The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Public WiFi Security

PDF Version: Public-WiFi-Security

Cookies & Online Privacy

When surfing online, a common pop-up that a user receives is ‘Accept The Cookies’. Some websites use cookies to provide a more personalized and convenient website browsing experience. But in order to understand the relationship between cookies and user’s online privacy, it is first important to understand what cookies are.

What Are Cookies?

Cookies are text files that contain small amounts of data that can be used to identify your computer network. Specific HTTP cookies are used to identify specific users for improving their web browsing experience.

Data stored in the cookies is created when a user connects to an online server. This data is marked with an ID that is unique to the user and his computer/system. When cookies are exchanged between user’s computer and network server, the server reads this data for identifying the information that should be served to the user.

Cookies are of two types:

  • Magic Cookies: This is an old computing term that refers to packets of information that can be sent & received without any charges. This data is commonly used for logging in to a computer’s database systems. This concept is a precursor of modern day ‘cookies’.
  • HTTP Cookies: It is a repurposed version of magic cookies, which was created for internet browsing. It was specifically created to assist web browsers in tracking, personalizing, and saving information about a user’s online session. The server sends cookies only when it wants the web browser to save it. These are stored locally by the browser, so that when the user revisits a website, web browser can return the data stored in the cookies to help the server recall data from previous session. HTTP cookies can be further classified as – Session Cookies and Persistent Cookies.

How Are Cookies Used?

While session cookies are only used during navigating a website and are stored on RAM (never written to the hard drive), persistent cookies remain on the computer indefinitely.

Persistent cookies can be used for two main purposes:

  • Authentication: They help in identifying if a user has logged in and if yes, under what username. They also help in streamlining login credentials so that the user is not required to remember them.
  • Tracking: This is to track multiple visits to a website or webpage over time. This property is used by merchants to identify a user’s browsing behavior to suggest products that may interest the user.

Why Cookies Can Be A Threat?

  • Since the data written in the cookies cannot be changed, they are harmless. However, cyber criminals can get hold of the cookies to access victim’s browser sessions.
  • Third-party cookies (generated by ads on a webpage, even if user doesn’t click on ads) allow the ad owners to track user’s browsing history, thus interfering in his privacy.
  • Zombie cookies can be permanently installed on user’s system and reappear even after deleted.

Removing cookies can help in combating the risk of privacy breach.

For more information on cookies, online privacy and IT Security, contact Centex Technologies at (254) 213 – 4740.

Cyber Security Concerns Of Smartphone Users

As the ‘Work From Home’ and ‘Bring Your Own Device’ culture has gained popularity, organizations have increased their attention towards mobile security. Most employees routinely access organizational data from their personal mobile devices, cyber criminals also try to gain on this opportunity. So, organizations have to keep their employees informed about major cyber security concerns that can be woven around smartphones.

Here are some major cyber security concerns of smartphone users:

  • Data Leakage: Data leakage refers to unauthorized transfer of data from within an organization’s systems to an external destination or recipient. It is one of the most bothersome cyber security threats for enterprises. In order to combat the issue of data leakage, organizations need to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users as well. However, this doesn’t help in taking care of data leakage resulting from user error such as transferring company files onto public cloud, copying confidential information to a wrong place, forwarding an email to unintended recipient, etc.
  • Social Engineering: It is a manipulation technique that exploits user error to gain private information, unauthorized access, etc. These scams are also known as ‘human hacking’ scams because these scams work by luring unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Social engineering scams usually aim at theft of information as well as sabotaging organization’s reputation by disrupting or corrupting data. Common examples of social engineering attacks include phishing attacks, baiting attacks, physical breach, pre-texting attacks, access tail-gaiting attacks, quid pro quo attacks, scareware attacks, etc.
  • Wi-Fi Interference: A mobile device is secure only in case the network through which data is transmitted is secure. Cyber criminals find an array of ways to intercept the transmission. Some of the tactics include setting up fake Wi-Fi networks, intercepting communications transferred across public networks, etc. Organizations can combat this issue by motivating users to download and make use of VPN.
  • Cryptojacking Attacks: Cryptojacking is a type of attack where cyber criminals use victim’s device for mining cryptocurrency without victim’s knowledge. The cryptomining process relies on the user’s resources such as mobile device processor, network, data, storage, etc. This reduces the performance level of the mobile device.

For more information on cyber security concerns of smartphone users, contact Centex Technologies at (254) 213 – 4740.

Web Application Vulnerabilities: Securing Online Applications

Web application vulnerabilities are system flaws that can arise due to improper validation or sanitization of form inputs, misconfigured web servers, or application design flaws. Such vulnerabilities can be exploited by cybercriminals to compromise the application’s security and gain access to use the application as a breeding ground for malware.

