The fun stuff...

We're starting to get into the fun stuff now in my security class. Some of the topics we've just covered are: wardriving, WEP/WPA wireless encryption, spoofing, phreaking, and some p2p as well.

Out of everything we learned I was hit the most by something I thought I already knew. I've been using WEP on my network for years, I just chose it at random. I honestly didn't know the difference or which protocol was better, but from what I read WPA is more secure at this point. I'll be switching to WPA right away. My laptop isn't here at the moment, so I've taken a screen shot of a segment of my wireless router configuration page. I'd take a bigger screen shot with more information, but then I'd be handing out sensitive information which would go against the purpose of this blog. ;)



I watched a CBS video that maps it out pretty well, it's very informative.
Here's the video that discusses wardriving, the issues of WEP, and tells an interesting story about how some people stole tons of data from TJ Maxx a few years ago.


I learned years ago not to mess with programs like KaZaa. Not even so much for the legality issues but the corrupt files/viruses. Much of the music I would download was fake or something, it was very annoying. Not to mention, p2p is an excellent way to propagate viruses/worms.

Information Security Awareness Contest

Cyberwatch is having a contest poster/video contest. The idea is to submit a poster or video that raises awareness about information security issues. Whoever wins gets exposure of their creative work, and there are cash prizes as well. It's a very cool and educational contest that I'm excited to be apart of.

Here's a quick quote from Cyberwatch and what they are all about.

"The CyberWatch mission is to increase the quantity and quality of the information assurance (that is, cybersecurity) workforce."

For this assignment I will be working with two other people to create a video or poster to enter in the contest. So far we are undecided on the topic because the third member of our team is MIA. So far, the topic choices we've discussed include social engineering, securing data/information, and phishing/pharming. I'm not sure what the third member of the team might want to do, so we will still have to decide on that.

My ideal choices would be securing data/information or social engineering. I find both topics to be extremely fascinating.
Here's a video explaining social engineering and some experiences from one of the most famous social engineers Kevin Mitnick.

"The weakest link in the security chain is the human element" - Kevin Mitnick

I wish I knew what I know now...

My experience...

Over the years I have (unfortunately) experienced infections from various computer viruses. The positive side is that I've learned from my experiences with viruses and the like. One thing that I think is important to realize is that there is no way to be completely secure from any of these threats. No matter how much money you hand Norton or any other security company, you are not completely safe from computer threats. Anti-Virus and other security software is a preventative measure, or a tool used to remove infection once it's found.

The world of security threats is ever-changing and growing, and for every threat out there, there is a period of time before the Anti-Virus/Security companies are even aware of it's existence. During this time, the threat is able to run rampant, as no security suites are able to detect it. Strangely enough, most of the times I've been infected have not been from a newly released security threat, but one that has been out for years. No security program I've ever used has completely covered my back. In fact, most of the times I've been infected, I had some sort of acclaimed anti-virus installed and up to date.

Practical Application...

With all that being said, I still think it's a good idea to have security programs as a line of defense. I now make sure all of my computers have anti-virus with up to date definitions, and I usually will have a couple other programs to supplement them like Spybot or Malware Bytes. The biggest lesson I've learned is probably to exercise more intelligence and caution when navigating the internet. Many infections could be avoided by being more cautious of what links you click on, or what files you execute. Many infections spread through going to shady websites, or through file sharing programs. One my strongest recommendations for safe browsing would be to use an add-on for Firefox called Noscript.

"The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser. "

Don't fall victim to anti-virus scams

Here is a video from Symantec regarding fake anti-virus programs. These are very popular these days and trick many unsuspecting people into thinking they are paying for a real product that is keeping them safe. This video underlines the importance of having some legitimate security software to block threats like this.



I'm currently using a free anti-virus program called avast! Antivirus. I just decided to try this program a few weeks ago, so it's difficult to form an opinion on it's performance. I'm pleased with it so far, but I haven't used it long enough to compare it to others. Previously, I've used AVG for years. I choose between these two programs because of one main reason: they both have free versions.AVG treated me well over the years, but I've also been infected and had AVG not detect it (even when it was an extremely old threat). Because of this, I decided to give avast! a shot. Here's a screen shot of avast's real time file shield.
http://screencast.com/t/a2ZuwPi9W

Another handy tool when you're infected would be System Restore. This is a function built into Windows from ME to Windows 7. This feature allows you to restore your system back to an earlier date before everything went haywire. Here is a screen shot of my System Restore dialog.