PUZZLE

Teknik, yang disebut script fragmentasi, melibatkan meruntuhkan malware ke beberapa bagian dalam rangka untuk mengalahkan mesin analisis malware. Ini sedikit seperti mengirimkan jigsaw satu per satu waktu.

Tips untuk konsumen:

Serangan, yang bekerja pada semua browser utama, bukan kerentanan browser-itu hanya mengambil keuntungan dari cara kerja browser. Menonaktifkan JavaScript akan mencegah serangan

Sumber: Websense Security Labs

November 25, 2009 in Internet by EnJ

What’s the difference between spyware, viruses, malware, adware and grayware?

Good question! While spyware, viruses, malware, adware and grayware are all bad, there are fundamental differences between the five which might help you combat them.

Firstly, let’s take a look at malware. Malware is a general term referring to all of the nasties that can infect your computer, from viruses to spyware! Malware is actually short for ‘malicious software’… that’s not surprising, considering what it can do to your computer!

Next up is one of the most well-known types of malware: computer viruses! In case you didn’t know, the first computer virus was Bob Thomas’s “Creeper”, created way back in 1971 on the US Department of Defense’s ARPANET, the predecessor of the Internet. Out of that was born the first piece of anti-virus software, the “Reaper”. So, what is a computer virus? Strictly speaking, a computer virus is just a self-replicating computer program. It doesn’t have to be destructive, although many are. In fact, early viruses were often harmless and simply displayed a funny message or poem. Usually, computer viruses find their way into your computer by piggybacking on a legitimate program, for example, one that you might download from the Internet. Anti-virus programs such as Norton or McAfee will pick up most viruses, but you should always be careful when downloading files from the Internet. Some might spell doom for your computer system! Read more »