The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 58 of 79

The Different Types Of Web-Based Attacks

By

On December 20, 2016

In Security

20 December, 2016

With majority of the business operations being conducted online, web based attacks are continually on the rise. Cyber criminals devise innovative and more sophisticated techniques to exploit unpatched vulnerabilities in the web applications. The motive behind these attacks may be different, to steal a company’s sensitive information, display spam advertizements on the website or download malware to the user’s computer.

Discussed below are the different types of web based attacks:

Structured Query Language (SQL) Injection

SQL injection is a common technique that involves injecting a malicious code to alter the sensitive information in the website’s back-end database. It may also be performed to steal payment card details, username and password as well as insert spam links to the website. SQL attacks are quite easy to execute and can severely compromise the data security of a company.

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) can be defined as a client-side code injection attack in which the hacker injects a malicious script, predominantly JavaScript, in a legitimate website. As these scripts appear to be from a trusted source, they are often executed by the end users. This, in turn, allows the hacker to gain access to the cookies, session tokens, passwords and other sensitive information.

Drive-By Downloads

In this type of attack, the hackers tamper a web application with an HTML code that stealthily downloads a malware whenever a user visits the website. Once downloaded, the program may execute itself to record keystrokes, access important files, hijack online banking sessions or use the computer as a part of botnet.

Brute Force

Brute force attacks are mainly targeted attempts to decode a user’s login credentials. In this, the hackers use a trial and error method using different user names as well as passwords till they are able to identify the correct one. Creating strong passwords and limiting the number of invalid login attempts may help to prevent a brute force attack.

DoS And DDoS

Denial of service (DoS) and distributed denial of service (DDoS) attacks are carried out by flooding a website with traffic from multiple sources, making it unavailable for the genuine users. In a DoS attack, a single computer system may attempt to crash the target server with data packets. A DDoS attack is when multiple computers, widely distributed in a botnet, send simultaneous requests to slow down and ultimately halt the web server.

We, at Centex Technologies, can help to protect your corporate network from different web-based attacks. For more information, you can call us at (855) 375 – 9654.

Ways To Avoid Banking And Payment Fraud

By

On December 13, 2016

In Security

13 December, 2016

Online banking and payment frauds are increasing at an alarming rate. Moreover, with the continuous emergence of ecommerce websites, more and more people are becoming victims of these fraudulent activities. Though online banking offers a lot of convenience, the security risks that come along with it necessitate the users to be extremely cautious while accessing their financial accounts.

Given below are a few tips that can help to avoid banking and payment fraud:

  • Enable Two Factor Authentication: The best approach is to use two factor authentication for all your online financial accounts. With this, you will have to enter your login credentials, along with the unique one time password (OTP) sent to your mobile number, to confirm any transaction. Thus, even if someone has your username and password, he would not be able to use them unless he gets the OTP.
  • Choose Strong Passwords: Create a strong and hard-to-crack password for your internet banking account. The password should ideally be 6 to 10 characters long and consist of uppercase, lowercase letters, numbers as well as symbols. Also, you should not store your password in your computer system, unless it is properly encrypted.
  • Avoid Clicking Through Emails: Be wary of phishing emails that require you to update your account information online. Also, do not click on any links embedded in such emails. They may contain a malicious code that redirects you to a fake website to record your banking credentials. It is safer to directly type in your bank website’s URL in the browser.
  • Access Your Accounts Securely: Do not access your financial accounts from open Wi-Fi hotspots. These networks do not use encryption and all the information you share can be easily viewed, accessed or modified by the hackers. Also, the website’s URL should begin with ‘HTTPS’ instead of ‘HTTP’ along with a small padlock icon in the address bar.
  • Log Out After Each Session: No matter you are using a personal/public computer system or a smartphone, it a good practice to log out after every online banking session. This will minimize the chances of becoming a victim of session hijacking and cross site scripting attacks. You should also clear the browser cache and history at the end of each session.

We, at Centex Technologies, offer comprehensive internet security solutions across Central Texas. For more tips on preventing online banking and payment fraud, you can call us at (855) 375 – 9654.

Vulnerability Scanning Vs. Penetration Testing

By

On December 6, 2016

In Security

6 December, 2016

Vulnerability scanning and penetration testing (or pen testing) are often used interchangeably in the field of IT security. Though these security tools are co-related, there are some key differences in the purpose for which each of them is carried out. Having a clear understanding is essential for the IT professionals to utilize the available resources judiciously.

Given below is a detailed description of vulnerability scanning and penetration testing:

Vulnerability Scanning

Vulnerability scanning refers to an in-depth and automated scan of the computer systems to identify any potential security flaws. It allows the organizations to evaluate the level of IT security protocols, detect weaknesses and differentiate the ones that can be exploited by the cybercriminals. The scan also involves providing a detailed report stating the steps required to either mitigate or diminish the security threats.

