In a new "phishing" scam, online low-lives are sending email messages
designed to look like they are from Microsoft. These emails direct
you to a Web site designed to look like the Microsoft site, where they
hope you'll download a "patch" that actually installs a Trojan on your
computer. The Trojan allows the hacker to take control of your computer
remotely.
This is especially dangerous because the message comes near the "Patch
Tuesday" day when Microsoft issues its monthly security updates, thus
fooling many users into thinking it's a genuine notice. Don't be taken in by
this scam, and be sure to warn other PC users who may not be technically
savvy that Microsoft does not ever distribute their security updates through
e-mail links in HTML mail. Read more here: http://news.zdnet.com/2100-1009_22-5660042.html?tag=nl.e589
According to a recent report, the quantity of instant messaging
threats increased 250 percent in the first quarter of 2005, compared with
the same period last year. The research, which tracks viruses, worms, spam
and phishing attacks sent over public IM networks, also contends that
reported incidents of newly discovered IM threats have grown by a whopping
271 percent this year.
The report by the IMlogic Threat Center--an industry consortium led by
security software maker IMlogic--found that more than 50 percent of the
incidents reported to the Threat Center during the first quarter of 2005
involved attacks at workplaces where freely available IM software such as
AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger
is used. Based on that data, the consortium advises that companies take a
closer look at managing IM security issues.
Before submitting your email address or other personal information
online, you need to be sure that the privacy of that information will
be protected. To protect your identity and prevent an attacker from
easily accessing additional information about you, avoid providing
certain personal information such as your birth date and social
security number online.
How do you know if your privacy is being protected?
Before submitting your name, email address, or other personal
information on a web site, look for the site's privacy
policy. This policy should state how the information will be
used and whether or not the information will be distributed to
other organizations. Companies sometimes share information with
partners who offer related products or may offer options
to subscribe to particular mailing lists. Look for indications
that you are being added to mailing lists by default -- failing
to deselect those options may lead to unwanted spam.
To protect attackers from hijacking your information, any
personal information submitted online should be encrypted so
that it can only be read by the appropriate recipient. Many
sites use SSL, or secure sockets layer, to encrypt
information. Indications that your information will be
encrypted include a URL that begins with "https:" instead of
"http:" and a lock icon in the bottom right corner of the
window. Some sites also indicate whether the data is encrypted
when it is stored. If data is encrypted in transit but stored
insecurely, an attacker who is able to break into the vendor's
system could access your personal information.
What additional steps can you take to protect your privacy?
Before supplying any information online, consider the answers
to the following questions: Do you trust the business? Is it an
established organization with a credible reputation? Does the
information on the site suggest that there is a concern for the
privacy of user information? Is there legitimate contact
information provided?
Submitting your email address could result in spam. If you do
not want your primary email account flooded with unwanted
messages, consider opening an additional email account for use
online Make sure to log in to the account on a regular basis in
case the vendor sends information about changes to policies.
Some companies offer a phone number you can use to provide your
credit card information. Although this does not guarantee that
the information will not be compromised, it eliminates the
possibility that attackers will be able to hijack it during the
submission process.
To minimize the potential damage of an attacker gaining access
to your credit card information, consider opening a credit card
account for use only online. Keep a minimum credit line on the
account to limit the amount of charges an attacker can
accumulate.
Credit cards usually offer some protection against identity
theft and may limit the monetary amount you will be responsible
for paying. Debit cards, however, do not offer that
protection. Because the charges are immediately deducted from
your account, and attacker who obtains your account information
may empty your bank account before you even realize it.
You've heard about "phishing" schemes, but what about "pharming?"
Instead of sending you email that directs you to a Web site
pretending to be that of a legitimate owner, the "pharmer" hijacks
your browser to his own site when you type in a legitimate site's
URL (such as that of your online bank).
Pharming uses a technique called DNS poisoning. The Domain Name
System (DNS) servers contain directories that are used to match
Web addresses (such as www.HighCaliber.com) to the IP address where
that Web server actually resides. DNS poisoning involves changing
those records so that the address will take you to a different
Web server (usually that of the pharmer's).
This is especially dangerous because security experts have warned
users to type in such addresses instead of clicking on links,
thus leading them to believe that if you type it in, you're safe.
