You know that there are threats everywhere: viruses, spam, and denial of service attacks, and just plain hacking. But if you aren’t an expert in preventing such threats, how can you protect your company and client data?
KhaasIT is experienced in protecting computers, networks, servers and other IT infrastructure components for malicious attacks. We offer a variety of services that can help you sleep better at night knowing that your network is protected.
Contact KhaasIT today for a free enterprise security consultation and quote!
1. What is information or an enterprise security?
2. Define a computer virus, Spyware, Malware and Spam?
3. What is antivirus software?
4. What is a firewall and how it protects your IT?
5. What is an Access control system and how it helps in your IT security?
6. How KhaasIT can help you with enterprise security solutions?
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Governments, military, corporations, financial institutions, hospitals, and private businesses a mass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
Should confidential information about a business’ customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.
For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.
The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) allied infrastructure, and securing applications and databases, security testing, information systems auditing, business continuity planning and forensics science, to name a few, which are carried out by Information Security Consultants.
A computer virus is a computer program that can copy itself and infect a computer. The term “virus” is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.
Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
As stated above, the term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most root kits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system’s data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.
Spam is the use of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified adsspam, mobile phone messaging spam, Internet forum spam, transmissions, social spam, television advertising and file sharing network spam.
Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is universally reviled, and has been the subject of legislation in many jurisdictions.
People who create electronic spam are called spammers.
Spyware is a type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user’s personal computer. Sometimes, however, spywares such as key loggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
While the term spyware suggests that software that secretly monitors the user’s computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase
the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user’s computer
Malware is a software designed to infiltrate a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including Californiaand West Virginia .
Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs.
Preliminary results from Symantec published in 2008 suggested that “the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.” According to F-Secure, “As much malware [was] produced in 2007 as in the previous 20 years altogether.” Malware’s most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.
The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms (products) to protect against the continuous stream of unique and newly produced malware, has seen the adoption of a new mindset for businesses operating on the Internet: the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or another, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers’ computers.
On March 29, 2010, Symantec Corporation named Shaoxing, China as the world’s malware capital.
Sometimes, malware is disguised as genuine software, and may come from an official site. Therefore, some security programs, such as McAfee may call malware “potentially unwanted programs” or “PUP”.
Antivirus (or anti-virus) software is used to prevent, detect, and remove malware – including computer virus, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.
A variety of strategies are typically employed. Signature-based detection involves searching for known malicious patterns in executable code. However, it is possible for a user to be infected with new malware for which no signature exists yet. To counter such so-called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses by looking for known malicious code (or slight variations of such code) in files. Some antivirus software can also predict what a file will do if opened/run by emulating it in a sandbox and analyzing what it does to see if it performs any malicious actions. If it does, this could mean the file is malicious.
However, no matter how useful antivirus software is, it can sometimes have drawbacks. Antivirus software can degrade computer performance. Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection (of any kind), success depends on achieving the right balance between false positives and false negatives. False positives can be as destructive as false negatives. Finally, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack.
In addition to the drawbacks mentioned above, the effectiveness of antivirus software has also been researched and debated. One study found that the detection success of major antivirus software dropped over a one-year period.
Access control is a system which enables an authority to control physical access to areas and resources in a given physical facility or computer-based information system. An access control system, within the field of physical security, is generally seen as the second layer in the security of a physical structure.
Access control is, in reality, an everyday phenomenon. A lock on a car door is essentially a form of access control. A PIN on an ATM system at a bank is another means of access control. Bouncers standing in front of a night club is perhaps a more primitive mode of access control (given the evident lack of information technology involved). The possession of access control is of prime importance when persons seek to secure important, confidential, or sensitive information and equipment.
Item control or electronic key management is an area within (and possibly integrated with) an access control system which concerns the managing of possession and location of small assets or physical (mechanical) keys.
Access control card reader
Access control card readers are used in physical security systems to read a credential that allows access through access control points, typically a locked door. An access control reader can be a magnetic stripe reader, a bar code reader, a proximity reader, a smart card reader, or a bio metric reader.
Access control readers may be classified by functions they are able to perform and by identification technology:
A barcode is a series of alternating dark and light stripes that are read by an optical scanner. The organization and width of the lines is determined by the bar code protocol selected. There are many different protocols but Code 39 is the most popular in the security industry. Sometimes the digits represented by the dark and light bars are also printed to allow people to read the number without an optical reader. The advantage of using bar code technology is that it is cheap and easy to generate the credential and it can easily be applied to cards or other items. The disadvantage of this technology is that it is cheap and easy to generate a credential making the technology susceptible to fraud and the optical reader can have reliability problems with dirty or smudged credentials. One attempt to reduce fraud is to print the bar code using carbon-based ink and then cover the bar code with a dark red overlay. The bar code can then be read with an optical reader tuned to the infrared spectrum, but can not easily be copied by a copy machine. This does not address the ease with which bar code numbers can be generated from a computer using almost any printer.
There are several forms of biometric identification employed in access control: fingerprint, hand geometry, it’s and face recognition. The use of biometric technology significantly increases security level of systems because it eliminates such problems as lost, stolen or loaned ID cards, and forgotten or guessed PINs. The operation of all biometric readers is alike: they compare the template stored in memory to the scan obtained during the process of identification. If the probability that the template in the memory and the live scan belong to the same person is high enough, the ID number of that person is sent to a control panel. The control panel then checks permissions of the user and makes the decision whether to grant access or not. The communication between the reader and the control panel is usually done in the industry standard Wiegand protocol. The only exception is intelligent biometric readers that do not require any panels and directly control all door hardware.
Biometric templates may be stored in the memory of readers, in which case the number of users is limited by reader memory size. Readers currently available in the market may store up to 50,000 templates. Template of each user may also be stored in the memory of his/her smart card. This option removes all limits to the number of system users, but it requires each user to have a card and makes finger-only identification impossible. Biometric templates may also be stored in the memory of a central server PC. This option is called “server-based verification”. Readers simply read biometric data of users and forward it to the main computer for processing. Such systems support large number of users, but they are very much dependent on the reliability of the central server and communication lines.
1-to-1 and 1-to-many are the two possible modes of operation of a biometric reader.
In the 1-to-1 mode a user must first identify himself/herself to the reader by either presenting an ID card or entering a PIN. The reader then looks up the template of the user in the database and compares it with the live scan. The 1-to-1 method is considered more secure and is generally faster as the reader needs to perform only one comparison. Most 1-to-1 biometric readers are “dual-technology” readers: they either have a built-in proximity, smart card or keypad reader, or they have an input for connecting an external card reader.
In the 1-to-many mode a user presents his finger (or hand, eye, etc.) and reader needs to compare the live scan to all the templates stored in the memory. This method is preferred by most end-users, because it eliminates the need to carry ID cards or use PINs. On the other hand this method is slower, because the reader may have to perform thousands of comparison operations until it finds the match. An important technical characteristic of 1-to-many readers is the number of comparisons that can be performed in one second, which is considered the maximum time that users can wait at a door without noticing a delay. Currently most 1-to-many readers are capable of performing 2000-3000 matching operations in one second.
Magnetic stripe technology, usually called mag-stripe, is so named because of the stripe of magnetic oxide tape that is laminated on a card. There are three tracks of data on the magnetic stripe. Typically the data on each of the tracks follows a specific & encoding standard, but it is possible to encode any format on any track. A mag-stripe card is cheap compared to other card technologies and is easy to program. The magnetic stripe holds more data than a bar code can in the same space. While a mag-stripe is more difficult to generate than a bar code, the technology for reading and encoding data on a mag-stripe is widespread and easy to acquire. Magnetic stripe technology is also susceptible to misreads, card wear, and data corruption.
