Please Protect Your Confidential Files

Please Protect Your Confidential Files

by: Robert Kelly

You’d be disgusted to know just how some doctors, businesses, lawyers and high profile companies treat your confidential records. Often they have extremely good email security, only to have the files left completely unprotected on their actual hard drive. Really, what good is that? If somebody takes the computer, or simply bypasses your firewall, not a difficult task, they would gain access to all of your confidential information. What about that notebook computer? I’m sure where all thinking about security when we take our laptops from place to place…

To combat the problem Australian based IT Security company, Quantum Digital Security has created an incredibly interesting tool. The product, named CleverCrypt, acts as an encrypted hard drive for your computer. Once you’ve installed the product you simply protect all of your confidential files, by dragging them into the CleverCrypt drive, and the program automatically encrypts them all. After your files are in your encrypted drive, you simply open the files from the drive.

CleverCrypt seems to be able to encrypt almost any kind of file, including Microsoft Word / Excel files and all of our business management files. You can also protect images and some system files.

The benefit? If somebody hacks into your computer, or just outright takes it, all of your data is protected inside your CleverCrypt drive. According to the company website it would take a supercomputer over 149 trillion years to crack a CleverCrypt volume, and that’s if you’re using the least secure option.

CleverCrypt is an incredibly interesting product, useful for anyone dealing with confidential data or simply wants a little more privacy.

So, what’s your doctor using to protect your records?

CleverCrypt is available for $89.95 from Quantum Digital Security, Australia

You can try CleverCrypt for 30 days by visiting www.qdsecurity.com

About The Author

Robert Kelly

Busy Business Bob takes a look at a new security product designed to protect your confidential, or just downright private, files.

[email protected]

This article was posted on October 21, 2004

by Robert Kelly

Bad Web Design: ActiveX

Bad Web Design: ActiveX

by: Richard Lowe, Jr.

ActiveX uses an interesting method for enforcing security … it doesn’t. Well, thatกs not exactly true. What happens is when a web page requests an ActiveX control the browser determines if that control is already loaded onto your system. If it is the ActiveX control is executed. If not, the user is asked if it is okay to install the control. Additional information about where the control came from and itกs security implications is also included.
The theory behind this security model is the user knows whatกs best for his system. In my humble opinion, this is pure hogwash (a stronger expletive came to mind but this is a family site). Is your average web surfer really knowledgeable enough to make a decision like this? Look at it this way, by installing an ActiveX control you are assuming it is secure, won’t damage your system and is bugfree. You are basically trusting completely the company which created the control, the developers and the people distributing the image.
Yes there are security certificates involved, but those are relatively easy to get. Also remember how many security problems have been reported involving ActiveX controls.
I don’t know about you, but when I get that little box stating a site wants to install an ActiveX control, my first impulse is to hit the NO box, quickly followed by the BACK key. This may seem a bit paranoid, but I use my computer all day long and I depend upon it for business and pleasure. Why would I want to put it at any risk for some silly little ActiveX control? The web is a huge place and there are plenty of other sites to look at.
My advice to anyone is generally don’t allow ActiveX controls to be installed from anywhere except for really big sites like Microsoft. Itกs just too difficult to judge how safe or unsafe the control happens to be.
How is this different from Java? Well, Java has an entirely different security model which does not make the assumption that the user has been educated about the specific Java applet. Java sets specific rules to what an applet can and cannot do, and generally these rules do an excellent job of preventing damage to a system (there have been bugs but no where near as many as with ActiveX).
On top of the security concerns, ActiveX only works in Internet Explorer. Yes, I know there is a plug in for Netscape but itกs slow and not very usable. Besides, most Netscape users don’t have it installed. If you are designing a web site, please consider this very carefully. If you include ActiveX controls you are losing as many as 50 percent of your visitors. Perhaps more, depending upon your market. Is any functionality that you might gain worth that cost?
Of course, if you are creating an Intranet (a web local to a company) then by all means use all of the ActiveX controls that you want. In this case, you have far more control over the user environment that you have on the web.

About The Author

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets. This website includes over 1,000 free articles to improve your internet profits, enjoyment and knowledge.
Web Site Address: http://www.internettips.net
Weekly newsletter: http://www.internettips.net/joinlist.htm
Claudia ArevaloLowe is the webmistress of Internet Tips And Secrets and Surviving Asthma. Visit her site at http://survivingasthma.com

This article was posted on January 17, 2002

by Richard Lowe, Jr.

The security risks and ways to decrease vulnerabil

The security risks and ways to decrease vulnerabilities in a 802.11b wireless environment

by: Richard Johnson

Introduction

This document explains topics relating to wireless networks. The main topics discussed include, what type of vulnerabilities exist today in 802.11 networks and ways that you can help prevent these vulnerabilities from happening. Wireless networks have not been around for many years. Federal Express has been using a type of wireless networks, common to the 802.11 networks used today, but the general public has recently just started to use wireless networking technology. Because of weak security that exists in wireless networks, companies such as Best Buy have decided to postpone the rollout of wireless technology. The United States Government has done likewise and is suspending the use of wireless until a more universal, secure solution is available.

Background

What is Wireless?

Wireless LANs or WiFi is a technology used to connect computers and devices together. Wireless LANs give persons more mobility and flexibility by allowing workers to stay connected to the Internet and to the network as they roam from one coverage area to another. This increases efficiency by allowing data to be entered and accessed on site.

Besides being very simple to install, WLANs are easy to understand and use. With few exceptions, everything to do with wired LANs applies to wireless LANs. They function like, and are commonly connected to, wired Ethernet networks.

The Wireless Ethernet Compatibility Alliance [WECA] is the industry organization that certifies 802.11 products that are deemed to meet a base standard of interoperability. The first family of products to be certified by WECA is that based on the 802.11b standard. This set of products is what we will be studying. Also more standards exist such as 802.11a and 802.11g.

The original 802.11 standard was published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz, using either FHSS or DSSS. Since that time many task groups have been formed to create supplements and enhancements to the original 802.11 standard.

The 802.11b TG created a supplement to the original 802.11 standard, called 802.11b, which has become the industry standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps at 2.4 Ghz. 802.11b will eventually be replaced by standards which have better QoS features, and better security.

Network Topology

There are two main topologies in wireless networks which can be configured:

Peertopeer (ad hoc mode) – This configuration is identical to its wired counterpart, except without the wires. Two or more devices can talk to each other without an AP.

Client/Server (infrastructure networking) – This configuration is identical to its wired counterpart, except without the wires. This is the most common wireless network used today, and what most of the concepts in this paper apply to.

Benefits of Wireless LANs

WLANs can be used to replace wired LANs, or as an extension of a wired infrastructure. It costs far less to deploy a wireless LAN than to deploy a wired one. A major cost of installing and modifying a wired network is the expense to run network and power cables, all in accordance with local building codes. Example of additional applications where the decision to deploy WLANs include:

Additions or moves of computers.

