Saturday, December 28, 2013
India InfoSec Gallery..: In India - ATMs to be shut down at night
India InfoSec Gallery..: In India - ATMs to be shut down at night: Incredible India! Incredible Indian people who run this country - they just morph into nincompoops when thinking about the country's...
Saturday, November 30, 2013
Countermeasures against Social Engineering
Countermeasures against Social Engineering
Social Engineering : According to Wiki “Social Engineering is the act
of manipulating people into performing actions or divulging confidential
information, rather than by breaking in or using technical cracking
techniques.”Social Engineering is not a new thing at all it’s the art of lie
and to get confidential information to access/Hacked into System.
Social Engineering attacks are one of the hardest threats to defend
against because they invole the human element.
à Be suspicious of unsolicited phone calls,
visits, or email messages from individuals asking about employees or other
internal information. If an unknown individual claims to be from a legitimate
organization, try to verify his or her identity directly with the company.
àDo not provide personal information or
information about your organization, including its structure or networks,
unless you are certain of a person's authority to have the information.
àDo not reveal personal or financial
information in email, and do not respond to email solicitations for this
information. This includes following links sent in email.
àDon't send sensitive information over the
Internet before checking a website's security (see Protecting Your Privacy for
more information).
à Pay attention to the URL of a website.
Malicious websites may look identical to a legitimate site, but the URL may use
a variation in spelling or a different domain (e.g., .com vs. .net).
àIf you are unsure whether an email request is
legitimate, try to verify it by contacting the company directly. Do not use
contact information provided on a website connected to the request; instead,
check previous statements for contact information. Information about known
phishing attacks is also available online from groups such as the Anti-Phishing
Working Group (http://www.antiphishing.org).
Other Important Points are :
IT
Security and other Units
Physical and IT security personnel often
have an uneasy and distant relationship, even in institutions
where they share a common node of the
management tree.
• IT
personnel should at least understand the need for physical controls and have some involvement
in the physical securing of IT equipment,
especially when sophisticated technical controls such as handheld authentication devices are employed.
• Non-IT
security people need at least a basic understanding of how IT
hardware hangs together in order to appreciate
where the weakness are: not only in terms of sabotage, theft and espionage,
but even in terms of accidental damage. In many cases, they’ll be the first line of defence against breaches of the
physical perimeter.
General
Education
General
users should not be expected to become security experts. Indeed, it’s
unrealistic to expect them to be particularly
IT-literate beyond the requirements
of their work. This makes the quality
of the educational and other resources
available to them particularly important,
not only in terms of accuracy
and
pertinence, but also accessibility.
Training and first-line documentation should be as brief and clear as possible, but more detailed resources should be available and
known to be available. In particular, such documentation
should make as few assumptions as possible about
the technical knowledge of the reader: unfortunately,
this is not always consistent with the equally pressing requirement that it should be as short as possible.
Risk Analysis
I hope
I’ve convinced you that social
engineering is a significant threat. However, it’s seriously under-documented, and committing major resources to deal with a threat many
people have never heard of or
considered is not always easy. This paper gives some background, but useful statistics are scarce: I can’t point you to a survey which tells you how much a year social engineering costs the
‘average’ organization. Statistics
on security breaches in general are easier to
come by, but they don’t tell
you how much use individual intruders
made of social engineering, so you
have to approach it from the other
end: gathering information on how
vulnerable you are to this threat,
and what measures are available
to counter it.
Security Policies
and Insurance Policies
Security is a cost centre.
Like fire insurance, it’s a large expense set against
the risk of an attack which may never
come, though with social engineering
it’s probably truer to say that such attacks are frequent, but not necessarily recognised as such. Security policies
aren’t popular: they take time to
put together properly and are of no
practical use without a realistic educational
program to back them up.
Hope this will be helpful for your organisation and for you to stay away from Social Engineers.
Paper on Smart Grid Security | ClubHack 2012
Smart Grid Security by Falgun Rathod from ClubHack
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
I am sure This Paper can be useful to various Researchers and Students for their Projects.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
I am sure This Paper can be useful to various Researchers and Students for their Projects.
Tuesday, March 5, 2013
Elites Hub - Unique Concept of Training
Few Years ago when i was taking Training from Private Institution I came to know there are hundreds of Institutes available who are into providing Training on the Same Subjects in Market but no Institute or Company was providing the best guiding Training and Path oriented Training to students they are just making profit out of student's Fees, I met Aakash and Shridhar in November 2012 He told me about the Project Elites Hub on First Half I was easily convinced by him as this was the idea and project specially designed for the bright future of Students . Let me Introduced this Project here in detail.
We have the most Unique Training Programmes we also aim to provide in World Class Training at India as we believe in Research, Quality, Excellence, Imagination and developing self assessment in learning with Path Oriented Knowledge at Elites Hub. Our Course Includes Industry and Academic Tasks and Research Papers topics made and designed by Team of Experts.
We are Elites, the best in our categories, providing unique training programs under one roof, i.e. creating a Hub for Professionals. More specifically we breed professionalism into the bloods of our trainees and thus we say we are breeding professionalism.
We Provide Training on following
A) Web Development
B) Mobile Application
C) Cyber Security
D) Embedded/Robotics
Best Feature from our side :
A) Office Infrastructure
B) R&D Center
C) Accommodation
D) Meals
E) Weekend Outing
for more info and to get enroll to Study under Experts of Industries mail us now on contact@eliteshub.com or call on +919824435293 or login to - http://www.eliteshub.com
We have the most Unique Training Programmes we also aim to provide in World Class Training at India as we believe in Research, Quality, Excellence, Imagination and developing self assessment in learning with Path Oriented Knowledge at Elites Hub. Our Course Includes Industry and Academic Tasks and Research Papers topics made and designed by Team of Experts.
We are Elites, the best in our categories, providing unique training programs under one roof, i.e. creating a Hub for Professionals. More specifically we breed professionalism into the bloods of our trainees and thus we say we are breeding professionalism.
We Provide Training on following
A) Web Development
B) Mobile Application
C) Cyber Security
D) Embedded/Robotics
Best Feature from our side :
A) Office Infrastructure
B) R&D Center
C) Accommodation
D) Meals
E) Weekend Outing
for more info and to get enroll to Study under Experts of Industries mail us now on contact@eliteshub.com or call on +919824435293 or login to - http://www.eliteshub.com
Wednesday, January 30, 2013
Welcome to the Era of Hacking, Total Exposure
We are asleep in a world of dreams and nightmares, both of which we live daily, and both of which need to be controlled by someone, for that is the joy of those people who pull the strings. If just one of us opens our eyes and sees through the cloud of deception that is placed before everyone’s eyes, then the dream is dispelled and we acknowledge the farce and fallacies around us for what they are and we see the “sheeple” just following blindly along....so many things I have seen, just in the last few days...I just have to shake my head and turn a blind eye sometimes...nothing to do but write....
In a “cyber-war”, where is the enemy? The investigating agencies, be it FBI or the CBI, would just love to know that hackers have managed to positively identify which sites belong to those responsible for the terrorist attacks. Even if they could be identified, attacking them could destroy crucial evidence. Blindly attacking sites perceived to be vaguely Arabic is just plainstupid (or at least not a sign of a true genius). Attacking sites of people who aren't even remotely involved to vent emotions is even more moronic.
Hacking is morally and ethically wrong, an offense against various governments in the world. You can see how hacking has changed from 1878 to the present day and how quickly it is becoming more of a threat to everyday life. This is due to the fact that many homes and businesses use computers placing themselves at a risk of getting hacked.
At last, I would like to say “WAKE UP INTERNET WORLD!” Security systems all over the globe are threatened and very few seem to understand what is happening. If the CEO’s, Administrators, Presidents, and other heads of businesses and governments aren’t demanding that their IT departments are re-evaluating their security systems, then they deserve everything the hackers give them.
Hacking is here to stay. It will not go away quietly. It will not be eliminated. If a software engineer can write a security program believe me when I say a hacker can breach it.
It’s hard to imagine a world without computers, mobile devices or the Web. Cyber criminals and malicious hackers know just how important these tools are to not only work, but everything we do in our personal lives as well.
And because we rely on them so heavily, they are a prime target for attack. Viruses and other malware used to attack computers, networks and websites has changed over the years. Initially, these malicious programs were written to be mischievous. While destructive in nature, they did not have the same intent and outcome that malware does today. Nowadays, cyber criminals stand to make hundreds of thousands of dollars from malware. Unfortunately, there are just too many strains of malicious software out there for each one of them to make the news like they did in the old days.
As we watch many movies in which hackers just type a code and any computer get hacked, for many people, this is like a fake thing in real it happens.
The reasons why Hackers hack can be motivated by different agendas, such as malicious intent, for the challenge, or for profit. Whatever their motivations, they are a chronic pain the butt and website owners must be constantly on guard or run the risk of their sites going down, and experience loss to their business and/or business reputation.
To some, hacking is just an amusing game or challenge just to prove how smart you are. A trait that most hackers share is a strong sense of curiosity. They pride themselves on their ability create new programs. They brag to their social circle about any high-profile system that they've hacked. You can employ more security measures to protect your computer system e.g. Firewalls, anti-spyware, anti-viral etc., but these types of hackers just find it more of a challenge to defeat these security defenses and your computer crashing is just another trophy on their hacker shelf. Yes these types of hackers are annoying but the ones you really need to worry about are the hackers who hack for profit - your criminal hackers.
By now corporations and governments worldwide have taken notice that their security systems are at risk. Well, sort of. There is still an arrogance and attitude of “it couldn’t happen to me.” In the meantime, hackers all over the globe are getting into everything from email to top secret documents.
It doesn’t surprise a specialist in the Information Technology field that the heads of corporations like Sony and government agencies like NASA have been slow on the uptake. For too long these people have been driven by greed and have acted with total impunity.
No more. Because internet security has become the number one target of organized groups like Anonymous or 13 year old boys fooling around on the computer, every government, business, corporation, and personal computer is at risk.
And, the conundrum for everyone is that if you can write a security program, someone can hack it. One doesn’t think it will be out of business soon because some government agency or billion dollar corporation thinks it can outsmart the techies of the world. No, the real issue is how are institutions going to process information, secure and public that cannot be hacked into?
Technology advances in storage and computing models (e.g. cloud) have made it possible for modern companies to save massive amounts of data about their customers and partners. These increasingly large stores of information can provide insights that improve marketing efforts, help refine product offerings or even enable completely new service/product lines. However, the data also makes these organizations more attractive to attackers. Last year, the number of data breaches due to hacking exceeded lost and stolen laptops for the first time; hacking was responsible for 83 percent of the total exposed records in 2011. The impacts of a data breach can be significant – lost time, revenue and reputation. However, the stakes may be becoming even higher.
Every era has had a name and this era is going to be named the Era of Hacking. This is the era when the dishonest and corrupt are being caught with their pants down and their phony financial reports exposed. The hero’s of our world will no longer be gold star generals or presidents but faceless hackers with a weapon called the keyboard.
Source - http://krishnan1983.blogspot.in/2012/08/hacking-in-todays-world.html
Thanks to S. Krishnan Sir....
Subscribe to:
Posts (Atom)