Archive for the ‘Website Security’ Category

HomeWebsite Security

3 Social Networking Security Tips To Keep In Mind

On March 24, 2010   /   Featured, Website Security   /   Leave a comment

Social networking sites like Facebook, Twitter, Digg and MySpace have exploded on the internet with millions of people jumping on their page several times a day. While these sites offer countless ways to interact, network and stay connected to friends and family members, it also leaves a trail of personal information all over the internet. Here are a few social networking security tips to keep in mind.

1. TMI
TMI stands for too much information and sharing too much can lead to horrendous things for your future. Some information to avoid sharing on your social networking pages include your social security number, birth date, home address, phone number, passwords, PIN numbers, bank account and credit card information.

2. Customizing privacy options
The great thing about many social network sites is that they give users far more control over their own privacy settings. Take the time to look at the settings, configuration and privacy sections to see what your options are. This allows you to get control over who sees what on the pages.

3. Beware of fake pages
A lot of people nowadays create fake pages with silly names or they will impersonate a celebrity. Many times this is all in good fun, but there are those who will create a fake identity on social sites in order to steal an identity for financial gain or to embarrass someone. Be on the lookout for anything unusual prior to giving any personal information to someone you think is a good friend.

You can never be too careful when it comes to social networking sites considering the amount of information that is unveiled. Take the social networking security tips listed here into consideration as you network and interact online today.

Read more
Back to Top

Free Email and Hosting Sites May Compromise Data Privacy

On February 23, 2010   /   Featured, IT security, Virus and Spyware, Website Security   /   Leave a comment

Companies must consider the implications of using free communications services (such as email and data hosting) on their data privacy, according to a new guide from managed security firm, Network Box.

Browser privacy and online security: a guide for IT managers (available free to download from Network Box’s website) warns companies to think carefully before using such services, and also to be aware of the privacy compromise that results from the use of some browser services. It gives companies the information they need to decide whether or not they should use free email hosting, browser and document storage services.

The guide gives IT managers information on how users are profiled using information from their browsing activity, email and document content; and guidelines on how to advise users to opt out of these services if they are dealing with confidential company information. It gives details of the security issues and benefits of the major browsers such as Chrome, Firefox, IE and Opera. It also lists the different types of cookies and how they are used; and gives advice on password management in browsers.

Finally, the guide gives IT managers steps to follow to ensure that company data is kept private. These include:

1. Select a browser and keep up to date with all vulnerabilities, updates and functionality associated with that browser so the correct risk assessment of threats can be made.
2. Only allow approved browsers to be used on any work computer, whether in the office or at home.
3. Make sure users understand what they’re signing up to when they use Internet services.
4. If you have a free email or document storage provider, you may be sacrificing some privacy rights. If you feel uncomfortable about this, find out whether you can opt out of targeted advertising; or avoid these services.
5. Be careful about what data you store on these services as some countries have regulations about where data may be stored geographically (Germany is an example)
6. Set work computers to disable third party cookies (note: most browsers will accept all cookies as the default option).
7. Ensure security systems are up to date and you have a layered security approach.
8. Check applications for vulnerabilities (such as SQL injection)
9. Ensure employees don’t use personal email accounts for work purposes.
10. Ensure employees delete browsing history regularly and clear cached information stored on computers.
11. Send out reminders to employees to change passwords regularly, and make sure they are robust. Recommend that they don’t use the ‘remember me’ feature when logging in to secure sites.
12. Be aware: make sure employees understand security risks, and avoid becoming victims of phishing attacks.

Simon Heron, internet security analyst for Network Box, says: “There is no doubt that service providers take data privacy very seriously. But there is a trade-off for using free services that some people simply aren’t aware of: in return for a free service, there is a compromise on privacy. Free mail services use automated systems to ‘read’ information within emails, in order to provide similar targeting services to advertisers. The technology to do this isn’t vastly different from scanning an email to ensure it doesn’t contain malware, but the difference comes with what the system does with the information it reads. Profiling information is often stores and used to target users for advertising. The concern is if this profiling information got into the wrong hands, it could be used for less benign activity.”

For a free copy of Browser privacy and online security: a guide for IT managers, visit here…

For more information on security issues, visit Network Box, see Simon Heron’s blog; or follow him on Twitter.

Read more
Back to Top

Secure Sites Must Stop Relying on Single Passwords – Network Box

On September 2, 2009   /   Computer Security, Security Solutions, Website Security   /   Leave a comment

Network Box

Using passwords to access online information is not secure enough, according to a new white paper from managed security company, Network Box. Authentication, who are you?, written by Network Box’s Internet Security Analyst, Simon Heron, argues that web-based services – particularly those that hold financial information – must increase security in order to protect their customers effectively.