Installation of temporary networks

Installation of hardtowire locations

Wireless LANs give you more mobility and flexibility by allowing you to stay connected to the Internet and to the network as you roam.

Cons of Wireless LANs

Wireless LANs are a relatively new technology which has only been around since 1999. With any new technology, standards are always improving, but in the beginning are unreliable and insecure. Wired networks send traffic over a dedicated line that is physically private; WLANs send their traffic over shared space, airwaves. This introduces interference from other traffic and the need for additional security. Besides interference from other wireless LAN devices, the 2.4 GHz is also used by cordless phones and microwaves.

Security Issues of WLANs

Wardriving

Wardriving is a process in which an individual uses a wireless device such as a laptop or PDA to drive around looking for wireless networks. Some people do this as a hobby and map out different wireless networks which they find. Other people, who can be considered hackers, will look for wireless networks and then break into the networks. If a wireless is not secure, it can be fairly easy to break into the network and obtain confidential information. Even with security, hackers can break the security and hack. One of the most prevalent tools used on PDAs and Microsoft windows devices is, Network Stumbler, which can be downloaded at http://www.netstumbler.com. Equipped with the software and device, a person can map out wireless access points if a GPS unit is attached. Adding an antenna to the wireless card increases the capabilities of WiFi. More information can be found at: http://www.wardriving.info and http://www.wardriving.com to name a few.

Warchalking

Warchalking is a method of marking wireless networks by using chalk most commonly. Wardriving is usually the method used to search for networks, and then the person will mark the network with chalk that gives information about the network. Some of the information would include, what the network name is, whether the network has security, and possibly the contact information of who owns the network. If your wireless network is Warchalked and you don’t realize it, your network can be used and/or broken into faster, because of information shown about your network.

Eavesdropping & Espionage

Because wireless communication is broadcast over radio waves, eavesdroppers who just listen over the airwaves can easily pick up unencrypted messages. These intruders put businesses at risk of exposing sensitive information to corporate espionage. Wireless LAN Security – What Hackers Know That You Don’t www.airdefense.net Copyright 2002

Internal Vulnerabilities

Within an organization network security can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure Network Configuration, and Accidental Associations to name a few.

Rouge Access Points – An employee of an organization might hook up an access point without the permission or even knowledge of IT. This is simple to do, all a person has to do is plug an Access point or wireless router into an existing live LAN jack and they are on the network. One statistic in 2001 by Gartner said that, ขat least 20 percent of enterprises already have rouge access points.ข Another type of attack would be if, someone from outside the organization, enters into the workplace and adds an Access Point by means of Social Engineering.

Insecure Network Configurations Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are misconfigured, the network can be compromised.

Accidental Associations – This can happen if a wireless network is setup using the same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on the neighboring network. Wireless LAN Security – What Hackers Know That You Don’t www.airdefense.net Copyright 2002

Social Engineering – Social Engineering is one of the most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters the workplace. The secretary sees his fake credentials and lets him get pass the front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into the network. At the same time he configures the Access Point to not broadcast its SSID and modifies a few other settings to make it hard for the IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from the access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if the secrets of the company were revealed to competitors.

Bruce Schneier came to my classroom and said the following about Social Engineering, ขSomeone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable.ข

Securing Wireless Networks

According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control the damage which can be done if security is breached. One can try many different tools on the market which can help prevent security breaches.

WEP – WEP supports both 64 and 128bit keys. Both are vulnerable, however, because the initialization vector is only 24bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.

VPN and IPSec IPSec VPNs let companies connect remote offices or wireless connections using the public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect the data as it crosses the public network, so companies don’t have to sacrifice data privacy and integrity for lower costs. A lot of VPNกs exist on the market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be the same brand as your clients most of the time. Some VPNs include:

Borderware

BroadConnex Networks

CheckPoint

Cisco

Computer Associates

DMZ – Adding this to your network enables you to put your wireless network on an untrusted segment of your network.

Firewalls – Firewalls are all over the place. Firewalls range from hardware to software versions. By adding a firewall between the wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn’t go into specifics about different firewalls and how to set them up, but there are many. Some of the firewalls include:

ZoneAlarm (an inexpensive based software firewall) Zonelabs.com

Symantec has many different firewalls depending what you require.

PKI Publickey infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html

Site Surveys – Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.

Proactive Approaches

Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.

Honeypots – are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.

ขManTrap has the unique ability to detect both host and networkbased attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrapกs decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.ข

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157

Intrusion Detection – Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.

ขBefore we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.ข http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1

Network Monitoring Network Monitoring would be products such as snort that monitor the flow of traffic over the network.

Quick tips and tricks

When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:

Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.

Change the default password – generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.

Disable broadcasting SSID: By default APกs broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.

Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.

Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.

Put your wireless access points in a hard to find and reach spot.

Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.

Read current press releases about emerging wireless news.

About The Author

Richard J Johnson

Network+ Certified

RJ Computer Consulting

http://rjcomputerconsulting.com

[email protected]

