Nov 17 2008

Harmful Spyware and their stealthier means

Category: Information Security,MalwareDISC @ 2:55 pm

Dozens of pop-up ads covering a desktop.

Spyware is utilized to gather information about a person with or without their consent and it intercept or record personal/financial information. Some spyware are capable of sending information back to another computer (originator of the spyware).

Characteristic of Spyware

• Compromise user machine without their knowledge
• Use vulnerabilities in the software to push a spyware code on the machine
• Install Trojans to gather data
• Gather personal and financial information to send it to attackers

Spyware are used to gather different kind of information which includes but not limited to advertising, corporate monitoring, child monitoring, governmental monitoring. Besides their legal use which is based on company policy or regulations monitoring spywares can be used for spying on a person without their consent. More common types of spywares are adware (serve advertising) and key-loggers (record keystrokes)

How you can get spyware on your machine: Spyware can be installed on your machine in many ways.

Below are some of the common ways to deliver spyware.
• Spyware can be installed on a computer via a virus or an email Trojan.
• Spyware can be installed on a computer by taking advantage of security flaws in Internet Explorer.
• Spyware sometime are included in the shareware program. User agreement for the shareware may make a reference to grant permission to allow the recording of your internet use
• Pop-up downloads are becoming a preferred method of installing spyware and adware. Pop-up download windows ask the users to download a program to their computers.
• Another popular way to distribute spyware is a drive-by download. It installs itself on the computer without user knowledge. It can be installed by simply visiting a website.

Windows Defender is software that helps protect your computer against pop-ups, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Most popular antivirus products now include adware and spyware scanning. You can find more adware and spyware removal tools at the Spyware Protection and Removal guide. This Web page includes links to popular spyware removal programs, as well as a number of useful articles. Also in Internet Explorer 7 (IE7) you can turn on/off the pop-up blocker. IE7 -> Tools -> Pop-Up Blocker. There is a pop-up blocker setting where you can allow exceptions for some sites and setup pop-up filter to high, medium and low.

Anti-Spyware, Registry Cleaner & PC Optimizer

Computer users particularly need to watch out for bogus spyware removal programs. They are dangerous because they punish the user for doing something right. Victims think that this will remove the spyware, instead in some cases computer users are paying to install a spyware.
Checkout the Rouge Anti-Spyware Products table

How to Protect from Spyware
httpv://www.youtube.com/watch?v=_w-DZNbq66I&feature=PlayList&p=18F23434175F964D&playnext=1&index=26

Reblog this post [with Zemanta]

Tags: adware, bogus spyware, drive-by download, financial information, Internet Explorer, keylogger, Pop-up ad, rouge anti-spyware, Security, shareware, Spyware, trojan, virus, Windows Defender, World Wide Web

Nov 04 2008

Open Network and Security

Category: Information Security,Open NetworkDISC @ 7:54 pm

Made and uploaded by John Manuel - JMK{{#if: |...

Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment.

Universities are famous for open network. Most Universities network is comprised of a Bank (To give loan to students), a restaurant, and a bookstore which have credit card processing ability. Students, alumni, researchers, employee and staff need access to utilize resources. Now how would you control access if same person assume all the roles mentioned above. Universities are basically transient communities, where users come back and plug-in their new devices and expect an immediate access to all the resources. Where the reputation of openness is challenge at every step of the way, now the question is how can they maintain reputation and yet control the environment based on security policies.

Reasonable security can be accomplished by focusing on a process rather than adding yet another security control. The process is based on risk assessment program where you assess your critical assets based on threat and vulnerability pair and measure the likelihood and impact of a threat if a given vulnerability is exploited.

The process start with knowing your assets – Network registration will detect when you plug-in your new equipment. Before you get an access, it detects a hardware address and username. You can also control common misconfigurations and noncompliance issues with network registration process. Some vulnerability management systems discover assets and perform vulnerability and security configuration assessment to proactively identify and prioritize risks. New vulnerabilities are accessed from trusted site on a regular basis and when vulnerabilities are identified, the management system needs to have an ability to remediate to comply with the information security policy.

Most of the departments in an open network contains different systems and applications and basically have different security appetite. Distributed IT Governance can address this issue where you develop policies and procedures which fit their needs and hand it over to the department to comply.
Open network requires pretty much open borders, Instead of securing the network/system emphasis should be on data protection.

[TABLE=9]

Recent news from AT&T to make its network open where customers can use any handset of their choice, perhaps a reaction to in response to recent moves from Verizon and Google to promote open network. Specifically Verizon announced that it would allow “any device” and “any application” to operate on its network. These open networks does provide flexibility for customers but at the same time burden lies on the shoulders of the corporations to provide right balance of security and privacy with availability of the network.

