Archive for May, 2015

Man-In-The-Middle-Attack

May 30, 2015

A man-in-the-middle (MITM) attack occurs when an unauthorized user attempts to actively monitor, capture and control the information transmitted between the source and destination computer. The attack may be carried out to simply gain access to the encrypted/unencrypted information or empower the hacker to modify the message before passing it further.

How Does A Man-In-The-Middle Attack Works?

The man-in-the-middle attack is performed when the attacker gains complete control over the networking router along a normal flow of traffic. The cybercriminal, in most cases, is in the same broadcast domain as the victim. For example, a TCP connection exists between the server and client in an HTTP session. The MITM splits the link into two – one between the server and attacker and other between the victim and attacker. By interrupting the TCP connection, the attacker decodes, alters and inserts fake data into the communication. A man-in-the-middle attack aims to exploit the weaknesses in the communication protocol, convincing the source network to divert traffic through the attacker’s router.

Tips To Prevent Man-In-The-Middle Attacks

  • Pay Attention To Certificate Warnings: A security certificate warning appearing for a website might indicate a serious problem. If the certificate doesn’t match with the server, you might be communicating with a malicious server carrying out a man-in-the-middle attack. Thus, you must not visit such websites, specifically if it involves entering important information like user names, passwords, bank account details etc.
  • Check for HTTPS Encryption: When connecting to sites that process financial transactions such as online shopping or banking, make sure that the session has an HTTPS encryption. When communicating over HTTPS, your web browser checks identity certificates to confirm the credibility of the servers you are connecting to, thus, reducing the possibility of a phishing server.
  • Be Careful While Using Wi-Fi Networks: Avoid doing any online transaction or sharing sensitive information if you are using a public Wi-Fi network. Be more alert if you see certificate warnings and websites without HTTPS encryption on such networks. Always try to use a private virtual private network (VPN) to create a secure connection to a trusted server.
  • Install Anti-Virus Software: Installing and regularly updating anti-virus software can help you defend against man-in-the-middle attacks that involve infecting your computer with a malware.

We, at Centex Technologies provide the most advanced cyber security solutions for businesses. For more information, you can call us at (855) 375 – 9654.

,

No Comments

Cyber Insurance – Needs And Benefits

May 26, 2015

Cyber insurance is designed to provide coverage from the losses incurred by an organization due to various cybercrimes such as network damage, data breaches, denial of service attacks, identity theft etc. Generally, a cyber-insurance policy protects against two types of risks – first party and third party. The former covers the losses of the policy holder whereas the latter one recompenses for the company’s liabilities towards clients, business partners and shareholders. Coverage options in a cyber-insurance policy may include crisis management, computer forensics investigation, data reconstruction, security liability, protection from cyber ransom etc.

Why Is Cyber Insurance Needed?

Every business, be it large or small, is likely to rely on information technology to some extent. In spite of using sophisticated firewalls and anti-virus software, it is nearly impossible to achieve complete security from cybercrimes. This is where the need for cyber insurance arises. It is particularly important for companies that hold confidential customer data, rely heavily on computer network to carry out business activities and deal in financial transaction processing.

Some of the reasons why companies need cyber insurance are:

  • Safeguarding the data of clients is one of the most important reasons to purchase cyber insurance.
  • Disclosure agreements and commercial contracts stored on the network may contain clauses regarding the confidentiality of the information. These can lead to expensive claims in the event of a breach.
  • Most entrepreneurs believe that their business is sufficiently covered by other insurance policies. However, having a cyber-insurance policy will make sure that all the network security risks are comprehensively covered.

Benefits Of Cyber Insurance

  • Mitigates Risk: Cyber insurance helps mitigate the risk of network attacks by increasing security measures. Insurers need to attain a certain level of cyber security in their organization as a prerequisite for coverage. This helps companies to identify the flaws in their IT system and make improvements in security practices.
  • Reimburses Losses And Penalties: Cyber insurance is immensely beneficial in the event of a large scale network attack. It provides coverage for the losses incurred, costs of notifying the affected individuals, hiring an attorney, legal fees and liabilities to other people.
  • Business Interruption Expenses: Some insurance policies also offer coverage for the income lost by a company as a result of the network or equipment failure due to the cyber-attack.

