Encryption is also now being applied extensively in offices so if ever information does get out and falls into the wrong hands it is rendered useless without the proper cipher key. The use of military-grade encryption has random generators and multi level encryption technologies which were previously available only to the military forces. Hardware based encryption is also another developing technology where hardware components such as hard disks, network cards and other such peripherals are embedded with encryption technology on a chip thus preventing unauthorized data being useable that is transmitted or contained within them. All these technologies along with promising technologies in development such as faster multi-processors allow higher encryption levels without sacrificing performance as today�s technologies are limited to (the faster the processor, the faster the coding/decoding of information that would become almost unperceivable with future computers).

With the advent of VoIP or a revised name for a P2P (peer to peer) connection using the internet for use with voice calls while simultaneously sharing and moving file across the vast area that is the internet, more and more information that is within your computer and the information that you send through the net is at risk.
So what can we do to boost the already anti-virus protected environment that is the net and the data that may become lost? Traditionally IT experts and analysts have recommended the use of perimeter protection for a network which has sentinels or programs that defines who can access where and when. Data mining software, scans all the files on the network and determines who gets to see and use which and prevents data loss by storing them securely in servers. Software like InfoScape from the EMC Corp is just one of the many software products along with Kazeon Systems Inc.
The key is to de-centralize and distribute the security solution along with the files themselves which follows the approach that the traditional network with walls has been thrown out the window.

Previously we discussed the importance of having an intrusion detection system to handle the growing number of attacks on corporate networks with Intrusion Detection Systems. A better solution would be to give some form of control to the detection system giving it teeth to execute actions that would prevent intrusion such as denying access or deleting errant file attachments. This comes in the form of Intrusion Prevention Systems which have the ability to detect, analyze and take appropriate action as programmed to do so by the systems administrators who then gets a detailed report on what was done. This allows them to review and take further action if the file was simply quarantined and not deleted by the system. They can then be submitted to the software vendor so they can analyze and formulate a solution to the threat providing feedback to prevent further infections.

Network Intrusion Detection Systems have a sole purpose which is to analyze data packets entering a network while looking for signatures of known malware. These signatures are constantly updated as new threats are detected so they are always on the lookout for a growing number of threats that keep on getting better and better at what they do. A detection system checks for any suspicious activity and then notifies the right people who then do the desired actions that have been laid out. Much like a citizen who calls the cops to report a criminal, it works the same way with the system being the caller and the dispatcher in detection side, and the cops on the System Administration side who takes action and apprehends the suspected criminal. They are however quite dependent on the ability of their handlers (System Administrator’s) to handle the threat as it should be. Miscalculations or lack of action can render it useless defeating its purpose. A better solution will be discussed in the next post that is more pro-active in the quest to protect the corporate network.

The Sans Institute has been monitoring activity of a Trojan that has been using seemingly valid PDF files as a propagation method. Thought the risk is very low and no major incident has been seen, it may be signs of a new frontier malware authors are trying out. The Trojan installs itself as you open the infected Trojan and then opens the PDF as if nothing happened. The SANS institute has issued warnings that even though there are no major incidents of attacks, people should update their Adobe readers to the latest versions. They also advise users to turn off Adobe’s JavaScript facility. More detailed explanation of the incident from the Sans Institute Storm Center Diary entry.

An Arizona man is facing charges of violations against the Computer Spyware Act and the Consumer Protection Act in Washington due to his offering of pop-up blocking software after first flooding his victims with tons of them. Call it creating your own market, the ploy however creative is one of the most damaging attacks in the It industry and is slated to be costing millions in lost dollars due to wasted resources. Spam and Pop-up’s, most of which are unsolicited can cause disruption to work in the office or home. Offering a tool for their removal, right after an intensive barrage that has your screen teeming with small windows is indeed the best time to offer such a product. As you install the removal/prevention tool, it bombards your pc with tons more of the same pop-up’s which just happened to be made by the accused man’s company itself.

LifeLock, a security firm which advertises itself as an identity theft prevention company is the subject of a lawsuit filed by an Arizona man who found out the way the company does its business. The problem stems for the firm’s actions in sending out warnings and bulletins out to credit bureaus when they are not even allowed to do so by law. A review of the fine print in their contract reveals the 1 million dollar guarantee that they offer if there was ever a breach of their protection methods as totally bogus and is rendered immediately ineffective according to the complainant. The services they claim to provide have nothing to do with the protection from identity theft for they take no measures to do so with respect to their clients. For a technology company to claim to be able to prevent identity theft is quite ludicrous for identity theft has a very complex and varied scope. It can happen anywhere at anytime without you even knowing about it. Experian, a credit bureau filed a lawsuit against the firm for deception and some other charges. This is the worst thing to do something like this and to give people a sense of peace they do not really have is totally criminal.

Apple Inc is under fire from industry experts for it’s actions in the delivery of their new web browser for Windows, Safari 3.1. Why all the fuss, they used the auto update functions of iTunes and QuickTime to install the software without the knowledge of users. This is criticized as a practice that borders on malware and should be avoided at all costs. Users must be informed of what and when updates are to be installed however the minimal effects it could have on a user’s computer system. Let’s call it full disclosure as this post in the IT Security Blog points out, software developers do this as a standard practice maybe because they’re ashamed to admit they have made such an elementary error for such a long standing and respected developer. The auto update feature of most software is placed there to facilitate the updating and patching of software without the need for user intervention which can be quite annoying if there were a lot of software products installed on your computer. The risk is highlighted by this incident which I’m sure is not the only incidence of such activities.

The House of Representatives of the US have raised questions regarding possible danger scenario’s which could become problematic with the US Federal government’s plan to distance government networks from the rest of the internet. The move coined “The Cyber Initiative” would dramatically block out links to government sites in hopes of beefing up security as they are come of the most attacked sites on earth. This would come in the form of more data monitoring systems on government web sites aimed at preventing malicious cyber-attacks. The government has done so along with the implementation of full disclosure which re-defined the way and period information should be made available to them upon request. More on this matter, this is a move to beef up homeland security which is seen by many as restrictive but is argued to be an initiative that is essential for Homeland Security.

United States law enforcement agencies have long used the centralized database systems for storing information on criminals and other law breaking activities for inter-agency cooperation. The FBI has proposed a new system which would also contain more biometric information included with the old photos, rap sheets and biographical information in hopes to boost the capability of crime prevention and investigation units in getting information. The said plan gets many critics due to many problems that are foreseen to come with a new system such as the fact that the agency’s network and computers are some of the most attacked computers on earth. The transmission of all information regarding an investigation is to be sent to the FBI first before all other agencies, which raises questions on the transmission security of the said information. The system in place that has been modified for Homeland Security has a lot of flaws wherein many people with misdemeanors get arrested as “terrorists”. There is no contesting the fact that there is a need for such a system but further testing and development should be done as many experts see the plan. The security and reliability of the government should be prioritized and developed to the full capability of current technology for it to remain acceptable and adaptable for the times to come.