Lately there has been a large influx of attacks in the cyber world. I don’t know if you heard but there has been attacks on the 32 of some of the biggest companies in America including, Google, Adobe, General Electric, and many others. Google even went as far as pulling out of China, http://online.wsj.com/article/SB126333757451026659.html, which has the single biggest population out of all countries. Google has been making the biggest fuss out of all the companies it seems. I’m guessing they stole something that was very precious or highly secretive. It was said that the attack was very highly sophisticated and has not been seen to this degree before on commercial companies but only in the defense industry.  People in the government of the United States and defense having been opening admitting that the US is not ready for an all out cyber attack.

Ways to Protect yourself

So I guess your wondering now how does it effect me. Well chances are if a big company such as Google can be comprised by the same can happen to you. But I believe you have a better chance at defending yourself than Google. Why? you may say well because the companies are bigger entity which renders bigger holes than an individual which have lesser holes to close but requires education to close them.  In order defend yourself against hackers and people trying to compromise your information you need to know the mindset of hackers.

• Weaknesses! When hackers are trying to get hack someone the first thing they will try to do is find known weakness in your software. For example if I found out that someone that I’m trying to compromise is using the browser internet explorer 6 I will look through list of known vulnerabilities and execute attacks on the browser to get what I want. Sometimes it that simple! So they gather information on you and exploit your weakness.
• Attack the biggest market share! If I was hacking I would want send out an attack could affect the largest population of users. For example if I know that windows has the biggest market share of users in the operating system world, I would attack them because I know would get the greatest return in information.
• Brute force and Dictionary Attacks! When attacking peoples accounts they use programs to first guess the typical names people use for passwords and usernames. You will be surprise at how easy this works. If this doesn’t happen to work the next step is to brute force your password. This involves trying a combination of letter combination’s to guess your password. How would you defend against this? Have password that are at least 8 to 15 letters long with caps, numbers and special characters. It won’t stop them but it will be difficult for them to crack it and may make them move to an easier target.
• Wealth of Information! With social networks and almost finding anything you want on Google, you could really get a nice synopsis on a person and what they are about. By doing finding your information on social networks this could give someone an good idea of how to go about attacking you. So adjust your facebook privacy settings!
• Social Engineering! This is probably one of the most effective way of hacking people is through social engineering.Why always go about things the hard way when you could just ask. Always question people asking for your information before they ask you something question their credentials. One of the most famous hackers wrote a book called the art of deception which talks about to get information that you want out of people by talking, being friendly and asking the right questions.
• No protection! Here is my previous article on viruses
• Lack of Education! Self-explanatory! Read and stay updated on new attacks and technology!.

Here is some more information on Security

Your Router: Here is my previous article on securing your router

Your Website: Here is my previous article on securing your website

Your Computer: Here is my previous article on removing viruses

My quote:

Some believe that the Third World War will be fought with guns, missiles and nukes I believe it will be through cyberspace.

References:

http://online.wsj.com/article/SB126333757451026659.html

http://www.nytimes.com/2010/02/02/business/global/02hacker.html

http://www.thecowl.com/world/american-companies-hacked-by-chinese-schools-1.1173974

Nowadays everybody is using a wireless router, but the question is how secure is it? I guaranteed that most of America when first getting a wireless router has an open connection or WEP security encryption, and a WEP encryption can be cracked quite easily with tools you can download off the internet for free to enter your realm of the internet. Now the question lies how do I protect myself? Well thats why I’m here to answer.

I have broken down the different ways to protect yourself through router by breaking it down into three levels:

1. Wireless encryption
2. Unnamed connection
3. Mac Authentication

Wireless Encryption

In order to protect your data from outsiders, you should encrypt, or scramble, it so that nobody else can read it.  Hence why wireless encryption was created. When selecting an encryption you have to choose between WEP or WPA.

WEP was the encryption scheme included with the first generation of wireless networking equipment. It is very easy to crack and contain several vulnerabilities. So don’t go with this!

WPA was created after WEP to solve this problem. WPA has a significantly stronger wireless encryption but the stronger security impacts performance. So you will not be able to download as quick as you use too.

