Network Security

It’s not hard to see how the integrity of our society has taken a turn for the worst in the last thirty years. With the baby boomer generation reaching the age of retirement, more and more people are looking to get rich quick and become millionaires without any hard work being put into it. Thus enters the schemes of the next generation in a technologically savvy and shifty society. Just surfing the web will undoubtedly place your finances and well-being at risk by the deceptive schemes to steal your money and identity.

So how can you avoid those malicious URLs? Well, first, be safe and don’t go surfing around on unrecognizable URL sites. No parent wants their children wondering into some strangers house not knowing what’s inside, the same can be said about URL addresses. Each website is someone’s home; don’t enter unless you know the safety of that home. Stay away from fraudulent fronts and make sure what you typed in is where you want to go. You can never be too safe.

Second, invest in a URL scanner. There’s no doubt mistakes may be made. When you’re typing sixty to seventy words a minute you’re bound to make mistakes. URL scanners give you that second opportunity to check yourself and make sure what you have type is really where you want to go. Don’t be stingy, spend the extra money and protect your money and your identity. Many of these types of URL scanners can be purchased online or in most of your local office supply stores or retail stores. These scanners should definitely be installed in all large and small businesses alike to prevent anything you don’t want coming through your network. Again you can never be too safe.

Third, take a look at malicious URL lists and compare them with a legit URL list. These lists are readily available to pretty much anybody who wants to look at them. They can be found by simply searching any major search engine, but again be careful you are not entering any deceptive websites fronting help spotting the fakes. Some fake URL addresses are obvious in comparison to legit URL addresses and can be easily spotted, however, taking a look at several different lists should help you recognize the pattern that most deceptive URL addresses look like. And if I haven’t said it enough maybe a third time will get the point across, you can never be too safe.

The truth of the matter is that nowadays you can never be too safe. The typical identity theft recovery can take hundreds to thousands of hours to clear up, not to mention the money lost due to the time spent in recovering your identity. So, one way to look at investing in a URL scanner and making an effort to avoid the faulty URL addresses is to see at as a sort of insurance to protect from the enemies schemes to lure you into enticing web addresses that could possibly steal much of your time, money, and identity.

Information Technology has opened a dazzling world new world of INTERNET before us. All the business, banking and other sophisticated commercial transactions have become just a mouse click away. Everything has become more effective and less time consuming. While web is a boon to us in a way, it has also proved its negative powers in several ways.

The benefits of the information technology are used maliciously by a specific group of people who can be called cyber criminals in general. These cyber criminal include hackers and crackers who make illicit use of internet services. These so-called criminals are able to gain unauthorized access to other computers to steal worthy or useful data from the database to make personal profit. This is completely against law.

The most important tool of the criminals is obviously the computer. The medium that they make use of, to gain valuable information from reputed companies is nothing other than the word wide web. The ways that are usually employed by them are phishing, wire transfer, spoofing and pharming. The criminals can also enter private net accounts by way of many techniques, thereby hacking Domain Name Server and Internet Provider’s (IP) address.

The twisted term ‘cyber crime’ has no boundaries and limits. It has wide coverage in all the nations as hackers can be found anywhere in the world. The use of information technology by the cyber terrorists with a view to make destructive effects is called cyber crime. The key factor behind this stream of crime is low rate of traceability and time-consuming persecution. Hackers can work from anywhere in the world peacefully and devastate the economic and political structure of a country as a whole.

In such a scenario the only feasible solution can be to safe guard oneself against such misuse of advanced technology. Yet it’s a fact that the legal system has to be more sophisticated and intrigued to combat the activities of cyber terrorists. More advanced and systematic methods shall be formulated to curb the crimes in time at all.

The severity of the situation can be understood more clearly when we come to know that many of the financial and banking institutions world wide pay money to these criminals to avoid their malpractice. They are compelled to do so for saving their name and fame among their customers.

