VPN...Keeping Us Secure

Wk 4 Blog

This week’s blog may seem a little different, but when it pertains to information security it’s always important.  This week is going to discuss a little about Virtual Private Networks or VPN’s as its commonly known as.

With the ever increasing expansion of the Internet and global business, accessing data remotely has also increased.  Consequently, the risk associated with accessing sensitive data has therefore increased, and the potential for stealing the data has risen as well.  One solution to help with protecting the data from remote locations is the use of VPN’s.  VPN’s are a secure way to exchange data over the Internet between the user and the system they are connected to.  Because the data exchanged is encrypted through a virtual tunnel, it’s nearly impossible to penetrate the tunnel and steal the data.  Furthermore, even if the tunnel is somehow compromised, the data is still encrypted.

VPN’s are a must for business travelers or anyone who works remotely, especially those that are using a public Wi-Fi connection.  In most cases these types of people need to have the capability to download large amounts of data and therefore need to have the confidence and assurance of knowing the data is protected from point to point; VPN’s offer the right type of protection at an affordable cost.

Keep in mind, as stated earlier, VPN’s are nearly impossible to penetrate, but they are not 100%.  For instance, they can’t protect a user from downloading malicious malware, opening an e-mail with a virus attached, or clicking on a fraudulent link.  Therefore, use VPN’s as another layer of security, as part of a bundled security suite.  Just like anything else, common sense and thinking before clicking are always good habits to learn and practice. 

So the next time you head out on a business trip or need to download business data to one of your many devices, think of VPN.  It may be the one thing that protects traversing data between you and your businesses’ greatest asset, and keeps the bad people at bay.

 

 

 

Phishing, What it is And How to Deal With It

Hi Class,

This week’s blog I wanted to discuss something that is still alive and well today as it was since it began, “Phishing”.  For the most part we’ve all heard of the term and even understand what it is, but if that’s the case, then why are still so many being fooled.

Phishing defined, “Is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients” Rouse, M. (2007).  In laymen terms, phishing is a scam, and increased 59% in 2012 from 2011, according to EMC. 

Phishing uses many ways to disguise their being.  For instance, hijacking websites, i.e. banking sites, retail stores, and online stores to name a few, then capturing an individual’s account information. Social engineering is also widely used; this is where the perpetrator poses to be from a company and sends an e-mail or even calls an individual stating there is a problem with their account and request their account information to fix the error. Use of scare tactics and intimidation are not beyond the perpetrators scope of achieving their goal……garner information to extract the money.

Phishing is only expected to rise, not fall, due to the onslaught of smartphones.  Capturing individual’s information as it passes unencrypted through the air is a convenience for the perpetrator and the multitude of available apps makes smart phones and their users a perfect target.  Apps on a smartphone are not much different than that of a website.  The individual thinks the app is valid, but in reality it’s a hard to tell.   Since the apps are well-disguised, it's easy to build in code into an app which is  capable of capturing a users account information without them even knowing it.

However, all is not lost.  Phishing can be mitigated through education and a little attention to detail.  Below are a few tips to help keep information safe.  Of course it’s not all encompassing, but it’s a good start in keeping each one of us from becoming another victim.

Some tips:

-          Never ever give out your account information to anyone….banks and places of business will 

         never ask for it

 

-          If you receive a request through e-mail, look at the link, chances are, the URL is different

        from the real websites address

 

-          Pay attention to detail and don’t be intimidated.  Many of the perpetrators try and use

        intimidation to garner your information.  Scare tactics such as threatening to turn off your

        utilities or sending your name to a credit bureau if you don’t comply are methods

        perpetrators will employ in hopes you’ll give in.  Don’t fall for it.

 

-          Keep software up to date such as spy-ware and adware

 

-          Be careful what you say in the open

 

-          Good common sense, if something doesn’t seem right or feel right, chances are, is isn’t right

 

 

 

References:

Rouse, M., Phishing, (2007).  Retrieved from http://searchsecurity.techtarget.com/definition/phishing

The Year in Phishing, January 2013.  Retrieved from http://www.emc.com/collateral/fraud-report/online-rsa-fraud-report-012013.pdf

 

New Virus Found with Android

Hey Class,

Was doing some reading and came across an article which talked about the discovery of a new virus found with Androids.  The article talked a little about how malware and viruses for Android are looking more and more like those of Windows or Mac OS. 

This particular virus called Odad.a, is a new virus which creates a backdoor for attackers on Androids that are infected.  It not only has the capability to then download additional malware, but can also affect other devices connected nearby to by either Wi-Fi or Bluetooth.  The attacker can also send additional information and send SMS messages to various phone numbers to generate revenue.

With built in capabilities and hidden code, this virus is hard to detect.  Most likely it's delivered in a typical way, a 3rd party app store or website.

So, be careful what you do on your mobile, what once seemed to be secure, may not be as secure as you think.

To read the article in it's entirety.....here is the link.


http://www.informationweek.com/security/mobile/android-trojan-looks-acts-like-windows-m/240156254

Article is credited to Matthew J. Schwartz

Intro to Blogging

This is an intro blog for a class I am taking.  I very seldom blog, so this could get interesting pretty quick.