Information that is sought to be protected by companies is typically categorized into different levels of confidentiality.  Confidentially pertains to the prevention of disclosing information to unauthorized individuals.  IT security therefore involves making sure that information is released not only to authorized individuals but to individuals who have been specifically authorized for such level of information. 

When information is designated as public, such is expected to be shared without restriction.  These information are presumed not to present any potential harm to its owners even when widely disseminated.  In general, there should be nothing to prevent the sharing of public information. 

Some information are categorized as sensitive.  Sensitive information is released in a controlled manner to a specific group or groups of people.  These people are typically on a need-to-know basis and those who have no business knowing should not get their hands on it.  Since these information are not completely private, there are bound to be some problems with control which is sought to be prevented by identity authentication and specific authorization measures. 

Information that requires the highest level of confidentiality are those categorized as restricted or highly confidential.  The improper disclosure of such information is expected to expose its owners to serious risks.  When restricted information is unnecessarily disclosed, the need for extensive damage mitigation may arise.  The information leakage also warrants investigation so that any further disclosure of information of the same nature will be avoided and prevented.  IT security highly depends on the people having access to critical information.

IT security is not only about protecting the equipments and devices that are presently used but is also about the proper disposal of old equipments and devices.  This is especially important in old computers since we might just be allowing threats to enter our lives.  Hackers are known to be able to penetrate the hard drives of discarded computers to fish out sensitive, personal information. 

To prevent this from happening, it is necessary for computer owners to make sure that no such information or any information can be retrieved in the manner.  The best way is to destroy the hard drive physically through the use of a heavy hammer.   It goes without saying that the hard drive should be removed first from the computer.  This can be done with the proper tools or through the assistance of a computer technician. 

The rest of the computer parts can be sent to a recycling center so that reusable components can be collected to build refurbished ones.  The remaining unusable parts find their way to smelting centers where they can be recycled.  This is one way of helping protect our environment.

There is no telling how personal information retrieved from old computers will be used by criminal elements.  Hackers will be especially looking for information that can allow them to steal the identity of owners such as social security numbers, credit card numbers, and bank account numbers.  Information of this nature in the hands of criminals can wreck havoc on a person’s personal and financial life.   

People often forget that equipments and devices are capable of storing data indefinitely even when they have performed certain tasks to erase them.  Reformatting the hard drive was previously believed to be enough for the purpose but experience show that it is not.  It always makes sense to be one step ahead of criminal minds.

To say that an email is generally insecure is clearly an understatement because of the number of proven threats and invasive practices that have transpired mainly due to violation of its original intent.  Email messages have their intended recipients and when some other party gets to eavesdrop, certain risks arise.  These include identity theft, invasion of privacy, modification of messages, false messages, repudiation, replay of messages, and unprotected back-ups.

An email is sent through the “Simple Mail Transport Protocol” or SMTP.  It uses the “Hyper Text Transfer Protocol” or HTTP language to send a message through the SMTP server in order to reach the recipient.  When the recipient’s actual SMTP server cannot be contacted, the sender’s server will try to contact back-up servers when available.  It will try to contact the intended recipient’s server for a number of days before it finally gives up.  The message becomes available for reading once it is received by the recipient’s server.  The amount of time wherein an email message travels from the sender to the recipient varies depending on the servers’ traffic load.

The travel time of an email is the most critical phase of the process in terms of exposure to risks.  Potential risks can be lessened through the use of encryption.  One way is through symmetric encryption wherein the sender and recipient share a secret key.  Plain text is converted into cyphertext which would appear meaningless to anyone who does not have the secret key.  The message needs to be decrypted before it is understood.  Asymmetric encryption requires the use of a private and public key.  The private key is expected to be kept secret by its holder for the asymmetric encryption to retain its security.  Most email messages are made more secure through the Secure Socket Layer (SSL).

Loss of physical property is not the only concern when a phone, laptop, or netbook goes missing while traveling.  More than the cost of the equipment itself, there is the potential exposure of personal data contained in them that could represent undetermined costs to its owners.  Costs will not be limited to the financial aspect but will include concerns regarding business/trade secrets, security of self and family members, and exposure of other sensitive data that can affect reputation and well-being.