Even though we have succeeded in tackling many of the cyber crimes and blocking their efforts we still are threatened by the fact that the grave problem still continues to exist amongst us in varied forms. As this problem has its root in all the nations in the world, there has to be better understanding and co-operation among the international agencies that deal with the thwarting of cyber crimes and criminals. The body of law should ensure that the new technology is used for the benefit of the people only and take necessary measures to prevent misuse of advanced technology..

Simply defined, phishing is the act of tricking you into believing you are having a normal transaction with a trusted and well known internet merchant. Of course, what’s the bait and subterfuge required for this to work (you should already be asking)? What skulduggery and ne’er-do-well could carry out this trick on unsuspecting internet users like yourselves? Here, we’ll need to define another term to complete the picture. Fortunately, this term isn’t as technobabble as the previous one, but the term to spoof means to pretend to be someone else well-known and trusted, when in fact they are internet criminals with malicious intent. Yes. If this has not become clear to you already, alarm bells should be ringing loudly in your head right now. Together with viruses, trojans, adware and other forms of malicious software (all lumped under the term malware), spoofed emails in your inbox provide the bait to an impersonation attack.

Let’s now run through an example. Suppose you are a long time loyal and trusting customer of Bank A. One day you receive an email informing you to change your password (passwords should be changed once every three months in standard secured computing environments, of course). You often get reminders like this at work from the system administrator, so you think nothing of it and follow the advice given. The email sender even provides you a link (saves you having to find that bookmark somewhere) to help you with this, how considerate of them! Right now, picture yourself as the fat catch of the day for the internet criminal. The damage isn’t irrevocable but once you click on the link, quickly try to log in (we’ve done this nth times before right?) and FAIL, you may start suspecting that something is wrong. Unfortunately, because the internet moves literally at the speed of light, and your login and password has already been captured, stored and forwarded, there’s a very high chance that through the distributed power of the internet, a mechanism has already been automated to log in at the REAL banking website, with the login details and passwords you so kindly provided, and every last cent in your account has been pilfered!

This is a simplified example of course but it demonstrates the working theory and practice of an impersonation attack. You should be thinking about countermeasures immediately and they fall broadly into two categories. Category One is all about safe online conduct. The internet is literally a virtual Wild West frontier (not unlike the real thing). Trust no one and certainly not just any email sent purportedly from your bank. If you’re technically minded, you may notice that clicking on the link will direct you to a DIFFERENT website (www.bankof-a.com as opposed to www.bankofa.com) and the spoofed login page may not be a 100% replica to what you’re used to. Category Two belongs to the technical tools at your disposal to combat these threats. Always upgrade your browser to the latest version, because new vulnerabilities are being discovered and fixed all the time, and also because most recent browsers have new tools and technologies to detect attacks of this sort.

Finally, make sure you have an up to date anti-virus, anti-malware and internet security software. Even the free ones do a good job and you can google them easily online.

The internet is vast landscape of money-making opportunities. Some are legitimate but many are methods for others to take something of high value from you: your identity. Online identity theft is a fast growing venture whereby the thief is able to co-opt your name, identification number, bank accounts, passwords, etc and use it for their personal gain. These schemes are usually multi-layered, international systems that are hard to trace and even harder to persecute in the court systems of many countries. There are several predominant methodologies the criminals use, as well as, ways to protect yourself.

The main point of entry into your information is the world wide web. As you interact with web sites, you provide your information in exchange for theirs. The thief has at his disposal; impersonating websites or professional looking unknown websites, cookies that act as key loggers once you have left the infecting website and malicious code wittingly or unwittingly downloaded. The easiest defense against these are observation and diligence. Be sure to look for “https” in the address bar for websites that present themselves as reputable banking and merchant vendors. In addition, you can set browser to refuse cookies or limit their access to your information.

