Stanleytp018503's Blog

Prevention of Security Threats

Posted on August 20, 2010 by stanleytp018503

Social Engineering
-Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
-Don’t send sensitive information over the Internet before checking a web site’s security.

Trojan Horse
-Never execute programs unless they are from a trusted source.
-Never open e-mail attachments unless you know who they’re from, especially attachments with the extensions .exe, .ink and .vbs.
-Update your antivirus and security software on a regular basis.

Distributed Denial of Service
-Install latest security patches
-use and turn on firewalls

Sniffing
-use SSL(Secure Socket Layer) where digital certificates and signatures help to encapsulate data
-IP Security insures some form of protection at each packet level

IP Spoofing
-reject packets originating inside of your network that claim to come from a host on the outside
-use access control to deny IP addresses on your interface

Brute Force Attack
-restricting the amount of valid login attempts
-ban IP address after multiple login fail attempts

Shoulder Surfing
-if you are using an ATM (Automatic Teller Machine) try to ensure that no one is standing behind you. If you feel that the individual behind you is too close ask them to take a few steps back. Most ATMs now have lines marked on the pavement to indicate the distance at which a waiting customer should stand behind someone already using the machine
-memorise your PIN number – never write it done and under no circumstances leave it in a wallet or purse along with your cars
-you should never carry letters or statements from banks or building societies about your person. These documents along with your credit or debit card can be a gift to any would be robber

Sabotage
-use virus scanner to remove bugs from your system
-don’t put personal information on Windows if your connection is through a DSL line

Posted in Uncategorized | Leave a comment

Security Threat Terms

Posted on August 13, 2010 by stanleytp018503

Below are some of the security threat terms common to us:

1. Social Engineering – the act of manipulating people into performing actions and giving up confidential information, rather than by robbing or using technical techniques. It’s similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.

2. Salami Slicing – practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent which results in huge sums of money stolen.

3. Trojan Horse – a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage.

4. Distributed Denial of service – multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

5. Sniffer – computer software or hardware that can intercept and log traffic passing over a digital network.

6. IP Spoofing – a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers etc.

7. Brute Force Attack – a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard keys, through great effort rather than employing intellectual or technical strategies.

8. Shoulder Surfing – using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone.

9. Sabotage – a deliberate action aimed at weakening another entity through subversion, obstruction, disruption, or destruction. In a workplace setting, sabotage is the conscious withdrawal of efficiency generally directed at causing some change in workplace conditions.

10. Electromagnetic Interference – is the disruption of operation of an electronic device when it is in the vicinity of an electromagnetic field usually caused by another device.