Auditing Your Computer Systems

The Computer Systems Auditing field has really exploded in the last 15 years and this is due to the rise in systems being used at the small business level, handling three times as much data as before. If you are a small business with a network, you should have some type of computer audit program in place.

A computer security audit is a systematic, measurable technical assessment of how the organization’s security policy is employed at a specific site. Computer security auditors work with the full knowledge of the organization, at times with considerable inside information, in order to understand the resources to be audited.

Security audits do not take place in a vacuum; they are part of the on-going process of defining and maintaining effective security policies. This is not just a conference room activity. It involves everyone who uses any computer resources throughout the organization.

Computer security auditors perform their work though personal interviews, vulnerability scans, examination of operating system settings, analyses of network shares, and historical data. They are concerned primarily with how security policies – the foundation of any effective organizational security strategy – are actually used. There are a number of key questions that security audits should attempt to answer:

Are passwords difficult to crack?
Are there access control lists (ACLs) in place on network devices to control who has access to shared data?
Are there audit logs to record who accesses data?
Are the audit logs reviewed?
Are the security settings for operating systems in accordance with accepted industry security practices?
Have all unnecessary applications and computer services been eliminated for each system?
Are these operating systems and commercial applications patched to current levels?
How is backup media stored? Who has access to it? Is it up-to-date?
Is there a disaster recovery plan? Have the participants and stakeholders ever rehearsed the disaster recovery plan?
Are there adequate cryptographic tools in place to govern data encryption, and have these tools been properly configured?
Have custom-built applications been written with security in mind?
How have these custom applications been tested for security flaws?
How are configuration and code changes documented at every level? How are these records reviewed and who conducts the review?
These are just a few of the kind of questions that can and should be assessed in a security audit. In answering these questions honestly and rigorously, an organization can realistically assess how secure its vital information is.

As a small business, your audit checklist might not be that detailed but these are some of the questions that you want an outside auditor to ask just in case you decide to have your system audited.

Fighting Spam!

It’s been nearly a decade since spammers and their enemies begun evolving competitively. As with the classic cheetah/gazelle model originally formulated by Darwin, each time one group becomes a little faster or more agile, its adversaries develop traits for outwitting and outrunning it.

In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail.

Nobody wants it or ever asks for it. No one ever eats it; it is the first item to be pushed to the side when eating the entree. Sometimes it is actually tasty, like 1% of junk mail that is really useful to some people.

The number of unsolicted commercial electronic messages received by the average American in 2001 was 571, according to Jupiter Media Metrix. By 2006, Jupiter says, that number will increase to 1,400, with more than 206 billion spam messages going out over the course of the year. While these numbers are notoriously difficult to calculate, every survey and ISP record points to dramatic increases in spam, sometimes as much as 300 percent year over year. One reliable indicator of the problem’s magnitude is the size of the anti-spam effort. The range of tools available to ISPs, enterprises and consumers in the fight against spam grew considerably during the Web bubble. Simultaneously, heavyweight Web marketers and interactive ad players have been scrambling to distinguish their services from the bad guys, as well as to counteract growing calls for government controls on digital marketing.

In one of the biggest such moves, the Direct Marketing Association (DMA), through its subsidiary, the Association of Interactive Marketing (AIM), has released online commercial solicitation guidelines in an effort to promote high ethical standards among marketers. The rules require that members let e-mail recipients know how they can refuse future mailings and allow consumers to prevent the sale or rental of their addresses

What Is Spam?

You have probably seen an increase in the amount of junk mail which shows up in your email box, or on your favorite newsgroup. The activities of a small number of people are becoming a bigger problem for the Internet.

Chain letters that ask for money, whether for reports or just straight up, are illegal in the US whether they are in postal mail or e-mail. Report these frauds to your local US Postmaster. You may see e-mail coming from Nigeria or another African country, sent by someone who wants to use your bank account to transfer 20 million dollars. This is called a ’419′ scam and people have been killed over it.

