Posts Tagged ‘Security’

Current Internet Network Security Policies Are Nonsense and Need an Urgent Rewrite

Somerset, NJ (PRWEB) September 23, 2005

Data-recovery-reviews.com,(http://www.data-recovery-reviews.com ), the leading portal on data storage, data recovery and network security has suggested that internet network security policy frameworks that deal with organization wide internet security need a radical rethink.

In a recent interview, Gary J, lead editor for data-recovery-reviews.com, suggested that internet network security policies in most Fortune 500 companies are flawed in strategy and implementation.

Gary suggests that the use of external consultants for the entire internet network security policy framework is not a great idea since the external consultants will find it difficult to grasp the intricacies and business drivers for the network security decisions. Also, internal employees do not contribute to the internet network security policies due to corporate stakeholder issues.

Also, in terms of implementation, the internet network security policy should be disseminated to each and every employee of the company through seminars , handouts and quizzes rather than an innocuous email that no one in the company reads.

Gary also suggested that the network security policy, should capture the latest trends in the network security industry rather than playing catch up. One of the network security aspects that Internet network security policy makers should be worried about now is access to corporate data through a Blackberry or a mobile phone.

In short, internet network security policies for Fortune 500 companies will have to be rewritten with the involvement of employees and properly disseminated.

Data-recovery-reviews.com is the industry leading portal on data network security, data storage and data recovery.

References:

http://www.data-recovery-reviews.com : The data center people

http://www.data-recovery-reviews.com/internetnetwork-security-policy.htm


Whats wrong with network security policies

# # #

To defense your iPhone

Here are some basic and advance defense technique you can use it on your iPhone.

Basic defense

Use a password

Go to Settings>General>Passcode Lock to set your password. Remember to enable the “Erase Data” option, this will wipe out all data on your phone after 10 failed passcode attempts.

Install Anti-theft and snoop detection alarm

This software will cost you US$0.99. It worth buying this software as you do not wish to spend another few hundred bucks to buy another iPhone. This app works based on the iPhone accelerometer. Once it is armed, any movement detected by the accelerometer will be interpreted as an attempt to swipe your iPhone. Then an alarm will sound off.

Install Motion Alarm

Price at US$1.99 and is available at crowdedroad.com. This app is similar to the previous software just that it is more sensitive and if set to stealth mode option it allows the app to secretly send its GPS coordinates to a preset e-mail address.

Advance defense

Install MobileMe

Not sure about this pricing but by looking at the features it provide, it definitely going to be expensive. Once the program is install in your iPhone you can go to MobileMe site to assign a passcode remotely or set the phone to pop up a message. It is also able to estimate your handset’s location on Google Maps. If your phone is stolen you can choose to remotely wipe out all data on your iPhone. Moreover the only way to disable MobileMe features is to do a hard reset.

via digital life

Fujitsu Develops High-Speed Image-Capture Technology for Palm Vein Biometric Authentication

Fujitsu Palm Vein Biometric 1

Fujitsu had announced the newly development of the world’s first imaging technology for use in palm vein biometric authentication that can operate while the palm is in motion. A person palm needs only to be passed over a sensor for authentication and the device requires approximately only one millisecond to capture the image of your palm vein. You do not need to stay still to wait for the device to capture your palm vein image, Fujitsu Laboratories has confirmed that these new imaging techniques can capture images of palm vein patterns even while the hand is in motion.

With this new feature, it is possible to authenticate an individual’s identity using palm vein authentication with the same ease as of the pic shown above, for example, gliding non-contact smartcards over a train-station turnstile gate, a widely-deployed technology for commuters in Japan. This new technology will make it easier to deploy easy-to-use and highly-precise palm vein authentication systems in a wide range of venues that require reliable and convenient security systems, including corporations, government offices, and hospitals.

via akihabaranews

Beware of 1 April – Conflicker Worm

Worms

In fact this worm has appeared in year 2008, and had been wreaking havoc on internet users ever since it was release to the internet. According to security official this worm is about to get even more dangerous when it receives its latest refresh in a series of periodic updates on April 1. So be sure to update your Windows security patch and also your anti-virus to prevent it from infecting your PC. US-CERT recommended that Windows users apply Microsoft security patch MS08-067 to help provide protection against the worm. The patch is designed to prevent an attacker from remotely taking control of an infected computer system and installing additional malicious software. Take note this worm can be triggered to steal data, generate spam attacks or turn control of infected computers over to hackers amassing “zombie” machines into “botnet” armies.

Source: Dailytech

Two good ways to protect your data

With so many security flaw lying around the internet it is important that we as a user must learn new way to secure our data. We can no longer just simply rely on the internet browser to safe guard our info. Last year dec 2008 there are reports that Internet Explorer and Mozilla firefox has serious security flaws. By searching around the internet i found two free open source software which can safe guard your data and password.

TrueCrypt

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Main TrueCrypt Window

TrueCrypt Volume Creation Wizard – encryption/hash algorithms

KeePass

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage’s FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Main Window

Entering the Password

Generating Random Numbers

Hope my this two simple way will help to enhance your overall data security.