Archive for January 2015

Hacking Tips

First of all, when learning hacking tips, learn the difference between hacking and cracking. Hacking is an unauthorized use, or attempts to go around the security systems of an information system or network while cracking is similar to hacking; only it is done with bad intentions. Hacking may revolve around security improvement and educational purposes. Read on to follow basic hacking tips and tricks.

There are thousands of different codes and programs used by hackers to look into computers or their networks. Once a skilled hacker knows how a system works, he can code his own program to exploit it and has power over the organization.

Useful hacking tips for beginners :

Go for passwords:
Begin with to simple algorithms to create combinations of letters, numbers and symbols and use this  trial and error method for hacking passwords. The hacker needs to make educated guesses and use a dictionary attack to generate every possible combination for the password.

Log keystrokes:
The hacker can use some programs designed to review every keystroke a computer user makes, that can help in revealing the person’s identity.

Leave a virus:
Another of the hacking tips for beginners is to  create simple viruses and send them out via email, instant messages to potential victims.

Spy on e-mail:
Hackers can also develop codes that lets them interrupt and read e-mail messages.

Make zombie computers:
This computer is used by the hackers to place DDoS attacks or send spams. If an innocent user clicks on the link, he opens up a connection between his computer and the hacker's.

Gain entry through the backdoor:

This is quite similar to hacking passwords. Many hackers develop codes and programs that look for defenseless pathways into network systems and enter the network without the use of any password.
Friday, 30 January 2015
Posted by Unknown

How Firewalls Work

If you have been using Internet on a regular basis or working in a large company and surf the Internet while you are at work, you must have surely come across the term firewall.

You might have also heard of people saying “firewalls protect their computer from web attacks and hackers” or “a certain website has been blocked by firewall in their work place”. If you have ever wondered to know what exactly is this firewall and how it works.



How Firewalls Work?

Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world). A firewall can be simply compared to a security guard who stands at the entrance of your house and filters the visitors coming to your place. He may allow some visitors to enter while denying others whom he suspects of being intruders. Similarly a firewall is a software program or a hardware device that filters the information (packets) coming through the Internet to your personal computer or a computer network.

Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules that are most suitable under normal circumstances so that, the user need not worry much about configuring the firewall.

Personal firewalls are easy to install and use and hence preferred by end-users for use on their personal computers.  However, large networks and companies prefer those firewalls that have plenty of options to configure so as to meet their customized needs.

For example, a company may set up different firewall rules for FTP servers, Telnet servers and Web servers. In addition, the company can even control how the employees connect to the Internet by blocking access to certain websites or restricting the transfer of files to other networks. Thus, in addition to security, a firewall can give the company a tremendous control over how people use the network.

Firewalls use one or more of the following methods to control the incoming and outgoing traffic in a network:

Packet Filtering: In this method, packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. If the packet manages to make it through these filters then it is allowed to reach the destination; otherwise it is discarded.

Stateful Inspection: This is a newer method that doesn’t analyze the contents of the packets. Instead, it compares certain key aspects of each packet to a database of trusted source. Both incoming and outgoing packets are compared against this database and if the comparison yields a reasonable match, then the packets are allowed to travel further. Otherwise they are discarded.

Firewall Configuration:

Firewalls can be configured by adding one or more filters based on several conditions as mentioned below:

IP addresses: In any case, if an IP address outside the network is said to be unfavorable, then it is possible to set  filter to block all the traffic to and from that IP address. For example, if a certain IP address is found to be making too many connections to a server, the administrator may decide to block traffic from this IP using the firewall.

Domain names: Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.

Ports/Protocols: Every service running on a server is made available to the Internet using numbered ports, one for each service. In simple words, ports can be compared to virtual doors of the server through which services are made available.

For example, if a server is running a Web (HTTP) service then it will be typically available on port 80. In order to avail this service, the client needs to connect to the server via port 80. Similarly, different services such as Telnet (Port 23), FTP (port 21) and SMTP (port 25) services may be running on the server.


If the services are intended for the public, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.

Specific words or phrases: A firewall can be configured to filter one or more specific words or phrases so that, both the incoming and outgoing packets are scanned for the words in the filter.

For example, you may set up a firewall rule to filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.

Hardware vs. Software Firewall:

Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority. The software firewalls on the other hand are less expensive and hence preferred in home computers and laptops.

Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet in the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.

Why Firewall?

Firewalls provide security over a number of online threats such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, viruses, cookie stealing and many more. The effectiveness of the security depends on the way you configure the firewall and how you set up the filter rules.

