Picture this: You’re at a café with your laptop and latte in hand, getting ready to review new sales leads and the quarterly financial projections. First you hop on the free Wi-Fi that the shop’s management provides. Then you connect your laptop to a projector so that the entire café can take a look, and finally you hand out some printed copies of your confidential product specifications to the other patrons so that they can follow along. That may sound ridiculous, but if you’re using public-access Wi-Fi without taking the proper precautions, you might as well be asking your coffee compatriots to partake in confidential company information.

That’s an abstract from a pretty good article in NetworkWorld. I previously also posted about the dangers of public wireless networks.

Consider however, how probably is it that a competitor or anyone else for that matter is lurking steal your data? You don’t know and neither do I. Just remember that it’s very easy to do so protect yourself.

Read full article: http://www.networkworld.com/news/2010/041310-how-to-stay-safe-on.html

If it ever happens……

Download link: http://csrc.nist.gov/publications/drafts/800-119/draft-sp800-119_feb2010.pdf

As the number of people connecting to the Internet continues to increase at a rapid pace, more and more of us are now creating our own home computer networks.
With these we can enjoy the benefits of having high bandwidth, instant access to the Internet and make this connection available to multiple computers in and around the home.
But for those unfamiliar with computer security, they are completely unaware of the risks they may be exposing their computer to.
Without implementing a proper computer security solution, your computer may become infected with viruses, spyware, and/or adware. These are all forms of malware than can play a part in rendering a computer unusable, destroy valuable information your storing, provide complete control of a computer to another person, allow someone to steal the information on your computer, record your keystrokes and give a 3rd party access to your online bank account, allow someone to use your computer to attack a computer belonging to somebody else, etc.
And if you opted for a wireless network, you could be sharing out your Internet connection to your neighbors or that person who has been sitting outside your house in the car for the last few hours. What is more, you are increasing the risk of exposing your own computer to hackers as a result.
So What Are The Basics of Computer Security?

1. Make sure that the link between you and the Internet is safe.You need to have a hardware firewall installed between you and the Internet. Most recent devices that connect you to the Internet have one built in, but in any case you need to make sure that what you have is a stateful firewall.It should give your computer full access to the Internet, but block all traffic trying to access your network when originated from the Internet side.
2. Secure your Internet router.Change the administrator password and if possible the administrative account name as well. Everyone who has bought that device will know what the default account and password is, so you must change these and make them difficult to guess. This is especially important if you have a wireless network.
3. Install anti-virus software on your computer.Make sure it scans the computer for viruses at least once a week. Keep the software up to date and make sure that the virus definitions are updated every day. Also make sure that this is monitoring the computer all the time to help prevent it being infected in the first place.
4. Install a personal firewall on your computer.Not only should this help limit the damage malware can do to your computer, but it should also reduce the chances of this spreading to other computers. Get in the habit of checking the dialogues that you are prompted with and only allow Internet access to applications that really need it.
5. Install anti-spyware software on your computer.Make sure it fully scans your computer for spyware at least every week. Keep the software up to date and make sure that the definitions are updated every day. Also make sure that this monitors your computer all the time.
6. Keep up to date with the security patches for your Operating System.Microsoft release security updates for Windows every month. However, make sure your computer is configured to automatically check for downloads every day and at a time when your computer is most likely to be turned on.
7. Secure your wireless network.Do not broadcast your SSID (Service Set IDentifier). Although it can be learned by someone who is determined, there is no point making things easy. So make sure this is disabled. Restrict access to your wireless network based on the MAC (Media Access Control) address of your computer. Yes, these can be faked, once known, but why make things simple?Implement WPA (Wi-Fi Protected Access) or WPA2, if you can, to further secure your wireless network. And use a pre-shared key which is not easy to guess.

Conclusion
Although, you can never make a computer 100% secure, the objective is to put as many obstacles in the way and put off the casual hacker. So by following these 7 basic steps you will have a more secure computing environment. And remember, by implementing proper computer security on our own computer, we are making the Internet a safer place to surf for everyone.