This article was posted on February 24, 2003

by Richard Johnson

We Know Why You Haven’t Decided Yet To Purchase A

We Know Why You Haven’t Decided Yet To Purchase A Security Product

by: Liuba Ceban

With the growth of information technologies, people own a lot of professional or personal information, which has both a financial and emotional value. As people get vulnerable to numerous security threats, they become more and more aware of the ways they could overcome their vulnerability. And this security concern is common to all people, especially when it comes to lose something they possess. This is why the security products, available on the IT security market, are more and more commonly expanded in Europe and USA.
Among many people who rely on different kinds of digital assets in their businesses and private life, there are some whose main concern is how to protect them. There are also people who think that it is too far for them to make a decision on purchasing existing security products, because they do not have any special knowledge in security. Here we would like to come up with the data, which would help you to get a start in considering the ways you could protect your information.
At first look, it seems that the security products market is so sophisticated, that without any professional knowledge it is not possible to understand what kind of products you need. You may think that it is so much complicated to be able to analyze what solutions exist, what for they may be used and which one is right for you to purchase.
These questions and the solutions to them may seem vague to people with excellence in other areas, but with no knowledge in the IT security. By giving the answers to these and other related questions, we will help you define your needs and decide which data protection and access control solutions will best suit your needs.
1. What is the security software for and how can it help people?
While the security products industry is largely expanding in the world, there are more and more areas where it can be used. The Dekart Company has committed itself to developing solutions that can be easily deployed and used by people.
Most of the digital assets, available on the market, are designed with the option for the security hardware installation. The PCs and many mobile devices that can be connected to PCs (like mobile phones) and that may have an increased need for security, are technically available now to be protected .
From another point of view, there are products, which can be of real help in protecting important data (like hard disk encryption and file encryption software, brought to you by Dekart). These products can protect any type of data for any kind of people, who are interested in protection of their business information, scientific researches, as well as personal information. This type of protection ensures that no data will be accessed and viewed by unauthorized malicious users, even if your computer is lost or stolen or if there are many people who can access it.
The security products have another large area of usage. When there is the need to control access to the office computers, Dekart offers its smart card and biometric authentication solutions. The stateoftheart biometric identification improves the security of login procedures, thus ensuring that no third party will access critically important information.
Users now can also protect and encrypt their email correspondence using Dekart digital certification service in combination with the smart card and biometric authentication.
There are different hardware devices used to provide two and threefactor authentication to secure access to the information. Dekart offers the flexibility to choose between different vendors’ smart cards, tokens, biometric devices and even USB flash drives to satisfy users’ security needs.
The types of the Hardware Keys (USB tokens and Smart cards)
Dekart Software uses the following types of Hardware Keys to generate secret cryptographic keys and store users’ private data:
1. USB (universal serial bus) tokens are smaller tokenstyle cards that plug directly into the USB port of a computer. The USBcompatible ports are being built into many PCs (i.e., desktops and laptops) and many mobile devices that connect with PCs (i.e., PDAs and mobile phones), as this is the simplest type of reader to connect
2. Smart cards are conventional credit card–shaped contact cards
The Smart Card device contains the cryptographic chip. The use of creditcard size Smart Cards has successfully been adopted by a number of European companies, with a particularly high level of acceptance in Germany and France. However, high hardware deployment costs and the lack of application standards associated with Smart Cards have proved to be significant barriers to their widespread use, especially in the US.
USB Token solution is different from traditional smart card solutions in that it does not require a reader infrastructure, helping to make it less expensive for organizations to deploy and easier for users to adopt.
Dekart has developed the following utilities for managing and deploying the smart cards or tokens used with Dekart applications:
1. Dekart Key Manager Utility can help determining the memory usage of the card, performing backups and duplicating the data stored on the hardware keys.
2. Key Formatting utility or Corporate Key formatting utility allows formatting the smart cards or tokens to be used with Dekart software.
What to consider before purchasing a smart card or USB token?
1. Define all of your anticipated present and future card usage requirements
2. Define the memory requirements for each certificate or application. Here is a sample of Smart Card memory usage:

Free space – 5K
Your custom application 1,5 K
Smart Card logon certificate 2,5 K
Smart card vendor applications 8K
Windows for Smart Cards Operating system 15K

3. Making a decision on which present and future applications are required. It is important to preview the future applications needed, as it is important to leave an extra storage space on the chip.
4. Test smart cards and smart card readers to verify compatibility before deploying them in your production environment.
In conclusion, there are few things important to understand:
1. It is important to remember that there are different types of hardware and software available for them.
2. It is suggested to understand specific needs of the buyer and the variety of existing products in order to make the best purchasing decision.
For more information about the products designed to protect your confidential information, please, visit www.dekart.com

About The Author

Ceban Liuba

Born in 1974 in Ukraine (former USSR)

Now lives in Moldova

Studien Social Work and theology in 19911996 in Romania

In 20032004 Was in Nonprofit Management Masters Program

Since 1998 works on Internet

Since 2004 works in the IT security Software Company as a Technical Writer

[email protected]

This article was posted on July 07, 2004

by Liuba Ceban

2004 Online US Customers Demand Security

2004 Online US Customers Demand Security

by: Michael Catt

During 2004, US Customers purchased $300 billion worth of goods and services from Business Internet websites representing slightly more than 21 percent of total US web sales of $1.4 trillion. But the trend for US Customers clearly shows concerns that need to be addressed by businesses that sell products and services on the world wide web to US Customers.

Although seven out of ten US Customers abandoned their transactions at Web Storefronts resulting in nonsalvageable lost sales opportunities, the $300 billion worth of goods and services that were successfully completed were a result of internetsavvy US Customers who knew which websites and which companies guaranteed their security, the quality of their products and provided a common sense userfriendly interface for their web storefronts.

And now, the rest of the 100 million online buyers have an accurate method to determine which websites and which companies they should definitely browse, based upon direct feedback from online buyers who have successfully and securely conducted online transactions.

US Customers clearly expressed their concerns regarding barriers to online purchasing, including Credit Card Security (79%), Disclosure of Personal Details (77%), Distrust of Web Retailers (48%), Complex Order Processes (21%), Time Consuming Order Processes (20%) and Unfamiliarity with Web Storefronts (40%).

US Customers also expressed specific concerns about making internet purchases, including Information Sold to Third Parties (89%), Information Stolen from Web Databases (89%), Transmitting Credit Card Numbers (85%), Transmitting Addresses or Personal Data (86%) and Receiving Unwanted Emails (84%).

These figures are also clearly reinforced and represented in the growing problem of Identity Theft in the US.

In 2004, 100 million online buyers (64%) of the 180 million total online users purchased goods or services via business website storefronts. But the details of those transactions are revealing. Seven out of ten US Customers abandoned their transactions at Web Storefronts resulting in nonsalvageable lost sales opportunities. Of the remaining total, 7.8% abandoned their transactions at the web storefronts, but those sales were salvageable through direct communication with the customer. The remaining 22.2% of customer initiated transactions at web storefronts were successfully completed.

The average US online retail spending amount was $585 per customer per web storefront. Four out of ten web shoppers indicated that they were less optimistic about online security in 2004.

Copyright 2005 JMCatt, Incorporated

About The Author

Michael Catt, President & CEO of JMCatt, Incorportated has long advocated Online Business Web Storefronts that provide Online US Customers with the highest level of security, privacy, customer service and guarantees. After all, without customers, there would be no business. Online US Customers can actively participate in recommending outstanding Online US Business Web Storefronts at: http://www.cattboxx.com.

This article was posted on February 22

by Michael Catt

Malware: Computingกs Dirty Dozen

Malware: Computingกs Dirty Dozen

by: Joel Walsh

It seems that no sooner do you feel safe turning on your computer than you hear on the news about a new kind of internet security threat. Usually, the security threat is some kind of malware (though the term กsecurity threatก no doubt sells more newspapers).

What is malware? Malware is exactly what its name implies: mal (meaning bad, in the sense of malignant or malicious rather than just poorly done) ware (short for software). More specifically, malware is software that does not benefit the computerกs owner, and may even harm it, and so is purely parasitic.

The Many Faces of Malware

According to Wikipedia, there are in fact eleven distinct types of malware, and even more subtypes of each.

1. Viruses. The malware thatกs on the news so much, even your grandmother knows what it is. You probably already have heard plenty about why this kind of software is bad for you, so thereกs no need to belabor the point.

2. Worms. Slight variation on viruses. The difference between viruses and worms is that viruses hide inside the files of real computer programs (for instance, the macros in Word or the VBScript in many other Microsoft applications), while worms do not infect a file or program, but rather stand on their own.

