The Domain Name System is needed so that networked machines can communicate with each other.  Machines use a unique IP address to identify one another much the same way a street address is used to locate a business or home.  However, people like words such Google, Yahoo, or YouTube instead of a difficult to remember IP address, like 67.13.142.130, which is easier for a machine to understand.   Domain name servers are used to convert names to their corresponding IP address and vice versa.

The DNS system is a massive database with billions of domain names and IP addresses.  The system handles billions of requests everyday as people surf the internet, send email, a create new websites.  Even though the DNS system is distributed around the world, it acts like a single system.

An attack can happen by modifying the host tables that are stored on local computers.  The host table is list of domains and IP addresses that are used to find the correct IP address when a user enters a domain site name.  If the so-called host table name system does not have the correct IP address stored locally then it contacts an external DNS for the correct IP address. If an attacker is able to compromise the entries within the host table then they can direct websites names to any IP address they wish.

Another method of performing a DNS Poisoning Attack is to target the external DNS servers themselves.  External DNS servers exchange information, including name and IP mapping, with each other using zone transfers.  Attackers can set up a DNS server with fake IP address entries so that if the targeted DNS server accepts the zone transfer as authentic, it will then use and distribute the fake IP address assignments to other DNS servers.  One way to prevent a DNS poisoning attack is to ensure that the latest version of the DNS software, called Berkley Internet Name Domain (BIND), is installed.

IP addresses are similar to postal addresses and route information to the correct location across networks. Data is broken up and sent in pieces called packets. Each packet contains the sender’s and the recipient’s address. IP address spoofing is possible because an attacker can forge the sender’s address and make the packet appear to be coming from someone else. A common use of IP address spoofing is a denial of service attack where an attacker using spoofing to hide the source of their attack.

Phishing attacks involve setting up fake websites or sending spam emails in an attempt to lure potential victim’s to fake websites. The “sender” field in an email can be changed easily and as long as the email message protocols are acceptable, the message will be delivered. A phishing site can look just like the real one, with the same color schemes, layout, and logos. A victim that attempts to use the site can unknowingly be submitting their personal data to criminals.

Fake or rogue WIFI access point masquerading as well known brands in airports, train stations, financial institutions, and retail locations offer attackers a relatively simple way to steal data. Some tips to protect yourself when using public hotspots are to keep your wireless radio turned off until you are ready to use it, disable file and printer sharing, and set your wireless option to “infrastructure networks only”.  Programs that update automatically can also be another avenue for a wireless spoofing attack; therefore, be sure to enable the “ask me first” feature before allowing your computer to download updates.

The mandatory access control model assigns users’ roles strictly according to the system administrator’s wishes. This is the most restrictive access control method because the end user cannot set any access controls on files. Mandatory access control is popular in highly secretive environments, such as, the defense industry where errant files can jeopardize national security.

Discretionary access control is at the other end of the access spectrum differing from the mandatory access model in that it is the least restrictive of the three models. Under the discretionary access model the end user has complete freedom to assign any rights to objects that he wishes. This level of complete control over files can be dangerous because if an attacker or malware compromises the account then the malicious user or code will have complete control as well.

Role based access control creates permissions by assigning access rights to specific roles or jobs within the company; RBAC then assigns users to those roles, thereby granting privileges. This access control model functions effectively in actual organizations because files and resources are assigned permissions according to the roles that require them. For instance, a system administrator may create an access role for managers only. So a user would need to be assigned the role of a manager to use those resources.

One of the lesser-discussed access control models is Rule Based Access Control (RBAC). It shares the same acronym as role based access control but incorporates top-down management similar to mandatory access control. Rule based access control permissions are only assigned by the system administrator. Rules are attached to each resource, which governs the access levels that will be allowed when a user tries to use it. An example of rule based access control is only allowing a resource to be used at certain times of the day or only allowing specific IP addresses to access the resource.

The term identification refers such things as user names and identification cards.  It is the means by which a system user identifies who they are.  This step is usually performed when logging in.

Authentication is the second step of the access control process.  Passwords, voice recognition, and biometric scanners are common methods of authentication.  The purpose of authentication is to verify the system user’s identity.