Tired of having to remember scads of user ID's and passwords?
The solution to this problem might lie in biometric authentication.
Interesting reading: http://www.biometrics.org/html/introduction.html
Here are some frequently asked questions regarding firewalls.
Firewalls are one of the most basic security measures that should be put
in place to protect your systems.
What is a firewall?
Basically, a firewall is a system designed to control access
between two networks.
There are many different kinds of firewalls — packet filters, application
gateways, and proxy servers. They can take the form of software that runs
under an operating system, like Windows or Linux. Or, these firewalls
could be dedicated hardware devices designed solely as firewalls.
Why would you want a firewall?
Firewalls protect your network from unwanted traffic. Many times, the
unwanted traffic is from hackers trying to exploit your network. You
want a firewall to protect your network, just as you want locks
on your door and windows at your home.
Is a proxy server a firewall?
A proxy server is a form of a firewall. In legal terms, a proxy is someone
who goes and performs some action on your behalf. A proxy server performs
network transactions on your behalf. The most common use for this is a
Web-proxy server. A Web-proxy will take requests from users’ Web browsers,
get the Web pages from the Internet, and return them to the user’s browser.
Many times, a proxy server also performs authentication to see who is
requesting the Web pages and also logs the pages that are requested and the
user they are from.
Do firewalls stop viruses, Trojans, adware, and spyware?
No, in general, firewalls do not stop viruses, Trojans, adware, or spyware.
Firewalls, usually, only protect your network from inbound traffic from an
outside (Internet) network. You still need antivirus software, anti-adware
and anti-spyware software applications to protect your system when it does
go out on the Internet.
How do I know that my firewall is really protecting my network?
Just like any security system, a firewall should, periodically, be tested.
To test a firewall, you could have a professional security-consulting
company do a security vulnerability scan. However, this is usually something
you can do yourself. To do this, you could use a port-scanner or a more
advanced tool like a vulnerability assessment tool (such as Retina, Saint,
or ISS).
What are the different types of firewalls?
The different types of firewalls are:
Packet filter – A packet filter looks at each packet entering the network
and, based on its policies, permits or denies these packets. A Cisco IOS
Access Control List (ACL) is a basic firewall that works in this way.
Stateful packet filter – A stateful packet filter also has rules; however,
it keeps track of the TCP connection state so it is able to monitor the
“conversations” as they happen on the network. It knows the normal flow of
the conversations and knows when the conversations are over. Thus, it more
intelligently is able to permit and deny packets entering the network.
Because of this, a stateful packet filter (stateful firewall) is much more
secure than a regular packet filter.
Application gateway – An application gateway is a system that works for
certain applications only. It knows the “language” that that
application/protocol uses and it monitors all communications. An example
would be an SMTP gateway.
Proxy server – A proxy server performs network transactions on your behalf.
The most common use for this is a Web-proxy server. A Web proxy will take
requests from users’ Web browsers, get the Web pages from the Internet, and
return them to the user’s browser.
What do VPNs have to do with firewalls?
Virtual Private Networks (VPN) are used to encrypt traffic from a private
network and send it over a public network. Typically, this is used to
protect sensitive traffic as it goes over the Internet. Many times, you will
have a VPN encryption device combined with a firewall because the private
network traffic that is being encrypted also needs to be protected from
hackers on the public network
What are IDS and IPS? Also, what do they have to do with firewalls?
An Intrusion Detection System (IDS) monitors for harmful traffic and alerts
you when it enters your network. This is much like a burglar alarm.
An Intrusion Prevention System (IPS) goes further and prevents the harmful
traffic from entering your network.
IDS/IPS systems recognize more that just Layer 3 or Layer 4 traffic. They
fully understand how hackers use traffic to exploit networks and detect or
prevent that harmful traffic on your network.
Today, many IDS/IPS systems are integrated with firewalls and routers.
What is a DoS attack and will a firewall protect me from it?
A Denial of Service (DoS) attack is something that renders servers, routers,
or networks incapable of responding to network requests in a timely manner.
Firewalls can protect your network and its servers from being barraged by
DoS traffic and allow them to respond to legitimate requests, thus, allowing
your company to continue its business over the network.
