Tuesday, October 25, 2011

Take the quiz: Information Security in the Media

Information security is not a new trend. It has masqueraded for ages as a form of entertainment. In celebration of National Cyber Security Awareness Month, I have dug up some fun facts for your own amusement. Go ahead and test your knowledge!



1. Which famous author used a polyphonic substitution cipher in one of his or her short stories?

a. Edgar Allen Poe
b. Washington Irving
c. Stephen King
d. Virginia Woolf


2. What type of cipher did Ralphie use on his Code-O-Graph in A Christmas Story?

a. Transposition cipher
b. Simple cipher
c. Block cipher
d. Stream cipher


3. In 2001, a movie about hackers gaining access to a government slush fund in a counter-terrorism scheme hit the box office. The movie was named for a famously used password. What is the name of the movie/password?

a. Antitrust
b. Hackers
c. Swordfish
d. Takedown


4. Who was the famous hacker that went by the code name c0mrade?

a. Kevin Mitnick
b. Adrian Lamo
c. Kevin Poulsen
d. Jonathan James


5. What breakfast cereal contributed to the popularity of phone phreaking in the 1990’s because the toy whistle inside the box was tuned to the frequency of most AT&T phones?

a. Fruity Pebbles
b. Cap’n Crunch
c. Golden Grahams
d. Frosted Flakes


*Answers will appear in next week’s blog. Happy hunting!

Thursday, October 20, 2011

National Cyber Security Awareness Month



October 2011 has been designated as the National Cyber Security Awareness Month (NCSAM) for the eighth year running. It is a cooperative effort between the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). Their goal is to promote cyber safety by providing education and awareness to both public and private sectors.

So how can you get involved? NCSAM's motto is "Our Shared Responsibility", which means cyber security starts with you by protecting your own information. Google has started a "Good to Know" campaign that outlines a few simple steps you can take to create a strong defense. The campaign addresses many aspects of information security, such as phishing, malware, and mobile security. Check it out at Google's Good to Know campaign.

Another ongoing campaign that is more widely known is Stay Safe Online. It is a great resource center for a variety of communities, from educational institutions and law enforcement to businesses and individuals. If you have kids, you will definitely want to visit the cyberbullying page.

If you find yourself or someone you love a victim of any kind of security breach or harrassment, please don't hesitate to report it. While local law enforcement may be the obvious choice, a little-known reporting agency is the Internet Crime Complaint Center. The website is ran by the Federal Bureau of Investigations (FBI) and the National White Collar Crime Center (NW3C). It is specifically geared towards cyber crime, and may be better equipped to handle these sensitive situations.

October may be coming to an end, but cyber security is a year-round battle. Be ready for your attackers.

Wednesday, October 12, 2011

An Overview on Virtualization


How does virtualization work?
Virtualization is the practice of using software on a host computer to simulate a particular computing environment. It works by allowing processes to share system (particularly hardware) resources.
Three main types of virtualization are network, storage, and server. Network virtualization works by splitting bandwidth into channels. Storage virtualization combines physical storage from multiple sources into a centralized source. (What is Virtualization?, n.d.) Sever virtualization disguises the number and components of real servers from guest users by dividing and isolating virtual servers. (What is Server Virtualization?, n.d.)
All three types assign resources as needed rather than committing it to a particular device. The purpose is to free up available components while reducing costs.

What can virtualization be used for?
Virtualization is used for private cloud computing within a network. When a private network is joined to a public one, it creates a hybrid cloud. This method allows businesses to join forces, or for one business to manage internal and external data.
Virtualization on a private level can be used for running multiple operating systems on a single computer. One such method employs Parallels software. (Virtualization & Automation Solutions for Desktops, Servers, Hosting, SaaS – Parallels Optimized Computing, n.d.) Parallels is an application that allows a user to toggle between Windows and OSX (for example) without partitioning the hard drive. The Windows portion would be the virtual machine, sharing resources with OSX on the Macbook hard drive.

What are the security flaws?
Security flaws depend on the management of server configuration and operating system patching. If neither is actively maintained, it leaves a gap for attackers to plunge through. Active maintenance includes patching the hypervisor, following best practices in configuring the host/platform, securing transmissions, managing virtual switches for guests, and preventing malicious activity from the guest.
The best advice is to develop strong policies and procedures, follow best practices, and harden systems. (Shackleford, 2010)


Why is this issue becoming prevalent?
Virtualization is a growing industry because it provides businesses with a solution to consolidate resources; cut costs on hardware, maintenance, and personnel; plan seamless backup and routine maintenance; improve operational flexibility, and securely manage desktop environments.


 

References:
1.     "Virtualization & Automation Solutions for Desktops, Servers, Hosting, SaaS – Parallels Optimized Computing." Virtualization & Automation Solutions for Desktops, Servers, Hosting, SaaS – Parallels Optimized Computing. N.p., n.d. Web. 21 Dec. 2010. <http://www.parallels.com/>.
2.     Assessments, Dave Shackleford - Director of Security, SANS - Tuesday, and 9 March 2010.. "An introduction to virtualization security." Help Net Security. N.p., n.d. Web. 21 Dec. 2010. <http://www.net-security.org/article.php?id=1397&p=1>.
3.     " What is server virtualization? - Definition from Whatis.com ." Server Virtualization: Covering today's Server Virtualization topics . N.p., n.d. Web. 21 Dec. 2010. <http://searchservervirtualization.techtarget.com/sDefinition/0,,sid94_gci1032820,00.html>.
4.     " What is virtualization? - Definition from Whatis.com ." Server Virtualization: Covering today's Server Virtualization topics . N.p., n.d. Web. 21 Dec. 2010. <http://searchservervirtualization.techtarget.com/sDefinition/0,,sid94_gci499539,00.html>.

Saturday, October 8, 2011

What is a Buffer Overflow?


A buffer is a temporary data storage area that has a capacity limit. A person running several programs at one time needs the buffer zone to seamlessly process information before heading to its final storage area.
A buffer overflow happens when a program or process tries to store more data than the buffer can hold. The extra data is forced into other buffer zones, possibly corrupting the data already in there. Sometimes the buffer overflow is done intentionally, as in an attack. The buffer overflow works on the “last in, first out (LIFO) principle. The last string of data is the first string to be cut from the buffer and go into overflow. An example is below:


In this example, the program was written to accept 5 bytes in the “name” field. The buffer (small) can only hold two, moving the remaining 3 into the executable stack. Hackers take advantage of this by purposefully inserting malicious code at the end that they know will go into overflow. However, this is not always the case. Sometimes the C/C++ programming language often has errors caused by the limitations of the programmer. (Information Security, n..d.)
Fortunately, there are security features out there to detect and prevent this, such as Comodo Memory Firewall. (TechMixer, n.d.)
References:
1.     " What is buffer overflow? - Definition from Whatis.com ." Information Security: Covering today's security topics . N.p., n.d. Web. 19 Dec. 2010. <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549024,00.html>.
2.     " Prevent Buffer Overflow Attack with Comodo Memory Firewall." TechMixer | Review Software, Online services, Freeware and Others.. N.p., n.d. Web. 19 Dec. 2010. <http://www.techmixer.com/prevent-buffer-overflow-attack-with-comodo-memory-firewall/>.

Saturday, October 1, 2011

Protecting Folders on Mac OSX


Almost anyone concerned with securing their information is familiar with how to protect important documents, such as the "protect workbook" option built into Microsoft Excel. What happens when you want to protect the entire folder, and it is stored on a Mac? I can show you how in a few simple steps.
1.     Open Disk Utility, found in the Applications folder under “Utilities”
2.     Choose “New” from the File drop-down menu, and then “Disk Image from Folder” from the sub-menu
3.     Browse to where your folder is located, select it, and click “Image”
From here, a new window entitled “New Image from Folder" will pop up, like this:

4.     Choose read/write from the Image format drop-down menu if you want to be able to modify its contents later. Otherwise, compressed is fine. Also, you may choose to encrypt the folder. I recommend 128-bit AES encryption. Save this.
The Disk Utility will now create a disk image (.dmg) file on your desktop. It will prompt you to create a password, and by default will have the “Remember password in my keychain” box checked. This defeats the purpose of securing the folder, so I recommend unchecking it. If you click on the disk image to open it after saving the password in your keychain, it will display the contents without asking for a password.


5.     Click on “Ok”, and you now have a encrypted, password protected folder!
*On a final note, you may delete the original folder for security purposes. However, do so at your own risk.  Your keychain is not storing the password, so you must take care to remember it. The .dmg file may also become corrupted, with no access to the folder you wanted to secure. As mentioned in earlier posts, always back-up your information with a separate device or service!