After a system user is authenticated they are then authorized to use the system.  The user is generally only authorized to use a portion of the system’s resources depending upon their role in the organization.  For example, the engineering staff would have access to different applications and files than the finance staff, or human resources.

There are more ways to enforce access control besides using software.  Access control can be maintained by something a simple as a locked door.  Only users with the correct key or door card would be allowed to enter.

One of the principles that should be incorporated when establishing an effective access control policy is the practice of minimal access or least privilege.  What this means is that a user should have the least amount of access required to do their job.  The principle of least privilege includes limiting the resources and applications accessible by a user as well as the time access is allowed.  For, instance at times it may not be advisable to allow access to financial records at 3AM in the morning when the facilities should be closed.

A fire can destroy computer equipment and incinerate a building very quickly so some type of fire suppression system is a must. Many commercial buildings have a water sprinkler system. Unfortunately, spraying electrical equipment with pressurized water will short the circuits. Even some chemical fire suppressants can foul electronics.

Clean Agent fire suppressing systems, such a carbon dioxide or Inergen systems, should be used extinguish flames around electric and high voltage equipment. A clean agent system is also non-toxic to people so the after affects will be minimal after work resumes.

Attackers are able to eavesdrop on computer systems, displays, and other similar devices by detecting their electromagnetic emissions. This process is called Van Eck phreaking. Countermeasures to prevent eavesdropping have been put forth by the National Security Agency (NSA) in a study code named TEMPEST, Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. Some of the unclassified measures include special shielding between circuits and equipment or within the building. Other countermeasures including scrambling the signal or installing a Faraday cage, which is a metal mesh structure that stops electromagnetic signals form leaking, around the computer room.

Finally, the HVAC must be controlled to ensure that the environment does not do damage. Humidity levels that are not correct can damage equipment. For instance, air that is too dry can create static that can damage equipment. Temperatures that are too hot or too cold can also degrade a system. Adding to the complication is the dry heat emitted from electronic devices.

Since a hash creates an identifiable signature of data it can be used to determine whether a set of data has been changed; in other words it is possible to verify the integrity of data.  For example, you want to make sure that financial documents that you have stored have not been tampered with, so you create a hash of the known correct data. Now, whenever you want to check the data, you simply hash the data again and the two hashes should match if the most current data has not been changed.

When sending critical data the message along with a hash of the message is usually sent to recipients.  The recipient can then verify that the message has not been altered.  One of the main benefits of hashing is that the integrity of a message can be checked without revealing the contents of the original message.

Hashes are also called one-way hashes because once they are created they cannot be reversed.  This means that a hash cannot be deciphered to determine the contents of the original message.  Therefore hashes can only be used to compare data.

Hashes are created with Hash functions, which are cryptographic algorithms.  An algorithms that is considered secure should not create collisions meaning two different sets of data creating the same hash value.  In addition, a secure hash algorithm should create hashes that are the same length no matter the size of data being hashed.  One of the advantages of a fixed length hash is that other programs can use it easily since it is consistent.

Two common cryptographic algorithms are Message Digest (MD) and Secure Hash Algorithm (SHA).  The Message Digest algorithm has several versions; the most current version is MD5.  MD5 is the default procedure for Simple Network Management Protocol (SNMP). However, researchers have revealed collisions and vulnerabilities in the MD5 code and a more secure cryptographic algorithm is recommended for hashing.

Secure Hash Algorithm (SHA) creates a longer hash than most versions of MD resulting in a more secure code.  Currently there have been no weaknesses found with the most recent version of SHA, SHA-2.  Another version, SHA-3, is in development and scheduled to be complete in 2012.

A practical application of a hash function is ensuring that data transmissions are correct.  When packets are sent across networks errors often occur.  Many times when a program is available on a website for download, a hash function is also available to verify that the downloaded file is identical to the file on the site.  Using Hashes to check files for errors is similar to a checksum or Cyclic Redundancy Check (CRC), which is shorter and less secure than a hash.

PKI is needed because of the complexity associated with managing digital certificates.  For instance, a Certificate Authority (CA) is a third-party entity that vouches for the authenticity of public keys.  In performing this task they must investigate the background of applicants before issuing a digital certificate.  In addition to distributing certificates, a CA must also revoke and place expired certificates on Certificate Revocation Lists (CRL).

Public key infrastructure helps to ensure effective and efficient certificate management by following set of 15 Public-Key Cryptographic Standards (PKCS).  PKCS covers a wide variety of topics including digital signature formats, key exchange protocols, certificate syntax, file formats, technologies, and storage procedures.

Certificate administration is not the sole focus of PKI; it also must manage the public keys which are the backbone of the public key system.  A major part of key management in the PKI framework is key storage. For example, it is important to encrypt the folder or directory where public keys are stored.  It is also preferable to store them using a hardware-based system as opposed to software-based because of the numerous vulnerabilities in operating systems and applications.  Private keys are stored on the client’s system.

Another important aspect of key management is how they are handled.  Specific procedures must be in place throughout the useful life of a public key.  It must be clearly define how keys are issued, revoked, and terminated.

Some of the systems that rely on PKI security mechanisms are email, ecommerce, and online banking.  No matter the application, PKI’s purpose is to make the secure exchange of data possible.  Keep in mind that PKI covers a wide range of topics and the standards that define its procedures continually evolve to meet the needs of a changing computing environment.

A digital signature is able to prove that a message has not been changed, which means that it ensures the integrity of a message. It is also provides for non-repudiation, meaning it’s able to prevent a sender from claiming they did not send the message.

For example, if you want to send a digitally signed message to your bank; first you would create a hash of the message using a hashing algorithm like Message Digest 5 (MD5) or Secure Hash Algorithm (SHA). This hashed message is called a message digest. You would then encrypt the digest using your private key and this encrypted hash would be the digital signature of your message.

Both the message and the digital signature are sent to your bank.

In order for the bank to make sure that your message is authentic, they would retrieve your public key and decrypt your digital signature, which reveals the hash. The bank would then hash your message and compare it to the newly uncovered hash.

If the hashes do not match then the message was not sent by you or was changed in transit.

Keep in mind that the original message that you sent to the bank with the digital signature could still be read by others. In order to encrypt the message you would need to retrieve the bank’s public key from their certificate authority (CA) and encode your message. After that, the bank will be able to decode your message with their private key.

Digital certificates rely upon public key cryptography to operate.  Public key cryptography uses two mathematically related keys to secure data.  The first key is the private key of the message recipient and the second is a public key known to everyone.   For example, if you wanted to send a secure communication to your bank, then you would use the bank’s public key to encrypt the message; while your bank would use their private key to decrypt the message you sent.

Since the public key is widely known it can be impersonated by anyone with knowledge and malicious intent.  That is where digital certificates come in.  Digital certificates are used to verify that the freely available public keys belong to legitimate owners.  A digital certificate is a public key that has been confirmed as valid by an independent third-party called a certificate authority (CA).

Usually digital certificates contain:

• The owner’s name
• The owner’s public key
• The distributor of the certificate
• The public key’s expiration date
• Digital signature of the CA

Digital certificates can also contain addresses, serial numbers, hashes and a variety of other information. The most widely used format for digital certificates is X.509.

Certificate authorities handle the administrative functions of issuing and managing certificates.  The largest certificate authorities include:

• VeriSign
• GoDaddy
• Comodo

One of the most critical tasks of a CA involve publishing lists of certificates that have expired or have been revoked to a central database called a certificate revocation list (CRL).  This must happen quickly and continuously so that users will immediately know if a certificate is invalid.

There are many types of digital certificates including those intended for applications, servers, and personal users.  However, they all have the primary purpose of associating a public key to an owner.

Cryptography can be used to authenticate that the sender of a message is the actual sender and not an imposter.  Encryption also provides for repudiation, which is similar to authentication, and is used to prove that someone actually sent a message or performed an action.  For, instance it can used to prove a criminal performed a specific financial transaction.

Cryptography ensures confidentiality because only a reader with the correct deciphering algorithm or key can read the encrypted message.  Finally, Cryptography can protect the integrity of information by ensuring that messages have not been altered.

Cryptography comes from Greek words meaning “hidden writing”.  Cryptography converts readable data or cleartext into encoded data called ciphertext.  By definition cyrptography is the science of hiding information so that unauthorized users cannot read it.

