When a piece of information is crucial and can cause serious damage to the national security can be considered classified information. Based on the severity of the damage, classified information can be categorized as top secret (if leaked can cause highest level of damage), secret and confidential (will not cause significant damage if confidential information get leaked). [Read more…]
What is Google Analytics? In short Google analytics is a website statistics tracking tool that you can use to track how your users are interacting with your WebPages such as which pages are being visited the most and where the visitors came from or what keywords he used to find your pages.
Who should use Google Analytics? IT professionals( both in operation and security) involved in managing websites for business purposes can be hugely benefited using analytic type of tools for analysis and monitoring how outside world is interacting with their sites or blogs. Since Google analytics is a free service offered by Google, anyone with a website can use it to track his web visitors’ behavior. If you want to implement analytics in your website you can find useful information at: analytics.google.com [Read more…]
With every update, WordPress improves its security capabilities and fix the vulnerabilities. As you know that the default configuration is always risky. To secure a site you always need to customize your security settings, which means apply the best security practices for your blogging platform. If you are a new WordPress user, you might go through a steep learning curve before you become concern about security. We humans do not try to learn things unless you need it or love it -everybody thinks about user experience. However, nobody trusts a site that get hacked frequently. This post you will illustrate you how to apply the WordPress security settings and practices to make your site secured. You can easily implement the following instructions from your cPanel, Plesk or any other control panels.
- Always create an administrative account for blog management, and another editing account (with posting privilege only) to add post in your blog
- By default WordPress use the path www.yourwebiste.com/wp-admin.php to login to your blog. Since the attackers are aware of this you can rename this path by using a plug-in called stealth login. This is an excellent way to prevent automated attack against your blog. Though there are plugins in place to modify the login page, but it is better and more effective if you can change your login page with htaccess. Remember that Modification of htaccess file is not advisable for the beginners. [Read more…]
Since router is the key to access an organization’s network from the outside world, the maximum security priority should be given to routers that are connected to the Internet and to the important application servers. ISO-27001 has already defined standard router security checklist, which any organization can use to improve their router securities. This post aims to familiarize you with some critical router security checklist so that you can have an in-depth and clear understanding of router security standards.
The version of IIS is all about its modules and functions. If you are just learning IIS then before reading this article, it is better to take a closer look at the IIS manger on your server and then go through the following instructions. To secure your IIS server you need to put some extra care to the following settings of IIS server
- IIS authentication
- IPv4 and domain rules
- ISAPI and CGI
- Filtering request
- Configuration to shared hosting sites
- Authorize the URLs in your server [Read more…]
As you know that in a Windows based domain system, active directory is the central management tool that provides access controls to users to the servers or to use any services offered by any specific servers. So, security in Windows based infrastructure should start with securing the active directory. Though most of the part of securing an active directory process focus on security settings of the server, but there are some other components in a network environment – DNS, File server etc. – that also play a vital role when we consider about securing an active directory based environment. More or less, you need to know and test the following settings to check up how secure active directory configuration are windows server configurations and the services.
The purpose of the Linux security checklist is to help the Linux users, entry-level, to become familiar with the most common security vulnerability of Linux operations systems. As you know security checking needs to be verified against well established practices, the following steps are necessary to following before starting your Linux security checking.
- Version number of Linux
- How many users use the OS?
- How many applications are running in your server?
- What are the active services?
- If your sever physically secured
- Whether modification in Linux configuration needs to go through authorization from senior management
- What is your backup plan?
- If there is any antivirus software running
- Check the access control list of the routers and firewalls, if any, directly connected to your server
- Do not use Telnet and FTP since both transmit unencrypted text. Instead use SSH and SFTP for secure connection with other servers or networks.
- Power supply unit to your Linux server? Is there any emergency power supply?
- Temperature and environmental control of the server room. [Read more…]
Securing MySQL requires not only hardening the security configuration of your database itself but also the web server along with the operating system. As you know that most of the web hosting provider love Linux and Apache as part of their web-hosting solution, you need to make sure that your host is taking proper security measures to ensure tighter control of Apache and OS. Your main task will be to perform a few simple tasks or test on your MySQL to remove all the known and easy-to-solve security vulnerabilities of your database. And the good news is that if you are new website owner and reluctant to learn some basic SQL tricks to, then also you can fix the basic security settings of your database from PhPMySQLadmin interface of your Cpanel.
Unless you are hosting your website on your own server in your own premise, you should let the task of Apache and OS security setting to your hosting provider. Now, checkout the following steps required for MySQL security: [Read more…]
Without paying proper attention to the physical security of information asset your IT assets and infrastructure are always under security threats from known or unknown sources or from accidental hazards. An IT security manager or designer will always need to pay equal or even more attention to ensure that his all the information assets are physically secured. It is not necessary that all the physical security risk to IT assets can be only from physical break into the IT server or assets room, but there are major risk related to environmental risks such as fire. To control the physical security of all IT assets you need to identify all the assets that you consider sensitive and important for your organization. The physical security of IT assets can be broadly categorized based on the following criteria:
1. Security of Asset Location
2. Human access control to the security room
3. Environtal control
Security of asset location
The location of the information asset room need to physical secured. It is always a good practice not to disclose the location of your server room to public. The lesser people know about the location of your server room the better. First of all, you need to make sure that there one entry to your server room including one emergency exit door. Secondly, the entrance of the access door should not be directly visible to the location of your office where the majority of the officials work. Thirdly, before the main access door there should be another small door or space to reduce the risk of piggy backing.
