Category: Security

Categories
Security Tech News Web Guides

The Story Of The Blooming Web Application Firewalls

what is firewall and how it works, web application firewall

We start our year long journey into 2015 with many technological enhancements in the field of Computers. Like any other revolutions of the past, the Information Revolution building up concretely based on the power of Internet is affecting each of our lives, whether we choose to accept or not.

 

The only downside is unlike the Industrial Revolution or the Agricultural Revolution, the Information Revolution is statistically destroying more lives than ever. With every year, there is greater percentage of computers being effected and lots of businesses taking the hit. All this, like we choose to put it is the unavoidable consequence of the Information Technology Development.

 

The Hackers, Crackers, Code Kiddies they are all there out in the wild trying to exploit any vulnerabilities they sense. The innovations in these black hat techniques have strongly brought in the need to develop software and systems with not just a 90 %or 99% efficiency, but also with the ability to foresee impending attacks. One step into building that perfect system is the blooming Web Application Firewalls.

Learn About: What a Firewall Actually Means

So what is an application firewall??

An application firewall sits on top of all the firewalls in the OSI layer, and grants or denies permissions to applications in accessing the operating system. It is way more sophisticated than the other firewalls which merely examine each packet and determine whether to forward it to the destination or not. Apart from doing just that, an application firewall also controls the execution of files.

 

This simply means, even if a hacker could get through the conventional firewalls, his act will be foiled at the application firewall level where any suspicious malicious code will not be executed without the users’ permission.

 

A Web Application Firewall does more than a computer’s application firewall. Generally, a Web Application Firewall is expected to offer extra protection as it has to deal with applications like Apache or WordPress where there’s a lot at stake. The Web Application Firewall achieves it by carefully analyzing all the data which passes through it and by verifying it with pre-set rules.

 

Though the functionality appears a lot similar to that of the application firewall, like mentioned the game is wide open when it comes to dealing with the aforementioned applications and there’s a lot at stake. So, it takes care of both the web users’ internal and public web applications.

 

The future with Web Application Firewalls

With the success rate in getting through complicated security systems is alarmingly increasing, there is a call for businesses to protect their websites from going down and their customers data being compromised.

 

With this primary objective in mind, web application firewalls are being developed to pave off any such unauthorized access and destructive attacks. For this the traditional in-depth inspection of packets is unfortunately not enough. There is a need for the Web Application Firewalls to dig deeper and that too far beyond the code. They need to actually evaluate the code, and check for any flaws just like a human being would.

 

With that in mind, the modern Web Application Firewalls are being deployed with the ability of risk evaluation and the tracking of visitor behavior. This intelligence will help shed any attacks even before they start. Also encompassing the abilities of integrating with other network securities across the internet, the efficiency of these systems will be something to watch out for in the days to come.

 

Categories
PC Guides Security Web Guides

Cyber Security – A Growing Concern With Technological Developments

Cyber Security - A Growing Concern With Technology Developments

With the curtains drawing down on 2014, we enter into 2015 with advancements in many fields. But one such negative aspect which kept growing is the threat to cyber security. Shockingly, many of those who are currently using computers aren’t even aware about this term.

But the situation is now alarming. Simply, if you don’t take steps to keep your computer safe your computer and you can be subject to fraudulent activity on the Internet. All these activities relate to cases in which hackers, enter computers through trickery and then use it for malicious purposes. It can happen anytime and to anyone on a computer without protection.

Cyber Security - A Growing Concern With Technology Developments

Chances are that you may receive a deceptive e-mail stating about an “urgent matter” concerning your Facebook account or Google account. They could even be looking for personal information present in your computer (say credit card numbers or login information, private accounts) which they can use to gain monetary benefits or for simply exploiting your registered services.

Not just these, but they may get after your computer resources like your Internet connection, to increase bandwidth and infect other computers. Because the mantra is, the larger the number of computers behind which a hacker hides, the tougher is to find him. Thus, hiding their true location on the web means that initiating attacks without getting caught is a lot easier.

Anyways, there are many different threats to the security of your computer because there are many different ways a hacker can steal your information or infect your computer. Once entered the computer, the threat usually shows very few symptoms so they can survive undetected for a longer period, during which they strengthen themselves, spreading to different locations within the computer.