When it is absolutely necessary to bring equipments or files along in travel, travelers will have to anticipate possible scenarios that may occur unexpectedly.  Things do not always go as planned in spite of best precautionary measures taken.  Travelers will have to try to minimize the potential damage by the performance of certain actions such as scrubbing laptops of important files or at the very least encrypting these files when it is necessary to bring them, and opting to bring the less expensive laptop  which could also perform the required functions in travel.  They can opt to bring the next best alternative which when lost is easier accepted.

Securing data requires travelers to remove all those data that are deemed NOT for public consumption from laptops and other mobile devices.  Personal information in the hands of unscrupulous people is like a time bomb waiting to explode on the faces of its owners.  Bank and credit card details should not be conveniently found in the stolen item since this could equate to a major financial debacle.  The scenario becomes even scarier when victimized in a foreign country where travelers have no family or friends to turn to.

Online activity should always be done discreetly.  Travelers should not call attention to themselves when using expensive laptops and other like equipments.  It is always best practice not to check the laptop along with other luggage and have it close while on the plane to avoid the possibility of forgetting about it and leaving it behind.

Computer users lose their privacy once their online presence and activities are no longer anonymous.  Losing anonymity means that someone or a group of people are able to track online behavior.  This includes knowing the user’s location or browsing habits.

Most people are not aware that their online activities are under surveillance.  It should be noted that Internet Service Providers  possess a full record of user activities, not to mention that search engines and websites likewise record all user activities in spite of claims that all data garnered are “anonymized” or has not been provided identifiable information.  There are providers and sites that purposely collect personal information to sell to the highest bidder. 

So how do we go about protecting our online anonymity?  Users can consider using a software implementation that uses a network of servers that can effectively conceal usage and location.  This highlights the layered nature of encryption wherein a data is encrypted and re-encrypted many times over on its way to its final destination.  The process prevents undesirable elements from unscrambling and understanding the message sent.  There are several tools available in the market today including Proxy.org, JonDonym, Ultra Surf, Tor, Proxomitron, and the Ultra VPN.

Another way to protect online anonymity is to install a good software firewall. Computer users can also stick to visiting highly reliable big sites such as Disney which are committed to upholding the highest standards.  Upholding the highest standards simply means doing right with whatever information they inadvertently or purposely obtain from the customers.   There is also an option to maintain an alias email address to enable users to receive messages without revealing the true email address.

There can be no assurance of complete security based on the choice of browser used.  Each of the more popular browsers has its specific vulnerabilities that can be potentially attacked by malware and viruses.  Even software features that are supposed to provide functionality to the chosen web browser may initiate vulnerabilities in a system. 

Computer users can use several browsers by assigning one per nature of transaction.  It is important however to understand which browser supports a particular feature and their corresponding risks.  Each one has to be properly configured so as to minimize possible vulnerabilities.  Browsers are typically pre-installed in computers.  Owners of newly-acquired computers just need to learn how to securely configure them through documentation provided by vendors.  Additional information can be requested from them should the need arises. 

The Microsoft Internet Explorer (IE) browser is an application that comes with the Microsoft Windows Operating System.  Its removal is not recommended primarily due to practicability and its continued leadership in relation to the number of users.  Enabling greater security for the web browser can be done through the security tab. 

The Mozilla Firefox browser has many features similar to Internet Explorer.  There is a specific menu that can help IE users to better understand the difference between the two.  Settings for Mozilla Firefox can be edited while the corresponding options for other required changes are provided. 

The Google Chrome web browser was first used as a beta version for Microsoft Windows.  It has overtaken Mozilla Firefox as second place with the most recent study of worldwide usage share.  To date, it has managed to prevent exploitation of whatever security vulnerabilities exists.  A recent Accuvant Study ranks Google Chrome first, IE second and Mozilla Firefox third for best browser security.

Sometimes, we fail to see the solution because our eyes are too far off from the obvious.  A case in point is the protection of our computer and its system from the physical threats that are present in the environment.  Before we even think of the the intricate digital barrier we should use to prevent malware and viruses that pervade the online world from entering our system, we should be considering the measures we can use to protect our devices which contain critical information, whether personal or business.

Good old-fashioned protection is not merely placing the computer and other devices under lock and key.  It is also about considering who has access to these locks.  A high-security risk environment will exactly be such in terms of possible theft  or intrusion.  It is likewise about protection from the natural elements like water and heat and occurences like power surges and fluctuations. 

Visitors are best received away from the regular work area.  This prevents potential information thieves from being able to read computer screens, install malware on network devices, or simply being within reach of portable devices that can be stolen without being noticed.  Desktop computers that come in individual cases can be locked to prevent tampering of  internal hardware. 

Physical protection would also entail other sensible and simple acts such as locking the personal account whenever the user needs to step away from the computer and installing security cameras in areas of specific security concern.  Not many people are aware that  the manner of placement of network cables and equipments can result to a tendency for accidental loss of information. Another important aspect of physical protection is securing the access point for those using wireless networks.  Threats can come in all forms but the simplest defense is usually the most important.

Photo Source: http://www.sxc.hu/photo/1260785

IT security has always been a concern, but as we move into bigger and better technology, what are the challenges that face us? Technology changes so fast that it isn’t possible to predict exactly how things will go down, but we can prepare for as many eventualities as possible, using current challenges as a stepping stone.

Criminals have always seen the Internet as a possibility for committing more crimes, and that’s not likely to change any time soon. So, we can reasonably expect that cyber crime of all types will increase alongside technology.

Security Video: http://www.youtube.com/watch?v=t8QuUEwrKm8

Improved Technology Offers New Opportunities

Cloud computing is a big security concern for many companies, according to Security Week. A number of cloud services have popped up recently, and they offer plenty of benefits, including more cost-effective operating for large companies and increased mobility of information. It’s this mobility that can cause problems.

Back in the day, bandits often hit travelers and trains because the products they carried were valuable and they were vulnerable on the move. While the Internet isn’t exactly like the Old West, it’s a good idea to keep in mind that any time information is being sent or received, it can be vulnerable to others who may want access.

As cloud services are by definition detached from the companies that use them, physical security is an issue. Employees need to be carefully screened and checks put into place to prevent leakage of information as well as the outright stealing of data. Hackers are also a concern, and so are leaks between customers. Keep in mind that all of your information is stored along with information from other companies, making it simple for a breach to occur.

Cloud will likely grow considerably in the next decade, eliminating the need for keeping up with your own virtual storage space. However, this means that the security risks will also increase and new technology will have to be developed to keep information safe.

At the moment, 75% of attacks occur through Web applications, which show where the main problems are. This is something that will need to be fixed as the Internet and IT continue to grow. Where SaaS (Software as a Service) is provided, keep in mind that designers will need to implement more rigorous methods of keeping out the riff raff.

Photo Source: http://www.sxc.hu/photo/913770

Hackers Aren’t Going Away
At SysSec in the UK, studies have been done to learn more about security issues we currently face, as well as how they might affect us in the future. At the moment, with social media on the rise, it’s a hotbed of activity for hackers who are using new ways of attacking social media users as well as search engines.

In 2010, hacker attacks through Adobe Reader files increased by 11.7% over 2009. While most people expect attacks from .exe files, hackers have evolved their techniques to include everything from PDFs to Word files and will continue to do so to find new methods of attacking as older ones are blocked.

SysSec’s study showed that there are already major consequences attributed to simple viruses infecting everything from cars being remotely shut down by a disgruntled employee-turned-hacker to trains failing because of a virus infecting the system. Vivian Reding told the company that we are looking at a future where the consequences could be even direr, such as hospitals shutting down, trains and planes crashing, and a lack of water and electricity.

The Biggest Threats
According to SysSec, the highest risk areas for malware and fraud in the future will be the underground economy and social networks. However, while these are likely to be the hardest-hit areas, virtualization, clouds, and routing are also going to be vulnerable. The studies also show that new attack vectors and more advanced malware will be a major issue in the future.

Areas that were a concern but not considered high risk include IPv6, online games, and DNS. It’s also expected that targeted attacks, where hackers focus on a specific victim, will be an issue, though not a high-level one.

One of the main concerns is that hackers have shifted from hacking for fun to hacking for profit, and it is no longer just a nerd in a basement suite; many crime organizations are now involved in cyber crime.

How Do We Fix It?

Of course, like all problems, there are solutions. While hackers and their malware may be improving, so are our IT security solutions such as anti-viruses and firewalls. IT will be affected, but will be required to come up with new methods of preventing attacks and leaks from occurring. ICT FORWARD offers some suggestions for improving security protocols in the future in a recent whitepaper, as does SysSec. These include:

• Separation of vital information from the Internet. If it’s not connected, it can’t be hacked as easily.
• Developing new security structures to protect against high-end attacks.
• Creating attack transactions, which include large amounts of useless data to thwart hacking systems.
• Tracking systems to identify criminals and their marketplaces.

The next decade will bring more intelligent attacks, but it will also bring more advanced technology, continuing the dance of hacker vs. security.

Computer users are fairly familiar with encryption which is basically converting a readable information to what appears to be nonsense.  Encryption is directly connected to the study of techniques for securing communication known as cryptology or cryptography.  While cryptology aims for protection against adversaries that threaten confidentiality, authenticity, and integrity of data, encryption as we know it prevents unwanted people from getting hold of critical information through computer use.  Decryption is about converting incomprehensible messages to their comprehensible form.   The adversaries in this case are the cybercriminals who prey on weaknesses of computer passwords and laxness in electronic commerce. 

In order to protect themselves, computer users have to maintain a certain degree of secrecy in their activities specifically in granting or withholding their approval for online transactions.  Revealing too much personal information could pave the way for unwanted personalities to decipher protected passwords and codes.  This is the reason why people are always reminded to be selective of what information to provide and to whom it is provided. 

E-commerce usually makes use of the encryption protocol known as the Secure Sockets Layer (SSL).  This is often seen in URLs starting with “https” instead of the typical “http”.  Decryption is facilitated by the use of a “secret key”.  Encryption also concerns itself in checking the trustworthiness of the source on any message.

Operating an online business will use e-commerce one way or the other.  Encryption has made it possible for online businesses to be conducted.  Without any secure means of financial transaction, very few customers will take the risk no matter how tempting the offer.

Malware developers have a special place in their hearts for successful and popular systems, platforms and devices.  Why this is so is readily understandable.  The more successful and popular the target is, the more people are bound to be affected.  Also apparently, there is much pride in being able to penetrate what is touted to be secure and impenetrable.

Windows is said to be the king of malware being targeted by thousands of computer contaminants in the form of viruses, worms, trojan horses, spyware, crimeware, scareware, and unwelcome adware.   Google, Bing, Yahoo,Facebook and Twitter are likewise preferred targets precisely because they are all successful and popular in their own rights.  There is a growing consensus that Android is fast becoming the “Windows of Mobileware”, targeted by the same cybercriminals targeting other platforms that have since declined. 

Success and popularity as usual have their two sides, attracting patronage and attacks at the same time.  Malware attacks users through the very pathways where functionality is obtained which is primarily through the Internet.  Traditional protection are not able to stop the effects of more recent malicious attacks.  There exists a dilemma in the fact that fiercer malware are spurned faster more than solutions are produced. 

In the face of the unrelenting attacks on the most used platforms in spite of best efforts to keep them at bay, consumers are reminded to exercise caution and use common sense in their transactions.  Malicious intents always come with offers that are too good to be true.  Information requests which are obviously unrelated to the transaction  such as getting list of contacts for a game download should never be entertained.  Remember that cybercriminals will always be after two things:  your money and your personal information.