Sunday, November 18, 2007

Protecting Portable Devices: Data Security.

Why do you need another layer of protection?
Although there are ways to physically protect your laptop, PDA, or other portable device (see Protecting Portable Devices: Physical Security for more information), there is no guarantee that it won't be stolen. After all, as the name suggests, portable devices are designed to be easily transported. The theft itself is, at the very least, frustrating, inconvenient, and unnerving, but the exposure of information on the device could have serious consequences. Also, remember that any devices that are connected to the internet, especially if it is a wireless connection, are also susceptible to network attacks (see Securing Wireless Networks for more information).

What can you do?

  • Use passwords correctly - In the process of getting to the information on your portable device, you probably encounter multiple prompts for passwords. Take advantage of this security. Don't choose options that allow your computer to remember passwords, don't choose passwords that thieves could easily guess, use different passwords for different programs, and take advantage of additional authentication methods (see Choosing and Protecting Passwords and Supplementing Passwords for more information).
  • Consider storing important data separately - There are many forms of storage media, including floppy disks, zip disks, CDs, DVDs, and removable flash drives (also known as USB drives or thumb drives). By saving your data on removable media and keeping it in a different location (e.g., in your suitcase instead of your laptop bag), you can protect your data even if your laptop is stolen. You should make sure to secure the location where you keep your data to prevent easy access.
  • Encrypt files - By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
  • Install and maintain anti-virus software - Protect laptops and PDAs from viruses the same way you protect your desktop computer. Make sure to keep your virus definitions up to date (see Understanding Anti-Virus Software for more information).
  • Install and maintain a firewall - While always important for restricting traffic coming into and leaving your computer, firewalls are especially important if you are traveling and utilizing different networks. Firewalls can help prevent outsiders from gaining unwanted access (see Understanding Firewalls for more information).
  • Back up your data - Make sure to back up any data you have on your computer onto a CD-ROM, DVD-ROM, or network (see Good Security Habits and Real-World Warnings Keep You Safe Online for more information). Not only will this ensure that you will still have access to the information if your device is stolen, but it could help you identify exactly which information a thief may be able to access. You may be able to take measures to reduce the amount of damage that exposure could cause.

Authors: Mindi McDowell, Matt Lytle

Posted by at No comments:

Thursday, October 25, 2007

Packet Sniffing

A network sniffer, or packet sniffer, is an application that captures all traffic traveling past a network interface attached to some network. Packet sniffing is useful for network troubleshooting and software developers; however, it can also be used to eavesdrop on unencrypted traffic (unencrypted email, Web packets, IM, and more).

When people communicate via IM, they do not realize their communication is probably hopping around numerous times through various networks and routers. On any network segment along this path, someone can use a packet-sniffing tool to intercept such communications. However, scanning through a large number of packets to extract something useful is very difficult. Thus, attackers also employ communication filters, software to detect and identify specific types of communication currently underway.

When attackers get access to some wire, they attach a network device to that network segment. Next, they install a communication filter to capture packets that contain specific strings or patterns, such as the "password" keyword. If a pattern in the filter matches traffic from the wire, that packet is recorded for subsequent analysis.

Flat, unswitched local area networks are particularly vulnerable to sniffing attacks because every packet traveling between two hosts is broadcast to all nodes on the network segments to which each host belongs. Thus, a sniffing device or program could be connected to any port or installed on any machine on the same segment. A few years ago, switching technology became sufficiently inexpensive to be widely accepted as a standard LAN building block. In many installations, switches replaced broadcast hubs and were used to micro-segment LANs into numerous virtual segments. Switches also establish point-to-point channels between pairs of hosts as they initiate conversations. This alleviates the problem of sniffing but does not eliminate it completely (especially if attackers can access the switch itself).

In the real world it is at least difficult, if not impossible, to gain access to ISP facilities and install sniffers there. Therefore, the biggest source of sniffing threats stems from LANs and public facilities. Cable modem technology is particularly prone to sniffing-based attacks, because all users on a cable segment can see (and therefore sniff) all traffic on that segment. Companies or organizations that support remote access for cable modem-based users should definitely use more secure implementation, preferably those based on IPSec.

Because so much information used in popular messaging software now takes the XML format using the HTTP protocol, traffic vulnerability to sniffing is actually on the rise. The latest trend is to convert everything to XML formats. Unfortunately, this also means that using HTTP without SSL or TLS is tantamount to sending information in clear text from the hacker's perspective. This explains why sniffer attacks are both insidious and potentially very dangerous because they can decode and reveal lots of sensitive information.

To prevent information leaks, you can't rely on communication programs that use no encryption mechanisms; you must use IPSec or VPN solutions to secure communications both on the local network and for all remote access. If IM services are deployed for business purposes, use applications similar to Microsoft Exchange Server 2000, which enables you to operate your own IM server that might or might not interact with the rest of the world. As a matter of security policy and user education, users should also be coached on which types of communication and file transfer are appropriate using IM outside organizational boundaries—if indeed such use is permitted at all.



Posted by at No comments:

Wednesday, October 17, 2007

Using Caution with Email Attachments

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:


  • Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.

  • Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.

  • Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:

  • Be sure the signatures in your anti-virus software are up to date.

  • Save the file to your computer or a disk

  • Manually scan the file using your anti-virus software

  • Open the file
Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
Consider additional security practices - You may be able to filter certain types of attachments through your email software or a firewall.
Posted by at No comments:
Subscribe to: Comments (Atom)

Security News

Loading...