A vulnerability scanning process mainly involves the following steps:

  • Creating a list of the valued assets and resources in a computer system
  • Determining the importance and confidentiality of all the resources
  • Identifying the vulnerabilities, where they are located and categorize them according to their risk of being exploited
  • Eliminating the potential vulnerabilities for the most important files and data

Penetration Testing

Penetration testing involves simulating a cyber-attack to penetrate the corporate network and gain access to the sensitive data. Its main purpose is to determine if any malicious activity is possible and the way it can be carried out by the hackers. The IT security experts conduct a complete scan of the corporate network and attempt to exploit any of the identified vulnerabilities. Subsequently, a detailed report is provided stating what resources were accessed without permission, vulnerabilities that were exploited and how they can be fixed.

Essentially, penetration testing can be of two types, white box and black box. The former one involves the use of pre-disclosed information about the target company’s resources and network vulnerabilities. Black box testing, on the other hand, is performed with little or no knowledge of the security flaws in the target systems.

Though vulnerability scanning and penetration testing serve different objectives, both of them should be performed to improve an organizations’ overall IT security. Vulnerability scan should be carried out monthly and may take less than an hour to be completed. Penetration tests are recommended to be performed annually and may take a few weeks, depending upon its scope.

For more information on the importance of vulnerability scanning and penetration testing for your organization, feel free to contact Centex Technologies at (855) 375 – 9654.

The Most Common Mistakes People Make Online

By

On November 29, 2016

In Security

29 November, 2016

A lot of people spend hours on the internet every day. Right from sending emails, playing games and shopping to social networking and many other tasks, internet has become the lifeblood of people of all age groups. However, despite the extensive upsurge in internet usage, users tend to make a lot of mistakes which can ultimately sabotage their web browsing experience. This may either show up by slowing down the internet or infecting the computer system with a malware.

Given below are some of the most common mistakes people make online:

Browsing On Public Wi-Fi

Though browsing on free public internet hotspots seems convenient, security is a major issue that comes along. These networks do not use encryption and any information shared or received over it can be illegitimately stolen by the hackers. Therefore, online banking accounts, shopping websites, official emails etc. should never be accessed on public Wi-Fi networks.

Delaying Browser Updates

When it comes to online security, hackers are not just confined to phishing techniques and malicious websites. You can be a potential victim of online attack if you have not updated your internet browser or other applications to the latest version. Though Google Chrome manages automatic updates at the backend, other browsers may prompt you to download and install the patch. Make sure you do not delay these updates as they help to enhance browsing experience and fix any bugs present in the previous version.

Oversharing On Social Media

Sharing too much of personal information on social networking websites is also a common mistake made by most people. Your email, home address, phone number, social security number, vacation plans, current location etc. may be used by the hackers for social engineering purposes. This information may also be used to gain access to your other online accounts.

Ignoring SSL Certificate Warnings

While browsing the internet, many times a dialogue box pops-up stating ‘Your connection is not private’. Unfortunately, less than half of the users follow this warning and continue visiting the website. With this, you are putting your sensitive information at risk of getting leaked out to the cybercriminals.  Websites that use an SSL certificate encrypt all the information so that it cannot be decoded by anyone except the specified receiver.

Centex Technologies is a leading IT consulting firm providing comprehensive solutions to the businesses in Central Texas. For more information and tips on online security, you can call us at (855) 375 – 9654.

Debunking Myths About SSL And HTTPS

By

On November 21, 2016

In Security

21 November, 2016

HTTPS (Hyper Text Transfer Protocol Secure) and SSL (Secure Sockets Layer) certificates have provided an effective means to keep your information secure over the internet. However, many enterprises still rely on the public cloud and other unsecure web applications. This is mainly because of the common misconceptions related to the management, cost, usability and benefits of these network security protocols. It is important to debunk the myths about SSL certificates and HTTPS protocols so that organizations can secure their online resources.

MYTH: SSL Certificates Are Expensive
FACT: This is one of the major reasons why most entrepreneurs avoid getting SSL certificate for their website. However, if you research thoroughly, there are many low cost SSL certificate providers on the internet. You should consider your requirements in terms of features and mobile compatibility to get the right SSL certificate.

MYTH: HTTPS Slows Down A Website
FACT: HTTPS does not have any visible impact on the load time of the website. Though the connection with the server may take some time due to the data encryption process, it can be resolved by upgrading the processor.

MYTH: HTTPS Is Required Only For The Login Pages
FACT: Another common myth is that HTTPS is required for the website’s login or home page only. In actual fact, if you do not secure other pages of your website, you are actually increasing the likelihood of session hijacking, particularly if the users are connected to an open Wi-Fi network. Any information shared by the users can be easily viewed, accessed and manipulated by the hackers.

MYTH: HTTPS Websites Involve No Content Caching
FACT: Many people claim that websites using HTTPS cannot be cached by the web browsers. However, if you use response headers, you can prompt the browser to cache the content in your website. The response headers to be used may differ for each web browser.

MYTH: SSL Will Not Affect Your Website’s SEO
FACT: In an attempt to improve online security, Google officially announced that websites using HTTPS will be ranked high in results pages. This has encouraged most webmasters to switch from HTTP to HTTPS to avoid having a negative impact on their website’s ranking. Also, users are more likely to visit websites that are encrypted, particularly if they are required to their sensitive information such as username, password, credit card details etc.

For more information about the importance of SSL and HTTPS for websites, feel free to contact Centex Technologies at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)