Computer Internet network security News

1. Communicate – I think that this is the most vital information safety skill, without being able to converse it is hard to shift ahead anywhere. Even if you have the best ideas in the world, if you cannot communicate them, no one will ever know.

2. Application Penetration Skills – Being able to despin and understand how applications work, what protocols they use to communicate, what information is input and output from those applications, and best of all, how to make those applications do things that the programmer did not intend the application to do. This is the next major battle front in information security, and being able to move effectively in this space is important for future job success

3. Network Penetration Skills – being able to understand and use network properties like ARP, ICMP and TCP/IP to map, understand, and find vulnerable nodes on the network is a core skill.

4. Knowing what is a viable attack and what is not – tools that we use often spit out false positives, IDS systems, IPS systems, even our network and application penetration test tools all spit out false positives. Knowing which attacks against what target are viable and then being able to prove that viability to the developers and users of the system is a core skill.

5. Knowing how data migrates around the network – how is data used, where is it used, and who uses it in normal day to day patterns allows the Information security person to know when data is being misused, or someone who should not have access is trying to get access to it.

6. Network engineering skills – just enough to know how each component works on the network, what its function is, what its strengths and weaknesses are, and how it can be exploited.

7. IDS/IPS interpretation of results – being able to work with the IDS/IPS that is on the network and knowing how to find out more information about the data presented is a core skill. There is no sense in spinning up the whole department for a false positive, know how that IDS/IPS works, and what its limitations are.

8. System Administration – know enough about system administration that if presented with a series of computers, you can safely secure them allowing the applications to run that need to be on the box.

9. Risk Management skills – being able to understand the concepts of risk management, and how they are applied in regards to the companies culture. Not all companies are the same when it comes to risk management; each company has their own tolerance to risk. Be able to work within the confines of the companies tolerance for risk

10. Be creative – of all the top 10 skills that I am looking for, the ability to be creative when doing work makes the employee much more flexible, and easier to go forth and do good things.

Tips and Tutorials 10 Tips Of Security Skills, Computer-security, Network Engineering Skills

Wireless Networks called WiFi, permit you to attach to the internet devoid of relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can way in the system from anywhere that is within that wireless area.

Wireless networks rely on radio waves rather than wires to connect computers to the internet. A spreader, known as a Wireless Access Point or Gateway, is wired into an internet connection. This provides a “hotspot” that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection.

Security Threats Of Wireless Networks;

Wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.

What Can You Do To Reduce Threat From Wireless Networks;

·         Change default passwords – Most network devices, as well as wireless access points, are pre-configured with evasion administrator passwords to simplify setup. These default passwords are easily found online, so they don’t provide any protection. Changing default passwords makes it harder for attackers to take control of the device .

• Restrict access – Only allow authorized users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network.

• Encrypt the data on your network – WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data .Protect your SSID – To avoid outsiders easily accessing your network, avoid publicizing your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess.

• Install a firewall – While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer.

• Maintain anti-virus software – You can reduce the damage attackers may be able to inflict on your network and wireless computer by installing anti-virus software and keeping your virus definitions up to date .Many of these programs also have additional features that may protect against or detect spyware and Trojan horses.

Wireless network security Minimize The Risks, Securing Wireless Networks, WiFi Secure Access, Wireless Networks Threat

The system is evaluated to their virus dictionaries and if a match is found, the antivirus program attempts to clean the doubtful part, without damaging the unique data. Another method of fighting viruses is to monitor computer activity, also known as Heuristic Analysis. It was using the modem connection to duplicate on other PCs and when it attained its goal, it displayed the following message IM THE CREEPER: CATCH ME IF YOU CAN. Anti virus software is another kind of computer programs that appeared because of the need to sterilize computers from viruses. Reaper was the first of its kind and its aim was the Creeper virus.

Since the first antivirus program, viruses and methods to fight them developed quickly. Most of the times, the next step in development is done by computer viruses and antivirus creators struggle to fight back and create new ways to clean those pesky bugs. The common approach of antivirus software is to scan files, memory or registries from your computer and detect hateful code. Another method of fighting viruses is to monitor computer activity,. This includes monitoring memory and ports traffic for any signs of infection. A modern approach is the so called sandbox method. It involves running the suspicious file into a simulated operating system and analyzing the results. No matter the method, if a virus is found, the antivirus first attempts to disinfect the file. If its unsuccessful, or go to the infected file is quarantined (isolated from other programs) or in worst case, deleted.

Its very important to have a reliable antivirus program installed because there can be viruses on a file you download, inside an email attachment or even a website can include some malicious code to contaminate your PC. Some of the programs that are out there and can do the task are free, but most of them require payment. This code is compared to their virus dictionaries and if a match is found, the antivirus program attempts to clean the suspicious part, without damaging the original data. Reaper was the first of its kind and its aim was the Creeper virus. Almost all include updates of their viruses database, to make sure your PC is protected to the newest threats. AVG AntiVirus Free, BitDefender Free, Comodo AntiVirus and PC Tools AntiVirus Free Edition are only a couple of the free antivirus programs available on the Internet.