Human access control
Before entering the server room all the personal need to be authorized to enter the room-there can be an exception to the daily maintenance team. But it is better to have the presence of a supervisor when maintence works are carried out. All the personals need to be physically verified and must carry an identity card, if possible implement digital access control or any biometric access control. The security person before the access room must be present always and they there may be a pool of security guards who will be only duty so as they can be familiar with the faces entering the room on regular basis. Finally, there should be close circuit camera both in and outside of the asset room and you need to make sure the access to the digital recording devices are properly monitored and logged.
Environmental security control
You need to make sure that all the equipment installed inside the server rooms are being auditor regularly. Make sure there are at least two emergency power-off switches for the server room itself-one inside and the other outside the room. All the electrical wiring should be placed inside fire-resistance panels and if there are any office desk or cabinets, then use only those equipments made of fire-resistance materials. Any kind of food intake must be strictly prohibited in the server room
The foundation of safer browsing experience depends on how much secure your web browser is. When you install any web browser such as Internet Explorer, you get a default security setting, which may not be suitable for your web privacy and data integrity.This article aims to help you to learn a few useful security tips of Microsoft IE 9. With the new Internet explorer version 9 you can enjoy safe browsing experience with faster surfing speed. If you want to enable these security features on your Internet explorer you have to learn how to change a couple of security setting s on your browser. In case you do not have downloaded IE 9 then you can do so by going at Microsoft’s official site for Internet Explorer download.
Now let’s see how you can change the security setting of your Internet browser and what the benefits of it are. The following are the security benefits:
- Active X control
- Smart screen filtering
- In private browsing
- Tracking protection
- Privacy Settings [Read more…]
Whether you are new Gmail User or not, one thing is true that you don’t like to lose your privacy or don’t want to your email security be compromised by any third party or by your business competitors. For making sure that your Gmail account is fully secure and no one is snooping your private emails, you need to follow several steps which are also recommended by Gmail Security team.
- Make sure your computer has anti-virus or Internet security software installed and updated including the virus databases, spam protection tools etc.
- Check if your operating system has been updated with the latest release of the software provider. If you are a Windows user, then click on “My Computer”, then right click on it and select the “properties” and then click on “Windows Update”.
- You might be using Adobe, Windows Office, and Java. Make sure all these softwares are updated online on regular basis.
- Regularly update your browser. Check for updates at least once in a month. For example if you are a Firefox user, then click on the help menu on your browser and then click on “check for updates…)
- Avoid downloading Browser extensions and plugins. These extension softwares are basically third party software which give some extra functionality to your browser. For instance, many use email alert extension in browser. There is no guarantee that these extension codes do not have any hidden code that might compromise your browser security. [Read more…]
The major threats a computer user may expect are – the damage of his stored data or software and stealing of confidential information. A computer can get infected with malicious programs like virus, Trojan, crimeware, spyware, malware or anything else, but the main challenge in front of you is to keep your all the data safe and also to keep your confidential information private while you are online. Before you going online, have you ever thought that your every keystrokes is being tracked by a small code hidden in your laptop or your every online transaction with credit card are being screen shots by a spy software and sending all those confidential data to a cyber criminal sitting back miles away from your town. A malicious code even open a secret door (backdoor) to a rouge person to enter your computer when you go online. As you know that, every disease has its treatment, the same way every malicious code can be identified and tracked before it because any damage to your computer and it can only be done once you have Internet security or at least an updated antivirus solution.
Therefore, a computer user need to be concerned with safety and privacy of all his logical assents-software, database, emails, operations system. In addition, the good news is an average user can be quite efficient in keeping his computing environment safe and sound, if he follow a few guidelines and maintains a few instructions on regular basis. The following are very important steps that you may follow on regular basis and can ensure a great level of computer safety.
- Use Internet security solutions or at least keep good antivirus software
- Always keep updated your antivirus and Internet security software. Though this sounds like a very ordinary task, yet it is one of the most important tasks that many forget to do regularly. It is advisable to keep your antivirus software in auto-update mode.
- Keep your operating system updated. For example if you are Windows user then , right click on “My Computer”, select “properties” and then select “Automatic Updates” tab, click on “Automatic and then click on the “apply button” [Read more…]
Much small-scale business does not use firewall as their first line of defense any web attacks to their internal network. Instead, they use a router between the Internet and Internal network to control incoming and outgoing traffic flow- this type of use of router is known as screening router. In fact, configuring ACLs inside a router can be a viable and effective solution to deny any incoming malicious packets to your LAN. If you have to test one such type of network router that is used a screening router, then you have to identify the type of router and its features. List all the ACL policy and the types of data packets that are permitted to enter your network. What are the router responses to various types of incoming traffic? Finally list all the live systems The following are the list of activity the you have to perform to test a screening router
1. Identify router type
2. List NAT, if there is any
3. Use TTL setting test by using port scanning
4. Test all the ACLs in the router
5. Verify if the address spoofing is being detected by the router
6. Test inverse scanning
7. If the router is filtering local traffic(egress filtering)
8. How the router is handling small size packets
9. How over-sized packets are being handled in the router
10. How router responding to overlapped packets. Normally overlapped fragments are used in TEARDROP attack.