Secret writing is an ancient practice that dates back to ancient Egypt but it is still critical to securing data today.  In fact, encryption is absolutely necessary when transmitting sensitive data over unsecure mediums like the Internet.  The three types of algorithms used for encryption are:

• Hashing
• Symmetric, also called private or secret key
• Asymmetric, also called public key

A hashing algorithm is used to create an irreversible code of a piece of information.  This hashed code is called a hash or digest and is unique to the information and can be used as a signature for the data.  A hash is used for comparison purposes to make sure data has not been changed; thus it ensures the integrity of a message.

A symmetric cryptographic algorithm can be decrypted, as opposed to being irreversible like hashing.  There are several types of symmetric algorithms.  Some of the most popular are:

• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)
• Rivest Cipher (RC)
• International Data Encryption Algorithm (IDEA)
• Blowfish

DES was one of the first widely used algorithms however it has been cracked and is no longer considered secure.  AES has not been cracked and is used by the US government while IDEA is favored by European nations.

RC stands for “Ron’s Code” and is a family of algorithms written by Ron Rivest in 1987.  Blowfish is a strong open-source symmetric algorithm created in 1993.

Asymmetric cryptographic algorithms differ from symmetric algorithms in that it requires two “keys” to encrypt and decrypt data as opposed to the symmetric algorithm’s single key.  Asymmetric or public key encryption uses two mathematically related keys: a public key known by everyone to encrypt messages and a private key, known only by the receiver of the message to decrypt the information.

Asymmetric cryptography is widely used and underlies Transport Layer Security (TLS) and PGP (Pretty Good Privacy) protocols.  Some common asymmetric algorithms are RSA and Diffie-Hellman.

Some of the ways to recognize these messages, so that you can avoid becoming a victim of these scams, include:

Web links embedded in emails, instant messages, or chats. You shouldn’t log on to a website through a link sent in an email. Instead you should call the company on the phone or open a new browser window and log onto the website directly by typing the legitimate address in your browser. Unless the email is digitally signed, you can’t be sure it is real.

Phishers often use variations of legitimate addresses, masking their true identity with hyphens and underscore. For instance, they may use www.user-paypal.com or www.US_Amazon.com.

Be wary of fake sender’s addresses because they can be forged easily. An email message should not be trusted simply because the sender’s email address appears to be legitimate, such as user_registration@paypal.com.

Beware of generic greeting. Phishing emails are usually not personalized and begin with a general opening like “Dear Bank Customer” and do not include a valid account number. However, they can be personalized in the case of spear phishing where the attacker sends customized messages. Valid messages from your bank or e-commerce company generally are personalized and if an email from an online vendor does not contain the user’s name, it should be considered suspect.

Pop-up boxes and attachments are a sure sign of a phishing attack. Legitimate emails from vendors never contain a pop-up box or an attachment, since these are tools often used by phishers.

Online banking and e-commerce is generally safe, but you should be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting or exciting false statements in their emails to get people to react immediately, such as warnings that their account will be deactivated. They typically ask for information such as user-names, passwords, credit card numbers, social security numbers, date of birth, etc.

Avoid filling out forms in email messages that ask for personal information and always ensure that you’re using a secure website when submitting personal information in your web browser. Any website in which the user is asked to enter private information should start with https:// not http://; secure sites will have a padlock in many browser’s status bar or at the bottom of the screen. Users should not enter data without these indicators and even with these indicators users should be careful because phishers are now able to forge both the https:// and the lock you normally see on a secure site.

The lock has usually been considered as another indicator that you are on a safe  site. When the lock is double-clicked it displays the security certificate for the site. If you get any warnings that the address of the site does not match the certificate, do not continue.

It is worth reiterating that you should make it a habit to enter the address of any shopping or financial website yourself.

Finally, make sure that your browser is up to date and the latest security patches are applied. Check your bank and credit card statements to ensure that all transactions are legitimate at least once a month.

