Why would you want to use this application? The fact is the black hats often use this to mirror a given site in order to review the content for anything that may be of value. This concept falls into the area of information gathering. So you may be asking your what possibly could be of value that a black hat may be able to exploit. Well the answer is simple. It could be anything from comments in HTML, configuration files, documents, and really anything that may be sitting on the network. I cannot tell you how many times I have seen individuals use web servers and FTP sites as a file drop and not use proper security controls or worse never delete the file that was supposed to be a temporary drop.

[ Download GNU Wget ]

Working Example

For this tutorial I will be using my own website.  I also will be using Backtrack which is a Linux distro used for penetration testing. I will not be covering how to download, install, and configure Backtrack rather once you have the distro running perform the following steps.

Open a console

Create a directory named webmirror

mkdir webmirror

Change into the directory of webmirror

cd webmirror

Executing WGet

There are a number of options with HTTP and you can view the help file by executing WGet with the –help switch.

The switches I will be using are “–mirror -w 1 -p –convert-links -P”. Of course I will save the mirrored website to the folder created earlier which was webmirror.

Return to you console and execute the following command:

wget --mirror -w 1 -p --convert-links -P /root/webmirror/GNU http://www.gnu.org/

The console will output status as Wget is running.

Depending upon the size of the website the amount of time can take anywhere from minutes or hours. After a few minutes go ahead and type Ctrl-C to interrupt and stop the mirroring process. At this point you will have a local copy of the target.

Conclusion

As you have experienced mirroring a website is a very simple process and now you have an exact copy of the target. From here you can begin your review process looking for anything of value that leads you to the next door. Be sure to exercise good judgement and remember that hacking any resource that you do not have permission to is a crime!

The Microsoft Assessment and Planning (MAP) Toolkit 8.0 is an inventory, assessment, and reporting tool that helps you assess your current IT infrastructure and determine the right Microsoft technologies for your IT needs. The MAP toolkit uses Windows Management Instrumentation (WMI), Active Directory Domain Services (AD DS), SMS Provider, and other technologies to collect data in your environment and inventories computer hardware, software, and operating systems in small or large IT environments without installing any agent software on the target computers. The download is free, but it has a laundry list of prerequisites: .Net framework, Windows Installer version 4.5, .Net Framework 3.5 SP1, Microsoft Office, machine can’t be a domain controller, and so forth. The installer will also try to download and install SQL Server Express if you don’t already have it on the system.

MAP is an ideal assessment and planning tool for the following:

• Discovery of computers and applications
• Hardware and software readiness migration
• Capacity planning for server, desktop and virtualization projects
• Public and Private Cloud capacity and migration planning
• Software usage tracking

Once you install it in your environment, MAP takes an inventory of the systems found on the network and uses templates of recommended settings to determine if the systems inventoried will meet the requirements for the application you are working to deploy. Upon starting the MAP toolkit, you will need to create a database to store inventory information or use an existing database.

The MAP Toolkit takes inventory of what you already have, performs hardware and software compatibility analysis (operating system and device drivers but not applications), lets you know what antivirus and antimalware products are running on all those systems, and reports the results, in .DOCX and .XLSX formats.

The beauty of MAP is that you can easily run scenarios against your infrastructure to help determine the road map for upgrades and gaps within the infrastructure.

Desktop

Database

Once you have ran the inventory you can dive deeper into the details and generate reports in either Word or Excel.

I hope you find MAP useful.

There are four goals of cryptography, these are:

1. Privacy
2. Authentication
3. Integrity
4. Non-repudiation

Now one thing that you need know is while the data in encrypted those same files and folders can be deleted by anyone how is assigned to the administrator group. It is also worth mentioning that these encrypted files or folders do not maintain the encryption while in transit.  In other words, if you are going to email a file or copy to an external drive you lose the encryption. EFS encryption doesn’t occur at the application level but rather at the file-system level; therefore, the encryption and decryption process is transparent to the user and to the application.

The process of getting ready to encrypt your files and folders is fairly simple and anyone can do it. Finally I highly suggest that you take the time to archive the file encryption key and kept in a safe place to ensure recovery should keys become damaged. Face it, what good it is to encrypt you data if you are not able to decrypt it in a pinch.

