Saturday, December 10, 2011

Reconciling Parental Control Software with Internet Security Principles

Parental control software remains a useful tool to monitor your child's online activity and at the same time block inappropriate content. The fact that you are an adult does not necessarily mean you like to view offensive content, so the software can also be utilised to block offensive content on sites you often visit. Unfortunately, with the monitoring part of the software comes an inherent security risk of sensitive information that may fall into the wrong hands.

If you want to use parental control software, you need to use it responsibly, especially if you install it on a computer that is shared by several members of your household. The trustworthy members of the family need to be aware of the software and the need to have administrator privileges to disable the software before working on the computer. Parents often forget to disable the software before doing online shopping or banking, effectively allowing the key-logger component of the software to log important information such as social security numbers, credit card numbers and passwords.

Many Internet monitoring software packages take screen shots at certain intervals to capture the contents of the screen at a specific point in time. This is also dangerous if you forget to disable the monitoring part of the software, before logging into a secure area of a website. Screen shots can be taken of sensitive information that's normally only accessible behind a secure login area. All this information (keystrokes and screen shots) is stored on your hard drive, exposing it to possible exploits from crackers or spyware.

Well-written parental control software will obviously encrypt the information it logs, but crackers often decipher the encryption code in next to no time. The last thing you need is a spyware infection or an intruder on your system that can bypass the encryption of the parental control software. You don't want a stranger going through your logs if you accidentally forgot to disable the software before entering sensitive information on the Internet. So the most important thing to remember is to disable the monitoring software before you use the computer and remember to enable it again when you're done, otherwise there is no point in having the software on your computer in the first place.

Some parental control software allows you to create different profiles for different members of the family. You can for instance have a "Child" profile that blocks inappropriate content and monitors your child's activity on the web, a "Teen" profile that does not block any content, but only monitors your child's activity and a "Parent" profile that does not monitor your activity or block any content. The "Teen" profile can be activated when your teenager wants to use the computer, or you can activate the "Parent" profile if you are present while your children surfs the Internet. The "Child" profile should be used to limit Internet access while you are not at home to keep an eye on your children's Internet activity.

Kaspersky Lab recently integrated a parental control module into their Internet Security suite. It does not log keystrokes or take screen shots, it only monitors HTTP traffic. To know what your child is doing on his or her computer, you only need to monitor their Internet use. It is easy to see which games they are playing and which software they are using by examining certain areas of your system, like the Program Files folder and the Add and Remove Programs section of the control panel. Clever kids will know how to wipe this information, but most programs make connections to the Internet these days, so just by examining the HTTP traffic generated by these programs, you can easily tell which programs your child is using and which websites they are visiting.

The parental control module of Kaspersky Internet Security logs all the websites visited by your children, all the remote images loaded from e-mails that they read and all the servers they connect to for online gaming and software updates. If the logs contain entries from winamp.com, then your child is probably using Winamp to play music or movies. Entries from ea.com, might indicate that your child is playing some games developed by Electronic Arts. Your children will also download software from certain sites, which will give you another indication of what kind of software they are using. The fact that the software monitors HTTP traffic, means that you are not only limited to the traffic generated by a web browser or e-mail client, it monitors all Internet activity from any application.

The way that Kaspersky Lab approaches parental control and monitoring software, does not compromise your online safety like your conventional child monitoring software, because there is no security holes created by keystroke logging and capturing of screen data. The logs of your HTTP traffic may still contain tracking information that you may not want to reveal to advertising companies (and their spyware programs), but the beauty of this module is that it is integrated into an Internet security suite, so you are automatically protected against unauthorised access and malicious software infections, thanks to the firewall the anti-malware shields of the software. Traffic through secure servers (HTTPS) is normally encrypted, so the monitoring software only sees the encrypted data during a secure online session like Internet banking or online shopping. I still recommend that you turn of the parental control module before transmitting sensitive information over the Internet.

Up to know I basically discussed the monitoring part of parental control software. The control part allows you to block indecent content as well. Blocking inappropriate content minimises the risk of malware infections. Porn sites are often loaded with spyware, so keeping your children away from these sites, does not only protect them from exposure to harmful content, but it also protects your computer from dangerous infections. Your child's porn surfing may be the cause of a dangerous spyware infection, something you may not be aware of (especially if you don't have any spyware protection installed). You could easily log into your online banking account or enter sensitive information on the web, without realising that there are spyware lurking on your computer, watching your every move. Parental control software is not designed to protect your computer against malware infections, but preventing your children from accessing inappropriate websites, helps them to stay away from potentially dangerous websites, which is the number one rule in malware prevention.

Proper parental control software should allow you to set up filters to block specific inappropriate content, giving you complete control over what you allow your child to access on the Internet. Kaspersky Internet Security allows you to do exactly this. Lets say you want to block access to sites containing the word "murder" in the URL. You simply add the filter "*murder*" to the Parental Control Blacklist and it will block all websites containing the word "murder" in the URL. You can also blacklist specific URL's to prevent access to certain online chat rooms, web mail services or social community websites. Websites that carries your approval can be added to a white list to prevent the software from accidentally blocking it, or you may want to allow only specific pages from a site that's currently on the blacklist. The flexibility of the software allows you to fine tune the parental control software to your own specific needs, enhancing the online safety of your children.

So what is the message I'm trying to get across here? As I said at the beginning of this article, parental control and monitoring software remains a useful tool to keep an eye on your children's Internet activity when you are not present. As a parent you need to understand that parental control software poses certain security risks of you do not manage the software in a responsible way. I feel that developers of parental control software should move away from keystroke logging and screen capturing and focus on HTTP monitoring instead. Parental control software developed by a company who specialises in Internet security, gives you peace of mind that the software was designed with security as a top priority. The next step for Kaspersky Lab may be to make the module optional. Not everyone wants parental control software, but if I want to add this functionality to my computer, I'd rather buy it from a developer who has been in the Internet security industry for years, than buying the software from a developer who does not have a clue about Internet security.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security and analysts of Cyber Security Software Read our review of Kaspersky Internet Security 7.0 for an in depth look into one of the most comprehensive Internet security suites in the security software industry.

Sunday, November 27, 2011

What Is Multi-Factor Authentication?

Multi-Factor authentication, or sometimes called strong authentication, is an extension of two-factor authentication. Multi-factor authentication involves two or more factors whereas two factor authentication only involves exactly two factors. There are three basic "factors" in existing authentication methodologies. These "factors" would be something the user knows, something the user has and something the user is. An example of something the user knows is a password or a personal identification number (PIN). Something the user has would be an item like an ATM card, smart card or cellular phone. Something the user is would be a biometric characteristic such as a fingerprint or iris scan.

An example of this kind of authentication is requiring that the user insert something the user has such as a smart card or using a cell phone (something the user has) and entering in a password (something the user knows). This authentication can be taken a step further by adding a third factor such as requiring a valid fingerprint or iris scan (something the user is).

When you are sending your personal information over the internet or over a server, are you confident that these are so-called "secure" networks? Although internet fraud has reportedly dipped in 2010 consumers are still skeptical while doing anything online that involves their personal information. In fact, in 2009 online fraud doubled from the year before.

There was a time when email passwords could be any password you choose, but even now email providers require you to have minimum length keywords and they even rate your password strength. Security is an important concern for most people and as people have needs for stronger passwords, stronger authentication is developed to meet this demand. Passwords are becoming more complex and now require minimum lengths, have symbol requirements and have restrictions to help increase security among users, but that still isn't enough.

Beyond creating more difficult passwords for someone to hack, crack or steal, there are even higher forms of security available. Multi-factor authentication is now being used by major corporations to protect your confidential information online or over their networks. Multi-factor authentication is the solution to data and identity breaches and is much more secure than just a simple one time password.

Two-Factor Authentication

With multi-factor authentication stealing a username and password is not enough. Usernames and passwords are only a single factor authentication method. In a two factor authentication system, the user provides a dual means of identification, one of which is typically a physical token such as a card or cell phone, and the other of which is typically something memorized, such as a security code. The security code is usually a one-time password sent through an SMS text message to your mobile phone, but sometimes two-factor authentication solutions provide proprietary devices that will produce an OTP for you.

Multi-Factor Authentication

Multi factor authentication uses a combination of two or three different ways to authenticate your identity. The first is usually a password (what you know), but can also include your response to a challenge question, known as knowledge based authentication. The second is what you have which could be a physical device such as a smart card or a hardware token that generates one time only passwords. The third is who you are, as indicated by a biometric such as a fingerprint or an iris scan. Almost ever factor approach uses a password, and then combines this with the second or third factor or both. Two-factor authentication is a multi-factor authentication, but not vice versa. With technology growing by leaps and bounds there are not only more ways of stealing your information, but more ways of combating it.

There are three independent factors to multi factor authentication: Something you know, something you have and something you are.

