Posts Tagged Data Security

What Is Packet Sniffing?

Information is often broken into smaller units when it is transmitted over the computer network. These small units known as data packets are fragmented at the sender’s node and are reassembled in their original format at the receiver’s node.

Every data packet has to cross a number of traffic control devices such as routers & switches. However, the data packet is susceptible to the risk of being captured each time it crosses these control devices. This act of collecting data packets illegally by hackers is known as packet sniffing. Hackers often use specialized devices
known as packet sniffers to do so.

How Does A Packet Sniffer Work?
A packet sniffer can exist in the form of software or hardware specifically designed to collect the data being transmitted over the network. They intercept & log network traffic with the help of wired or wireless network interface it has an access to. Hackers might use it to capture:

  • User names
  • Passwords
  • Downloaded files
  • Emails
  • Audio & video activity
  • Other sensitive information

An illegal packet sniffer is installed somewhere on the network without the knowledge of an IT administrator to gain unauthorized access to confidential information. Hackers also use sniffers to eavesdrop on unencrypted data to spy and checkout information being exchanged between the two parties and use it for their benefit.

Types Of Packet Sniffing

There are 3 types of packet sniffing, let us understand how they work:

  • IP Sniffing – It uses the network card to sniff all information packets that correspond with the IP address filter. These information packets are all used for analysis and examination.
  • MAC Sniffing – It also works through a network card and sniffs away the information packets that correspond to MAC address filter.
  • ARP Sniffing – In this type of sniffing, information packets are sent to the administrator through the ARP cache of both network hosts. The traffic is forwarded to the administrator directly instead of sending it to the hosts.

How To Protect Yourself From Packet Sniffing?

  • Use VPN – VPN (Virtual Private Network) connections provide complete privacy and secure your computer’s internet connection. It makes sure that all the data you are sending and receiving is encrypted & secured.
  • Always Check the HTTPS – Make sure that the websites that you visit have an HTTPS in its URL. Having it in the URL ensures that the website is safe to use.
  • Be Cautious – The risk of packet sniffing rises when a device is connected to a public Wi-Fi network. So be highly cautious of the websites you visit when you are on that network. Avoid doing financial transactions, entering sensitive information etc.

Other Ways

  • Scan your network
  • Use the Antisniff tool
  • Log out when you are done

For more information about IT Security, call Centex Technologies at (254) 213-4740.

,

No Comments

Benefits GDPR Provides To Businesses

PDF Version : Benefits-GDPR-Provides-To-Businesses

,

No Comments

How Private Is Your Personal Information

View Full Image

,

No Comments

Tokenization: Benefits For Securing Transaction Data

30 January, 2017

Tokenization is one of the most advanced technologies to strengthen digital payment security for customers and e-commerce business owners. It involves replacing the sensitive credit card information with randomly generated unusable symbols or tokens. As a result, the hackers are not able to decode the data as it passes from the user’s network to the payment gateway.

Businesses that deal in online financial transactions are required to provide a secure payment processing system to protect the customers’ data. Right from the pre-authorization stage to the processing and final payment, information should be transmitted only through secure channels. With the advancement in technology, hackers have started to use more sophisticated tools and techniques to steal online transaction data. Tokenization offers an additional layer of protection that goes a step ahead of what is achieved through PCI compliance.

How Does Tokenization Work?

When an ecommerce business employs tokenization during processing online payments, the sensitive information of the customer such as username, password, card number etc. is sent to a secure server, known as vault. Here, all the data is converted into a random string of numbers, which is completely different from the original card number. It is then passed through a validation test to make sure that the token, in any way, is not similar to the account number.

With tokenization, even if cybercriminals are able to decode the card information, they cannot gain any monetary value as the data does not reveal any information about the customer’s account.

Benefits Of Using Tokenization For Online Transactions

  • Reduces liability for customer data protection
    Tokenization does not require the customers’ card details to be stored in the computer system or network. It only consists of the random string of numbers. This minimizes a business’ liability towards protecting financial data because the information stored is not related to the customers’ primary account numbers.
  • Significant saving of time and money associated with PCI compliance
    Ensuing PCI compliance often requires the online retailers to make expensive hardware and software upgrades in their payment processing systems. Non-compliance, on the other hand, can be costlier. As tokenization does not require the merchants to hold sensitive data in the back end, PCI compliance can be made much more cost efficient.
  • Reduces the scope of PCI compliance
    Using unique tokens in place of encrypted card holder data can reduce the scope of the systems for which PCI compliance is required. Thus, you can eliminate the need of penetration testing and regular vulnerability as well as PCI scans.

We, at Centex Technologies, offer IT security solutions to business firms in Central Texas. For more information, you can call us at (855) 375 – 9654.

,

No Comments

How To Improve Your Organization’s Mobile Security

29 August, 2016

Mobile security is becoming an important issue for the organizations to address. There is no denying the fact that mobile devices help to save time and increase employee efficiency to a great extent. However, the potential security risks posed by these devices cannot be overlooked. It is seen that most employees use the same mobile device for personal and official purposes. It means that connecting to an unsecure network or downloading a malicious app puts both type of data at risk.

Listed below are some tips to improve mobile security in an organization:

  • Use Strong Passwords: A lengthy and difficult password is the first line of defense against a potential data breach. Therefore, encourage your employees to keep their devices protected with a strong password. Besides the basic mobile security options like PIN numbers or patterns, they should opt for more sophisticated ones like fingerprint scanner, facial recognition, voice recognition etc.
  • Install Anti-Malware Software: Owing to the ignorance of users, hackers are constantly targeting mobile operating systems to initiate a malware attack. It is important that the devices used by your employees to connect to the corporate network have an anti-malware software installed. They should also regularly update the software to stay protected against the recent forms of malware.
  • Avoid Unsecured Wi-Fi: Many organizations today are allowing employees to work from remote locations, which increases the risk of your company’s important data being accessed and shared over public Wi-Fi connections. Make sure your employees are aware of the potential security risks and access corporate data through secure Wi-Fi networks only.
  • Encrypt Confidential Data: Encryption of sensitive information sent and received on mobile devices can go a long way in improving your company’s cyber security. Organizations can implement encryption policies according to the employee groups or the level of data confidentiality.
  • Choose Mobile Applications Carefully: You should limit or block the use of third party software on mobile devices being used for official communications. This can help to prevent the occurrence of a breach resulting from unintentional drive-by downloads or installation of applications having backdoors to transmit company’s information to the hackers. Employees should be allowed to install only reliable and a limited number of apps from a legitimate source.
  • Create Secured Mobile Gateways: You can consider directing mobile traffic through a special gateway with targeted security controls, such as firewalls, web content filtering and data loss prevention. This will restrict the employees from using the company’s internal network for personal communications, thereby preventing unwanted software downloads.

For more tips on improving your organization’s mobile security, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments