It's also a good idea to test the security of your email client. The GFI Email Security Testing Zone is a place where you can do just that. Enter your email address and the service will perform a vulnerability check on your email system. A series of emails will be sent to you that are designed to test the security of your system and inform you about any potential problems.
When you enter your email address to perform the tests, you will first receive an email that asks for confirmation. Once you confirm your request, a series of test emails will be sent. Each email will outline the results of the test. Naturally, none of the test emails contain any harmful code or viruses. The emails are designed to fool your security software into detecting a potential threat.
Although the company offering the tests is in the business of selling security software, I believe all the tests are legitimate and above board. When requesting the test, you are given the option of subscribing to the GIF Newsletter, but I have never received unsolicited email from the company.
To read more about the service and request the tests, click the link below.
Friday, June 20, 2008
Testing Your Online Security
Being a responsible, security conscious computer user, you have firewall software protecting your machine from unwanted intruders right? Well that's great, but how do you know if the firewall is actually doing its job? Some firewall software is not all that easy to set up. How can you be sure that you have the software configured to effectively protect your system?
A good way to find out if your system is really as secure as you'd like it to be is to request an online security test. A number of sites offer security tests free of charge. Three testing sites that I personally know and trust are listed below.
This site is run by Steve Gibson, a well-known and respected Internet personage. There is a lot of good security information available on the site as well as the testing procedures and how to use them. The site resonates with Mr Gibson's unique and flamboyant communication style
The scans on the site are labelled "Privacy" and "Security". They are simple to use and very fast. A good way to get a quick heads up on the state of your computer's security. The site also has a lot of information and links about security issues.
Another popular site that allows you to perform a port scan at the click of a button. After the scan is completed, a click of the "Results" button opens a page that reports on the health of your security setup.
All being well, these sites should generate a report that explains how secure your system is. If there are holes in your security, the reports will suggest ways of filling them. If I'm testing a computer's security, I usually take the time to request tests from at least two of the sites above. A second opinion is always good to have! The result to aim for is that your computer is operating in "stealth mode". That is, it is virtually invisible to intruders looking for an easy mark.
As I mentioned, there are a number of sites that offer security tests. However, some of these "tests" are completely bogus and are designed to scare users into purchasing software that they may not even need. One of the dirty little tricks that these sites employ is to make you think that the entire contents of your hard-drive is available for all to see. They do this by apparently displaying the contents of your hard-drive in your web browser. In reality, nobody but you can see your files. This trick is achieved by placing a script in the code of the website that simply opens your C drive in your browser. You can do this yourself by simply typing "C:" (without the quotes) in the address bar of your browser. Try it! It's actually a quite useful alternative method of manoeuvring through the files stored on your hard-drive.
Well, hopefully your computer manages to achieve a good report card. Of course, the scum who try to break into other peoples' computers are often very canny. No computer security system can claim to be totally foolproof. However, doing a little online testing can help you to ensure that your computer is as secure as possible.
A good way to find out if your system is really as secure as you'd like it to be is to request an online security test. A number of sites offer security tests free of charge. Three testing sites that I personally know and trust are listed below.
This site is run by Steve Gibson, a well-known and respected Internet personage. There is a lot of good security information available on the site as well as the testing procedures and how to use them. The site resonates with Mr Gibson's unique and flamboyant communication style
The scans on the site are labelled "Privacy" and "Security". They are simple to use and very fast. A good way to get a quick heads up on the state of your computer's security. The site also has a lot of information and links about security issues.
Another popular site that allows you to perform a port scan at the click of a button. After the scan is completed, a click of the "Results" button opens a page that reports on the health of your security setup.
All being well, these sites should generate a report that explains how secure your system is. If there are holes in your security, the reports will suggest ways of filling them. If I'm testing a computer's security, I usually take the time to request tests from at least two of the sites above. A second opinion is always good to have! The result to aim for is that your computer is operating in "stealth mode". That is, it is virtually invisible to intruders looking for an easy mark.
As I mentioned, there are a number of sites that offer security tests. However, some of these "tests" are completely bogus and are designed to scare users into purchasing software that they may not even need. One of the dirty little tricks that these sites employ is to make you think that the entire contents of your hard-drive is available for all to see. They do this by apparently displaying the contents of your hard-drive in your web browser. In reality, nobody but you can see your files. This trick is achieved by placing a script in the code of the website that simply opens your C drive in your browser. You can do this yourself by simply typing "C:" (without the quotes) in the address bar of your browser. Try it! It's actually a quite useful alternative method of manoeuvring through the files stored on your hard-drive.
Well, hopefully your computer manages to achieve a good report card. Of course, the scum who try to break into other peoples' computers are often very canny. No computer security system can claim to be totally foolproof. However, doing a little online testing can help you to ensure that your computer is as secure as possible.
Security Important for Firm's Web Operations
Some Security Considerations. Do you run a web site or control any security assets? If so, you should periodically run a basic security check on these assets. Some of the things to look for are actually basic issues from physical security. Consider:
- Human risks are probably still the most significant challenge a security manager has to consider. When you consider that threats can come from the inside or outside you should also consider that insiders have a head start.
- Further consider security training. Social engineering threats are common. You'd be surprised how many passwords are given out by employees just by someone saying they are from the computer shop and asking for the password over the phone.
- Web sites can provide information for attacks or social engineering. Contact information is often posted and sometimes system information is put into the headers on web pages; and, these headers can be read as part of the page source code.
- Make certain all software is properly installed and all security patches obtained and installed. Even with this, there are common errors that are often not caught. Look in copies of CK Now for "buffer overflow" for the most obvious example.
- Completely test, particularly for security problems, all software written in-house. Make certain you understand everything it does; particularly when data is input in the wrong locations and/or in the wrong form. For example, if you truncate long IDs you might allow the wrong user to access data (SmithJohn might also be allowed for SmithJohnathan).
- If you update underlying software, consider retesting everything. It's not uncommon for operating system changes to introduce new holes that might now become available for exploitation.
- Know what others are doing with your site. There are many services that exchange links and/or place ads on your site. While not necessarily a direct threat you might not want some of the advertisers your site is being served. Check to see if you can limit the type of advertising fed to your web site.
- Consider having backup sites customers can use if you have a business-intensive site. Down time is noticed and customers don't care if it's caused by systems being down or denial-of-service attacks. On a similar line make certain your provider has the bandwidth and machine capability to serve your needs; particularly directly after an advertising campaign.
- Privacy is important to users. Keep that in mind. Consider not just having an enforced policy but helping the users by not allowing them to have easy-to-guess passwords, as one example. This will also help stem the tide of identity theft.
- Be aware of who is looking at your web site(s). Get a good log analysis program and use it. Maybe you can spot trends before they become problems.
MS Word Macro Virus Strikes VAFB
Computer security officials from 30th Communication Squadron and local contractors are scurrying to cope with an onslaught of the Microsoft Word Macro computer virus. Because it operates in a new way, computer virus software written before last winter is completely ineffective against it.
Several calls a week have been received since November 1995; most involving multiple systems. A technician responding to one such call discovered that 47 computers had been compromised by that one outbreak alone! In each case, the technician must install anti-virus software and repair all of the effected systems.
The virus is not showing any partiality. Computers being used by active duty military, government civilians, and contractor employees are all being struck. The activities involved include space launch, base support, and research and development. One official estimated that as many as 60% of Vandenberg’s computers which are connected to networks may have been attacked, and that all are at risk. A quick check at other locations, including Los Angeles AFB, CA, disclosed that the virus is widespread there also.
Unlike previous viruses, this new type infects data and document files, not just “executables” like “.EXE,” “.COM” and “.BAT”. It does this by using the WordBasic macro language to infect and replicate in Microsoft Word documents and templates. Unlike older viruses which were usually confined to a single computer platform, the new virus attacks documents and templates on DOS, Mac, Windows 3.x, Windows 95, and Windows NT operating systems. Variations of the virus, called DMV, Concept, and Nuclear, appeared shortly after the initial virus.
Once an infected document is opened, the virus launches itself. Generally it will infect the user’s NORMAL.DOT template. This template is the basis for most other documents and quickly spreads to all other documents and templates as they are opened. It forces the users’ computers to save documents as templates instead of documents, since only templates can contain the macro language which contains the virus.
The virus has spread so quickly because many sophisticated users employ e-mail to share documents, instead of printing them and sending the resulting paperwork via “snail mail.” Several of the original infections came in documents titled “FURLOUGH.DOC” (about the furlough of government civilians) and “CONNESTOGA.DOC” (about the failure of the Connestoga commercial space vehicle launched last year at Wallops Island, VA).
The Microsoft Word Macro Virus, unlike most others, will warn you immediately when it infects your computer. It will bring up a dialog box with the title “Microsoft Word,” the numeral “1,” and an “OK” button. If you see the dialog box right after you open a document, stop what you are doing, and notify your help desk IMMEDIATELY.
