(Go: >> BACK << -|- >> HOME <<)
SlideShare a Scribd company logo

Who's that knocking on my firewall door?

Download as ODT, PDF
Bruce Wolfe
Bruce Wolfe

This document discusses various cybersecurity trends and threats non-profit organizations should be aware of in 2010, including malicious bots, bandwidth theft through malware, insecure hardware and software, social engineering attacks, and weak user passwords. It provides recommendations for spam filtering and access control lists, considers options like OpenID for centralized authentication, and emphasizes the importance of ongoing education to help non-profits securely manage their online resources with limited budgets.

1 of 3
“Who's knocking at my firewall door?” And, other sundry things to know for the non-profit hands-on CIO Security is like play putty these days; everything is malleable and every changing. How is a CIO or IT manager with limited experience in a low-budget nonprofit to keep up without breaking the bank? First off, for 2010, there are some security items you should be aware of as trends emerge. •Robots.txt...Ever see that file on your webserver? (Ro)bots (or spiders) are scripts or applications that search out information on the web. Search engines constantly scour the web for information using this method. The robots.txt file can be a powerful tool to exclude the search bots from reading/indexing your webpages. But, bots also are used by those nasty folks on the web that like to steal your information or trash your website. They are the basis for most cybercrime as they constantly will knock on your servers' door constantly without any user interaction. Bots are of those that constantly knock on our firewall door or seek our passwords to break into our “secure” portals and websites. •Where did my month's bandwidth allowance go? Malicious hacking of websites using SQL injections, open ports, poor permissions, etc., leads to malware installation. They get to use your server to meet their profitable needs. •Is my hardware secure? Well, really, the question is more about whether the operating system is secure. While Microsoft Windows still carries its woes on attacks, Macintosh, as a viable commercial product and now with Leopard on a near open source platform, proves it can possibly stay ahead of the malware infiltrators. Time will tell. But, you don't have to be brave anymore to play around with other operating systems. Try a flavor of Linux like Ubuntu or Linux Mint or the 20+ other distributions out there. Even Google's Chrome OS is a prime choice slated to be the next netbook OS of choice. •Software piracy. Careful about buying cheap software from unknown sources. They may be infected. Remember the malware scare about free downloads a decade ago. Well, it's back. •Social networking sites, yes, are the next and prime targets for cyber do-no-gooders. We recently saw this in the Google/China case where Chinese crackers (bad hackers) broke into activist Gmail accounts. Bad China country, bad. •Is it the wave or my surfboard that is muy mal? Malvertising and toxic web search results will be on the rise. Those poor newbie Luddites will have your day humming and your work queue crashing. Other platforms like Java and Flash could end up being the (once again?) culprits. Maybe it is time to invest in another operating system and migration now save your hair and fingernails. •Smartphones. Smart for you but dumb enough for the malicious hacker to inject all kinds of nice stuff in there. While Windows still is the most vulnerable, the other operating systems may “light” enough to also be affected eventually. It will be interesting to see how Apple's iPhone and Google's Android will evolve. •Hands-on hacking. There are reports all over the web that long-term plans for inside jobs maybe on the rise. (see http://arunaurl.com/3cd2) Check your new IT staff or contractors out very well. Getting referrals from known friends and colleagues may be the way to go even if it costs you a few bucks more. For more info, web search for: hacking “inside job” (As of late, the China/Google scandal commandeers at least the first three search pages. Click ahead for more variety.) •Cloud computing. A network cloud is just a collection of servers living out on the Internet providing various services much like how websites are served from a webserver but in a much larger scalable