3. Wabbits.Be honest: had you ever even heard of wabbits before (outside of Warner Bros. cartoons)? According to Wikipedia, wabbits are in fact rare, and itกs not hard to see why: they don’t do anything to spread to other machines. A wabbit, like a virus, replicates itself, but it does not have any instructions to email itself or pass itself through a computer network in order to infect other machines. The least ambitious of all malware, it is content simply to focus on utterly devastating a single machine.

4. Trojans. Arguably the most dangerous kind of malware, at least from a social standpoint. While Trojans rarely destroy computers or even files, thatกs only because they have bigger targets: your financial information, your computerกs system resources, and sometimes even massive denialofservice attacks launched by having thousands of computers all try to connect to a web server at the same time. Trojans can even

5. Spyware. In another instance of creative software naming, spyware is software that spies on you, often tracking your internet activities in order to serve you advertising. (Yes, itกs possible to be both adware and spyware at the same time.)

6. Backdoors. Backdoors are much the same as Trojans or worms, except that they do something different: they open a กbackdoorก onto a computer, providing a network connection for hackers or other malware to enter or for viruses or spam to be sent out through.

7. Exploits. Exploits attack specific security vulnerabilities. You know how Microsoft is always announcing new updates for its operating system? Often enough the updates are really trying to close the security hole targeted in a newly discovered exploit.

8. Rootkit. The malware most likely to have a human touch, rootkits are installed by crackers (bad hackers) on other peopleกs computers. The rootkit is designed to camouflage itself in a systemกs core processes so as to go undetected. It is the hardest of all malware to detect and therefore to remove

About The Author

Joel Walsh writes for spywarerefuge.com about malware removal: http://www.spywarerefuge.com/spywareremoval.html? malware remover [Publish this article on your website! Requirement: live link for above URL/web address w/ link text/anchor text: กmalware removerก OR leave this bracketed message intact.]

[email protected]

This article was posted on September 07

by Joel Walsh

Free Program Removes Spyware not Detected by Premi

Free Program Removes Spyware not Detected by Premium Security Scan

by: Ed Zivkovic

What is Spyware?

Spyware monitors your surfing habits and sends the data off to some remote server in cyberland. Your computer can get infected with spyware easily by visiting a web page or installing a software program. Kazza is a classic example of a free software download riddled with spyware. More info here: http://compactURL.com/sdft

Spyware Detection Alert

Every week I do a full system scan with Norton Internet Security Professional.

This version of Norton is the top of the range when it comes to detecting all manner of viruses including Trojan horses, spyware, scumware, joke programs and other programs which can cause harm or pose a security risk.

It is an excellent program and I believe my computer would be dead and buried if it was not for Norton.

My most recent scan detected a Trojan Horse called Download.Trojan. This little meanie will attempt to go to the originators site and download more Trojans, worms, viruses and execute them. Scary stuff but Norton nipped it in the bud before any problems were created.

Also, every day Norton detects threats contained within my incoming emails. It immediately removes the threats by either fixing the infected files or deleting infected emails. This can be a reason I can be accused of not answering emails. Bad luck I say to that.

Ever since I have been running Norton, I have not been scanning with AdAware. I recently discovered that AntiVirus programs, as good as they are, sometimes fail to detect all threats from a computer. So I did a full scan with AdAware and was surprised to discover even more spyware on my system. So now I will also be scanning once a week with AdAware.

Free Spyware Removal Software

AdAware is so good and yet it is free. It is available from http://www.lavasoftusa.com/software/

There is more good free spyware detection programs available here: http://www.spybot.info/en/index.

Find out what Scumware is here: http://www.scumware.com

Symantec has an Online Virus Encyclopedia which after a little browse, should be enough motivation for anyone to get some kind of antivirus and security program installed on their computer. Find the entire AZ known viruses encyclopedia here: http://compactURL.com/qhdf

Conclusion

Do a full system scan at least every week. Download the latest AntiVirus definitions as soon as they become available. Use more than one program to ensure all threats are detected and removed immediately. Always enable your antivirus and security program to scan all incoming and outgoing emails.

If you do not have the very best antivirus protection, do not complain if your emails get no response. I allow my antivirus program to delete all infected emails along with any attachments.

Copyright 2004 Ed Zivkovic

About The Author

The author, Ed Zivkovic owns his own website which contains articles with all sorts of tips for work at home webmasters. Here is the site: http://www.ezau.com

This article was posted on September 20, 2004

by Ed Zivkovic

How Do You Deal With Internet Fraud

How Do You Deal With Internet Fraud

by: Articsoft

Summary

Internet fraud should be addressed as two specific issues: fraud that uses Internet technology as an integral part of the fraud; fraud that is already taking place by other means and the Internet is merely another method of delivery.

Methods exist that stop fraudsters misusing the technology, which can be rapidly implemented, but factors such as industry acceptance and concerns over potential liability if previous security claims could be claimed to be inaccurate will delay introduction. Much effort is spent promoting logos and confusing selfregulation, and trying to catch fraudsters, whilst the adoption of formal standards and accreditation for security (such as ISO 17799) are only starting to take place.

New Internet environment crimes may exist, such as defrauding machines or causing business harm by denial of service or virus attacks, and these will require social and legal steps to address them. However, the Internet has provided the fraudster with access to a significantly bigger market than ever before and effort will be required to create an environment where fraud is resisted by design rather than by insurance.

Introduction

Internet fraud is said to be big business. But what is it, and does using the Internet create the fraud, or is the Internet just a different way of delivering ‘traditional’ fraud.

Fraud is essentially persuading someone of something with intent to deceive, perhaps with criminal intent. The deceit may be to persuade you to part with money, goods, services, rights or information.

For the purposes of this paper we are not going to examine methods of fraud, but look at the general techniques, how they are applied, and how, if at all, the Internet can be used to make those techniques easier for the criminal to use either to carry out a fraud or to escape detection.

General techniques of fraud

The key to fraud is to persuade you that something is real, when in fact it is not. Once you accept that the fake is real then the fraud can take place whatever it is. Whether you are buying the Eiffel Tower in Paris or the Golden Gate bridge in San Francisco (both are real and have been seen by millions of people and have been regularly ‘sold’) the essence is to believe the proposal that is put to you.

Other types of fraud essentially persuade you to do something in the (wrong) belief that it should be done, or to accept something in settlement that proves to be without the value you were led to believe. But they all come back to the same thing the fraudster has to persuade you that his vision of the world is the correct one.

How do we normally counter fraud

In ordinary life there are many things set up to help avoid fraud. Mostly we rely upon physical things buildings (such as banks) help to prove to us that we are dealing with something real talking to people on the telephone on a number that is in a directory helps us believe that they are who we expect. At a more sophisticated level, businesses have to be registered and the directors names and addresses made public. There are also agencies with a duty to respond to complaints over the trading practices of businesses.

