What are Information – Data security threats?

What are Information – Data security threats?

By bluecollarpc – Last updated: Sunday, April 21, 2013

http://bluecollarpc.us/2013/04/21/what-are-information-data-security-threats/

 

This is from an actual question I fielded as Antibotnet alternate Yahoo ID at yahoo Answers > Security….

QUESTION:

Information security – threat? In information security what do we call a “threat” exactly? Hacker? or action itself aka eavesdropping/ system intrusion? Kinda confused about the concept http://answers.yahoo.com/question/index?qid=20130420123253AAJSqc2

MY ANSWER AS ANTIBOTNET YAHOO id (ALTERNATE id)

 

Best Answer – Chosen by Asker

 

ANSWER:

Not sure if you mean general average user or actual IT Security ? The term threat to the average user computer is several fold.

Threat generally means malware such as a computer virus, worm, trojan, spyware etc. Malware can pose a threat to the actual operating system (Windows etc) as destrutive to the system and even hardware. It can destroy the operating system rendering it inoperable via corruption of files and/or actual deletion of system files such as by a worm.

Threats by spyware are generally referring to comprimising personal information generally always meaning financial information such as account numbers and pins etc that might be stored by a user in a document or text file etc. Another spyware category threat as “keylogger” can record everything being typed such as purchases online etc. Threat here means ultimately as an attempt as ID Theft, but also includes like personal photos and media etc that can be copied and transmitted in stealth from the infected unprotected computer. As well these threats to information includes all email contacts and any information there as a phone number, address, etc. – such as copy/transmitting these via spyware or even some viruses from the Contacts/Address Book information stored in the computer email programs contacts area. When you consider a broad term as “Social Engineering” you can place together additional areas of crime as stalking etc outside the computer system and worldwide web – robberies, kidnaps, and worst – due to threats to information or “data” stored in the computer.

Quality antimalware installed on the computer prevents these.

Threats also mean hackers trying to break into and take over a computer, and an acute looming threat if there is no personal software firewall installed.

Threat may also refer to security holes in the operating system and/or other softwares installed. These get patch/fix/update/upgrade through as example Windows Updates or similar in other operating systems as Linux, Apple/Mac etc.

It is on the enterprise corporate level in IT Security that refers to computer security for Home/Small Businesses all the way up to major companies/corporations etc. These are hired to address computing security for businesses against malware threats and much more. Computer forensics is an additional add-on or hired outside the/for the firm.

Biometrics security refers generally to physical type preventions as voice and retina and fingerprint recognition etc. to even gain entry into like a security firm as a major antivirus company as example. These too may include similar to even access a company computer. Threats to these areas are another area other than malware and an up to date fully patched computer.

SEE Zero Day threats…. also:

http://www.webopedia.com/TERM/Z/Zero_Day_exploit.htm

http://en.wikipedia.org/wiki/Zero-Day_Attack

List of threats to PCs….

http://bluecollarpc.us/threats-faqs/

 

Source(s):

http://bluecollarpc.us/forensics/

http://bluecollarpc.us/threats-faqs/

 

 

Advertisements

How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)

How Do I Know The Disk Has Been Fully Wiped (Privacy/Security Disk Wiper Software)

Good orientation here …… we are talking….
 
Data remanence
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Data_remanence
 
This all depends on what and why you want to do this. If simply passing the PC on to a family member or friend and want all your data wiped off – you can use any disk wiper. It is assumed they are not going to go snooping in  some manner with a file recovery software in other words. Simply erase the disk is the procedure without security being a concern.
 
If you are going to donate the PC or recycle it – then you should absolutely only use a military grade disk wiper (eraser). This guarantees your data is NOT recoverable. I don’t know your sources to the contrary, but that is apparently indisputable. No data period – using military grade wiping software. That’s why it is called military grade. The best available to the public is a military grade software disk wiper. [ 35-pass Gutmann uber-paranoid erasure ]
 
The paranoia stops here……
(Has this been circumvented ? Not to knowledge)….
 
“UltraSentry was designed to delete file and folder data to United States Department of Defense standards, which is why we call it a military-grade cleaning application. What does this mean? Well, many electronic files and data are highly-sensitive or private, and when deleted, the data itself still remains on the disk, making it recoverable or accessible by anyone. UltraSentry eliminates that risk by overwriting the file data repeatedly, completely  destroying all traces of the sensitive file data, making it completely unrecoverable. The standards to which the data is overwritten are compliant with Department of Defense standards, and are the same standards the U.S. military  and government use when deleting top-secret or proprietary electronic information.”  <http://www.ultraedit.com/products/ultrasentry.html>
 
Mac PCs have this type utility built in I have read.