Theft of your good name can also be performed through social engineering emails, or “phishing”. The email detailing your sweepstakes winning or rich foreigner looking for an account to hide money is ALWAYS a scam designed to wrest information and/or checks from you. The email has thousands of variations but one single thing in common, they want some information or canceled check from you before they can process your share. Once again, the best defense is simply to avoid these operators, don’t open emails from people you don’t know and don’t give out details through email.

There are more ways for the identity thieves to secure your information than this, including straight out theft of your wallet or purse. In this case the best course of action is to alert the authorities and your banking institutions and credit card carriers of the theft as quickly as possible. In a matter of minutes a thief can max out your cards and clean out your bank account, so time is money! This is also a good argument for not carrying your social security card with you, as that number is hard if not impossible to change.

Lastly, there are a few proactive steps you can take to protect yourself. An identity protection service can act as a firewall between your digital self and the rest of the world, through filing papers with credit tracking companies and actively looking for your information in known criminal databases you will be alerted if anyone tries to impersonate you online or in person. You can also talk with your bank and credit card about setting freezes on your account or alerting you if certain types of purchases or additional lines of credit are requested. Through careful observation, perseverance and intelligent interaction on websites, you can avoid the specter of criminality that is identity theft.

It may seem like something from the latest action movie: a crazy computer genius breaks into the supposedly secure system and steals classified information from the United States government. While this is a very real problem for our national security tech experts, there is a multitude of everyday information issues that have the potential to affect all computer uses from school teachers entering their grades to high powered business women recalculating quarterly earnings to a six year old boy playing the newest sports game. These dangers include unapproved monitoring of a user’s actions, viewing of a user’s personal files, or stealing of a user’s private files and data. Few people have time to figure out the ins and outs of their complex systems, but with just a little technological savvy, though, anyone can learn to avoid these dangers and keep these cybercriminals out of their computer.

Almost everyone with a computer spends at least a little time “surfing” the World Wide Web. Hackers are capable of accessing a person’s computer and seeing exactly what they see on their screen and what they type in. This may not seem like a big deal, especially if a person is only visiting rated-G websites dedicated to ridding them of boredom, but it is a serious invasion of privacy no matter what. If these assessors happen to be associated with a type of marketing, they can also keep track of what a person buys, but even more devious types are after other information. And, if the surfer happens to enter any passwords, pin numbers, or other information, it falls right into their hands.

Beyond what pops up on the internet, hackers can even take a look at a user’s personal files. These include written documents, saved pictures and videos, and even games. This means that everything from last year’s vacation photos to the guest list for next week’s party is out in the open. These types of files, first, are not meant to be shared unless a user intends such, and, second, can reveal important information that might reveal locations and compromise a person’s safety.

Safety is most highly compromised when hacking, as it often does, leads to the theft of sensitive information. Most often reported is the theft of credit card information. However, birthdates, maiden names, passwords, social security numbers, phone numbers, and e-mail addresses are all free game form those who know how to access another person’s computer. This can lead to identity theft, a difficult problem that can takes months and even years to rectify.

Computer user’s should not, however, leap off their machines. There are a few simply safety measures that can protect anyone’s system and block out those cybercriminals. First, one should always enter their information only in secure site and, second, good antivirus software should be running at all times. Also, passwords should be kept in safe places and never revealed. By doing these simple things, computer users can secure their information, ditch the digital danger, and get back to safely surfing in no time flat.

The internet has quickly become a cesspool of individuals who have nothing better to do than to make other’s life miserable by preying on their personal internet accounts. They are normally cowards that hide behind fake personas and do not have the gall to come out into public. In many cases, they are considered hackers and people’s email accounts are flooded by these crooks on a daily basis. They have become increasingly advanced in their misdeeds and can fool many people into simply opening a webpage which in turn can take over and destroy the victim’s whole computer.

In today’s day and age, people are extremely dependant on computers, smart phones, etc. It is literally the way many do business, stay connected with family and friends, and take care of financial responsibilities. In essence, the list can go on and on. Having this in mind, evil individuals can take complete advantage of this huge dependence making people very vulnerable. Almost everyone has an electronic mail account, in some cases several different ones. Hackers will prey on these by cultivating lists and send out mass messages. Many of these messages come along with a variety of viruses.

