How easy is to spoof a e-mail address. All can be achieved by a simple PHP code accessible in many places across the internet. It often contains a html website layouts and signatures therefore it becomes even harder to detect. Most of the times it's being broadcast-ed to thousands at the time. Its a great tool to get some credentials or other personal information. It can also be used as a small clever denial of service attack depends on the target and aims.
$frm = "John@microsoft.com";
$attn1 = "Steve@bbc.co.uk";
$subject = 'Hi Steve';
$message = "
Hello x,
info,
malicious link
John \n
";
$from = "From: $frm\r\n";
mail($attn1, $subject, $message, $from);
?>
Wednesday, 12 January 2011
Friday, 7 January 2011
ISO 27001 (17799) - brief Overview
Security of information is essential for reliability, and perhaps even the survival of the organisation. Every IT infrastructure uses data clusters for storing the information and they are often being targeted by attackers who want to infiltrate their resources for many different reasons, quite often financial. It’s not as it use to be years ago where we had to deal with individual or group of individuals who where gaining access to classified documents for fun. Nowadays there are organisation having a proper managers and directors who hire programmers and make business by breaking into systems and stealing personal data. The security became even more important as much as complicated to fight as what we call now cybercrime.
ISO 27001/2 helps to manage a valuable resource of information and protects it.
ISO 27001/2 is the international standard that specifies requirements for information security management systems (ISMS) and it has been developed to ensure the selection of adequate and organised security measures are implemented at least at minimum level.
This helps in protecting information and give confidence to users, managers and directors of company that has implemented it. The standard process is based on the method of establishing, implementing, operating, monitoring, testing, maintaining and improving Information systems.
(Calder A., et al. Information Security Risk Management for ISO 27001/ISO 17799 ,2007)
ISO 27001 areas
• Security policy – controls the security structure with law and business requirements, it’s including two parts: information security policy document which shows overall approach and dedication of the organisation to their information security. Second part is the review of information security policy which is based on the first document and shows ongoing progress.
• Organization of information security – is quite detailed and important as it has ability to manage the information security within the company. It’s based on authorisation and accountability – rights are assigned to the job descriptions. Documents the rights for external services like auditors and provides user agreements and risk assessment for both internal and external authorities.
• Asset Classification and Control – is a set of policies which helps with protecting company assets. Provides some classification for the assets so it is obvious which information should be protected more than the other and also policies on which some assets may need to be disposed.
• Personnel Security – addresses a ways to reduce a risk based on human interactivity with the system. As nowadays we refer to code of conduct or terms and conditions of employment that are some of its implementation. It also defines rules in case of violation of its implemented policies.
• Physical and Environmental Security –as it can understood by its name controls the risk based on the premises of the organisation. All sets of health and safety tests, environmental hazards and most importantly it need to be classified so that for instance a payroll officer hasn’t got physical access to Data Centre unless his job description entitles him to. It contains a mechanism which should be triggered in case of a security breach.
• Communication and Operation Management – includes a general ability to control proper functionality of all the assets and operations. Sets of operational procedures, rules to reduce the risk in case of malicious software being detected and network management. It should also contain information about incident management and ways to evaluate the security of current state of the system.
• Access Control – it simply means user and host control. Mechanisms to register and review user accounts, define network routing and segmentation which is also a form of access control for instance you can listen to the network traffic if you are on different subnet. Its host access control is for instance implementation of connection timeouts. One of the most modern sets of policies are set towards mobile computing due to its growth over the years.
• System Development and Maintenance – addresses set of rules to make sure that appropriate security controls are implemented and maintained. Few sub components are cryptography, software integrity and development security all of which are ensuring the integrity and reviewing the development process.
• Business Continuity Management – includes set of policies in case of service interruptions, set of strategies and counteraction in case of that happening.
• Compliance – as it can be understood by its name is a set of policies in place to make sure that everything is up to some sort of standard, it includes things like Data privacy often seen on commercial websites as well as many internal documents such as intellectual property rights.
(audit-is.com.ISO 27002 (ISO 17799), 2006)
ISO 27001/2 helps to manage a valuable resource of information and protects it.
ISO 27001/2 is the international standard that specifies requirements for information security management systems (ISMS) and it has been developed to ensure the selection of adequate and organised security measures are implemented at least at minimum level.
This helps in protecting information and give confidence to users, managers and directors of company that has implemented it. The standard process is based on the method of establishing, implementing, operating, monitoring, testing, maintaining and improving Information systems.
(Calder A., et al. Information Security Risk Management for ISO 27001/ISO 17799 ,2007)
ISO 27001 areas
• Security policy – controls the security structure with law and business requirements, it’s including two parts: information security policy document which shows overall approach and dedication of the organisation to their information security. Second part is the review of information security policy which is based on the first document and shows ongoing progress.
• Organization of information security – is quite detailed and important as it has ability to manage the information security within the company. It’s based on authorisation and accountability – rights are assigned to the job descriptions. Documents the rights for external services like auditors and provides user agreements and risk assessment for both internal and external authorities.
• Asset Classification and Control – is a set of policies which helps with protecting company assets. Provides some classification for the assets so it is obvious which information should be protected more than the other and also policies on which some assets may need to be disposed.
• Personnel Security – addresses a ways to reduce a risk based on human interactivity with the system. As nowadays we refer to code of conduct or terms and conditions of employment that are some of its implementation. It also defines rules in case of violation of its implemented policies.
• Physical and Environmental Security –as it can understood by its name controls the risk based on the premises of the organisation. All sets of health and safety tests, environmental hazards and most importantly it need to be classified so that for instance a payroll officer hasn’t got physical access to Data Centre unless his job description entitles him to. It contains a mechanism which should be triggered in case of a security breach.
• Communication and Operation Management – includes a general ability to control proper functionality of all the assets and operations. Sets of operational procedures, rules to reduce the risk in case of malicious software being detected and network management. It should also contain information about incident management and ways to evaluate the security of current state of the system.
• Access Control – it simply means user and host control. Mechanisms to register and review user accounts, define network routing and segmentation which is also a form of access control for instance you can listen to the network traffic if you are on different subnet. Its host access control is for instance implementation of connection timeouts. One of the most modern sets of policies are set towards mobile computing due to its growth over the years.
• System Development and Maintenance – addresses set of rules to make sure that appropriate security controls are implemented and maintained. Few sub components are cryptography, software integrity and development security all of which are ensuring the integrity and reviewing the development process.
• Business Continuity Management – includes set of policies in case of service interruptions, set of strategies and counteraction in case of that happening.
• Compliance – as it can be understood by its name is a set of policies in place to make sure that everything is up to some sort of standard, it includes things like Data privacy often seen on commercial websites as well as many internal documents such as intellectual property rights.
(audit-is.com.ISO 27002 (ISO 17799), 2006)
Wednesday, 15 December 2010
Security Auditing
Security auditing is not very appreciated process within any organization due to the fact that higher up people like managers would not like to have imposed any rules and due to the fact that they are not IT professionals it may be a bit difficult to explain why security is so important and why certain mechanisms should be implemented. On the other hand some businesses can appreciate the benefits from security auditing for instance when certain weaknesses are identified and countered or advise on better software or hardware is given to save that organization’s money.
The mechanism for security audit is hardly ever standard due to difference of environment between companies. Often techniques such as interview, vulnerability scans and observation/analyses of the logs etc are steps which security auditor undertakes Often the companies’ security policies and procedures need to be analyse not only to check if they may be an issue within those documents but also to base the analyses and mechanism of auditing on these policies. CAAT’s (Computer-Assigned audit Technologies) are utilities to generate system reports that store all the logs and configuration files and sometimes even monitor activities. I think that it’s very useful as the information can be very well formatted and display to an auditor without him going into specific directories/volumes or configuration files to get the information needed. Some of these tools actually have programmed patterns of for instance default configuration files which are being matched to the tested system configuration files and it flags the auditor when positive.
Considering auditor role as an investigator there are certain areas that are need to be checked for instance the way the passwords are generated or the way backups are stored often by asking all sorts of questions based on the auditors experience. I think the very important issue to observe is that some companies have got their own internal auditors/security consultant/officers which can help however to gain objective system audit an external auditor is a must. In many companies that is a way to check how the IT Department is developing and progressing for example the University of East London Dean’s assistants or so called management board may not be full of IT professionals so it may be difficult to judge the amount of work and progress the IT Department is doing, therefore by using an external auditor Dean or management board will receive the report on their achieved goals and aims for the next audit – if that is several visit of an auditor. That is normally the formal report produced few weeks after the audit takes place. Some institutions like Higher education or some government bodies have a law impose to make sure that externals audits are up to date and consistently maintained.
John Edwards. (2008). The Essential Guide to Security Audits. Available: http://www.itsecurity.com/features/security-audit-essentials-042908/#comments.
The mechanism for security audit is hardly ever standard due to difference of environment between companies. Often techniques such as interview, vulnerability scans and observation/analyses of the logs etc are steps which security auditor undertakes Often the companies’ security policies and procedures need to be analyse not only to check if they may be an issue within those documents but also to base the analyses and mechanism of auditing on these policies. CAAT’s (Computer-Assigned audit Technologies) are utilities to generate system reports that store all the logs and configuration files and sometimes even monitor activities. I think that it’s very useful as the information can be very well formatted and display to an auditor without him going into specific directories/volumes or configuration files to get the information needed. Some of these tools actually have programmed patterns of for instance default configuration files which are being matched to the tested system configuration files and it flags the auditor when positive.
Considering auditor role as an investigator there are certain areas that are need to be checked for instance the way the passwords are generated or the way backups are stored often by asking all sorts of questions based on the auditors experience. I think the very important issue to observe is that some companies have got their own internal auditors/security consultant/officers which can help however to gain objective system audit an external auditor is a must. In many companies that is a way to check how the IT Department is developing and progressing for example the University of East London Dean’s assistants or so called management board may not be full of IT professionals so it may be difficult to judge the amount of work and progress the IT Department is doing, therefore by using an external auditor Dean or management board will receive the report on their achieved goals and aims for the next audit – if that is several visit of an auditor. That is normally the formal report produced few weeks after the audit takes place. Some institutions like Higher education or some government bodies have a law impose to make sure that externals audits are up to date and consistently maintained.
John Edwards. (2008). The Essential Guide to Security Audits. Available: http://www.itsecurity.com/features/security-audit-essentials-042908/#comments.
Tuesday, 14 December 2010
Communication Security threats
Communication will always require a certain security due to the sensitivity of information being stored. Networking can be explained really simple; all we have to do is send information from point A to the point B, although there are many of complex processes carried out while the information is being transferred. As the information is being sent from A to B is forwarded using different routes using Routers, Switches, Access Points, Firewalls etc, therefore is even more difficult to secure it. There are many threats to communication security therefore I have listed the most important ones by my understanding and experience.
Main vulnerabilities are:
• Packet Sniffing – when an intruder listen to the network traffic and analyses the packets having a possibility to read our incoming and outgoing information using obscure protocols (eg.FTP) in Voice over IP protocol also known as eavesdropping.
• IP Spoofing – where an intruder sends the packets to our network and disguises himself as a trusted host (that we could have communicated with in the past) or in order to try Denial of Service attack so that the packets are reflected on the actual target.
• Password breaking – where there are many methods, brutal-force using rainbow tables or disguising as trusted entity sends requests to the target to confirm his username and password (also known as phishing).
• Man in the middle attack – it’s an attack where intruder attack someone who has already established a trusted communication with us, for instance subcontractor or another company we do business with, therefore because our network is too secure intruder attacks less secure network we have connection with.
• Denial of Service attack – occurs where intruder is sending extremely high amount of packets/information so that our network/server can’t handle it. Sometimes it may be caused by the number of users using certain services at the same time causing ‘legitimate’ denial of service.
• There are also all the other threats that affect communication security like spyware, malware ,viruses ,Trojans ,backdoors ,net boots and other malicious software all designed to interrupt the confidentiality of our information to retrieve it or destroy it.
• General vulnerabilities – operating systems bugs, protocol bugs, transfer medium failure, data storage failure and bad organised physical security (data centre doors wide open).
Microsoft. (2007). Common Security Threats. Available: http://technet.microsoft.com/en-us/library/bb964031%28office.12%29.aspx.
Main vulnerabilities are:
• Packet Sniffing – when an intruder listen to the network traffic and analyses the packets having a possibility to read our incoming and outgoing information using obscure protocols (eg.FTP) in Voice over IP protocol also known as eavesdropping.
• IP Spoofing – where an intruder sends the packets to our network and disguises himself as a trusted host (that we could have communicated with in the past) or in order to try Denial of Service attack so that the packets are reflected on the actual target.
• Password breaking – where there are many methods, brutal-force using rainbow tables or disguising as trusted entity sends requests to the target to confirm his username and password (also known as phishing).
• Man in the middle attack – it’s an attack where intruder attack someone who has already established a trusted communication with us, for instance subcontractor or another company we do business with, therefore because our network is too secure intruder attacks less secure network we have connection with.
• Denial of Service attack – occurs where intruder is sending extremely high amount of packets/information so that our network/server can’t handle it. Sometimes it may be caused by the number of users using certain services at the same time causing ‘legitimate’ denial of service.
• There are also all the other threats that affect communication security like spyware, malware ,viruses ,Trojans ,backdoors ,net boots and other malicious software all designed to interrupt the confidentiality of our information to retrieve it or destroy it.
• General vulnerabilities – operating systems bugs, protocol bugs, transfer medium failure, data storage failure and bad organised physical security (data centre doors wide open).
Microsoft. (2007). Common Security Threats. Available: http://technet.microsoft.com/en-us/library/bb964031%28office.12%29.aspx.
Monday, 8 November 2010
PS3 HDMI to DVI - connecting to Monitor
It's been quite long since I have first tried to hook up my PS3 to my 22 inch DGM l-2362wd Monitor. Most of the youtube videos and online guides will show you that if you purchase HDMI->DVI converter (about 20£) it's just a matter of plugging the leads. My experience was completely opposite! The truth is that PS3 HDMI->DVI requires HDCP monitor/tv if you are using the HDMI port for it to display. My monitor turns up to be the one odd without HDCP so I can forget about connecting PS3. The advantage is that it will help me focus on my studies and project. The good news is that currently each monitor comes with HDMI connection and you can get 22-24inch for less then a 150£!
Tuesday, 9 March 2010
0x00000024 error code - blue screen
If you see this code that means we are having the same problem.
That means that there is a problem with NTFS file system on your HDD.
No safe mode boot possible, keep blue screening.
I have tried to use the OS CD however it doesn’t detect the hard drive, Windows 7 CD would allow you to get into command prompt but there the story ends. I have taken the hard drive out and use the Magic Bridge II ( allows you to connect corrupted hard drive to another machine via USB) – HDD detected .. but even after formatting the volume and put it back to original machine is not being detected...All the hours spent on running diagnostic tools and searching for the right answer with no luck... My solution: If you haven’t got big budget issues – get a new HDD.
That means that there is a problem with NTFS file system on your HDD.
No safe mode boot possible, keep blue screening.
I have tried to use the OS CD however it doesn’t detect the hard drive, Windows 7 CD would allow you to get into command prompt but there the story ends. I have taken the hard drive out and use the Magic Bridge II ( allows you to connect corrupted hard drive to another machine via USB) – HDD detected .. but even after formatting the volume and put it back to original machine is not being detected...All the hours spent on running diagnostic tools and searching for the right answer with no luck... My solution: If you haven’t got big budget issues – get a new HDD.
Sunday, 7 March 2010
Marvell Libertas 802.11g/b Wireless driver Windows 7 issues
Moved here due to the copyright issues:
http://www.it-googled.com/shared/2011/09/marvell-libertas-802-11gb-wireless-driver-windows-7-issues-fixed/
It really works and it's quite hard to find the solution online.
Best.
http://www.it-googled.com/shared/2011/09/marvell-libertas-802-11gb-wireless-driver-windows-7-issues-fixed/
It really works and it's quite hard to find the solution online.
Best.
Subscribe to:
Posts (Atom)