If you are seeking other, than I think it goes into the area of manually doing things. This is an interesting subject and I am kicking it around on some sites for information.
Of course the oldest security joke about how to never get an infection is to not plug in the computer. Along the same lines, paranoia has to enter the picture somewhere here – such as any type disk wiper can be thought to be performing a “hex dump” of the erased material to be recoverable either for the OS owner (Windows) or the Law or the actual software writer to capture any data involved as of interest for whatever reason. Paranoia can lead to manually performing the task and perhaps with a hex editor. Simply using ” 00 ” overwrite seems less than thorough enough as I have seen it recommended to use three different passes with two different sets the 00 first and last.
 
 
IF YOU ARE TALKING DISPOSAL….. PHYSICALLY DESTROY THE COMPUTER DISK…. HEALTH RISK ! …..
 
Learn how to effectively delete all of the data on your hard drive – and permanently
IN FULL
http://www.digitaltrends.com/how-to/how-to-completely-erase-your-hard-drive/ 
 
“….. Get Physical
Another brutally effective way to destroy data on your hard drive is to properly destroy the internal parts of the drive itself. There are several ways to do this, each of which requires physical methods of destruction that can be  dangerous and may expose particles or chemicals hazardous to your health. If you are not able to maintain a safe environment, do not attempt these methods. Find a qualified company to assist.
 
Your data is stored on the spinning platters inside the drive. It is these platters that need targeting. Popular and effective methods for destroying the platters are: 1) industrial shredding, whereby the entire hard drive is fed into a powerful automobile-sized shredder that makes mincemeat of the drive; 2) drilling through the platters a few times with a titanium drill bit (easily found at Home Depot).
 
Of course, if the CIA, FSB and Mossad are all after your data, you may want to
a) selectively nuke folders and files,
b) write zeros at least seven times,
c) physically disable the drive and
d) get a safer, calmer life.
 
Summary
 
Protect your Social Security number and credit card e-bills from getting into the hands of 8-Ball Ernie down at the rehab center. Do not ruin the innocence of those kids at the community center by accidentally exposing them to the  contents of your intentionally mislabeled though ineffectively deleted “Personal Budgets” folder. Make your donation of an old computer truly a win-win, good-karma situation for everyone involved. Free tools exist to perform even  the most thorough cleaning of a hard drive. Use them. ….”
 
MORE
http://en.wikipedia.org/wiki/Anti-computer_forensics
http://en.wikipedia.org/wiki/Data_remanence

Home/Small Business areas of Security in Online Communications

Home/Small Business areas of Security in Online Communications

Security of communications in a Home/Small Business endeavor or existentially. (I had to add this to my blog ! )

SOURCE — I am member Gerald309 – http://www.theeldergeek.com/forum/index.php?showtopic=43544  )

Of course this is the core in the security and IT industry with all the products available, and of course all the many departments in those products and general security in all communications on the world wide web. I could only scratch the surface and perhaps point you to some beginning areas that can expand into the “learning curve” knowledge – and since you are alert enough to consider security itself, you are well on your way to that simply by reading a post as this. Securing communications products and appliances are involved in secure communications. This is a very vast area of world wide web security itself and can be easily perceived in the many zero days and continual security alerts as vulnerabilities discovered and their solutions – generally patches, updates.

The two sides are all the communications from the client side (home/business network of computers) and all the communications to and from the server side (hosted on the world wide web). If I guessed right – you are concerned with the basics of secure communications against “leaks” which can occur on both sides of the equation in many areas. Some of the basics are like digital secure email for example.

Digital IDs for Secure Email

http://www.verisign.com/authentication/digital-id/index.html

Compare Digital IDs – Authentication, Secure Email & Secure Office

http://www.globalsign.com/authentication-secure-email/digital-id/compare-digital-id.html

Above are just two items of a vast array of security points of a vast industry with a vast amount of products. The learning curve can occur with introduction of communications and the security aspects which can involve all the threats exploiting them continually.

Just one aspect of this is generally called “sanitization” and as a search term…

Sanitization

http://en.wikipedia.org/wiki/Sanitization_%28classified_information%29

Same ballpark…. (even a corruption source and malicious use of hiding)

Data cleansing

Not to be confused with Sanitization (classified information).

http://en.wikipedia.org/wiki/Data_cleansing

In threats, there is the spyware area of “data mining” (which becomes much more aggressive for nefarious uses – cyber thefts)…

data miner (spyware)

http://www.webopedia.com/TERM/D/data_miner.html

I can not locate it handily, but I wrote a first “paper” about deceitful data scraping ….

