Monday, December 1, 2008

How to handle suspicious e-mail?

Phishing, pronounced "fishing," is a type of online identity theft that uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.

Follow these guidelines to help protect yourself from phishing scams sent through e-mail.

1. If you think you've received a phishing e-mail message, do not respond to it.

If an e-mail looks suspicious, don't risk your personal information by responding to it.

2. Approach links in e-mail messages with caution.

Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.

Most e-mail programs (such as Outlook 2003) show you the real target address of a link when you hover the mouse over the link.

Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

Make sure that the spelling of words in the link matches what you expect. Fraudsters often use URLs with typos in them that are easy to overlook. For example, instead of

www.microsoft.com, the scammer might create a Web page with the address:
www.micrsoft.com
www.micosoft.com
www.mircosoft.com

This is called "typo-squatting" or "cybersquatting." Scammers register these domain names in order to compete with the popular site or to earn money through advertisements.

3. Don't trust the sender information in an e-mail message.

Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message.
Fraudsters can easily spoof the identity information in an e-mail message.

4. Verify the identity and security of the Web site.

Some sites feature verified identity and security information. When you visit a verified site using Internet Explorer 7, the browser address bar turns green and the identity information appears on the right-hand side of the address bar. This makes it easy to check the identity information and ensure that it matches the site that you expected to see.

Make sure the site is secure before you type. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar, as shown in the following example.

Example of a secure site lock icon. If the lock is closed, then the site uses encryption.
The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details.

Note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information.

Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site.

If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.
Tip: If you don't see the status bar at the bottom of your browser window, click View at the top of the browser, and then select Status Bar to activate it.

5. Type addresses directly into your browser or use your personal bookmarks.

If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.

6. Use an updated browser

Regularly updated Web browsers to incorporate an ever-expanding set of features, such as the , Microsoft Phishing Filter, designed to help protect you when you click links in e-mail messages.

7. Don't trust offers that seem too good to be true

If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.

8. Report suspicious e-mail.

Report the e-mail to the faked or "spoofed" organization.
Contact the organization directly-not through the e-mail you received-and ask for confirmation. Or call the organization's toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, such as your IT helpdesk.

9. Don't enter personal or financial information into pop-up windows.

One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a "Cancel"button may not work as you'd expect).

10. Update your computer software.

Keep your computer software updated.

Wednesday, August 29, 2007

Steps to Secure Your Wireless LAN

It is the duty of technology not only to improve itself, but to become more and more user friendly. We can see this happen within the ever evolving sphere of Wireless LAN connections. Here the only constant is the easy to install, plug and play hardware which is well complimented by simple user friendly software. One only has to plug in the device to explore the network or even the Internet, however, Wireless LAN connections are often vulnerable to hackers or even virus threats. These malicious entities try to infiltrate the network and destroy important data. Then again, there is good news for all those people who wish to secure their Wireless LAN connections. Now you can enjoy the benefits of a protected Wireless LAN experience for less than a hundred dollars.

The first step after installing the hardware is to work out the configuration best suited for your network. Pay close attention to the security settings in particular and do not enable the Wireless LAN before you have everything in place and configured. After all, it is better to be safe than sorry. There are a few safety precautions one can adopt after setting up the Wireless LAN network.

Let us begin with the router and the access points. We recommend that you deploy an administrator password to reinforce and bolster access routes. In this way, the intruder will not be able to log into your Wireless LAN system without entering the correct password. Then again, certain systems or devices are preconfigured with default passwords.

Unfortunately, these passwords are often the manufacturer’s own name, because it is easy to remember although it lacks originality. We know that leaving a network unguarded with default passwords is the fool hardy option. This is why we must customize all the access points and the wireless router with our own unique passwords. Often we forget these passwords since we do not need to use them on a regular basis. At this point there is no option but to revert back to the default settings to reenter your network. The only problem is that all your time spent on customization will go to waste as those change are erased when default settings are applied.

Remember that the access points and the routers are specifically configured to retain and protect vital information like the SSID (Service Identifier) and even the name of the Wireless LAN network. This system makes it difficult to identify our own network, but thankfully, it doesn’t compromise the security. Without this elaborate masking system, you could be leaking away important details or clues that prove handy to outsiders with ill-intentions.

Now we study the two types of encryption employed to secure a Wireless LAN system. They are WEP or Wired Equivalency Privacy and the WPA or WiFi Protected Access. We know that the WEP system is widely used but it also has a sequence of easy to exploit weaknesses because of its poorly designed encryption software. On the other hand, there is the highly recommended WPA option which reinforces your network while proving surprisingly easier to install and configure. One should note that unlike WEP, WPA is not inhibited by a limited number of password combinations as it explores the keyboard beyond the alphabets and number keys. There is a preloaded WPA support system within the Windows XP software package. WPA2 is the next generation WPA, which provides greater security but relies on specially downloaded updates.

Saturday, August 18, 2007

VoIP Phone System - 5 Advantages For Your Business

New technologies such as IP Telephony don't just replace previous ones but allow much greater functionality, increased productivity, enhanced customer service and lower costs than prior technologies. Here are just a few ideas for you to ponder.

Your IP Telephone System provides the following advantages:

* Seamless extension dialing between all your locations on your private network, or even over the public Internet, is relatively easy and much less costly than traditional means. All your offices can be "tied together" to act as one large office no matter where in the world they are located. This also provides the advantage of eliminating long distance charges between your locations.

* IP Telephony creates lower cost and greater functionality advantages from carrier services. With IP Telephony you can connect all your offices together on your own private network. Or you can use the "quasi-private" network of a carrier.

This means you use one service provider to provide the voice trunks at each office. Your voice traffic between offices stays on the private network of the carrier. Your voice traffic never has to travel through the public internet.

If done correctly you have the advantage of carrying your voice traffic over the same network that carries your data traffic between offices but through the service provider you have Quality of Service to give voice priority over data. This will also give you a lower cost than the traditional means of a totally private network connecting your offices.

* Easily and economically connecting home based workers. Your home based worker can be easily connected to your office phone system with a high speed connection such as DSL or cable Internet. Your worker takes a phone from your office and connects it to that Internet connection. Or your worker uses a "soft phone" which is software on their computer at home that functions like a telephone.

That physical phone or soft phone, located anywhere in the world, is now a phone on your office phone system with all the individual settings that worker has on their phone at the office. Someone calls your office and the call automatically rings the phone at your worker's home. The caller doesn't know where the person they're calling is located. This arrangement can even work for a small one, two, or three person branch office.

* Easily and economically connecting traveling workers. Imagine you're traveling and staying at a hotel with a high speed Internet connection. You have a "soft phone" on your laptop computer. You can use a headset on your laptop or a handset that plugs into a USB port on your computer. The handset acts just like the handset on your phone at the office. You can now receive and make calls through your soft phone just like you're at your office. Callers will ring through to your soft phone.

You can be located anywhere in the world and the person you call or calls you won't know where you are. If you're going to be away for an extended period of time, you may even want to take a regular office phone and set it up on your Internet connection. This arrangement makes use of IP Telephony for your office combined with VOIP using the Internet. IP Telephony makes all this easily possible at a lower cost than traditional systems.

Home based and traveling workers can also go into your office, in fact any of your office locations, and simply "log in" to your phone system just like they log in to your computer system. Once logged in all their phone settings are automatically provided to the phone in which they log in. This just wasn't easy or feasible to do economically prior to IP Telephony.

* Software upgrades are much easier and can be performed by you instead of paying the telephone equipment vendor to do them.

There are many more benefits to IP Telephony. This brief overview should be enough to peak your interest to continue your investigation. You don't need to make a total swap out of your current phone system. It is possible to gradually introduce an IP Telephone System into your organization and interface it to legacy systems.

Don't just improve the way you currently do business! Explore the strategic business applications and implications of IP Telephony. New technologies such as IP Telephony don't just replace previous ones but allow much greater functionality, increased productivity, enhanced customer service and lower costs than prior technologies.

Expand the possibilities of conducting your business in ways you never thought possible. All major phone system manufacturers are investing their research and development dollars into development of their IP Phone Systems. Thousands of companies have already converted to it. There must be a reason or two or twenty.

Website Basics-Dot ORG, NET,BIZ, etc....

There is a school of thought that the dot com domain name is the Gold Standard, the only type of domain name extension (or TLD) worth owning. Indeed there is some merit to this. As the original type of domain name since the internet’s inception, far more dot coms have been bought up versus all other extensions (as of August 2006, over 50 million dot coms were registered versus 6 million dot nets and 4 million dot orgs, for example). Be that as it may, there is still good reason to consider other domain name extensions besides, or possibly in addition to, the dot com extension.