Antivirus Importance Of Anti-Virus, PC Tools, Protection Of computer, Virus Updates

“Since September 2001, security systems at airports have been increased to screen potential terrorists and the introduction of biometric details on passports has been largely accepted as providing an extra safeguard against false identity.”

The difficulty with the 9/11 terrorists was not their identity; it was their intentions.

The mass consumer biometrics it is proposed to use in our e-passports, ID cards and biometric visas are laughably unreliable and are not admissible as evidence in court.

You go on to say: “The offshore line of defence’ scheme will mean travellers’ details are eventually checked against government systems.”

The plans for the UK’s e-borders are set out in the joint Home Office/Foreign Office document entitled “Securing the UK border – Our vision and strategy for the future”.

More at Herald

News e-passports, epassports, id recognition

ImageWare Systems, a developer of identity management solutions, has been selected by Genesis Electronics (GEC) to provide software, engineering services, and support on GEC task orders under the National Security.
Through the new partnership with GEC, ImageWare products are eligible to fulfill requirements under the NSETS II $800 million multiple award task and delivery order contract vehicle for small business, the company said.

“IWS is a premier small business biometric identity management software provider offering a patented open platform allowing government customers unprecedented flexibility, cost savings and reduced risk of adoption. GEC welcomes IWS as a key partner on all requirements of the contract that involve identity management, biometrics and voice translation,” said Wayne
More at http://www.tradingmarkets.com

News identity management, imageware ssystems

The following are the countries which are issuing epassports till December 2008.

1 Malaysia (1998.3.1)
2 Dominican Republic (2004.5.1)
3 Pakistan (2004.10.25)
4 Belgium (2004.11.24)
5 Thailand (2005.5.26)
6 Monaco (2005.7.18)
7 Sweden (2005.10.3)
8 Norway (2005.10.3)
9 Australia (2005.10.24)
10 Germany (2005.11.1)
11 New Zealand (2005.11.4)
12 UK (2006.3.6)
13 Japan (2006.3.20)
14 France (2006.4.12)
15 Singapore (2006.4.29)
16 Iceland (2006.5.23)
17 Austria (2006.6.16)
18 Portugal (2006.7.31)
19 Denmark (2006.8.1)
20 USA (2006.8.14)
21 Spain (2006.8.14)
22 Finland (2006.8.21)
23 Holland (2006.8.26)
24 Greece (2006.8.26)
25 Lithuania (2006.8.28)
26 Luxembourg (2006.8.28)
27 Slovenia (2006.8.28)
28 Poland (2006.8.28)
29 Hungary (2006.8.29)
30 Czech Republic (2006.9.1)
31 Russia (2006.9.1)
32 Andorra (2006.9.1)
33 Switzerland (2006.9.4)
34 San Marino (2006.10.12)
35 Ireland (2006.10.16)
36 Liechstenstein (2006.10.26)
37 Italy (2006.10.26)
38 Somalia (2007.1.21)
39 Hong Kong (2007.2.5)
40 Brunei (2007.2.17)
41 Cambodia (2007.3.6)
42 Macedonia (2007.4.2)
43 Estonia (2007.5.22)
44 Ukraine (2007.6.1)
45 Iran (2007.7.1)
46 Venezuela (2007.7.1)
47 Maldives (2007.7.26)
48 Nigeria (2007.8.17)
49 Latvia (2007.11.20)
50 Bahamas (2007.12.5)
51 Senegal (Dec 2007)
52 Republic of Moldova (2008.1.1)
53 Slovakia (2008.1.15)
54 South Korea (2008.3.11)
55 Qatar (2008.4.20)
56 Montenegro (2008.5)
57 India (2008.6.25)
58 Serbia (2008.7.7)
59 Turkmenistan (2008.7.10)
60 Ivory Coast (2008.7.30)
61 Malta (2008.10.8)
62 Republic of China (Taiwan) (2008.12.29)

News electronic passport, epassport

Innobuzz Knowledge Solutions, a premier Information Security Training Company recently organized a training program at Modern School, Barakhamba Road on Ethical Hacking which lasted over a week. During this training which was attended by a little over 50 students, the participants were taught about techniques which a cracker can use and how these students can protect themselves from these cyber criminals and online frauds.

According to Mr. Ankit Oberoi, “Information Security is a very important topic these days. You may have the best IT Security system implemented but if the users are not savvy enough, it will be a complete waste, Hence training about Ethical Hacking is critical. Since most of the Information Systems are digital these days, Hackers can do almost anything ranging from canceling your telephone connections to stealing money from your bank accounts. In fact, hackers can also hack your system and then use it as a proxy to hack more systems, making you a partner in their crime, while you are complete unaware about it.”

“We were very excited throughout the training program and have learnt a lot about various topics including phishing, sniffing and different type of attacks etc . Hacking is all about understanding a system very well and then finding flaws in it. After this a hacker will exploit these loop holes for his personal benefit while ethical hacker works on securing these flaws and fixing them.” Adds Harshit Jain, a student from the School.

