(Reuters) – The U.S. Secret Service refused to provide data on its computer security systems to the Department of Homeland Security in 2014, preventing it from being able to verify if it was complying with security policies, an inspector general’s report said on Monday.
The service, which has faced withering criticism after several security lapses including a White House breach in September, “refused to comply with mandated computer security policies,” according to the report by the DHS inspector general.
The review also said DHS agencies were not doing enough to protect computer systems from such high-risk bugs as Heartbleed, which allowed hackers to spy on computers but not take control of them.
The report said FEMA and the U.S. Citizenship and Immigration Service still use the Microsoft Windows XP operating system, which may be vulnerable to hackers and that Microsoft stopped providing software updates for in April.
“DHS has worked to improve and secure its vast IT resources,” said Inspector General John Roth. “But those improvements can only be effective if component agencies fully adhere to the rules and DHS management vigorously enforces compliance.
“Failure to do so will pose a serious threat to DHS and its Homeland Security missions.”
The inspector general’s office said the Secret Service has agreed to begin providing the required data to the DHS chief information officer. It made six recommendations to improve security, which the department accepted.
Homeland Security combined 22 different federal departments and agencies into one when it was established in 2002.
(Reporting by Doina Chiacu; Editing by Andrew Hay)
Photo Courtesy of: http://www.flickr.com/photos/instantvantage/
This term is used quite a bit in cyber security, it is the use of multiple security principles and countermeasures to protect information and assets within a organization. I think this same thought can be used for parents, we can use multiple tiered counter measures to help secure our kids safety online. Let’s start at the perimeter of our home’s Internet connection, the Router that was provided by your Internet provider. One way to keep all the devices safe is to use a Kid friendly DNS service, such as Open DNS’s parental control offering, basically we setup the OpenDNS servers on our router, and the settings will be effective for every device in our network, such as computers, tablets, Xbox, PlayStation, Wii etc.
This service will also block adult Web sites without messy configuration changes. Let’s move further down the chain. For our computers, we definitely want to use a “smarter browser” such as Google Chrome or Mozilla Firefox and add key free plugins that will block any inappropriate sites to our kids. If your home computer is a Mac or Windows, create a separate account for your kids, and enable parental controls on that account, this way you can limit the time they spend on the Internet, filter a list of words you do not want them to see, filter the sites that your kids can visit and a lot more. For personal devices such as iPads and android tablets, turn on restrictions on the devices so you can disable safari and YouTube, turn off app downloads, and turn off In-App purchases.
And incase you do need to install a particular app for your kids, install them via iTunes instead of on the device. On a android tablet or phone, I generally use a restricted profile (kitkat 4.4) or “Kid’s Shell – safe launcher” and create a separate account for my son, this way I can add specific apps that I want him to have access to and remove any that are not suited such as settings, notifications or any social media applications. Another really solid application that I rely on is called Mobcip, It is known as a parental software for all mobile devices as well as our computers. We create user profiles for our kids using their online interface and a management login that we use. We can monitor what apps are being used the most, view browsing history, set time limits, and custom filters, it is a really robust piece of software.
I hope these quick tips help you childproof your devices and computers, please check out other Cyber Security Tips for Parents
Article Source: http://EzineArticles.com/?expert=Vinny_Sinbad
For most companies, it is part of their protocol to back up important business documents. What is the sense of keeping two or more copies of the same file when it only adds to your costs?
Most computer experts would argue that a back up is done not only because its part of the standard procedure, but because it ensures the safety and integrity of your files. What if someone hacked your computer and modified its contents? How can you retrieve your original data without a backup? Also, there is a possibility of your computer being infected with a virus. Without a back up, you might not be able to continue your work, or worse, you’ll start again from scratch.
What to Back Up
It goes without saying that you should back up all the important files in the computer. Here are some examples.
* Documents, music, pictures and videos. Your documents in school or work, your favorite mp3s, your childhood memories stored in pictures, or your latest downloaded series: whatever personal file it is, keep a copy of it.
* Application settings and program installers. In case of a virus or a system crash, you can easily reinstall your frequently-used programs through these files.
* Bookmarks. If you have a list of websites that you visit daily, better back it up.
What Not to Back Up
* Not every file in your system needs to be backed up, such as the ones listed below.
* Windows operating system. If your operation system gets corrupted, you can reinstall it anyway. So why bother backing them up?
* System files. Likewise, you can get the system-related contents of your local drive upon reinstallation.
* Program files. You can also reinstall your programs so you don’t need to duplicate its folders in another place.
* Internet cache. Although these data may help you load web pages faster, you don’t need this. Your browser can just download these small files again once you access the webpage.
Where to Back Up
It is a matter of preference on where you want to back up your documents. There are three different areas which you can choose as your backup locations.
Local backup. This refers to another physical drive apart from your PC. Of course, the essence of backing up your files is that you will have a reserve copy of your data in case something bad happens in it. Therefore, creating a backup in the same location defeats the purpose of this process. As such, the most popular avenue for backups is through external drives or in a drive in another computer.
Online backup. During the dial-up days, backing up online is considered to be time consuming and expensive. Fortunately, with the level of internet speeds today, this has become a practical option for a lot of reasons. First, your file isn’t stored in a physical hardware, which can get corrupt. Also, an online backup removes the risk of losing your data from device theft. Thus, you don’t have to worry too much on finding your stolen computer as you have a backup online.
System imaging. You can also back up your system as well. This process is called system imaging. Unlike in a file backup where the backup location should be different from the actual file, in system imaging your computer creates a copy of your system in your drive. As such, you can completely restore your system in case it crashes. However, the only limitation is that you need to have a considerable amount of disk space in order to perform this process.
When to Back Up
You may not know when accidents will happen so it is better if you can back up your files daily. This is pretty much easy if you are using online backup, especially if you are configured to be on auto-sync with an online database. On the other hand, if you are using a local storage such as an external drive to store data, you may have a hard time sorting all your folders for new files. To make this process easier, you can just back up only your most important files on a regular basis. All the other files get another treatment; they can be backed up every month or so, depending on their size and importance.
As a saying goes, “Prevention is better than cure.” Don’t wait for your precious files to be damaged or deleted before you create a back up. And now that you’re well-equipped with the basics of backing up, you should start this process immediately.
The government is promising to make your credit cards more secure. In fact they are going to require that every card have an embedded chip built-in by fall of 2015. The goal is provide better security than the old swiping method and hopefully avoid the problems of fraud caused by hackers at Target and other retailers. The old swipe machines will eventually be laid to rest. So sometime probably after October, 2015, retailers will be liable for fraudulent purchases as a result of using one of the older swiping devices. Every other economic power nation uses these chip cards, the U.S. is the last to come online. Why? Credit cards companies have fought this due to the pricier expense of card production. Payment terminals are also costly to upgrade causing retailers to turn the other cheek. The complexity of the entire U.S. credit card system is also an area of concern as the two main credit card players, Visa and Mastercard, are interfaced between retailers seeking easy transactions and banks seeking secure transactions. While adoption of chip cards has slogged along, fraud in the U.S. has risen. Those magnetic stripe cards, in use in the U.S. since the 1970s, are easy to clone. According to a report from BI Intelligence, The U.S. accounted for 51% of global payment fraud costs in 2013. The cost of U.S. payment card fraud grew by 29% in 2013, from $5.5 billion in 2012 to $7.1 billion last year. Experts claim the chipped cards will make it all safer. Three firms have combined for the most widely used chipped card called “EMV”, representing those that developed the technology Europay, Mastercard and Visa. EMV cards include a microchip that creates single-use codes for every transaction instead of relying on the card number, making the data useless if it’s stolen. Some experts believe these this technology could cut some form of credit card fraud in half. Citing a United Kingdom study, a research firm, Aite Group, said following chip card adoption, counterfeit card fraud dropped in the U.K. to $67 million in 2013 from a whopping $151 million in 2004. Fraud from lost and stolen cards also dropped by a third during the same period. So how are the chip cards used? One way is to require buyers to enter a passcode personal identification number or PIN after the chip has been read. This effectively protects them from both counterfeit cards and the use of lost and stolen cards. The other type of transaction reads the chip, but then asks for the signature. A little like what we have today without the magnetic stripe. It appears the chip and sign method is what the U.S. will use first. Walmart is first on-board, currently the only major retailer accepting chip cards in its stores. Square has announced they are launching new technology that will use the chip and sign methodology on mobile devices, a boost for retailers. Some however believe thieves will adjust to this quickly and fraud will occur at current levels. Until the PIN and chip method are fully in place, don’t expect to feel fully secure from credit card fraud. Experts believe it could take several years for this system to be put in place unless another major breach occurs and consumers start screaming for a major change. George Rosenthal is a founder and partner with ThrottleNet Inc.. ThrottleNet offers an array of technology services and products to help business owners achieve their corporate goals and accelerate business growth. These include cloud computing, custom software and mobile application development, and outsourced Managed Network Services which helps companies improve their technology uptime and IT capabilities while, at the same time, reduces costs.