Heron warns that identity fraud is increasing – particularly card-not-present (CNP) fraud – and yet secure access to the ever-growing number of web-based applications relies (for the most part) on the same techniques used since the beginning of IT security: user names and passwords. While a number of banks use multi-factor authentication in the form of card-sized number generators (a system that Heron argues is not sustainable on the basis that consumer would balk at carrying round the number of devices required to authenticate access to all their online accounts), most businesses still rely on user name / password combinations.

The problem is that consumers simply have too many passwords to remember, and so either use passwords that are simple to remember (and so easy to ‘break’), write them down, or rely on resetting them, using the ‘forgotten your password’ function on a website (which is often in itself insecure). Even the ‘verified by Visa’ system is not secure, says Heron: “The ‘verified by visa’ system is a basic two-factor authentication system, but if you forget your password, often all you need in addition to the credit card is your date of birth to reset the password – which is less secure than most single password systems.”

The paper also examines the pros and cons of an ‘Identity 2.0’ approach to online security: creating a single, secure identity that is recognised by a number of online entities with which a user interacts (such as Open ID), that could be authenticated in a number of ways. These systems are also not without their problems – privacy being a prime concern.

Heron says: “All companies involved in secure transactions must start working together to provide uniformity in their approach to security. This is becoming a major issue for consumers. If customers are to interact online and divulge confidential information, the company with which they’re doing business has a duty to secure that information.”

For more information on this paper visit here, For more information on security issues, see Network Box, or visit Simon Heron’s blog or follow Simon on Twitter.

Read more
Back to Top

Viruses up 300 per cent: More Threats Coming from India and Brazil – Network Box

On July 30, 2009   /   Computer Security, Security News, Virus and Spyware, Website Security   /   Leave a comment

Network Box

The number of viruses sent over email has increased by 300 percent in the last three months, according to managed security firm, Network Box.

Analysis of Internet threats by Network Box in July 2009 shows the number of viruses is at its highest so far this year, peaking at around 12 viruses per customer per hour.

An increasing number of these viruses (5.2 per cent) are originating from India, which is the fourth largest source of Internet threats behind the US (16.59 per cent), Brazil (14.11 per cent) and Korea (6.2 per cent). This is notable as it is the first time that such a significant proportion of the world’s Internet threats have originated from India.

It is unsurprising that India is making inroads as a major threat source, according to Simon Heron, Internet Security Analyst for Network Box: “India is a major economic force, with an increasing IT infrastructure and IT industry. A growing middle class with disposable income means an increasing take-up in computers and bandwidth. However, the economy remains difficult to regulate. This results in significant numbers of illegal copies of operating systems, which don’t get patched or updated. They then become infected and so in turn become sources of malware.”

Although the percentage of threats coming from the US is still high at 16.59 per cent, it has reduced from 21 per cent in June. The US has also reduced its proportion of spam slightly from 11.2 per cent to 10.2 per cent. Brazil has overtaken the US as the single biggest source of the world’s spam, now producing more than 12.6 per cent.

Heron says this is in part a result of the sheer volume of spam and malware coming from other parts of the world: “The major reason for a decreasing proportion of attacks from the US is the increase from other areas, particularly Brazil, China, Korea and India.

“However, over the past year we’ve also seen the US close down three significant data centres acting for botnets. The most notable one was McColo, but the demise of EstDomains and Atrivo has also contributed to a slow down in the number of threats coming from the US. The global picture, though, shows spam levels back to the same levels, or higher, than before these hosting companies were closed down.”

Phishing attacks have also significantly increased from last month, now making up more than 36 (36.52) per cent of all viruses, against around five per cent last month.

For more information on security issues, see Network Box, or visit Simon Heron’s blog or follow Simon on Twitter.

Read more
Back to Top

Saving Money With SFTP – The Best Way To Cut Costs, Improve Security And Achieve Compliance

On April 9, 2009   /   Security Solutions, Website Security   /   Leave a comment

Everyone is looking to cut costs in the recession, but there is one solution which many companies don’t realise has the potential to save money for minimal investment and minimal disruption, which also can provide fast ROI.

A lot of organisations still have legacy systems and are happy to live with them, given the huge upheaval and potential expense which replacement would mean. But those legacy systems have some costly aspects to them, which can easily be improved and which offer the potential for savings.

FTP file transfer from legacy systems normally goes on in the background without anyone paying too much attention to it. It’s the part of legacy systems which is below the surface and which gets taken for granted.

Many companies rely on FTP for file transfer, however there are a number of issues which make FTP ripe for improvement and offer companies the potential to cut costs and gain ROI. The solution to the problems of FTP is to use SFTP (secure file transfer protocol) instead.