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send — most of the costs are paid for by the recipient or the carriers rather than by the sender. To the recipient, spam is easily recognizable. If you hired someone to read your mail and discard the spam, they would have little trouble doing it. How much do we have to do, short of AI, to automate this process? I think we will be able to solve the problem with fairly simple algorithms. In fact, I’ve found that you can filter present-day spam acceptably well using nothing more than a Bayesian combination of the spam probabilities of individual words. Using a slightly tweaked (as described below) Bayesian filter, we now miss less than 5 per 1000 spams, with 0 false positives.

One particularly nasty variant of email spam is sending spam to mailing lists (public or private email discussion forums.) Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks.

Networking for an IT Certification

Whether you want to know technology for home or for work, you will need to know what the options are as well as the best route to take. One of the options that are available is learning how to network through technology. This can help you in several areas as well as allow you to gain credentials that can be used for work. By learning how to use technology to network, you will be able to advance easily with both your business and your work area.

Networking through technology is defined as anything that will help people to communicate through technology. This can then be used as a skill in a company to allow for better and easier communication. There are several reasons to use networking as a technical skill. First, it will allow for the infrastructure of the company to be maintained. By doing this, you will know that the working of the company has constant communication with other workers as well as the supervisors. The second reason to use networking is to make sure that the administration is able to check in on what needs to be done. These are both especially important if there are people that are not working at a certain location. You will also be able to use networking as an easier way for speaking with clients as well as gaining new sales. Networking certification can also give you skills to implement new technology programs that will benefit the company. From here, you will also find ways to offer support for technology programs in the business.

One of the major programs that will be used for networking IT Certification is a program known as CISCO. This particular program will give you options for learning how to network and manage different areas through technology. It will also teach you how to route information through different areas in order to be more efficient with communication. In relation to this, CISCO will use several software programs that are specialized for networking needs.

The next type of networking certification that can be obtained is the CompTIA network and server. The first level of this is in relation to learning how to network through this specific program. From here, you can learn the networking and how the server works in relation to this. The CompTIA is specified to help those that already have some training with technology, either through education or through their work area. Through this program, you will gain the ability to use media, standard software and hardware programs, support areas and implement networks through technology in whichever area you are working in. The Comp server will focus on more advanced networking technology areas. If you move into the server, you will need to get the networking certification first, and then learn how to use the server for networking in addition to the skills that you have already learned.

Another type of networking certification program you can look into is known as server administration. This is an especially effective program for those who are business managers. Part of this program will focus on how to use the Internet effectively when conducting business with others. This will not only include having the right infrastructure up, but also maintaining business areas for clients

Spam Filter – Bayesian Filter to Fight back Spammers

The most prolific and path breaking innovation of last century had been the developments in the communication field. It literally changed the business working, product marketing, support services and most importantly, the advertisement campaigns.

But just like all goods things comes with a price, so was the communication. It brought in the problems of Spam Emails. Automated mailers with mass mailing capabilities, growing marketing dependencies on this tool have seen the large losses in terms of time and money.

There have been many ways of targeting spam mails like blacklisted domains, banned IPs, words in subject and many more. The spammers have always found out a way to change their identity. But here is the catch. The spammers are being paid to send the message. They can change their Domains, IPs, subject lines, but how much they can play with the contents? And that’s where content based filtering comes into focus. Now we can understand that by targeting and focusing on message body, there is a better chance of filtering spam emails.

Apart from the usual spam emails, the new menace has been created by the “phishing emails” targeting primarily eBay and PayPal accounts. These emails come as a “Last Warning”, “Attention Required”, “Password Change Required” or “Your account is suspended” among many more. These mails appear to have come from eBay or PayPal and provide a link to their own page.

These pages are designed just like the original pages and the unsuspecting user ends up providing his/her sensitive information like username/password or Credit Card Information to these duplicate pages. Here I would like to add one piece of advice to all users that you should always see where the link is taking you by seeing the tool tip and then if sure, follow the link.

The role of content in marking the mail spam or not spam has been achieved using the Bayesian filter. Together with the Black List of spammers and White list of trusted emails ids, is the best technique to counter the spam. The most interesting fact is that Spam Filter with Bayesian algorithm is a self learning filter. The more you use, the more secure you shall be within a matter of few days.

The spam filter integrate easily with popular emails clients such MS outlook and Outlook Express. With due course, up to 98% of the spam mails can be stopped from entering your Inbox. The Spam Filter for Outlook Express and Spam Filter for Microsoft Outlook, with the features of White List/Black List and properly used Bayesian Algorithm will help prevent spam mails, phishing mails and fraud mails from bothering you further.

There has been a considerable increase in the spam mails containing Non English Characters also. The Bayesian Algorithm based Spam Filter also must have the capability to parse non English characters and mark as spam mail.

To get rid of continuous spam mails, phishing mails, fraud mails and Non-English mails, you might like to try Official Spam Filter for Outlook Express 1.2 and Official Spam Filter for Microsoft Outlook 1.2. Official Spam Filter has the capability to seamlessly integrate with MS Outlook and Outlook Express and provide following features:

•Bayesian Algorithm for Anti Spam Filtering

•Auto Learning Bayesian Filter to challenge Spam Emails

•White List of Trusted Email Address

•Custom Black List

•Individual Marking of Spam/Not Spam Emails

•Optional feature to block Non-English Emails

•Complete Mail Header Information

For more information, visit Spam Filter

Save Time, Money and Hassle – Stop Spam

Spam can be an absolute nightmare, and one that seems to spiral out of control in some of my email accounts. If i’ve been away for a few days and haven’t had a chance to check my emails, I dread having to open up my email client when I get back online in anticipation of hundreds or thousands of spam emails.

Although I simply delete these emails, for some, they seem legitimate messages that can often cause the recipient to become the subject of a fraudulent activity. An example of this that many people may have experienced are the emails that claim that you have won the lottery in some country that you probably haven’t even visited, or emails that ask for you to help claim a substantial amount of money for someone who claims to be entitled to millions of dollars from a lost relative. These types of emails are laughable but for a lesser experienced internet user, they pose a great threat.

This was when I decided to use a spam blocker to prevent the hassle and time wasted deleting spam emails.

Spam has been around since the medium of email became popular. Even though there have been several laws passed that are trying to limit the amount of spamming activity, it still exists. A good way to stop the annoyance and the time wasted deleting spam emails is by using a spam blocker. They can also save you a lot of money in the scenario where you are unfortunate enough to receive a virus from a spam email. This has happened to me before, and I can honestly say I will now do everything possible to stop it from happening again because of the hassle and time it took to get my pc back to the way it was. In fact this took several weeks and numerous times formatting my hardware, which despite my best efforts resulted in quite a few programs and software being lost.

But why do people fall victim to spam emails? The truth is that the spammer is becoming cleverer in the way that they set up the scams. It was not so long ago that I received an email which was apparently from Paypal. The email was pretty well written and even the links seemed to point to the Paypal site. I felt it was not genuine though as it asked me to click a link to visit the “Paypal” site, whereas I had read some time ago never to click a link in an email to visit the site, but to type the address directly into your internet browser so that you can rest assured that the site is genuine. It is a distinct possibility that many internet users will have fallen for these types of emails.

Do not become a victim of the consequence of spam emails. A spam blocker is a simple solution that will prevent the emails from ever reaching your inbox. They can save you time, money, hassle, and any potential problems that spam emails possess.

How To Stop Spambots Harvesting Your Email Address

It’s an unfortunate thing, but the internet certainly has its share of unscrupulous people. In my opinion, the worst amongst these are those that deploy software robots to roam the web and harvest email addresses from web pages. These addresses are then collated into huge databases and sold for the purpose of spam.

Now we all hate spam and anything that can be done to reduce it is very worthwhile. This is not rocket science and a basic knowledge of html and how to cut and paste will see you protected from the spambots. All we are going to use is a bit of javascript.

First, open Notepad or any text editor and then copy and paste the following into the file.

/* This script provides for a straightforward email address in a web page.
In your web page add the following:-
*/
function blocker(name)
{
var domain =”yourdomainname.com”;
document.write(‘‘ + name + ‘@’ + domain + ‘‘);
}

/* This script adds a subject field to the email.

function blockersubject(name,subject)
{
var domain =”yourdomainname.com”;
document.write(‘‘ + name + ‘@’ + domain + ‘‘);
}

/* This script is for using as an “Email Us” or like in a menu system or on a page.
Insert the following in your web page:-

function blocker2(name,text)
{
var domain =”yourdomainname.com”;
document.write(‘‘ + text + ‘‘);
}

/* This script allows the adding of a subject, but also displayable text for a menu system. In your web page place the following:-
*/

function blockersubject2(name,subject,text)
{
var domain =”yourdomainname.com”;
document.write(‘‘ + text + ‘‘);
}

//End of file.

Save the file as blocker.js in your document folders because this script can be reused over and over for as many different web pages as you like. You only need to change the variables in the script.

To get the scripts to work, there are a couple of things you need to do. I usually create a sub-directory for my javascript and actually call it that. Any javascript for the web page can be stored there. Save a copy of the file blocker.js to this directory and then edit all the variables to suit your site.

Now you need to allow the scripts to be called and the web page needs to know where they are. The easiest way to achieve this is to have the information in the section of your document. Before the closing tag, and assuming you have saved the file to a javascript sub-directory, insert the following line of code:-

(Insert less than sign)script type=”text/javascript” src=”javascript/common.js”>(insert less than sign)/script>

You will just have to make sure that the path to the javascript sub-directory is correct for the document. This is simple if you use Dreamweaver as you can modify the template for your site and it will update all the pages. If you are using php includes, you will need to make sure that the path is correct from your header template through to the javascript directory. A little playing will usually get this sorted out for you.

One final thing that you should be aware of and that is that not everyone has javascript turned on. If a visitor hits your page and has javascript turned off then they won’t be able to see your email addresses at all. To resolve this, enter the following code just below the area where the email address is supposed to appear.

(Insert less than sign)noscript>

If you are seeing this, then Javascipt is not turned on in your browser and you won’t be able to see our email addresses. They are hidden by Javascript. You can either turn your Javascript on or alternately email us at youraddress at domainname dot com

(insert less than sign)/noscript>

Make sure you do not use the @ sign or put the dot in or even type the full email address properly. You will destroy all the good work you’ve done.

And there you have it. A simple piece of javascript that will prevent your email address being harvested by the nasty little bots that roam the web.

How to Categorize a Computer Virus

Many computer users don’t understand the categorization of computer viruses. They are many different viruses and these viruses are generally found in three categories. Some people say that their computer got hit with a Trojan Horse, b32 Worm, Phyllis, or Bomb virus but these operate differently and aren’t the same as many users think that they are. In any event, you want to try to protect yourself as much as possible against any type of program that can do harm to your computer.

The most common and basic categorization for viruses is pretty simple. The computer virus has been around for years, even in the old ARAPNET programs that the government would use before the internet became part of the public sector for all to use. A computer virus, attaches itself to a program or file, much like we carry germs from a cold or flu, and spreads that virus from one computer to another. I’m starting to think that we as humans have many similarities to a computer!

Well, if you’ve ever had someone spread a cold in your office or home, you know that it can leave an infection. If you have children, then you know if one child gets it, the other child, depending on how strong their immune system is, may not be far behind in catching the same virus, be it cold, strep throat or sore throat.

Computer viruses have a range of effects. Some are not so bad while others can be damaging. It’s like the difference between a cough and rheumatic fever. That’s the range of computer virus classifications.

You have to watch out when you get an executable file (a file with an extension of EXE). This means that the culprit or virus is lurking somewhere in the jungle of programs that you have on your precious system but the virus cannot effect your system unless you open it. If you open it, then chances are if you do not have virus protection software, the virus will spread to other programs, including your emails and email attachments.

Anti-Virus software is the remedy for computer viruses and usually wipes them out with ease. I think I will go run my anti-virus program so that I can be a good example of keeping the germs out of my computer. Hope that you will do the same!

Microsoft IT Certification Programs

Considering an IT Certification program also includes knowing what is available to you and what the specialization will allow you to do as well as limit you to do. There are several providers that will offer specialized programs that can affect the qualifications that you have. One of the providers that offer these specialized programs is Microsoft. By knowing what programs they use, you can determine if it is the right program for your IT Certification and specialization in technology.

The first type of training that Microsoft provides is the Microsoft Office Specialist. This will give you the basics about different Microsoft databases that are frequently used. The latest versions of Microsoft word applications, such as Microsoft Office will be studied. You will learn about Outlook, Excel, PowerPoint and Access with the Office Specialist Certification.

The second type of IT Certification that you can get from Microsoft is the Microsoft Certified Solution Developer, or MCSD. This particular certification will give you knowledge about how to develop different technology programs used by Microsoft. If you are interested in this particular certification, you will be taking four exams to get the entire credit. This will be used to develop visual studios, using the Internet, and how to use Microsoft’s software of ADO. From here, you will learn how the infrastructure of Microsoft works, especially in relation to databases, e-commerce and different maintenance structures.

Another type of training that you can get from Microsoft is known as the Microsoft Certified Trainer. These are the people that will be training you to teach the technology and troubleshooting areas that are related to Microsoft. If you get this type of training, you will be able to provide online or in the classroom training to others who wish to become IT Certified.

A Certified Database Administrator is another option for those interested in IT Certification. This will allow you to work with the infrastructure of a company as well as to implement certain software when needed into a company. This specific IT Certification will require for you to take three exams. One will be based on your understanding of the server that you will be using, known as SQL. You will also learn about the environment that is related to this server, and how it affects the various databases. Learning the other software, how to maintain and develop the different software and applying the right technology into the right areas will also be part of this certification training.

Patch It Up

Most of us have been in relationships that haven’t been too good. Somewhere, something got in the way (sometimes it’s another person) which caused everything to go haywire, If you’ve ever had the feeling of things in your life not being in sync, losing sleep and wondering about what got in the way, you try to find out what it is and patch it up before it’s too late and everything is lost.

I won’t break out into a love song but the same goes for your computer system.
Operating software has come a long way in the last twenty years. It has allowed the average computer user to do dynamic things that were unthinkable 15 years ago. Any software can be penetrated and there are holes within the software, especially in Windows and Microsoft programs. Microsoft has online updates and has a routine that can scan your system and automatically update your computer.
You should not ignore these critical updates. Microsoft has a set of engineers that purposely try to hack their own software to see where security holes are so that they can recommend security updates. I know that most people ignore their update flash because they don’t have the time to download the updates, they are in a hurry or it might interfere with the game of Solitaire that they are playing on the computer.
You should run the Windows update program once every week and if Microsoft provides you guidance to run a special program you should run it.
After you run the programs, you should make a backup or rescue disk. This is a lost art because people have become so comfortable with their systems and they don’t think their data can be destroyed. You must have a backup disk available if you want to put your data back on the system after a crash.
Windows XP has a great restore program and I recommend that you study it. If you have a crash that isn’t too drastic, the restore program will actually ask you questions, provide you a restore point (which is primarily a past date) and the system is automatically restored to that point. Keep in mind that it’s good after a restore to run virus protection routines manually.
Your virus protection software also has the option of creating restore disks too.

Patch up your system so that nothing comes in and tears it apart!

« Previous Page — Next Page »