How does the Internet map to the real world

The Internet is rather different. The biggest problem for the Internet user is that there is no physical reference to use. You can’t go to a physical bookshop at www.amazon.com. You have to believe what the computer tells you, and that is the start of the problems.

We have many practical examples where people get the physical world wrong they put their bank cards into fake ATMs and enter their PINs, they tell their friends and children their passwords (sometimes in public), they sign up to ‘get rich quick’ deals with people they don’t know so how well are we set up to handle the Internet world, where web sites are just exactly as good as their designer intended?

The practical answer is just barely. The Internet is marketed as an anonymous zone. Information is free and users are anonymous. Now some of those features are desirable. When you go into a store it is the store that has to tell you who they are. If you pay with cash they will never know who you are and none of your legal rights are affected. They give you a receipt and you can check any of the details and get corrections made on the spot. If you want credit you have to tell them more about you, but not necessarily very much.

The Internet, by comparison, is anonymous whether you are the seller or the customer. For the seller it is as anonymous as they want to make it. This, of course, might be thought of as attractive to a fraudster.

Avoiding obvious frauds on the Internet

Some potential sources of fraud misrepresenting a business as that of someone else are being slowly dealt with. Domain name registration has almost reached the point where there is some certainty that www.harrods.com is the web version of a famous department store in Knightsbridge, London. But it is still very far from being fully resolved. It is still possible to register www.harrodds.com, www.harrodss.com. You can copy the real thing without too much difficulty, and with a bit of luck and some spelling mistakes a fraudster can still be in business.

But this type of fraud could be avoided by legislating to bring web site name registration into line with company registration rules, where similar names and ขpassing off ข are already dealt with. The methods for obtaining web site names that are primarily for ‘trade’ could also be addressed to ensure that they can only be obtained by registered businesses, and that the link between the domain name and the registered business is a matter of public record.

Some less obvious frauds

The Internet uses a technology called TCP/IP in order to send information between one point on the Internet and another. Unfortunately it was not designed to be secure, it was designed to be resilient. As a result it is possible to read information that travels around the Internet, and also to alter it. Therefore, it is possible both to read information that is not protected and copy information that has been protected using cryptography, (a technique that makes information unreadable to the unauthorized) and to change the unprotected information without being detected.

The effect of this is to create a situation where fraud can be carried out even when a genuine transaction is taking place. Fraud might include putting other recipient’s names on the distribution list to make you believe they are also involved or in agreement with what is going on. (This can happen in the physical world – processing a credit card transaction multiple times on paper and forging the signature from the valid bill.)

The fraud is subtle because it is impossible for either party to detect. It is effective because the fraudster may have gathered information that allows them to completely impersonate both parties in the future.

Solutions for technical problems

These frauds require a manipulation of the Internet technologies, and so can be resisted by technology. However, the technology being marketed to solve this problem Secure Sockets Layer (SSL), in the way in which it is usually implemented, has fundamental weaknesses, and has been shown to be capable of being defrauded. Many other schemes, based upon codes of practice and logos shown on web sites, although worthy in themselves, are equally capable of being defrauded. It seems strange that some advertising appears to suggest encryption technology using a 40 bit algorithm is perfectly secure for commerce, whilst also saying that 128 bit algorithms are essential.

Alternative technologies such as those from ArticSoft are being delivered now that allow end users to gain immediate validation of web site content itself. They require software to be present in the machines of the end users to act on behalf of the user to carry out checks that the user can be prevented for doing themselves by competent fraudsters.

They also require competent registration procedures for Internet traders to make it more difficult for a fraudster to enter the system and pretend to be genuine. Such registration procedures are claimed to be in place for SSL.

One of the most important international developments for defining security behaviour has been the adoption of the international standard ISO 17799 Code of Practice for Information Security Management. It is a comprehensive management standard for addressing the full range of issues for protecting information. Sensible adoption and application of the standard could provide significant benefits both to business and consumers. Self regulation schemes would do well to consider adopting it as a means of providing a common frame of reference for security and privacy claims.

Solutions to help user understanding

Web site design

The basic approaches to developing and designing Internet many web sites are based upon ease of implementation for the web site consistent with current ‘fashion’ for both appearance and implementing the latest technology. The user security experience is largely of unexplained transitions to web site addresses that do not relate to where they started. That contradicts the user’s real world experience and actually promotes fraud potential by forcing the user to either accept inconsistency or ignore it. Both positions mean the fraudster can insert his version of reality without ready detection.

The move to adding unexplained popup windows, unexplained other windows, moving information and other similar features have to be contrasted with the user confusion of the site he or she is dealing with and the fraud potential that brings. Also the introduction of monitoring software and similar programs can only increase the level of fundamental mistrust the user has in the Internet. From a domestic user point of view this is little short of hacking. So how do you know the good guys from the bad?

Remaking the presence of entire sites overnight contradicts the physical world where change has to be announced and is very evolutionary. It happens in slow time where regular customers build up acceptance and experience. Trying to educate users to live with rapid change is creating cultural change in Japan where new product takeup rates are reducing rapidly.

Security presentation

Security information needs to be proactive and tangible. Security solutions that rely upon static logos or that require the user to perform specific actions and then carry out manual checks of their own are flawed. Physical world checks do not work that way so there is no transfer of experience to the Internet.

Security information goes far beyond making claims about ’40 bit SSL’ technology. In the physical world you know where the store is and it can’t move rapidly. The location of an Internet site is less than clear. Provable information is needed to show the trading address of the business, real contact information, governing law and an effective link from that to any transaction being undertaken.

Security information must be considered when transactions fail to complete just as much as when they succeed. In the physical world the user can see when a transaction has not completed, but the Internet lacks that visual experience. Forms that reset without explanation, or fail for reasons that are not explained fully on them, contribute to the inability of a user to detect fraud taking place. Such techniques are commonly used by fraudsters to gain information.

Does the law help users

Considerable efforts are being made by law enforcement agencies to prevent fraud (any many other criminal or civil wrongs) using the Internet and to prosecute wherever possible. Data protection, whether stemming from the European Directive, Human Rights, the US Health Information Portability and Accountability Act (HIPAA), seems to have enjoyed less visible action, although that information is needed in addition to credit card information in order to commit Internet frauds such as identity theft.

The problem the law faces is created by the nonnational nature of the Internet, and the national nature of law. Even if there are suitable offences, being able to proceed successfully is difficult, and for the ordinary consumer rather daunting. For the consumer, producing available evidence long after a fraud has been detected is also problematic. The situation is further confused by the desire of valid industry to collect as much consumer information as possible something the fraudster also wants, but for different reasons.

One also has to be careful that law is not used instead of industry action. Making something an offence does not mean that nothing need be done. The recent US Digital Millennium Act is perceived by some as preventing the exposing of inadequate security mechanisms. Given that the user is actually the one exposed by security inadequacies, careful consideration needs to be given over user reaction to such a situation.