Encrypting Files and Folders

To get started open Windows Explorer. For the purpose of this article I will be using a folder named secret stuff. Once this folder has been created go ahead and right click on the folder secret stuff.

Next, click the advanced button.

Place a check-mark in the box titled Encrypt contents to secure data.

At this point you folder is encrypted and you will notice that the named of the folder is now green in color which indicates encryption.

At this point you are ready to begin copying or moving you sensitive files into this encrypted folder. To demonstrate that the encryption works on the fly I will take a Word, Excel, and text document that is not encrypted.

Now we are ready to copy these three files into the folder Secret Stuff. Once I have done so you will now notice those files are now also green in color.

If you find yourself in a position where you have encrypted data and the individual is no longer around or if you are not positive who performed the encryption you can use EFSDump to access this detail.

Upon executing efsdump.exe we can then determine the user account which performed the encryption and in this case, Steven.Swafford was the individual in question.

Provide Other Individuals Access

This will only work if the individual has logged into the computer where the encryption took place.  The individual does not necessarily have to have a local user account and in fact the individual can be any account, say from a domain, that has access to the computer in question. The process of granting individuals access to the folder or files is no different than the typical security grants accomplished in Windows.

Just take caution and only grant individuals access who have a valid need and remember the idea of least privilege.  In other words only grant the level of access that is needed to complete a given task.

Backing Up File Encryption Certificates

This step is one that you must absolutely take otherwise you run the risk that any data that has been encrypted may be lost forever. To begin this process go to Control Panel -> User Accounts in Windows 7. Once you have launched User Accounts you will be presented a dialog and from here you need to click manage your file encryption certificates.

At this point follow the wizard.

Conclusion

By leveraging encryption by way of EFS you add on to the NTFS security layer by effectively scrambling the contents of that data so that it can be read only by someone who has the encryption key to decipher it. Just being an administrator of a system is not necessarily going to allow you to gain ownership of the data and the control to access it because now you’d need the key to unlock / decipher the data as well. This is a simple no cost solution that can bring that additional layer of security into play. Just be sure you take the appropriate measures and backup the data and certification in case you need to recover down the road.

The Typical Tactic to Cybersecurity

The modern day challenge of cybersecurity is a daunting one to say the least. I would argue that the definition of critical infrastructure (CI) has changed over recent years and the fact is ever facet of modern day society reaches the level of being labeled as critical. Of course, there are obvious exceptions, but the fact remains that we as a nation have come to point where we expect technology to simple work and protect us.

There is actually a mechanism that a process could be defined using the framework of the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). Figure 1 is a high-level overview of the DICAP process and this process may be titled Critical Infrastructure Assurance Certification and Accreditation Process (CIACAP).

Figure 1: DoD Information Assurance Certification and Accreditation Process (DIACAP)

The question that is important to ask is a simple one. Do we really need more frameworks or best practices? For example, the Federal Information Security Management Act (FISMA) was enacted in 2002 and this act was designed to promote the development of key security standards and guidelines. It was just a few years ago that the Office of Management and Budget (OMB) placed the Department of Homeland Security (DHS) in charge of collecting metrics and reporting progress (OMB, 2012). While there were noticeable gains in compliance, see table 1, the obvious data that is missing is how these gains in compliance prevented any cybercrime.

Table 1: FISMA Capabilities from FY 2010 to FY 2011 (OMB, 2012)

Cybersecurity Approaches

To approach the cyber threat we must first look to the past. Only then can the landscape begin to come into focus. One specific area that presents a unique opportunity is that of cloud computing because this technology stack is still somewhat new and security can be baked in now to ensure the design of cloud computing is secure up front. Cloud security is not an easy subject to tackle mainly because the users do not own the hardware and therefore there are no real controls (Fei, Meikang, Jiayin, Grant, Tylor, McCaleb, & Hamner, 2011). There are protocols such as Service Agreements (SA) and encryption that can facilitate how security is applied in a case by case basis.

The elephant in the room is that consumers of Information Technology (IT) demands that products all demonstrate performance, usability, application compatibility, and of course security. The problem is no product can ever be 100% secured. Since security is and always will remain critical, accepting the fact that the security threshold of 100% will never be achieved, only then can we find solutions. For example, one the understanding of why security fails can provide a roadmap of why security failed. At this point tools and process can be established to either eliminate or make the vulnerabilities difficult to exploit. At the end of the day, security must make the transition from reactive to proactive if cybersecurity is ever to be truly successful.

Tools and Technologies

The question to ask is does the cyber domain provide the capability for an individual, a group, company, country, and etc. to carry out either securing or penetrating a network. The answer is yes! There is no shortage of tools and technologies that can be employed to provide defenses against a possible attack. These include firewalls, intrusion detection system (IDS), intrusion prevention system (IPS), virtual private networks (VPN), and network address translation (NAT). While tools and technologies server a specific role and fulfill the security need at the end of the day the human factor is ultimately what drives success or failure (Al-Wahaibi, Ithnin, & Al-Badi, 2011).

Penetration Testing

This type of testing can both provide positive and negative results depending upon the outcome, but the fact remains that the conclusion will greatly assist in hardening open security holes. There is a variety of high quality open source security tools available, for example:

1. Network Security Toolkit: This bootable ISO live CD/DVD (NST Live) is based on Fedora.
2. OSSIM: The most widely used SIEM offering.
3. Nessus: Leverages credentialed and uncredentialed computer scans.
4. Snort: Snort is an open source network intrusion prevention and detection system (IDS/IPS).
5. Metasploit: Helps security and IT professionals prevent data breaches by efficiently conducting broad-scope penetration tests, prioritizing vulnerabilities, and verifying controls and mitigations.

Securing Critical Infrastructure

Thinking out of the box the idea of Trusted Platform Module (TPM) and creating a secure operating system (OS) that provides benefits in a variety of aspects. Why would anyone want to create any OS when companies like Microsoft have done this? The answer is simple, everyone can purchase and pull apart the OS and exploit vulnerabilities. Just a few short years ago it was disclosed to Congress that they Chinese had developed a hardened OS based upon FreeBSD that was said to be impenetrable to intelligence agencies (Homeland Security Newswire, 2009). While it is not always feasible for corporations or government entities, the idea is sound and deserves further investigation. The OS could be a combined effort of both the public and private sectors that is shared in order to secure critical infrastructure.

The Role of the Government

First, the question that must be asked and answered is what role does the government play in cybersecurity and should the government be the driving force? In my opinion the answer is no. This is not to say that the government does not have a strong interest, but the government should work alongside the private industry rather than regulating the industry. History has proven that regulations typically do not always work. Vulnerabilities in our nation cyber infrastructure is nothing new and in 1998 President Clinton initiated Directive 63 which was to tackle the growing problem of cyber systems (Heilbrun, & Brown, 2011).

Here we are 15 years later and just recently, President Obama signed an Executive Order that improves cybersecurity in the area of CI. On the surface this order sounds well intended, but it reality does nothing. Within this Executive Order, there are twelve sections (The White House, 2012), two of which go back to the dated idea of establishing and implementing a framework. Do frameworks work? The answer is no, FISMA and PCI both are examples that obviously have failed. For example, in 2008, 120 million credit cards were breached at Heartland Payment Systems and in 2012; MasterCard and Visa feel victim to a breach, which resulted in 10 million credit cards being exposed (Armerding, 2012). The answer is a strong partnership between both the private and public sectors.

Standards and Best Practices

Turning attention back to FISMA the act was not a bad idea rather it was implemented poorly. To understand security and the risks that are involved there must be a type of risk management framework (RMF) that drives actions and activities. Hulitt & Vaughn, 2010) cite a RFM that was designed from the National Institute of Standards and Technology (NIST). The idea here is to define a RFM that is truly applicable across the spectrum. The differences are in the details of how the risk is scored and this can be done via elements such as Annualized Loss Expectancy (ALE), Single Loss Expectancy (SLE), and Rate of Occurrence (ROE). By taking this approach, various industries can work together and standardize how risk management can provide the venue to tackle cyber threats.

At this stage, organizations are on a level playing field in terms of risk management and the decision process. Here we begin to see that while the technologies differ as well as the business needs, we also begin to see commonalities within the security domain that can go a long way to help others plug security holes.

Conclusion

The cyber threat is very real and evolving with each passing day. While the past efforts to define defenses have partially worked, the fact remains that across the board they have failed for one reason or another. The time for change is now and this change demands that all organizations work together for the greater good and this is accomplished via tools, technologies, frameworks, risk management, and most importantly information sharing.