Wiegand card technology is a patented technology using embedded ferromagnetic wires strategically positioned to create a unique pattern that generates the identification number. Like magnetic stripe or bar code, this card must be swiped through a reader to be read. Unlike those other technologies the identification media is embedded in the card and not susceptible to wear. This technology once gained popularity because of the difficulty in duplicating the technology creating a high perception of security. This technology is being replaced by proximity cards because of the limited source of supply, the relatively better tamper resistance of proximity readers, and the convenience of the touch-less functionality in proximity readers.
The Wiegand effect was used in early access cards. This method was abandoned in favor of other technologies. Card readers are still referred to as “Wiegand output readers” but no longer use the Wiegand effect. The new technologies retained the Wiegand upstream data so that the new readers were compatible with old systems. A Proximity reader radiates a 1″ to 20″ electrical field around itself. Cards use a simple LC circuit. When a card is presented to the reader, the reader’s electrical field excites a coil in the card. The coil charges a capacitor and in turn powers an integrated circuit. The integrated circuit outputs the card number to the coil which transmits it to the reader.
A common proximity format is 26 bit Wiegand. This format uses a facility code, sometimes also called a site code. The facility code is a unique number common to all of the cards in a particular set. The idea is that an organization will have their own facility code and a set of numbered cards incrementing from 1. Another organization has a different facility code and their card set also increments from 1. Thus different organizations can have card sets with the same card numbers but since the facility codes differ, the cards only work at one organization. This idea worked fine for a while but there is no governing body controlling card numbers, and different manufacturers can supply cards with identical facility codes and identical card numbers to different organizations. Thus there is a problem of duplicate cards. To counteract this problem some manufacturers have created formats beyond 26 bit Wiegand that they control and issue to organizations.
In the 26 bit Wiegand format, bit 1 is an even parity bit. Bits 2-9 are a facility code. Bits 10-25 are the card number. Bit 26 is an odd parity bit. Other formats have a similar structure of a leading facility code followed by the card number and including parity bits for error checking.
There are two types of smart cards: contact and contactless. Both have an embedded microprocessor and memory. The smart card differs from the card typically called a proximity card in that the microchip in the proximity card has only one function: to provide the reader with the card’s identification number. The processor on the smart card has an operating system and can handle multiple applications such as a cash card, a pre-paid membership card, and even an access control card. The difference between the two types of smart cards is found in the manner with which the microprocessor on the card communicates with the outside world. A contact smart card has eight contacts, which must physically touch contacts on the reader to convey information between them. Since contact cards must be inserted into readers carefully and the orientation has be observed the speed and convenience of such transaction is not acceptable for most access control applications. The use of contact smart cards is physical access control is limited mostly to parking applications when payment data is stored in card memory and when the speed of transactions is not important. A contactless smart card uses the same radio-based technology as the proximity card with the exception of the frequency band used: higher frequency (13.56Mhz instead of 125kHz) allows to transferring more data and communicating with several cards at the same time. A contactless card does not have to touch the reader or even be taken out from a wallet or purse. Most access control systems only read serial numbers of contactless smart cards and do not utilize the available memory. Card memory may be used for storing biometric data (i.e. fingerprint template) of a user. In such case a biometric reader first reads the template on the card and then compares it to the finger (hand, eye, etc.) presented by the user. This way biometric data of users does not have to be distributed and stored in the memory of controllers or readers, which simplifies the system and reduces memory requirements.
Smartcard readers have been targeted successfully by criminals in what is termed a supply chain attack, in which the readers are tampered with during manufacture or in the supply chain before delivery. The rogue devices capture customers’ card details before transmitting them to criminals.
What is Firewall and how it protects your IT
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. (For more technical learning and information on Firewall, see our technology firewall category)
KhaasIT Enterprise Security Services
Mail server & e-mail Security – SPAM and virus filtering
Internet Security – Firewall technology will be an effective tool in web content filtering, comprehensive package of various technologies to prevent leaks.
Network infrastructure and perimeter security – Firewall technology, security audits, penetration testing.
Server & workstation Security – antivirus, antispyware, security audits and server hardening
Desktop or laptop Computer Protection – antivirus, antispyware and safe browsing technologies
Physical Security – prevent unauthorized physical access through smart security card, and biometrics access control card.