In an open network, reasonable security can be achieved by embracing ISO 27k standard and eventually acquiring ISO 27001 (ISMS) certification. Information Security Management System (ISMS) can be a great value added process to manage ongoing monitoring, maintaining and for process improvement of an open network. ISMS as a process in-place provides reasonable security safeguard to your information and certainly help to minimize the liability in the court of law.

End-to-End Network Security: Defense-in-Depth by Omar Santos
httpv://www.youtube.com/watch?v=zTJSMjYd9c4

(Free Two-Day Shipping from Amazon Prime). Great books

Reblog this post [with Zemanta]

Tags: AT&T, Computers, Credit card, data protection, heterogeneous, impact, Information Security, Information Security Management System, isms, iso 27001, ISO 27k, ISO/IEC 27001, IT Governance, likelihood, Network registration, Omar Santos, Reasonable security, risk assessment program, security controls, threat, Universities network, Verizon, vulnerability, vulnerability management systems

Oct 17 2008

SmartPhone and Security

Category: Information Security,Smart PhoneDISC @ 1:53 am

Mobile spyware is malicious software which is used to spy and control mobile devices (BlackBerry, PDAs, Windows Mobile and Cell Phones). Mobile spyware will not only intercept the message between two devices but also determine the location of the device. Basically, mobile spyware software is installed on a mobile device to spy on them.

Small businesses are usually not equipped to handle these threats. Just like laptops and desktops – mobile devices need security controls like antivirus, personal firewall, encryption and VPN to provide needed level of protection. Small businesses need to be aware of the security threats, like they might think that they are installing a game, which might very well be a key logger (logs your key strokes) or trojan software.

[TABLE=6]

Hackers on the move, WSJ August 11, 2008 by Roger Cheng – where he writes about more companies are letting employees use their personal smart phone at work and the security experts warns about the present threats in the industry. http://online.wsj.com/article/SB121803418845416977.html

Tips to safeguard your smartphone
httpv://www.youtube.com/watch?v=S64J4BCCoi4


(Free Two-Day Shipping from Amazon Prime). Great books

Tags: antivirus, encryption, hacker, intercept, key logger, malicious, mobile phone, mobile spyware, personal firewall, roger cheng, security controls, security expert, spy, threats, trojan, vpn, wsj

Sep 29 2008

Vista and defense in depth

Category: Information Security,Vista SecurityDISC @ 3:47 pm

To be competitive and successful in today’s business environment demands a serious consideration of information security. Sometime low risk item could damage your company business and can lead to lose sensitive data. To recover from the aftermath of an incident can be a costly proposition.

One way to deal with the new threats is to be vigilant and know your weaknesses by assessing your infrastructure. On the other hand it helps a great deal to have an operating system which comes with built in security controls which you can turn on and off based on your security needs. Microsoft claims that Vista is the most secure operating system yet and was built with security as a top priority. However with all these built in security features, you may need to make some configuration changes to fit in your security requirements.

Windows Vista comes with many built in security features to protect your business assets. Below are the new security features.

[TABLE=4]

In the past access was the top priority for Microsoft operating system (open by default – start locking down as needed). Now in Vista the control is a top priority (closed by default – start opening up as needed).
Vista security development life cycle (SDLC) follows defense in depth model which compartmentalized and makes it tough for the intruder to get to the crown jewel. At the same time intruder risk the chance of detection at every layer. Defense in Depth model:

[TABLE=5]

Vista Service Hardening:
Vista service hardening is designed to run services with the least possible privileges. Four different features are utilized to achieve service hardening.

o Service isolation
o Least privilege
o Restricted network access
o Session 0 isolation

Service isolation – is a method by which a service can access an object without having a super user access account to secure the objects like registry keys.

Least privilege – Based on best practice each service should utilize the least privilege necessary to accomplish the task. Under Vista, when service initiate, it request for specific privileges provided by the local system.

Restricted network access – Under Vista, a service access can be restricted by TCP/UDP port, protocol, and direction that network traffic is flowing. Restricted network access will limit attack vector by blocking unnecessary ports, protocols and direction of the traffic.

Session 0 isolation – Vista does not allow any user application to run with session 0. All user applications must run in session 1 or higher. Only services and other non-user facing application run on session 0, to maintain isolation between services and user application.

Service hardening, when combined with other security features provides a tough defense. This defense in multiple layers is aimed to safeguard your system and also enables your business to be successful by keeping the threats at acceptable distance.


(Free Two-Day Shipping from Amazon Prime).

Tags: closed by default, compartmentalize, defense in depth, incident, intruder, least privilege, open by default, restricted network access, safeguard, sdlc, security features, sensitive data, service hardening, service isolation, session isolation

Sep 04 2008

Web 2.0 and more data

Category: Information Security,Web 2.0DISC @ 5:52 pm

According to the Identity Theft Resource Center of San Diego, “the data breaches are on the rise in 2008” and with more data breaches so are the impact and amount of losses. Web 2.0 is next phase of internet creation, where huge social networks are built and citizens of the network enjoy the interactive and conversational approach of the new web frontier. Does the web 2.0 introduce new threats which can be exploited by cyber criminals?

