Types And Sources Of Computer Network Security Threats

November 28, 2014

With advancement in technology, Computer networks have made changed the way we used to work. However there are a number of threats that can breach the security of the system and allow illegal access to important information that can be used for malicious purposes. Some of the possible attacks are:

Denial Of Service (DoS) Attacks

These are probably one of the vilest attacks that are extremely difficult to resolve. A denial of service attack is a malevolent effort to make a network resource or a server inaccessible by the users. This is usually done by temporarily suspending or interrupting the services of the host linked to the Internet. You should make sure that you employ packet filtering in order to restrict the entry of forged traffic to your network space. You must also keep yourself updated about the recent patches available to ensure your security from malicious attacks.

Illicit Execution of Commands

This threat involves an unidentified person executing various commands from your server. Depending upon its severity, this threat can be categorized under normal user access (where the unidentified source is executing commands to only access data on systems) to administrator access (where unknown user makes or attempts to make system configuration changes).

Unauthorized Access

This is a comprehensive term used to denote a number of network security threats. The purpose of these attacks is to access the information from a computer or network source that your device is programmed not to provide to the attacker. You should make sure that you set up an alert to be informed whenever someone is trying to make an unauthorized access. Many systems are also programmed to lock an account after a set number of unsuccessful login attempts.

Confidentiality Breaches

This involves gaining access of confidential and private data by the hackers. This may include trade secrets, credit card numbers, financial statements, secret formulas, patents etc. Such information, if slipped into the hands of a malicious user, can severely harm you on a personal or professional level.

Destructive Behavior

Destructive attacks may be categorized as:

  • Data Destruction: This involves deleting or destroying the data stored on your network or hard disk drive so that it becomes completely unreadable and unusable for you.
  • Data Diddling: It occurs when a hacker modifies the important information before or at the time of entering it into the device.  These may include counterfeiting or forging documents, changing details of online financial transactions etc.

These network security attacks can come up either from physical access, Internet or dial-up modems. You should make sure that you follow all the important steps to protect yourself from such vulnerabilities.

,

Top 10 Network Security Threats

November 24, 2014

There are a number of security systems available that can help you protect your computer network from unauthorized access. However, there are a number of internal vulnerabilities, which are not commonly considered to be a threat, but have the potential to seriously infect your system.

Some of the common network security threats are:

  1. USB Drives: These are one of the most common means of infecting a network. USB drives are small, inexpensive devices that can be used to share data between computers. Once a system is connected with a USB drive, most operating systems allow automatic running of programs, even the malicious ones.
  2. Laptops and Netbooks: Laptops and Netbooks of people outside the company, if connected to company’s computer network can also transmit codes that can hamper the security of a network. These portable devices may also have many system codes running at the back end to search for and infect internal networks. These malicious programs can also provide an easy access to a company’s important information like salaries, phone numbers, addresses, medical records, employee passwords etc.
  3. Wireless Access Points: These provide immediate access to the network to any user within the network range. With security vulnerability in wireless access points, hackers can penetrate a computer system to get hold of confidential information. Most of the wireless AP protocols such as WPA and WPA2 are susceptible to attacks if strong passwords are not used.
  4. Miscellaneous USB Devices: Apart from USB drives, many other devices such as digital cameras, MP3 players, scanners, printers, fax machines etc. also pose a threat to the security of a network by transferring infected files from one system to another.
  5. Employees Borrowing Others’ Machines or Devices: Borrowing or sharing devices within the office can also cause an employee to inadvertently access restricted areas of the network. Thus, it is important that the passwords are strong and frequently changed.
  6. The Trojan Human: These are attackers who enter the websites in the camouflage of an employee or a contractor. These types of swindlers are capable of gaining access to the secure area of the network, including the server room.
  7. Optical Media: Just like the USB devices, optical media such as CDs or DVDs can also be used as a source of network infection. Once installed and run on a system, these portable storage devices can steal and disclose confidential data to other public networks.
  8. Lack of Employee Alertness: Besides the intimidations from digital technology, the capacity of human mind to store information also poses a major threat to a network’s security. Employees should be alert to note who is around them when they log on to their system or while reading confidential documents in public places.
  9. Smartphones: Today, phones are no less than mini-computers having the capacity to perform complex tasks. Hence, smartphones also pose the same security threat as a laptop, netbook or US devices.
  10. E-mail: Emails are commonly used to communicate, send and receive files within the business networks. However, this facility can often be misused for malicious purposes. Confidential messages can certainly be sent to any outside target and many viruses can be transferred through emails.

Make sure you keep a note of all these potential threats and take the necessary steps to prevent your internal network from getting infected.

,

Google Algorithm Changes & Website Optimization

November 15, 2014

Search engine optimization techniques have undergone massive alterations in the last few years resulting in clearing out of low value and spam websites from Google rankings. This has also brought changes in website optimization strategies by putting more emphasis on quality and meaningful content rather than just focusing on links.

