/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us| Newsflash: The president gets five threatening emails Newsflash: Credit card numbers and other personal information peddling for less than a dollar a record Newsflash: Information stealing Trojan poses as Microsoft Windows patch Newsflash: Russia filters Internet traffic from Georgia Newsflash: Google Earth being misused by militants in Gaza strip to launch attacks on Israel Newsflash: HSBC loses disk containing details of around 400,000 customers |
News like above is enough to send shivers down anyone's spine, be it an
enterprise, individual, or the govt. But alas, it's all true. Increasingly, the
news headlines everywhere are getting filled with security incidents that are
more focused and malicious. It's no longer about a script-kiddie breaking into
an organization's server just for kicks or to hack a website just to leave a
funny message there. Security incidents the world over are being committed with
a very clear and malicious objective, which could be financial gain, plan for a
terrorist attack, or propaganda. In other words, security threats have really
changed and taken a much more gruesome shape than you could ever imagine. It
will only get worse in the future, so you have to be ready for it.
Today, terror is everywhere, and there's a dire need to combat it at all levels.
This special story from PCQuest will focus on various aspects of security,
strategies to adopt, and tools to combat it. We'll focus on different kinds of
security threats for different types of audience, along with the strategies and
tools to combat them. We'll look at cyber-terrorism, what it means for different
people, and how to combat it.
/pcq/media/post_attachments/a876869f0aa5d122d5fce42692f6b06a3fd9eac282f30718fa71572dfd12df3f.jpg) |
Just how vulnerable you are
Security incidents are different for different parts of the society, so measures
taken to safeguard against them also have to be different. For enterprises,
security could mean protecting critical information from getting stolen or
preventing a virus from causing significant downtime. For an individual,
security could mean preventing loss of personal information like credit card or
bank account details. For the govt, security could mean ensuring that national
secrets are well-guarded, senior leaders are protected, and citizens are safe.
But before you can do that, you have to first understand the nature of security
threats that you're most vulnerable to.
Enterprise security trends
If you feel your IT infrastructure is safe from any kind of security breaches,
well think again. That's because there's no such thing as a boundary for your
organization's network anymore, thanks to the growing number of mobile users and
Internet based applications. Your users will need access to your network from
everywhere, be it a hotel, cyber café, airport, or railway station. They will
access it from all sorts of networks, putting far more stress on your network
than ever before.
There are many more entries to watch in the organization, many more end
points to secure, and a lot more sensitivity towards protecting information
theft.
The other key trend is that security threats are no longer being carried out
by college pass-outs wanting to bring down a website or portal just for kicks.
Security attacks have now become more serious, and they're being conducted by
people with a criminal bent of mind for information theft, financial gain, or
other malicious reasons.
There is of course, more malware than ever before. In fact, the amount of
malware created last year was more than the combination of all malware ever
created till date. This clearly indicates that with increasing penetration of
the Internet, both the good as well as bad guys have better connectivity and
reach.
/pcq/media/post_attachments/f9c11729ee296559da9872572fd5ebd6c94787ffe6001aea4206a73a2fb0c6ea.jpg) |
Last key trend in enterprise security is that today the focus of security
threats is not just on the infrastructure. It's also on stealing information. So
organizations must go beyond setting up firewalls, anti-virus, and anti-spam
software.
Consumer security trends
If you think you're safe from prying eyes on the Internet, think again. Today,
there are more bank accounts, credit cards and personal information available
for purchase on the Internet than ever before, and you'll be shocked at the
prices they sell them for (see table on previous page). Each record could be
available for less than a dollar if purchased in bulk. Premium accounts, with
higher bank balance or credit limit sell at higher prices.
| Email tracing of Ahmedabad blasts |
| How Cyberoam and their technical support team helped to trace and identify the IP Address of Waghodia Dental Institute , Vadodara after the Ahmedabad bomb blast. 1. An email is sent 2. A Cyberoam device is installed at the institute. The support 3. The device is able to tell which websites were surfed at the time when 4. From the websites, IP addresses of the same range were matched. 5. Finally the website is identified: abdultaiyeb.com. This was a web 6. With the help of these reports, the IP Address of the computer from |
Credit card details can be stolen during online or offline transactions.
Online, you might land up on a fake site, which cons you into shelving out the
details. Or there could be an information stealing Trojan sitting on your
machine. Offline, your credit card could get cloned at a restaurant or any other
place. For instance, there are tiny credit card reading machines available,
which a person could simply swipe your card on before swiping it on the actual
terminal. And you thought that giving your credit card to the waiter in your
favorite restaurant was safe!
Web 2.0 has been a boon for everyone, but it could become a bane if you're
not careful. Just as you have access to so much information on the web, and so
many social networking sites to interact on, so do the bad guys. So we all
obviously know what that means! They can coordinate better and react more
quickly to vulnerabilities.So while you're busy watching that YouTube video, a
Trojan might be quietly be installing itself in your system, and bringing along
its other friends like keyloggers, bots, etc. Rest as they say, is history.
We all know the story of phishing emails pointing you to a fake website to
extract your personal information. But now, things are taking a different turn.
To take an example, suppose you receive an email pointing you to an
'interesting' website from where you could download some 'hot' pictures of a
known celeb. But along with the picture, you end up downloading certain file
infectors. These can then use your precious bandwidth to launch a deadly Denial
of Service attack on other websites. So guess who'll get caught for doing this
attack? You of course!
Incidentally, what that means is that it's not just bank sites that are bieng
faked. Any site that's not been hardened against vulnerabilities could get
infected, causing you to download Trojans.
Anil Chopra, Anindya Roy, Swapnil Arora, Isha Gakhar