We have compiled a list of the different types of threats along with some recommended steps you can take to reduce these threats, using information from Symantec, a world leader in software contravention that helps customers protect their information, infrastructure and interactions.

Computer Threat # 1: [Vulnerabilities]

Vulnerabilities are simply the weaknesses which are developed in your computer mostly due to software. Any software, if not designed perfectly often contains some loopholes that are nothing but weaknesses to the overall security system of your computer. The other way round, vulnerabilities may also result due to inadequate computer settings.

Once a hacker happens to know of such vulnerabilities that are within your computer, he then plans and exploits your computer through these loopholes causing severe damage. Here, if the vulnerabilities are a resultant of faulty software design, companies announce vulnerabilities once they get to know of them and work towards speedy recovery of such bad sectors using patches or software upgrades.

Learn About The Various Vulnerabilities In Wi-Fi Networks here.

Computer Threat # 2: [Spyware]

Spyware is the malicious content downloaded from web pages, e-mail messages, and instant messaging applications mostly without the consent of the user. Most spyware often remains calm and tries to go unnoticed in the first few weeks, thus, hiding whatever it does in the computer from the user.

Spyware is mostly used by companies and other websites to track user behavior on the internet. The information of whether you are more of a sports loving person or online shopping person can be identified based on the sums of data collected by these spyware.

Learn A Lot More About Spyware here.

Computer Threat # 3: [Spam]

In a nutshell, spam is the e-version of junk mail. Spamming from a particular computer means sending unwanted messages, that too repeatedly, to a large number of recipients. Spamming can seriously be considered as a security threat.

This is because through spamming e-mails containing trojans, viruses or spyware can be distributed over large group of computers and thus there is sensitive personal information at stake.

Also See: How To Detect Scams, Phishing, Bots, Spams.

Computer Threat # 4: [Malware]

Malware is the combination of all viruses and trojans. Simply anything malicious on your computer can be termed as a malware (i.e. malicious + software = malware).

Destructive malware uses popular communication tools to spread, including worms sent through e-mails and instant messages, trojans entering through web pages and downloaded, infected direct connections between users. The malware will seek to exploit the vulnerabilities by entering in a quiet and simple way.

Learn More About What is Malware and How To Detect Malware –here

Computer Threat # 5: [Phishing]

Phishing is essentially an online fraud, and phishers are nothing more than technological scammers. They use spam, phishing web pages, emails and instant messages to target people. Then may then try to make people disclose sensitive information such as bank account information, credit card, or access to personal accounts.

 

Here’s How To Stay Protected:

• Keep updated software patches and security.

• Configure the security settings of the operating system, browser and security software.

• Installing a security solution such as AVG Internet Security to block threats that primarily focus on vulnerabilities.

• Do not accept or open dialogs suspected to contain errors within the browser.

• Spyware may enter your computer as part of a “free offer” – do not accept free deals.

• Always read carefully the ‘End User License Agreement’ when installing. Install and then be quick to cancel if any other “programs” than what you want are being installed as a part of the desired program.

• Scan your hard drive / memory for viruses regularly. It is much better if you have scheduled a scan at regular intervals.

• Anti-spyware programs like Ad Aware and / or SpybotSD can really help you in preventing any spyware intrusions. So, start using one.

 

Categories
PC Guides Security Web Guides

Here’s What You Missed About The Virtual Private Network (VPN)

Here's What You Missed About The Virtual Private Network (VPN)

Networking is surely a best form of information transfer among the connected devices, that too, without compromising security. When it comes to big businesses, with growth, they may have to spread beyond one roof into several branches. So a good networking model means that, such growth should not hamper the information transfer between the organization and employees. To facilitate this expansion, the latest technology being employed is the Virtual Private Network (VPN).

 341_adsl

What is a Virtual Private Network (VPN)?

A Virtual Private Network is a popular technology which uses a public network, like internet to connect between private networks. The private network of a business is accessed by the people working in that organization, using the internet, but through a secured connection. Though it’s on the internet, for everyone else it is encrypted data which almost makes no sense.

