Regulatory
Compliance
(Submit an Article)
HIPPA (Health Insurance Portability and Accountability
Act)
(From Network Intelligence,
www.network-intelligence.com)
HIPAA (Health Insurance Portability and
Accountability Act) is comprehensive legislation that governs privacy,
security, and electronic transactions of health care information. Under the
rule, patients now have significant rights to understand and control how
their health information is used, and healthcare providers -- particularly
network administrators and privacy officers -- are required to provide an
explanation of how they comply with the new privacy regulations.
HIPAA’s standards and regulations are cast in general
terms, and can be reviewed in their entirety in HIPAA’s Security Matrix. The
Matrix describes what must be done, but not the manner in which it should be
done. The burden of proof - interpreting and documenting compliance -- falls
upon the network administrator. In general, health care professionals choose
to exceed minimum standards and turn to solutions that are regarded as best
practices.
ISO 17799
(From Network Intelligence,
www.network-intelligence.com)
ISO 17799 Part 1 is intended to serve as a single
reference point for identifying the range of controls needed for information
systems used in industry and commerce. It is recommended that ISO 17799 be
adopted by large, medium and small organizations. The standard stems from an
original publication in 1993, from the DTI (Department of Trade and
Industry) in the UK. The original publication became BS 7799 in 1995 and ISO
17799 in December 2000. ISO 17799 requires processes to ensure that the
security controls for a system are fully commensurate with its risks. This
embraces the study of relevant threats, vulnerabilities, controls in place
and of course potential impacts. Under ISO 17799 you cannot afford to be
complacent about security event management.
You should have a system for: Monitoring access to your
systems. Retaining the integrity of unaltered logs. Establishing sufficient
audit trails to address threats or problems. Reporting material events to
both upper management and your board of directors.
GLBA (Gramm Leach Bliley Act)
(From Network Intelligence,
www.network-intelligence.com)
The Gramm Leach Bliley Act (GLBA) is a
comprehensive law requiring financial institutions to protect the security,
integrity, and confidentiality of consumer information. Historically
financial institutions have been more security conscious than other
industries, but GLBA requires a higher level of security awareness and
understanding.
GLBA affects an extremely wide range of organizations
including banking institutions, insurance companies, securities firms, tax
preparers, and credit card companies. All federally insured financial
institutions must demonstrate enterprise-wide compliance by July 2002. After
July 2002, the regulatory agencies will examine for full compliance on an
ongoing basis.
Depending upon the financial institutions’ supervisory
authority, GLBA compliance audits are conducted by either the Office of the
Comptroller of the Currency (OCC), the Federal Reserve Systems (Fed), the
Federal Deposit Insurance Corporation (FDIC), or the Office of Thrift
Supervision (OTS).
General
5 Ways To Button Up Internet
Explorer (TechWeb)
07/21/06
Button up Internet Explorer? Is that laughter we hear?
After all, the technigentsia have long proclaimed that
mentioning "IE" and "security" in the same breath is akin to oxymorons like
"jumbo shrimp," "friendly fire," and "priceless junk."
But nearly 80 percent of the world's surfers use IE. They
can't all be dim.
They're not, and neither is Microsoft, which after five
years of resting on the laurels, so to speak, of IE 6, is updating the
browser to version 7, both for Windows XP as well as for the upcoming
Windows Vista. IE 7, promises Microsoft is more secure, and safer to use
than the problem plagued earlier editions.
As in last week's "5 Ways to Bulletproof Firefox," we
sniffed out five tools for Internet Explorer that lock down the browser and
help make online time safe time (or at least safer).
[Click here for Full Article]
5 Tools To Bulletproof
Firefox (TechWeb)
07/14/06
Spyware, adware, drive-by downloads, phish blitzes,
malware of all stripes, they all have one thing in common: they reach your
computer through the wide open door that is your browser.
If the most important step you can take to secure your
system is to use a secure browser -- advice held by everyone apparently,
including Microsoft, which is working feverishly on IE 7 to close the
years'-long security gap it created by not keeping the app up to date --
then the second step is to lock down the browser beyond what it offers out
of the box, and/or learn how to use the security tools it does provide.
Firefox, which recently regained some of its market share
momentum, fits the bill as a secure browser (more secure, anyway, than IE
6.x, its prime competitor).
We've wrapped up the second step for you by sniffing out
five tools -- four extras and one integrated -- that we see as the most
important security add-ons.
[Click here for Full Article]
Ten Top Tips For Protecting Yourself At Hot Spots (Desktop Pipeline)
06/16/06
Wi-Fi hotspots have become ubiquitous at cafes, airports, restaurants, and
other public location. In fact, more and more cities are creating hotspots
that blanket entire metropolitan areas.
But every time you connect at a hotspot, you're asking for
trouble. hotspots are open networks that don't use encryption, which invites
hacking and snooping. In addition, when you're on a hotspot you're connected
to the same network as your fellow hotspot users, they can potentially
weasel their way onto your PC and inflict damage.
But don't let that deter you from connecting. There's
plenty you can do to keep yourself safe at hotspots. Just follow these ten
tips.
1. Disable Wi-Fi ad-hoc mode Wi-Fi runs in two modes:
infrastructure mode, which you use when you connect to a network; and ad-hoc
mode, when you connect directly to another PC. If you've enabled ad-hoc
mode, there's a chance that someone near you can establish an ad-hoc
connection to you without your knowledge, and they'll then have free reign
in your PC. So when you're in a hotspot, make sure that ad-hoc mode is
turned off. To do it:
[Click here for Full Document]
Home Office Security Checklist (Microsoft)
Added 01/11/06
Whether you telecommute to a large corporation or run your own small
business, the benefits of working from home can include time gained by not
commuting, a more flexible schedule, and the ability to dress as you like.
However, in a large office there is usually a person who is in charge of
computer security and maintenance. In your home office, that person is you.
Here's a checklist that you can use to help protect your home office
computers from spam, viruses, spyware, hackers, and other Internet
Update your software. Regular software updates can be
crucial to keeping your home office computer or your home office network as
secure as possible. With Microsoft Update you can download critical security
software updates for both Windows and Microsoft Office programs, such as
Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. To learn more,
read Use Microsoft Update to help keep your computer current.
[Click here for Full Document]
Strong Passwords: How To Create And Use Them (Microsoft)
Added 01/11/06
Your passwords are the keys you use to unlock your computer and online
accounts. The stronger the password, the better the security against
intrusion by hackers and thieves, who could use your information to open new
credit card accounts, apply for a mortgage, or even chat online disguised as
you—and you wouldn't know it until it was too late. It's not hard to create
strong passwords. With a small amount of effort on your part and some tricks
provided in this article, you can help improve the security of your
computer.
Strong password checklist
A good, strong password should meet all three of these
criteria:
1. Over eight characters in length. Short passwords are
easier to crack than long passwords.
2. Combines letters, numbers, and symbols, but: Not
sequential or repeating combinations, such as "12345678," "222222," "abcdefg,"
or adjacent letters on your keyboard. Not common words with letters replaced
by numbers or symbols, such as "M1cr0$0ft" or "P@ssw0rd". Unfortunately,
hackers know these tricks, too.
3. Easy for you to remember, but difficult for others to
guess, and:
[Click here for Full Document]
Anti-Spyware Strategies, Part 1: Clean Out Your System (Smallbiz Pipeline)
01/06/06
Do you suspect that your system is infected with adware, spyware, or other
malware? Here's how to get rid of it.
Spyware is one of the most challenging — and frustrating —
problems faced by today's computer users and administrators. Even the
savviest Internet surfers have discovered their systems are riddled with
unwanted software that display popup ads, modify their search engines or
home pages, slow down performance or even make the system unstable.
• Introduction
• Step One: Back Up Your Data
• Step Two: Look Around
• Step Three: Choose An Anti-Spyware App
• Step Four: If All Else Fails
• Image Gallery: Clearing Restore Points
One major problem is in defining just what spyware is.
Because there is no official definition of spyware, it's not unusual to see
a company claiming its download is "spyware-free," even though its setup
program installs additional unwanted software. Depending on the specific
actions that the software takes, it could be classified as a hijacker, worm,
Trojan, adware, or a viral marketing program.
[Click here for Full Document]
Four Security Resolutions For The New Year (Smallbiz Pipeline)
12/22/05
I always know what my first New Year’s resolution is going to be, because
it’s the same every year: lose weight. Chances are, you have the same one.
But by the time the Super Bowl happens, and you eat seven thousand calories
on that one day, you’ll have already have given up on that resolution.