References

• Al-Wahaibi, S. K., Ithnin, N., & Al-Badi, A. H. (2011). Information Security Solutions Status and the Roadmap for Future Requirements. Journal of Information Assurance & Cybersecurity, 20111-7. doi:10.5171/2011.664951
• Armerding, T. (2012). The PCI effect — for better or worse — following Global Payments breach. CSO Online. Retrieved from http://www.csoonline.com/article/703182/the-pci-effect-for-better-or-worse-following-global-payments-breach
• Fei, H., Meikang, Q., Jiayin, L., Grant, T., Tylor, D., McCaleb, S., & … Hamner, R. (2011). A Review on Cloud Computing: Design Challenges in Architecture and Security. Journal of Computing & Information Technology, 19(1), 25-55. doi:10.2498/cit.1001864
• Heilbrun, M. R., & Brown, I. (2011). Cybersecurity Policy and Legislation in the 112th Congress. Intellectual Property & Technology Law Journal, 23(12), 14-20. Retrieved from http://www.aspenpublishers.com
• Homeland Security Newswire. (2009). China deploys secure computer operating system. Homeland Security Newswire. Retrieved from http://www.homelandsecuritynewswire.com/china-deploys-secure-computer-operating-system
• Hulitt, E., & Vaughn, R. B. (2010). Information system security compliance to FISMA standard: a quantitative measure. Telecommunication Systems, 45(2/3), 139-152. doi:10.1007/s11235-009-9248-8
• OMB. (2012). Fiscal year 2011 report to Congress on the implementation of the Federal Information Security Act of 2002. Office of Management and Budget. Retrieved from http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/fy11_fisma.pdf
• Ouedraogo, M., Khadraoui, D., Mouratidis, H., & Dubois, E. (2012). Appraisal and reporting of security assurance at operational systems level. Journal of Systems & Software, 85(1), 193-208. doi:10.1016/j.jss.2011.08.013
• The White House. (2012). Executive Order — Improving Critical Infrastructure Cybersecurity. The White House, Office of the Press Secretary. Retrieved from http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity

Toolkits

1. Network Security Toolkit: This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, geolocation and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.
2. OSSIM: The most widely used SIEM offering, thanks in no small part to the open source community that has promoted its use. OSSIM provides all of the capabilities that a security professional needs from a SIEM offering, event collection, normalization, correlation and incident response – but it also does far more. Not simply satisfied with integrating data from existing security tools, OSSIM is built on the Unified Security Management platform which provides a common framework for the deployment, configuration, and management of your security tools.

Wireless

1. Kismet: An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

Network Monitors

1. Nessus: Leverages credentialed and uncredentialed scans; patch, configuration, and mobile device managers; external repositories; website reputation; and global threat intelligence to reduce risk and protect sensitive data.
2. The Multi Router Traffic Grapher: You have a router, you want to know what it does all day long? Then MRTG is for you. It will monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface.
3. Snort: Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.
4. BASE: Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly.
5. Metasploit: Helps security and IT professionals prevent data breaches by efficiently conducting broad-scope penetration tests, prioritizing vulnerabilities, and verifying controls and mitigations.

File Transfer

1. WinSCP: An open source free SFTP client, SCP client, FTPS client and FTP client for Windows. Its main function is file transfer between a local and a remote computer. Beyond this, WinSCP offers scripting and basic file manager functionality.

Cryptography

1. Keyczar: An open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys.
2. GnuPG: The GNU project’s complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.
3. TrueCrypt: Software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).
4. AxCrypt: Open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.

Networking

1. Nmap: A free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
2. WireShark: Using Wireshark, you can take a look at all of the traffic that passes over your Ethernet network.
3. Angry IP Scanner: An open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features. It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.  It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.

Passwords

1. KeePass: A free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
2. Password Safe: Whether the answer is one or hundreds, Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single “Master Password” of your choice in order to unlock and access your entire user name/password list.
3. KeePassX: Saves many different information e.g. user names, passwords, urls, attachments and comments in one single database. For a better management user-defined titles and icons can be specified for each single entry. Furthermore the entries are sorted in groups, which are customizable as well. The integrated search function allows to search in a single group or the complete database.