Unnamed connection

A unnamed connection is the next level of encryption that works in a completely different way.  With an unnamed connection it doesn’t display the ID or name of the connection. So a hacker will not only have to figure out an encrypted password they will also have to figure out the name so that they can connect to it which can be a big headache.

Mac Authentication

Remember that headache we were talking about to give the hacker. Mac Authentication can give the migraine. Mac Authentication is the process of selecting what devices are allowed to connect to the router. The way you would do this is finding out your mac address of your computer and having it registered into the router’s software. After doing so hackers will have to decrypt your password, find out the connection name and figure out a way to connect to your router or get ahold of your laptop or desktop.

All of the features I have mention in this article can be found on the newest routers such as linksys or netgear.

Cyber thieves have hit the Veterans Affairs Department, the Transportation Security Administration, the Internal Revenue Service and several other agencies in the past two years. The Congressional High Tech Caucus is examining the issue, which means funding to protect data is likely to remain strong.  From http://washingtontechnology.com

On December 18, 2008, Reuters reported on a two-day “cyberwar” simulation that revealed the United States is unprepared for a major hostile attack against vital computer networks. “This is equivalent in my mind to before September 11 … we were awakened to the threat on the morning after September 11,” said Booz Allen’s Mark Gerencser. From Booz Allen Hamiliton website

PandaLabs has predicted a continuing increase in the amount of malware (viruses, worms, Trojans, etc.) in circulation in 2009. Between January and August 2008, Panda Security’s laboratory had detected as many malware strains as in the previous 17 years combined, and this tendency is expected to continue or even grow in 2009. From http://govtech.com website

Or just simply google cyber threats in 2009 you will see that it will hit businesses and ordinary alike in 2009. The question is what are you going to do about it? To be continued….lol. Leave your comments, I’m interested to hear your thoughts about this.

1. Check the file permissions for files on your server

If you have files that allow anybody to modify them such as groups and users then you already have a major problem. You need to only allow users to view your content not write to it.

2. Check the privileges of user names accessing the database you are using.

Sometimes granting all privlieges for a username of a database can be dangerous. When designing your website that stores all of your information in a database it is best to split the privlieges between multiple usernames. This could cause the hacker some pain and time when trying to retrieve information from your database.

3. Make sure passwords are above 6 characaters with CAPS and Numbers and double hash them.

When passwords are short lengths and contain no caps and no numbers it makes it easier to do brute force attacks on the websites. So always make sure it is over 6 characters and add caps and numbers to your password. On the backend make sure you double hash passwords. When you double hash them use two different types of hashes. This is will throw hackers off some.

4. Always validate the visitors input.

When you have visitors enter in information that will be sent to the database make sure you protect against query attacks. There are certain combinations that visitors could use to reset passwords or drop your database. So every time they enter in values make sure you have a function to remove bad characters to protect your database.

5. Use computer generated pictures when allowing users to login or signup.

When hackers hack login information, they use a program and to loop through all the possible combinations for a password. If you use computer generated pictures for validation it will cause them even more discomfort for a hackers because they will need a program to read computer generated pictures which is close to none!

6. Use SSL.

SSL is a cryptographic system that uses two keys to encrypt data. SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely. To get a better understanding look below at the block quote from php.net.

SSL/SSH protects data travelling from the client to the server, SSL/SSH does not protect the persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), the stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

You can buy SSL certificates from your web hosting company or from independent websites.

7. Keep your system up-to-date.

If you are using php 3 and php 5 is out then you need to UPGRADE!!! Usually when you update your system they include patches to solve security problems that the previous release did not have.

8. Customize your security and create no documentation for IT!!!

Most of the time on the internet everybody is using the code because they downloaded it from somewhere in which over a thousand users downloaded the same thing. Hackers will download it to so they can know how to hack it to. If you are real serious about security I suggest you create your own technique after researching other methods out there and create NO documentation for it. I agreed with open source but not when it comes to SECURITY! This will make it hard for hackers and they will move on to an easier website to wreck havoc.