But you should also make some reservations at the office:
resolutions that you’ll actually keep. Perhaps the most important of these
should be a determination to get a handle on your security strategy and the
subsequent implementation. And that, of course, leads to:
The First Resolution: Get To Strategy You need to actually
figure out what your security strategy will be this year. In other words,
look at the big picture. I realize that you’ve been intending to do this all
year, but of course all those fires you have to fight, all those day-to-day
decisions kept getting in the way. By figuring out your security strategy, I
mean that it’s time to decide what your goals are.
[Click here for Full Document]
The Five Security 'Musts' You Can't Ignore (Smallbiz Pipeline)
11/28/05
Last month I told you about some
myths that
have grown up around security, but that are not necessarily things you
should believe.
This month it’s time for things you really do need to
believe in and act upon if you’re to stay out of trouble. Instead of myths,
they’re the “musts”: security actions you must take regardless of the size
of your enterprise or your network.
But be forewarned, this is not a complete list. These are
just the first things you must do. There are plenty of others that depend on
your specific needs and infrastructure requirements. But if you start here,
you’ll be on your way to having a secure environment, whether you’re on a
single computer tied to a DSL line or running an enterprise with thousands
of users.
1. Know Your Network [Click here for Full Document]
Fixing Your Network's Five Worst Bottlenecks (Smallbiz Pipeline)
11/14/05
Got a bogged-down, sluggish network? The problem likely isn't that you've
outgrown your infrastructure -- you have some serious bottlenecks. Here's
how to fix your network's five biggest bottlenecks.
It's so plaintive that it can be heartbreaking: "Why is
the network so sloooooowwww?" plead users in just about every organization
in North America. The inability of a network to keep up with the
expectations and demands of its users seems, at times, to be the defining
characteristic of networks.
"Everyone, at some point, complains that the network is
too slow," Info-Tech Research analyst Carmi Levy says. "Very often,
organizations think that they've outgrown their network, without considering
that the real problem is that it's a bottleneck," that is causing the
problem.
[Click here for Full Document]
School is in: 7 computer security tips for students (Microsoft)
Added
09/15/05
Preparing for school used to mean filling a backpack with a handful of
sharpened pencils, spiral notebooks, and a dozen textbooks. Today, computers
are often on the top of that list. Study these tips to help protect the
computers you use for school from viruses, hackers, spyware, and other
attacks.
On This Page 1. Perform basic computer safety maintenance
1. Perform basic computer safety maintenance 2. Don't open files from
strangers 2. Don't open files from strangers 3. Help fight spam and online
scams 3. Help fight spam and online scams 4. Learn how to protect yourself
from spyware 4. Learn how to protect yourself from spyware 5. Take
precautions when you go wireless 5. Take precautions when you go wireless 6.
Password protect your computer—and lock it 6. Password protect your
computer—and lock it 7. Back up your work (and the fun stuff, too) 7. Back
up your work (and the fun stuff, too)
[Click here for Full Document]
Ready, set, game: Learn how to keep video gaming safe and fun (Microsoft)
Added
09/15/05
Known as griefers, snerts, cheese players, twinks, or just plain
cyberbullies, chances are that a kid near you has been bothered by one of
these ne'er-do-wells at least once while playing online multiplayer video
games such as Halo 2, EverQuest, The Sims Online, SOCOM, and Star Wars
Galaxies. Griefers are the Internet equivalent of playground bullies, who
find fun in embarrassing and pushing around others. What griefers do
Typical griefer behavior includes: taunting others,
especially beginners (also known as newbies); thwarting fellow teammates in
the game; using inappropriate language; cheating; forming roving gangs with
other griefers; blocking entryways; luring monsters toward unsuspecting
players; or otherwise using the game merely to annoy a convenient target or
to harass a particular player who has reacted to their ill will.
[Click here for Full Document]
Don't Let Your Company Get Hooked by Phising (Microsoft)
Added
09/15/05
One way to hook a fish is to use a lure so realistic that the fish thinks
it's food. Phishing on the Web works the same way. Thieves send an e-mail
message or instant message that appears to come from a reputable company. It
capitalizes on your employees' (or customers') trust of a respected brand by
enticing them to click a link.
Clicking the link may take them to an equally convincing
(and equally fake) Web page or pop-up window that's been set up to imitate
the legitimate business, or they could be prompted to call a customer
support number. Either way, they're asked to divulge sensitive personal
information such as Social Security numbers, bank account or credit card
numbers, passwords, or personal identification numbers (PINs) that can be
used to access their accounts or steal their identity.
