Free information about Data security http://Data-security.e-articles.info/ en-us E-articles.info 2006 - 2010 As originally conceived, the Internet is not just a means for moving messages between PCs. It was designed as a link between computer systems that allowed scientists to share machines. One researcher in Boston could, for example, run programs on a computer system in San Francisco. Commands to computer systems move across wires just as easily as words and images... http://Data-security.e-articles.info/title/Internet-Security-Overview/ http://Data-security.e-articles.info/title/Internet-Security-Overview/ Mon, 21 Jun 2010 00:33:17 GMT The High Performance File System used by OS/2 uses an entirely different storage scheme from DOS. The basic unit of storage used by the HPFS scheme is the sector. Sectors are identified by Relative Sector Numbers, each of which is 32-bits long-sufficient to encode 4,294,967,296 sectors or a total disk space of 2048 gigabytes. Sectors are numbered sequentially, starting with the first one in the HPFS partition... http://Data-security.e-articles.info/title/High-Performance-File-System/ http://Data-security.e-articles.info/title/High-Performance-File-System/ Tue, 01 Jun 2010 01:41:22 GMT To keep track of which cluster belongs in which file, DOS uses a File Allocation Table, or FAT, essentially a map of the clusters on the disk. When you read to a file, DOS automatically and invisibly checks the FAT to find all the clusters of the file; when you write to the disk, it checks the FAT for available clusters. No matter how scattered over your disk the individual clusters of a file may be, you-and your software-only see a single file. FAT-based file systems simply number all the clusters in a manner similar to the way a disk drive numbers logical blocks... http://Data-security.e-articles.info/title/File-Allocation-Table/ http://Data-security.e-articles.info/title/File-Allocation-Table/ Tue, 01 Jun 2010 02:49:27 GMT Body: Pen Drive - An Essential Evil: The always advancing computer technology has apparently appeared to be an essential evil. More the technology develops, higher is the likelihood of its being misused. Pen drive is a small storage device developed to store and transfer computer data. Being easy, portable, and convenient, it has gained increased popularity over time... http://Data-security.e-articles.info/title/How-to-Regain-Access-to-Previous-Data-Stored-in-Pen-Drive/ http://Data-security.e-articles.info/title/How-to-Regain-Access-to-Previous-Data-Stored-in-Pen-Drive/ Tue, 01 Jun 2010 03:57:32 GMT To keep any website in better condition for longer duration it requires many minor changes in terms of content, navigation links, database, etc. rather than major changes such as re-designing or refurbishing. Some sites require regular revisions and information updating. For example, a company with an eCommerce website has to update their site with newly added product information and images... http://Data-security.e-articles.info/title/SumoW-for-better-health-of-your-website/ http://Data-security.e-articles.info/title/SumoW-for-better-health-of-your-website/ Mon, 31 May 2010 04:23:37 GMT A Portable Document Format is a non-editable computer application with which you can print and edit the text and graphics. A person can transfer these portable files from one system to another with different configuration. One of the most advantageous features of the document is its security. A user can encrypt these files with the passwords for security reasons... http://Data-security.e-articles.info/title/Why-should-you-opt-for-PDF-Password-Encryption/ http://Data-security.e-articles.info/title/Why-should-you-opt-for-PDF-Password-Encryption/ Tue, 18 May 2010 05:31:42 GMT Almost every PC user around the world faces problem of computer virus. Most opt for the easiest solution, which is to run the antivirus program for removing virus from computer. However, it is possible to remove certain viruses manually too. If you want to know how to remove viruses manually, read on:It becomes necessary to immediately rid your computer of the virus if your antivirus program has been disabled and you are unable to access the Internet... http://Data-security.e-articles.info/title/How-to-Remove-Viruses-Manually/ http://Data-security.e-articles.info/title/How-to-Remove-Viruses-Manually/ Mon, 17 May 2010 06:39:47 GMT Data is an asset. Generally data is stored in electronic format on any electronic media. It occupies very less space so we can store large amount of data on any media. Generally in now a days peoples are using Pen drive or Compact Disk to store or transfer from one location to another location... http://Data-security.e-articles.info/title/General-Data-Security-Information/ http://Data-security.e-articles.info/title/General-Data-Security-Information/ Thu, 13 May 2010 07:47:52 GMT It seems that we have put too much pressure on the consumer in terms of security and how much we have made them responsible for knowing when it comes to their computers. We've put more and more responsibility on the consumer's shoulders and perhaps are not doing our part to protect them. It may be in our best interest to understand why many fail to see the danger in e-mails and other forms of malicious communication the way that we do. What may appear obviously dangerous to us, may not appear so to common consumers... http://Data-security.e-articles.info/title/Common-Misconceptions-When-It-Comes-To-PC-Security/ http://Data-security.e-articles.info/title/Common-Misconceptions-When-It-Comes-To-PC-Security/ Wed, 12 May 2010 08:55:57 GMT If you have ever used a biometric lock which scans some part of your physical body to permit access, you may have been reminded of the scanner on your home or work computer, and in fact you are not far wrong. Access control devices such as fingerprint readers do rely on a scanner, similar to commercial hardware, to collect an image of a fingerprint (or other structure). Software then compares this input with information within the database to determine whether there is a match. Like the scanning hardware you may have uses, not all scanners are the same quality... http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries:-What-Is-DPI/ http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries:-What-Is-DPI/ Mon, 10 May 2010 09:23:15 GMT If you have seen movies where the bad guys¡ª or sometimes even the good guys! ¡ªmust break into a secure facility by impersonating another person¡¯s fingerprints or voice, then you are already familiar with biometric locks. Biometric fingerprint door locks are ways of using unique physiological characteristics to determine who has access to a certain place. While the systems in movies seem nearly foolproof which forcing characters to resort to creative and sometimes gruesome methods to trick them, real systems are not infallible. False Positives When working properly, biometric devices are much more reliable than password based security such as keypads with personal identification numbers... http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries:-What-Is-FAR/FMR/ http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries:-What-Is-FAR/FMR/ Fri, 07 May 2010 10:31:20 GMT There are definitely many different types of computer problems and repairs that computer-owners have to deal with throughout the lifetime of a desktop or even laptop computer. For example, a hard drive could crash, leaving the owner with no recourse other than to replace it or buy a new system. Malware and virus-infestations cause mysterious system changes and often other symptoms such as serious lags and slow Internet download speeds. A more common computer problem is an operating system failure, and this is where you're operating system may need to be re-installed or re-formatted... http://Data-security.e-articles.info/title/Common-Computer-Problems-and-Repairs/ http://Data-security.e-articles.info/title/Common-Computer-Problems-and-Repairs/ Thu, 06 May 2010 11:39:25 GMT Biometric locks has the potential to change the face of security. For example, biometric locks use a specific human characteristic, such as a fingerprint, instead of a key. Fingerprint locks are one of the more common types which are currently available. You can even buy a biometric deadbolt for the front door of your home... http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries:-What-Is-Fingerprint-Capacity/ http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries:-What-Is-Fingerprint-Capacity/ Wed, 05 May 2010 12:47:30 GMT If you are searching for a new solution to your security needs, biometric locks may do just the trick. Unlike traditional locks which require a physical tool to work (a key, an access card or remote control), biometric locks scan and compare physiological or behavioral traits in human beings to information within a database. When the system determines a match, it grants you access. Sensor Technology Biometric door locks rely on sensors to scan and evaluate information such 2D or 3D images or even vocal recordings... http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries,-What-Is-A-Sensor/ http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries,-What-Is-A-Sensor/ Tue, 04 May 2010 13:55:35 GMT No doubt this has happened to you. It's a cold day, you're wearing a fleece jacket and you reach out to open a door..... http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries,-What-Does-ESD-Mean/ http://Data-security.e-articles.info/title/Biometric-Locks-Mysteries,-What-Does-ESD-Mean/ Mon, 03 May 2010 14:23:40 GMT Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware) Antivirus software typically uses two different techniques to accomplish this: * survey (scanning) files for viruses known corresponding definitions in a virus dictionary.* Identification of any suspicious behavior of a computer program which might indicate infection. This analysis may include data collection, port monitoring and other methods. Most commercial antivirus software uses both approaches, with particular emphasis on the virus dictionary approach... http://Data-security.e-articles.info/title/What-is-an-antivirus-software/ http://Data-security.e-articles.info/title/What-is-an-antivirus-software/ Sat, 01 May 2010 15:31:45 GMT Fingerprint readers and other forms of biometric security are becoming big business, but are you, the DIY enthusiast, ready to take on a biometric door lock installation project? Unless you have had experience the answer may be no. Security is a very big business because everybody needs to protect themselves and their possessions from danger. Not everyone is honest these days and that means that people are spending huge sums of money protecting themselves. That doesn't mean its all spent on installation though... http://Data-security.e-articles.info/title/Biometric-Locks:-Why-You-Should-Call-Installation-Experts/ http://Data-security.e-articles.info/title/Biometric-Locks:-Why-You-Should-Call-Installation-Experts/ Thu, 29 Apr 2010 16:39:50 GMT An important part of keeping the computer in good health and working efficiently is the maintenance of the computer. Windows 95 has a lot of the tools that are required for maintaining the system. Windows 98 extends the possibilities and this makes it a lot easier. There is a range of things that you can do in order maximize the level of efficiency that the computer is able to deliver... http://Data-security.e-articles.info/title/Latest-Computer-Tips-And-Tricks-For-Good-Computer-Health/ http://Data-security.e-articles.info/title/Latest-Computer-Tips-And-Tricks-For-Good-Computer-Health/ Thu, 29 Apr 2010 17:47:55 GMT Most of People surf sites daily and don't care which should be visited, when they felt thier computer slow, they start worrying about it. Five tips You must adapt 1: Use Antivirus and update daily (NOrton is recommended)2: Clean registry and cookies. 3: Uninstall idle softwares. 