However, major threats such as DOS and DDOS attacks may sometimes manage to bypass the firewalls and do the damage to the server. Even though firewall is not a complete answer to online threats, it can most effectively handle the attacks and provide security to the computer up to the maximum possible extent.
Saturday, 17 January 2015
Posted by Unknown

What is Denial of Service (DoS) Attack?

If you are working in the field of computer networks or an enthusiast in the field of network security, you are sure to have come across the term “Denial of Service attack” which is simply referred to as “DoS attack”. Today, this is one of the most common types of network attacks carried out on the Internet. In this post, I will try to explain DoS attack, its variants and methods involved to carry out the same in an easily understandable manner.

What is a DOS Attack?
Denial of Service or DoS attack is a type of network attack designed to flood the target network or machine with a large amount of useless traffic so as to overload it and eventually bring it down to its knees. The main intention behind DoS attack is to make the services running on the target machine (such as a website) temporarily unavailable to its intended users. DoS attacks are usually carried out on web servers that host vital services such as banking, e-commerce or credit card processing.
A common variant of DOS attack known as DDoS (Distributed Denial of Service) attack has become quite popular in the recent days as it is more powerful and hard to detect. A typical DoS attack has a single place of origin while a DDoS attack originates from multiple IP addresses distributed across two or more different network. The working of a DDoS attack is shown in the following diagram:



Unlike a DoS attack where the attacker uses one single computer or a network to attack the target, a DDoS the attack originates from different pre-compromised computers belonging to different networks. As the attacker uses a number of computer systems from different networks each residing in different geographical locations, the incoming traffic looks natural and therefore becomes hard to detect.

Protection Against DoS/DDoS Attacks:


DoS attacks can easily be handled by blacklisting the target IP (or range of IPs) that are found to be making too many requests/connections (in an unnatural way) to the server. However, DDoS attacks are complicated as the incoming requests seem more natural and distributed. In this case it is hard to find the difference between the genuine and malicious traffic. Taking an action at the firewall level to blacklist suspected IPs may result in false positives and therefore may affect the genuine traffic as well.
Methods Involved in DoS Attack:
The following are some of the commonly employed methods in carrying out a DoS attack:
  • SYN Flood Attack
  • Ping Flood Attack (Ping of Death)
  • Teardrop Attack
  • Peer-to-Peer Attacks


Posted by Unknown

How to get best possible security on internet

Today, we are all addicted or you may say depended on the internet. We do most of our work including social lives, online banking, e-mail, and more, so keeping your accounts safe is extremely important! so take the some security measures for your online accounts! Here are a few tips that will help you to keep your accounts more secure and improve your overall internet security…


1. Have a Secure and Unpredictable Password
             
                                   This may seem like an obvious one, but you’d be amazed about how many people have insecure passwords like “password,” the name of the site, their birthday, their first name, etc. These are the first passwords that any hacker will try!

Here’s a list of passwords to avoid:
  •         Anything related to your personal details (name, birthday, birthplace, maiden name, etc.)
  •          Words related to the site itself. For example, if it’s your Facebook password, do not use the password “Facebook” or any variation (i.e. “Facebook123″).
  •          Dictionary words. If someone tries to brute force your account, it can be cracked in a matter of minutes if you use a common dictionary word (i.e. “dog,” “cat,” “chocolate,” etc.).
  •          Short passwords. Regardless of what your password is, never have a short one!
  •          Do not store your passwords in a text file on your hard drive! If you ever get a virus or lose control of your computer, someone could steal your entire list of passwords!
  •          Do not use the same password on more than one website! If you do and someone manages to hack into one account, they’ll then have access to all of them. It’s like using the same key for your house, safety deposit box, and car. You lose the key, you lose everything. Minimize the damage!

Now here are a few tips for good passwords!

Your password should be at least 8 characters long, but more like 10-15 is even better!
The best password is a long combination of random numbers, letters, and symbols (i.e. Dxg]G9xB%8]Uh). If you think that’s too difficult to remember, you can try coming up with a phrase that’s only meaningful to you and turning it into letters, numbers, and symbols. 
For example: I<3MRed4re! (I love my red Ferrari). But remember to still avoid matching the topic of the website. If it’s a car/Ferrari forum, do not choose a password that relates to cars or Ferraris, since that will be a hacker’s first guess! Furthermore, try to disguise the phrase as much as possible. If it’s something obvious like Il0vec@ts, it’s hardly much better than “Ilovecats,” which is a very insecure password!

Alternatively, long strings of complete sentences work well too! Examples include: “The horse’s mom climbed up the wall!” It’s a legitimate sentence so it’s easier to remember than random strings of characters, but it still contains upper and lowercase characters and symbols!

Always use a different password for every website.

2. Secure Your Recoveries!
Most recovery systems set us up to be hacked.. not on purpose, but it just comes down to poor design. Common recovery questions include:
  • ·         What is your maiden name?
  • ·         Where was your first honeymoon?
  • ·         What is the name of your home town?
  • ·         What was the name of your first school?
  • ·         Who is your best friend?

With everyone using social media sites and blogging about their lives, almost anyone can find out the answers to these questions in a matter of minutes. You probably posted about your honeymoon on Facebook, the name of your first school can easily be determined on social media sites or though a bit of research (discovering your home town and Googling to find elementary schools in the area), and your best friend might even be listed on your many social media profiles! See what I mean? This information is not safe. If someone wanted to get into your account, all they have to do is answer the recovery questions and those answers can easily be determined.

So how do we fix this? Treat each recovery question like another password.
Instead of answering the questions legitimately, submit your answer as another string of random numbers, letters, and symbols. 

So your recoveries might look like this:
  • ·         What is your maiden name?

              T+f4U3jTHn
  • ·         Where was your first honeymoon?

              4ijhg$k4DY
  • ·         What is the name of your home town?

             fb=KpsA99D

Now for websites you don’t care about and websites that do not have any sensitive or personal information stored (unlike online banking), you probably don’t have to bother with such extreme security measures. But for any websites you do care about, having secure recoveries can save your account.

3. Storing and Encrypting Passwords     

So you’re probably thinking, “I’m not going to bother with these security measures… I mean I’ve never had any problems before and this all just looks like so much effort. Besides, I won’t remember all these insane passwords and recoveries anyway!” That’s true, which is why we have a solution!

Remember when I said to never store your password information in a text file on your hard drive? There is another way to store your information! There are a handful of applications which will store and encrypt your password information. It’s the encryption that makes all the difference! I personally use 1Password.

This application is available for Mac, Windows, iPhone, iPad, and Android. It stores all of your password information (and you can optionally also store credit card information and notes) and then encrypts it. You choose one password to protect all of your other passwords. Then even if your computer is compromised, no one can access your list of accounts, passwords, and notes, unless they have access to the password you selected. So pick one password to protect all the others, and make sure it’s a strong, secure one! The application will also store install add-ons so you can log in to your website just by clicking the 1Password button and it will automatically submit your account details!

This is a great way to easily have multiple complex passwords but still keep yourself protected. The application also comes with a great random password generator to help you select passwords for your new accounts!

4. Protect Your Computer With Antivirus Software!

Keeping your actual computer safe is a huge part of internet security. Without it, your computer could get infected with viruses or keyloggers, or other malicious applications that can steal your personal information or completely destroy your computer. So install a good antivirus program and do a full scan (NOT a quick scan!) at minimum once a week. This website has some good antivirus reviews. The top two at the moment (according to that site) are Bitdefender and Kaspersky (which I use).

If you’re using Windows and just want something easy and free, at least download Microsoft Security Essentials. There are better options, but using MSE is better than using nothing!

5. Beware of Phishing and E-Mail Scams





We’ve all received unwanted spam e-mail, but sometimes these e-mails can be actual scams disguised as legitimate e-mails. People send out fancy looking e-mails imitating big websites like PayPal or Amazon, etc. Then at some point they ask you to click a link. It will look like this link leads to Paypal.com or Amazon.com, but in reality it will lead somewhere else and once you log on to this fake website, your password has officially been stolen.

Whenever you get an e-mail that’s asking you to click a link, always check the URL! You can do this by hovering your mouse over the link and checking the status bar at the bottom of your browser. The status bar will tell you where the link really leads.
For example:

A link may be disguised as leading to http://www.paypal.com but in reality it may lead to http://www.paypal-com.co or some other slight variation.
This has become an increasingly serious issue with smartphones in particular. Smartphones have smaller screens, which means less of the URL is displayed in the address bar, which makes hiding scam URLs even easier.

6. Use 2-Step Verification!




Whenever possible, use two-step verification. One example of where this exists is Gmail. You can optionally set up two-step verification which allows you to link your phone to your e-mail account. You can download a Google app on your smartphone, which will generate a one-time code for you to use. You will have to enter this code in order to sign into your e-mail account. What does this mean? It is impossible for anyone to access your e-mail account without also having your cell phone in hand! It is a fantastic layer of security that you should always take advantage of whenever possible!
Sunday, 4 January 2015
Posted by Unknown

Follow by Email

Total Pageviews

- Copyright © REDBACK COUNCIL - RISC -- Powered by Redback - Designed by Redback Council -