Phishing is one of the most common forms of social engineering attacks.   The word “phishing” is a spin-off of the word “fishing”; the idea is that bait presented by the attacker knowing that most will ignore it but a few will bite on it.  Phishing attacks usually involve an attacker sending an email or displaying a fake web page that claims to be from a legitimate business in an attempt to trick the victim into giving up personal information.

Many times the victim is directed to a website where they are asked to update their personal information, password, credit cart number, bank account number or other information that a legitimate company would have access to.  Unfortunately, the web site is fake and is actually stealing the user’s information.

The Anti-Phishing Working Group (AWPG) reported that the number brands hijacked per year is on the rise.  In August of 2009, there were a record high number of unique phishing sites at 56,362.

One of the reasons why phishing is so dangerous is because both the email and fake websites look legitimate.  They contain the logos, color schemes, and wording used on the real sites and within the organizations that they are impersonating.  This makes it difficult to tell that they are fake.

In addition, there are several different kinds of phishing attacks.  These include:

• Spear phishing: Typical phishing attacks are sent like spam to many users while spear phishing attacks target specific users.  The emails are customized to each victim using their real names and personal information.
• Pharming: Instead of sending a fake email and asking users to visit a bogus site, pharming automatically redirects users to the attacker’s site.  This is done by the attacker actually taking control of the legitimate business’s website or web servers.
• Google phishing: This is when an attacker sets up a fake search engine and redirects traffic to fake sites.  Some of the search results may go to the legitimate sites while searches for specific online banking and financial sites may be impostors.

Phishing sites tend to appear and disappear suddenly to avoid being traced.  According the APWG the average time a site is online is only 3.8 days.  The United States has overtaken China as the top country hosting phishing sites with over three quarters of the World’s hosted sites.

Because phishing uses social engineering to trick victims into responding to an email message or into visiting a fake site one of the most effective forms of defense is to teach users how to recognize phishing attempts.  We will cover these signs and other techniques to protect yourself against phishing attacks in our next post.

Many RATs mimic the functionality of legitimate remote control programs but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games, screensavers, and other seemingly useful programs that unsuspecting users then run on their computers. Typically, exploited users either download and execute the malicious programs or are tricked into clicking email attachments.

In many cases, hackers can customize their RAT program.  They can:

• Set IP port numbers to use
• Decide how it hides
• Decide whether it uses encryption
• Determine when and how the program communicates

After setting up the RAT’s behavior, the intruder generates the program and then tricks the victim into running it.

Once an attacker has control of a system they can do anything a full administrator can do, including sending spam or  using multiple machines to launch coordinated distributed denial of service attacks.  If your PC has a microphone or Webcam many RATs can turn them on and capture your conversations and video. Everything you say and do around the PC can be recorded!

Enterprising intruders are known to collect thousands of compromised machine IP addresses to sell or trade to other criminals.

Popular tools for remote administration include SubSeven and the now infamous Back Orifice, which allowed a user to control a computer across a TCP/IP connection, on a local LAN or across the Internet.  Once installed on the victim’s computer it concealed itself and did not show up in the task list or close program list.

Back Orifice ran every time the computer started.  Its’ developers claimed that, “it gave its’ user more control of the remote Windows machine than the person at the keyboard of the remote machine.”

Another more recent remote administration tool is Bandook.  It is a backdoor Trojan horse that infects Windows 2000, XP, 2003, and Vista.  Not only does the Bandook RAT allow remote access to another computer but it also includes features that can be used maliciously, such as a screen capture utility, keystroke logger, and process and file manager.

If a virus or email worm has ever infected your computer, it is a prime candidate for a RAT. Typical antivirus scanners are less likely to detect RATs than worms or viruses, even though the best anti-malware weapon is an up-to-date, proven antivirus scanner.

A clear sign of a RAT infection is an unexpected open IP port on the suspect machine.  When you think that a PC has been infected, disconnect the PC from the Internet so that the remote intruder can’t do more damage and investigate any suspicious ports using a good port enumerator.

If your work is mission critical with little tolerance for risk it is advisable to completely reformat any compromised machines.

Browser session hijack:

This spyware type tries to modify the browser settings of the user. There are various ways to implement them. However, the main intent is to modify the browser behavior in such a way that, the user is directed to the sites of the spyware author’s choice instead of the sites that the user wants to reach. Often, they lead users to advertisements. The attackers earn commissions when any unsuspecting surfer pays a visit to the sites.

Cookies:

Cookies are small packets of information that are stored on the system of the user by the web server. During subsequent visits, most web servers can retrieve the cookies. Very often, they store user authentication, user state information, and preferences.

Since cookies store user identification information they can differentiate one user from the other. In addition, they can track the user across more than one web site. With the help of correlations and other techniques such as web bugs, they build profiles of individual users that may or may not contain personal information that are valuable to sites and attackers.

Web Bugs:

Web bugs are HTML elements that take the form of image tags embedded in a web pages or email. They are usually invisible to the user but allow checking that a user has viewed the page or e-mail.

The typical use is to log the successful delivery of the messages to the unique email address. Once the user accesses the image, the cookie is set and is associated with the email address. Then, the cookies track the browsing habits of the user.

Browser Helper Objects:

Commonly problematic with Internet Explorer (IE), they are objects specially designed to make IE extensible in nature. They also permit easy modification and/or addition of functionality.

The moment the surfer starts Internet Explorer, the installed BHOs get loaded into the process space of the browser. Because BHOs have unrestricted access to Internet Explorer events they are able to track users’ browsing patterns and pass the information they record to third parties.

Bots:

These are a special class of malware. Also known as zombie, they are currently the largest malware problem observed on the Internet. They are remote control agents installed on the end user systems and controlled by attackers.

Autonomous Spyware:

It either operates as a simple process or injects itself into the other processes that run on the system. It often begins at system startup or user log on.

If you would like to know more about the other types of malware, read the following resources.  To find out more about viruses go HERE, worms HERE, rootkits HERE and finally for spyware go HERE.  Now, lets continue with Trojan horses.

What makes a Trojan unique from other types of malware is that it masquerades as a program that performs a useful function.  For example, the victim thinks that they are getting a screensaver of their favorite singer, free software, or music when in actuality it is also installing a backdoor to allow remote control of your computer system.

The term, Trojan horse, comes from the Greek story of the Trojan War, where the Greeks give a giant wooden horse as a gift to their besieged foes, the Trojans who are inside the city of Troy. After the Trojans drag the horse inside the city walls, Greek soldiers sneak out of the horse’s hollow belly and conquer the city.

Similarly, when an unsuspecting victim installs that useful new utility they may be literally opening a can of worms. The effects of a Trojan horse can be as benign as changing your background or installing silly icons on your desktop.  Unfortunately, it can be as dangerous as allowing complete or administrator level control of your system.

Trojan horses can be classified based on how they breach systems and the damage they cause. Some of the main types of Trojan horses include:

• Remote Access Trojans (RATs)
• Data Sending Trojans
• Proxy Trojans
• FTP Trojans

Remote access Trojans are arguably the most dangerous malicious code used by hackers.  They are designed to run invisibly on victim’s computers and give an intruder complete remote access and control.

Data sending Trojans can look for specific pre-defined data such as credit card numbers or passwords or they could simply install a keylogger and send all recorded keystrokes back to the attacker.

A proxy Trojan is a type of Trojan horse designed to use the victim’s computer as a proxy server that sits between the attacker’s computer and a real server.  This gives the attacker the ability to do everything from your computer, including the possibility of conducting illegal activities such as sending spam or use your system to launch attacks against other networks.

A FTP Trojan is designed to open port 21, the port for FTP transfer, and lets the attacker connect to your computer using File Transfer Protocol, FTP.

Due to the growing popularity of botnets among hackers, Trojan horses are becoming more common.   Recent surveys assert that Trojan horses account for 83% of the global malware detected in the world.

The best Trojan horse and anti-malware weapon is an up-to-date antivirus scanner.  Good antivirus software is designed to detect and delete Trojan horses, as well as prevent them from ever being installed.

Although it is possible to remove a Trojan horse manually, it requires a full understanding of how that particular Trojan horse operates. In addition, if it is possible that a hacker has used a Trojan horse to access a computer system, it will be difficult to know what damage has been done. In situations where the security of the computer system is critical, it is better to simply reformat the hard drive and reinstall the operating system and software.