4: Clean your pc dust... http://Data-security.e-articles.info/title/How-to-speed-up-your-computer/ http://Data-security.e-articles.info/title/How-to-speed-up-your-computer/ Wed, 28 Apr 2010 18:55:15 GMT Biometric technology is making it even easier to use computers. There's no need to remember passwords anymore because you can unlock your computer by using your fingerprint. Fingerprint readers also have a number of other uses. What is the purpose of time attendance software? Time attendance software is very important for all small businesses as it enables them to keep track of the hours each employee works... http://Data-security.e-articles.info/title/Biometric-Locks:-How-The-Windows-7's-Biometric-Driver-Helps-You/ http://Data-security.e-articles.info/title/Biometric-Locks:-How-The-Windows-7's-Biometric-Driver-Helps-You/ Wed, 28 Apr 2010 19:23:20 GMT Virus and malware infestations are some of the most common computer repair problems that computer owners everywhere deals with. These malicious hijacking attempts of your computer typically result in several signs of a takeover of your computer, all of which signal the need for a virus removal service. First, your computer may lag because of the virus or other piece of malware in your system. Second, you may experience mysterious system changes like desktop background changes all of a sudden... http://Data-security.e-articles.info/title/3-Signs-You-Need-a-Virus-Removal-Service/ http://Data-security.e-articles.info/title/3-Signs-You-Need-a-Virus-Removal-Service/ Mon, 26 Apr 2010 20:31:25 GMT The security of your home is essential. You owe it to yourself and your loved ones to make sure you are safe at all times. So, with the development of biometric security locks things have suddenly become safer. But how do you know that you are getting a good model, and how do you go shopping for biometric locks? 1... http://Data-security.e-articles.info/title/Tips-on-Buying-Biometric-Locks/ http://Data-security.e-articles.info/title/Tips-on-Buying-Biometric-Locks/ Mon, 26 Apr 2010 21:39:30 GMT Once every so often our customers are asking us how come on some websites our software is sold at a fraction of price or is even free. They further ask how come they have to pay for the software if they can download it for free. Those questions are legitimate and deserve a separate article below. Most of you have already seen popular software brands and packages available on certain websites such as Germany-based Rapidshare and the likes... http://Data-security.e-articles.info/title/Six-Myths-about-Nulled-Scripts,-or-There's-No-Such-Thing-as-Free-Lunch/ http://Data-security.e-articles.info/title/Six-Myths-about-Nulled-Scripts,-or-There's-No-Such-Thing-as-Free-Lunch/ Fri, 23 Apr 2010 22:47:35 GMT Make a backup copy of any important documents:A "document" is a file that either you or somebody created using the keyboard, be it a letter you want to hang on to, a database, a report, finance records, translation work, composition, etc. Or it may even be a music file, video file, or graphic file. You should keep duplicate copies of files that are important to you and would be a loss to you personally if your hard disk fails. "Valuable things come in small packages" applies to computer files tooYou can save it to any cd or floppy disk... http://Data-security.e-articles.info/title/How-to-maintain-your-pc/ http://Data-security.e-articles.info/title/How-to-maintain-your-pc/ Wed, 31 Mar 2010 23:55:40 GMT They have a lot of names such as spyware blockers, antispam blocker, adware spyware blocker, spyware removers, spyware popup blocker and internet explorer blocker to name but a few. But they all fulfill the same purpose; to halt uninvited spyware software from installing itself on your computer and wreaking chaos.Spyware has been about for a long time but now it seems to be getting more and more prominent. Finding new ways of targeting customers has been the major driver behind it I think... http://Data-security.e-articles.info/title/Advanced-Spyware/ http://Data-security.e-articles.info/title/Advanced-Spyware/ Mon, 29 Mar 2010 01:23:45 GMT This article highlights some of the useful tips for choosing your right digital signature solution. No doubt, digital signatures have made shift from paper-based environment to paperless environment easy; however, the need is to implement secure and innovative solutions to sign files digitally. Businesses are searching for solutions that can sign their documents, files, or forms with protection. These solutions should guarantee non-repudiation, authentication and trust delivered by their conventional counterparts... http://Data-security.e-articles.info/title/Choose-right-digital-signature-solution/ http://Data-security.e-articles.info/title/Choose-right-digital-signature-solution/ Sat, 06 Mar 2010 02:31:50 GMT Although reverse phone lookup has been available on the Internet for a while, there has not always been a way to match an unknown email address to the person behind it. Anyone can go to a variety of online phone number search sites and do a reverse lookup with just a phone number in hand. If you need to check an email though reverse lookup email services are less known and just not as complete as a telephone number search. There are many different reasons that it is harder to find out the actual owner of an email address... http://Data-security.e-articles.info/title/Not-sure-who-just-emailed-you...-Try-a-Reverse-Email-Lookup/ http://Data-security.e-articles.info/title/Not-sure-who-just-emailed-you...-Try-a-Reverse-Email-Lookup/ Fri, 05 Mar 2010 03:39:55 GMT Just as a house is protected with numerous security systems and burglar alarms, the computer needs to be protected from virus attacks, spyware and hackers. For that your computer needs to be equipped with firewalls. Linux firewalls protect your computer from those attacks that make your PC vulnerable. A firewall is at the entry point of the network system and it controls all incoming and outgoing data on your computer... http://Data-security.e-articles.info/title/Linux-Firewalls/ http://Data-security.e-articles.info/title/Linux-Firewalls/ Thu, 04 Mar 2010 04:47:15 GMT Computer popup can bring spyware into your computer. What is a popup? A popup is a small window that opens when we click on a link on a website or sometime it opens automatically. Some websites are built for advertisement. As soon as we visit that site, it can throw a popup on our computer screen... http://Data-security.e-articles.info/title/Stop-and-Close-Popups-Properly/ http://Data-security.e-articles.info/title/Stop-and-Close-Popups-Properly/ Sat, 20 Feb 2010 05:55:20 GMT In today's economic climate, it is imperative for any business decision maker to minutely observe his/her company's Return on Investment (ROI). A typical ROI analysis calls for the evaluation of an investment in terms of returns in a specific period. So, if an investment does not meet with a positive ROI, or if there are possibilities for additional opportunities with ROI, this evaluation allows faster alterations in that regard. This has forced many businesses to invest smartly on new tools to gain profits and increased ROI... http://Data-security.e-articles.info/title/ROI-redefined-with-digital-signatures/ http://Data-security.e-articles.info/title/ROI-redefined-with-digital-signatures/ Sat, 20 Feb 2010 06:23:25 GMT Over 20 years, legal protection for software has increased rapidly around the world, the technology and scope of enforcement of software protection continues to increase in varies methods significantly. The ultimate software protection is the hardware based software protection dongle, or we can call hardware key, dongle-based protection, software copy protection dongle, etc. This kind of protection might be the best, and it can maximum the software vendors' revenue. The advantages of USB software protection dongles... http://Data-security.e-articles.info/title/New-technology-of-USB-software-protection-dongle-Secure-Storage-on-Key/ http://Data-security.e-articles.info/title/New-technology-of-USB-software-protection-dongle-Secure-Storage-on-Key/ Mon, 08 Feb 2010 07:31:30 GMT Using a password keeper can help you keep your online information more secure by allowing you to create more complex passwords for your Internet accounts without having to remember them. Here are some tips for making a hacker-free password. A password keeper can help you remember your important online log-in information. It can also help you create a password that is as strong as possible... http://Data-security.e-articles.info/title/How-to-Create-a-Strong-Password/ http://Data-security.e-articles.info/title/How-to-Create-a-Strong-Password/ Wed, 23 Dec 2009 08:39:35 GMT Using public computers can put you at risk for password hackers who use tools such as keystroke logging devices. Find out how to protect yourself from criminals preying on public computers. Using a powerful password manager like Mitto.com is a great first step in protecting yourself against online identity theft - Mitto uses security standards approved by the National Security Agency (NSA) for top secret information to provide a multi-level approach to keep online passwords safe and secure... http://Data-security.e-articles.info/title/Online-Security-on-Public-Computers/ http://Data-security.e-articles.info/title/Online-Security-on-Public-Computers/ Wed, 23 Dec 2009 09:47:40 GMT Myth: if it is encrypted, it is secure Truth: if it is not encrypted, it is not secure Before creating a password you should know: ⑴ NO password is uncrackable. The best you can do is making it difficult and non-trivial to determine your password. What's the worst password? The one you've forgotten. Password recovery is the most difficult process, sometimes even is impossible... http://Data-security.e-articles.info/title/What-will-be-a-perfect-password/ http://Data-security.e-articles.info/title/What-will-be-a-perfect-password/ Tue, 22 Dec 2009 10:55:45 GMT 1.Administrators Password: It is the most common way to lock your computer. But is it the safest way? Mostly, it is the easiest way to lock your computer. How to set administrators password? These steps work in every case as long as you're able to log in as an administrator... http://Data-security.e-articles.info/title/How-Many-Passwords-do-You-Know-to-Protect-Your-Computer-Privacy/ http://Data-security.e-articles.info/title/How-Many-Passwords-do-You-Know-to-Protect-Your-Computer-Privacy/ Tue, 22 Dec 2009 11:23:50 GMT Forgot or lost windows password? Have been locked out of computer? Do not want to reinstall the computer because there is vital data on your computer? Oh, well, it is not that scary as it seems and is really with solutions indeed. Then how to get out of the situation without reformatting and re-installing the operating system?Well, Microsoft has offered many helpful tips and tricks on their help center, which you can refer to. At the same time, I will offer you several methods that may be of help. Method1... http://Data-security.e-articles.info/title/How-to-bypass-Windows-Password/ http://Data-security.e-articles.info/title/How-to-bypass-Windows-Password/ Sat, 12 Dec 2009 12:31:55 GMT A question that regularly was come up is whether software could be one hundred percent secured by a dongle, or thought some dongles have been seriously cracked, why most expensive software still use dongle as their software protection solution? The truth is, most developers used the easiest way-enveloper to encrypt the application, which is the least method to use a dongle to protect software. Actually UniKey API protection scheme is the right way to ensure the highest security for software vendors. UniKey dongles are available in standalone, network and real time. Using a software developer's kit, software developers can protect applications with the right hardware key by calling for the dongle's presentation... http://Data-security.e-articles.info/title/UniKey-API-protection-scheme-ensures-the-highest-security-for-software-vendors/ http://Data-security.e-articles.info/title/UniKey-API-protection-scheme-ensures-the-highest-security-for-software-vendors/ Thu, 10 Dec 2009 13:39:15 GMT For people with multiple Internet log-ins, keeping them organized can be incredibly complex. A service like Mitto.com can simplify the process by allowing you to attach tags to your log-in information. If you are reading this article, chances are that you - like most Internet users - have multiple log-ins and passwords for the various important sites that you frequent... http://Data-security.e-articles.info/title/Using-tags-can-help-you-organize-your-passwords/ http://Data-security.e-articles.info/title/Using-tags-can-help-you-organize-your-passwords/ Wed, 02 Dec 2009 14:47:20 GMT On the surface, it might seem ludicrous to think that anyone would want to share their important Internet passwords with other people. But the truth is that there are many instances where you might want to share the same log-in information that you store securely in your free password storage software with friends, family and co-workers without making it accessible to everyone. For example, you might share a wireless Internet connection with a roommate in your apartment. Perhaps your business has subscriptions to Internet sites that you and your colleagues need to access in order to do your jobs... http://Data-security.e-articles.info/title/Sharing-online-passwords-with-important-people/ http://Data-security.e-articles.info/title/Sharing-online-passwords-with-important-people/ Wed, 02 Dec 2009 15:55:25 GMT There are several common but very popular viruses that everyone can catch nowadays. That's swine flue and malicious software. Swine flue can be dangerous to your health though in the most cases it can't be very harmful. Malware can be dangerous to you computer system though in the careful attitude and your help your system can recover without any complications... http://Data-security.e-articles.info/title/Rogue-antispyware-is-a-danger-for-all-Internet-users-/ http://Data-security.e-articles.info/title/Rogue-antispyware-is-a-danger-for-all-Internet-users-/ Thu, 19 Nov 2009 16:23:30 GMT Many people wonder if it is worth it to download any of those free anti-virus programs out there or just go out and purchase one at fifty dollars. Most people would rather go with downloading the free anti-virus instead because of budget and convenience and that is just fine. There are small differences when it comes to the free one and the kind that you pay for. Free anti virus programs have less features and are usually downgraded from the paid for one, some slightly downgraded to others that only just detect and do not do anything about it until you pay for the subscription... http://Data-security.e-articles.info/title/Do-Free-AntiVirus-Work/ http://Data-security.e-articles.info/title/Do-Free-AntiVirus-Work/ Tue, 17 Nov 2009 17:31:35 GMT Anyone who owns a computer knows about the threats of viruses and worms. But over the past ten years there has bean another concern annoying computer owners to death. This problem is Spyware and Adware. Many have suffered troublesome attacks of pop-ups that these programs cause but for some users these terms are still foreign... http://Data-security.e-articles.info/title/Spyware/ http://Data-security.e-articles.info/title/Spyware/ Tue, 17 Nov 2009 18:39:40 GMT Many people wonder if it is worth it to download any of those free anti-virus programs out there or just go out and purchase one at fifty dollars. Most people would rather go with downloading the free anti-virus instead because of budget and convenience and that is just fine. There are small differences when it comes to the free one and the kind that you pay for. Free anti virus programs have less features and are usually downgraded from the paid for one, some slightly downgraded to others that only just detect and do not do anything about it until you pay for the subscription... http://Data-security.e-articles.info/title/Are-Free-Anti-Viruses-Worth-It/ http://Data-security.e-articles.info/title/Are-Free-Anti-Viruses-Worth-It/ Fri, 13 Nov 2009 19:47:45 GMT Today for an obvious reason, there is no need to convince somebody to use passwords. We use passwords everywhere and they became one of everyday realities. However, competent password management is still a question of interest. Here are 5 reasons to use XP password manager at home: 1... http://Data-security.e-articles.info/title/Reasons-to-Use-Password-Manager-at-Home/ http://Data-security.e-articles.info/title/Reasons-to-Use-Password-Manager-at-Home/ Thu, 05 Nov 2009 20:55:50 GMT The purpose of IUID marking IUID marking is the marking of an item's unique identification. As per MIL STD 130, the Department of Defense requires that many items be assigned an IUID marking in order to mark, identify, and track the military property effectively. MIL STD 130 consolidates the different specifications and standards which are involved in the creation of the http://Data-security.e-articles.info/title/Simplifying-the-IUID-marking-process/ http://Data-security.e-articles.info/title/Simplifying-the-IUID-marking-process/ Wed, 04 Nov 2009 21:23:55 GMT In order to make your computer perform faster, it is essential for you to clean its registry regularly. There are several third party utilities available online, that can help you in this concern. Computer registry: What it is? Definitely, this would be the first question of a person who is using the computer but is not concerned with its functioning. Well, if you are also one of them, then it is worth for you to note that registry is a collection of files which may be related to installing some software, visiting websites, changing the desktop wallpaper and even the behavior of your computer's boot screen is handled by them... http://Data-security.e-articles.info/title/Cleaning-Registry:-How-To-Fix-Computer-Registry/ http://Data-security.e-articles.info/title/Cleaning-Registry:-How-To-Fix-Computer-Registry/ Wed, 04 Nov 2009 22:31:15 GMT Active scanners that are created using virtual machine technology generally follow the same strategy as physical machines with some minor differences. Virtual machines can be deployed much faster in many locations with less reliance on WAN links. The locations chosen to not have a virtual machine are those that do not have hardware, personnel, and licensed software sufficient to support them. On the other hand, each instance requires a license, maintenance, and support so the number should be kept to a minimum... http://Data-security.e-articles.info/title/Virtual-Scanners/ http://Data-security.e-articles.info/title/Virtual-Scanners/ Sat, 24 Oct 2009 23:39:20 GMT Active Directory® is one of the most commonly used authentication mechanisms for Windows systems. Later versions support lightweight directory access protocol (LDAP) and LDAP over SSL for directory loading. Kerberos and NTLM are common options for authentication. Since Active Directory capabilities are so common in the corporate environment and standards are available to interface with other systems, this is a good choice... http://Data-security.e-articles.info/title/Active-Directory/ http://Data-security.e-articles.info/title/Active-Directory/ Sat, 24 Oct 2009 01:47:25 GMT It can be tough to remember one Internet password. However, most people have dozens of Internet passwords, and since security experts recommend avoiding overlap between passwords, this can mean dozens of different log-ins. Couple this with the fact that a truly strong password - one that can repel the attempts of hackers using password software to crack them - has a combination of letters, numbers and in some cases symbols, and it can seem almost impossible to remember passwords online. Many people use a software password manager in order to simplify their lives... http://Data-security.e-articles.info/title/The-advantages-of-using-Internet-password-storage/ http://Data-security.e-articles.info/title/The-advantages-of-using-Internet-password-storage/ Thu, 22 Oct 2009 02:55:30 GMT Using password programs is one of the best things you can do to protect yourself against password theft. However, even using the most secure password manager can leave you vulnerable if you don't take extra safety precautions. Along with using password software or online password protection, there are some other steps that you can take as a business or individual to protect your important online information: Never write down passwords: With too many passwords to remember, many people take to writing down their passwords somewhere they think is secure, like on a data file on their computer. But if your computer (such as a laptop) is ever lost or stolen, this makes it easy for the thief to also access your personal accounts... http://Data-security.e-articles.info/title/Tips-for-extra-password-security/ http://Data-security.e-articles.info/title/Tips-for-extra-password-security/ Thu, 22 Oct 2009 03:23:35 GMT Introduction The sure to way to make your laptop secure is to never use them, never bring them with you, never open them nor install software on your laptop. Just locked them down in a fireproof safe place and they will be protected and out of harm's way forever. However, laptops were made for us to use, to help us more productive in our work and make our lives easy. Keeping your laptop secure and protected is of course is still possible with some efforts on your part and with the use of existing security tools and software, learn and do good practices and most of the time using common sense... http://Data-security.e-articles.info/title/Ways-to-Secure-Your-Laptop:-Tips-and-software/ http://Data-security.e-articles.info/title/Ways-to-Secure-Your-Laptop:-Tips-and-software/ Thu, 10 Sep 2009 04:31:40 GMT VPN Services will help you to feel safe while suffering the Internet. You have a full access to the Internet, which could not be sniffed by anyone - hackers, hotspot owners, technicians from your ISP, even government. It also hides your IP address on the Net, so nobody, neither bad guys nor website owners can find your location. Your online security A great number of public hotspots and internet cafes has appeared recently... http://Data-security.e-articles.info/title/VPN-Service-(Virtual-Private-Network):-Stay-Anonymous-Online-And-Surf-The-Web-Securely/ http://Data-security.e-articles.info/title/VPN-Service-(Virtual-Private-Network):-Stay-Anonymous-Online-And-Surf-The-Web-Securely/ Wed, 19 Aug 2009 05:39:45 GMT In this competitive world, data processing and storage of data in multiple formats is the essence of all great undertakings. It is the accessibility of the data whenever necessary. Sometimes, it becomes a headache. Services for conversion of data used to avoid such conversion circumstances... http://Data-security.e-articles.info/title/Data-Conversion,-Data-Format-and-Data-Entry/ http://Data-security.e-articles.info/title/Data-Conversion,-Data-Format-and-Data-Entry/ Wed, 12 Nov 2008 06:47:50 GMT After one too many bad experiences of waking up to files mysteriously disappearing, I now know better than to throw caution to the wind. This doesn’t mean I’ve given up working on the computer and have gone back to pen and paper; this just means that I take the utmost care to prevent history from repeating itself by religiously backing up my data. Although the lost data was recovered after I sent the infected drive to a local data recovery company, prevention is better than cure. Sticking by a backup system will give you a peace of mind especially if working on important documents... http://Data-security.e-articles.info/title/How-to-Prevent-Data-Loss/ http://Data-security.e-articles.info/title/How-to-Prevent-Data-Loss/ Tue, 11 Nov 2008 07:55:55 GMT Seclore: Information Rights management (IRM) Company, data protection & control, file security, document Rights Management & ERM Solutions provider Seclore Information rights management provides information security which tracks and secures sensitive information stored in documents. Seclore controls usage of your data, wherever it is. Seclore Technology develops innovative solutions in the area of information usage control. An enterprise's most important asset is its data, and Seclore recognizes the importance of keeping this information secured and protected... http://Data-security.e-articles.info/title/Data-Security-Solutions/ http://Data-security.e-articles.info/title/Data-Security-Solutions/ Tue, 21 Oct 2008 08:23:15 GMT This paper will cover the field of quantum cryptography. Quantum cryptography is a method of securing information that has reached its time. Until now, any information sent across a network, even encrypted, has been subject to eavesdropping. There are no fool-proof methods of ensuring confidentiality of information... http://Data-security.e-articles.info/title/Quantum-Cryptography/ http://Data-security.e-articles.info/title/Quantum-Cryptography/ Sat, 26 Apr 2008 09:31:20 GMT Does your organization have a written identity theft prevention program in place? Such a program involves educating your customers and members about the importance of identification theft and letting the stakeholders in your business know that you share their concerns about this growing problem. By providing knowledge of how identification theft affects everyone and what your organization is doing to protect its members and customers, you help them understand the levels of security your institution provides. According to the banking regulatory agencies that released "Identity Theft Red Flags" guidance at the end of October, leaders of financial institutions should expect to do more, not less, of this education in the next few years. With this in mind, how do you show your members and customers you also share their concerns and are doing all you can to address them? A good place to start is by allowing your members and customers to choose how they receive information from your institution and by having a written privacy policy published on your website for anyone to see... http://Data-security.e-articles.info/title/Identification-Theft/ http://Data-security.e-articles.info/title/Identification-Theft/ Tue, 01 Apr 2008 10:39:25 GMT All of us, unless of course you have been living in a cave for the past decade, are aware of the dangers of viruses and spyware. For those of you that somehow aren't, a virus is a malicious computer program that is written to intentionally disrupt a computers normal functionality or otherwise cause harm. Malware is created at a faster pace than ever before. It was not about 4 years ago that the known number of viruses broke the 100,000 mark... http://Data-security.e-articles.info/title/Your-virus-scanner-may-be-useless/ http://Data-security.e-articles.info/title/Your-virus-scanner-may-be-useless/ Wed, 09 Jan 2008 11:47:30 GMT Security in an IPv6 network is not substantially different from security in an IPv4 network. Many of the existing well-known IPv4 attacks can be performed with IPv6, so our means for securing data are similar. Just like in the IPv4 world, there will always be unethical hackers who find new ways to break into our networks. The designers of security concepts and the entire computer security community will have to stay alert and keep finding mechanisms to keep pace with the hackers and find ways to protect their networks from new attacks... http://Data-security.e-articles.info/title/IPv6-Security/ http://Data-security.e-articles.info/title/IPv6-Security/ Thu, 13 Sep 2007 12:55:35 GMT This article delves into the more technical aspects of security in the code used to implement an application, and provides guidelines to develop an enforcement process for secure implementation. The potential for vulnerabilities in an application is reduced by a strong design, but the implementation of the application seals its fate. Hard work poured into a secure design becomes inconsequential if the implementation is poorly done. It is also important to understand that the inclusion of security-related technologies or design methods does not necessarily imply or guarantee any level of security within an application... http://Data-security.e-articles.info/title/Secure-Coding-Practices/ http://Data-security.e-articles.info/title/Secure-Coding-Practices/ Wed, 25 Jul 2007 13:23:40 GMT A comprehensive security architecture is best achieved through an increasingly granular approach that begins from an external viewpoint and progresses through the details of the implementation. The following components organize the information needed for the creation of an application's security architecture: · Risk assessment and response · Security requirements · Design phase security · Implementation phase security Set the Stage for Security Risk assessment is an important process in the development of any product or application. The creation of an application begins with the spark of an idea. It is likely that this application idea solves a problem, or provides new usefulness or innovation that was previously done ineffectively or inefficiently, or not done at all, by existing applications... http://Data-security.e-articles.info/title/Components-of-a-Security-Architecture/ http://Data-security.e-articles.info/title/Components-of-a-Security-Architecture/ Wed, 19 Sep 2007 14:31:45 GMT It's actually pretty easy to practice due diligence with physical security. You've just got to be meticulous and consistent, and take it seriously. Pretend that someone could burglarize you personally if you're not careful. It might help to pretend that you live in New York... http://Data-security.e-articles.info/title/Physical-Security-when-networking/ http://Data-security.e-articles.info/title/Physical-Security-when-networking/ Thu, 07 Jun 2007 15:39:50 GMT Authentication and access control are two aspects of security in which administrators and users must participate equally for any level of effectiveness to exist. Security policies need to present the regulations and requirements clearly and should help employees understand the seriousness of compliance. Authentication policies establish the best practices and exact implementations used to provide access to desktop systems, servers, and local network resources, and from remote sites. There are well-known methods to provide authentication and several guidelines that create a more highly secure environment... http://Data-security.e-articles.info/title/Authentication-and-Access-Control/ http://Data-security.e-articles.info/title/Authentication-and-Access-Control/ Thu, 13 Sep 2007 16:47:55 GMT Central to a comprehensive security policy, and the components that unify procedures and response, is the discussion of monitoring and auditing. Security monitoring verifies the configuration guidelines and technical requirements outlined in the security policies. Security auditing entails a consistent set of practices that enforce the security policies set forth for the organization. Monitoring is the policy action that becomes part of the ongoing standard security process in the company... http://Data-security.e-articles.info/title/Security-Monitoring-and-Auditing/ http://Data-security.e-articles.info/title/Security-Monitoring-and-Auditing/ Mon, 10 Sep 2007 17:55:15 GMT Remote network access is a convenience that allows employees to do their daily work, regardless of their location. This functionality requires an extension of the network security policy discussed above, focused on the methods and use of remote access. Remote access can be provided via Virtual Private Networks and the previously mentioned dial-in modems. The provision of these capabilities often conflicts with the security policy for the network because the policy generally seeks to keep outsiders from accessing internal information and resources... http://Data-security.e-articles.info/title/Remote-Network-Access/ http://Data-security.e-articles.info/title/Remote-Network-Access/ Tue, 12 Jun 2007 18:23:20 GMT The network is the lifeline for the computing infrastructure. The phone system that provides voice communications forms a network of interconnected phones. Desktops connect to servers and the greater Internet via the local area network. Customers, partners, and employees contact the company via the network... http://Data-security.e-articles.info/title/Voice-and-Data-Network-Security/ http://Data-security.e-articles.info/title/Voice-and-Data-Network-Security/ Tue, 11 Sep 2007 19:31:25 GMT As technology advances, we see the creation of new, smaller, and more powerful computing devices. In light of the prevalence of telecommuters and remote offices, and the frequency of business travel, these small computing devices such as laptops and PDAs require special security considerations. The theft and misuse of these devices present a high risk to the infrastructure of an organization, as they often function with the same level of access as their larger and less portable cousins. Many of these portable computers have special security methods that allow the user to protect the device and the information they store on it... http://Data-security.e-articles.info/title/Physical-Security-Considerations-for-Laptop-Computers-and-PDAs/ http://Data-security.e-articles.info/title/Physical-Security-Considerations-for-Laptop-Computers-and-PDAs/ Sat, 08 Sep 2007 20:39:30 GMT Desktop systems often have the most lax security because individual employees often administer their own machines or have special privilege and access to their respective system. It is often infeasible for the Information Technology staff to administer all desktop workstations, therefore the development of a security policy that governs their creation and use is very important. The site and infrastructure security policy for desktop systems establishes the standards used to create them, including operating systems, applications, and utilities. The security constraints generally consist of configuration information by which administrators can replicate the desktop system at a known level of security... http://Data-security.e-articles.info/title/Desktop-and-Server-Systems/ http://Data-security.e-articles.info/title/Desktop-and-Server-Systems/ Sun, 16 Sep 2007 21:47:35 GMT As with the building and facilities, control of physical access to the computing environment is an important component to its security. Once someone is inside a building, finding an unoccupied terminal or computer system is often easily accomplished. Without a policy for protecting these systems, unauthorized users can gain access to important and private resources, information, and files. Computer terminals in publicly accessible areas should be controlled carefully by limiting access to network facilities and resources, and establishing usage policies for employees and guests... http://Data-security.e-articles.info/title/Public-Terminals/ http://Data-security.e-articles.info/title/Public-Terminals/ Sun, 16 Sep 2007 22:55:40 GMT In this inter-networked age, many people often associate security with the more virtual aspects—network, operating system and application security, the underground, crackers, and all of the media-hyped fear, uncertainty, and doubt that surrounds these aspects. Prior to this time, the term security conjured images of armed guards or large, burly men posted by each door. Physical security is a large component of any security policy, and rightfully so. The front door is the most easily utilized point of attack... http://Data-security.e-articles.info/title/Facilities-and-Physical-Security-Considerations/ http://Data-security.e-articles.info/title/Facilities-and-Physical-Security-Considerations/ Sun, 16 Sep 2007 23:23:45 GMT Sniffers differ greatly from keystroke-capture programs. Here's how: Key-capture programs save, or capture, keystrokes entered at a terminal. Sniffers, on the other hand, capture actual network packets. Sniffers do this by placing the network interface—an Ethernet adapter, for example—into promiscuous mode... http://Data-security.e-articles.info/title/Sniffers-as-Security-Risks/ http://Data-security.e-articles.info/title/Sniffers-as-Security-Risks/ Fri, 14 Sep 2007 01:31:50 GMT If you're new to system administration, you're probably wondering how you can benefit from password crackers. Passwords crackers can help you identify weak passwords on your network. Ideally, you should run a password cracker once a month. If your network supports several platforms, you might need a wide range of password-cracking utilities... http://Data-security.e-articles.info/title/The-Password-Cracking-Process/ http://Data-security.e-articles.info/title/The-Password-Cracking-Process/ Thu, 13 Sep 2007 02:39:55 GMT Passwords and "pass phrases" are used for everything ranging from logging into terminals to checking email accounts, from protecting Excel spreadsheets to securing the encryption keys for PKI-enabled enterprise networks. Their use in the enterprise is widespread, to say the least. Password crackers are programs that aid in the discovery of protected passwords, usually through some method of automated guessing. Although some applications and poorly designed infrastructure equipment will encrypt or encode passwords, most modern day operating systems and devices create a hash of the password instead... http://Data-security.e-articles.info/title/An-Introduction-to-Password-Cracking/ http://Data-security.e-articles.info/title/An-Introduction-to-Password-Cracking/ Thu, 13 Sep 2007 03:47:15 GMT Like any product-purchasing decision, before answering the question of which product is right, you first need to decide your specific requirements. For example, if plotting vulnerability- remediation progress over time is something you want automated, then a product's capability to log and plot multiple scan sets is a feature you need to look for. If you have a large NetWare environment, you might want to make sure that the scanner has NetWare-specific checks. If you have to scan 50–100 hosts, efficiency might not be an issue... http://Data-security.e-articles.info/title/What-to-Look-For-When-Choosing-a-Vulnerability-Scanner/ http://Data-security.e-articles.info/title/What-to-Look-For-When-Choosing-a-Vulnerability-Scanner/ Sat, 08 Sep 2007 04:55:20 GMT Turn back the calendar to the early 1990s. The Internet is off the ground and running rampant in universities. CERT is up and operational. The World Wide Web is more-or-less an experiment that is creeping into Gopher's territory... http://Data-security.e-articles.info/title/The-History-of-Vulnerability-Scanners/ http://Data-security.e-articles.info/title/The-History-of-Vulnerability-Scanners/ Wed, 05 Sep 2007 05:23:25 GMT One pitfall in the world of firewalls is that security can be configured so stringently that it can actually impair the process of networking. For example, some studies suggest that the use of a firewall is impractical in environments where users critically depend on distributed applications. Because firewalls can implement such strict security policies, these environments can become bogged down. What they gain in security, they lose in functionality... http://Data-security.e-articles.info/title/Pitfalls-of-Firewalling/ http://Data-security.e-articles.info/title/Pitfalls-of-Firewalling/ Sat, 08 Sep 2007 06:31:30 GMT There are as many definitions out there for network attackers as there are for attacks. Most commonly, you will hear people refer to these individuals as hackers, crackers, script kiddies, black and white hats, and many other names. I will touch on the most common types here. Script Kiddies—Your Biggest Threat? The most common and prolific type of attacker today is the script kiddie... http://Data-security.e-articles.info/title/What-Kinds-of-Web-Attackers-Exist/ http://Data-security.e-articles.info/title/What-Kinds-of-Web-Attackers-Exist/ Mon, 11 Jun 2007 07:39:35 GMT Many con games have been around for years; others are brand new to the Internet. The prime con game on the Internet involves stealing your credit card number so the con artist can rack up charges without your knowledge. Con artists have several ways to steal your credit card number: packet sniffers, web spoofing, phishing, and keystroke loggers. Packet sniffers When you type anything on the Internet (such as your name, phone number, or credit card number), the information doesn't go directly from your computer to the website you're viewing... http://Data-security.e-articles.info/title/PACKET-SNIFFERS,-WEB-SPOOFING,-PHISHERS,-AND-KEYSTROKE-LOGGERS/ http://Data-security.e-articles.info/title/PACKET-SNIFFERS,-WEB-SPOOFING,-PHISHERS,-AND-KEYSTROKE-LOGGERS/ Wed, 15 Aug 2007 08:47:40 GMT Hackers often communicate with each other through Usenet newsgroups. Unlike ordinary newsgroups where people share information and answer questions, hacker newsgroups more often resemble shouting matches full of insults, sprinkled between ads for get-rich-quick schemes or pornography websites. Still, if you don't mind wading through these types of messages cluttering hacker newsgroups, you can learn about the newest hacker websites and share source code and hacker programs with others on the newsgroup. General hacking newsgroups To start learning about hacking in general, try a general-purpose hacking newsgroups... http://Data-security.e-articles.info/title/HACKER-USENET-NEWSGROUPS/ http://Data-security.e-articles.info/title/HACKER-USENET-NEWSGROUPS/ Tue, 11 Sep 2007 09:55:45 GMT The central goal of this article is to set forth a Web application security review methodology that is comprehensive, approachable, and repeatable by readers who wish to apply the wisdom we’ve gained over years of performing them professionally. The basic steps in the methodology are - Profile the infrastructure - Attack Web servers - Survey the application - Attack the authentication mechanism - Attack the authorization schemes - Perform a functional analysis - Exploit the data connectivity - Attack the management interfaces - Attack the client - Launch a denial-of-service attack Profile the Infrastructure The first step in the methodology is to glean a high-level understanding of the target Web infrastructure. Is there a special client necessary to connect to the application? What transports does it use? Over which ports? Howmany servers are there? Is there a load balancer? What is the make and model of the Web server(s)? Are external sites relied on for some functionality? Attack Web Servers The sheer number of Web server software vulnerabilities that have been published makes this one of the first and usually most fruitful areas of research for a Web hacker. If site administration is sloppy, you may hit the jackpot here... http://Data-security.e-articles.info/title/THE-METHODOLOGY-OF-WEB-HACKING/ http://Data-security.e-articles.info/title/THE-METHODOLOGY-OF-WEB-HACKING/ Thu, 31 May 2007 10:23:50 GMT FAT32 is an abbreviation of File allocation table. This file system was originated in 1980’s supporting operating systems are windows MS-Dos. Later on Windows 95 and windows 98 were based on this FAT32 file system. FAT32 was the default file system of windows 98 and windows Me... http://Data-security.e-articles.info/title/What-is-meant-by-FAT32-Filesystem/ http://Data-security.e-articles.info/title/What-is-meant-by-FAT32-Filesystem/ Mon, 28 May 2007 11:31:55 GMT Important operating systems like Windows NT, 2000 and XP is based on NTFS file system. The purpose for developing file systems is to administer files, folders and to manage all that information needed to access the files from local or remote computers. Two versions of NTFS have been released up till now- NTFS 4.0 and NTFS 5... http://Data-security.e-articles.info/title/What-is-meant-by-NTFS-file-system/ http://Data-security.e-articles.info/title/What-is-meant-by-NTFS-file-system/ Sun, 27 May 2007 12:39:15 GMT Buffer overflow attacks, also called data-driven attacks, can be run remotely to gain access and locally to escalate privileges. Buffer overflows in general are designed almost exclusively for UNIX because in order to write a successful buffer overflow, knowledge of the workings of the OS, specifically treatment of the TCP stack, or the target application's memory/buffer-handling processes is necessary. While there are buffer overflows for Windows and Windows-based applications such as the IIS Web server, they are more common on the UNIX environment. UNIX source code is generally available, whereas source code to Microsoft operating systems is generally not... http://Data-security.e-articles.info/title/Buffer-Overflow-Attacks/ http://Data-security.e-articles.info/title/Buffer-Overflow-Attacks/ Thu, 12 Apr 2007 13:47:20 GMT Sniffing is another technique to use internally. A sniffer or packet capture utility is able to capture any traffic traveling along the network segment to which it is connected. We normally set up sniffers throughout the organization to capture network traffic, hoping to identify valuable information such as user IDs and passwords. We use sniffing to passively capture data being sent across the internal network... http://Data-security.e-articles.info/title/What-is-Sniffing/ http://Data-security.e-articles.info/title/What-is-Sniffing/ Thu, 17 May 2007 14:55:25 GMT Dual-homed hosts introduce a significant security hole into the network architecture since they can give users with access rights and privileges on one network or domain the rights and privileges they perhaps are not intended to have on a separate domain. This vulnerability usually appears as a corporate desktop machine connected to the organization's internal LAN and simultaneously connected through a modem line to a local ISP. In such a configuration, anyone on the Internet may be able to access the corporate network through the dial-up connection. However, there are other configurations in which this vulnerability can occur... http://Data-security.e-articles.info/title/Dual-Homed-Hosts/ http://Data-security.e-articles.info/title/Dual-Homed-Hosts/ Mon, 09 Apr 2007 15:23:30 GMT Our general procedure is determined in part by the results of our enumeration and information gathering. We examine the list of known vulnerabilities and potential security holes on the various target hosts and determine which are most likely to be fruitful. Next we pursue exploiting those vulnerabilities to gain root access on the target system. Primary targets are open ports and potentially vulnerable applications... http://Data-security.e-articles.info/title/What-is-Exploitation/ http://Data-security.e-articles.info/title/What-is-Exploitation/ Sun, 22 Apr 2007 16:31:35 GMT There are two distinct types of testing that can be performed: announced and unannounced. The distinction comes when you define what is being tested: network security devices or network security staff. Definitions The following definitions help clarify the differences between the two types of testing. Announced testing is an attempt to access and retrieve preidentified flag file(s) or to compromise systems on the client network with the full cooperation and knowledge of the IT staff... http://Data-security.e-articles.info/title/Announced-vs.-Unannounced-Penetration-Testing/ http://Data-security.e-articles.info/title/Announced-vs.-Unannounced-Penetration-Testing/ Thu, 10 May 2007 17:39:40 GMT There are certain requirements that you must meet in order to be an effective penetration tester in a freelance consultant role. The requirements deal with your level of security skills, your systems and network knowledge, the depth and breadth of tools at your disposal, and the OS and hardware on which you use them. Also critical is your attention to record keeping and maintaining the ethics of security. Potential employers of security consultants performing penetration services should consider the following list before hiring a consultant... http://Data-security.e-articles.info/title/Requirements-for-a-Security-Consultant/ http://Data-security.e-articles.info/title/Requirements-for-a-Security-Consultant/ Wed, 18 Apr 2007 18:47:45 GMT The spread of technology has brought computers more and more into our daily lives. It has brought along with it a collection of myths repeated so many times they seem to be true. These myths can breed either a false sense of security or a sense of paranoia. Neither of these conditions is desirable... http://Data-security.e-articles.info/title/Information-Security-Myths/ http://Data-security.e-articles.info/title/Information-Security-Myths/ Mon, 14 May 2007 19:55:50 GMT All the perceptions of hackers and their portrayal in movies and entertainment have lead to the development of “hacker myths.” These myths involve common misconceptions about hackers and can lead to misconceptions about how to defend against them. Here we have attempted to identify some of these myths and dispel common misconceptions. Hackers are a well-organized, malicious group... http://Data-security.e-articles.info/title/Hacker-Myths/ http://Data-security.e-articles.info/title/Hacker-Myths/ Wed, 16 May 2007 20:23:55 GMT An information security consultant typically tries to help organizations become safer and more secure from hackers. They are usually individuals with a technology-related degree or equivalent technical experience gained either professionally or as a hobby. They likely have a large collection of licensed security tools (commercial, freeware, or shareware), are familiar with all of them, have a user-level understanding of a majority of them, and are extensively experienced with the workings of one or two favorite tools in each tool category. For example, they may have a favorite port scanner, a favorite war dialer, and a favorite vulnerability scanner that they use in their penetration-testing engagements... http://Data-security.e-articles.info/title/Information-Security-Consultants/ http://Data-security.e-articles.info/title/Information-Security-Consultants/ Tue, 15 May 2007 21:31:15 GMT First-Tier Hackers First-tier hackers are programmers who have the ability to find unique vulnerabilities in existing software and to create working exploit code. These hackers, as a whole, are not seeking publicity and are rarely part of front-page news stories. As a result, they are known only to the security community for the programs they write and the exploits they have uncovered. First-tier hackers are individuals with a deep understanding of the OSI model and the TCP stack... http://Data-security.e-articles.info/title/Hacker-Skill-Levels/ http://Data-security.e-articles.info/title/Hacker-Skill-Levels/ Wed, 16 May 2007 22:39:20 GMT Covert channels use shared resources as paths of communication. This requires sharing of space or sharing of time. A covert storage channel uses an attribute of the shared resource. A covert timing channel uses a temporal or ordering relationship among accesses to a shared resource... http://Data-security.e-articles.info/title/Covert-Channels/ http://Data-security.e-articles.info/title/Covert-Channels/ Fri, 16 Feb 2007 23:47:25 GMT Systems isolate processes in two ways. In the first, the process is presented with an environment that appears to be a computer running only that process or those processes to be isolated. In the second, an environment is provided in which process actions are analyzed to determine if they leak information. The first type of environment prevents the process from accessing the underlying computer system and any processes or resources that are not part of that environment... http://Data-security.e-articles.info/title/Isolation/ http://Data-security.e-articles.info/title/Isolation/ Sun, 08 Apr 2007 01:55:30 GMT Consider a client and a server. When the client issues a request to the server, the client sends the server some data. The server then uses the data to perform some function and returns a result (or no result) to the client. Access control affects the function of the server in two ways... http://Data-security.e-articles.info/title/The-Confinement-Problem/ http://Data-security.e-articles.info/title/The-Confinement-Problem/ Mon, 07 May 2007 02:23:35 GMT Like the program-based information flow mechanisms discussed above, both special-purpose and general-purpose computer systems have information flow controls at the system level. File access controls, integrity controls, and other types of access controls are mechanisms that attempt to inhibit the flow of information within a system, or between systems. The first example is a special-purpose computer that checks I/O operations between a host and a secondary storage unit. It can be easily adapted to other purposes... http://Data-security.e-articles.info/title/Example-Information-Flow-Controls/ http://Data-security.e-articles.info/title/Example-Information-Flow-Controls/ Tue, 24 Apr 2007 03:31:40 GMT Information flow policies define the way information moves throughout a system. Typically, these policies are designed to preserve confidentiality of data or integrity of data. In the former, the policy's goal is to prevent information from flowing to a user not authorized to receive it. In the latter, information may flow only to processes that are no more trustworthy than the data... http://Data-security.e-articles.info/title/Information-flow-policies/ http://Data-security.e-articles.info/title/Information-flow-policies/ Mon, 30 Apr 2007 04:39:45 GMT Conceptually, a capability is like the row of an access control matrix. Each subject has associated with it a set of pairs, with each pair containing an object and a set of rights. The subject associated with this list can access the named object in any of the ways indicated by the named rights. More formally: Let O be the set of objects, and R the set of rights, of a system... http://Data-security.e-articles.info/title/Capabilities/ http://Data-security.e-articles.info/title/Capabilities/ Fri, 16 Mar 2007 05:47:50 GMT An obvious variant of the access control matrix is to store each column with the object it represents. Thus, each object has associated with it a set of pairs, with each pair containing a subject and a set of rights. The named subject can access the associated object using any of those rights. More formally: Let S be the set of subjects, and R the set of rights, of a system... http://Data-security.e-articles.info/title/Access-Control-Lists-ACL/ http://Data-security.e-articles.info/title/Access-Control-Lists-ACL/ Fri, 20 Apr 2007 06:55:55 GMT Identification on the Internet arises from associating a particular host with a connection or message. The recipient can determine the origin from the incoming packet. If only one person is using the originating host, and the address is not spoofed, someone could guess the identity of the sender with a high degree of accuracy. An anonymizer is a site that hides the origins of connections... http://Data-security.e-articles.info/title/Anonymity-on-the-Web/ http://Data-security.e-articles.info/title/Anonymity-on-the-Web/ Tue, 27 Feb 2007 07:23:15 GMT Host identity is intimately bound to networking. A host not connected to any network can have any name, because the name is used only locally. A host connected to a network can have many names or one name, depending on how the interface to the network is structured and the context in which the name is used. The ISO/OSI model provides a context for the issue of naming... http://Data-security.e-articles.info/title/Host-Identity/ http://Data-security.e-articles.info/title/Host-Identity/ Mon, 16 Apr 2007 08:31:20 GMT Identity is simply a computer's representation of an entity. A principal is a unique entity. An identity specifies a principal. Authentication binds a principal to a representation of identity internal to the computer... http://Data-security.e-articles.info/title/What-Is-Computer-Identity/ http://Data-security.e-articles.info/title/What-Is-Computer-Identity/ Tue, 08 May 2007 09:39:25 GMT The principles of secure design discussed in this section express common-sense applications of simplicity and restriction in terms of computing. Principle of Least Privilege This principle restricts how privileges are granted. The principle of least privilege states that a subject should be given only those privileges that it needs in order to complete its task. If a subject does not need an access right, the subject should not have that right... http://Data-security.e-articles.info/title/The-Principles-of-Secure-Computing-Design/ http://Data-security.e-articles.info/title/The-Principles-of-Secure-Computing-Design/ Tue, 17 Apr 2007 10:47:30 GMT Identification by physical characteristics is as old as humanity. Recognizing people by their voices or appearance, and impersonating people by assuming their appearance, was widely known in classical times. Efforts to find physical characteristics that uniquely identify people include the Bertillion cranial maps, fingerprints, and DNA sampling. Using such a feature to identify people for a computer would ideally eliminate errors in authentication... http://Data-security.e-articles.info/title/Biometrics/ http://Data-security.e-articles.info/title/Biometrics/ Tue, 08 May 2007 11:55:35 GMT As electronic commerce grows, so does the need for a provably high degree of authentication. Think of Alice's signature on a contract with Bob. Bob not only has to know that Alice is the other signer and is signing it; he also must be able to prove to a disinterested third party (called a judge) that Alice signed it and that the contract he presents has not been altered since Alice signed it. Such a construct is called a digital signature... http://Data-security.e-articles.info/title/Digital-Signatures/ http://Data-security.e-articles.info/title/Digital-Signatures/ Thu, 03 May 2007 12:23:40 GMT Key storage arises when a user needs to protect a cryptographic key in a way other than by remembering it. If the key is public, of course, any certificate-based mechanism will suffice, because the goal is to protect the key's integrity. But secret keys (for classical cryptosystems) and private keys (for public key cryptosystems) must have their confidentiality protected as well. Key Storage Protecting cryptographic keys sounds simple: just put the key into a file, and use operating system access control mechanisms to protect it... http://Data-security.e-articles.info/title/Storing-and-Revoking-Keys/ http://Data-security.e-articles.info/title/Storing-and-Revoking-Keys/ Thu, 29 Mar 2007 13:31:45 GMT Because classical cryptosystems use shared keys, it is not possible to bind an identity to a key. Public key cryptosystems use two keys, one of which is to be available to all. The association between the cryptographic key and the principal is critical, because it determines the public key used to encipher messages for secrecy. If the binding is erroneous, someone other than the intended recipient could read the message... http://Data-security.e-articles.info/title/Cryptographic-Key-Infrastructures/ http://Data-security.e-articles.info/title/Cryptographic-Key-Infrastructures/ Fri, 24 Nov 2006 14:39:50 GMT Conceptually, public key cryptography makes exchanging keys very easy. Alice -> Bob : { ksession } eBob where eBob is Bob's public key. Bob deciphers the message and obtains the session key ksession. Now he and Alice can communicate securely, using a classical cryptosystem... http://Data-security.e-articles.info/title/Public-Key-Cryptographic-Key-Exchange-and-Authentication/ http://Data-security.e-articles.info/title/Public-Key-Cryptographic-Key-Exchange-and-Authentication/ Wed, 04 Apr 2007 15:47:55 GMT Suppose Alice and Bob wish to communicate. If they share a common key, they can use a classical cryptosystem. But how do they agree on a common key? If Alice sends one to Bob, Eve the eavesdropper will see it and be able to read the traffic between them. To avoid this bootstrapping problem, classical protocols rely on a trusted third party, Cathy... http://Data-security.e-articles.info/title/Classical-Cryptographic-Key-Exchange-and-Authentication/ http://Data-security.e-articles.info/title/Classical-Cryptographic-Key-Exchange-and-Authentication/ Sat, 14 Apr 2007 16:55:15 GMT We distinguish between a session key and an interchange key. An interchange key is a cryptographic key associated with a principal to a communication. A session key is a cryptographic key associated with the communication itself. This distinction reflects the difference between a communication and a user involved in that communication... http://Data-security.e-articles.info/title/Session-and-Interchange-Keys/ http://Data-security.e-articles.info/title/Session-and-Interchange-Keys/ Wed, 11 Apr 2007 17:23:20 GMT In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between encipherment and decipherment keys. One of the keys would be publicly known; the other would be kept private by its owner. Classical cryptography requires the sender and recipient to share a common key. Public key cryptography does not... http://Data-security.e-articles.info/title/Public-Key-Cryptography/ http://Data-security.e-articles.info/title/Public-Key-Cryptography/ Tue, 08 May 2007 18:31:25 GMT Security policies can have few details, or many. The explicitness of a security policy depends on the environment in which it exists. A research lab or office environment may have an unwritten policy. A bank needs a very explicit policy... http://Data-security.e-articles.info/title/Academic-Computer-Security-Policy/ http://Data-security.e-articles.info/title/Academic-Computer-Security-Policy/ Mon, 16 Apr 2007 19:39:30 GMT The role of trust is crucial to understanding the nature of computer security. Articles present theories and mechanisms for analyzing and enhancing computer security, but any theories or mechanisms rest on certain assumptions. When someone understands the assumptions her security policies, mechanisms, and procedures rest on, she will have a very good understanding of how effective those policies, mechanisms, and procedures are. Let us examine the consequences of this maxim... http://Data-security.e-articles.info/title/The-Role-of-Trust-in-Computer-Security/ http://Data-security.e-articles.info/title/The-Role-of-Trust-in-Computer-Security/ Tue, 10 Apr 2007 20:47:35 GMT Each site has its own requirements for the levels of confidentiality, integrity, and availability, and the site policy states these needs for that particular site. A military security policy (also called a governmental security policy) is a security policy developed primarily to provide confidentiality. The name comes from the military's need to keep information, such as the date that a troop ship will sail, secret. Although integrity and availability are important, organizations using this class of policies can overcome the loss of eitherfor example, by using orders not sent through a computer network... http://Data-security.e-articles.info/title/Types-of-Security-Policies/ http://Data-security.e-articles.info/title/Types-of-Security-Policies/ Fri, 23 Feb 2007 21:55:40 GMT Given a security policy's specification of "secure" and "nonsecure" actions, these security mechanisms can prevent the attack, detect the attack, or recover from the attack. The strategies may be used together or separately. Prevention means that an attack will fail. For example, if one attempts to break into a host over the Internet and that host is not connected to the Internet, the attack has been prevented... http://Data-security.e-articles.info/title/Goals-of-Computer-Security/ http://Data-security.e-articles.info/title/Goals-of-Computer-Security/ Fri, 23 Feb 2007 22:23:45 GMT Implementing computer security controls is complex, and in a large organization procedural controls often become vague or cumbersome. Regardless of the strength of the technical controls, if nontechnical considerations affect their implementation and use, the effect on security can be severe. Moreover, if configured or used incorrectly, even the best security control is useless at best and dangerous at worst. Thus, the designers, implementers, and maintainers of security controls are essential to the correct operation of those controls... http://Data-security.e-articles.info/title/Human-Issues-regarding-Computer-Security/ http://Data-security.e-articles.info/title/Human-Issues-regarding-Computer-Security/ Mon, 07 May 2007 23:31:50 GMT A threat is a potential violation of security. The violation need not actually occur for there to be a threat. The fact that the violation might occur means that those actions that could cause it to occur must be guarded against (or prepared for). Those actions are called attacks... http://Data-security.e-articles.info/title/Common-Threats/ http://Data-security.e-articles.info/title/Common-Threats/ Thu, 26 Apr 2007 01:39:55 GMT Computer security rests on confidentiality, integrity, and availability. The interpretations of these three aspects vary, as do the contexts in which they arise. The interpretation of an aspect in a given environment is dictated by the needs of the individuals, customs, and laws of the particular organization. Confidentiality Confidentiality is the concealment of information or resources... http://Data-security.e-articles.info/title/Computer-security-~-The-Basic-Components/ http://Data-security.e-articles.info/title/Computer-security-~-The-Basic-Components/ Mon, 07 May 2007 02:47:15 GMT The Trojan Horse got its name from the old mythical story about how the Greeks gave their enemy a huge wooden horse as a gift during the war. The enemy accepted this gift and they brought it into their kingdom, and during the night, Greek soldiers crept out of the horse and attacked the city, completely overcoming it. A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown by the user... http://Data-security.e-articles.info/title/Trojans-and-Backdoors/ http://Data-security.e-articles.info/title/Trojans-and-Backdoors/ Sat, 21 Apr 2007 03:55:20 GMT 1. Introduction: Packet sniffer is a program which monitors network traffic which passes through your computer. A packet sniffer which runs on your PC connected to the internet using a modem, can tell you your current IP address as well as the IP addresses of the web servers whose sites you are visiting. You can watch all the un-encrypted data that travels from your computer, onto the internet... http://Data-security.e-articles.info/title/Packet-Sniffing:-Sniffing-Tools-Detection-Prevention-Methods/ http://Data-security.e-articles.info/title/Packet-Sniffing:-Sniffing-Tools-Detection-Prevention-Methods/ Fri, 20 Apr 2007 04:23:25 GMT Passphrase Considerations: SSH private keys are protected with a passphrase rather than a password. What makes a good passphrase? A passphrase differs from a password in that it should be composed of multiple words and more difficult to guess. The same rules that apply to creating good passwords also apply to creating good passphrases. The following is a list of suggestions for creating a good passphrase... http://Data-security.e-articles.info/title/What-makes-a-good-passphrase/ http://Data-security.e-articles.info/title/What-makes-a-good-passphrase/ Mon, 26 Feb 2007 05:31:30 GMT Viruses have been around for a very long time, and while the Internet is still rampant with these dangerous programs, they are finally starting to become a little less common in favor of other forms of destructive malware and spyware. Fortunately, out of all of the different computer menaces in existence, computer viruses are one of the easiest to defend yourself from. Because of advances in antivirus software, a good, frequently updated anti-virus utility is really all that is needed. Initially anti-virus software took a more passive role in protecting your computer... http://Data-security.e-articles.info/title/Viruses-and-antivirus-software/ http://Data-security.e-articles.info/title/Viruses-and-antivirus-software/ Mon, 12 Feb 2007 06:39:35 GMT Spyware has become the fastest growing concern among computer users today. It is uncommon to find a computer that has never been infected with some sort of a spyware application. Because of vulnerabilities discovered mostly in Internet Explorer and other software and the bundling of spyware with some common applications, spyware is often secretly installed on a user's machine. The first time most users notice an indication of the presence of spyware on their system is when, out of nowhere, an advertisement pops up relevant to something they are or had been doing on their computer... http://Data-security.e-articles.info/title/What-is-spyware-and-antispyware-software/ http://Data-security.e-articles.info/title/What-is-spyware-and-antispyware-software/ Wed, 21 Feb 2007 07:47:40 GMT Software firewalls all operate using a similar methodology. All data routed into and out of your PC is done using ports. The firewall software is configured to monitor these ports and only allow traffic on those that are specifically enabled to do so, while blocking all other traffic. When a remote computer attempts to connect to your computer on a port that the firewall has blocked, the connection is prevented... http://Data-security.e-articles.info/title/How-Software-Firewalls-Protect-Your-PC-from-Attacks/ http://Data-security.e-articles.info/title/How-Software-Firewalls-Protect-Your-PC-from-Attacks/ Wed, 21 Feb 2007 08:55:45 GMT Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between parties involved in online transactions over digital networks... http://Data-security.e-articles.info/title/Why-Is-Authenticated-SSL-Necessary/ http://Data-security.e-articles.info/title/Why-Is-Authenticated-SSL-Necessary/ Wed, 09 Aug 2006 09:23:50 GMT A digital identification (ID), also known as a digital certificate, is the electronic equivalent to a passport or business license. It is a credential, issued by a trusted authority, that individuals or organizations can present electronically to prove their identity or their right to access information. When a computer applcation issues digital IDs, it verifies that the owner is not claiming a false identity. Just as when a government issues a passport, it is officially vouching for the identity of the holder... http://Data-security.e-articles.info/title/How-Do-Digital-IDs-Work/ http://Data-security.e-articles.info/title/How-Do-Digital-IDs-Work/ Fri, 29 Sep 2006 10:31:55 GMT The EASI framework specifies the interactions among the security services and application components that use those security services. By using common interfaces, it’s possible to add new security technology solutions without making big changes to the existing framework. In this way, the EASI framework supports “plug-ins” for new security technologies. Applications The security framework provides enterprise security services for presentation components, business logic components, and the back office... http://Data-security.e-articles.info/title/EASI-(End-to-End-Enterprise-Application-Security-Integration)-Framework/ http://Data-security.e-articles.info/title/EASI-(End-to-End-Enterprise-Application-Security-Integration)-Framework/ Wed, 23 Aug 2006 11:39:15 GMT As e-commerce environments have evolved to distributed component models, security technologies have been trying to keep up. Most of the pieces of the security puzzle exist as off-the-shelf products, but it still takes considerable effort to put all these pieces together to build an integrated solution. Twenty-two years ago, life was reasonably simple for the security professional. Sensitive data resided on monolithic backend data stores... http://Data-security.e-articles.info/title/End-to-End-Enterprise-Application-Security-Integration-(EASI)/ http://Data-security.e-articles.info/title/End-to-End-Enterprise-Application-Security-Integration-(EASI)/ Sat, 23 Sep 2006 12:47:20 GMT Information security is a serious concern for most businesses. Even though reporting of computer-based crime is sporadic because companies fear negative publicity and continued attacks, the trend is quite clear: information security attacks continue to be a real threat to businesses. According to a recent Computer Security Institute Survey, 72% of interviewed businesses reported that they had been subjects of serious information security attacks in 2002. Seventy-four percent of the businesses reported that the attacks caused significant financial losses, such as losses due to financial fraud or theft of valuable intellectual property... http://Data-security.e-articles.info/title/Information-Security-~-A-Proven-Concern/ http://Data-security.e-articles.info/title/Information-Security-~-A-Proven-Concern/ Tue, 05 Sep 2006 13:55:25 GMT The breadth of information security in e-commerce applications is broader than you might expect. Many system architects and developers are accustomed to thinking about security as a low-level topic, dealing only with networks, firewalls, operating systems, and cryptography. However, e-commerce is changing the risk levels associated with deploying software, and, as a consequence, security becomes an important design issue for any software component. The scope of e-commerce security is so broad because these applications typically cut across lines of business... http://Data-security.e-articles.info/title/E-Commerce-Solutions-Create-New-Security-Responsibilities/ http://Data-security.e-articles.info/title/E-Commerce-Solutions-Create-New-Security-Responsibilities/ Fri, 01 Sep 2006 14:23:30 GMT As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a single site name Service providers using virtual and shared hosting configurations But, in complex, multiserver environments, SSL server certificates must be used carefully if they are to serve their purpose of reliably identifying sites and the businesses operating them to visitors and encrypt e-commerce transactions—thus, establishing the trust that customers require before engaging in e-commerce. When used properly in an e-commerce trust infrastructure equipped with multiple servers, SSL server certificates must still satisfy the three requirements of online trust: Client applications, such as Web browsers, can verify that a site is protected by an SSL server certificate by matching the “common name” in a certificate to the domain name (such as www.verisign... http://Data-security.e-articles.info/title/Securing-Multiple-Servers-and-Domains-with-SSL/ http://Data-security.e-articles.info/title/Securing-Multiple-Servers-and-Domains-with-SSL/ Wed, 02 Aug 2006 15:31:35 GMT Cybercrime is not the only reason for malicious attacks. Could it be that companies themselves are not taking the necessary preventive measures? Lists of Mistakes According to the SANS Institute, the answer to the preceding question is “Yes!” SANs has developed the following three lists of mistakes people make that enable attackers. End Users: The Five Worst Security Mistakes Opening unsolicited e-mail attachments from unreliable sources Forgetting to install security patches, including ones for Microsoft Office, Microsoft Internet Explorer, and Netscape Downloading screen savers or games from unreliable sources Not creating or testing backups Using a modem while connected through a local area network Corporate Management: The Seven Top Errors That Lead to Computer Security Vulnerabilities Not providing training to the assigned people who maintain security within the company Only acknowledging physical security issues while neglecting the need to secure information Making a few fixes to security problems and not taking the necessary measures to ensure the problems are fixed Relying mainly on a firewall Failing to realize how much money intellectual property and business reputations are worth Authorizing only short-term fixes so problems reemerge rapidly Pretending the problem will go away if ignored IT Professionals: The Ten Worst Security Mistakes Connecting systems to the Internet before hardening them Connecting test systems to the Internet with default accounts/passwords Failing to update systems when security holes are found Using unencrypted protocols for managing systems, routers, firewalls, and PKI Giving users passwords over the phone or changing them when the requester is not authenticated Failing to maintain and test backups Running unnecessary services Implementing firewalls with rules that do not prevent dangerous incoming or outgoing traffic Failing to implement or update virus detection software Failing to educate users on what to do when they see a potential security problem .... http://Data-security.e-articles.info/title/Cybercrime-~-Threats-Due-to-Lack-of-Security/ http://Data-security.e-articles.info/title/Cybercrime-~-Threats-Due-to-Lack-of-Security/ Thu, 12 Oct 2006 16:39:40 GMT The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathematical formula, modern encryption technology makes it possible to protect sensitive information with an electronic lock that bars thieves, hackers, and industrial spies... http://Data-security.e-articles.info/title/Protecting-the-Security-of-Information/ http://Data-security.e-articles.info/title/Protecting-the-Security-of-Information/ Wed, 09 Aug 2006 17:47:45 GMT • Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5). • Encryption is transparent to the user. • Uses public-key encryption... http://Data-security.e-articles.info/title/Features-of-Windows-Encrypting-File-System-(EFS)/ http://Data-security.e-articles.info/title/Features-of-Windows-Encrypting-File-System-(EFS)/ Thu, 10 Aug 2006 18:55:50 GMT From lessons in biology, we know that viruses infect every other organism, without exception, including even the tiniest bacteria. Thus, biologists and anti-virus experts were not surprised to hear of the first malware infections of mobile devices. The first PDA virus appeared on the Palm platform in 2000. The Palm OS has a different architecture from desktop computers, so it is less suscep-tible to immediate infections from existing desktop viruses... http://Data-security.e-articles.info/title/Short-history-about-Internet-Viruses-on-Palm-OS/ http://Data-security.e-articles.info/title/Short-history-about-Internet-Viruses-on-Palm-OS/ Tue, 15 Aug 2006 19:23:55 GMT The dangers of Trojans and viruses are well known. However, many computer users are completely unaware of the dangers involved in viewing Web pages. Through scripting languages, Web page operators can upload and download files to your device (PC/PDA). They can also install mini-programs or grab information from you that can be used to destroy or take over your computer... http://Data-security.e-articles.info/title/How-to-protect-against-Hostile-Web-Pages-and-Scripting/ http://Data-security.e-articles.info/title/How-to-protect-against-Hostile-Web-Pages-and-Scripting/ Thu, 10 Aug 2006 20:31:15 GMT There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book... http://Data-security.e-articles.info/title/Virus-Prevention-~-How-to-protect-against-Internet-Viruses/ http://Data-security.e-articles.info/title/Virus-Prevention-~-How-to-protect-against-Internet-Viruses/ Thu, 10 Aug 2006 21:39:20 GMT This section will give a brief introduction to viruses. We will define them and discuss how they have evolved from the desktop. In addition, we will examine how they might evolve in the near future over wireless media. Viruses A computer virus is a program that has the capability to reproduce itself into other files or programs on the infected system and/or systems connected via a network... http://Data-security.e-articles.info/title/Virus-Overview-~-What-are-Viruses-How-Does-a-Internet-Virus-Work;-Types-of-Internet-Viruses/ http://Data-security.e-articles.info/title/Virus-Overview-~-What-are-Viruses-How-Does-a-Internet-Virus-Work;-Types-of-Internet-Viruses/ Sat, 19 Aug 2006 22:47:25 GMT Because of their susceptibility to viruses, handheld devices are potentially dangerous to a corporate network. In addition, small business and home users will probably soon require protection from wireless viruses. Malicious virus writers have a passion for "owning" new technology. New platforms such as Palm and Windows CE are highly sought targets by virus and Trojan writers... http://Data-security.e-articles.info/title/Wireless-Network-Viruses-~-Airborne-Viruses/ http://Data-security.e-articles.info/title/Wireless-Network-Viruses-~-Airborne-Viruses/ Sat, 19 Aug 2006 23:55:30 GMT Hackers can wreak havoc without ever penetrating your system. For example, a hacker can effectively shut down your computer by flooding you with obnoxious signals or malicious code. This technique is known as a denial-of-service attack. Hackers execute a denial-of-service attack by using one of two possible methods... http://Data-security.e-articles.info/title/What-are-Denial-of-Service-Attacks-(DOS-attacks)-and-how-to-protect-against-them/ http://Data-security.e-articles.info/title/What-are-Denial-of-Service-Attacks-(DOS-attacks)-and-how-to-protect-against-them/ Sat, 12 Aug 2006 01:23:35 GMT When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed... http://Data-security.e-articles.info/title/How-to-protect-against-Unexpected-Inputs/ http://Data-security.e-articles.info/title/How-to-protect-against-Unexpected-Inputs/ Sat, 05 Aug 2006 02:31:40 GMT Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders... http://Data-security.e-articles.info/title/What-are-Buffer-Overflows/ http://Data-security.e-articles.info/title/What-are-Buffer-Overflows/ Mon, 07 Aug 2006 03:39:45 GMT Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. However, the purpose is generally the same: to disguise the location from which the attack originates. Session hijacking takes the act of spoofing one step further... http://Data-security.e-articles.info/title/How-to-protect-against-Spoofing-and-Session-Hijacking/ http://Data-security.e-articles.info/title/How-to-protect-against-Spoofing-and-Session-Hijacking/ Fri, 21 Jul 2006 04:47:50 GMT A sniffer is a program and/or device that monitors all information passing through a computer network. It sniffs the data passing through the network off the wire and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter a certain type of data, capture passwords, and more. Some sniffers (for example, the FBI's controversial mass-monitoring tool Carnivore) can even rebuild files sent across a network, such as an email or Web page... http://Data-security.e-articles.info/title/What-is-a-Sniffer-and-How-to-Protect-your-Data-Against-Sniffing/ http://Data-security.e-articles.info/title/What-is-a-Sniffer-and-How-to-Protect-your-Data-Against-Sniffing/ Mon, 14 Aug 2006 05:55:55 GMT The stereotyped image conjured up by most people when they hear the term "hacker" is that of a pallid, atrophied recluse cloistered in a dank bedroom, whose spotted complexion is revealed only by the unearthly glare of a Linux box used for port scanning with Perl. This mirage might be set off by other imagined features, such as dusty stacks of Dungeons and Dragons lore from the 1980s, empty Jolt Cola cans, and Japanese techno music streaming from the Net. However, although computer skill is central to a hacker's profession, there are many additional facets that he must master. In fact, if all you can do is point and click, you are a script kiddie, not a hacker... http://Data-security.e-articles.info/title/Diverse-Hacker-Attack-Methods/ http://Data-security.e-articles.info/title/Diverse-Hacker-Attack-Methods/ Fri, 18 Aug 2006 06:23:15 GMT The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network. In order to understand how a firewall works, one should have an understanding of packets, IP addresses and DoS attacks... http://Data-security.e-articles.info/title/The-Most-Common-Network-Security-Tools-and-Technologies/ http://Data-security.e-articles.info/title/The-Most-Common-Network-Security-Tools-and-Technologies/ Wed, 02 Aug 2006 07:31:20 GMT A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites... http://Data-security.e-articles.info/title/Which-Are-The-Most-Common-Network-Security-Risks/ http://Data-security.e-articles.info/title/Which-Are-The-Most-Common-Network-Security-Risks/ Fri, 28 Jul 2006 08:39:25 GMT