To aid a social communication, users are required to input personal profile including birth date and residence addresses into these social networks to participate, which happens to provide a target rich environment for cyber criminals. These days new attacks are already taking advantage of personal information, some of which is retrieved from social network sites. If the account is hacked/breached from one of these social network sites, the impersonator can damage the (personal and professional) reputation by modifying the profile or changing/inserting the contents or comments.

Cross site scripting is one of the major threat facing Web 2.0, below is an example of XSS.

“In an incident reported in early December 2006 by Websense, hackers compromised the MySpace social networking site and infected hundreds of user profiles with a worm. This malicious code exploited a known vulnerability to replace the legitimate links on the user profiles with links to a phishing site, where victims were asked to submit their username and password. In addition, according to Websense, the worm embedded infected video in victims’ user profiles.”

AJAX is one of the main programming languages used to develop Web 2.0.

“A traditional Web site is like a house with no windows and just a front door. An AJAX Web site is like a house with a ton of windows and a sliding door. You can put the biggest locks on your front and back doors, but I can still get in through a window.”

What if you happen to be a peace activist or a whistle blower in your company? Then perhaps Uncle Sam or your employer wants to settle scores with you for some reason. The question is who is monitoring them or for that matter stopping them from getting into your account to steal or modify data to damage your reputation or career? The point is, besides all the functional benefits, web 2.0 comes with new threats which we need to be aware of. Without knowing these risks we can’t manage or mitigate them to a point which is acceptable to the society at large.

Web 2.0 contents are mostly interactive or dynamic in nature. The tools which were used to defend static contents might not be feasible for dynamic web 2.0 contents. Non-repudiation, validating the source and real time verification of the contents might be necessary to stay on top of the dynamic nature of web 2.0 threats.

Web 2.0 – Opportunity 2.0 or Threat 2.0?

How freely available online infomation on Web 2.0 was utilized to break into online banking account

Web 2.0 … The Machine is Us/ing Us

httpv://www.youtube.com/watch?v=6gmP4nk0EOE


(Free Two-Day Shipping from Amazon Prime). Great books

Tags: ajax, cross site scripting, cyber criminals, data breaches, identity theaft, mitigate, non-repudiation, phishing, Web 2.0, web 2.0 threats, websense, xss

Aug 08 2008

ISO27k and compliance

Category: Information Security,ISO 27kDISC @ 2:42 am

Security review is performed to identify and analyze risks and weaknesses in the current security posture of an organization. An ISO assessment is performed utilizing international standard ISO 27002 and company security policy, the purpose of the review is to evaluate the information security posture of an organization based on international standard. The level of compliance will indicate how close your organization is to meeting the key objectives for each 133 controls defined within 11 security control clauses collectively containing a total of 39 main security categories and one introductory clause introducing risk assessment and treatment.

It is important to not only assess the control for completeness (all relevant areas are addressed) and comprehensiveness (each individual area is covered completely), but also this balanced framework serves as the basis for both measuring an organization’s effectiveness in addressing risk and structuring an organization’s overall security program. Because ISO 27002 requirements are largely a superset of other major regulations, achieving ISO 27002 compliance positions most organizations to be well on their way to meeting the requirements of SOX, HIPAA and GLBA.

To achieve ISO compliance, thorough assessment utilizing all 133 controls will provide mitigating solution guidelines for gaps. To give your business an edge, conduct a security review based on ISO controls, if you would like to compare your security practices with international standard.
The result of the assessment will not only establish and maintain security policy, but also validates the policy’s completeness, design new controls and provide a road map to mitigate risks. An assessment of risks will determine what issues need to be addressed and provide a guideline to meet security regulations and a road map to build a world class ISMS (Information Security Management System).

ISO27001 is an international standard which is considered as an information security best practice or due diligence and is part of the security controls and audit controls specification document. ISO27002 is a code of practice which recommends guidelines for information security management systems and is closely linked to ISO 27001. ISO27001 continues to provide comprehensive best-practice advice and guidance to private and public organizations around the globe on how to design and implement a compliant information security management system ISMS.
An ISMS is not simply a set of documents. Maintaining and improving ISMS allows it to grow over time to address new business requirements. An ISMS is simply a system which addresses information security risks facing an organization and identifies the level of organization compliance with applicable regulations.

Reblog this post [with Zemanta]

Tags: glba, Health Insurance Portability and Accountability Act, hipaa, Information Security, Information Security Management System, isms, iso 27002, iso assessment, iso compliance, ISO/IEC 27001, ISO/IEC 27002, sox

« Previous Page