Some specific items to consider that can yield an unstable system include:

• If the CPU has a fan, is the fan working properly? Overheating of the CPU generally yields system crashes and/or lock ups. Usually the system will behave fine from a cold start, fail sometime later, and experience variable results on attempted restarts. The problem may appear intermittent, but will often be tied to the computational load being placed on the system as well as ambient temperature and/or season of the year. To diagnose: run the system while the case is open to verify that the fan actually works. As a moving part, a fan is one of the components that have an expected high rate of failure.

• If fans appear to be working, are they able to adequately deliver airflow to the needed areas? It is important to understand that the airflow through a computer case over a number of years can deposit a large amount of dust/lint onto a system, providing thermal insulation to covered components or disrupted airflow through case openings. If the inner workings of your PC are encased in dust, carefully remove that dust. Generally, a vacuum with a fine nozzle attachment held away from the components provides more than enough suction to do the job. Pressurized air/gas will also do the job, but generally creates a minor dust cloud and a mess outside the case in the process.

• Is a CD/DVD drive not working? Check that the read/write laser is working and that the lens system is not scratched or covered with dust. A lens cleaning CD will often help with dust issues. Laser issues are often apparent by verifying that a disc is readable on all CD/DVD drives except the questionable one. The only reasonable course of action here is replacement of the drive.

• If system performance is lagging, the most obvious first step is to identify the processes that are pulling the greatest fraction of CPU cycles. The processes which draw the most CPU resources may not be the critical issue, but they may be indirectly related. In any event, it will narrow the field. The Windows Task Manager is obviously a place to start examining system process performance issues.

• Assess the set of applications that are always launched on system start. If there are infrequently used applications, which are always running, this is generally an area in which to trim utilization of system resources.

• Verify that the system has sufficient RAM for the task load that is run. Compare the total and peak commit charges against total physical RAM under the Performance tab of the task manager in Windows. You don’t want to be working in a scenario where the commit charge routinely exceeds physical RAM.

• Is your system littered with gigabytes of temporary files and so on? Take a moment to perform a small amount of system hygiene by running CCleaner. The more advanced user may perform a bit of registry straightening and examination/pruning of startup entries.

The underlying message is that you shouldn’t automatically presume that all unexpected or unanticipated issues experienced using a computer is due to malware.

Consider, explore, and rule out the more common explanations before leaping to the conclusion that you’re infected. You may very well be infected, but similar symptoms can arise from many sources.

Companies need to be protected both legally, and in terms of network and information security. Content filters help to prevent programs and files from being downloaded that may be malicious, stealing company data, infecting systems with viruses, and more. Internet content filters are a necessary evil that actually help security.

Additionally, Internet content filters help to keep both an organization and an individual legally protected. By blocking pornographic websites, organizations are helping to prevent sexual harassment lawsuits against themselves, as well as the individual accessing the website. Hate-filled websites dealing with racism, sexism, and more are also blocked to prevent offending anyone, and leaving an organization and individual open to a hate crime related lawsuit. For the large amount of protection these filters provide, the small hindrance and annoyance they bring about are very minor.

Whether it involves using the internet at work, school, or the library, most organizations utilize IT specialists, such as site administrators or media directors, to assist with the decision of which internet filters to implement. These specialists can also help organizations monitor the daily use of the Internet and create website tracking methods.

For most library institutions, it is up to the local library board to decide which websites are appropriate for their visitors to use. The librarians who work at an individual location may have a significant amount of input towards this decision, as well as monitor the activity of the computer systems while in use.

In an elementary through high school environment, the board of education, principals, teachers, and parents should all have a say in which Internet sites are made available to young students. Most parents filter Internet use for their own children at home, so it is imperative that they contribute their opinions.

At a college level, most universities should allow department deans and campus libraries to determine the appropriate Internet sites allowed in the classrooms, administration facilities, and academic departments. Depending on the specialty of a given department, certain websites may be allowed in one area over another due to the type of research that is required for specific classes.

As for a work environment, executive level management should be involved with the decision, however, department directors should be the main point of contact regarding which websites are allowed and how employees will be monitored.

Unfortunately, there are multiple ways around filters, including proxy websites, and more can be found online.The punishments used against individuals can vary specific to the organization and the severity of the websites used when circumventing Internet filters. In either of the environments mentioned above, the rules and regulations of Internet use should be made clear from the beginning.

Filters are implemented for a reason and for an individual to break the filter, he or she must understand the consequences.  In some cases, the severity of the websites accessed may come into play. Some companies do not allow employees to utilize personal email websites such as Hotmail, Yahoo, or Google. This type of site may be considered a minor offense, however, websites that may involve illegal activity would be considered a severe offense and require an appropriate response.

There are some spyware programs that are particularly nasty and can disable the firewall and antivirus programs. This leads to the installation of more spyware on your computer. Here, you have to ensure that the antispyware programs run properly and are updated. You always need to look out for fake messages from Windows Security Center. There is some crafty spyware with pop up messages in the system tray that look like the real deal.

Extra Desktop Icons: This is one of the obvious signs of a spyware infection. Never click strange icons on the desktop. Things may become worse when trying to uninstall or delete the icons. To remove these programs, a spyware remover is best.

Costly phone Bill: Although, this is less common, it still does happen and can affect anyone who still uses dialup Internet access. These programs use the computer’s modem, to place expensive long distance calls. Unfortunately, it is a hard symptom to spot. This is one of the reasons why operators need to perform regular spyware scans on their system.

Key loggers: These are one the scariest forms of spyware. From passwords, to sensitive personal details, to credit card numbers, they record everything you do on your computer system. Theft of such data leads to financial hardship and privacy invasion. In case people notice any strange activity on their credit cards or bank accounts, it is important to contact your financial institutions and immediately run a spyware scan.

Good spyware removal utilities have three critical facilities that include a scan, repair, and a registry backup function. It is important that your spyware cleaner makes a good registry backup in case the system fails to function properly after the spyware cleaner runs.

These cautionary steps may save you a ton of money and despair down the road. Regular spyware scans in combination with good firewall and antivirus program will keep you worry free and safe while you enjoy surfing online.

What actually happens when you enter text into the Username and Password fields of a login screen is that the text is usually inserted or encapsulated into a SQL command. This command checks the data you’ve entered against the information stored in the database, such as user names and their respective passwords. If your input matches what is stored in the database then you are granted access to the system.  If not, you get an error message and a chance to re-enter the correct information or you are refused entirely.

Databases are at the core of a modern organization’s computer systems because they allow you to control your business processes.  They store data needed to deliver specific content to visitors, customers, suppliers, and employees. User credentials, financials, payment information, and company statistics may all reside within a database that can be accessed by legitimate users and unfortunately attackers as well.  SQL or Structured Query Language is the computer language that allows you to store, manipulate, and retrieve data stored in the database

SQL injection is the exploitation of a website or computer system that is caused by the processing of invalid data that is entered into the form fields by a malicious user. SQL injection can be used by an attacker to introduce (or “inject”) code into a computer program to change the course of execution in order to access and manipulate the database behind the site, system or application.

SQL Injection vulnerabilities arise because the fields available for user input allow SQL statements to pass through to the database directly in order to process data and user requests.  If the input is not filtered properly, web applications may allow SQL commands that enable hackers to view unauthorized information from the database or even wipe it out.

The attack takes advantage of improper coding of web-based applications and computer networks that incorporates features that deliver dynamic content such as:

• Login pages
• Customer support pages
• Product request forms
• Feedback forms
• Search pages
• Shopping carts

When the legitimate user submits his details, a SQL query is generated from these details and submitted to the database for verification. Using SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the form barrier and seeing what lies behind it.

Many times all an attacker needs to perform a SQL Injection hacking attack is a web browser, knowledge of SQL queries, and creativity to guess important table and field names.

A simple illustration of a SQL injection attack goes like this; an attacker attempts compromise a system that they have no access to by entering code instead of their credentials. So when the attacker is prompted to enter their Username and Password he enters codes such as ‘x’=’x’.  And depending how the system’s software is written, this command will be True because x always equal x, so the Username and Password combination will always be True or match!

Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Commands through the input field. This allows the attacker to execute any SQL command on the database, including modifying, copying, and deleting data.