May 18, 2015
A sniffer attack involves capturing, inspecting, decoding and interpreting the network packets and information exchanges on a TCP/IP network. It aims at stealing unencrypted information, such as user IDs, passwords, email text, transferred files, credit card numbers, network details etc. It is also referred as a passive cyber-threat as the attacker is usually invisible and difficult to detect on the network.
Types Of Sniffer Attacks
- LAN Sniffing: In this, the sniffer software is installed on the internal LAN to scan the entire network exhaustively. This helps to provide further information such as server inventory, live hosts, open ports etc. Once all the details are gathered, the hacker may launch a port-specific attack.
- Protocol Sniffing: This method involves creating separate sniffers to carry out attacks on different network protocols. For instance, if a hacker sees UDP packets in a network, a separate sniffer is started to capture information.
- ARP Sniffing: The hackers steal all the important information related to the IP addresses and its associated MAC addresses. This data is further used to initiate packet spoofing attacks, ARP poisoning attacks or exploit vulnerabilities in the network router.
- TCP Session Sniffing: This is a basic sniffer attack in which the hackers get hold of the traffic between the source and destination IP address. They target details like service types, port numbers and TCP sequence numbers to create and control a fabricated TCP session.
- Web Password Sniffing: In these sniffer attacks, the hackers penetrate the HTTP sessions that do not use secure encryption. Following this, the user IDs and passwords can be stolen and used for malicious purposes.
Tips To Protect Against Sniffer Attacks
- Enable a WPA or WPA2 encryption for your router. Also, make sure you change its default password to limit access to your network. Use a long and secure password consisting of numbers, uppercase letters, lowercase letters and symbols.
- Use MAC filtering on your network. You must allow only trusted MAC addresses to access your private VPN, thus, reducing the chances of a sniffer spying on the network.
- Ensure that the important sites you use, particularly those that involve making financial transactions, have SSL (Secure Socket Layer) encryption. If a site is SSL enabled, it will have a URL beginning with HTTPS instead of HTTP.
We, at Centex Technologies, can assess and implement advanced cybersecurity measures in your organization. For more information, you can call us at (855) 375 – 9654.
May 11, 2015
Local citations are a critical component through which search engines like Google, Yahoo, Bing etc., determine the location based ranking for a business. In addition to having citations on credible and well-indexed websites such as Yellow Pages, Yelp, BBB, Foursquare etc., it is equally important to have business listings on service specific portals.
How Do Local Citations Work?
While determining your ranking for local search results, Google crawls through various sources on the web to search for “mentions” of your business. Search engine spiders look out for information like business address, phone number, website URL etc. and compare this data with the information provided on your website and Google+ page to verify its legitimacy. Generating local citations is particularly important for small businesses as they can benefit from high local search engine ranks and can compete with major players in the industry.
Why Is It Important To Keep Citations Consistent?
One of the major factors determining your website’s ranking in search results is the consistency of information provided in local citations. This includes business’ name, address and phone number (NAP), across all the citations. Besides basic business information, operating hours, modes of payment accepted, website URL should also be kept consistent. Any incorrect information is likely to reduce your potential customers, either through the wrong contact details or Google suspecting your business’ reliability and giving it a lower rank. The wrongly entered information may also spread quickly over the internet by robots and crawlers, thus, multiplying the effects of the error.
Tips For Maintaining Consistency In Local Citations
- Decide on your exact business name and use it throughout all references over the internet.
- Use a single phone number as your business’ primary contact. If you have a toll free number, use it as a secondary option. If there is only one option, always provide the local number.
- Make sure to enter your complete address, including correct suite or unit number (if applicable), city as well as zip code.
- Confirm that all abbreviations are in the same format for all business listings. For instance, Ltd should not be replaced with Limited.
Having real and consistent local citations can result in scoring huge points and achieve a higher ranking in local search results.
April 29, 2015
Web app attacks are among the most common types of data breaches posing serious threat to a business’ cyber security. These attacks can jeopardize the functioning of your website, inhibit its performance and in most cases, crash the website completely. As most web applications run in the browser, any potential security flaw can permit hackers to exploit the vulnerabilities in the apps and damage the business website.
Common Web App Attacks:
- Cross-Site Scripting (XSS): These attacks use a vulnerable web application to send malicious client side code to be executed by the end user. Once this is done, the hacker can have access to browser’s session tokens, cookies and other sensitive data.
- SQL Injections: This type of attack manipulates the vulnerabilities in the web apps in order to gain access to the databases and other information that they hold. These may include things such as email addresses, names, telephone numbers, postal addresses, bank account information, credit card details etc.
- Directory Traversal: It is a form of HTTP attack in which the cybercriminal installs malicious software on the web server. If the attempt is successful, the hacker can have access to the restricted directories and execute commands that are outside of the server’s root directory.
- Remote Command Execution: This allows the hacker to execute remote and random commands on the host computer through a vulnerable web application. These attacks are largely possible due to insufficient input validation.
Counter Measures Against Web App Attacks
- Set Safe Permissions: Most often, the web apps are attacked due to the preventable vulnerabilities present in them. Make sure you set safe permissions for your files so that they can be written or executed only by the web server.
- Scan For Vulnerabilities: This is extremely important to identify the potential vulnerabilities in your application that may make it open to cyber-attacks.
- Use Application Firewall: Installing and regularly updating firewall can also provide an added layer of defense against web app attacks.
- Restrict Unauthorized Users: Make sure that the write access to your files should be given to a limited number of users. This is applicable both for the server side and web app backend.
We, at Centex Technologies can help you evaluate and implement web app security measures in your organization. For more information, you can call us at (855) 375 – 9654.
April 24, 2015
With online businesses wanting to create better and seamless user experience, a lot of companies are opting for websites with an infinite scroll. Infinite scroll websites are coded in such a way that they continuously load content as a user scrolls down a web page. The best examples of such websites are Facebook, Instagram and Twitter. However, infinite scroll website is not always the right choice for every business. Whether or not you should implement infinite scrolling depends upon the type of information that you want to present to your website visitors. Read on to know the pros and cons of a website with infinite scroll design:
- Keeps Users Engaged: Infinite scrolling is a good option for websites that need to keep the users engaged for a longer time. As the content continues to appear, users keep on scrolling down the web page. Having to click on a ‘see more’ button might break the link of the users.
- Great For Mobile And Touch Screen Devices: Infinite scroll design is a perfect fit for mobile and touch screen devices. Users just need to scroll down to view more information without having the need to load a separate web page. The information on these websites is presented in boxes which are quite appealing for the users to click to tap for more.
- Easy To Manage Real Time Information: Websites that have to provide real time information to their users work well with infinite scroll design. For instance, continuous updating of news feed on Facebook allows the users to conveniently scroll through the entire content.
- Inability To Search Specific Information: Users need to scroll through the entire page to search for anything specific on the website. Similarly, they cannot skip anycontent to view something that interests them.
- Mapping Problems: Without pagination, users may feel disoriented about where they are on a particular pageor where the previously viewed content has gone. Infinite scroll websites do not have any back button to view the page visited earlier.
Before making the move towards an infinite scroll design, make sure the page design rightly matches the purpose of your website. We, at Centex Technologies, provide complete web design/development solutions to businesses. For more information, call us at (855) 375-9654.
April 18, 2015
Network traveling worms are specifically encoded programs that are able to transfer from a computer to other through various ways. These worms are automated hackers that transfer important information to impair the entire network once they gain access into it. Worms are quite similar to viruses except that they spread in a slightly different way. When a worm infects a computer, it searches for another system connected through the same local area network (LAN). Once it is found, the worm facsimiles itself to the new computer and continues with its search for more machines to replicate further. Due to its nature of traveling through the network, a worm is able to consume most of the bandwidth, causing the servers to stop responding.
Different types of network traveling worms are:
- Email Worms: These worms travel by way of attachments in email messages or links to a corrupted website.
- Instant Messaging Worms: These spread by sending spam links to the contacts in an instant messaging application.
- Internet Worms: These types of worms scan the internet and other available network resources to search for vulnerable computers. If any such system is found, the worm attempts to connect and infect it.
- IRC Worms: These worms spread through Internet Relay Chat (IRC) channels and transmit infected links or files to the contacts list.
- File Sharing Network Worms: These worms replicate itself into a shared folder and spread by way of a peer-to-peer (P2P) network.
How Network Traveling Worm Attack Affects?
- Exploit Vulnerabilities: The worm begins launching attacks from one computer in your network to other systems that do not have an updated firewall/ patch installed. Using this, the worm implements ‘shellcode’ on the target machine to make it download and set up a similar type of worm.
- Weak Passwords: The worm tries to initiate a dictionary attack on other computers in the network. Through this, it aims at accessing the credentials required to execute commands on the target system.
- Insecure Vulnerabilities: The worm can simply recreate itself through openly shared folders on other computers connected through the same LAN.
- Email: The worm inspects the contacts list and sends well-written emails to make people click on a spam link, install software or download an attachment to their computers.
Tips To Counter Network Traveling Worms Attack
- Block auto-execution of attachments in email
- Keep your computer’s firewall and patches updated
- Filter traffic on your router and Wi-Fi network
- Disable auto run capabilities on the computer
- Use strong passwords
Following these tips can help you protect yourself against network traveling worms attack to a great extent.