Article Source: http://EzineArticles.com/8818285
Photo courtesy of: Jarmoluk
It’s another Monday morning at the office, you’ve just turned on your computer and logged in – all of a sudden you start to notice that your “Home Page” is changed, your computer is very slow and finally, the internet connection is extremely slow…. Your IT Network has just been Hacked!
Security in the workplace has been an issue for years yet something commonly thought of as “internal security” such as cameras and locked doors. Today the world has grown and evolved into a computer-driven technology, providing innovative e-criminals the opportunity to take advantage of this situation and they are benefiting from your lack of network security knowledge and use of older technology. Now more than ever, there are important types of security needs such as Firewalls, Network Lockdowns, Key Fobs, Passwords, and so on, that are needed to secure a company’s sensitive records, financial information, and their basic lifeline to keep them in business.
Some businesses don’t know what they’re exposing themselves to, but with an “opened port” on a firewall or router leading to their database or “hole” in the network, the world is able to look at your sensitive material without you even knowing until it’s too late.
Last month a new company signed on with Libra IT for simple “network support” because they felt their old IT provider was not giving them the patience they feel they deserved. When our engineer did a network audit we noticed that the tape backups have not been successful in over 2 months! With that alone, a red flag should have gone up. More problems were found… much more! Every port on the firewall was open allowing anyone into the server which nullified the purpose of the firewall entirely.
And to add misery to suffering… Half the staff knew the Administrator Password!!! (Simple passwords are not enough… did you know that the most common password used today is “password” and the second most common is “admin”? Many users have half a dozen passwords to remember which is why the most common password is ‘password.’ The usual solution is to write it down. But how secure is that?) This oversight allowed anyone into the system to change, delete or add anything they wanted… what if one of these people became a “disgruntled employee” later down the line? Finally, we stumbled upon another serious issue that could have been disastrous… After the previous IT person was “dismissed” they were trying to hack into the system using “old employees passwords” (which worked) and decided to try and delete files as well as “hide” mistakes he made. Luckily we tracked everything they did by backing the system up successfully in case anything like this happened!
Makes you wish we could go back to the old days when we had a safe with paperwork in it or a filing cabinet with a lock on it that held our business’s most prized possessions. Today, this information is resting in your servers, network to the staff, and then on the internet for fast and easy day to day operations bringing business to what we once called “The future of doing business”. With this new system that has treated us well in the past decade or so, we have neglected to see what other possibilities are growing out there such as network hacking, malicious script sent through email in the form of humor from a trusted source, which destroys our data or even worse, a complete breakdown of our network and loss of all information.
Another item I wanted to touch upon was something I stumbled upon last month when a new client came on board and asked simply if we could upgrade their server. The company in this situation changed their IT Firm service to us because they felt like they were not getting the service they needed and wanted more experienced engineering in their technical arena.
When this high security Financial company signed on we had no idea what we were about to stumble on! If you look at some URLs you will notice most of them start with an http:. But then you come across the “secure connections” used by companies like financial or legal institutions which look like this http: where the “S” is to signify that it’s a secure site and no one can get in unless authorized with log in and password. What this financial company didn’t know was that their “secure site” was in no way shape or form secure! Here’s how the previous IT firm did it… To cut corners, their previous IT Firm decided to send all “secure traffic URL” to one web-server housing the main page under the URL https: but then translated this to simple http: to retrieve the requested “financial data” for the client from another server (being the data storage server). The traffic is then sent back to the first server which once again translated the http: to https: to again make it look secure! The information was finally sent to the client unbeknownst to them that their personal financial data has no security whatsoever. This was immediately rectified and security was finally restored but with a lesson… when you have security implemented into your network, get certificates of authentication for your records or you may find that you too are exposed to the world of hackers and prying eyes.
Article By: Joe Miljan
Sign up today for free & stay current with local IT news.
