Friday, June 26, 2009

A review on a post on Internet Security from My E-Commerce blog http://ecommerze.blogspot.com/search/label/Internet%20Security




















After review the blog, it has alerted me to be more careful when performing the online activities. When we switch on our personal computer or laptop and connect to the internet and perform some online activities, there is always a risk that our computer will be hacked, vulnerable to viruses, worm or Trojan. In e-commerce world, actions should be taken to prevent computer from these threats as it involves business mainly in the online world. Neglect in internet security can lead to loss of personal data or hacker will hack to the company database to steal the information that is crucial to the company. First, we should be familiar with the threat and attack in order to protect our computer from threats.

There are two main types of attack and threats. One is known as technical attack and the other one is known as non technical attack. The example of the non-technical threat is ‘phising’ which the attacker will use the social pressure to trick the user to reveal their personal information such as credit card or bank account number. This technique is usually involved by sending e-mail to trick the user. For example, the attacker will send a bank notice that have been manipulated and states that they need the user’s information to safeguard their account due to certain reason. Then the user will provide their personal data with no doubt as it looks real.


Most of us are familiar with worms and viruses and these are the type of technical attacks. Besides that, non-technical attack also consists of Denial-of service (DOS) attack, Distributed denial of service (DDoS) and Trojan horse.


Denial-of service (DOS) attack
This is attack uses software by sending a floor of data packets to the user computer with the purpose of overloading its capacity. This can cause the network to shut down and making it impossible for user to access.

Distributed denial of service (DDoS)
It is similar to DOS attack which send request to bombard the system until it not responding. The different of DDos is the attacker will illegally access to several computer and send request while DOS only using one computer.

Trojan horse
This is a program that appear to be useful function as it actually hidden a harmfu
l function that can be harmful for your computer.


What can we do to aVoid those threat and attack?

Access control
The very first thing is to protect the physical asset which is your personal computer, laptop, hand phone and so on. It is also important to determine that who can actually access to the webpage. Besides that, avoid using password that is something related to you and known by other people such as your name or the date of the birthday.
Biometric system such as finger print, iris scanner can also take into consideration as the interest of this system is increasing.

Anti-virus and anti-spyware software
Anti-virus software can scan and protect the system by remove viruses, worm and also Trojan horse while anti- spyware can also removes Trojan horse which often include hidden inside of freeware product and services.

Firewall
Firewall act like a filter where the network must pass. It can protect the system against remote login, viruses, spam and others.

Key encryption
This is the process of encrypts the message in the ways that are difficult, expensive and time consuming. This can prevent an unauthorized people to decrypt the message easily.

How to SAFEGUARD our personal and financial DATA

Nowadays, computer and Internet become needs of people. We cannot ignore that, computer and Internet connections are became crucial part of our daily life, besides of hand phone. People use computer to record their daily life or business transaction; use Internet connection to conduct trading activities, gather information and etc. However, there is always a risk that our data will be exposed to others. In addition, we may not aware is it attacker will attack our computer to steal our personal or confidential data, or damage our computer. Therefore, it is important to safeguard our assets from those risks.

Below are some approaches that users can safeguard their personal and financial data:

1. Avoid from accessing financial data in public

Users are advised not to check their financial data in public such as coffee shop that offers free wireless access. These systems are trustable, yet it still unknown whether our data can be accessed by others who sharing the same wireless connections. Hence, users are recommended to check their Internet settings that can give them a highest security protection.

2. Use separate user account

If you are sharing computer with few people, you may be worry that your data will be accidentally access, modify, delete or misuse by others. Therefore, create separate users account is a most effective way to solve their problems. By using separate user account, each of the users will be assigned specific access right and privileges by administrator. This approach limits the risk of private and confidential date been accessible and modifiable by other unwanted users. However, it will not give a full protection by using separate user account against vulnerabilities that may give an attacker administrator privileges.

3. Use and maintain antivirus software and firewall

Antivirus software can helps you to detect and eliminate viruses and Trojan horses than can modify and access to your personal data stored in personal computer. You need to update your antivirus database regularly to avoid your computer being infected by newest viruses. Furthermore, firewall helps to provide protection in favor of users by safeguarding network from malicious or unnecessary Internet traffic. Most of the computer comes with the firewall that integrated with their operating system. Nevertheless, if you using old computer, you are advised to buy firewall and install by yourself.