Common security vulnerabilities that affect web applications.

  • Injection: This happens when an interpreter receives a compromised query or command. Examples of injection flaws include SQL, LDAP, and OS. The best way to stay protected against injection flaws is to avoid accessing external interpreters. Language specific libraries can be used to perform functions for system calls or shell commands as they don’t use shell interpreter of the Operating System. If a call must be employed (such as calls made to backend database), make sure to validate the data carefully.
  • Cross Site Scripting (XSS): XSS attacks occur when a web application sends data to a client browser without thorough validation. XSS vulnerabilities allow intruders to run malicious scripts on victim browser which spy on user sessions and redirect users to malicious websites in some cases. In order to avoid XSS, applications should be designed to perform vigorous checks against defined specifications. It is recommended to adopt a positive security policy which defines only what should be allowed.
  • Broken Authentication & Session Management: If these functions aren’t properly configured, attackers can compromise user identities and exploit a vulnerability to steal session tokens, keys, and passwords. This type of attack can be avoided by using custom authentication and session management mechanisms. Some session management criteria that should be incorporated include password change requests, password strength checks, session ID protection, browser caching, trust, backend authentication, etc.
  • Cross Site Request Forgery (CSRF): In this case, the attacker forces the victim to send requests that the server will consider to be legitimate. The requests are sent in the form of forged HTTP requests including session cookie of victim and other identification information. To prevent this, applications should use custom tokens in addition to tokens received from browsers because custom tokens are not remembered by browsers to initiate a CSRF attack.
  • Security Misconfiguration: It is important for applications to have a secure application environment. Application developers need to consider guidelines pertaining security mechanisms configuration, turning off unused devices, logs & alerts, etc.

Centex Technologies offers web application development and cybersecurity solutions to its clients. For more details on how to make your web application secure, contact Centex Technologies at (254) 213 – 4740.

Enterprise Network Security: Zero Trust Security Or VPN

VPN stands for Virtual Private Networking. VPNs encrypt your internet traffic in real time and disguise your online identity. This makes it difficult for third parties to track your online activities and steal data.

How Does VPN Work?

A VPN hides an IP address by letting the network redirect it through a specially configured remote server run by a VPN host. This states that when surfing online with VPN, the VPN server acts as the source of your data. Due to this, the Internet Service Provider (ISP) and other third parties cannot see the websites you visit or data you send or receive.

Benefits Of VPN:

  • Secure Encryption: VPN ensures secure encryption of data transmitted and received. User requires an encryption key to read the data. This makes it difficult for the hackers or third parties to decipher the data, even if they corrupt the network.
  • Disguise The Location: VPN servers act as a proxy for you on the internet. This ensures that the actual location of the user is not determined. Additionally, most VPN services do not store activity log which further ensures that no information about user behavior is passed on to hackers or third parties.
  • Secure Data Transfer: As the trend of working remotely is gaining popularity, secure data transfer has become immensely important. Organizations can make use of VPN servers to ensure the security of data being transmitted and reduce the risks of data leakage.

Zero Trust Security

Main tenet of “zero trust security” is that vulnerabilities can appear if businesses are too trusting of individuals. This model maintains that no user, even if allowed on the network, should be trusted by default because it may lead to end point being compromised.

How Does Zero Trust Security Work?

Zero Trust Network Access (ZTNA) is an important aspect of Zero Trust Security model. ZTNA uses identity based authentication to establish trust before providing access while keeping the network location (IP address) hidden. ZTNA secures the environment by identifying anomalous behavior such as attempted access to restricted data or downloads of unusual amounts of data at unusual time or from unusual location.

Benefits OF Zero Trust Security:

  • Increased Resource Access Visibility: Zero Trust Security model provides organizations better visibility into who accesses what resources for what reasons and understand the measures that should be applied to secure resources.
  • Decreased Attack Surface: As Zero Trust Security model shifts the focus to securing individual resources, it reduces the risk of cyber-attacks that target network perimeter.
  • Improved Monitoring: Zero Trust Security model includes the deployment of a solution for continuous monitoring and logging of asset states and user activity. This helps in detection of potential threats in a timely manner.

Zero Trust and VPN are both types of network security and although they seem to have different approaches, these can be used in conjunction for a comprehensive security strategy. Organizations can use Zero Trust concepts and VPNs to delineate clear network perimeter and then create secure zones within the network.

At Centex Technologies, we recommend network security protocols and solutions to formulate an effective network security strategy. For more information, call Centex Technologies at (254) 213 – 4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)