[Click here for Full Document]
What You Can do to Manage Network Security (Microsoft)
Added
09/15/05
Thanks to the continued presence of Internet worms, viruses and other
threats to computers, network security consistently ranks as a top concern
of business owners — even for those operating simple networks.
The good news is that you and your employees can manage
many of these security measures yourself without help from an IT
professional. The network security steps listed below are ranked by degree
of difficulty. Start with the easy jobs and work your way through the others
as your time, resources and skill level permit.
[Click here for Full Document]
IPSec vs. SSL VPN (Systems Management Pipeline)
09/01/05
You're comfortable with the security of your network inside the office, but
how do you feel about a salesman using his laptop to access your network
from the local Starbucks?
It's easy to control security within the physical walls of
your plant, but providing secure remote access to internal resources for
externally connected users is more difficult. IPsec (IP security) and PPTP
(Point-to-Point Tunneling Protocol) VPNs, and sometimes SSH tunneling, are
enough, but these setups often have problems with NAT (Network Address
Translation) traversal, firewalls and client management. An SSL (Secure
Sockets Layer) VPN should solve those problems while still providing robust
and secure remote access. However, an SSL setup comes with its own
difficulties, such as problems with browser support, required increased
privileges on the client computer for anything other than pure HTTP
applications and the inherent security problem of cached data on the
browser. For more information, see "ABCs of Remote Access".
[Click here for Full Document]
The Devil's Infosec Dictionary (CSO)
Added
08/10/05
24/7
adj. The window of time in which systems are most
vulnerable to attack
Access Control List (ACL)
The operating system file that gives users access to files
and programs they have no good reason to access Analyst, security
A mercenary paid vast sums of money to tell you that your
systems can't be secured
Back door
A hacker's front door
[Click here for Full Document]
Microsoft Identity and Access Management Series (Microsoft)
05/31/05
This series of papers provides numerous identity and access management
concepts, techniques, and solutions for use in heterogeneous IT
environments.
Identity and access management combines processes,
technologies, and policies to manage digital identities and specify how they
are used to access resources.
Send your feedback, questions, and requests for future
papers to cisfdbk@microsoft.com. On This Page Overview of the Identity and
Access Management Series Overview of the Identity and Access Management
Series Part I – The Foundation for Identity and Access Management Part I –
The Foundation for Identity and Access Management Part II – Identity
Life-Cycle Management Part II – Identity Life-Cycle Management Part III –
Access Management and Single Sign On Part III – Access Management and Single
Sign On Complementary Solutions from Microsoft Complementary Solutions from
Microsoft Complementary Solutions from Microsoft Partners Complementary
Solutions from Microsoft Partners
Developing Identity-Aware ASP.NET Applications.pdf
Extranet Access Management.pdf
Fundamental Concepts.pdf
Identity Aggregation and Synchronization.pdf
Identity and Access Management Tools and Templates.msi
Intranet Access Management.pdf
Overview of the Series.pdf
Password Management.PDF
Platform and Infrastructure.pdf
Readme.txt
ReleaseNotes.txt
Implementing Quarantine Services with Microsoft Virtual Private
Network Planning Guide (Microsoft)
05/31/05
The widespread availability of the Internet has led to significant changes
in the way many organizations work. To maintain competitive advantage,
organizations increasingly require employees to connect to corporate
networks from remote locations such as homes, branch offices, hotels,
Internet cafés, or customers' premises. These remote connections are usually
implemented with virtual private network (VPN) technologies.
VPN connections allow employees and partners to connect to
a corporate local area network (LAN) over a public network in a secure
manner. Remote access that uses VPN technologies is a key enabler for many
new business opportunities, such as remote administration and high security
applications. A large number of business groups and users make use of
productivity and administration applications that require frequent and
dependable remote access to corporate LANs.
Although a VPN provides secure access by encrypting data
though the VPN tunnel, it does not prevent intrusions by malicious software,
such as viruses or worms that initiate from the remote access computer.
Virus or worm attacks can result from infected computers that connect to the
LAN.
[Click here for Full Document]
The Administrator Accounts Security Planning Guide (Microsoft)
05/31/05
Because of their inherent permissions and power, the administrator accounts
on computers that run the Microsoft® Windows Server™ 2003 operating system
are both the most useful and potentially the most dangerous accounts on your
computer. Any other accounts to which you grant the equivalent of
administrator privileges present the same high risks.
