Social engineering
Prevention:
A chain is only as strong as its weakest link. Unfortunately, attackers realized years ago that when it comes to enterprise security, employees are the weakest link. Rather than hammering away at servers in a company's DMZ, many attackers now take an easier route to compromising an organization -- sending employees alluring phishing emails in order to steal credentials or drop a malicious payload. Fortunately, security pros can test employees' resilience to these attacks, and reinforce good security habits at the same time.
Trojan Horse
Prevention:
For the rest of us, you really should go out straight away and buy some decent software. They are many brands available at good prices, so I will avoid mentioning particular brand names. All provide similar functions at various levels of success. Anti-virus software resides in the active memory of your computer, and takes control of it to alert you to an active virus present on your machine. If the software cannot repair the infected file, it will quarantine this file or give you the option of safely deleting the file.Anti-virus software may also be used to scan your hard drive, floppy disks, zip disks or CD ROMs. It may also be used to scan attachment files to e-mails. The important thing to remember is that new viruses are being discovered daily, so if you have anti-virus software installed then make sure that you keep it's library of known viruses up-to-date, otherwise you will have no protection against the latest batch.
Distributed Denial of serveice
Prevention:
Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection. The effect of Unicast RPF is that it stops SMURF attacks (and other attacks that depend on source IP address spoofing) at the ISP's POP (lease and dial-up). This protects your network and customers, as well as the rest of the Internet. To use unicast RPF, enable "CEF switching" or "CEF distributed switching" in the router. There is no need to configure the input interface for CEF switching. As long as CEF is running on the router, individual interfaces can be configured with other switching modes. RPF is an input side function that enabled on an interface or sub-interface and operates on packets received by the router.
Sniffer
Prevention:
In a network packet sniffer can filter out personal inforamtion and this can lead areas such as identify theft so this is a major security to network. When strong encryption is use all packet are unreadable to any but the destination address making packet sniffer useless
IP spoofing
Prevention:
To defend against IP spoofing attacks, follow the tried and true CERT advice from 1995: "The best method of preventing the IP spoofing problem is to install a filtering router that restricts the input to your external interface (known as an input filter) by not allowing a packet through if it has a source address from your internal network. In addition, you should filter outgoing packets that have a source address different from your internal network in order to prevent a source IP spoofing attack originating from your site.
Secure Shell brute-force attacks
Prevention:
Defending against these SSH brute-force attacks means going back to the basics of solid security practices. To start, utilize passwords and passphrases that will not be easily guessed. Doing standard "Leetspeak" -- an Internet language that substitutes letters with ASCII characters -- will not work. Attackers now use custom dictionaries that incorporate the common Leet substitutions used by sysadmins, like "@" for "a" and "3" for "e."
Shoulder surfing
Prevention:
That have 3 way to secure and protect your personally identifiable information and ensure that your identity or your credit have not been compromised as below:
1. Watch for shoulder-surfers. When entering a PIN number or a credit card number in an ATM machine, at a phone booth, or even on a computer at work, be aware of who is nearby and make sure nobody is peering over your shoulder to make a note of the keys you’re pressing.
2. Require photo ID verification. Rather than signing the backs of your credit cards, you can write “See Photo ID”. In many cases, store clerks don’t even look at the signature block on the credit card, and a thief could just as easily use your credit card to make online or telephone purchases which don’t require signature verification, but for those rare cases where they do actually verify the signature, you may get some added security by directing them to also make sure you match the picture on the photo ID.
3. Shred everything. One of the ways that would-be identity thieves acquire information is through “dumpster-diving”, aka trash-picking. If you are throwing out bills and credit card statements, old credit card or ATM receipts, medical statements or even junk-mail solicitations for credit cards and mortgages, you may be leaving too much information laying about. Buy a personal shredder and shred all papers with PII on them before disposing of them.
Sabotage
Prevention:
Due to the power of the privileged mode capability (PM), System Managers should allocate it only to accounts, groups and users with an imperative need. As an example of the dangers inherent in the PM capability, it permits the use of DEBUG on system files, and lets persons with the capability place unauthorized software on the system.Prevention of accidental sabotage from destructive software can be minimized or prevented by education, strict rules against using unauthorized software, and well publicized penalties for doing so. Establishment of accountability can, again, aid in identifying the offender in such incidents.