Before the adoption of the Virtual Private Network (VPN) technology, the interconnection between branch offices was done with leased lines. As the name suggests, these lines are leased by a telecommunication company to businesses, and the entire business forms one single WAN. With these leased lines, security wasn’t the issue but something else was; scalability and cost. For a business to spread to some new geographical location, the entire hardware was to be updated and improved to extend this WAN, a little further. This only means more money just for data sharing and it gets much more with further increase.

Anyways, thanks to the Internet, modern day businesses don’t have to go through all that. This migration from leased lines, led to the transformation to the Virtual Private Network technology.

 

Understanding VPN in Detail

For people who are new to networking and stuff, everything discussed till now must have been like Greek and Latin. Don’t worry at times we struggle too to get stuff into our minds. So, here’s breaking It up for you.

Consider you are on island with lots of islands around you, but nothing too close to walk. Now imagine there are a small boat and a submarine by the shore. Now, if you choose to travel from an island A to B through the boat, you are visible to everyone. Your identity is out there in the open and people can even see what you’re wearing, if you are wearing a hat or not and all of it.

If you chose to travel in a submarine, anyway you will reach the destination, plus without being identified. All this is just to create a better understanding about how a VPN actually works. Here, Internet is the ocean, the boat is any normal browsing session and the submarine is a secured route.

Just to show you the link between the considered example and the real world scenario, we take a step further and list the advantages the VPN carries with it.

  • Security
  • Scalability
  • Reliability

In either cases, i.e in our island example and the VPN technology, these attributes are all there. Both are very secure, can easily switch between islands, and certainly reliable.

Categories
PC Hacks Security

Erase All Traces Of Your Activity In A Click & Stay Secured

Erases All Traces of Windows Activity

One of our biggest worries is the privacy and security while browsing the Internet. For that, we have always been trying to teach you new tricks and simple tips to remain secure.

For example, how to start the incognito mode of Google Chrome by default, and also something like how to encrypt your hard drive without using Truecrypt and how to protect your computer from spyware are a few concrete security methods if you are a newbie here.

All of this advice is to protect you from those bad guys on the Internet and today we are here again for you with one more of those tips to protect your digital identity.

Erases All Traces By Using Browser Cleaner

This time we want to help you remove all your junk activity on computers like where you’ve been surfing or just making use of them, all with one button, for free and also without requiring any installation, simply using the application ” Browser Cleaner “.

It is available for you to download at the end of the article as usual. Here’s a brief description about Browser Cleaner.

Browser Cleaner allows you to erase all navigation data, it can also erase data that may be susceptible to corrupt your privacy.

It can even go a step further and delete Windows files, user data, recently opened documents, data stored in the toolbar, etc.

Erases All Traces Of Your Activity In A Click

Undoubtedly, it is one of the most complete and essential tools related to the deletion of data and the protection of your privacy.

Its operation is also pretty simple, all you need is to move on to the tab where you want to delete your trace and click on Clear Now, after which there will be no single trace of activity in the PC you worked on whatsoever.

Of course, Browser Cleaner is particularly helpful while using public computers where you don’t want to leave your data open to anyone. Isn’t it?

We can use this software on any computer we use. Remember that it needs no installation and you can simply run it from your Pen Drive/Flash Drive/USB Stick.

We recommend you to take this tool on hand and run it every time you use a computer that’s not yours or before lending PC to others. Safety First!

TCP Monitor | Browser Cleaner installable version

TCP Monitor | Browser Cleaner Portable version

Categories
Security Software

Getting To Know The Windows Military Grade BitLocker Tool Better

BitLocker: Windows Military grade protection tool

For sure, 2014, has been tiresome and shocking for the entire computer security world. With a whole new range of vulnerabilities surfacing up and some major bug fixes throughout the year, this year really went exciting enough. If at all you missed any of this, catch more of the biggest security stories of 2014 here.

One of these biggest security pieces is the end of services by TrueCrypt. In May 2014, the creators of TrueCrypt ended the services offered by the popular encryption tool. This decision was based on several security concerns and some licensing issues playing their part. TrueCrypt was anyways humble enough to recommend its users to look for alternative solutions. BitLocker, undoubtedly is a the perfect alternative as it can get and here’s our take on this Microsoft’s Encryption Tool.