The problems with FTP

* security
* compliance
* performance
* cost

Security
Built in the 1970s, FTP has become an auditor’s nightmare and a major security loophole due to clear text authentication and data transmission, anonymous access, bounce attack, use of ephemeral ports and lack of host identification.

With FTP
- you can’t use strong authentication
- you can’t use strong encryption
- it lacks data integrity

SFTP is a strongly encrypted file transfer protocol that easily traverses firewalls and authenticates the host and the client.

Performance
Performance with FTP is poor, especially with ever-increasing file sizes and an ever-increasing number of files to be transferred, resulting in too much server time being taken up and too many valuable staff tied up with file transfer administration.
Performance can be greatly enhanced with the right SFTP solution.

Cost
Server capacity and management time are crucial considerations in a recession. Because of SFTP’s potentially superior performance over FTP, you don’t need as much server capacity to do file transfers, resulting in cost savings; and you need less valuable staff to administer file transfers, again resulting in cost benefits.

As your security is improved, you won’t be at such risk of the financial consequences of security problems such as data leakage; and you will be able to avoid any financial consequences of non-compliance.

If you’ve got multiple legacy systems, then consolidating into one SFTP supplier will cut down on your maintenance and other work around those legacy systems.

Compliance
The past ten years have seen regulations and industry standards becoming increasingly important. SFTP helps organisations achieve their compliance objectives by improving security to the standards required today. It protects mission-critical information in transit, guaranteeing its integrity and preventing unauthorised access.

Improved infrastructure
Switching to SFTP, or from one SFTP supplier to another, is not just about saving money. It’s also about improving infrastructure efficiency. Replacing FTP with an efficient SFTP solution will ensure enterprises are compliant with security requirements and will at the same provide much improved performance and scalability, together with good management and reporting.

All SFTP solutions are not created equal
It’s crucial to review the choices in SFTP systems because there are huge differences in performance, which can affect the ability to gain ROI on investment.

Recent tests (December 2008) by Tolly1 reviewed three leading secure shell solutions

* Open Text Connectivity Secure Server 1.0

* Attachmate Corp. Reflection for Secure IT Server 6.1

* SSH Communications Tectia Server 6.0

Key findings were:

* Open Text delivered the highest performance and maximum scalability of the three secure server products tested.

* In tests, transferring a 36 Mb file from a server to a requesting client, Open Text Connectivity Secure Server completed the task 10x faster than Tectia Server and 24 times faster than Attachmate’s Reflection for Secure IT Server. In single session and multi-session tests, Open Text Connectivity Secure Server routinely outperformed the two other products tested.

* Open Text costs up to 12x less to support 1,000 concurrent FSTP connections than the other two solutions tested.

* Open Text completed 1,000 SFTP file transfer sessions from four PC clients on a single server while Attachmate and SSH Tectia servers failed to scale properly

* Open Text imposed less overhead on host server CPU than the other products tested

* Open Text used 9x less CPU memory than the other two solutions to complete a 36 Mb file transfer to client

Cost implications

Open Text was the only product to scale successfully to 1024 sessions. This means it can be deployed on just a single server, saving on hardware costs, space, and associated deployment and ongoing support costs.

Tolly concluded that users would spend

5,600$ to support 1000 sessions with Open Text
14,000$ for SSH
60,000$ for Attachmate

Open Text Connectivity Secure Server 1.0
Connectivity Secure Server 1.0 is a state of the art Secure Shell solution from Hummingbird, The Open Text Connectivity Solutions Group. Hummingbird was the creator of Exceed and Exceed on Demand, and the industry choice for UNIX-based applications remote access. It plugs into any TCP/IP network and offers strong authentication mechanisms, government grade encryption algorithms, and content integrity protection methods for data in transit.

Connectivity Secure Server provides -

- better performance.
- faster file transfer
- better up-time
- smaller memory and CPU consumption
- support for a higher number of simultaneous user sessions
- time-saving central administration console

Complete point-to-point security solution
Connectivity Secure Server can be used in conjunction with other Open Text (formerly Hummingbird) security products: Connectivity Secure Shell, the Secure Shell add-on for Exceed and Host Explorer; or Connectivity SecureTerm, the only web and desktop based stand alone Secure Shell client on the market. All products include FIPS 140-2 certified Hummingbird Cryptographic Module for increased security.

You can access the Tolly report here..

For queries, please contact Wick Hill on 01483 227600, web www.wickhill.com

A Wick Hill/Open Text Connectivity Solutions Group (formerly known as Hummingbird) white paper. By Ian Kilpatrick, chairman Wick Hill Group

Read more
Back to Top
Page 2 of 212

Extra Security

FREE Security Updates

Enter your email address:

Delivered by FeedBurner

Best Security Sites

Computers Business Directory - BTS Local TopOfBlogs