Author: David S McKone
Article Source: EzineArticles.com

Is your banking practices putting your business at risk? Protect your small business accounts from cybercriminals. The Wall Street Journal offers the following suggestions for small businesses seeking to ward off an attack:

Defend your Computer

Hackers often take aim at small firms’ computers because they are easier to infiltrate than banks’ systems. One common mode of attack is to send a “spear phishing” email containing an infected file or a link to a malicious Web site to employees with access to the firm’s financial accounts. Once the employee opens the attachment or goes to the Web site, malware is installed on the computer that allows criminals to access banking logins and passwords. While up-to-date antivirus software offers substantial protection against malware, it isn’t 100% effective.

Accessing your bank account through a computer that isn’t used for anything else—no email or Web surfing—and isn’t connected to the local network offers strong protection, says William Nelson, president of the Financial Services Information Sharing and Analysis Center, an industry group that collects and shares threat data.

Another option is to use an obscure computer operating system such as Ubuntu or Web browser such as Opera because attackers rarely create malware for them, security experts say.

If you use Microsoft Corp.’s Internet Explorer browser, make sure you have the latest version, IE 8, which includes security features to help prevent attacks. Consider using Explorer in “protected mode,” which restricts files that try to install on a computer without the user’s consent, and set your “Internet zone security” to “high,” which disables some of Explorer’s less-secure features, according to Microsoft.

Protect your Accounts

Ask your bank to set up “dual controls” on your account so that each transaction requires the approval of two people—a good guard against fraud, security experts say. Establish a daily limit on how much money can be transferred out of your account, and require that all transfers be prescheduled by phone or confirmed via phone call or text message. If possible, impose restrictions on adding new payees, security experts say.

Check bank balances and scheduled payments at the end of every workday, rather than the beginning, and immediately contact your bank if anything is amiss. Banks use the Automated Clearing House system to transfer funds to payees’ banks. These transfers usually aren’t paid until the next morning, so timely action could halt the completion of a fraudulent transaction, Mr. Nelson says.

Shop for a Bank

Review your agreement with your bank and know what rights you may be waiving by not using certain security measures. While agreements between banks and commercial customers typically absolve banks of responsibility for fraud losses, the bank down the street may offer better protections, so shop around. Also, consider adding insurance coverage for fraud losses.

Many banks, concerned about damage to customer relationships, have stepped up their defenses against cyberattacks, rolled out new protections for customers and begun sharing more threat information with each other and law enforcement, Mr. Nelson says.

An emerging motivator may be a growing number of lawsuits by small companies claiming their banks didn’t have “commercially reasonable” security.

A judge in a closely watched case involving a self-employed couple’s personal and commercial accounts said in refusing to grant a summary judgment that a jury might find fault with the adequacy of the bank’s defenses, which the plaintiffs argued weren’t state of the art at the time of the theft. The case—Shames-Yeakel vs. Citizens Financial Bank—was settled in late December under confidential terms. The plaintiff’s lawyer, John Soumilas of Francis & Mailman PC in Philadelphia, says he pursued the case as one of consumer-identify theft, where protections are ample.

Still, David D. Johnson, a digital-media lawyer at Jeffer, Mangels, Butler & Marmaro LLP in Los Angeles who wasn’t involved in the case, says the judge’s action suggests that “a bank can’t simply rest on its laurels, on its security measures that worked last year,” and avoid liability. The judge declined to comment, and Citizens Financial didn’t return a call for comment.

Reach Out

Connect with law-enforcement agencies before an incident occurs, suggests Mr. Henry. He says small businesses should consider joining the FBI’s InfraGard, a group of businesses, academic institutions and state and local law-enforcement agencies that seek to ward off cyberattacks and other threats by sharing information and intelligence.

He also urges companies to report all computer crimes immediately to the FBI. The agency has relationships with law-enforcement organizations around the world that are starting to bear fruit, he says, pointing to the recent arrest of 120 people tied to Romanian groups that allegedly stole money from U.S. companies and citizens.

