IT Security Blog

Managing Your Passwords

By

passwordmanagerscreen.jpgAre you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Office policies and IT security

By

office compliance

In every office, you have to have some policies when it comes to sharing of files and downloading of files. Why? For one thing, those computers are the company’s resources. And it should be that during work hours, people ought to limit their downloads except for materials that are necessary for their work to get done.

How do you formulate your policies when it comes to these matters?

If you are working in a creative environment, anything could be used as your inspiration. That is why there are companies who allow surfing within office hours and it does not really matter what sites you visit. Although some of them do block some sites that are mainly of the personal nature like Friendster, My Space and other similar sites. There are also some that ban blogging services like Blogger. They would even issue memos regarding the matter.

If you work in a strictly confidential project, it would be difficult to try to make sure that nothing leaks out. If you are connected via the Internet, chances are your works could be intercepted in one way or another by hackers. So you have to be careful that you have firewall activated. As others would say, just block off everything except interoffice email.

Employees must be briefed carefully so that they will not be surprised in case they were surfing the ‘net one time and they find out that there are blocked sites. Also, you have to make sure you observe how the employees work. Those in the financial business would have to guard a lot of information. They would have to ensure that the employees understand the policies and that they would follow them in order to ensure that everything will be secure. After all, it is better to be safe than sorry. You would not want to lose your valuable clients.

Teaching people about IT security

By

teaching about it security

In general, teaching people is a difficult task. You have to carefully plan on how to address them and be relevant. Each person would have different needs. Whether you plan to teach your staff and employees, or your family and friends, you have to brace yourself.

Some of the factors that would affect how you would teach them about IT security are as follows:

  • the person’s experience with computers
    Has the person used a computer before? What has the person done so far? Install an operating system? Used some particular applications like word processing software or a web browser like Internet Explorer?
  • the person’s experience with going online
    Each of us would have had different experiences when it comes to our online presence and habits like downloading, checking email and the like. When it comes to downloading materials be it online textbooks or anything else, it would be good to take a profile of the sites the person uses as resources.
  • enthusiasm
    Whether you believe it or not, enthusiasm could affect the reception of the person to ideas and all that. Talking about security is not exactly the same as talking about your favorite car or favorite pet. Unless you think you could gush about firewalls and all those details, that is. Then again, it depends on the person’s experience, as said before.

No matter how easy or difficult it could be, no matter what background the person has, this is an important thing to learn. You are the one who can do it. May you teach them well.

Encryption – Why people shun away from it even now? (Part 2)

By

If you happen to be a small or medium scale company that cannot afford multiple data stores and infinite numbers of mirrored hard drives, that becomes a problem. An encrypted hard disk in a laptop that gets banged up damaging the hard disk may still have some of the information intact enough for recovery but damage some of the vital keys and software and you are left hanging by a thread or down in the gutters. Data recovery is possible but only through expensive methods with the hard disks being opened up, the platters extracted and installed into another similar hard disk for data extraction. Only the military and federal government would have enough cash to burn in terms of data recovery at that level for the price is computed in the amount of megabytes recovered and on a per hard disk basis, and imagine a 1 terabyte drive at say $50/MB then you’d be scratching your head by now, and that’s just for a single drive.
The risks of identity theft and information leakage is real but the technology is still quite prone to failure even with today’s quad-core which is why we didn’t discuss the performance issue in the discussion. Today’s multi-core processors are capable of handling complex tasks such as real time encryption and decryption as if there was nothing happening on the background. The performance issue has been addressed by more powerful microprocessors but the reliability of the hard disks which stores the information and even the CD’s are still quite weak. Till there is more definite proof that all parts of the computer has reached such a reliable level that failure is a less of a factor more people would still retain their own proprietary security measures (birthday passwords, flash thumb drives that always get lost and physically carrying their discs with them).

Disks???? What Disks?????

By

In the news, the British Prime Minister Brown has expressed concern regarding the recent security breach that left about half of the British population’s addresses and banking information out in the open, well somewhere out there. The said information was lost while in-transit through the British Post system contained within two computer data disks. This headline dated November 21’st of this year highlights the need for greater security with regards to the handling and safekeeping of vital personal information.
lostdata.JPG
The event happened when a Junior official of the British Government’s Finance Department downloaded the information off a government website for use on another agency. It was then sent through courier service to that agency which was not named but when the disks didn’t arrive after a few days alarm bells started to ring and the police was brought into the investigation to help with the case. The problem was so great that the British Prime Minister apologized to the British public when speaking in Parliament much to the disgust of the MP’s and the public in general.
This event sparks new urgency in the way we handle and treat information even those categorized as personal. The information that was lost had information that was needed for the processing of millions of child and senior benefits support processing which is expected to result in outrage and disgust among many of the affected individuals.
Government’s from around the world spend millions of dollars in safeguarding information of all sorts and questions do arise from such cases such as why a junior officer had access and was even allowed to copy the said information out of a government server down to computer disks.

Firewalls and Wide Area Network (WAN ) Intrusions

By

Experiencing connection problems and slow transfer of data may occur at any given time for most networks. While most would immediately identify the network cards, computers, cabling or network configuration at first, the presence of unknown processes of the operating system or possible intrusions such as DOS or Ping attacks can also be considered as possible factors for the deteriorating speed issues for network administrators.

Firewalls

Such instances are only normal, especially for wide area networks, or networks exposed to the Internet. The mischief caused by such people can be expected, especially for people who love to try their talent in hacking and network intrusions. The prize of which is that of creating discomfort and headaches for companies that thrive on networks for business and profit.

While there are network monitors available, it would be best to get the best firewall software there is today. Some do not value the firewalls and their use until such issues arise, but just like the war on terrorism, it would be best to take on security measures before they occur to avoid bigger problems once their mischief succeeds.