Conclusions

Internet fraud has two distinct strands to it.

One results from the differences between doing business in the physical world and the dematerialized world of the Internet. This gap has been accentuated by the ‘world of the Internet’ to the point where the user has no conventional reference points. This leaves the user ill placed to make adequate judgments of any kind, not merely about security and the possibility of fraud.

The other results from technical inadequacies in the infrastructure used by the service providers. Lack of clear regulation has allowed registration practices to develop that are not acceptable anywhere else for doing business. Previously available security mechanisms have been implemented in ways that fail to protect the user and which require, if followed, unreasonable user effort and significant user education.

Mechanisms such as the law may be able to provide some assistance, but care needs to be taken that the law is not used as an excuse for inadequate business practices. It would be sensible to ensure that a duty of care to implement best practice is included in legislation to expose any who have failed to protect themselves, their shareholders or their customers. Self regulation is another essential approach, but it must avoid becoming all self and no regulation if it is to carry real conviction to a suspicious user community, and its practices must be clear, obvious and understandable to the ordinary man. The paper world has already done this so wheel reinventing is not required.

The introduction of new technologies places responsibilities upon their implementers. The developers have a responsibility to get it technically right. The implementers have a responsibility to deal with its social and cultural dimensions, and cannot stand back and ignore these. Professional web site design carries a great deal more responsibility than merely sorting out key words, search terms and a site map.

References:

Web spoofing allows an attacker to create a กshadow copyก of the entire site. www.cs.princeton.edu/sip/pub/spoofing.html

Spoofing the Whole Web. www.bau2.uibk.ac.at/matic/spoofing.htm

What is web spoofing? www.nmrc.org/faqs/hackfaq/hackfaq9.html

Dartmouth PKI Lab Web Spoofing Demonstration www.cs.dartmouth.edu/~pkilab/demos/spoofing/index.shtml

Some Web spoofing may be noticeable, so it is helpful to keep these tips in mind: www.washington.edu/computing/windows/issue22/spoofing.html

Navigator and Microsoft Internet Explorer. Web spoofing allows an attacker to create a กshadow copyก of the entire World Wide Web. Accesses to the shadow Web www.secinf.net/info/www/security16.txt

The Digital Millennium Copyright Act (DMCA). The DMCA is being used to silence researchers, computer scientists and critics. www.antidmca.org

Provisions in Chapter 12 of the US Copyright Act, enacted in the Digital Millennium Copyright Act (กDMCAก) must be repealed or struck down as unconstitutional www.petitiononline.com/nixdmca/petition.html

The New York lawsuit appears to be the first to use the Digital Millennium Copyright Act (DMCA) to try to restrict a computer program www.wired.com/news/politics

Authentication Who’s Site Is It Really? by ArticSoft www.articsoft.com/wp_authentication.htm

The Changing Face of Web Security by ArticSoft www.articsoft.com/wp_changingface.htm

Credit Card Fraud, Link to Top Ten Home Page. The Bait: Surf the Internet and view adult images www.ftc.gov/bcp/conline/edcams/dotcon/credit.htm

Credit card fraud hit 1 in 20 users. And identity theft hit 1 in 50 during past year, study shows. By Bob Sullivan MSNBC. www.msnbc.com/news/718115.asp

Around 900,000 victims across 22 countries. The biggest credit card fraud ever. Fraudulent credit card transactions generated using adult web site merchant. www.faughnan.com/ccfraud.html

5.2 percent of respondents saying theyกd been victimized by credit card fraud in 2001 and 1.9 percent said theyกd been victimized by identity theft www.cnn.com/2002/TECH/internet/03/04/fraud.online.survey/

ISO 17799 (2000) references may be found at www.bsiglobal.com and at www.xisec.comm

About The Author

ArticSoft (www.articsoft.com) have over 30 years experience in the field of computer security, and 15 years experience of securing information on personal computers and messaging systems. Our CEO Steve Mathews, is one of the authors of BS7799 (now ISO/IEC 17799) and is well recognized in the security industry.

[email protected]

This article was posted on February 28, 2003

by Articsoft

Internet Security Basics 101

Internet Security Basics 101

by: Niall Roche

The explosive growth of the Internet has meant that thousands of people are today experiencing the joys of being online for the first time. With growth there always comes pain. Be it your growing pains as a child or the growth and development of this part of our culture called the Internet.
Firstly we need to quickly explain what the Internet is and where it came from. The Internet is the offspring of a military project called Arpanet. Arpanet was designed to provide reliable communication during global nuclear war. A vast network of interconnected computers was set up all over the world to allow the various branches of US and NATO forces to communicate with each other.
Nuclear war never came (thankfully) and the world was left with a massive network of computers all connected together with nothing to do. Colleges and universities started to use these computers for sharing research internationally. From there it grew and spread outside colleges to local homes and businesses. The World Wide Web was born and its father was a guy called Tim Berners Lee.
When you’re connected to the Internet you’re sharing a vast network with hundreds of millions of other users. This shared network provides resources that 15 years ago were never thought possible. Unfortunately when something is shared its open to abuse. On the Internet this abuse comes from hackers and virus creators. Their sole intent is to cause chaos and/or harm to your computer system and millions of other computer systems all over the world.
How do you combat this? You need an Internet security system. This might sound complicated but your Internet security system will be quite straigtforward being comprised of just 2 3 Internet security products. Weกll look at each of these products in more detail now:
AntiVirus Software
The first and most critical element of your Internet security system is antivirus software. If you don’t have uptodate antivirus software on your PC you’re asking for trouble. 300 new viruses appear each month and if you’re not constantly protecting your system against this threat your computer will become infected with at least one virus itกs only a matter of time.
Antivirus software scans your PC for signatures of a virus. A virus signature is the unique part of that virus. It can be a a file name, how the virus behaves or the size of the virus file itself. Good antivirus software will find viruses that haven’t yet infected your PC and eliminate the ones that have.
Antivirus software can only protect your computer from viruses trying to infect it via email, CDRom, floppy disk, Word documents or other types of computer files. Antivirus software alone will not keep your computer 100% safe. You also need to use firewall software.
Firewall Software
The use of firewall software by home computer users is a relatively new occurence. All Internet connections are a two way process. Data must be sent and received by your computer. This data is sent through something called ports. These are not physical things rather aspects of the way your computer communicates online.
Firewall software watches these ports to make sure that only safe communication is happening between your computer and other computers online. If it sees something dangerous happening it blocks that port on your computer to make sure your computer stays safe from the person who is trying to hack into your system.
An easier way to understand a firewall would be to picture your computer as an apartment complex. At the front door of this complex there is a security guard. Every person who enters the complex must pass this security guard. If the security guard recognizes the person entering as a resident he allows them to pass without saying anything. If, however, the person entering the complex is unknown to him then he will stop that person and ask for identification. If they have no business being at the apartment complex he escorts them from the building.
If you are not currently using firewall software your computer will get hacked into thatกs a guarantee.
PopUp Blocker
You can get a good popup blocker at no cost. An easy way to do this is to install either the Google or Yahoo toolbar. Both of these come with popup blockers built in. Popups are not necessarily dangerous but are a nuisance and using either of these toolbars will make your life that bit easier.
A simple rule for practicing online security is: กIf in doubt then don’tก. If you don’t recognize the file, the email address, the website or if your gut feeling says กnoก then don’t click that button.