Data scraping

http://en.wikipedia.org/wiki/Data_scraping

And so even these very, very few items are not even a surface scratch of all involved and are a part apparently addressed by the product mentioned <http://www.anonymizer.com/ > . There are a zillion as such now and it takes first understanding the scope of dangers – and then what addresses that as a confident determination in a security solution. Much of all things are simply “cured” by keeping all machines fully patched and all softwares and add ons. That basically gets rid of 90 percent of the ills and of course this is all assumed as installing the cutting edge quality products of antivirus, antispyware, and software and hardware firewalls and employing with severe prejudice – Safe Practices. As mentioned, adding any remote type connectivity to the home/business computer network introduces and multiplies dangers such as here – what has become a deplorable wireless security connection anywhere now with virtually all wireless signal encryption hacked.

One more point of all this is the actual webhosting and their server side security and reputations which need be observed obviously. One item here is the infamous…

Cross-site scripting

http://en.wikipedia.org/wiki/Cross-site_scripting

There are so many, many instances now of website break in worldwide in all – .com, .org, .gov, etc. . The obvious beginning is securing the home/business side of network computers (non-corporation) to at least determine any leaks and infections are not coming from the client side as example, uploading infectious files or photos, etc. Then, with this “forensics” if you will, it can be determined any malware and data ills and break ins are indeed occurring on the server side – webhost and servers. This is out of the hands on the client though they may work with you in any instances (not rare anymore). One example of this was that I suffered what is called “defacement” of my personal security theme website a couple years ago. This is that too familiar scenario whereby a cyber criminal hacks into the webhost and/or servers and places the defacement with the message “…if you want your site back, contact me with money at so and so…” – a typical extortion plot generally aimed at business. Unfortunately, the client has to wait until the webhost remedies the infection. This is where much research should be employed into the security aspects of the webhosting security reputation as well as all applications used on the website. C-Panel hosting really gives the client hands on in many areas.

The only bottom line is that I have not heard yet that WPA Enterprise is compromised For business, there is enough free information available but generally no one will get involved in actual security solution without price – IT Security. I do advise to look around a bit ‘yellow pages’ in your exact local regional area for these services for Home/Small Corporate business. In the least if hired, you will have among the best bondable security solution available. And again, there are a zillion products for a zillion things much as the medical industry churning out specialism in treatment – one for this one for that and so on. This can be completely counter productive and even damaging (much like the ills of using two antiviruses on a desktop ignorantly) and whereas IT Security will indeed deal with the entire over all picture.

I mentioned Trend Micro as well known and of course is one of the handful of these top quality products on the cutting edge of defense and not as hype but fact proven by independent lab testings. I am testing out their new netbook edition, but going back a year or two they did actually have four or five different security level settings for their laptop/notebook edition included firewall which included defending against direct attack while on Wi Fi wireless internet. I assume they still had that. This product virtually assures your machine (s) are defended and not infected. One side of the equation confidently secure. A basic beginning and they have almost all these communications protections incorporated aside from others the client can install like document type stuffs and secure email and so on.

Simply, trying to point you to data areas that you seemed interested in securing. Massive isn’t it ! The more you become involved in security you will see there is indeed a split in the area across the board and IT. Many just advise quickly for a sale not caring – profit driven, taking advantage of consumer ignorance. Many adjust security for convenience – whatever is least interaction for the client for their irresponsible praise which many times involves data theft resulting in massive ID Thefts of their customers which they will be both responsible for in a court of law – usually the business owner blaming IT.

Just mentioning things that do not even scratch the surface, I think you can appreciate this is not a one liner response subject. Quite the opposite. Costs are always a target, but to even make money on the Net – security should never be a target of the axe obviously to even be solvent in today’s marketplace online.

Not being professionals and experts and programmers in the industry, the consumer business person can easily rely on responsible user input (what’s hot – what’s not, what worked – what didn’t) from experience the best teacher to add as additional, but not sole source, for “Informed Decisions” in security solutions.

Forgive the answer if I entirely misjudged that you are a simple home laptop/desktop user looking for wireless security as opposed to a business owner. No, then, that product is not for this – it is a business enterprise solution type product.

EDIT… just looking I did see they actually indeed have a Home User Version. My apologies in advance. The WPA is encryption of what is in the air – the communications undecipherable. This is what has been hacked and there is no solution for that except a new upgraded WPA as they did with former WEP. What is in the air over the wireless internet (Wi Fi) is everything your are seeing and doing. Breaking into this, hacking WEP and WPA, the cyber criminal is basically seeing an entire text version of all to easily see sites visited, emails and documents and files opened an so on. It does not matter at all what is on client or server side. This is not what is being hacked.

More, see….

End-to-end principle

http://en.wikipedia.org/wiki/End-to-end_principle

Wireless Intercept & “Wiphishing”

http://technology.pitt.edu/security/risks/wiphishing.html

Webmaster, http://BlueCollarPC.US/

%d bloggers like this: