As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

Viruses and Worms

The computer virus is now over 20 years old, but it’s still causing havoc in its various incarnations. Viruses are programs that surreptitiously install themselves on computers and replicate by attaching themselves to other programs or files. In the 80s, they copied themselves from disk to disk. Now, they email themselves with alluring subject lines designed to persuade recipients to open the email and the attachment, exposing the user to the virus. Worms are like viruses except that they spread without needing a host file, sometimes by exploiting bugs in software to ensure they are executed.

Over the years, some viruses have had a destructive payload – wiping data – and others have just annoyed users with irritating messages. Now criminal gangs are exploiting them to take ownership of machines so they can be used for spamming, and to spy on computer owners and steal their financial information. For that reason, viruses are working harder to remain hidden. Today, the first symptom of an infection could be an empty bank account. To protect yourself, install antivirus software that prevents installation, scans all incoming and outgoing data and regularly scans your computer. Don’t open unsolicited attachments, even if they appear to come from someone you know. Persuade your friends to use antivirus software too: many of the threats that are still running wild have been preventable for years and can only spread because users don’t protect their computers.  (See Managed Services Approach)

Trojans

The wooden horse of Troy has inspired the naming of another class of threats. In the same way that the Trojans brought a wooden horse full of enemy fighters into their armored compound, victims of computer trojans will deliberately run a program they’ve downloaded or received. It might be legitimate software that’s been tampered with, or it might be a trivial application designed to hide its true purpose. Trojans will often open a backdoor on the computer so that all its data and resources can by used by a hacker. In other cases, trojans will be used to install mass mailing software so that exploited computers can be used to send spam. To protect yourself from trojans, only run software from trusted sources and scan your computer regularly with reputable internet security software.  (See Managed Services Approach)

Spam

Because email is cheap to send, it’s abused by shabby businesses trying to make a quick buck. Network management company Ipswitch estimates that 70% of all email received is spam, or unwanted advertising. Spam clogs up the internet, increasing the costs to ISPs and end customers of handling email. A good first defense is not to give out your email address, although this is imperfect because spammers often target addresses they make up in the hope of finding a new address. If you do give out your address, look for guarantees it won’t be used for advertising or shared with others first. By using a spam filter, you can screen out messages and make it easier to identify genuine messages from friends, family and organizations you do want to hear from. The filters can be configured to understand what you consider to be unwanted mail. Above all, never buy anything from or act on an unsolicited email. If spam wasn’t profitable, spammers would crawl back under their rock overnight.  (See Managed Services Approach)

Phishing

Phishing is a type of spam that attempts to con people into parting with their security credentials for a financial services or e-commerce website. Ipswitch says it’s the second most common type of spam, after mails punting medication. In a phishing attack, a bulk email is sent that claims to come from a major bank or business organization, usually asking people to log in to verify their accounts. The login links in the email go to a spoof website, set up to gather identities and passwords so they can be used to empty the real bank accounts or trade on the victim’s credit. A first line of defense is to use spam filters to weed out phishing emails where possible. To avoid being duped, do not follow links in emails purporting to come from financial organizations. Most banks will advise you to open a fresh browser session and type their URL into the address bar instead. Leading banks and Ebay provide a secure messaging area so you don’t have to use email.  (See Managed Services Approach)

Packet Sniffers

Packet sniffers eavesdrop on data as it passes through a network, looking out for useful tidbits such as passwords and credit card numbers. One of the greatest risks now is at Wi-Fi hotspots, where people often use a hotspot without knowing who owns or operates it. The internet’s design, where data is bounced around between nodes until it reaches its destination, makes this threat impossible to eliminate. To protect yourself, use software that encrypts your connection to the internet, so that any data that is intercepted cannot be read by anybody in the middle of the network. If sending important data by email, encrypt the attachment and/or message first. Otherwise, don’t write anything on email that you wouldn’t want to see in tomorrow’s newspaper beside your photograph.  (See Managed Services Approach)

Port Sniffers

Port sniffers look for computers connected to the internet that they can attack. To protect yourself, install a good firewall that filters all traffic going to and from the internet and blocks all unsolicited connection requests.  (See Managed Services Approach)

Maliciously Coded Websites

The web was designed to be a safe environment, with even the animation and programming plug-ins working in a sandbox without access to any data on the machine. But sometimes bugs are discovered in browsers that make computers vulnerable to maliciously coded websites. Sometimes these will exploit browser bugs to install spyware or to install a backdoor so that data can be stolen from a machine. To protect yourself, keep your browser software and any plug-ins up-to-date. Use a good firewall to manage all traffic going between your computer and the internet too.  (See Managed Services Approach)

Spyware

They say there’s no such thing as a free lunch, and online is no exception. Some free software programs are bundled with spyware, which monitors your activity - usually to direct advertising at you. It can clog up your computer as well as wasting your time by force feeding you adverts or diverting you away from websites you want to visit. To protect yourself from spyware, only install software from reputable sources and use antispyware software to prevent installation and to regularly scan for any spyware that slips through.  (See Managed Services Approach)

Shared Computers

In cybercafés and libraries you need to keep an eye out for who’s looking over your shoulder and make sure that you don’t leave any of your accounts logged in. But that’s not the only place you might want privacy. If you share a PC at home, health information, finance data and even Christmas or birthday shopping bookmarks might be something you’d rather keep to yourself. By password protecting bookmarks and using a reliable tool to clean your browsing history, you can protect your privacy. And maybe keep a few gift surprises along the way! 

Web Surfer Profiling

With only a handful of companies providing most of the adverts you see online, it’s possible for those companies to build up a picture of the range and the nature of the websites you visit. Indeed, Microsoft now sells packages where advertisers can target users by gender, age, and household income. Its categories of profiled users include expectant mums, parents and homebuyers. What if somebody in the office looks over your shoulder when you’re shown a job ad because an advertising network that’s been spying on you believes you’re job hunting? Using a proxy server, you can have all your data requests directed through a third party server and have your cookies filtered so that none of the companies you visit or are exposed to online can build up a profile of you.  (See Managed Services Approach)

Hardware Loss

People often back up their data in case their computer or USB key is lost or stolen. But they tend to forget the privacy implications of their data being out in the wild. A recent survey found that 64% of people would worry more about the privacy of their personal data than the cost of the hardware if their computer was stolen, but that only 12% use encryption to ensure their data is protected even if their computer falls into the wrong hands. Encryption software is now available off the shelf using the same high standard of encryption that the US government considers good enough to protect ‘Top Secret’ data. By encrypting your data, you can be sure that wherever it goes, it will remain private and can only be read by those who have been authorized by being given a copy of the password.  (See Managed Services Approach)

Residual Data Fragments

Just because you’ve wiped a file, doesn’t mean it’s no longer there. Data from files that have been deleted often remains in empty space on the disk and can be recovered using specialized tools. Surveys regularly find that second hand hard drives still have traces of the original owner’s financial data on them. To ensure that any data you want to dispose of is irrevocably wiped, use shredder software that overwrites it multiple times so that it cannot be recovered.