First, consider the fact that with so many dot coms already spoken for, it is far more likely that you will be able to find the name you want as a dot net, org, biz, or info. And although it is arguable that in the minds of most net surfers dot com is king, the walls are coming down in that respect also. In fact, when was the last time you searched for something through Google or Yahoo, and upon finding the results and clicking to go to a website, did you really pay attention to the extension of the domain name? Most people don’t surf the web by typing in memorized domain names.

Dot net is generally the second choice after dot com for most buyers of domain names. But that is changing as well. Dot org, originally the extension for non-profit and government websites, is now available for all, even commercial sites. And it gives off a more social, more community oriented connotation. Dot biz, while open to all, actually gives a professional sound to a domain name, leaving little doubt that commercial interests are involved. Dot info, again open to all comers, gives the impression that the user will find waiting for them a site rich with content and pertinent information.

Many savvy web builders these days will lock down not only a dot com domain name, but every other available extension along with it as well. When you purchase mygreatgizmo.com, and then also buy the same domain name with the dot net, info, biz, org, etc., you are performing a preemptive strike against the competition, a hedge against someone capitalizing on your good domain name in the future. And you are able to point as many domain names to a single website as you wish.

The bottom line here is that there is good reason to consider other extensions in addition to dot com. With the vast majority of web surfers using search engines to find websites, coupled with the fact that dot net dot org dot info dot biz extensions are more and more recognized and accepted, going forward there is no reason to limit yourself to only dot com domain names.

A couple of final thoughts: consider country specific domain names if doing business only in your home country. Dot US for the United States, dot EU for Europe, dot CA for Canada, dot UK for United Kingdom (dot co uk is most popular) as well as the New Zealand nz domain name. And coming on strong in the last year is dot MOBI domain names, the only domain name for mobile devices. The land rush is on for this extension, and dot MOBI domain names will be discussed in a future article.

Cisco PIX/ASA Security Appliance: How to Configure Banners

Banners can be configured to display when a user first connects (MOTD), when a user logs in (login), or when a user accesses privileged mode (exec). Banners are used for legal warnings such as when a user is cautioned not to access a restricted system or that their access of a system is subject to monitoring and logging. Banners are also used on locked systems placed at customer locations by service providers to provide contact information for device access or technical support. The Cisco security appliance supports the use of login banners in console sessions and Telnet sessions, but not in SSH sessions. Exec and MOTD banners are supported in console, Telnet, and SSH sessions. Banners can be up to 510 characters in length. You can create multiple line banners either by creating multiple banner statements or by using the keystroke sequence of "\n" which inserts a carriage return.

Here's how banners are displayed:

MOTD Banners--When usernames are not configured, MOTD displays at login in a serial console session and before login in Telnet sessions. When usernames are configured, MOTD displays before login in a Telnet session and after login in a serial console session.

Login Banners--The login banner displays before login in Telnet and serial console sessions.

Exec Banners--The exec banner displays upon login in all sessions.

How to Configure a Banner

Note: The following procedures were tested on an ASA 5505 Security Appliance running software version 7.22. Other hardware or software platforms may require modification of these procedures in order to function properly.

To configure a banner, use the following configuration mode commands:

asa(config)#banner motd This is a restricted system.
asa(config)#banner motd Do not attempt unauthorized access.

Notice the use of two banner motd statements to create a multi-line banner. As mentioned previously, you can also use the "\n" key sequence to insert a carriage return.

You can view the banners you created with the following privileged mode command:

asa#show running-config banner

Hands-On Exercise: Creating Banners on the Security Appliance

The following procedures are for training purposes only and should only be performed on devices in a laboratory environment. Under no circumstances should these procedures be performed on equipment in a live, production environment without first verifying their suitability in a laboratory environment.

In the following hands-on exercise, you will create MOTD, login, and EXEC banners.

Step 1: In configuration mode, enter the following commands:

asa(config)#banner motd This is the MOTD banner
asa(config)#banner login This is the login banner
asa(config)#banner exec This is the EXEC banner

Step 2: Display the banners you just created with the following command:

asa(config)#show running-config banner

Step 3: Type exit repeatedly until you are logged out of your laboratory security appliance.

Notice which banners are displayed.

Step 4: Enter privileged mode with the command "enable" and notice which banners are displayed.

Step 5: From your laboratory computer, start a Telnet session and again observe which banners are displayed. When you are finished, exit the Telnet session.

Step 6: Also from your laboratory computer, start an SSH session and again observe which banners are displayed. When you are finished, exit the SSH session.

Note: The above procedures are similar to the procedures used to configure banners on other Cisco devices including routers.