Their disguises in these situations are becoming more and more unique and tailored towards the targeted individual. For example, if one is looking for a job, they may see an influx of too good to be true job offers spamming their inbox. One slip up by opening one these messages and one’s computer could be exposed to a ton of adware. Just one minuet virus can weigh heavily on one’s operating system. They can slow it down to a snail’s pace and make the computer virtually impossible to use efficiently.

These evildoers who send out the messages are becoming increasingly advanced and one may not even know what exactly has happened after opening a file until it is too late. Many major email providers are making strong efforts to combat spam mail. Most will sift through all the incoming mail and properly place the message into the correct inbox, however sometimes the messages can get through the filters. With this in mind, it is of the utmost importance to be very critical of what is opened. In addition, most providers will do an automatic virus scan prior to any attachment being opened. This has saved many from falling victim to the internet predators.

Since people are so dependent on computers for everyday life, it is vital that everyone is very critical when exposing their computers by opening unknown documents. The fact of the matter is one malicious message could potentially send a computer’s system into turmoil that will not only cost a fortune to fix, but could lead to stolen identification, financial records, and other personal items that should not fall into the wrong hands. To be 100% sure one does not become a victim of the crime, it is highly recommended to be extra critical when dealing with any electronic mail messages that are from an unknown source.

Whenever we open any website on any Internet Browser, we come across the following series of Status Messages on the status bar. For e.g. Connecting to.., Website Found Waiting for Reply, Downloading.., and finally “Done”. But after the initial page has loaded if we were to click on any Hyperlink we find that we get the same series of messages again. If we get the same message again it means that after the Initial connection was made, the Server has snapped its connection with the Client.

Why Does the Server Disconnect from the Client? The answer to this is that Internet Connections make use of the HTTP Protocol which is stateless in nature. If the Server maintains a dedicated connection line with the Client, there is no guarantee that the Client will actually use the connection to an optimum. Hence, the Server snaps the connection so that it can connect with so many other clients at the same time (if the earlier Client wants to access some resource all it has to is – Reconnect).

In the Initial connection attempt, the Client would need to pass all its technical information like IP address, Port number, OS , Browser Version etc to the Server. But for every Reconnection if the Client were to do that, it would waste considerable time on the Internet. Hence, there is a need of ‘Internet Cookies’. When the Server is about to make a response for any request made by the Client, it simply stores the last ‘transaction’ state of the client onto a Cookie and sets it on the Client Terminal itself during Response. Cookies store or maintain the state of the Client as it connects the Server and stores it on the Client Side itself in the folder ‘Temporary Internet Files’.

The advantage of using Cookies is that for every Reconnection, the Client may not ‘Re-introduce’ itself again and again. The Server just picks up wanted information from the Cookie (stored in an expected format) and establishes the Response. Cookies can also store repeated ‘user-entry’ information like ‘Remember Password’ facility that is found in most of the user logins today. However, if we want to, we can erase all Cookies on the Client Side by simply selecting ‘Delete Cookies’ or clearing ‘Temporary Internet Files’ folder from the Browser > Internet Options Menu.

A 2 point golden rule about Cookies is:
• Cookies are “Set” by Server on Client during ‘Response’.
• Cookies are “Retrieved” by Server from Client during ‘Request’.

So, Internet Cookies serve the purpose of increasing the overall Request to Response Efficiency and reduce time lag. It is to be noted that programmatically it is possible for the Web Developer to set an Expiry Date and time on the Internet Cookie so that it automatically terminates or destroys itself on the Client side after some limited usage. In Server Side Scripting Languages like ASP there are methods like ‘Expires’ which can be used for the purpose. Cookies set by one Server can also later on be accessed by another Server, which is a useful e-marketing tool these days.