The second installment of the Example Scenario series has just gone live.
Sanjay works in IT for BigNgo and has received an email from 2 different supporters claiming in quite direct language that admin@bigngo.org is sending them virus infected emails. Read on for the full investigation, risks and options for the future
It is not always possible or practical to immediately move to Ubuntu Linux or other alternative when you have work to do and deadlines to meet. So you are stuck with Windows for now? Read on for the basics of securing your Windows Desktop using Freely available Tools.
Windows Update
Windows Update your one stop shop for patching Windows Operating systems. If you are running Windows you need your operating system to be updated on a regular basis – as Microsoft are regularily releasing patches to fix the endless supply of new Security Vulnerabilities. Some of the newer versions of Windows allow patches to be applied automatically when available (beware of required reboots when this occurs).
Anti-Virus
There are many free antivirus programs available. Some are below par when it comes to updates and system resource usage.
A good choice would be Antivir Personal Edition, Avast Antivirus or AVG Free Edition. Another option is Clamwin based on Clamav is a promising Open Source project. Clamav was originally developed to be used in a Mail Server environment, now other projects such as Clamwin have brought it to the desktop.
Anti-Spyware
Ad-Aware SE Personal, is a good choice and doesnt have some of the bad press associated with Microsofts own Anti-Spyware Tool.
Firefox
The Firefox Web Browser will keep you secured from much of the spyware and other threats that are present when using Internet Explorer. Having said that vulnerabilities are present in Firefox and you need to check for updates on a regular basis. The latest version (Firefox 1.5) has an auto update feature.
Personal Firewall
A local firewall is a good choice, as this can provide another layer of security (Security Indepth). A firewall can protect your system from vulnerabilities for which there is not yet a patch available or patches that have not been applied. Rogue services and backdoors are also thwarted by a personal firewall. It is a good idea to understand what you are allowing in and out of your firewall before clicking on the “allow” option. Following the initial install you need will to go through a “tuning” process that configures your firewall policy.
A free and popular choice is Zone Alarm, other choices include Sygate Personal Firewall and Kerio Personal Firewall.
Conclusion
Using freely available tools and performing regular maintenance it is possible to have a secure and productive Windows Desktop. The main thing to remember is once you have the above tools installed and working, you need to be aware of what is happening and ensure all updates are being applied.
Slashdot have an item up for discussion relating to the “explosion” of cybercrime.
This won’t be going away anytime soon but its not all doom and gloom. Security awareness, appropriate software and some common sense will keep you secure.
Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI.
The idea behind this is pushing the boundaries of the myriad of “live cd” linux distributions. Open Source innovation at its best. Take this bootable cd with you. Where ever you go – boot up and enjoy the beneftis of an encrypted / anonymous internet connection.
Points of note:
* When you are on a public internet terminal (internet cafe’s) there is no way to be sure your key strokes are not being logged. You need to trust the operating system you are working is secure. You can use encryption to foil anyone listening to your network traffic but a key logger will break your security. Booting ELE will give you a massive increase in your level of confidence. Note: You are still vulnerable to a physical keylogger sitting on the computers keyboard or cable.
* Now as with everything there is caveat. You are now trusting ELE and the Tor network is secure. Think about it.
What is ELE?
ELE is a bootable Live CD Linux distribution with focus on privacy related software.
It is based on Damn Small Linux and aims to be (obviously) as small as possible. The first release was 65M, the current one 61M.
Takingitglobal have a well made portal with thousands of members from around the world – using the internet to communicate and work towards building a better world. The latest issue being covered is online security and safety.
The Internet has drastically changed our world. We talk to friends, research topics, buy products and send emails for work and leisure. Unfortunately, all this time we spend on the Web increases our chances of being targeted. Now, every cyber citizen must become “cyber smart” or face the consequences. From protecting your computer to protecting yourself, it’s all here. Do you know what you need to know?
Organisations need to aware of the potential for interest in the activities of the organisation by external parties and hence the need for secure communications and IT practices.
As always your situation and required level of paranoia is dependent on your work and situation. Regular reviews of current security posture and potential risks should be a part of any organisations policy.
Russia has moved to impose greater government control over charities and other non-governmental organisations, including some of the world’s most prominent, in what critics described as the Kremlin’s latest effort to stifle democracy.
Fact or fiction, propaganda or FUD, all that can be confirmed about this is that it makes an interesting read.
Security experts have revealed details about a group of Chinese hackers who are suspected of launching intelligence-gathering attacks against the U.S. government.
The hackers, believed to be based in the Chinese province of Guangdong, are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software.
Security experts lift lid on Chinese hack attacks | Tech News on ZDNet
The SANS Institute is a world class Security Training and Information resource. The latest Top 20 report has been released and as those familar with it will note the list has expanded and evolved.
If you are not technically minded then you might want to leave this one to your more technically inclined staff.
More coverage of net censorship and staying anonymous when publishing online. Be aware and be careful.
Here is a picture from the workshop on secure communications and anonymous blogging conducted by my colleague Ethan Zuckerman, Dmitri Vitaliev of Frontline Defenders, Wojtek Bogusz of the Tactical Technology Collaborative, and Nart Villeneuve of the Open Net Initiative. These guys are basically the dream geek team for free speech on line. They gave instructions in detail about how non-governmental organizations, human rights groups, and individuals trying to speak the truth under dangerous circumstances can secure their communications and data, and minimize the likelihood that people will get caught or arrested as a result of their work. The second part of the workshop was devoted to anonymous blogging.
Global Voices Online > WSIS: Circumventing censorship and staying safe
At ironcove.net we are trying to help non-profit and ngo worlds get some understanding and perspective on the threats and application of information security technologies.
To build awareness a number of real world example scenario’s are being put together in the hopes of highlighting points of weakness in an organisations security posture.
The intention is not to scare you away from technology but to build understanding of the issues so that solutions can be developed that are suitable for you and your organisation.
Sally has been travelling to a number of different countries interviewing people on the use of child labour in local factories as part of her organisations new project to highlight the practice. Read on for the full scenario.