Friday, July 27, 2007

Advantages of Open Source Software

PHP-Nuke, PHP PostNuke, TikiWiki, Xoops, b2evo---you can find them everywhere in the web. These are all the open source software solution used in various areas of web applications. These are most of the time free applications released under special licensing terms. This allows the coding to be shared by all and edited to suit the unique needs of the user.

What is the secret behind this immense popularity of all these software? The use of open source software has some practical benefits. Let us discuss about them in details.

You get the core framework for free

For a start up company, budget is a major factor. You can save on your initial investment cost by adopting open source software which comes free of cost.

Modification benefits

With Open Source software, the code is openly available and that enables the users to fine tune the codes to suit their needs. It also contributes to the improvement of a software product by making it adaptable to changing conditions, fixing of bugs, security problems and so on.

Excellent support base free of cost

With open source software you are not tied to a single company or do not need to fall back upon it for fixing all your application related problems. This dependence proves to be very expensive. But with open source software, you get the support of the entire support community on which these applications grow and thrive.

Forking leading to a new product

The open source software keep open the possibility of forking when the existing code base does not work thus leading to the creation of a new software altogether.

The entire online community is indebted to the various open source software for what they have contributed to transform internet into a vast collaborative community that it is today. With an array of open source software, you may conclude that the days of commercial software are numbered. But it requires time for their installation, implementation and trouble shooting. If you lack the time then you have two options---go for the expensive commercial software or hire an efficient and renowned web host who will tackle these problems for you. The second option is definitely better.

How To Correct A Continually Rebooting Computer?

When you sit down at your computer desk and press the power switch on your desktop, the last thing you want to experience is a continually rebooting computer.

There are a variety of causes that contribute to this problem, from something as simple as a stuck power button to a much more serious problem as your power supply slowly failing. Other causes for this problem may be overheating PC components, or viruses affecting your system.

Now, if you’re like the rest of us, having a computer that reboots constantly is not our idea of a productive day. So how do you diagnose this problem and where do you start to to make corrections. Here are some common but often overlooked causes and solutions that will get your system running again.

First take a look at the power button and see if its stuck in the socket. If so, you may be able to simple tap the front of the case to release the button. In some cases, you may have to remove the system unit cover to get the button to return to the out position.

If you cannot stop the computer from rebooting by pressing the power button and releasing it, turn off the power switch in the back of the computer next to the power supply. If your power supply do not have a power switch, you will have to unplug the system from the wall outlet.

This must be done as soon as possible so that the constant rebooting will not damage components such as the hard drive. Constant rebooting also have the danger of power surges that can further damage larger components such as the motherboard.

Second you check your computer’s software by checking to be sure no virus or malware have not effected your hard drive. Virus and malware are small software that is downloaded along with other files that is designed to cause mischief.

To remove any viruses and malware, use a anti-virus program that will search your hard drive and remove these file quickly. These files can cause such damage as wiping your hard drive of all data or hijacking your web browser so you have no control over your online surfing.

If you find no malware on your computer, take a look at your BIOS to see if it has become unstable or has been changed. BIOS stands for Basic Input Output System and is a small program designed to check all components for proper operation when the computer is turned on.

If your BIOS has been changed or if you’re not sure if its been changed, try to reset the BIOS settings to the default settings after you access the BIOS as the computer reboots.Once inside the BIOS, you should have the option to load your default settings, save the change, and reboot the computer.

However, there are times when a continually rebooting computer will not allow you to access the BIOS. You can then reset the BIOS by removing the system unit cover and locating the jumper on a three pin header.

You must consult your computer or motherboard manual to properly perform this procedure and it should be done as a last resort. Before making any changes to your BIOS, you should backup your BIOS if your computer reboots at long intervals.

After checking your computer’s software for its rebooting problem, you must check to be sure hardware is not at fault. This problem may exist because one of your memory modules are unseated from its socket . Memory modules are long, narrow sticks that attach to the motherboard.

Remove any static electricity from yourself, remove the system unit cover and check these memory modules to be sure they are secure. Check the connections to the hard drive and the connections leading from the power supply.

Power supply connectors should be checked if you’ve done work inside your computer recently. Power Supplies are known to slowly fail and lead to rebooting problems. There is no way to check an ailing power supply and this should be considered the problem as a last resort.

Following these steps will help you correct any computer that continually reboots itself. If no virus or malware is found, carefully and thoroughly check all connections. And if the problem still exist, the most likely cause would be the Power Supply.