Commit to Memory

Just remember the following phrase and you can easily recall the OSI model layers – All People Seem To Need Data Processing.

Installation Process

The ideal installation is a single server that is solely for the database itself. The worst thing you can do is to install SQL Server alongside the web application server, domain controller, proxy server and so on. This may not always be feasible, but you should make every effort to separate the various services and products that you intend to run. By doing so should the server become compromised you are afforded a greater level of protection.

During the install process there are a number of services, protocols, accounts, and file system modifications that occur. Each of these areas you must take note of and be sure that you disable any feature that you do not need. For example, the default administration account is known as SA and good practice is to rename this account to something that is unique to you. By doing so you make it that much more difficult for a hacker to gain administrative access to your database.

Patch Management

A patch is a piece of software designed to fix defects with a specific computer program. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, some can sometimes introduce new problems. In some special cases updates may knowingly break the functionality, for instance, by removing components for which the update provider is no longer licensed or disabling a device. The first thing you should do is head over to the SQL Server support updates site and ensure that the version of your database is still supported as well as planning out how you will distribute and apply patches.

Authentication

There are a number of core mechanisms in which to approach authentication in SQL Server, these are:

• Windows authentication mode: under this mode there is no need to specify a login name and password to connect to SQL Server. Instead the access to SQL Server is controlled by the Windows account. Database administrators can grant access to the database to the user or the user group specified in the Access Control List (ACL) that is provided by the operating system. Under this security mode, SQL Server managers users by their individual Security Identifiers that is maintained by the operating system.
• Mixed mode: users can establish a connection to an SQL server either using Windows authentication or SQL Server authentication. Under this authentication mode, the user supplies the required SQL Server login and password when connecting to SQL Server. If the user does not specify an SQL Server login name and password, or request Windows Authentication, the user is then authenticated using Windows Authentication.
• Mapped to certificate: Indicates that this login is associated with a certificate. Use the CREATE LOGIN statement to create a login mapped to a certificate.
• Mapped to asymmetric key: Indicates that this login is associated with an asymmetric key. Use the CREATE LOGIN statement to create a login mapped to an asymmetric key.
• Mapped to Credential: Indicates that this login is associated with a credential.

Access Control

Providing access to objects in the database are managed by granting the proper permissions to individuals or by defining user roles. A role is a group to which individual logins/users can be added, so that the permissions can be assigned to the group, instead of assigning them to all individual logins/users. There are three types of roles in SQL Server:

• Fixed server roles: these are server-wide roles. Logins can be added to these roles to gain the associated administrative permissions of the role.
• Fixed database roles: each database has a set of fixed database roles to which database users can be added. These fixed database roles are unique within the database. While the permissions of fixed database roles cannot be altered, new database roles can be created.
• Application roles: after creating and assigning the required permissions to an application role, the client application needs to activate this role at run-time to get the permissions associated with that application role.

SQL Injection

This is a technique which exploits vulnerabilities in input validation to run unwanted commands on the database. SQL injection can occur when the application uses input to construct dynamic SQL statements to access the database. It can also occur if the code uses stored procedures that are passed strings containing unfiltered user input. Usually this attack affects applications that incorporate non-validated user input into database queries. Particularly susceptible is code that constructs dynamic SQL statements with unfiltered user input. The following SQL statement is one that far to often will be seen and it is vulnerable to this attack.

SELECT OrderID, CustomerID, ShipAddress, ShipCity, ShipPostalCode
FROM Orders
WHERE (CustomerID = '" + customerid + "'";)

To prevent this attack all data input must be validate before sending the request over to the database. Another important component of preventing this type of attack is the use of SQL parameters.

using (SqlConnection connection = new SqlConnection(connectionString))
{
DataSet userDataset = new DataSet();
SqlDataAdapter myCommand = new SqlDataAdapter(
"SomeStoredProcedure", connection);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
myCommand.SelectCommand.Parameters.Add("@customer_id", SqlDbType.VarChar, 11);
myCommand.SelectCommand.Parameters["@customer_id"].Value = Customer.Text;
myCommand.Fill(userDataset);
}

In this example, the @customer_id parameter is treated as a literal value and not as executable code. Also, the parameter is checked for type and length. In the above example, the input value cannot be longer than 11 characters. If the data does not conform to the type or length defined by the parameter, the SqlParameter class throws an exception.

Conclusion

There is so many different security approaches that you must take into consideration when you are standing up your database. Each install and environment differs and there is no magic bullet that will provide 100% security. Be sure to look within your own organization for guidance and you may find that there are policies and procedures in place to help you. It is also important to understand that once your installation and configuration is complete, your job does not end there. Security is not a one-time action rather it is a daily activity.

The Mafia is one such organized crime group that uses cyber-attacks to fund their criminal activities according to an U.S. Attorney from the state of Florida. This U.S. Attorney filed criminal charges against a Mafia family charging them with stealing data from Lexis-Nexis. In the case with Lexis-Nexis the crime targeted the organization’s databases in order to steal customer information in order to conduct identity theft. While the act of this cyber crime is all too familiar, the sad truth of the situation was that the Federal Trade Commission (FCC) charged Lexis-Nexis with not having sufficient security measures in place. To understand the impact of organized crime, 70 percent of malware is born out of organized crime groups whereas in the recent past a single or even a small group produced malware or viruses and this trend will likely only continue to increase.

HackerProof: Your Guide to PC Security is a 53 page guide provides an objective, detailed, but easily understood walk through of PC security.

The Internet is the perfect storm for organized crime and the opportunities abound. Consider for a moment gambling, drug trade, stolen goods, financial fraud, and extortion and it starts to become clear that the underbelly of the Internet clearly is a substantial threat. These type of attacks are global and to outline the severity here are the top ten countries that reported cyber crimes in 2011.

During the course of my research, I came across a number of articles and papers that speak to the organized crime threat to organizations. I feel it is important to understand that organized crime is not the traditional groups that come to mind, but today include LulzSec and D33Ds Company as well as many others. I would even include state sponsored attacks in this group. Here are a handful of examples.

• July 2012, more than 450,000 usernames and passwords were stolen from Yahoo.
• In 2011 the group LulzSec targeted Amazon, eBay, Fox news, and most notably was the Sony Playstation network where they not only stole username and passwords, but Sony’s network was down for three weeks.
• In 2006 a Chinese hacker stole documents from Ford Motor Company

These examples are not all-inclusive, but it does paint the picture that Corporations are under attacks and will likely continue to be in the cross hairs of organized crime for some time to come. In terms of revenue, Symantec Corp estimates on average a breach costs organizations $5.5 million and Verizon security found organizations with less than 100 employees suffered and average cost of $188,242 per incident.

When it comes to effective measures to combat this threat I would like to think that there are protocols in place but I fear that security all too often takes a back seat until it is too late.

There are steps you can take to protect yourself and a strong patch management program will greatly help. In reality all software have defects that can be exploited. Vendors typically release patches as they become available and for this reason you should always update any and all patches. Of course this is easier said than done in large organizations for a number of reasons but again the key is to implement a patch management program.

References

• Bequai, A. (2001). Organized Crime Goes Cyber. Computers & Security, 20(6), 475. Retrieved from http://www.sciencedirect.com
• Fitzgerald, M. (2009). Organized cybercrime revealed. CSO Security and Risk. Retrieved from http://www.csoonline.com
• McMillan, R. (2009). LexisNexis warns of breach after alleged mafia bust. Network World. Retrieved from http://www.networkworld.com
• Harrison, S. (2012). Cyber Crime: A global threat. Financier. Retrieved from http://www.financierworldwide.com
• IC3. (2011). 2011 Internet Crime Report. Retrieved from http://www.ic3.gov/media/annualreport/2011_ic3report.pdf

Being that I am security conscious I do not see any issue at this point in time with the ibotta application, but that could change later should I do a deeper dive in what this application actually does. My initial thought this is no different than those grocery store discount cards that track you shopping patterns. At the end of the day it is data and in today’s digital age data is worth its weight in gold.

The ibotta interface as depicted above is very easy to use. In fact today was my first experience with this application and I had read in the app reviews some individuals had problems with taking a picture of the receipt but in my case it was simple. Just make sure you use plenty of light, keep a steady hand, and capture the complete receipt. Once I submitted my receipt within a few hours, I had was awarded the $2.50. If you’re curious about this app, be sure to check out ibotta firsthand for yourself.