Posts Tagged Cyber Security

Common Misconceptions About Wi-Fi Security

7 March, 2017

It is a well-known fact that unsecured Wi-Fi networks are quite unsecure, particularly for banking, online shopping, social networking and other sensitive web browsing. As open wireless hotspots are easily available at restaurants, hotels, coffee shops etc., hackers have found an easy way to breach the security of the network to track the users’ online activities, record information being transmitted and manipulate data.
With multiple security risks associated with Wi-Fi access, there are some common misconceptions that need to be steered clear of in order to stay safe:

Not broadcasting SSID hides your wireless network

A lot of people believe that if they hide their Service Set Identifier (SSID), the hackers would not be able to find and connect to their Wi-Fi network. However, this is not absolutely true. Computer systems that operate on Windows 7 and newer versions display all the wireless networks that are in range, even the ones that do not have an assigned SSID. Additionally, hackers have various tools to acquire a network’s SSID.

MAC address filtering keeps your network secure

Media Access Control (MAC) address filtering is also a common technique of keeping a Wi-Fi network secure. The user can create a white list comprising the MAC addresses of all the computers that are authorized to access the network. Though it does provide security to some extent, hackers can easily spoof the MAC address of the computer systems. With the use of wireless analyzers, they can view the list of all devices in your white list, modify the MAC address of their own device and gain access to the network.

Strong authentication and encryption provide complete protection

Encryption and WPA2 authentication are recommended to prevent hackers from viewing, stealing or manipulating the data being shared on your Wi-Fi network. However, this does not mean that you can completely rely on them. If the administrator does not validate the security certificate while configuring a wireless device, it can leave your network open to several vulnerabilities.

You should disable your router’s DHCP server

Disabling the router’s Dynamic Host Control Protocol (DHCP) server that assigns an IP address to all the devices connected to your network, is also believed to protect against attacks. However, if a hacker has already penetrated your wireless network, he can easily determine the IP addresses that you have assigned. Thereafter, he may create a compatible IP address to gain access to the network.

For more tips and information on Wi-Fi security, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments

How To Manage DDoS Attacks Against Your Organization

14 February, 2017

Distributed denial-of-service (DDoS) attacks are becoming increasingly common and one of the major concerns for most business organizations. There are thousands of ways in which these attacks may be carried out, the basic intent is the same, i.e. to cease the functioning of the target internet network. Safeguarding your corporate network against a DDoS attack requires a well-planned crisis management program. For this, you must need to understand how a DDoS attack is launched and the potential harm it can cause to your organization.

What Is A DDoS Attack?

A DDoS attack mainly involves flooding an IP address with traffic from unidentified sources. This, in turn, results in an overloading of the web server which makes it unable to respond to ‘genuine requests’ in a timely manner. The hacker may create a network of multiple computers, termed as a botnet, and use it as a vector for the attack. Due to overflow of data packets received at the same time, your website becomes unavailable to be accessed by the users.

Certain DDoS attacks may also be initiated on your company’s virtual private network (VPN) which prevents employees from logging into their email accounts when they are out of the office.  If your organization has been a victim of DDoS attack, here are some steps that you need to take in order to minimize its consequences:

Identify A DDoS Attack At The Onset

Firstly, it is important to identify a DDoS attack in its initial stages, particularly if you manage your own web servers. You should have a fair idea about how much traffic you usually receive and from which IP addresses. When you detect a steep increase in the amount of traffic, it may be due to a DDoS attack.

Get Extended Bandwidth

Another useful step can be getting more bandwidth for your web server than you actually require to handle the traffic. This way, even if a DDoS attack is launched, you would be able to manage the sudden upsurge of traffic before the resources get completely exhausted.

Identify The Source

If possible, try to identify the source of the DDoS attack. When you know the computers that are sending the fake requests, the IP addresses can be easily blocked. You can also form a cyber security strategy to protect yourself against such attacks in future.

For more tips on how to prevent and manage DDoS attacks against your organization, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments

The Risks Of Being Too Social Online

6 February, 2017

Social media is a great platform to stay connected with friends, express views and opinions on a topic as well as promote your products/services. However, a lot of people tend to post about every minor or major happenings of their lives on their social networking profiles. This can jeopardize their personal as well as professional privacy and put them at risk for various online attacks.

Here are some of the risks of sharing too much information online:

Private Information Can Become Public

It is a well-known fact that whatever you post on the internet stays forever. Therefore, it is important that you understand the term ‘Too Much Information’ and know what you should and should not share on social media. Posting your personal details, your child’s school or a holiday trip can be misused by the hackers.

Cookie Tracking

When you access your social networking account, it creates cookies to track your browsing sessions and load information faster the next time. Some tracking cookies can also pose security and privacy concerns, particularly when you are using a public computer. They can store your sensitive information, such as user name and password, which can be used by the cyber criminals to keep a record of your online activities and get access to all the personal information that you share.