This guide will be an indispensable resource when you plan
strategies to secure administrator-level accounts in Microsoft Windows
NT®–based operating systems such as Windows Server 2003 and Windows® XP. It
addresses the problem of intruders who acquire administrator account
credentials and then use them to compromise the network. The main goal of
this guide is to provide prescriptive guidance in terms of the steps you can
take to secure your local and domain-based administrator-level accounts and
groups. This guidance is based on Microsoft Security Center of Excellence (SCoE)
experience in customer environments and represents Microsoft best practices.
[Click here for Full Document]
The Secure Access Using Smart Cards Planning Guide (Microsoft)
05/31/05
Administrators are increasingly aware of the dangers that result if they
rely only on user names and passwords to provide authentication to network
resources. Attackers can guess user names, or use such publicly available
information as an e-mail address on a business card to identify a user name.
When an attacker knows a user name, the only security mechanism that remains
is a user’s password.
Single secrets such as passwords can be effective security
controls. A long password of more than 10 characters that consists of random
letters, numbers, and special characters can be very difficult to crack.
Unfortunately, users cannot always remember these sorts of passwords, partly
due to fundamental human limitations.
Research by George A. Miller, published in The
Psychological Review in 1956, concluded that the human brain has a
short-term memory limit of between five and nine random characters, with an
average of seven. However, most security guidance recommends at least an
eight-character random password. Because most users cannot commit an
eight-character random password to memory, many opt to write it down on a
piece of paper.
[Click here for Full Document]
The Security Monitoring and Attack Detection Planning
Guide (Microsoft)
05/31/05
Extensive media reporting about the spread of malicious software through the
Internet has significantly raised the profile of external threats to
organizations' network resources. However, some of the greatest threats to
any organization's infrastructure come from attacks that originate from
within the internal network. The internal attacks that have the highest
potential for damage result from the activities of those people in the most
trusted positions, such as network administrators. Analysis of both internal
and external threats has led many organizations to investigate systems that
monitor networks and detect attacks.
For organizations whose operations are constrained by
regulations, security monitoring is an operational requirement. Increased
prescriptive requirements from numerous institutions around the world places
greater demands on organizations to monitor their networks, check resource
access requests, and identify users who log on and off the network.
Regulatory considerations can also mandate that companies archive monitored
security data for certain lengths of time.
[Click here for Full Document]
The Services and Service Accounts Security Planning Guide (Microsoft)
05/31/05
This guide is an important resource to plan strategies to run services
securely under the Microsoft® Windows Server™ 2003 and Windows® XP operating
systems. It addresses the common problem of Windows services that are set to
run with highest possible privileges, which an attacker could compromise to
gain full and unrestricted access to the computer or domain, or even to the
entire forest. It describes ways to identify services that can run with
lesser privileges, and explains how to downgrade those privileges
methodically. This guide can help you assess your current services
infrastructure and make some important decisions when you plan for future
service deployments.
Microsoft has already tested the services included with
the Windows Server 2003 and Windows XP operating systems to run with their
default logon accounts, to ensure that they run at the lowest possible
privilege level and are sufficiently secure. These services should not need
modification. The main focus of this guide is to secure the services that
are not provided with the operating system, such as those supplied as a
component of other Microsoft server products: for example, Microsoft SQL
Server™ or Microsoft Operations Manager (MOM). Services installed with
third-party software applications and line-of-business applications
developed in-house might need additional security enhancements.
[Click here for Full Document]
Intrusion Detection Checklist: Six Stages of Handling
Attacks (TechRepublic)
05/31/05
Equipping your organization to deal with system intrusions requires a
many-faceted approach. This checklist is designed to help you address the
key aspects of preparation, detection, containment, extermination,
restoration, and finalization. The process begins with essential preemptive
steps, such as changing default configurations and ensuring that all team
members understand their roles in the event of a security breach. From
there, the list works through best practices for response and recovery,
including documentation for follow-up or legal action, communicating with
departmental administration, and restoring necessary data files and group
and user information.
[Click here for Full Story]
Security Best Practices (security pipeline)
05/30/05
Centralization, automation, problem prioritization--many IT-security
professionals are embracing those concepts as they fight off the
never-ending onslaught of threats. Security products can help businesses
stem the flood of vulnerabilities, but IT teams also have to put in place
processes to ensure that they're responding appropriately and being
proactive in warding off potential dangers. Fact is, some companies spend
too much on some parts of their organization and not enough on
more-vulnerable areas.