Computer security events india IT security, security-education

Singletrackworld.com, the website that pre-dated Singletrack magazine, is currently offline following a malicious attack by a 17 year old hacker in a coding attack he has admitted to Mark Alker, publisher of Singletrack, was “random”.

The attack was said to have been conducted for bragging rights on Evilzone.org, a hackers website that was later attacked itself by coders unconnected to, but sympathetic towards, Singletrackworld.com.

31 000 email addresses were sent spam messages from the hacker, including wishes for a Happy Christmas.

It’s been anything but for the owners and staff at Singletrack. 

Mark Alker, in aggrieved, staccato mode, told BikeBiz: 

“Site deleted…31k email addresses stolen…Servers go down… Hosting company goes bust… Pissed off mountain bikers fight back against the hackers… Hackers website goes down… German hosting company of said site takes them off the air.. . Contact made with FBI since Singletrack servers hosted in the US makes it a US federal crime… UK police don’t think it’s a crime at all and so have to be pointed at the Misuse of Computers Act 1990… Singletrack losses estaimated at several thousand a week… Readers begin donation campaign to help keep us going and fight the hackers… Hacker tracked down to a 17 year old living in Norwich…Name and address passed to police.. Police do nothing.. Hackers website memberss begin a denial of service attack on Christmas Day.. Site goes down again for 7 hours.. Back up Boxing Day with two tech guys fighting off wave after wave of attempted site hacks… New servers rented from a UK host.. Today work begins on rebuilding Singletrackworld entirely from scratch…Legal issues continue and solicitors contacted with a view to seeking damages from hacker.”

More at http://www.bikebiz.com/news/

News christmas hack, singletrackworld.com

Morro is going to be introduced by Microsoft to guard your PC from viruses, trojans, hacking etc. It is a free gift from microsoft. It will be mainly use in notebooks. 
The no cost product will help the users to rely on Microsoft products in a confident way to out class the security threats.” 

So when does the rush of consumers getting Morro and software makers going out of business begin? Not for a while. Windows Live OneCare is scheduled to remain on sale through June 30th, 2009, and it’s during the phasing out of this product that Morro is supposed to become available for download. 

The product will be suitable for windows xp, Vista and windows 7 along with internet explorer which means the browser like safari and firefox will be deprived of this free tool. 

Then there are the intentional gaps and potential for problems to consider. In regards to that first subject: encryption, firewalls, password protection, parental controls, and backup programs haven’t been addressed. 

Still, Morro’s introduction looks to be a revolutionary moment in the PC security solution industry.

Computer security tools, Microsoft security free security tools, microsoft tools, morro

U.S. patent application number 20080319910, published on Christmas Day, details Microsoft’s vision of a situation where a “standard model” of PC is given away or heavily subsidized by someone in the supply chain. The end user then pays to use the computer, with charges based on both the length of usage time and the performance levels utilized, along with a “one-time charge.”

Microsoft notes in the application that the end user could end up paying more for the computer, compared with the one-off cost entailed in the existing PC business model, but argues the user would benefit by having a PC with an extended “useful life.”

“A computer with scalable performance level components and selectable software and service options has a user interface that allows individual performance levels to be selected,” reads the patent application’s abstract. The patent application was filed June 21, 2007.

“The scalable performance level components may include a processor, memory, graphics controller, etc. Software and services may include word processing, email, browsing, database access, etc. To support a pay-per-use business model, each selectable item may have a cost associated with it, allowing a user to pay for the services actually selected and that presumably correspond to the task or tasks being performed,” the abstract continues.

More at CNN

News computing, microsoft program, pay as you go

A couple of updates is all that it takes for occasional stop errors affecting Windows XP-based computers to not be a nuisance at all. According to Microsoft, all versions of Windows XP, including Service Pack 3, can return a stop error message that kills the restart process. However, the company emphasized that the issues were occasional at best, and that, in this context, end-users might not even come across the restart failures. Still, when it comes down to reboot cycling tests, the problems are more likely to occur.

 Microsoft Corporation is not agree with the researcher claim of windows media vulnerability. The flaw does not posess any security risk as it is a reliabilty issue.

According to researcher Laurent Gaffi, the vulnerability could be used by hackers armed with malformed .wav, .snd, or .mid audio files to attack on windows xp and vista.

Several editions of Windows Media Player, including Versions 9, 10 and the newest, 11, are vulnerable, Gaffi reported in his disclosure on Dec. 24 to the Bugtraq security mailing list. Gaffi also included proof-of-concept attack code that he said would allow remote code execution.

Microsoft claimed that this bug cannot be leveraged for arbitrary code execution. Ness and Serna said company researchers had found the bug earlier, and fixed it in at least one version of its server software.

Microsoft aim at fixing this bug in future releases of windows media. This particular bug, for example, has already been fixed in Windows Server 2003 Service Pack 2,” Ness and Serna said.

Microsoft security, Windows security Laurent Gaffi, media bug, windows media bug