 

Understanding What BitLocker Is All About:

BitLocker is Microsoft’s encryption tool for Windows. Not all Windows Operating Systems have BitLocker in them, but you don’t have to worry if you’re running on the Enterprise editions of Vista, Windows 7 and Windows 8 or the Pro version of Windows 8.1. All these Operating Systems including few Windows Servers support BitLocker.

The main thing about BitLocker is it helps you pile on additional security to your data with encryption. BitLocker, being a drive encryption tool means that it makes all the data on your drive unreadable for everyone except you. Thus offering you the best protection in case of offline attacks.

Here protection against offline attacks is applicable in case of USB drives, wherein the entire data can be encrypted. So, even if you were to lose your USB drive (or say gets stolen), there’s no harm in it. And the other person surely cannot read what’s inside the drive.

 

The System Requirements:

For BitLocker to run, you’ll need to have any one of the above mentioned Operating Systems. Also the minimum number of drive partitions should be two. So that you can make sure you aren’t encrypting the systems volume, i.e. from where your computer boots. Because it would only make the booting process more tedious if encrypted.

The other main requirement is the TPM (Trusted Platform Module). If you know what is TPM is you can skip the next section. If not, then we recommend you to go through the next section as well.

And in any case you are dubious if your computer matches the above criteria, there’s nothing you’ll have to worry about. Once you run BitLocker, it will run a system check just to check if it can operate on your computer.

 

Trusted Platform Module (TPM):

TPM is a hardware module present on all of those motherboards manufactured after 2006. It is a chip which carefully monitors the booting process, just to make sure there’s nothing messing with it, in order to get around the encryption.

However, the functioning of a TPM is not fixed. Based on your choice, the TPM may ask for a PIN before the OS loads or you may use a particular USB drive as a key to log onto your computer. Or you could do both, however you set it, the TPM monitors the sequence of operations according to your consent.

 

Why Should Anyone Use BitLocker?

If you are concerned about your data theft or privacy, then believe me, BitLocker is the best tool you are going to get; that too with purchasing a computer. Actually, this is a military grade tool which is developed keeping in mind how digital our lives have become. And surely we believe its one of the best of what Windows could offer us.

Do you like the idea of BitLocker? Are you currently using BitLocker? Do you have any other doubts about this tool? Talk all about it in the comments sections. Let people hear you out.

Also See: How To Protect Your Computer Using BitLocker

Categories
Security Tech News

Everything About The Facial Recognition Systems You Need To Know

Increase Your System Security By Using Facial Recognition

Facial Recognition, as soon as you come across this word your mind starts visualizing some security system scanning a face and identifying him/her but that’s limited to the movies. The real world scenario is a little different than that. With time and technology, facial recognition has now been on a high more than ever. Like most of us think, it isn’t only used for security purposes, nowadays; it has spread to variety of applications as well.

 

In this article you’ll get to know a lot about facial recognition systems, the different classes of facial recognition software. First let’s take a look at each of them separately:

 

Most of the current facial recognition systems work completely based on nodal points. These software marks the human face with 80 nodal points each measuring some variable (say width of nose, distance between eyes, cheek bone shape and so on). This data from each nodal point is stored as a faceprint within the database. Many of such faceprints are analyzed with the data from faces in an image or video keenly looking for nodal point matches.

 

However, this facial recognition system suffers from few major drawbacks. This is because basically these systems are not so good in identifying faces like humans can, when the conditions aren’t favorable (say lighting conditions etc.), they may well do below par than an average human can. What can be said is that the level of accuracy these systems exhibit isn’t up to the mark. In other words, these systems are less reliable.

 

Obviously, a better facial recognition system was needed and researchers could just provide that with the emerging 3D model facial recognition system. This method makes use of the 3D sensors to capture information about the facial features and structures. This 3D facial recognition system means that more distinctive features can be identified and stored. One of the other notable advantages is that we no longer have to bother about the lighting conditions or identification from a variety of angles.