About The Author

http://www.affiliateadvocate.com is run by Niall Roche. The site offers reviews of affiliate marketing ebooks and software as well as advice and tips for new and existing affiliate marketers.

This article was posted on June 02, 2004

by Niall Roche

Personal Firewalls for Home Users

Personal Firewalls for Home Users

by: Pawan Bangar

What is a Firewall?

The term กfirewallก illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network.

The primary goal of a firewall is to implement a desired security policy; controlling access in both directions through the firewall, and to protect the firewall itself from compromise. It wards off intrusion attempts, Trojans and other malicious attacks.

Personal Firewalls:

They are meant for the home user in a networked environment. They aim to block simple attacks, unlike the enterprise level firewalls that the corporate world uses at the server or router end. There are many ways to implement a firewall, each with specific advantages and disadvantages.

Are they really needed?

Nowadays organizations and professionals use Internet technology to establish their online presence and showcase their products and services globally. Their endeavor is to leverage digital technology to make their business work for them.

All the organizations and professionals are shifting from Dialup to broadband and getting a fixed IP. It has led to an increase in security attacks, bugs in everyday working. This does not mean that Dialup being anonymous dynamic link or the firewall of the ISP network make you pretty safe.

Now if your machine was under attack, you must have wondered what went wrong making your system crash suddenly. So I would rather like to say, it’s not necessary for anyone to actually know about you or your IP address to gain access to your system.

If you system is infected or prone to intrusions, then beyond the anonymity of your Dialup connection or a dynamic IP, your system can be hacked.

Types of Attacks

Intrusion:

There are many ways to gain unauthorized access to a system. Operating system vulnerabilities, cracked or guessed passwords are some of the more common. Once access is attained, the intruder can send email, tamper with data, or use the system privileges to attack another system.

Information Theft and Tampering:

Data theft and tampering do not always require that the system be compromised. There have been many bugs with FTP servers that allow attackers to download password files or upload Trojan horses.

Service Attacks:

Any attack that keeps the intended user from being able to use the services provided by their servers is considered a denial of service attack. There are many types of denial of service attacks, and unfortunately are very difficult to defend against. กMail bombsก are one example in which an attacker repeatedly sends large mail files in the attempt at filling the server’s disk filesystem thus preventing legitimate mail from being received.

Types of Attackers

Joyrider:

Not all attacks on computer systems are malicious. Joyriders are just looking for fun. Your system may be broken into just because it was easy, or to use the machine as a platform to attack others. It may be difficult to detect intrusion on a system that is used for this purpose. If the log files are modified, and if everything appears to be working, you may never know.

Vandals:

A vandal is malicious. They break in to delete files or crash computer systems either because they don’t like you, or because they enjoy destroying things. If a vandal breaks into your computer, you will know about it right away. Vandals may also steal secrets and target your privacy.

ขIn an incident a Trojan was being used to operate the web cam. All the activities being done in the house were being telecasted on the websites.ข

Spies:

Spies are out to get secret information. It may be difficult to detect breakins by spies since they will probably leave no trace if they get what they are looking for.

A personal firewall, therefore, is one of the methods you can use to deny such intrusions.

How Firewalls work?

Firewalls basically work as a filter between your application and network connection. They act as gatekeepers and as per your settings, show a port as open or closed for communication. You can grant rights for different applications to gain access to the internet and also in a reverse manner by blocking outside applications trying to use ports and protocols and preventing attacks. Hence you can block ports that you don’t use or even block common ports used by Trojans.

Using Firewalls you can also block protocols, so restricting access to NetBIOS will prevent computers on the network from accessing your data. Firewalls often use a combination of ports, protocols, and application level security to give you the desired security.

Firewalls are configured to discard packets with particular attributes such as:

Specific source or destination IP addresses.

Specific protocol types

TCP flags set/clear in the packet header.

Choosing a firewall:

Choose the firewalls which have the ability to ward of all intrusion attempts, control applications that can access the internet, preventing the malicious scripts or controls from stealing information or uploading files and prevent Trojans and other backdoor agents from running as servers.

The purpose of having a firewall cannot be diminished in order to gain speed. However, secure, highperformance firewalls are required to remove the bottleneck when using high speed Internet connections. The WorldWideWeb makes possible the generation of enormous amounts of traffic at the click of a mouse.

Some of the good firewall performers available in the market are below:

BlackICE Defender

eSafe Desktop

McAfee Personal Firewall

Neowatch

Norton Personal Firewall

PGP Desktop Security

Sygate Personal Firewalls

Tiny Personal Firewall

Zone Alarm

Zone Alarm Pro

Most of these firewalls are free for personal use or offer a free trial period. All the personal firewalls available can’t ensure 100% security for your machine. Regular maintenance of the machine is needed for ensuring safety.

Some of the tasks advised for maintaining system not prone to intrusions:

Disable file and print sharing if you are not going to be on network.

Update your antivirus signature files regularly.

Use a specialized Trojan cleaner.

Regular apply security patches to your software and operating system.

Don’t open email attachments if you have don’t know the contents it may contain.

Don’t allow unknown applications to access to the internet or to your system.

Regularly check log files of your personal firewall and antivirus software.

Disable ActiveX and java and uninstall windows scripting host if not required.

Turn off Macros in Applications like Microsoft Office and turn macro protection on.

Check the open ports of your system and see them against the common list of Trojans ports to see if they are being used by some Trojan.

Log Off from your internet connection if not required. Being online on the internet for long duration gives any intruder more and sufficient time to breach system security.

Unplug peripherals like web cam, microphone if they are not being used.

About The Author

Pawan Bangar,

Technical Director,

Birbals,India

[email protected]

This article was posted on December 08, 2004

by Pawan Bangar

Microsoft Great Plains security setup – overview f

Microsoft Great Plains security setup – overview for consultant

by: Andrew Karasev

Microsoft Business Solutions Great Plains is very good fit for midsize company and probably good budget solutions for large corporation. Former product name was Great Plains Dynamics / eEnterprise. Both versions: old and new are Great Plains Dexterity written and Dexterity itself was planned as database and computer platform independent / transferable shell back in earlier 1990th. Currently Great Plains (version 8.0 and coming 8.5) is MS SQL Server based and the last multidatabase version 7.5 (available on Pervasive SQL and Ctree/Faircom). But considering former goal – Microsoft Great Plains has security model, which is independent from MS SQL security and works in parallel with SQL Security

User Classes and Users

Users. Users has nothing to do with MS SQL Logins, however if you are on SQL version – users are translated to SQL as logins and given access to all Great Plains related database: DYNAMICS and companies

User Classes. You can automate users creation, by including new user to the class or transferring old user to different class and by doing so you have an option to reset security from the class. On the user level you can supercede class security. Class works for all the companies, while User can have different security right in each different company

Objects: Windows, Reports: modified and alternate modified

Confuse? Yes – this is normal reaction. These all confusing terms come from the architecture of the system – you need to know architecture highlights to recognize the terminology.