Security pros are under increasing pressure to do the job
right and cost-effectively as networks extend beyond firewalls to remote
users, partners, and customers, and to cell phones, PDAs, and other mobile
devices; regulatory requirements to safeguard data have risen; and concerns
about identity theft are at an all-time high. Hackings and other
unauthorized access contribute to the approximately 10 million instances of
identity theft each year in this country, according to the Federal Trade
Commission. "How sensitive is a company about being on the front page of the
paper?" asks Pete Lindstrom, founder and analyst at Spire Security.
InformationWeek and others have reported on a rash of cases involving
inadequate security and poor handling of customer data. "If the value of
assets is high, companies should follow security best practices," Lindstrom
says.
[Click here for Full Story]
White Paper - Authentication and Remote Access (TechRepublic)
02/01/05
A remote access VPN can pose serious security risks unless it includes a
well-developed authentication strategy. This white paper offers information
on how administrators can ensure secure authentication for their IT systems
and users. The paper covers many different types of authentication
processes, including end-computer, system, biometric, standard,
pass-through, and two-factor authentication.
[Free Subscription Required - Click here for Full Story]
White Paper - Best Practice for Multi-Tier Network
Security (TechRepublic)
01/01/05
This paper describes the different tiers that make up an organization's IT
infrastructure and assesses the need for security at each access point. It
also looks at the factors organizations need to take into account when
deciding how to manage, and where to invest in, endpoint and gateway
protection.
[Free Subscription Required - Click here for Full Story]
Accidental IT: Crash Insurance (smallbiz
pipeline)
04/26/05
The Recovery Console is one of the darker corners in Windows XP. It's one of
those places you hope you never have to go. But whether a computer is
crashing with blue screen Windows Stop errors, booting up in a funky manner,
or simply not booting at all, the Recovery Console can save a seemingly
impossible situation from becoming a total disaster. Even so, you can only
make a bad problem worse if you try to pick your way through the fairly
arcane command line entry system. Here are some instructions that will help
non-geeks navigate that road safely.
How to Avoid the Recovery Console
First, the best advice is to simply avoid the Recovery
Console altogether. This is often possible. After all, Windows XP is a lot
less prone to crashing that its predecessors, and when something goes awry,
such as a program freezing, you can usually squirm your way out of trouble
by using the Windows Task Manager to kill uncooperative programs; making use
of System Restore; editing the BIOS to tweak hardware settings; or rebooting
in Safe Mode and uninstalling problematic software or hardware.
[Click here for Full Story]
Accidental IT: Migrating Data To A New PC (smallbiz
pipeline)
03/15/05
So, the exciting day is here. The new PC has arrived, and your employee or
coworker is eager to unpack it, boot it up, and get all the benefits from
the latest and greatest hardware and software. But if you're the one that's
been saddled with the responsibility to help switch over to the new system,
you might be feeling intimidated. After all, moving a co-worker or employee
and his or her data to a new computer can be a road fraught with New York
City-sized potholes. Still, there are some concrete steps you can take that
will make the move less bumpy.
When migrating data to a new PC, you have the choice of
two approaches: either use a commercial product like Norton Ghost to move
all installed applications, Windows settings, Internet Favorites, and the
like; or use the seemingly sweet Windows XP Files and Settings Transfer
Wizard to directly transfer all accumulated data directly to the new PC via
a network connection, a direct serial cable connection, or indirectly by
using floppies, Zip disks, or CD and DVD disks. Both options have their
advantages. The Files and Settings Transfer Wizard is pretty flexible, but
it is limited, as we will discuss in a moment. On the other hand, commercial
products like Ghost are a bit more powerful, and sport a full suite of
backup settings and more complete Registry tools--but you'll pay extra for
that.
[Click here for Full Story]
A kilobyte of prevention: Outfitting a new computer for
the Net (Microsoft)
01/17/05
5 steps to help protect your new Windows XP computer
before going online
Is your "new" computer actually a pre-owned one? If the
original disks are included, consider starting fresh by formatting the hard
disk and reinstalling the software and follow the steps as shown. If the
computer isn't running Windows XP, consider upgrading to XP if the computer
can run it. Whichever system you use, it's important to get the latest
antivirus, firewall, and Windows updates especially to help make your system
more secure. Picture of a couple setting up computer
The most important aspect of setting up a new Windows XP
Home, Professional, or Media Center Edition computer is to ensure your
system has the latest updates and security software installed to help defend
against viruses and other potential threats before you connect to the
Internet. And once connected, it's equally important to update the operating
system and antivirus software on a regular basis.