Spear Phishing

The information you share about yourself on social media, such as birthday, job title, email address, interests etc., may not seem to be sensitive initially. However, it can be tactfully used by the hackers to craft a phishing email that requires you to click on a link or provide your account details. The authenticity of the information contained in the email compels you to believe that it has been sourced from a reliable entity.

How To Protect Yourself?

  • Be careful while posting anything on your social networking profiles
  • Change your passwords frequently
  • Review your privacy settings to limit accessibility of your sensitive details
  • Avoid geo-tagging your posts and images
  • Do not share your credit card or financial information
  • Be selective in accepting friends and follower requests. Make sure you connect with only those people who you know personally.

For more tips on social networking security, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Pharming Attacks: What Are They And How To Protect Yourself

23 January, 2017

Pharming attacks are network based intrusions whereby visitors of the target website are redirected to a hacker controlled web server. It may occur when a user clicks on a link or types the website URL in the browser’s address bar, which takes him to a fake portal that looks similar to the one that he intended to visit. The attack may involve compelling the user to enter his username, password or other personal information in the fake website. At times, simply visiting the website may compromise the security of the system.

How Are Pharming Attacks Carried Out?

The hackers mainly use the following two methods for carrying out a pharming attack:

DNS Cache Poisoning

In this type of pharming attack, the hacker breaches the DNS server to change the IP address of the legitimate website. With this, if the user types in the URL ‘www.abc.com’, the computer sends a query to the DNS server, which returns the IP address of the bogus website ‘www.abc1.com’. The user believes the website to be original and continues browsing.

In order to facilitate faster access, the server automatically caches the web documents to reduce page load time when the website is accessed later. As a result, the user will be repeatedly routed to the fake website even if he types the correct URL.

Hosts File Modification

The hosts file is a plain text file stored in the computer’s operating system and comprises of different IP addresses as well as hostnames. A pharming attack may involve changing the local host files on a user’s computer through a malicious code sent in an email. With this, the user gets redirected to a fake website when he types in a URL or clicks on an affected bookmark entry.

Tips To Prevent Pharming Attacks

  • Make sure you do not delay updating the operating system and software applications installed on your computer. This will fix any security vulnerabilities and prevent hackers from gaining unauthorized access.
  • When visiting a website, cross check to detect any spelling mistake in the domain name. The hackers may redirect you to a fake website that has a similar URL. For instance, web traffic to ‘www.abc-xyz.com’ may be routed to ‘www.abc_xyz.com’ or ‘www.abc.xyz.com’
  • If you are required to enter your personal or sensitive information in a website, the URL should change from ‘http’ to ‘https’. You should also verify the certificate of the website. Check if it carries a secure certificate and uses encryption for all transactions.

For more information on pharming attacks, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Security Risks Of Typosquatting

10 January, 2017

Typosquatting, also referred as URL hijacking, is a type of cybersquatting attack in which the hacker takes advantage of commonly misspelled alphabets in a website’s URL. When a user makes a typographical mistake, such as entering ‘g’ instead of ‘h’ due to the proximity of both keys on the keyboard, he may get redirected to a spam website controlled by the hacker.

Cybercriminals often create bogus websites that have similar design and layout as the target website. This is done to ensure that the visitors do not realize that they have landed on another website. At times, typosquatting attempts may be intended to promote a competitors’ product or service but, in most cases, they are initiated to serve a malicious purpose.

Typosquatting attacks may be aimed at:

  • Deceiving unsuspecting victims to reveal their personal identifiable information, such as username, password, social security number, bank account and credit card details. This may be done by compelling users to click on a pop-up advertizement that offers some sort of discount or giveaway.
  • Tricking users into downloading spyware, malware or other malicious program on the computer system. Once you install the application, it may breach your network security, steal important data or record the keystrokes.
  • Redirecting web traffic to a dating portal or competitor’s website.
  • Freezing the user’s web browser for fake tech support scams to extract money in exchange of fixing the problem.
  • Earning revenue by making users click on advertizements posted on the typosquat website.

How To Protect Against Typosquatting?

  • Be very careful while typing a website’s URL in the browser’s address bar. If you are not sure about the spelling of the website, cross check it on Google or any other search engine to avoid inadvertently landing on a fake website.
  • Do not open links sent in emails, particularly from unknown senders.
  • Bookmark the most frequently visited websites so you can easily visit them whenever required.
  • Get a comprehensive security software to protect against phishing attempts, spyware and malware attacks.
  • Do not register with the same password on all websites. This way, if you accidently reveal your credentials on one website, it won’t affect the security of other online accounts.
  • Business owners can consider purchasing multiple domain names similar to their primary URL to avoid being a victim of typosquatting.

For more details about the security risks of typosquatting and how to guard against them, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments