What are Information – Data security threats?

What are Information – Data security threats?

By bluecollarpc – Last updated: Sunday, April 21, 2013

http://bluecollarpc.us/2013/04/21/what-are-information-data-security-threats/

 

This is from an actual question I fielded as Antibotnet alternate Yahoo ID at yahoo Answers > Security….

QUESTION:

Information security – threat? In information security what do we call a “threat” exactly? Hacker? or action itself aka eavesdropping/ system intrusion? Kinda confused about the concept http://answers.yahoo.com/question/index?qid=20130420123253AAJSqc2

MY ANSWER AS ANTIBOTNET YAHOO id (ALTERNATE id)

 

Best Answer – Chosen by Asker

 

ANSWER:

Not sure if you mean general average user or actual IT Security ? The term threat to the average user computer is several fold.

Threat generally means malware such as a computer virus, worm, trojan, spyware etc. Malware can pose a threat to the actual operating system (Windows etc) as destrutive to the system and even hardware. It can destroy the operating system rendering it inoperable via corruption of files and/or actual deletion of system files such as by a worm.

Threats by spyware are generally referring to comprimising personal information generally always meaning financial information such as account numbers and pins etc that might be stored by a user in a document or text file etc. Another spyware category threat as “keylogger” can record everything being typed such as purchases online etc. Threat here means ultimately as an attempt as ID Theft, but also includes like personal photos and media etc that can be copied and transmitted in stealth from the infected unprotected computer. As well these threats to information includes all email contacts and any information there as a phone number, address, etc. – such as copy/transmitting these via spyware or even some viruses from the Contacts/Address Book information stored in the computer email programs contacts area. When you consider a broad term as “Social Engineering” you can place together additional areas of crime as stalking etc outside the computer system and worldwide web – robberies, kidnaps, and worst – due to threats to information or “data” stored in the computer.

Quality antimalware installed on the computer prevents these.

Threats also mean hackers trying to break into and take over a computer, and an acute looming threat if there is no personal software firewall installed.

Threat may also refer to security holes in the operating system and/or other softwares installed. These get patch/fix/update/upgrade through as example Windows Updates or similar in other operating systems as Linux, Apple/Mac etc.

It is on the enterprise corporate level in IT Security that refers to computer security for Home/Small Businesses all the way up to major companies/corporations etc. These are hired to address computing security for businesses against malware threats and much more. Computer forensics is an additional add-on or hired outside the/for the firm.

Biometrics security refers generally to physical type preventions as voice and retina and fingerprint recognition etc. to even gain entry into like a security firm as a major antivirus company as example. These too may include similar to even access a company computer. Threats to these areas are another area other than malware and an up to date fully patched computer.

SEE Zero Day threats…. also:

http://www.webopedia.com/TERM/Z/Zero_Day_exploit.htm

http://en.wikipedia.org/wiki/Zero-Day_Attack

List of threats to PCs….

http://bluecollarpc.us/threats-faqs/

 

Source(s):

http://bluecollarpc.us/forensics/

http://bluecollarpc.us/threats-faqs/

 

 

Home/Small Business areas of Security in Online Communications

Home/Small Business areas of Security in Online Communications

Security of communications in a Home/Small Business endeavor or existentially. (I had to add this to my blog ! )

SOURCE — I am member Gerald309 – http://www.theeldergeek.com/forum/index.php?showtopic=43544  )

Of course this is the core in the security and IT industry with all the products available, and of course all the many departments in those products and general security in all communications on the world wide web. I could only scratch the surface and perhaps point you to some beginning areas that can expand into the “learning curve” knowledge – and since you are alert enough to consider security itself, you are well on your way to that simply by reading a post as this. Securing communications products and appliances are involved in secure communications. This is a very vast area of world wide web security itself and can be easily perceived in the many zero days and continual security alerts as vulnerabilities discovered and their solutions – generally patches, updates.

The two sides are all the communications from the client side (home/business network of computers) and all the communications to and from the server side (hosted on the world wide web). If I guessed right – you are concerned with the basics of secure communications against “leaks” which can occur on both sides of the equation in many areas. Some of the basics are like digital secure email for example.

Digital IDs for Secure Email

http://www.verisign.com/authentication/digital-id/index.html

Compare Digital IDs – Authentication, Secure Email & Secure Office

http://www.globalsign.com/authentication-secure-email/digital-id/compare-digital-id.html

Above are just two items of a vast array of security points of a vast industry with a vast amount of products. The learning curve can occur with introduction of communications and the security aspects which can involve all the threats exploiting them continually.

Just one aspect of this is generally called “sanitization” and as a search term…

Sanitization

http://en.wikipedia.org/wiki/Sanitization_%28classified_information%29

Same ballpark…. (even a corruption source and malicious use of hiding)

Data cleansing

Not to be confused with Sanitization (classified information).

http://en.wikipedia.org/wiki/Data_cleansing

In threats, there is the spyware area of “data mining” (which becomes much more aggressive for nefarious uses – cyber thefts)…

data miner (spyware)

http://www.webopedia.com/TERM/D/data_miner.html

I can not locate it handily, but I wrote a first “paper” about deceitful data scraping ….

Data scraping

http://en.wikipedia.org/wiki/Data_scraping

And so even these very, very few items are not even a surface scratch of all involved and are a part apparently addressed by the product mentioned <http://www.anonymizer.com/ > . There are a zillion as such now and it takes first understanding the scope of dangers – and then what addresses that as a confident determination in a security solution. Much of all things are simply “cured” by keeping all machines fully patched and all softwares and add ons. That basically gets rid of 90 percent of the ills and of course this is all assumed as installing the cutting edge quality products of antivirus, antispyware, and software and hardware firewalls and employing with severe prejudice – Safe Practices. As mentioned, adding any remote type connectivity to the home/business computer network introduces and multiplies dangers such as here – what has become a deplorable wireless security connection anywhere now with virtually all wireless signal encryption hacked.

One more point of all this is the actual webhosting and their server side security and reputations which need be observed obviously. One item here is the infamous…

Cross-site scripting

http://en.wikipedia.org/wiki/Cross-site_scripting

There are so many, many instances now of website break in worldwide in all – .com, .org, .gov, etc. . The obvious beginning is securing the home/business side of network computers (non-corporation) to at least determine any leaks and infections are not coming from the client side as example, uploading infectious files or photos, etc. Then, with this “forensics” if you will, it can be determined any malware and data ills and break ins are indeed occurring on the server side – webhost and servers. This is out of the hands on the client though they may work with you in any instances (not rare anymore). One example of this was that I suffered what is called “defacement” of my personal security theme website a couple years ago. This is that too familiar scenario whereby a cyber criminal hacks into the webhost and/or servers and places the defacement with the message “…if you want your site back, contact me with money at so and so…” – a typical extortion plot generally aimed at business. Unfortunately, the client has to wait until the webhost remedies the infection. This is where much research should be employed into the security aspects of the webhosting security reputation as well as all applications used on the website. C-Panel hosting really gives the client hands on in many areas.

The only bottom line is that I have not heard yet that WPA Enterprise is compromised For business, there is enough free information available but generally no one will get involved in actual security solution without price – IT Security. I do advise to look around a bit ‘yellow pages’ in your exact local regional area for these services for Home/Small Corporate business. In the least if hired, you will have among the best bondable security solution available. And again, there are a zillion products for a zillion things much as the medical industry churning out specialism in treatment – one for this one for that and so on. This can be completely counter productive and even damaging (much like the ills of using two antiviruses on a desktop ignorantly) and whereas IT Security will indeed deal with the entire over all picture.

I mentioned Trend Micro as well known and of course is one of the handful of these top quality products on the cutting edge of defense and not as hype but fact proven by independent lab testings. I am testing out their new netbook edition, but going back a year or two they did actually have four or five different security level settings for their laptop/notebook edition included firewall which included defending against direct attack while on Wi Fi wireless internet. I assume they still had that. This product virtually assures your machine (s) are defended and not infected. One side of the equation confidently secure. A basic beginning and they have almost all these communications protections incorporated aside from others the client can install like document type stuffs and secure email and so on.

Simply, trying to point you to data areas that you seemed interested in securing. Massive isn’t it ! The more you become involved in security you will see there is indeed a split in the area across the board and IT. Many just advise quickly for a sale not caring – profit driven, taking advantage of consumer ignorance. Many adjust security for convenience – whatever is least interaction for the client for their irresponsible praise which many times involves data theft resulting in massive ID Thefts of their customers which they will be both responsible for in a court of law – usually the business owner blaming IT.

Just mentioning things that do not even scratch the surface, I think you can appreciate this is not a one liner response subject. Quite the opposite. Costs are always a target, but to even make money on the Net – security should never be a target of the axe obviously to even be solvent in today’s marketplace online.

Not being professionals and experts and programmers in the industry, the consumer business person can easily rely on responsible user input (what’s hot – what’s not, what worked – what didn’t) from experience the best teacher to add as additional, but not sole source, for “Informed Decisions” in security solutions.

Forgive the answer if I entirely misjudged that you are a simple home laptop/desktop user looking for wireless security as opposed to a business owner. No, then, that product is not for this – it is a business enterprise solution type product.

EDIT… just looking I did see they actually indeed have a Home User Version. My apologies in advance. The WPA is encryption of what is in the air – the communications undecipherable. This is what has been hacked and there is no solution for that except a new upgraded WPA as they did with former WEP. What is in the air over the wireless internet (Wi Fi) is everything your are seeing and doing. Breaking into this, hacking WEP and WPA, the cyber criminal is basically seeing an entire text version of all to easily see sites visited, emails and documents and files opened an so on. It does not matter at all what is on client or server side. This is not what is being hacked.

More, see….

End-to-end principle

http://en.wikipedia.org/wiki/End-to-end_principle

Wireless Intercept & “Wiphishing”

http://technology.pitt.edu/security/risks/wiphishing.html

Webmaster, http://BlueCollarPC.US/

%d bloggers like this: