27 July, 2016
Over the past few years, computer security has become the primary concern for most people. To stay protected, it is important to know about different types of malware found online i.e. how they spread and the repercussions they may bring. However, there are a myriad of misconceptions about malware that put internet users at risk.
Discussed below are some common myths and facts about malware that you should know to safeguard your computer and protect your information online:
Myth: Updating software is not important for computer security
Fact: A computer with an outdated version of anti-virus software is more susceptible to malware infection. Software vendors frequently release patches and upgrades to protect against the latest security threats. Hence, you must either enable the anti-virus software to update automatically or check for newer versions available on the vendor’s website.
Myth: Malware infection can be easily detected
Fact: Though some types of malware show obvious signs when they infect a computer, such as displaying a pop-up demanding ransom from the user or causing the system to crash. However, certain malware are specifically designed to avoid detection by the user. They may be programmed to stealthily collect sensitive information, send spam emails from the computer or lock down important files.
Myth: Malware only affects Windows
Fact: Though most malware are created to target Windows users, other platforms are not immune from this online threat. With an increasing share of Android and Mac users, hackers are initiating various cross-platform malware to target multiple devices.
Myth: Reputed websites are safe
Fact: While it is partially true that malware mostly spreads by visiting websites that have pornographic or pirated content, credible websites can also be compromised. Hackers use a technique known as malvertizing, which involves placing malicious ads on reputed websites. Clicking on these ads or just visiting the website may download a malware to the user’s computer.
Myth: You are safe if you do not have anything important on your computer
Fact: Even if you have not stored sensitive information on your hard drive, malware can scan other important details that can be used to achieve its goal. For instance, it may access your email account to send out spam emails to your contacts or trace your keystrokes to steal login credentials for online financial transactions. With this information, hackers can cause serious damage including identity theft and phishing attacks.
For more information about the malware perils and prevention tips, you can contact Centex Technologies at (855) 375 – 9654.
22 July, 2016
The incidences of online attacks have undergone a steep rise over the past few years, making cyber security a top priority for the organizations. A security breach can jeopardize the confidentiality of a company’s network and important data, leading to financial losses as well as reputational damage. Therefore, it is important to be proactive and identify as well as mitigate the potential threats to the corporate network.
Listed below are tips that can help organizations manage cyber security risks:
Internet Firewalls And Gateways
Internet firewalls, gateways and other such mechanisms should be adopted to protect the corporate network against unauthorized access. Devoid of proper security techniques, the company’s files, client details and other important information are at risk of being stolen, manipulated or deleted. A firewall will monitor the traffic on the organizations’ internal network and block any suspicious or unauthorized users. However, it is important to ensure that the firewall is frequently updated and password protected.
All the devices connected to the network should be properly configured to adhere to the cyber security policies of the company. This will help to identify and deal with the potential vulnerabilities. The default security settings on any device can serve as an easy backdoor for the hackers to gain access to your corporate network. Therefore, when installing networking devices, these settings should be changed and safeguarded with a strong as well as hard-to-crack password. Unrequired user accounts should be deleted and obsolete software should be updated or disabled. Auto-run feature should also be deactivated to prevent unintended installation of malicious software.
Most cyber-attacks are initiated by exploiting the security vulnerabilities in the software installed on a computer system. Hence, it is essential to regularly download and install the updates released by the software vendors. The organization should frame a comprehensive patch management policy to ensure efficient and effective updating of the software. There should be a specified time frame within which the patches need to be installed on the networking devices. Also, all the software updates should be licensed and released by a legitimate authority.
When computer systems are connected to the internet, they are likely to download malware through spam emails, fake websites, malicious advertizements or drive-by downloads. Anti-malware software should be installed to protect against such online threats. Make sure you keep it updated and allow regular scans to detect any malware installed on the device.
Centex Technologies is a leading IT consulting firm providing cyber security solutions to business firms across Central Texas. For more information, you can call us at (855) 375 – 9654.
16 July, 2016
Access control can be defined as a security technique utilized to restrict access to the physical and logical assets within an organization. The physical assets include the computer system or server room whereas the logical assets comprise networks, data, files etc. Having complete control over who can view, use or manipulate the resources in a computing environment, the companies can mitigate the likelihood of a potential security breach.
Types Of Access Control Systems
- Mandatory Access Control (MAC): This is the most stringent form of access control mechanism. In this, the access restrictions are monitored by the operating system according to the specifications provided by the system administrator. Each user or device on a network is assigned a classification label. When a user tries to view or edit any file on the server, the computer system verifies his credentials to determine if access should be granted.
- Discretionary Access Control (DAC): It allows each user to control access rights for their own file or program. Unlike Mandatory Access Control, the DAC is much more flexible when it comes to data security. It allows you to create customized access policies for each user. For instance, you can allow read and write access to one user as well as read-only access to another one for the same file.
- Role Based Access Control (RBAC): Also known as Non-Discretionary Access Control, it allows access depending upon the role of a user. Role is defined according to the job profile, responsibilities and authority of an employee within the organization. For instance, an accountant would be provided access to all the files that contain financial data.
- Rule Based Access Control (RB-RBAC): Under this type, access is allowed on the basis of a set of criteria defined by the system administrator. It is a good option if you need to stipulate access rights for a specific account during certain hours of the day. The rules set by the administrator are stored in Access Control Lists (ACLs).
Advantages Of Access Control
- It helps to increase data security and confidentiality in an organization
- It reduces administrative work needed to monitor unauthorized access to important files
- Access rights and protocols are easy to implement by the system administrator
- Access control systems decrease the possibility of security errors as the permissions are automatically monitored and regulated according to the specified criterion
We at Centex Technologies provide complete IT security & networking solutions to our clients. For consultation regarding implementation of access control in your organization, feel free to contact us at (855) 375 – 9654.
9 July, 2016
Banking Trojan, or Banker Trojan, can be defined as a malicious program designed to steal confidential information from online financial accounts. With a large number of people turning to online and mobile banking, the risk for these types of malware attacks has also increased manifold. The Banking Trojans usually come in the form of a legitimate software which, when installed on a computer system, gains inadvertent access to the files and programs. The software has a built-in backdoor that allows hackers to view files or monitor the online activities of the infected computer.
How Does Banking Trojan Work?
After the Banking Trojan infects a computer system, it usually stays dormant until the user performs an online financial transaction. It works covertly to replicate itself on the computer and edit registry entries each time the computer is started. The Trojan also searches the cookie files that had been stored on the computer while browsing financial websites.
Once the user attempts to make an online transaction, the Trojan sneakily steals the login credentials and transmits it to the hacker. Some of the ways in which Banking Trojans attempt to steal a user’s information are:
- Form data captures
- Inserting fraudulent form fields
- Screen captures and video recording
- Mimicking financial websites
- Redirecting of banking websites
- Man-in-the-middle attack
Upon acquiring the user’s banking details, the hacker may occasionally transfer relevantly moderate amounts of money to fake bank accounts.
Signs Your Computer Is Infected With Banking Trojan
- It may change your computer’s security settings
- Your computer may slow down unexpectedly
- Unidentified addition or deletion of files stored on your computer
- Malicious backdoor downloads may take place
- The Trojan may block or disable other programs in the infected computer
- You get randomly redirected to different websites
- The computer may crash or Blue Screen of Death (BSOD) appears regularly
Countermeasures Against Banking Trojans
- Frequently update your operating system and internet browser
- Download latest patches and updates of the anti-virus software to protect your system from the recent versions of Banking Trojans
- If the computer has multiple users, only the administrator should be permitted to download and install any software
- Use web content filtering to block malicious websites and advertizements
- Be careful while downloading software and programs, particularly from unreliable sources.
- Do not store your financial information on computer system. If necessary, keep it in an encrypted format
We, at Centex Technologies, can help you stay protected against Banking Trojans and other online security threats. For more information, feel free to call us at (855) 375 – 9654.
30 June, 2016
Web content filtering is one of the most important elements of an organization’s cyber security policy. Also known as “Information Filtering”, it involves screening a website and restricting access if deemed harmful or objectionable. It not only helps to prevent unwanted internet access by the employees, but also protects the corporate network from online threats. Web content filtering works by checking the credibility of a portal, when a user attempts to visit it. If the website has been blacklisted by the administrator, the user is barred from accessing it. Content filtering is important to restrict access to webpages which can have pornographic content, malware, keyloggers, botnets, proxy server etc.
Types Of Web Content Filtering
- Client Side Filter: In client side filtering, software is installed on computers that require content filtering. The admin can customize the list of blocked websites or specify guidelines according to which the content needs to be filtered. Client side filters are a good option for small businesses that have a limited number of employees.
- Server Side Filter: In this type, content filtering software is installed on a central server computer that monitors the security settings on other systems on the same network. The business owner or network administrator can apply the same filter rules for all computers.
- Content Limited ISP: In this type of filter, the internet service provider has the authority to regulate the type of content that can or cannot be viewed by the users. Apart from blocking malicious websites, it also monitors emails, chats and web traffic to prevent Denial of Service (DoS) as well as man-in-the-middle attacks.
- Search Engine Filters: Many search engines like Google and Bing also offer content filtering options to the users. They can block inappropriate content and text from being displayed in the search results.
Benefits Of Web Content Filtering
- Increased Employee Productivity: As the unwanted websites are blocked, the employees are likely to be more focused towards work. They would not get distracted which, in turn, increases their overall productivity at the office.
- Better Network Protection: Web content filtering helps to block malicious websites, emails and programs that are likely to infect a computer system with malware. Preventing these online threats safeguards your corporate network against a potential security breach.
- Bandwidth Usage Reduction: With a high speed internet connection, employees may engage in undesired activities like streaming videos, downloading movies, peer-to-peer file sharing etc. This increases the network’s bandwidth usage which can be controlled by using a content filtering software.
For more information on the benefits of web content filtering, feel free to contact Centex Technologies at (855) 375 – 9654.