fashion. Software as a Service (SaaS) are online applications that frequently live on cloud servers much like how you access your webmail account. The jury is still out on where and what it's evolving into but be assured if you're passing vital information constantly over the web to who knows where to be processed heavily on the cloud, someone will figure out how to 'wiretap' your line. •Clickjacking or User Interface (UI) Redressing. According to Wikipedia: “a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.” Get it?! For many of these issues, good spam/virus filtering is essential. At my organization, we use http://Zimbra.com's Collaboration Suite Network Edition which has a good configuration of SpamAssassin designed for it. But, I also use http://Death2Spam.net as an incoming mail filter proxy. In addition, ZCS has a robust access control list (ACL) management system to customize which staff gets access to what on a very granular level. It's fairly reasonable for a non-profit and works quite well. These and others are plenty to watch out for and educate yourself on but could take some semesters in studying to get comfortable with. I am a trained social worker and life coach besides being a self-taught computerist since 1976 on my Commodore Vic20. The promise of learning a trade yourself is true and can be realized if dedicated to it. Hooking up with a cohort or a group of like-minded folks that has each others' interests and backs to support is a great way to not only learn but to build, gain and exchange trust with your peers. I have 3 or more people (and discussion boards) I can contact at any time of the day (really!) when trouble arises to get an instant answer. Plus, there is always the trusty search engine. But, there is an even more basic, fundamental problem that only recently has information technology begun to tackle. This being passwords. This has got to be the most vulnerable access point for the majority of login instances ever. Think about it. You just finished six months of review and in the sandbox with a new open-source collaborative communications system for your office staff. A central oasis of tools, functions and widgets that will excel productivity for the organization. Comes with a speed server software, powerful spam/virus blocker, ample security, ACL in such granularity it will prevent an flea from accessing any feature and so on. You also invested in two rack-mounted dual quad-core w/ 16gb of RAM powerhouse “pizza boxes” to boot and a new router. You're cranked up and ready to go! You give your staff the pre-training, the pre-launch training and the on-launch training. You set them up with their profiles and temporary passwords that are already randomly hardened with a combination of numbers, capital letters and punctuation symbols. After logging in for the first time they are instructed to change their temporary password. But, as you make your rounds to check in on how they are doing, you oversee a few logging in with their dog's name, the name of the org, the current year and make of their car, or even their birthday which is now seen by the millions of Facebook, MySpace, Friendster, Tribe, Twitter and who knows what other social networking profiles out there! I have little hair left on my head but that is hereditary but for you it could be diagnosed as latent onset of Trichotillomania. I get my calm from 30 years of T'ai Chi practice. But, I digress.
There is an answer that could hold you over for the time being. Many web-based applications and SaaS products are beginning to adopt http://OpenID.net standards. This means one cryptic, difficult password for your staff to remember to log into many online websites. In fact, the password doesn't even get stored on the website and there is no way to trace it back. Yes, if there is keylogger malware that made it into a computer you could be tracked that way but this is a viable alternative. In addition, if you are a little more concerned (sorry cynics, this is way short of paranoia), keyed password certificates on a thumb drive could work, too. Security is always changing and evolving. It morphs this way and transmogrifies that way and reveals new cracks in the systems we use each and every day from our cellphones to ATMs to voting machines providing fertile ground for those with malicious intentions to infiltrate our data and productivity every day, if not, every second. It is not only a full time job but also though process gnawing at us with anxiety whether we are going to be the next victim of tampering. If you set up enough monitoring and preventive measures, even if you get a lot of port-knockers, any apparent breach will become very, very noticeable thus reducing your time in research as the culprit pops up on your screen or in a email notification, and in psychological therapy due to lack of sleep and excessive anxiety and delusional paranoia. There is no real protection anywhere in life. But, what you can do is prevent like learning a self-defense martial art by educating yourself enough and using powerful tools developed by trustworthy others that have direct meaning and service to your needs. Live long and prosper. ~ Spock Bruce M. Wolfe, has a masters degree in Social Work with an emphasis on Social Development and is the Chief Information & Technology Officer for http://MarinInstitute.org, an alcohol industry watchdog and president of vCampaign, Inc., developers of low-budget modern campaign websites. He is a 35+ year practitioner of a variety of martial arts of which most has been in the Chinese internal school.

More Related Content

What's hot

La pecera 3
La pecera 3La pecera 3
La pecera 3
technoteacher3
 
Hamza
HamzaHamza
Hamza
HamzaBaqee
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2
Joemer Mabagos
 
Hacking 09 2010
Hacking 09 2010Hacking 09 2010
Hacking 09 2010
Felipe Prado
 
Information security
Information securityInformation security
Information security
JAMEEL AHMED KHOSO
 
La Pecera 4
La Pecera 4La Pecera 4
La Pecera 4
technoteacher3
 
Computer Basics in the Work Place
Computer Basics in the Work PlaceComputer Basics in the Work Place
Computer Basics in the Work Place
Alan Simpers MBA M.ED
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
Umakant Mishra
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
Blake Carver
 
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systemsHacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
khalavak
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
Akiumi Hasegawa
 
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
richarddxd
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
leahg118
 
eForensics_17_2013_KMOKER
eForensics_17_2013_KMOKEReForensics_17_2013_KMOKER
eForensics_17_2013_KMOKER
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
peterhitch
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
forensicsnation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
forensicsnation
 

What's hot (20)

La pecera 3
La pecera 3La pecera 3
La pecera 3
 
Hamza
HamzaHamza
Hamza
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2
 
Hacking 09 2010
Hacking 09 2010Hacking 09 2010
Hacking 09 2010
 
Information security
Information securityInformation security
Information security
 
La Pecera 4
La Pecera 4La Pecera 4
La Pecera 4
 
Computer Basics in the Work Place
Computer Basics in the Work PlaceComputer Basics in the Work Place
Computer Basics in the Work Place
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systemsHacking the Company : Risks with carbon-based lifeforms using vulnerable systems
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
 
Password hacking
Password hackingPassword hacking
Password hacking
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
 
eForensics_17_2013_KMOKER
eForensics_17_2013_KMOKEReForensics_17_2013_KMOKER
eForensics_17_2013_KMOKER
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 

Viewers also liked

Modal Verbs
Modal VerbsModal Verbs
Modal Verbs
Emerson Macedo
 
Johnlocke 130212070222-phpapp02
Johnlocke 130212070222-phpapp02Johnlocke 130212070222-phpapp02
Johnlocke 130212070222-phpapp02
lesperlesnegres
 
Fibras alimentares e saúde
Fibras alimentares e saúdeFibras alimentares e saúde
Fibras alimentares e saúde
Priscila Cerqueira
 
για τη γιορτή της μητέρας
για τη γιορτή της μητέραςγια τη γιορτή της μητέρας
για τη γιορτή της μητέρας
guestae8b37d
 
Kant, el filòsof de la raó
Kant, el filòsof de la raóKant, el filòsof de la raó
Kant, el filòsof de la raó
lesperlesnegres
 
Assessing Skills: Aspire champ magazine Issue 12 March 2016
Assessing Skills: Aspire champ magazine Issue 12 March 2016Assessing Skills: Aspire champ magazine Issue 12 March 2016
Assessing Skills: Aspire champ magazine Issue 12 March 2016
Luke Gallagher
 
Understanding SaaS Concepts
Understanding SaaS ConceptsUnderstanding SaaS Concepts
Understanding SaaS Concepts
guest0e7119
 
Adjectives
AdjectivesAdjectives
Adjectives
Emerson Macedo
 
Fibras alimentares e saúde
Fibras alimentares e saúdeFibras alimentares e saúde
Fibras alimentares e saúde
Priscila Cerqueira
 
O βρασμένος βάτραχος
O βρασμένος βάτραχοςO βρασμένος βάτραχος
O βρασμένος βάτραχος
guestae8b37d
 
Indefinite pronouns Indefinite Compounds Every Some Any
Indefinite pronouns Indefinite Compounds Every Some AnyIndefinite pronouns Indefinite Compounds Every Some Any
Indefinite pronouns Indefinite Compounds Every Some Any
Emerson Macedo
 
Announcements
AnnouncementsAnnouncements
Announcements
St. Andrew's Lutheran Church
 
False Cognates
False CognatesFalse Cognates
False Cognates
Emerson Macedo
 
Concepcions filosòfiques sobre l’ésser humà´
Concepcions filosòfiques sobre l’ésser humà´Concepcions filosòfiques sobre l’ésser humà´
Concepcions filosòfiques sobre l’ésser humà´
lesperlesnegres
 

Viewers also liked (17)

Modal Verbs
Modal VerbsModal Verbs
Modal Verbs
 
Johnlocke 130212070222-phpapp02
Johnlocke 130212070222-phpapp02Johnlocke 130212070222-phpapp02
Johnlocke 130212070222-phpapp02
 
Fibras alimentares e saúde
Fibras alimentares e saúdeFibras alimentares e saúde
Fibras alimentares e saúde
 
για τη γιορτή της μητέρας
για τη γιορτή της μητέραςγια τη γιορτή της μητέρας
για τη γιορτή της μητέρας
 
Kant, el filòsof de la raó
Kant, el filòsof de la raóKant, el filòsof de la raó
Kant, el filòsof de la raó
 
Assessing Skills: Aspire champ magazine Issue 12 March 2016
Assessing Skills: Aspire champ magazine Issue 12 March 2016Assessing Skills: Aspire champ magazine Issue 12 March 2016
Assessing Skills: Aspire champ magazine Issue 12 March 2016
 
Understanding SaaS Concepts
Understanding SaaS ConceptsUnderstanding SaaS Concepts
Understanding SaaS Concepts
 
Adjectives
AdjectivesAdjectives
Adjectives
 
Fibras alimentares e saúde
Fibras alimentares e saúdeFibras alimentares e saúde
Fibras alimentares e saúde
 
6 felicitat i justicia
6 felicitat i justicia6 felicitat i justicia
6 felicitat i justicia
 
σρίκη!!!
σρίκη!!!σρίκη!!!
σρίκη!!!
 
O βρασμένος βάτραχος
O βρασμένος βάτραχοςO βρασμένος βάτραχος
O βρασμένος βάτραχος
 
Unitat 2 (2)
Unitat 2 (2)Unitat 2 (2)
Unitat 2 (2)
 
Indefinite pronouns Indefinite Compounds Every Some Any
Indefinite pronouns Indefinite Compounds Every Some AnyIndefinite pronouns Indefinite Compounds Every Some Any
Indefinite pronouns Indefinite Compounds Every Some Any
 
Announcements
AnnouncementsAnnouncements
Announcements
 
False Cognates
False CognatesFalse Cognates
False Cognates
 
Concepcions filosòfiques sobre l’ésser humà´
Concepcions filosòfiques sobre l’ésser humà´Concepcions filosòfiques sobre l’ésser humà´
Concepcions filosòfiques sobre l’ésser humà´
 

Similar to Who's that knocking on my firewall door?

Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Connecting Up
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
Pixel Crayons
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
xererenhosdominaram
 
Pentest trends 2017
Pentest trends 2017Pentest trends 2017
Pentest trends 2017
Jorge González
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security risk
K. A. M Lutfullah
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
Greg Stromire
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
Ashley Zimmerman
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
JFashant
 
Network Threats
Network ThreatsNetwork Threats
Network Threats
Dan Oblak
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programs
Ammar Hasayen
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
Service2Media
 
Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Control
morticelocksnational21
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
Mark Lanterman
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
parag101
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society
Sumama Shakir
 

Similar to Who's that knocking on my firewall door? (16)

Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Pentest trends 2017
Pentest trends 2017Pentest trends 2017
Pentest trends 2017
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security risk
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
Network Threats
Network ThreatsNetwork Threats
Network Threats
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programs
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
Prevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access ControlPrevent Strikes On Industrial And Civil Items Using Access Control
Prevent Strikes On Industrial And Civil Items Using Access Control
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society
 

Recently uploaded

WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
Larry Smarr
 
Lessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien RiouxLessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien Rioux
crioux1
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
BookNet Canada
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
UiPathCommunity
 
Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024
The Digital Insurer
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
Emerging Tech
 
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design ApproachesKnowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Earley Information Science
 
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum ThreatsNavigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
anupriti
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
Stephanie Beckett
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
anupriti
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Erasmo Purificato
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Chris Swan
 
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
uuuot
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
Larry Smarr
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
Vijayananda Mohire
 
5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx
SATYENDRA100
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
Margaret Fero
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 

Recently uploaded (20)

WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
 
Lessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien RiouxLessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien Rioux
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
 
Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
 
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design ApproachesKnowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
 
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum ThreatsNavigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
 
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
 
5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 

Who's that knocking on my firewall door?

  • 1. “Who's knocking at my firewall door?” And, other sundry things to know for the non-profit hands-on CIO Security is like play putty these days; everything is malleable and every changing. How is a CIO or IT manager with limited experience in a low-budget nonprofit to keep up without breaking the bank? First off, for 2010, there are some security items you should be aware of as trends emerge. •Robots.txt...Ever see that file on your webserver? (Ro)bots (or spiders) are scripts or applications that search out information on the web. Search engines constantly scour the web for information using this method. The robots.txt file can be a powerful tool to exclude the search bots from reading/indexing your webpages. But, bots also are used by those nasty folks on the web that like to steal your information or trash your website. They are the basis for most cybercrime as they constantly will knock on your servers' door constantly without any user interaction. Bots are of those that constantly knock on our firewall door or seek our passwords to break into our “secure” portals and websites. •Where did my month's bandwidth allowance go? Malicious hacking of websites using SQL injections, open ports, poor permissions, etc., leads to malware installation. They get to use your server to meet their profitable needs. •Is my hardware secure? Well, really, the question is more about whether the operating system is secure. While Microsoft Windows still carries its woes on attacks, Macintosh, as a viable commercial product and now with Leopard on a near open source platform, proves it can possibly stay ahead of the malware infiltrators. Time will tell. But, you don't have to be brave anymore to play around with other operating systems. Try a flavor of Linux like Ubuntu or Linux Mint or the 20+ other distributions out there. Even Google's Chrome OS is a prime choice slated to be the next netbook OS of choice. •Software piracy. Careful about buying cheap software from unknown sources. They may be infected. Remember the malware scare about free downloads a decade ago. Well, it's back. •Social networking sites, yes, are the next and prime targets for cyber do-no-gooders. We recently saw this in the Google/China case where Chinese crackers (bad hackers) broke into activist Gmail accounts. Bad China country, bad. •Is it the wave or my surfboard that is muy mal? Malvertising and toxic web search results will be on the rise. Those poor newbie Luddites will have your day humming and your work queue crashing. Other platforms like Java and Flash could end up being the (once again?) culprits. Maybe it is time to invest in another operating system and migration now save your hair and fingernails. •Smartphones. Smart for you but dumb enough for the malicious hacker to inject all kinds of nice stuff in there. While Windows still is the most vulnerable, the other operating systems may “light” enough to also be affected eventually. It will be interesting to see how Apple's iPhone and Google's Android will evolve. •Hands-on hacking. There are reports all over the web that long-term plans for inside jobs maybe on the rise. (see http://arunaurl.com/3cd2) Check your new IT staff or contractors out very well. Getting referrals from known friends and colleagues may be the way to go even if it costs you a few bucks more. For more info, web search for: hacking “inside job” (As of late, the China/Google scandal commandeers at least the first three search pages. Click ahead for more variety.) •Cloud computing. A network cloud is just a collection of servers living out on the Internet providing various services much like how websites are served from a webserver but in a much larger scalable
