IT Security Blog

Espionage in IT

By

Think of the impact that IT has on our society, let alone the workplace. There are so many things that we can do because of it and as a tool, things could go totally wrong sometimes. It is very tempting to get the company’s confidential documents and sell them to the competing company, client information could be tampered, and so on. Calum Macleod of Cyber-Ark has shared some tips in order to avoid this in your own company.

  1. Do not expose your internal network
  2. Make sure that intermediate storage is secure
  3. Ensure that Data at Rest is protected
  4. Protection from data deletion, data loss
  5. Protection from data tampering
  6. Auditing and monitoring
  7. End-to-End network protection
  8. Auditing is required to ensure that a detailed history of activities can be reviewed and validated.
  9. Process Integrity

Think of the system you have in your company. Find out if your data is at the risk of being tampered. Ask yourself, are you auditing and monitoring? Maybe it could just be this one time of lapse wherein you let one person get out of your office with a lot of important documents. Now that is bad. You never know what this person will do with your data. Even if the person will not sell them to the competing company, the mere act of it being with that person. Are your computers safe from tampering or are they quite vulnerable? If they are quite vulnerable, it might be high time for you to change it.

You might end up having a very strict company policy when you find out that your company documents (among others) are at risk. You would want to keep your reputation when it comes to dealing with your clients. Another thing is that you would like to make sure that everything that you have is intact for your own sake (like filing away some papers). Once you have assessed the existing company policies, you could probably take a break and have a cup of coffee to help you relax a bit.

Checking it at the door

By

440984_usb_1_gb.jpg
How do you feel about the security policies being implemented by your company? Do you think you’re secure even from the visitors that drop by? Maybe the old adage about an ounce of prevention still serves us well in these days.

I once visited a company that had what I thought was a strange security precaution at the door. At first I wondered why they didn’t allow CDs, mp3 players, and other portable devices, but then it made perfect sense when I was ushered into a section with open computers and left to my own devices. Had I come in with any sort of malicious intent I could get files off the computer.

Though the term podslurping has gotten attention because of the i-pod’s popularity as the mp3 player of choice by employees, any form of removable media device can be used. Cameras, thumb drives, and mp3 players can be used to get the data without being caught. This is actually quite easy nowadays because of the plug and play feature of most operating systems. There are already programs designed to search a network and find critical data. Simply insert the device of choice to an empty USB drive, and from there anyone can download possibly highly-sensitive data. That’s why some companies limit the use of those items at work, but it’s not the best solution. There are policies that don’t have to limit the employees’ and visitors’ use of mp3 players and cameras. One is to not allow storage devices to be mounted on any computers in the system. Another would be to use encryption on files and restrict access to confidential data.
[tags]podslurping,security policies[/tags]

Mobile phone data retention issues

By

mobile phone and laptop

What happens to your old units when you buy the newest mobile phone units coming out every few months? Are you generous and give it away to a friend or relative? Or do you delete your data according to the manual and try to sell it online, earning some cash in the process? Maybe the last option appeal to you, but be warned that your erased data might not be as gone as you think.

Last month a company named Trust Digital bought ten phones from E-bay and managed to recover data from all of them. The data ranged from personal information and bank account details to company communications. They recovered all this data because smart phones today use flash memory to store information, and it’s slow to erase information from them. Such flash memory are also used in music players and digital cameras. Only a zero out reset of the device can ensure the total obliteration of data. The same issues can arise with people selling their laptops online. Software easily obtainable online can recover records of your online transactions, which can then lead to sensitive personal data.

It may seem difficult to make a profit from getting information from an old mobile phone or laptop, but seeing the rise in corporate data breaches from stolen mobile gadgets, it’s not improbable that someone would attempt to do so. The best tip in this situation is to contact your gadget manufacturer for detailed instructions on a complete data erasure. If your device has password protection, you can try to type your password incorrectly until you are notified that the action will erase all of your data.

Making backups as a part of your regular routine

By

dvdWhether you are a home computer user, a blogger, a freelancer, an office employee, making backups is an important task that you ought to schedule. After all, you never know what will happen. That is the dilemma that we all have. The moment a computer virus hits our systems or maybe some natural disaster or maybe even theft of our hardware, we could lose every bit of data.

There are different needs for each case. Take freelancers, for example. If you think about it, they have different clients, peak season for projects, etc. If you are a freelancer, how do you make backups? I know someone who makes backups every month, just to make sure that the articles are all together. There are even checklists to make sure they are intact.

For some companies that are involved mainly with graphics, they make weekly backups. It is to make sure that when their clients look for the materials, they have them immediately. They burn the files on discs so that they are handy. Aside from that, there are also some companies that have dedicated file servers. In case you have a setup wherein people could save their files on to the servers, make sure that those are the important files which are critical for your operation. It might be difficult to create a policy for such but it’s the best way to go about it.

Backups are practical. There are also news about developments in terms of optical storage media so stay tuned. These new kinds of optical storage media would impact not only those who are heavily into downloading but more importantly, the ones who are making sure that the data could be recovered in case of a security breach.

[tags]security,storage[/tags]

Virtual Private Networking: What Is Tunneling?

By


Tunneling is a method of using an internetwork infrastructure to transfer data for one network over another network. The data to be transferred (or payload) can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate internetwork.

The encapsulated packets are then routed between tunnel endpoints over the internetwork. The logical path through which the encapsulated packets travel through the internetwork is called a tunnel. Once the encapsulated frames reach their destination on the internetwork, the frame is decapsulated and forwarded to its final destination. Tunneling includes this entire process (encapsulation, transmission, and decapsulation of packets).