Regular Google updates in recent years have kept SEO companies on toes to quickly adapt and modify their strategies. Keeping in line with the recent Google’s algorithm updates, here are some of the important tips that can help you effectively optimize your website for local businesses:

  • Avoid content duplication: Content is likely to be even more important part of a successful SEO plan. This is the only thing that distinguishes your website from that of other local businesses. To reward your website with a higher ranking, the search engines need to know what your business is all about. Make sure you post informative content, giving the details about your products or services, on each and every page of your website.
  • No keyword spamming: In past, stuffing content with keywords has been one of the favorite tactics of black hat SEOs, but now search engine algorithms are smart enough to detect keyword spamming  and penalize the websites indulging in that. This makes it important to have well written content on the website that utilizes keywords in an effective way.
  • Use relevant title tags: You should not stuff keywords in your title tag. Instead, add some of them that can perfectly describe your business. The title tag should give a complete summary of what a particular page is about.
  • Target local audiences: In order to make your website rank higher in Google’s local searches, you should try to make a wise use of the name of your city and state in your title tag, H1 heading, content, alt text on images as well as URL. Even if you are planning to change your URL, remember to use the 301 redirects so that the initial address automatically takes the user to the new one.

All these tactics will help you achieve your ultimate goal, i.e., to improve the credibility of your business among the local audience.

For more information on tips on Search Engine Optimization, call us at (855) 375-9654

,

Vulnerabilities In IOS

November 10, 2014

Apple’s Mac OS and IOS has been found to be vulnerable to two major threats, namely Rootpipe and Wirelurker. Both the bugs can pose a serious threat to the privacy and security of Apple users as it provides the hackers an access to the system to use it for malicious purposes.

The two main vulnerabilities to IOS have been discussed below:

ROOTPIPE
Discovered by an ethical Swedish hacker Emil Kvarnhammar, Rootpipe is a serious flaw in the system that permits the hacker to increase privileges from the admin to source.

What RootPipe Does?
There are a number of security tiers in the present day operating systems, making it certain that the users do not accidentally authorize any third party to access their computers. The highest security level, known as root access, is typically blocked from the most important programs. Rootpipe lets a hacker ignore the security check and access the computer source without the need of a password. According to Emil Kvarnhammar, “Normally sudo and system preferences require the user to explicitly enter an admin password to run as root. This is circumvented with Rootpipe. To exploit, an attacker would need access to execute code on a target system. Either through physical access, or by combining with another vulnerability (code execution in browser, java, pdf etc.).”

Unless the company rolls out a fix for the security bug, Kvarnhammar advises Apple users to safeguard themselves against malicious attacks by using a system with standard privileges, and avoiding the ones with administrator rights.

WIRELURKER
This is another software threat discovered by a cyber-security software company, Palo Alto Networks. Wirelurker targets Apple’s IOS operating system as well as OS X software. The bug has been mainly brought into the mainstream by functioning at the back end of pirated Chinese software. When the software is made to run on an Apple platform, the malware automatically gets installed in the system.

Wirelurker has the ability to sense when the user plugs in a USB cable into the device, which allows it to scrape personal data and install malicious copies of the apps. If the device is hacked, it becomes far easier for the bug to install software without Apple’s permission and access information such as old messages and contacts in the device.

According to the intelligence director at Palo Alto networks, Ryan Olson, “Wirelurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware. The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”

Although Apple has blocked Wirelurker on the iPhones, Rootpipe vulnerability still remains unpatched for now.

, ,

Bash Bug Security Threat

October 31, 2014

Bash (Bourne-again shell) is system software used in Unix based systems, including Apple’s Mac OS X and Linux, and is used to manage its command prompt. Bash allows the user to type a series of commands in a text window which are then executed by the operating system. ‘Bash’ software is used in a majority of computer systems that connect to the internet.

Bash Bug, also known as Shellshock, is a security threat which makes the Bash software accessible to the hacker. The bug was discovered by the Unix specialist, Stéphane Chazelas, in September this year. Hackers can exploit this bug to take complete control of a targeted system. Bash Bug is considered to pose a larger threat than ‘Heartbleed’ bug which was discovered in April 2014. While Heartbleed bug exposed passwords and other sensitive data to hackers, the Bash bug is capable to wreak havoc as it allows the users to seize the entire system, snip data and shut down networks.

There are a number of web servers that are already being exploited with the help of Bash bug. The fix that was initially rolled out for the flaw was incomplete and just hours after the news went live; there were reports of hackers trying to take advantage of it.

How does Bash Bug work?

Bash software allows the user to control programs and features by typing commands in the text box. Officially only the website owners or limited programmers are authorized to enter these commands and access information. However the Bash Bug makes the command control and information accessible to the hacker. For instance, if a web server uses Bash as a background program to manage tasks, such as personal data filled in online forms, a hacker who intends to exploit Bash could steal this data. He could then add a disparaging code either to the server to direct the user to other websites or to infect their system with viruses.

Preventive Tips

One solution to prevent your system from the threat of Bash Bug is to keep your vulnerable devices updated. According to cyber security experts, Bash bug rates 10 on 10 on a scale of severity, implying that it has the ability to leave drastic effects.

Here are some important tips to save your data from this disastrous fault:

  • Keep your security model application centric, which is not dependent on other security mechanisms.
  • Create directed prevention strategies to monitor server programs and block malicious activities.
  • Install hosted firewall and toughen the processes of operating system to ensure smooth functioning of the applications.
  • Leverage application and device control capabilities to lock down configuration settings, file systems and the use of removable media.
  • You should check for software updates on the websites of companies that make your router, computer as well as other Internet-connected equipment to prevent the bug.

Centex Technologies provide IT security systems for businesses. For more information on how to enhance security of your network and devices, please call us at – (855) 375-9654

,