PC Security

CES Interview Yoggie PC Security in a USB Stick

By admin | November 12, 2008

What if I told you that you could remove all virus protection from your computer. Disable any firewalls and replace all of that technology with a USB stick that would re-route your internet connection through the Gatekeeper Pico card and provide you the same level of protection.

Yoggie Security has a new device that they claim does just that. Their thought is you can remove all of the spyware, virus and firewall protection software and have a faster computer by protecting your computer with their USB www.yoggie.com

Topics: Uncategorized | 3 Comments »

Parental Peace of Mind

By fthomas | November 9, 2008

The advent of the Internet, in some respects, made the job of parenting a little harder. We want our children to experience the vast wealth of knowledge available on the Internet and communicate with their friends online (frees up the telephone). Unfortunately, it also potential exposes our children to inappropriate material, obscene pop-up ads, and even sexual predators. In fact, research indicates that 1 in 5 children aged 10 to 17 have received a sexual solicitation over the Internet. This is definitely not something any parent wants to hear, but is forced to face.

We need a little assurance that when our children access the web, they can do so safely. Internet filters are crucial to protect your children. One tool that can assist us in this goal is Internet Parental Control software. One of the top names in parental control software is ContentWatch, and if the Big Mouse himself recommends this product, then it has to be good. If Disney feels good enough to install three of the ContentWatch products in their Disney Dream Desk PC, it has to be worthy. After all, they are willing to stake their reputation on it.

Internetfilterreviews.com rated ContentProtect 2.0 the #1 Internet filtering software. It is easy to install, configure, and customize. If you do have any problems, ContentWatch provides unlimited toll-free technical support. ContentProtect can blocks pornography, hate sites, questionable chat rooms, and other known dangers of the Internet. You can even configure ContentProtect to block online game and gambling sites, and make it so your children can only install and play computer games with parental ratings that you deem appropriate.

Other features include:
* Integration with Safe Search features in popular search engines
* Reports of your children's internet activity
* Logs of your child's chat room and instant messages
* Reports if your child tries to remove or disable protection
* Filters bad content on Peer-to-Peer networks and other areas
* Password protected access for parents
* Customizable restrictions for each family member.
* Automatic software updates at no additional cost.

ContentWatch provides a two-week, no-obligation free trial of the full version. The product costs $39.99 per seat (installs on only one computer). This is a one time purchase price which will give you unlimited use of the service. You never have to renew a subscription or pay any additional membership fees for use of the program. It seems like a reasonable price for a little parental peace of mind.

Topics: Uncategorized | 1 Comment »

TrustPort PC Security

By admin | November 9, 2008

Video introducing some of the features of TrustPort PC Security (formerly known as TrustPort Workstation)
More info: www.trustport.com.au

Topics: Uncategorized | No Comments »

Mac vs.PC: Security

By admin | November 7, 2008

The newest Mac vs. PC commercial !!!!! GO MAC !!!!

Topics: Uncategorized | 20 Comments »

What are Intrusion Detection Systems?

By fthomas | November 6, 2008

Intrusion Detection System (IDS) are a necessary part of any strategy for enterprise security. What are Intrusion Detection systems? CERIAS, The Center for Education and Research in Information Assurance and Security, defines it this way:

"The purpose of an intrusion detection system (or IDS) is to detect unauthorized access or misuse of a computer system. Intrusion detection systems are kind of like burglar alarms for computers. They sound alarms and sometimes even take corrective action when an intruder or abuser is detected. Many different intrusion detection systems have been developed but the detection schemes generally fall into one of two categories, anomaly detection or misuse detection. Anomaly detectors look for behavior that deviates from normal system use. Misuse detectors look for behavior that matches a known attack scenario. A great deal of time and effort has been invested in intrusion detection, and this list provides links to many sites that discuss some of these efforts"(http://www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/)

There is a sub-category of intrusion detection systems called network intrusion detection systems (NIDS). These systems monitors packets on the network wire and looks for suspicious activity. Network intrusion detection systems can monitor many computers at a time over a network, while other intrusion detection systems may monitor only one.

Who is breaking into your system?

One common misconception of software hackers is that it is usually people outside your network who break into your systems and cause mayhem. The reality, especially for corporate workers, is that insiders can and usually do cause the majority of security breaches. Insiders often impersonate people with more privileges then themselves to gain access to sensitive information.

How do intruders break into your system?

The simplest and easiest way to break in is to let someone have physical access to a system. Despite the best of efforts, it is often impossible to stop someone once they have physical access to a machine. Also, if someone has an account on a system already, at a low permission level, another way to break in is to use tricks of the trade to be granted higher-level privileges through holes in your system. Finally, there are many ways to gain access to systems even if one is working remotely. Remote intrusion techniques have become harder and more complex to fight.