Electromagnetic-interference
Prevention:
An electromagnetic-interference (EMI) prevention mechanism includes an expansion unit or base having conductive hooks and conductive spring biased pins.
An electronic product to be placed onto the expansion unit includes conductive connection holes and conductive areas on its bottom surface. The connection holes are to be joined to the hooks and the conductive areas are to be pressed against the pins whereby the product conductive holes and the conductive areas become joined electrically to the expansion unit and electromagnetic waves generated by the product are guided to the expansion unit.
Thursday, August 19, 2010
Thursday, August 12, 2010
Understanding of security threat
Social engineering
Social engineering is a fast-evolving, technology solutions, security policies and operating procedures alone can not protect the most important resources. Even if these safeguards, hackers usually threatens the safe operation of the Company. Victims also found to be without knowledge of sensitive information to bypass the network security, and even strangers will not open the door to the identification of the work. Although the immune system attack on the judgments of people, even the best network protection system, companies can reduce the positive safety culture and the landscape changes and the development of social engineering.
Salami slicing
Salami slicing is a series of actions in many children, often in secret, by one large transaction, it will be difficult, or illegal conduct with the results. The term is often used as the salami slicing pejoratively.An, also known as shaving a penny of the money stolen several times, usually in very small amounts are rounded to the nearest (or other currency) to the practical advantage of the financial transaction fraud.It happens that the change is small enough, one transaction can not be found. IT security, salami attack on a series of smaller attacks, the result of a larger attack. Is very suitable for computer automation of these types of attacks.
Trojan Horse
A destructive program disguised as a benign application. In contrast to virus trojan horse do not replicate themsleve, they are also devasting. The most insidious types of Trojan horse is a program that is free from viruses, but they have a virus on your computer. The term comes from the Greek story of the Trojan War, which the Greeks give a giant wooden horse, enemies, Trojans, seemingly a product of peace. But the Trojans pulled within the walls, Greek soldiers sneak out of the horse's hollow belly and open the gates to their fellow countrymen back and capture Troy.
Denial of service
This Dos attact is not really used for stealing the information. The main aim of this attact is to bring down the target nwtwork and make it to deny the service for legitimate user. In oder to do Dos attact, they can do this with simple ping command.
Sniffer
Sniffer can be used for legal or illegal means to obtain the data transmission network. The content of each package over a network router that to determaine whether the router has its own network of destination or to be moere with the internet. Sniff the router, but may be able to read the data package and the source and destination addresses. Academic Network Sniffer is often used to prevent file-sharing applications cause traffic congestion.
Ip spoofing
A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.
Brute force attack
In cryptography, a brute force attack is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found.The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code.
Sabotage
A term borrowed from French syndicalists by American labor organizations at the turn of the century, sabotage means the hampering of productivity and efficiency of a factory, company, or organization by internal operatives. Often sabotage involves the destruction of property or machines by the workers who use them.
Shoulder surfing
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone.
Electromagnetic interference
Electromagnetic interference is a disturbance that affects an electrical circuit due to either electromagnetic conduction or electromagnetic radiation emitted from an external source. The disturbance may interrupt, obstruct, or otherwise degrade or limit the effective performance of the circuit.
Social engineering is a fast-evolving, technology solutions, security policies and operating procedures alone can not protect the most important resources. Even if these safeguards, hackers usually threatens the safe operation of the Company. Victims also found to be without knowledge of sensitive information to bypass the network security, and even strangers will not open the door to the identification of the work. Although the immune system attack on the judgments of people, even the best network protection system, companies can reduce the positive safety culture and the landscape changes and the development of social engineering.
Salami slicing
Salami slicing is a series of actions in many children, often in secret, by one large transaction, it will be difficult, or illegal conduct with the results. The term is often used as the salami slicing pejoratively.An, also known as shaving a penny of the money stolen several times, usually in very small amounts are rounded to the nearest (or other currency) to the practical advantage of the financial transaction fraud.It happens that the change is small enough, one transaction can not be found. IT security, salami attack on a series of smaller attacks, the result of a larger attack. Is very suitable for computer automation of these types of attacks.
Trojan Horse
A destructive program disguised as a benign application. In contrast to virus trojan horse do not replicate themsleve, they are also devasting. The most insidious types of Trojan horse is a program that is free from viruses, but they have a virus on your computer. The term comes from the Greek story of the Trojan War, which the Greeks give a giant wooden horse, enemies, Trojans, seemingly a product of peace. But the Trojans pulled within the walls, Greek soldiers sneak out of the horse's hollow belly and open the gates to their fellow countrymen back and capture Troy.
Denial of service
This Dos attact is not really used for stealing the information. The main aim of this attact is to bring down the target nwtwork and make it to deny the service for legitimate user. In oder to do Dos attact, they can do this with simple ping command.
Sniffer
Sniffer can be used for legal or illegal means to obtain the data transmission network. The content of each package over a network router that to determaine whether the router has its own network of destination or to be moere with the internet. Sniff the router, but may be able to read the data package and the source and destination addresses. Academic Network Sniffer is often used to prevent file-sharing applications cause traffic congestion.
Ip spoofing
A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.
Brute force attack
In cryptography, a brute force attack is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found.The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code.
Sabotage
A term borrowed from French syndicalists by American labor organizations at the turn of the century, sabotage means the hampering of productivity and efficiency of a factory, company, or organization by internal operatives. Often sabotage involves the destruction of property or machines by the workers who use them.
Shoulder surfing
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone.
Electromagnetic interference
Electromagnetic interference is a disturbance that affects an electrical circuit due to either electromagnetic conduction or electromagnetic radiation emitted from an external source. The disturbance may interrupt, obstruct, or otherwise degrade or limit the effective performance of the circuit.
Thursday, August 5, 2010
Thursday, July 15, 2010
product
Nokia x6 16gb KL.Malaysia
Location: KL.MalaysiaDate Posted: July 15
Price: RM700
Accessories inlcude :
- ADAPTER
- BATTERY
- CHARGER
- FREE POUCH
- EARPHONE
- CD SOFTWARE
- Deliverly method : Poslaju, Courier service
- Payment method : Banking Transfer [maybank]
- We full online service only
- Guarranty all product is good condition.
Data Traveler 5000 (8GB)
Price : RM 70
Feature/Benefits :
- FIPS 140-2 Level 2 Certified
- Secure – drive locks down after 10 intrusion attempts and encryption key is destroyed
- DT5000 can operate with AutoRun disabled
- Tamper-evident – tamper-evident coating/seal for physical security
- Waterproof – protected against water damage
- Guaranteed – five-year warranty with 24/7 customer support
- Operating Temperature – 32°F to 140°F (0°C to 60°C)
- Storage Temperature – -4°F to 185°F (-20°C to 85°C)
- Minimum System Requirements – USB 2.0 compliant and 1.1 compatible
- E-mail teach support for help with this drive
- FAQ for this drive
Studio 17(1749) Laptop
Price : RM7000
-NEW! Now featuring Intel Core i5 and Intel Core i3 processors up to optional Intel-Core i7 Quad-Core processors
-User-friendly touch applications with optional multi-touch screen
-Bring movies to life with a 17.3" Full Hi-def display
-Crank it up with the JBL + SRS Premium SoundTM audio
Feature :
- Intel® Core™ i5-450M (2.4-2.66Ghz, 3M/4 threads)
- Genuine Windows® 7 Home Premium, 64bit, English
- 17.3” HD+ (900p) Bright LED Display with TrueLife™ and Camera
- 8X Slot Load CD/DVD Burner (Dual Layer DVD+/-R Drive)
- 4GB1 Shared Dual Channel DDR3 at 1066MHz
- 320GB2 7200 RPM3 SATA Hard Drive
- Intel® HD Graphics
- High Definition Audio 2.0
- 56 Whr Lithium Ion Battery (6 cell)
Deliverly on the spot to the customer
Provide on Site Servicing
| TV type | LCD |
| Diagonal screen size | 70 inch |
| Aspect ratio | 16:9 |
| Dimensions (HxWxD) | 1850 x 1012 x 153 mm |
| Weight | 72.5 kg |
| Contrast ratio | 50000:1 |
Subscribe to:
Posts (Atom)