,

No Comments

What is a Sniffer Attack?

May 18, 2015

A sniffer attack involves capturing, inspecting, decoding and interpreting the network packets and information exchanges on a TCP/IP network. It aims at stealing unencrypted information, such as user IDs, passwords, email text, transferred files, credit card numbers, network details etc. It is also referred as a passive cyber-threat as the attacker is usually invisible and difficult to detect on the network.

Types Of Sniffer Attacks

  • LAN Sniffing: In this, the sniffer software is installed on the internal LAN to scan the entire network exhaustively. This helps to provide further information such as server inventory, live hosts, open ports etc. Once all the details are gathered, the hacker may launch a port-specific attack.
  • Protocol Sniffing: This method involves creating separate sniffers to carry out attacks on different network protocols. For instance, if a hacker sees UDP packets in a network, a separate sniffer is started to capture information.
  • ARP Sniffing: The hackers steal all the important information related to the IP addresses and its associated MAC addresses. This data is further used to initiate packet spoofing attacks, ARP poisoning attacks or exploit vulnerabilities in the network router.
  • TCP Session Sniffing: This is a basic sniffer attack in which the hackers get hold of the traffic between the source and destination IP address. They target details like service types, port numbers and TCP sequence numbers to create and control a fabricated TCP session.
  • Web Password Sniffing: In these sniffer attacks, the hackers penetrate the HTTP sessions that do not use secure encryption. Following this, the user IDs and passwords can be stolen and used for malicious purposes.

Tips To Protect Against Sniffer Attacks

  • Enable a WPA or WPA2 encryption for your router. Also, make sure you change its default password to limit access to your network. Use a long and secure password consisting of numbers, uppercase letters, lowercase letters and symbols.
  • Use MAC filtering on your network. You must allow only trusted MAC addresses to access your private VPN, thus, reducing the chances of a sniffer spying on the network.
  • Ensure that the important sites you use, particularly those that involve making financial transactions, have SSL (Secure Socket Layer) encryption. If a site is SSL enabled, it will have a URL beginning with HTTPS instead of HTTP.

We, at Centex Technologies, can assess and implement advanced cybersecurity measures in your organization. For more information, you can call us at (855) 375 – 9654.

, ,

No Comments

Importance Of Keeping Local Citations Consistent

May 11, 2015

Local citations are a critical component through which search engines like Google, Yahoo, Bing etc., determine the location based ranking for a business. In addition to having citations on credible and well-indexed websites such as Yellow Pages, Yelp, BBB, Foursquare etc., it is equally important to have business listings on service specific portals.

How Do Local Citations Work?

While determining your ranking for local search results, Google crawls through various sources on the web to search for “mentions” of your business. Search engine spiders look out for information like business address, phone number, website URL etc. and compare this data with the information provided on your website and Google+ page to verify its legitimacy. Generating local citations is particularly important for small businesses as they can benefit from high local search engine ranks and can compete with major players in the industry.

Why Is It Important To Keep Citations Consistent?

One of the major factors determining your website’s ranking in search results is the consistency of information provided in local citations. This includes business’ name, address and phone number (NAP), across all the citations. Besides basic business information, operating hours, modes of payment accepted, website URL should also be kept consistent. Any incorrect information is likely to reduce your potential customers, either through the wrong contact details or Google suspecting your business’ reliability and giving it a lower rank. The wrongly entered information may also spread quickly over the internet by robots and crawlers, thus, multiplying the effects of the error.

Tips For Maintaining Consistency In Local Citations

  • Decide on your exact business name and use it throughout all references over the internet.
  • Use a single phone number as your business’ primary contact. If you have a toll free number, use it as a secondary option. If there is only one option, always provide the local number.
  • Make sure to enter your complete address, including correct suite or unit number (if applicable), city as well as zip code.
  • Confirm that all abbreviations are in the same format for all business listings. For instance, Ltd should not be replaced with Limited.

Having real and consistent local citations can result in scoring huge points and achieve a higher ranking in local search results.

, ,

No Comments