The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Security Page 43 of 48

Tips For Improving Router Security

By

On December 22, 2015

In Security

December 22, 2015

Unsecure wireless routers are targeted by most cybercriminals to carry out hacking attacks. After gaining control of your router, they can easily track, block, redirect or alter the online activities being performed on the network. With an increase in the number of network breaches, it has become even more important to improve the security of your internet router. Here are some tips that can help:

  • Change the default logins: Most routers use a default username ‘admin’ and a system generated password from certain known algorithms, making them easy to be guessed by the hackers. Therefore, it is critical that you change your login credentials to a unique username and a strong password. You should not use your name, date of birth, home address or any other personal information as the password.
  • Change Default IP Ranges: The default IP ranges, usually 192.168.1.1, is quite predictable by the hackers and may lead to cross-site request forgery (CSRF) attacks. Users can prevent themselves from such attacks by changing their IP range to something different, such as 10.8.9.7.
  • Enable MAC Filtering: Restrict the number of devices that can access your internet connection by enabling MAC filtering. Even if a user has the password to your Wi-Fi network, he would not be able to connect to the router if their device’s MAC address is not listed by the router’s admin console.
  • Turn Off WPS: Wi-Fi Protected Setup (WPS) allows the users to bypass password and connect to the internet simply by entering a default eight digit pin usually printed on the router itself. Though it offers convenience to the authorized users, it also makes it easier for the hackers to gain access to your corporate network. To avoid this, you must turn off WPS and enable WPA2 encryption to limit access to your router with a complex password of more than 20 characters.
  • Update Router Firmware: Make sure you keep your router’s firmware updated. Frequently check the administrative interface to look for upgrades to fix various security flaws. Logging into the router routinely will also allow you to identify any unusual behavior that may indicate unauthenticated online activities.
  • Log Out After Each Session: Once you have configured the router’s settings, do not forget to log out to prevent abuse of authorized browser sessions. Many routers do not automatically logout after the admin page is accessed, thus, allowing the hackers to bypass the authentication process to gain access.

For more network security tips, feel free to contact Centex Technologies at (855) 375 – 9654.

Ransomware – The Malware That’s On The Rise

By

On December 16, 2015

In Security

December 16, 2015

Ransomware is a type of malware that uses a malicious software code to lock a user’s computer and allows access only after certain ‘ransom’ fee is paid. It may infect the system in the form of a Trojan horse or worm by exploiting a security flaw. Ransomware usually spreads through email attachments, spam website links or infected software applications. Once executed in a computer, the malware can either lock the entire system or encrypt the stored data with a password.

Types Of Ransomware

  • Cryptowall: This ransomware is mainly spread through spam emails that contain a malware infected attachment claiming to be an important message. Once the user opens the attachment, the malware is executed and the device gets locked.
  • FBI Ransomware: It is installed on a user’s computer once he visits a website with malicious script. When the system is infected, it displays a message, purported to be from FBI, that the computer has been blocked and the user needs to pay a fee to restore his data.
  • Power Worm: This is probably the most perilous type of ransomware in which the victim’s data is not only encrypted but the key to restore the information is also destroyed. In such a malware attack, the only option to get the data is to restore it from back-up.
  • Chimera: The Chimera malware works by threatening to post the victim’s files on the internet if he does not pay the demanded ransom. In such situations, even if a user has a back-up of the files, he might get convinced to pay the fine just to prevent the files from being leaked.

Defending Against Ransomware

  • Never open embedded URLs or attachments in emails from an unknown source.
  • Download and constantly update anti-virus and firewall definitions.
  • Maintain a backup of your files on an external hard drive or online.
  • Enable your popup blocker to avoid accidentally clicking on a spam advertizement.
  • Update all the software on your computer to fix any open security vulnerability.
  • Enable the option to ‘Show file extensions’ in your systems settings. This will make it easier to detect malicious files. Make sure you do not open any file with an unknown extension.
  • If you notice malicious software running or view a ransom message on your computer, disconnect the internet immediately to avoid transmitting your data to the cybercriminals.

Taking precautions to protect your information and staying cautious are the best counter measures to avoid being infected by Ransomware.

Ways To Protect Against Referrer Spam

By

On December 8, 2015

In Security

December 8, 2015

Referrer spam can be defined as a practice of directing fake traffic to a website or product page. Also known as referrer bombing or log spam, the technique mainly involves flooding a website with traffic from different countries, IP addresses and devices but through the same referrer. The purpose of the spammer is to compel the website administrator to notice the traffic in the analytics report, visit the website and buy their product or service.

A referrer is a third party source, such as an email, forum or search engine, through which a visitor navigates to your website. This information is generally tracked by your analytics platform to give relevant information about the source of your website’s traffic. When spammers replace this data with a fake website URL that they want to promote, these links are indexed by search engines while crawling the access logs, thus improving the websites’ rankings.

Types Of Referrer Spam

  • Ghost Referrer Spam: In this, the spammers are able to directly submit data into your analytics account, by-passing your website in the process. This means that the fake HTTP requests will be sent to the Analytics servers, without the traffic even visiting your website.
  • Crawler Referrer Spam: This type of spam involves using a bot to actually crawl through your website with a fake referrer URL or link. However, web crawlers are not as common as ghost referrer spams.

How To Stop Referrer Spam?

  • The most viable solution to stop spam bots from visiting your website is by blocking them in your .htaccess file. This will completely stop the referrer links from hitting your website.
  • Implement a genuine hostname filter to protect against ghost traffic.
  • Turn on Google’s bot and spider filter option.
  • Use spam crawler filters to remove targeted spam visits.
  • Password-protect the site logs to prevent search engine spiders form accessing them.
  • Include a rel=”nofollow” attribute in the spam URLs. This will prevent the search engine bots from following and indexing the fake website.
  • The pages that display your website’s traffic statistics should be put into the robots.txt file to exclude them from being crawled by search engine.

We, at Centex Technologies, provide complete cyber security solutions to the business firms in Central Texas. For more information, feel free to call us at (972) 375 – 9654.

Data Encryption: Threats And Best Practices

By

On November 28, 2015

In Security

November 28, 2015

Data encryption has long been known to be one of the most effective and important techniques to safeguard information in a corporate setting. It allows the users to translate sensitive digital data that is stored on a computer system or transmitted across the company’s network. The encrypted data, known as ciphertext, can only be accessed by authorized users who have the password required for decryption. Here are some of the reasons every organization needs data encryption:

  • Risk of unauthorized users viewing sensitive data: Sharing important files and data are critical for teamwork. However, all employees might not be clear about who is authorized to view what kind of information. Whether accidently or purposely, giving unauthorized users access to confidential data can endanger your organization’s’ IT security.
  • Risk of employees viewing undeleted data: Ideally, the information that is not required should be deleted from the computer. However, this might not be possible for the data stored on the cloud as there may be additional copies present as backup which can be accessed by other people.
  • Risk of sharing unencrypted sensitive data: Businesses that require storing sensitive personal and financial information of clients or customers may invite serious legal implications without proper data encryption.

Tips to implement a successful data encryption strategy

  • Evaluate your security goals: Before devising an encryption strategy, you need to figure out what all you want to protect. This may include all the hard drives, removable storage devices, employees’ personal laptops or any other kind of system. You must also get yourself familiar with all the data governance policies and compliance mandates applicable for your business.
  • Enforce removable media encryption: With USB flash drives and portable hard disks holding a massive amount of data, securing only the computer systems does not seem to be enough. You must ensure that all information transferred from one source to another on the company’s network is properly encrypted.
  • Maintain comprehensive audits: You must maintain a comprehensive log of every time any sensitive information is accessed. The name of the employee, data accessed, purpose and time of use should be recorded.
  • Access control: Ascertain that only the authorized users are able to view the encrypted data. Also, limit the number of times that data can be accessed each day. For a successful encryption strategy, you must implement an appropriate balance of file permissions, passwords and two-factor authentication.

We, at Centex Technologies, can help to implement an effective data encryption policy in your Central Texas based organization. For more information, you can call us at (972) 375 – 9654.

Social Engineering Attacks And How To Prevent Them

By

On November 23, 2015

In Security

November 23, 2015

Social engineering is a non-technical method of attack in which the hacker attempts to convince users to break normal security practices. The type of information generally sought by hackers includes bank account information, password, credit card details etc. Certain social engineering attacks also involve sending malware-laden email attachments to gain control over the user’s computer.

Types Of Social Engineering Attacks

  • Phishing: This is probably the most common form of social engineering attack. The hacker sends an e-mail, IM or text message that appears to be coming from a legitimate and credible institution, company, bank etc.  A phishing scam is carried out to obtain a user’s personal information such as name, address, social security number, bank account details etc.
  • Pretexting: In this, the attacker creates a plausible backstory to gain access to confidential information. For instance, the user may receive a call or email claiming to be from a bank and asking about his credit card details or account number to verify identity.
  • Baiting: These attacks are often presented in the form of attractive offers and schemes to the users once they enter their login credentials. People who fall a prey to the bait may infect their computer system with malicious software, leak out the financial information stored on the computer and generate new malware exploits.
  • Quid Pro Quo: This attack may involve an attacker who spam calls people and claims to be from an IT company. The user may be asked to disable his anti-virus program in exchange for a quick fix for his computer issue. Subsequently, the attacker may install a malware on the system in the guise of a software update.
  • Tailgating: This involves an attacker getting access to a restricted area of an organization through an authorized employee. Tailgating may also be carried out by borrowing someone’s computer or laptop for some work but actually installing malicious software.

Tips To Prevent Social Engineering Attacks

  • Beware of unsolicited IMs, emails or phone calls
  • Keep your anti-virus software updated
  • Do not give out your personal information, such as user name, password, credit card number, social security number etc. to anyone
  • Ignore phone calls or emails asking for financial information or passwords
  • Do not download attachments or open embedded links from unknown senders
  • Check website URLs before opening
  • Reject requests for online tech support
  • Lock your laptop or computer while leaving your workstation
  • Use two factor authentication to log in to all your online accounts

For more information on preventing social engineering attacks, contact Centex Technologies at (972) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)