4. Use password to encrypt sensitive/confidential data

Passwords and other security features add layers of protection if people know how to use it appropriately. By encrypting files, you can ensure that your data not being accessed by unauthorized person. Even if they can physically access to the data, yet the file is not readable or viewable by unauthorized person. Whether the data stored is permanently or temporarily, the data still need to be encrypted. Once you use encryption for your data, it is important that you need to remember the password or passphrases, if not, you lost access to your data and data lose as well.

5. Do not open unknown attachments/links

Never open any unknown files or links that send by an unknown party. Most probably those attachment contains viruses can lead to damages to your data. Besides, it could be one of a way that an unknown party steals your data by sending those attachments or links. Moreover, if you click on the links, most probably it will guide you to a website where they ask you to enter or fill in any personal or financial data.

Related Links:

Safeguarding Your Data
Six Ways to Safeguard Your Online Assets
Understanding Firewalls

Phishing

is an e-mail fraud method by sending faked e-mail or instant messages in order to purloin the personal or financial information of recipients. Typically, the e-mail is come from the legitimate or well-known website. The e-mail will require recipients to verify their personal information or account detail such as password, credit card and bank account number or suggest victims to update the services, to badger the users visit their website through the hyperlink provided in the e-mail. The goal of the sender is for victim to disclose personal or account related information.


Following is the EXAMPLE of phishing:

Example 1

Example 2

Example 3



How to PREVENT Phishing?

1.Install up-to-date antivirus and antispyware software: antispyware software such as PowerShark can effectively detect and respond to the phishing attack.
2.Block the phishing e-mails by various spam filters: Phishing Filter can helps protect individual from Web fraud and the risks of personal data theft by warning or blocking phishing Web sites
3.Detect phishing in time: users can try to detect phishing by reading the information and characteristics of phishing
4.Enhance the security of the website: nowadays, many companies have taken some anti phishing methods in order to prevent and stop the process such as secret question, special images as well as biometric characteristic

The threat of online security: How safe is our data?

Technology of internet is continuing grow rapidly where everyone no matter old or young also gain access through internet. People tend to use internet for the business transaction, information sharing, surfing net and etc. However, there is a risk where some websites contains some malicious program such as virus, worms, trojan house and spyware. Therefore, the online security is very important to prevent the data from loss, damage and misuse.

THREAT of online security

Virus is a piece of code that inserts itself into a host, which including the operating system in order to spread over and harm the users computer. Virus attack can damage the operating system, causing the loss of data and other possible losses. In the internet world, there have around 80,000 viruses and everyday will have 25 new viruses be created. The examples of computer viruses are I Love You virus, AutoRun and etc


Worm is a program that copies itself repeatedly. The repeatedly copied files use up the available space and slow down a computer operating speed. The difference between the virus and worm is worm does not need to attach itself to an existing program. For example Wscript.KakWorm spreads using Microsoft Outlook Express. It attaches itself to all outgoing messages using the Signature feature of Outlook Express and Internet Explorer newsgroup reader. Simply reading the received email message causes the virus to be placed on the system.

Trojan House is a program that hides within or looks like a legitimate program. Although they seem to be harmless, they may however be triggered if certain condition is certified. The example of Trojan horse is Trojan Xombe which is the mask as email from Microsoft. The hackers will access to the computer and steal the passwords. Spyware is a stand-alone program that monitors the activity on computer, gathering personal information, such as usernames, passwords, account numbers, files, other confidential information, and even driver’s license or social security numbers without being detected, and sends this information to another computer. Additionally, a user may unknowingly receive spyware by accepting an End User License Agreement from a software program. For example, blogs are being used by hackers to spread spyware, exploiting flaws in publishing tools. Experts say hackers can use JavaScript and ActiveX, common methods for launching programs on webpages, to install spyware on blog visitors’ PCs. Richard Stiennon, chief of technology for Webroot Software, says auto-generated websites such as blogs are a great place for spyware authors to spread their work.

In conclusion, risk exposed by computer users is increasing with the increasing developed technology. Therefore, safeguards developed must be always up to date to enhance the defenses against online security threats. In the same time, users must be educated and informed about the crucial damages and loss caused by imposing online security threats.