• Network Security

    How to Identify and Prevent Web Scraping Bots?

    What are Web Scraping Bots? There are computer programs that automatically visit a website and copy information like content, price, etc. on some/all web pages and pass it on to its owners. These are web scraping bots and this data collected by them may be used to gain difficult-to-create content without much efforts or give stealers a competitive advantage. Besides, these ‘bad’ bots drain the server/connection resources of the websites they visit. What are some of the techniques used to identify and prevent Web Scraping Bots?  It is possible to analyze the IP addresses requesting access to a web page to find out if they are genuine readers or bots.…

    Comments Off on How to Identify and Prevent Web Scraping Bots?
  • Network Security

    Media Player Apps Can be used to Hack into a System?

    Check Point, in its recent blog post, has reported a vulnerability in existing media player apps like VLC, Kodi, etc. using which an attacker can try and take complete control over a user’s system – whether it is a PC, Smart TV or mobile phone. This attack uses subtitles downloaded by media players while playing movies, etc. When a user plays a movie through a media player app, sometimes they also choose to watch it along with subtitles. When they choose to download subtitles, the media player makes available various subtitles files in different formats in an order which it determines using ranking algorithms, etc. It is possible for a…

    Comments Off on Media Player Apps Can be used to Hack into a System?
  • Network Security

    Internal Network Segmentation Firewalls: What are these?

    What are Internal Network Segmentation Firewalls? Most firewalls are placed on the edge of the network, and with a good reason. But what happens once a threat/malicious code passes through into the network? Is it not a good idea to contain these threats within a small segment, instead of exposing all systems in the network? That’s why a new category of firewalls called Internal Network Segmentation Firewalls were created. Network Security Threats Today Threats can penetrate a network in multiple ways today. Employees and partners/guests have access to the internal network and they can wreak havoc, if they want. A lot of activity happens on the cloud server outside the…

    Comments Off on Internal Network Segmentation Firewalls: What are these?
  • Network Security

    What is DNSSEC and Why is it Required?

    DNSSEC (Domain Name Systems Security Extensions) is a set of protocols added to the DNS protocol to enhance security. It serves the following main functions – Authenticates and certifies that the DNS data has originated from where it claims to have come from (authoritative source). Checks to ensure DNS data/responses are not modified on the way. When there is no data for a query, authoritative info can be provided to prove the same. As you may know, DNS system is similar to address/phone numbers, and it helps locate a particular system/website in a vast network. DNS servers can be public (ISP, Google DNS, etc.) or private (owned by a company). Roughly,…

    Comments Off on What is DNSSEC and Why is it Required?
  • Network Security

    Ransomware – An Introduction

    What is Ransomware? Ransomware is a malware/malicious software program designed to block or disable access to the data your computer. The program displays a full-screen message on your screen claiming all files/programs have been blocked or encrypted. It demands a ransom, to be paid within a specific time, in order to decrypt/restore access. How does Ransomware get into a Computer? The process is similar to how a virus or malware gets into a computer: Email messages claiming to contain important attachments, drive by download — from websites or even ads that seem to offer valuable/illegal stuff for free, fake antivirus/anti-malware downloads, fake updates for popular programs, social engineering methods, friends…

    Comments Off on Ransomware – An Introduction
  • Network Security

    Network Sandbox: Handle Zero-day Attacks & Unknown Malware

    Network Sandbox is a technology that enables organizations to analyze, identify and block zero-day attacks and unknown malware, even before a signature is created for them. Most protection methods depend on signatures and hence may not be able to catch newer types of malware. A network sandbox is a safe and isolated environment that is on the constant lookout for executable files and other file types (pdf, MS Office, zip, etc.) that enter the network. Malicious code in these files are commonly used by attackers to drop malware, or connect to sources hosting the malware, to penetrate the systems of an organization. These suspicious files, that have passed successfully through other…

    Comments Off on Network Sandbox: Handle Zero-day Attacks & Unknown Malware
  • Network Security

    Encrypted RDP for Non-Mobile Worker Remote Access?

    When we think of remote access, we think of VPN. But is VPN the only option? Why not use encrypted RDP, especially for giving temporary remote access to non-mobile workers? VPN is Virtual Private Network where remote computer connects to the private network of a company over the Internet through an encrypted connection. RDP is Remote Desktop Protocol that emulates the graphical interface of the remote computer it connects to and gives access to all its resources. Non-mobile workers may need temporary access to their office computer during snow storms, cyclone, children unwell at home, problems with car, unplanned holidays, etc. Is VPN the only choice to allow these workers…

  • Network Security

    Public Cloud: What Security Can your Business Expect?

    Security concerns are often cited as a reason for not hosting enterprise applications/data on the public cloud. In this post, let’s have a glimpse at the level of security offered by AWS, a prominent Public Cloud provider, for hosting business applications & data. This is just a brief overview of important aspects of Cloud security offered by this vendor. For a fuller understanding, download and read the entire document (pdf). Whose Responsibility is Security on the Cloud — Cloud Provider or Customer? On the Public Cloud, security responsibility is shared between the cloud service provider and the customer. With managed services, the security responsibility is lesser for the customer as…

    Comments Off on Public Cloud: What Security Can your Business Expect?
  • Network Security

    Book Review: Malware, Rootkits & Botnets – A Beginner’s Guide

    Malware, Rootkits & Botnets – A Beginner’s Guide, written by Christopher C. Elisan, offers a good introduction to information security. Written in a simple language, this book should be useful to students who want to get into the network security field, outsiders who want a peek into the infosec industry, and beginners in the field who want an overview. If you have some experience in the field, I don’t think this book offers detailed technical information on network security that you might expect. This book gives an introduction to topics like History of Malware, Rootkits, Botnets, Advanced Persistent Threats, Malware Factory, Infection Vectors, Malware Control Mechanism, Detecting Threats, Mitigating Threats,…

    Comments Off on Book Review: Malware, Rootkits & Botnets – A Beginner’s Guide
  • Network Security

    Penetration Testing – An Introduction

    Penetration Testing is the name given to methodologies used to test networks, applications, and even people, for security holes. It is done by trained professionals who identify security vulnerabilities in the IT Systems of an organization, in order to eliminate them before hackers or unauthorized users exploit them. In other words, for penetration testing, you employ a skilled (ethical) hacker to try to break your security systems to check how secure they are. This enables you to identify potential security threats & fix them early, save money, prevent lost data/reputation loss/litigation expenses, etc. Penetration Testing also provides a good case for security investments and up-gradations. There are three main types of penetration…

    Comments Off on Penetration Testing – An Introduction
  • Network Security

    A Honeypot can be used as a Network Security tool

    What is a honeypot? A honeypot is an isolated and vulnerable system that is deliberately kept in the network in order to attract attackers, study their method of attacks and protect the actual systems from being attacked. When used properly, honeypots can be part of an effective network security strategy of any big company. If you haven’t tried using a honeypot in your company, you should. A honeypot can either be an emulator (software that emulates OS, applications and vulnerabilities) or it can be a system with real OS and applications installed in it. A honeypot can be created by using just one computer/server or a network of several systems.…

  • Network Security

    Flame Virus (Worm) – Some good resources to read to know more

    Many of us might be familiar with Stuxnet, a major worm that was discovered in the Iranian nuclear facility. More recently the news about another major worm called Flame discovered in Iranian oil companies has hit the headlines. While Stuxnet was about 500 KB in size, the new worm is around 20 MB when all its modules and libraries are installed in a system. Let us find out what makes the Flame virus (worm) a part of the newly developing trend of cyber warfare. Links to some major news sources where you can read more about Flame are also included in this article. What are the reported capabilities of Flame…

    Comments Off on Flame Virus (Worm) – Some good resources to read to know more
  • Network Security

    Computer and Network Forensics – An Introduction

    Computer/Network Forensics is about finding out and collecting information about an online attack/security breach and presenting it in a way that is permissible in a court of law. Should IT managers be concerned about Computer Forensics? Yes, they should. Tracing and preventing an attack from harming an organizational network is one of their objectives. Though UTM/IPS systems can secure the network to a certain extent, in some situations it is required to trace out and identify the real identity of the attacker, and bring them to justice. That way, repeated attacks by a particular attacker can be stopped. IT managers/Network administrators might be surprised at the amount of information that…

    Comments Off on Computer and Network Forensics – An Introduction
  • Network Security

    What can Spyware do and How can one Protect against Spyware?

    In the Internet era, one doesn’t have to physically access a phone line to tap communications and spy on others. They just need to incite someone to install a piece of software (called spyware) and can monitor their communications from a remote location. Online communications have taken so many forms these days and you might be surprised to know just how many forms of such online communications can be monitored by spyware. Let us also look at some precautions that can be taken by online users in order to protect themselves from spyware. What is Spyware? If a piece of software gets installed in your computer either with your consent…