The Nuclear strain of the virus is the only macro virus currently known to cause damage to your print outs and DOS system files. If you open the document between 55 seconds and the next minute, any print job will have the text STOP ALL FRENCH NUCLEAR TESTING IN THE PACIFIC! appended to it. If you open the document between 5 and 6 PM, it will attempt to infect your machine with the ph33r virus. This part is not damaging however, because it installs a Terminate and Stay Resident (TSR) program in a DOS session that ceases to exist when the macro finishes. On April 5 of any year, IO.SYS and MSDOS.SYS are zeroed out, and COMMAND.COM is deleted from your root directory. DOS can no longer boot, and presumably, by zeroing out the crucial files, won't notify you that DOS is gone at boot time.
In October 1995, Microsoft released its Macro Virus Protection Tool, SCANPROT.DOT. If you already have it loaded, exiting Word will automatically clean up the document and your Microsoft Word program templates. The macro virus protection tool alerts users anytime a document containing macros is opened. Since the virus is spread through macros, users will be alerted when they try and open a document containing the virus. Users can protect themselves from the virus by choosing to open the file without macros.
Computer security and help desk people, including 30th Communications Squadron and B D Systems, Inc., have the new anti-virus software available. If you think your system may have been effected, call them immediately.
Virus Infections Increasing
A recent study of 300 companies is reported to have shown that the rate of virus infection increased some 48% over a one year period, despite the fact that the companies regularly used anti-virus software. The problem? While anti-virus (AV) software was installed, it was not kept up to date regularly.
On average, the survey showed more than 86 viruses per 1,000 computers with disks brought from home as being the most popular vector. (Computer Knowledge strongly recommends that any company AV contract allow installation on both company and home computers.) Second most common vector was the e-mail attachment. Macro viruses were the most common virus type.
So, again, keep your anti-virus software updated!Computer Security with a Sense of Humor
Tired of the same boring, hard to understand advice on protecting your computer from viruses, hackers, and other cyberpunk pests? Then you’ll love Michael Alexander’s Underground Guide to Computer Security.
Alexander (Managing Editor at Datamation and until recently Editor-in-Chief of InfoSecurity News) promises “slightly askew” advice on ways to protect your computer. Actually, it is off-center only in its delightful sense of humor.
The book covers everything from email—it’s not that private; many people along the electronic pathway can read what you write—to the “1,000 points of fright” you must brave on the Internet. Many of his security tips are common sense reminders, but a little refresher course cannot hurt.
He reminds us that most people leave the network doors to their data unprotected by choosing passwords which are easily guessed or broken. Alexander recommends longer (six to eight) and more complex ones (including upper and lower case, numerals, and symbols). He warns against sharing your password and disdains the Windows 3.1 screen saver password feature. “It doesn’t do squat. Simply rebooting the computer and restarting Windows is all anyone needs to go to get a peek at that résumé you’ve been working on when no one was looking.”
“Using a cell phone is not much different than yodeling to convey your private affairs from one mountaintop to another,” Alexander cautions in another chapter. He explains snoops can use a $99 radio scanner to eavesdrop on conversations. O. J. Simpson defense attorney Alan Dershowitz was overheard discussing the case while kicking back at his summer home on Martha’s Vineyard. Fortunately for him, the employees of the ambulance company who overheard him called to warn him.
For me, one of the best features of the book is the concise checklists which challenge the readers’ knowledge and whether they practice what Alexander champions. Try answering (honestly, now) the Risk Assessment Test. See if you follow the tips on his Computer Security Tipsheet.
Underground Guide provides an easy to read introduction for those who don’t understand computer security. Alternatively, it’s a great book to have on your bookshelf to lend to friends who don’t have a clue about it. You will smile as you read this book, despite the seriousness of its message.
Reviewed: The Underground Guide to Computer Security: Slightly Askew Advice on Protecting Your PC and What’s On It by Michael Alexander, Reading, MA: Addison-Wesley Publishing Company, Paperback, 218 pages, $19.95, 1996.
Software Piracy: Let the Buyer Beware
Usually people think about software piracy as an intentional act. Someone “borrows” disks from a friend or work place and copies them for personal use. However, computer buyers may be unknowingly buying their new Macs, 486s, and Pentiums with illegal software!
As a way to compete with direct mail and computer superstores, some small computer stores are loading illegal copies of software onto computers they sell. They do no furnish publishers’ manuals, and the program disks--if any are provided--are locally produced duplicates. The added software provides an incentive for the buyers, who may not be aware they do not legally own the software.
Until recently, commercial software always came with a printed manual and usually came with a registration card. A few programs on CD-ROM are experimenting with on-line documentation. However, since the CD-ROM cannot be copies easily like programs sold on 5.25” and 3.5” disks, it is easy to prove legitimate ownership of the software.
What should you, the computer buyers, do? Exercise caution. Do not accept a computer without manuals and disks (CD-ROM or floppy) from the manufacturer. If the seller does not offer them to you, either demand them or buy some place more reputable.
Subscribe to:
Posts (Atom)