RSS

Blog posts tagged with 'Encryption'

SSL

Users often associate shopping online as a relatively safe method of shopping as long as there is a lock on the browser stating that the website is secured by SSL. But what users often do not know is what that really means and why it is important.

If you have ever been to a website and looking to purchase an item or at least seen the lock in the browsers URL it most likely is a safe and trusted website. But have you ever been to a website that was not secured by a SSL certificate, and come across a message similar to this.
What this message is telling you is that this website is running over a secure connection that does not have a security certificate, or SSL, and is warning you that the site may be unsafe. Now let’s look at what the browser should look like if it is safe.

How does SSL work? SSL works by establishing an encrypted connection with the server in which you are connecting to. This allows you to put in important information such as Social security Numbers, Credit/Debit cards, and login details into the website without fear of this information being sent across the internet in plain text for anyone to read. It is able to do this by using a public, private, and session keys that works together to encrypt the data between the web server and the end user. So now when the user connects to a website such as eBay to log into the account, the computer will connect to the server and request what is called an SSL handshake, now when the user goes to login the data is encrypted with the public key and sent to the server, where it can only be decrypted by the servers private key, and vise versa. One of the most important parts of the SSL is that the web server is verified by a third party to be safe to trust, and they say who they really are. If you were to click on the green lock you will be presented with the SSL details of the website, and who verifies that the website is safe.

So as you can see, before you ever try and purchase something on the internet, please verify that the website is secure before proceeding to enter any private information. By just simply being cautious can save you a lot of time, and headache of possibly having your identity or private information stolen.

Tracy Hazelton
System Technologist
StormsEdge Technology

Cloud File Storage Security

Is our data really secure using services like box.net and drop box? The answer to this question may come to a surprise to most. Using services like these may be convenient but I would not recommend trying to sync any important documents using these types of services.

It was not long ago that drop box had a vulnerability that had been brought to their attention by an outside source; While Drop box knew about it, they simply stated “We don't believe that this is vulnerability. If someone accidentally shares a private Drop box link it can be disabled at any time from the Drop box website, on the Links tab”. Since then Drop box has added a checkbox in their settings to share with collaborators’ only. There are ways to still secure your files without having to rely on box or drop box to “hopefully” secure your data. Many geeks tend to use encryption volumes such as true crypt for windows, or box crypt for mobile devices. This will allow you to be able to encrypt your sensitive data before it gets uploaded to your online file cloud. This way if your data is leaked for any reason there is an added layer of protection for your sensitive files.

So as you can see there are some security risks when using services such as drop box and other. But the good thing is that there are good solutions to help combat the potential loss of important information and documents.

Tracy Hazelton
System Technologist
StormsEdge Technology

The Unseen Identity Theft - Part 1

In February 2005, Joe Lopez, a businessman from Florida, filed a law suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account and finding it had been transferred to Latvia.

An investigation showed that Mr. Lopez's computer was infected with a malicious program, Backdoor: Core flood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez's user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.

Joe Lopez's losses were caused by a combination of overall carelessness and an ordinary keylogging program.

About Keyloggers

The term 'keylogger' describes the program's function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes. This definition is not altogether correct, since a keylogger doesn't have to be software – it can also be a device. Keylogging devices are much rarer than keylogging software, but it is important to keep their existence in mind when thinking about information security.

Why keyloggers are a threat

Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses, user names, email passwords etc.

Once a cyber criminal has got hold of confidential user data, s/he can easily transfer money from the user's account or access the user's online gaming account. Unfortunately access to confidential data can sometimes have consequences which are far more serious than an individual's loss of a few dollars. Keyloggers can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys).

In recent years, we have seen a considerable increase in the number of different kinds of malicious programs which have keylogging functionality. No Internet user is immune to cyber criminals, no matter where in the world he/she is located and no matter what organization they work for.

For the complete read and all it's helpful tips, click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology

Managed Services: Part 1

What is Managed Services

The buzzword lately in IT Support is “Managed Services”, and over time more and more businesses are jumping on the bandwagon. You may be asking yourself what does managed services actually mean and how can you tell if an IT Support company is not just using the word as a marketing tool, but is in fact offering a TRUE “flat rate” services packaged as “managed services”?

Managed Services allows a business to offload or outsource its IT operations to a service provider, known as a Managed Services Provider. The managed service provider assumes an ongoing responsibility for 24-hour monitoring, managing and/or problem resolution for the IT systems within a business.

A Brief History of Managed Services

The following is a summarized history of managed services to give you some background relating to how these services have developed. This history pertains specifically to companies who service small network systems.

It all started with break-fix services

The companies who have helped service small networks in the past have been hamstrung by the lack of tools to help with the problem. The networks they service developed as simple systems, usually built by a self-taught network amateur-turned-pro. Maintenance was break-fix only, meaning when something broke, the company called and they came running to fix it… hopefully.

As time went on, the best of the support people developed procedures and programs to periodically come on-site to do a system review of logs and user information looking for hints of issues before they became big problems. In some cases an elaborate checklist was used to record disk usage, processor usage, etc.

The problem of course, was that the support people could only see what was happening on that particular day. If something happened later, they would never know about it … unless the customer called.

Backup problems and other errors continued to occur.

Additionally, the only professional test of the backup system if there was any at all occurred on the visit, which frequently resulted in days or more of missed backups. The system was prone to other human errors when the on-site technician, trying to be accommodating, would take care of the “end user” symptoms and would not have time to address the “real issues”. This created a constant battle for the tech as they tried to convince customers that they were only causing themselves more dangerous problems down the road by not being proactive.

Managed Services began with Fortune 500 companies and their huge networks

At the same time, the hardware and software vendors were adding new and better ways for the systems to signal problems as early as possible. Simple Network Management Protocol had been developing since the early 90’s and was being applied to PC’s. The first systems that could watch these tools and turn all the data into usable information were complex to manage, were geared only to large networks, and were prohibitively expensive for small business.

In 2005, systems started to mature that allowed smaller companies to take advantage of the same features and benefits as the large companies. This technology started the Managed Services movement.

Finally, Managed Services was available for small to medium sized businesses

The Managed Services software that is in place today allows providers to work towards two major goals:

1.   Everything on your network that will result in a user symptom or risk will send an alert before or when it happens, and the Managed Service Provider will know about it.

2.   Every alert they get is something important and needs to be addressed.

The more closely a Managed Service provider can get to these two goals, the more perfectly they can achieve a truly managed service and the more they can get away from “everything being an emergency” situation.

Daniel A. FitzGerald
Owner & President
StormsEdge Technology

Protecting Your Passwords

Simple, Yet Effective Ways To Protect Your Passwords

1. Don’t share them with anyone

Yeah, so this one is obvious, but because it hap­pens all the time it needs repeating: don’t share your pass­words! All of the per­sonal secu­rity tips in the world won’t help you if someone else has one of your pass­words and is able to act like they’re you online.

2. Use strong passwords

A pass­word that is easily guess­able is not much better than nothing at all. Attackers give con­sid­er­able effort in order to try and dis­cover new ways to make pass­word guessing more effi­cient, and so it pays off to select strong pass­words that are resis­tant to these efforts.

3. Don’t use the same pass­word everywhere

It’s tempting to come up with a strong pass­word, and then use the same one in mul­tiple places, like for log­ging into Twitter or your email. But if your pass­word is broken or acci­den­tally exposed by one of these ser­vices, attackers can often go and try to use the pass­word at a number of other ser­vices with your public login infor­ma­tion, most often an email address.

4. Con­sider using a pass­word manager

It’s not easy to remember a large number of strong pass­words. The last time I counted, I had more than 50 accounts with dif­ferent ser­vices, and despite the value of the pre­vious tips, it’s dif­fi­cult to have that many different password if you’re in a sim­ilar sit­u­a­tion, you might con­sider using a pass­word man­ager, such as LassPass or KeePass.

5. Con­sider using two-factor authentication

A great way to pro­tect your infor­ma­tion is to take advan­tage of the so-called two-factor authen­ti­ca­tions when pos­sible. Google, Twitter, and Face­book all pro­vide these capa­bil­i­ties, where the idea is to require two pieces of infor­ma­tion as proof of iden­tity: your pass­word, plus sometimes one of those annoying “text verification” schemes for instance.

Pass­word safety is easily overlooked but is crucial in pro­tecting your per­sonal infor­ma­tion. Still want more helpful tips? Click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology

Virtual Private Network (VPN)

Last year alone, 67% of businesses detected at least one cybercrime, with over 50% of those hit reporting losses of $10,000 or more.

Ask any security expert about strengthening your computer's security, and they would advise setting up a VPN. VPN stands for Virtual Private Network. It is a connection between a secure server and your computer, which allows you secure your internet browsing, online purchases, and personal information no matter where you are, and yes even public hotspots. To put it simply, a VPN is essential for anyone who regularly uses a laptop from outside the office to connect with a company network. If you think your company does not need one, think again.

Client VPNs allow individual users to connect to a central location via their mobile device or computer. Once authenticated, they then have access to the company’s network to use the resources as if they were at the office. The largest benefit is that even if you are at the coffee shop, your data is encrypted through the VPN tunnel that does not allow anyone to access your transmitted data.

So as you can see this can be beneficial to any company that has employees that are out in the field or just want to be secure when not in the office.

Tracy Hazelton
System Technologist
StormsEdge Technology

Newsletter