The following steps will help you set up your new computer
with the latest Windows XP security tools available. On This Page Step 1:
Take inventory Step 1: Take inventory Step 2: Record system information Step
2: Record system information Step 3: Verify firewall Step 3: Verify firewall
Step 4: Adjust privacy settings Step 4: Adjust privacy settings Step 5: Get
software updates Step 5: Get software updates
[Click here for Full Story]
Protect Your Business Against Disasters (smallbiz
pipeline)
01/05/05
A disaster doesn't have to be of Biblical proportions, like last week's
tsunamis, to destroy your business. It can be as simple as a fire, an
electrical outage, or a virus attack. Here's how to protect yourself.
Chances are, you've watched video and seen photos of last
year's disasters and thanked your deity of choice that it couldn't happen to
you. A tsunami is probably never going to reach Denver or Phoenix, and a
hurricane probably won't strike Chicago or Boise. But that doesn't mean that
a disaster isn't lying in wait for you, and it doesn't mean that you can't
do something to protect yourself and your business against an event that
would shut your doors forever.
An event that can cost you your business doesn't need to
be of Biblical proportions. It just needs to destroy the information that it
takes to run your business or to keep your affairs in order. In other words,
for you, a disaster can be something as simple as a power outage, a fire or
a virus attack. The extent of the problem matters some -- there's less of a
problem if the power company restores your electrical service the same day
than there is if your entire portion of the continent is dark -- but
ultimately, even if you're out for a couple of days, you can always come
back if you have your data and a way to use it to serve your customers.
[Click here for Full Story]
What's The Difference Between Spyware And Viruses? (smallbiz
pipeline)
01/04/05
Is it a virus, or spyware?
The average Internet user has difficulty distinguishing
viruses from spyware.
The differences are indeed subtle. Both are malicious
software (malware): uninvited, intrusive, and potentially destructive.
Both have the capacity to capture and destroy information,
ruin performance, and disrupt business.
[Click here for Full Story]
Programs: A Checklist for Tuning Up Your PC (Reuters)
10/25/04
PROVIDENCE, R.I. (Reuters) - You change the oil in your car every 5,000
miles or so. You clean your house every week or two. Your PC needs regular
maintenance as well -- especially if you're using Windows and you spend a
lot of time on the Internet.
Virus checkers need to be updated. Spyware or adware may
have sneaked onto your PC and the clutter could be slowing everything down.
[Click here for Full Story]
Zombie Repellent (PC World.com)
10/25/04
Like the viruses and worms of yore (and those of last Monday, for that
matter), today's zombie networks rely largely on lax security to flex their
muscles. Unlike the screaming teens in horror movies, you wouldn't open your
front door to the undead--and by the same token, you shouldn't leave your
PC's door open to hackers. Here's how to protect yourself.
[Click here for Full Story]
How to Stop Spammers and Their Sneaky Ads (Microsoft)
07/15/04
"Hot teens looking for action!" Or "Enlarge your (select a body part) safely
and naturally!" Or "Make thousands working at home for only a few hours a
week!" If this hasn't happened to you yet, it will. Even if your e-mail
program and Web browser are closed, purveyors of spam can get to you. It's
especially likely to happen if you are continually hooked to the Internet
with a broadband connection.
[Click here for Full Story]
Danger, Danger: 5 Tips for Using a Public PC (Microsoft)
07/15/04
Juju Jiang is now serving time after pleading guilty. But for a couple
years, he bugged public computers at Kinko's with software that logged
keystrokes. He used it to capture usernames and passwords. Some he used to
steal money; others he sold on the Web.
[Click here for Full Story]
Practice Safe Computing and Thwart Online Thugs (Microsoft)
07/15/04
Viruses, Trojan horses and worms are malicious programs often written by
teenagers or young adults -- or even older adults of that mentality -- who
feel a desperate need to impress others.
[Click here for Full Story]
5 Tips for Spurning Spyware and Browser Hijackers (Microsoft)
07/15/04
"My Internet browser has been taken over by something. When I try to do a
search on Google or MSN, some other search program appears. I reset my home
page, but somehow it always goes back to a pornography site. Please help
me."
[Click here for Full Story]
Getting Started with Home
Networking (BASIC)
What Does It Take to Build a Network (Microsoft)
05/03/04
Setting up a home or business network requires some shopping for hardware,
and some time setting up the network the way you want it. First, you need to
decide which kind of network is best for you. There are different types of
networks, known as technologies. Fortunately, the differences among these
technologies are clear even to new computer users.
[Click here for Full Story]
What Are the Choices for Going Online (Microsoft)
05/03/04
You have four main choices: cable, DSL, ISDN, and dial-up, all of which
require some kind of modem. A modem is a device that turns data from a
digital format into analog signals in order to transmit it to and from your
computer. None of these services, other than dial-up, is available
everywhere (dial-up can be found wherever there are phone lines).
[Click here for Full Story]
Glossary
Adware
(From Symantec,
www.symantec.com)
Programs
that secretly gather personal information through the Internet and relay it
back to another computer, generally for advertising purposes. This is often
accomplished by tracking information related to Internet browser
usage or habits.
Adware can be downloaded from Web sites (typically in
shareware or freeware), email messages, and instant messengers. A user may
unknowingly trigger adware by accepting an End User License Agreement from a
software program linked to the adware.
E-mail Spoofing
(From Webopedia,
www.pcwebopedia.com)
Forging an e-mail header to make it appear as
if it came from somewhere or someone other than the actual source. The main
protocol that is used when sending e-mail -- SMTP -- does not include a way
to authenticate. There is an SMTP service extension (RFC 2554) that allows
an SMTP client to negotiate a security level with a mail server. But if this
precaution is not taken anyone with the know-how can connect to the server
and use it to send spoofed messages by altering the header information. In
some jurisdictions, e-mail spoofing anyone other than yourself is illegal.
Phishing (From
TechWeb News, www.techweb.com)
Phishing attacks are spam messages that pose as
legitimate mail from big-name banks, credit-card companies, and retailers.
Links within the messages try to entice recipients to visit bogus Web sites,
where they're told that their account information needs to be updated. Users
who fall for the con divulge personal financial information, as credit-card
and bank-account numbers, which is used by the attacker to siphon funds,
purchase goods, or steal identities.
Hoax
(From Symantec,
www.symantec.com)
Usually an email that gets mailed in chain
letter fashion describing some devastating, highly unlikely type of virus.
Hoaxes are detectable as having no file attachment, no reference to a third
party who can validate the claim, and by the general tone of the message.
Joke Programs
(From Symantec,
www.symantec.com)
Programs that change or interrupt the normal
behavior of your computer, creating a general distraction or nuisance.
Harmless programs that cause various benign activities to display on your
computer (for example, an unexpected screen saver).
Keyloggers
Keyloggers are small programs, silently installed by the attacker, typically
after an earlier attack that compromised the computer through a
vulnerability in the operating system or Internet browser, that record all
or selected keystrokes, then sends that data to the hacker.
Malware
Short name
for malicious software,
malware is a software specifically designed to damage or disrupt a computer
system. See also Trojan and Virus.
Spyware
A common
term for files that are installed on
your system without your knowledge that allow an outside
party to monitor your Internet activity. Spyware sneaks onto
your computer by piggybacking on files and software you
download from the Internet: such as games, music download
applications, clock adjusters, and password savers.
Trojan
A program
that pretends to be useful or helpful but in fact has insidious intentions.
By definition, a Trojan does not replicate itself like a virus but can be as
destructive as one. The term Trojan comes from the Greek story of Homer
where a wooden horse was used to break down the defenses of Troy by
concealing soldiers inside of it.
Virus
A program or set of instructions (code) that attaches
itself to a program on a computer. Once 'attached' a virus can perform the
authors instructions whenever the infected program is run. Some viruses can
replicate themselves. Dangers range from lost system resources to rendering
the infected system inoperable.
Worm
As it relates to computer security, a worm is a
self-replicating virus that does not typically alter files but resides in
memory and duplicates itself usually via email. Worms use known components
of the infected computers operating system that are available to all users
including the infestation. It is common for worms to be found out only when
their uncontrolled replication takes up so much of the computer's resources
that the user goes looking for the problem.
Always use a firewall