“In the cases where we have put hands on somebody, it was the result of a victim company raising their hand and saying this happened,” Mr. Henry says. “If they hit you today, they’re hitting the guy down the street tomorrow.”

Shmoocon was this weekend. Unfortunately,I couldn’t get a ticket this year. The darn things sell out too quickly. If I had known Washington, DC would be buried under more than two feet of snow, I wouldn’t have been upset at my supposed misfortune. For the first time, the presentations were streamed live over the internet as most who had gotten tickets would not have been able to make it due to the weather. The recorded presentations can be viewed at the Shmoocon web site.

Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users.

These threats include shortened urls, scareware, rougue Wi-Fi hotspots, etc.

Don’t let that happen to you. Here are  descriptions of 11 of the most recent and most malignant security threats, as well as complete advice on how to halt them in their tracks.

Read full article at http://www.networkworld.com/news/2010/012510-stop-11-hidden-security.html?page=1

The fifth edition of this best-selling comprehensive CISSP training resources was released on January 15, 2010. After taking the CISSP certification examination, I found that this was by far the text that came closest to covering the breath of the concepts on the exam and in the appropriate depth. The CISSP exam is often referred to as “mile wide and inch deep” because it thrives to cover all aspects of information security without getting too far in the weeds.

This book is written by the bestselling author and a respected IT security trainer Shon Harris. It serves as both a comprehensive certification study guide and student work book, and a fundamental on-the-job reference. The included CD-ROM includes more than 800 simulated practice questions in a Windows-based test engine, an electronic book, and video training from the author.

I personally recommend it. Most people who had previously taken the CISSP exam told me how hard it was . I believed them. And as I did not intend to take it twice. I invested a lot of time ( 6 months ) in preparing.  I left the exam hall after three and a half hours feeling pretty confident. Thanks, partly to Shon Harris, I was well prepared and found the exam to be relatively easy.  More details on the text can be found here.

Other CISSP training can also be locate here.

Our thoughts and prayers go out to all those affected by the tragedy in Haiti. To make matters worse, as is often the case with any incident that captures the attention of the multitudes, cyber-crooks are doing all they can to take advantage of the unsuspecting web browser looking for information of ways to help.

There are a large number of domains being registered and parked relating to the disaster. Not all of these are malicious naturally however if we learned anything from Hurricane Katrina, this is a precedent to cynical scams attempted to exploit the generosity of the unsuspecting. Scammers use a variety of means to drive traffic including promoting on social networks like Twitter, Facebook and MySpace, paid advertising, and search engine manipulation. Security Research Firm Websense reported that search terms relating to the earthquake are leading to a rouge anti-virus program. Since you should already have anti-virus software installed, updated and running on your computer, cancel out of any suspicious alerts and run a scan using your own anti-virus software. A video demonstrating search engine manipulation can be found here. Once on the site, attackers may also tempt users to download malware in the guise of video reports about the disaster.

Those looking to make donations will be well-advised to go directly to the web site of the International Federation of Red Cross and Red Crescent Societies. The FBI has also posted an alert warning of possible charity donation scams. The IRS also maintain a list of tax exempt charitable organizations. This can serve as a check as well.

Black Hat, one of the biggest and most popular security conferences in the world, will have its DC event at the Crystal City Hyatt Regency from Jan 31 to Feb 3. Black Hat was founded by Jeff Moss, one of the most sought after security voices in the world. The conference is composed of two major sections, Presentations and Training. Regular tickets for the presentations ( referred to as briefings)  go for $1495 (ouch) until Jan 15 and then  for $1695 until Jan 30. Tickets will be sold on site for $1995. The list for speakers and topics can be found at www.blackhat.com. There are also a host of security related training courses held during the event. The course cost from $1800 to $3800 per course. The complete list can be found here.

An archive of presentations from previous years can be found at Black Hat Media Archives. This includes presentations from all Back Hat events.

ClubHack is an “international” hacker conference in India started in 2007. Although this is only the third year, some of the presentations are pretty interesting. See  http://clubhack.com/2009/presentations