 

Parallel to this 3D modeling facial recognition system, there is another which is primarily based on the visual details of the skin (say, skin tone or skin texture). This is a higher level of mathematical application where the patterns, spots and lines of person’s skin are arranged in the mathematical space and there you go, the computer does the rest.

 

Well all that said, facial recognition systems are more advantageous when employed for facial authentication than for identification. This is simply because, its too easy to trick computers using masks or disguises etc.

Also See: How To Improve Your Systems Security With Facial Recognition

Categories
Security

Some Of The Vulnerabilities In Your Wi-Fi Networks

Some Of The Vulnerabilities In Your Wi-Fi Networks

Internet is one of the most common things in our daily lives and one of the main methods of connecting to the Internet is through the Wi-Fi networks. But are our Wi-Fi networks really secure and protected to prevent the intrusion of third parties ? Maybe Not. So, to get a clear idea about the security levels of our Wi-Fi network, today we are going to show you some of the major vulnerabilities that can be in our Wi-Fi networks and also explain you about some of major types of attacks that can be made on our Wi-Fi networks.

Some Of The Vulnerabilities In Your Wi-Fi Networks

The Wi-Fi system is one of the most widely used method for connecting to the Internet, but this does not imply that it is the safest method. Currently Wi-Fi networks have big security problems and if we don’t take good measures to solve them, any user may get to compromise their privacy. The security of a wireless network is determined by several aspects, which can be configured from our router settings easily.

Encryption Methods Of A Wi-Fi :

One of the most important step for protecting our Wi-Fi network is to change the default password of our router. We can establish four types of encryptions: open , WEB encryption , WPA / WPA2 and WPA enterprise.

The open encryption and WEB encryption are the least safe encryptions. With open anyone can access our network and in WEB encryption it is relatively simple to get the key, so if we have any of these encryption methods our network will not be so secure .

The enterprise WPA encryption is more secure but less known method. This method consists of user authentication and saved passwords in a radius server . This method is very rarely used because it is the most difficult to set up, because we have to create the server and configure everything.

Most recommended is the WPA / WPA2 encryption, because it is only possible to obtain the key by performing a dictionary attack or brute force. This attack is carried out by generating a dictionary with multiple keys that try to match with the router password and gain access, the higher the dictionary, the higher the probability of access . Key WPA / WPA2 may also have other types of vulnerabilities.

Vulnerabilities WPA / WPA2 encryption :

Default key : The default keys are those keys that are set by the manufacturer by default in the router. These keys have security issues as there are dictionaries that include all these keys and using a brute force attack could come to get full access to the Wi-Fi network.

WPS : The WPS protocol is a failure associated with one of the methods of association, specifically the PIN with which you can access the access point. The PIN consists of eight digits, where the first 4 digits (no need to write the remaining four) key is incorrect, the router sends the message EAP-NACK , bringing the number of possible combinations is much reduced , so you can make a brute force attack with all possible combinations. The only solution for this is to disable WPS .

Other Vulnerabilities In Our Wi-Fi Networks :

Mac Spoofing : This occurs when someone obtains the MAC address of your network and poses as an authorized client. This attack can be given that the plates of networks in general for changing the MAC number by another.

Access Point Spoofing : In this case the attacker creates a fake access point and passed by him, the client thinks you are connecting to a real WLAN network when you are actually connecting directly to the attacker.

Man in the Middle ( middle-man ) : In this case the attacker is able to read, write and modify all the messages between two victims but none of them recognize it , thus acting as a connection between the two (Man in the Middle ).

Although there are a number of different vulnerabilities these are the most important. No network is completely safe, but if the necessary measures are taken then it will be much more difficult for the third parties to interfere, so we will gain in safety.

Categories
Security

Here Are Some Of The Biggest Security Stories Ever

heartbleed bug : Biggest security stories of 2014

Finally with only a few days remaining in 2014, filled with mega hacks, major vulnerabilities and astonishing security breaches; we believe there wouldn’t be any more jaw-dropping events on the Internet.