Modified Reports. These are modified via Great Plains Reporting tool: ReportWriter – Tools>Modify>ReportWriter and select the report you want to modify. The most popular is SOP Long Invoice form. When you are done with the modification (placing logo, etc.), you need to assign security either to the users who will be printing this report or user classes: Setup>System>Security select user id, company, product (Great Plains), type as Modified Reports, series Sales and you will see SOP Invoice Long form available in the list, mark it and you will have it available for this user

Modified Forms. If you purchased Great Plains Modifier – you can modify the form, for example on Customer Maintenance screen you could place the button and attach VBA script to it – you should have VBA/Modifier with customization site enabler license. This is the realm of VBA programmer. Security should be given to the modified form

Alternative Modified Forms and Reports. If you have inhouse Dexterity customization working with SOP Entry screen for example – the technology works this way – it imports existing SOP entry screen from DYNAMICS.DIC dictionary (original Great Plains) into custom dictionary, created by Dexterity developer. Here this form is known as Alternative Form. You can go to further complexity and modify this one with Modifier and get Alternative Modified Form

Advanced Security

Security for specific customers, accounts, etc. – you can protect specific object in Great Plains with this advanced security module. We’ll just mention this fact and do not touch details

Problems

Central versus Local dictionary. If you have security for the user to use, say SOP Long Invoice form modified (taken from REPORTS.DIC), and you have Reports.DIC placed on local machine (check you DYNAMICS.SET file). When you give this user new computer and do not take care on transferring REPORTS.DIC from the old machine – user will get error message – can not open report: dictionary not found. The same is applicable to modified forms

Happy implementing! You can always appeal to us to help you with your system. Give as a call 16309615918 or 18665280577, [email protected]

About The Author

Andrew Karasev is Chief Technology Officer in Alba Spectrum Technologies ( http://www.albaspectrum.com ), Microsoft Business Solutions Great Plains, Microsoft CRM, Navision, Microsoft RMS, Microsoft Business Portal customization company, serving clients in Chicago, Boston, New York, Miami, Atlanta, Houston, Dallas, Denver, Los Angeles, San Francisco, San Diego, Seattle, Minneapolis, Phoenix, Toronto, Montreal, Brazil, Mexico, UK, Australia, Canada, UK, Europe, Russia an having small offices in multiple states and internationally.

[email protected]

This article was posted on April 12

by Andrew Karasev

How To Get People To Read Your Ads

How To Get People To Read Your Ads

by: David Bell

Rule One: The Headline

The headline should summarise the whole offer. It should grab the eye, and make you want to read the subheading. The headline should intrigue and captivate the reader. Itกs sole aim is to make the reader continue on to read the body text. You should take great time and trouble over the headline. Lets say we’re selling a book on home security, yes, I know, boring and you might start with something like this:

กCRIME FIGURES UPก

This is very bad, but typical of an amateur. People don’t care about กcrime statisticsก. Thatกs boring, they only care about their own house or car being broken into. OK, how about this:

IS YOUR HOME AT RISK?

A bit better, but not brilliant. it does personalise it and does play on peoples fear. Itกs still pretty weak though. What we need is a headline that will grab you by the throat and force you to read on. How about this:

HOW TO BURGLE YOUR OWN HOUSE AND STEAL YOUR OWN CAR

Now thatกs what I call a กkillerก headline. Youกve just got to read on, haven’t you? Always think very carefully about your headline. Make it extremely intriguing, interesting or exciting. If you’re selling a กstraightก product, then use a slightly different approach, the headline should state what the product is, with a few adjectives in front. Say for a Tea Trolley, your headline would be:

New, Italian, Foldaway TEA TROLLEY

There should also be a picture of the product. the picture and the headline simply act to grab the eye of anyone who is remotely interested in purchasing this type of product.

Rule Two: The Subheading

The subheading should expand upon the story hinted in the main heading, and draw the reader inexorably into reading the body text. Subheadings for straight products should outline the main features and benefits of the product. Again, boring, but this is what works, A subheading for the Tea Trolley would be:

กNew from Italy, Lightweight, Foldaway Trolley is available in your choice of three colours.ก

As I say, boring, but this is what works, so don’t try and get clever or กartyก.

Hereกs the subheading for the security book:

กIกve nicked hundreds of cars and done over fifty burglaries. Would you like to know what Iกve got in mind for YOUR place?ก

Brilliant, or what??!! Youกve just got to read into the body text, haven’t you?

Remember this is the MAIN function of the heading and subheading. Notice the quotes, it seems as though the guy was talking to YOU, the reader of the advert, but the quotes imply that it is just something that this burglar said, some time ago, to whoever it was he was speaking to.

Rule Three: The Copy

Always overstate the product, but within the bounds of truth and reasonableness!

For some reason long copy, sell books. People will actually read an entire page of text if the story is strong enough. for straight products, the body of the text really just gives the feature and benefits, together with a slight allusion to an improvement in lifestyle.

A classic piece of rubbish for the security book would be:

กWe at ACME security have been leaders in the field of home security for over seventy years, winning the Queens award for industry on at least five occasions.ก

So what? Who cares? Whatกs that got to do with ME?

Hereกs an important little technique which can be used to fascinate your readers. itกs the ‘reverseก technique. In this technique, you take what is considered an obvious and well know fact about your subject, and then state the exact opposite in your advert.

We all know that in order to keep burglars out, we have to lock doors. Right? I mean, thatกs obvious. OK we’re going to take this obvious fact and simply state the exact opposite. like this:

Why leaving doors UNLOCKED can sometimes be better than locking them.

กHow can this be?ก you ask yourself.

Why fitting a car alarm can sometimes result in car thieves flocking to break into your car.

กWhatกs that?!! surely with an alarm fitted, theyกll give your car a miss?ก Well it depends. There are several reasons why sometimes (which is all I said) the opposite might be true. For example, if you have a car alarm then that means you have something worth stealing. also car thieves are full of machismo and they like stealing difficult cars, they stay clear of the easy ones because thereกs not enough danger and excitement. Most car alarms can be bypassed. Get the idea?

I hope this helps in your future marketing decisions.

About The Author

David Bell

http://www.wspromotion.com/

Advertising research and development center

This article was posted on April 14

by David Bell