  • 2. fashion. Software as a Service (SaaS) are online applications that frequently live on cloud servers much like how you access your webmail account. The jury is still out on where and what it's evolving into but be assured if you're passing vital information constantly over the web to who knows where to be processed heavily on the cloud, someone will figure out how to 'wiretap' your line. •Clickjacking or User Interface (UI) Redressing. According to Wikipedia: “a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.” Get it?! For many of these issues, good spam/virus filtering is essential. At my organization, we use http://Zimbra.com's Collaboration Suite Network Edition which has a good configuration of SpamAssassin designed for it. But, I also use http://Death2Spam.net as an incoming mail filter proxy. In addition, ZCS has a robust access control list (ACL) management system to customize which staff gets access to what on a very granular level. It's fairly reasonable for a non-profit and works quite well. These and others are plenty to watch out for and educate yourself on but could take some semesters in studying to get comfortable with. I am a trained social worker and life coach besides being a self-taught computerist since 1976 on my Commodore Vic20. The promise of learning a trade yourself is true and can be realized if dedicated to it. Hooking up with a cohort or a group of like-minded folks that has each others' interests and backs to support is a great way to not only learn but to build, gain and exchange trust with your peers. I have 3 or more people (and discussion boards) I can contact at any time of the day (really!) when trouble arises to get an instant answer. Plus, there is always the trusty search engine. But, there is an even more basic, fundamental problem that only recently has information technology begun to tackle. This being passwords. This has got to be the most vulnerable access point for the majority of login instances ever. Think about it. You just finished six months of review and in the sandbox with a new open-source collaborative communications system for your office staff. A central oasis of tools, functions and widgets that will excel productivity for the organization. Comes with a speed server software, powerful spam/virus blocker, ample security, ACL in such granularity it will prevent an flea from accessing any feature and so on. You also invested in two rack-mounted dual quad-core w/ 16gb of RAM powerhouse “pizza boxes” to boot and a new router. You're cranked up and ready to go! You give your staff the pre-training, the pre-launch training and the on-launch training. You set them up with their profiles and temporary passwords that are already randomly hardened with a combination of numbers, capital letters and punctuation symbols. After logging in for the first time they are instructed to change their temporary password. But, as you make your rounds to check in on how they are doing, you oversee a few logging in with their dog's name, the name of the org, the current year and make of their car, or even their birthday which is now seen by the millions of Facebook, MySpace, Friendster, Tribe, Twitter and who knows what other social networking profiles out there! I have little hair left on my head but that is hereditary but for you it could be diagnosed as latent onset of Trichotillomania. I get my calm from 30 years of T'ai Chi practice. But, I digress.
  • 3. There is an answer that could hold you over for the time being. Many web-based applications and SaaS products are beginning to adopt http://OpenID.net standards. This means one cryptic, difficult password for your staff to remember to log into many online websites. In fact, the password doesn't even get stored on the website and there is no way to trace it back. Yes, if there is keylogger malware that made it into a computer you could be tracked that way but this is a viable alternative. In addition, if you are a little more concerned (sorry cynics, this is way short of paranoia), keyed password certificates on a thumb drive could work, too. Security is always changing and evolving. It morphs this way and transmogrifies that way and reveals new cracks in the systems we use each and every day from our cellphones to ATMs to voting machines providing fertile ground for those with malicious intentions to infiltrate our data and productivity every day, if not, every second. It is not only a full time job but also though process gnawing at us with anxiety whether we are going to be the next victim of tampering. If you set up enough monitoring and preventive measures, even if you get a lot of port-knockers, any apparent breach will become very, very noticeable thus reducing your time in research as the culprit pops up on your screen or in a email notification, and in psychological therapy due to lack of sleep and excessive anxiety and delusional paranoia. There is no real protection anywhere in life. But, what you can do is prevent like learning a self-defense martial art by educating yourself enough and using powerful tools developed by trustworthy others that have direct meaning and service to your needs. Live long and prosper. ~ Spock Bruce M. Wolfe, has a masters degree in Social Work with an emphasis on Social Development and is the Chief Information & Technology Officer for http://MarinInstitute.org, an alcohol industry watchdog and president of vCampaign, Inc., developers of low-budget modern campaign websites. He is a 35+ year practitioner of a variety of martial arts of which most has been in the Chinese internal school.