How does one stop intrusions?

There are several Freeware/shareware Intrusion Detection Systems as well as commercial intrusion detection systems.

Open Source Intrusion Detection Systems

Below are a few of the open source intrusion detection systems:

AIDE (http://sourceforge.net/projects/aide) Self-described as "AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire."

File System Saint (http://sourceforge.net/projects/fss) - Self-described as, "File System Saint is a lightweight host-based intrusion detection system with primary focus on speed and ease of use."

Snort (www.snort.org) Self-described as "Snort

Topics: Uncategorized | No Comments »

Pc Security for XP

By admin | November 4, 2008

Today I explain some great security programs.

links:
avast:http://www.avast.com/index_esp.html

Spyware Terminator:http://www.spywareterminator.com/

Comodo Firewall:http://www.personalfirewall.comodo.com/

Topics: Uncategorized | 1 Comment »

Phishing For Your Identity

By fthomas | November 3, 2008

Who hasn't received an email directing them to visit a familiar website where they are being asked to update their personal information? The website needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you've conducted business with in the past. So, you click on the convenient "take me there" link and proceed to provide all the information they have requested. Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You, my friend, have just been "phished".

Phishing (pronounced as "fishing") is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business. The intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity.

It is not at easy as you think to spot an email phishing for information. At first glance, the email may look like it is from a legitimate company. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable link even appears to take you to the company's website, when in fact, it is a fake website built to replicate the legitimate site.

Many of these people are professional criminals. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully. When reviewing your email remember that the "From Field" can be easily changed by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Also keep in mind that the phisher will go all out in trying to make their email look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Finally, they like to include a clickable link that the recipient can follow to conveniently update their information.
A great way to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

Finally, follow the golden rule. Never, ever, click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash box in your e-mail accounts as well. If you are truly concerned that you are missing an important notice regarding one of your accounts, then type the full URL address of the website into your browser. At least then you can be confident that you are, in fact, being directed to the true and legitimate website.

Topics: Uncategorized | No Comments »

Department of Defense Crackdown on Security

By fthomas | November 1, 2008

The top commander of the department of Defense network operations just ordered a crackdown on security. According to a recent article by NetworkWorld on January 16,2006, Lt. General Charles Croom is quoted as saying, "The attacks are coming from everywhere and they're getting better." His talk was the keynote address at the Department of Defense Cyber Crime Conference held on January 9 - 14, 2005 in Clearwater, Florida. The event is sponsored by the Defense Cyber Crime Center and the Joint Task Force. Over 500 computer crime specialists from the FBI and the military attended the event.
The crackdown was related to a recent arrest of a "Computer Virus Broker" named Jeanson James Ancheta. On further investigation, a Department of Justice press release from Nov 3rd, 2005 offered the following information on this incident, "In the first prosecution of its kind in the nation, a well-known member of the "botmaster underground" has been indicted on federal charges for profiting from the use of "botnets" - armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet.
Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering."
The press release goes on to describe more details of this scheme that clearly show why the Deparment of Defense is so concerned (for more information go to: http://www.usdoj.gov/criminal/cybercrime/anchetaArrest.htm )
"Ancheta had become an affiliate of several different advertising service companies, and those companies paid him a commission based upon the number of installations. To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations. When companies hosting Ancheta's adware servers discovered the malicious activity, Ancheta redirected his botnet armies to a different server he controlled to pick up adware. To generate the roughly $60,000 he received in advertising affiliate proceeds, Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers used to conduct his schemes.
Ancheta used programs powerful enough to cause the infection of computers at the Weapons Division of the United States Naval Air Warfare Center in China Lake, as well as computers belonging to the Defense Information Systems Agency, a component of the United States Department of Defense. Both networks are used exclusively by the federal government in furtherance of national defense. After being arrested this morning at the FBI Field Office in Los Angeles, Ancheta was transported to United States District Court in Los Angeles. It is unclear if he will make his initial court appearance this afternoon or tomorrow. Ancheta is charged with two counts of conspiracy, two counts of attempted transmission of code to a protected computer, two counts of transmission of code to a government computer, five counts of accessing a protected computer to commit fraud and five counts of money laundering. Count 17 of the indictment seeks the forfeiture of more than $60,000 in cash, a BMW automobile and computer equipment that the indictment alleges are the proceeds and instrumentalities of Ancheta's illegal activity."

Some recent news. Ancheta pleaded guilty to charges of conspiring to violate anti-spam and computer misuse laws, and fraud and will serve from 4-6 years in prison, under the plea agreement - plus heavy fines.

Topics: Uncategorized | No Comments »