Without any doubt, 2014 has been a tiresome and exciting year for security experts across the world. With back to back vulnerabilities surfacing in the span of few months, this year has got as wackier as it could. In this article we round-up all the various security stories that the Internet has witnessed in the past 12 months.

Here Are Some Of The Biggest Security Stories Of 2014

List Of The Biggest Security Stories :

The GoTo Fail:

In February, finally Apple did fix the ‘GoTo Fail’ bug a SSL vulnerability a whooping seventeen months after it appeared in iOS 7.0 and OS X Mavericks. This bug triggered a short circuit which meant that users were left vulnerable to a man-in-the-middle attack. Through which a potentially malicious system could trick the user using false credentials thus, eavesdropping into communications between systems.

This was the actual code snippet that leads to this vulnerability:

If ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) ! = 0)

goto fail;

goto fail;

Somehow, this extra goto statement means that, the last step of the SSL/TLS handshake algorithm was skipped thus turning out to be massively compromising.

It surely was an embarrassing mistake as to how this code could actually be put into production, in such a big organization like Apple. Anyways, it is one of the major bug fixes of all time.

 

Heartbleed:

Revealed in April, the Heartbleed bug was definitely one of the massive vulnerabilities of 2014. It is called so because this bug is located in the TLS/DTLS heartbeat extension which is an implementation of the OpenSSL. When abused, this bug leads to leak of information from the server to client and client to server.

The large hype this bug created is because it almost left all such encrypted information and secrets open to the internet. If misused, this bug provides the attacker all the information he needs without leaving any traces, and that only means damage and more damage.

Though Heartbleed could be fixed using a software patch, researchers say this vulnerability could remain in the Internet for many more years. This is mainly because of the ignorance of webmasters running smaller sites, to update their server software.

 

Shellshock:

Soon after the Heartbleed bug surfaced and security experts strived hard and foiled its bad effects, there came up the other biggest disaster, Shellshock (also called Bashdoor). This vulnerability is identified in the Bash shell, an interpreter that allows arranging commands in Linux and Unix systems.

This vulnerability as observed by researchers was by then already being exploited in the wild, which made it more dangerous than the heartbleed vulnerability. On exploiting, Shellshock hands over all the access of the target machine to the attacker.

 

BadUSB Threat:

We surely love the USB technology. USB devices have made life easier with their plug and play interface and their portable nature. But in July, the Berlin-based Security Research Labs revealed that there is a fundamental flaw in USB devices which could be turned against us. The firmware in these devices is reprogrammable and hence can act as vehicles for delivering malware.

This flaw can be used to make a USB Pen Drive act as a keyboard and automatically press keys (as programmed) thus executing malware of the sources. The worst part is while exploiting more about this vulnerability, researchers published tools openly on the Internet, making it easy for attackers to exploit these vulnerabilities.

 

Wirelurker:

Wirelurker is a malware which hit thousands of iOS devices through a Chinese third-party app provider in November. This malware is designed to collect call logs, contacts and other private data from iOS devices. This malware resides in a PC, waits for iOS device to communicate with this PC via USB and enters into that device regardless of whether it is jailbroken. Wirelurker is only the second known malware that attacks iOS devices through USB. It’s also the first malware that installs other applications on iOS devices.

Apple quickly managed to address this malware, blocking all the infected apps from running. With in a few days of the outbreak of this malware, Chinese authorities arrested three people, who were suspected to have developed this malware.

 

1.2 Billion Accounts Hacked:

In August this year, a Russian group has hacked 1.2 billion usernames and passwords which is the first time ever in the internet history, as reported by Hold Security. The company claimed that this stolen information is from over a 420,000 websites which include many top-notch industries.

The company has denied publicly announcing information of all the affected websites but charge for this information, which was quite unusual. With such high number of websites taking the hit, it would obviously be difficult to contact each of them securely. But there were few voices that this data could have been spanned over from years, many of them weren’t valid now and that it could just be a profiting scheme on part of the company.

 

Sony Pictures Hack:

Surely, the Sony Pictures hack is the biggest security stories of 2014. This attack meant that the entire studio was sent into total chaos mode in the month of November. The main intention behind this attack still remains unclear but there is evidence that this attack originated in North Korea.