Something You Know
This is the traditional username and password system that we have been using for decades and still use today. This could also be your response to a challenge question, known as knowledge based authentication. With the possibility of being hacked or having your password stolen these days there had to be a more secure way of accessing confidential data. There is key logging software and other types of hardware devices to that have compromised the security of login credentials and personal logins like usernames and passwords.

Something You Have

Something you have consists of utilizing an outside network such as a mobile phone for SMS text messages or a proprietary token that creates one time passwords. Also, still used in some cases is a piece of paper that contains lists of passwords. Have you ever been sent a one-time password to access some sort of personal information such as online banking records or maybe an important account you were locked out of? That would be two-factor authentication through something you have.

Something You Are

Once you have your username, password and OTP there is only one thing left to identify you. With today's technology we can now measure our biological differences. Since everyone is unique like a snowflake utilizing biometrics to obtain access to confidential information is the most secure form of identification. Measuring parts of your body like an iris scan, fingerprints or even the spacing between fingers a security system can now authenticate a user.

Many technology vendors claim to be offering "multi factor authentication solutions" are, in fact, providing single-factor authentication approaches. Most notable are these approaches of the challenge/response approach which is often paired with a shared secret image. These kind of approaches are not true multi factor authentication solutions and are not compliant with the U.S. Federal Financial Institutions Examination Council, which is the formal interagency of the United States government that is empowered to prescribe uniform principles, standards and reports forms for the federal examination of financial institutions.

A true multi factor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple factors from the same category does not constitute multifactor authentication.

Maybe our society in this day and age is being paranoid, but it does not seem that way when everyone knows someone who has been affected by fraud. Trusting our personal data to a simple username and password is like protecting a pile of gold with a chain link fence. This type of authentication is the most effective way to authenticate a user and protect data as it is much harder to compromise combinations of something you know, something you have and something you are.

Mitchel Smith is a authentication security expert who has been in the industry of information technologies for over a decade. He provides authentication information about Two Factor Authentication and Multi Factor Authentication.

Thursday, October 27, 2011

Anti-Phishing - Several Different Techniques to Combat Phishing

Phishing is a term used to describe the activity through which personal particulars like usernames and passwords and financial information like credit card details are tactfully retrieved from unsuspecting Internet users. Unlike hacking where the hacker breaks into a computer system or network and steals information, phishing is most often done with the full cooperation of the victim. This is probably what makes phishing all the more dangerous.

Phishers normally masquerade as trustworthy entities by impersonating popular organizations and websites. They would send a message to thousands of unsuspecting people asking them to confirm their username and password, threatening that their accounts would be terminated if they fail to do so. Most people never check the authenticity of such messages and immediately comply with the request. Especially when the message is written in an authoritative tone, people respond immediately to avoid any disruption in their service. This often forces them into sharing sensitive information which they would otherwise have never shared with anyone else online.

The term Phishing was first used in 1996, and is a variant of the word fishing. Just as bait is thrown in fishing to catch unsuspecting fish, Phishers send a message hoping that their victims would be "hooked" by responding to their message. Phishing initially started in the AOL network and then slowly moved to financial institutions as E-Commerce gained popularity.

Anti-Phishing Initiatives

Technological improvements and stricter legislation have been enforced to contain phishing as far as possible. Public awareness is probably the most effective weapon against this menace. Phishing is successful mainly due to the ignorance of the general public. Once they become cautious of these activities, phishing would lose much of its potency. There have indeed been massive efforts to educate the public and make them aware of this online menace. As a result, more people have become aware of phishing threats and are more cautious than they were just a year ago.

Improved browser design has made identifying phishing attempts a little easier. Most of the latest Internet browsers contain anti-phishing capabilities. Internet Explorer 8 for instance displays the domain name in black, and the rest of the URL in grey, making it easy to identify fraudulent URLs. Firefox for its part lets users create their own labels for their favorite sites. If a phisher tries to redirect them to a similar-looking fraudulent site, the browser would immediately warn the user or simply block access to the site. Most browsers also maintain their own lists of known phishing sites which they immediately block if the user tries to go to one of them. Email is another victim of phishing. Fortunately, powerful spam filters are in place these days that identity and block phishing mails from reaching the users' inbox.

Banks and other prime phishing targets have started using the services of dedicated technology groups which monitor and shut down phishing websites whenever they find them. Individuals and the public can also help by reporting phishing sites to these groups. The U.S. Federal Trade Commission and equivalent bodies in other countries have taken legal action phishing offenders. Anti-Phishing Working Groups like FraudWatch International, PhishTank and Millersmiles publish the latest information on phishing scams to warn the public.

Phishing needs to be tackled using a multi-pronged approach. Cutting edge technology, stricter legislation and better user awareness are some of the defenses that can contain this online menace.

For more information about phishing, identity theft and cyber crime please visit www.callercenter.com

Sunday, September 11, 2011

Norton Internet Security Protection - The Leader on PC Protection

People are more dependent that ever on their computers these days. Not only do most people have a computer at work, but they also have at least one compute at home. In fact, an increasing number of families have computers that are truly personal; meaning each person in the family has their own. Norton Internet Security is a program that helps computer users to safeguard against internet security breaches.

The fact is that as computers have become more omnipresent in businesses and homes, the thieves, con men and criminals have become better and better at finding ways to circumvent internet safety protocols so that they can invade your computer and access your personal files and your personal data. Because of this, there is a flourishing computer internet security software industry that is designed to help computer users stay one step ahead of the bad guys who would like to take advantage of people who are not as internet savvy and who are not aware of the internet threats out there.

The Norton Internet Security brand of software has long been rated as one of the best programs for internet security protection. Norton has been in business for over 20 years and has been providing some of the best quality and most innovative software packages to help computer users keep their machines running in tip-top condition.

As the internet came along, along with the many internet threats, such as computer viruses and spyware, Norton kept up with internet security trends and as a result, the company developed their security package. Because of their long history in making excellent software utility programs, Norton has quickly become one of the most trusted names in the software publishing industry and is considered a leader in protection internet security these days.

The most popular version of the Norton software for internet safety is the package that retails for about $60 and that will protect up to three computers in a household. This package includes both antivirus functions, as well as spyware detection. These are two of the most basic and most important functions that should be included in internet security systems.

In addition, this reasonably priced Norton internet safety utility package also included a two-way firewall. This firewall software can boost and enhance any other firewall software that might be on your system and it is important because it can detect and prevent any kind of unauthorized access to your computer from potentially harmful websites.

The Norton security package also includes an anti-spam module, as well as parental controls that give the parents the ability to lock access to certain internet sites so that youngsters do not have access to inappropriate material or content online. This feature can also be used to protect specific files or folders on the computer so that they are not inadvertently deleted or changed by a curious child.

Similar to most of the other internet security software packages on the market today, the Norton Internet Security program is constantly being updated, improved and updated to keep up with new internet threats and to improve performance. Regularly using Norton's internet safety program will allow monitoring of email and instant messaging, assuring that viruses don't sneak into your system through these functions, thus providing an even better degree of security for your computers.

369 Niches Rolled Up Into 1 Product

Turn any hobby into a business. Discover

24 totally unique business models.

[http://businessmodels.netbizint.com.au/index.php]

Friday, August 19, 2011

Keep Your Website Secured

When you start an online business, you need something more than just a website with goods and services. If you plan to sell merchandise on your website, it's your duty to see that the transaction is done safely. When customers use their credit cards or any mode of payment, they are always worried about the security. As the owner of the website, you have to make your customers feel safe and secure. Getting SSL is very important. It will help you appear trust worthy and protect your customers. Secure Sockets Layer (SSL) is an encryption technology that was created by Netscape. It is a type of protocol that helps to protect online transactions. You get a security certificate known as SSL certificate. It preserves the authenticity of your website. Internet security is an issue of worry these days. It is therefore important to take all safety measure to secure your website.

Socket Secure Layer helps to protect the personal payment information that customers enter on your website. When the customer enters information for payment, it is sent over the internet to be approved by the bank. It is possible for the information to leak during the transaction. Credit card numbers, Social Security numbers, bank account numbers are used every day over internet. It raises the risk of identity theft. The SSL certificates are issued from certificate authority. Certificate authorities are entities which issues digital certificates to organizations or people after validating them. Vrisign and Thawte are two such CAs. There are special types of SSL certificates. AlphaSSL Wildcard or Wildcard SSL certificate secures an unlimited number of first level sub domains on a single domain name.

The number of internet crime is increasing day by day. Most internet shoppers want to know that their information is safe. If their money is stolen or they become the prey of identity theft, then the website owner may have to blunt the blame. As customers, people want to know that the website owner values their privacy and their security. As a website owner you have to make sure that their trust remains intact on you. If your website consists of SSL certificate, the customers will feel secure and won't worry about internet security. It will ensure the customers that you send encrypted information through secure sockets layer (SSL); it will make them more comfortable to shop on your website. Secure sockets layer also verifies your identity. Many scam artist set up websites that look legitimate, but they are not. These websites steal information when the potential customers try to make payments.

With the help of SSL certificate your website is verified as secure. It is a relief for you as well as your customers. You can either buy these SSL certificates online or purchase them from certificate authorities. There are many websites that provide you with the variety of such certificates. It is more cost effective to buy them online.

S Jensen is the author of this article on AlphaSSL Wildcard. Find more information, about Verisign here

Saturday, June 4, 2011

How To Monitor Employees' Computers To Protect Your Business

Many employers don't know how to monitor employees' computers to protect their own business interests, and that's costing them up to hundreds of thousands of dollars in lost productivity a year, in addition to putting their business in grave danger of the online threats that are out there. Identity and intellectual property theft are huge costs that threaten to cripple any business whose owner does not know how to monitor employees' computers, regardless of how trustworthy the employees in question are thought of. Here's why every employer must know how to monitor employees' computers to protect their business.

Why You Must Know How To Monitor Employees' Computers To Protect Your Business

Like it or not, not every employee that you hire into your business can be regarded as infallible. The severity of the risk to your business may range from your employee surfing the internet and chatting with friends while your back is turned, all the way to him or her stealing proprietary business secrets and selling it to your competitors or keeping it for their own advantage. You won't know until it is too late, unless you have the training of how to monitor your employees' and the software you need to do it discreetly and effectively.

There are a few good quality software programs that will allow you to be able to master how to monitor your employees computer to protect your business. These software programs will allow you to block certain popular "time wasting" sites like Facebook and Twitter, as well as private email clients like Gmail and Yahoo! Mail. With certain monitoring software products, you'll also be able to filter their emails for sensitive keywords and/or attachments and in very extreme cases, monitor every action they do on the computer.

How To Monitor Employees' Computers - Is It Legal?

Yes, installing monitoring software on computers that you own is 100% legal, and as a business owner, it's your right. Your employees are at your workplace to perform work related tasks, and unless you specifically allow them to take "internet breaks" to send private emails and chat with their friends and family, they should not do so. To take it one step further, you may want to require every employee to sign agreements that make it clear that they are not allowed to do so on company time.

Just the fact that your employees know that you know how to check your employees' computers and are actively taking steps to do so will provide a strong deterrent to any one of them attempting some kind of prohibited or damaging activities. So what's the best way of how to monitor employees' computers? You'll definitely want to use a good software program, and the best program in terms of both functionality and price is NetSpy Pro.

With NetSpy Pro, you'll be able to learn how to monitor employees' computers with ease.

Learn how to monitor employees' computers to protect your business comprehensively with my NetSpy Pro exclusive 7 day trial at my website.

Thursday, May 5, 2011

Protecting Your Virtual Private Network

The virtual private network (VPN) has opened up a wide range of possibilities for remote network access to files from almost any geographic location. Using VPN software, computer users can access the files on their home or office computer anywhere they can get a reliable Internet connection. Unfortunately, this easy access to files has also created a new threat in the form of data thieves, criminals who steal personal or sensitive information for personal gain or malicious use.

To protect your information and enhance your network security, you should incorporate a few simple protocols into your system. The first step in virtual private network protection is the creation of a secure password. Data thieves, commonly called hackers, use a variety of tools to discover the passwords used to access a private network. Security experts tell us that common passwords, such as words found in the dictionary or numeric sequences, can be broken very quickly, sometimes within a matter of minutes, using a brute force attack tool.

By making your virtual private network password more complex you can protect your network security and ensure that your private files remain private. Secure passwords include both letters and numbers, as well as special characters. For the best possible protection, these passwords should be randomly chosen alphanumeric and special character sequences, rather than dictionary based words or calendar dates that could be easily guessed. Longer passwords of at least thirteen characters further enhance your private network security.

One great tool for virtual private network security is the password generator and storage program. Many free or low-cost options are available for these tools which ensure your passwords are unique and secure. The storage area of the program should be encrypted and locked with a master password as well in case your laptop or remote computer is ever stolen. By doing this, it protects your passwords from theft and misuse while making them easy to retrieve for your own personal use. It also makes it possible to create a different virtual private network password for every network you connect to regularly to ensure that your other virtual private networks remain private even if one is compromised.

In addition to using secure passwords, you can also choose to enhance your VPN security by using encryption. Encryption is a method of scrambling the data into an unrecognizable stream and then reassembling it properly on the remote machine that has the correct decryption software. By running encryption software at both ends of the virtual private network, security is maintained and communications remain safe from data thieves.

Finally, adding a warning system to your VPN security arsenal can further protect your privacy. These systems are software based and range in price from freeware to the very expensive, depending upon the level of protection you need. In most cases, this software logs the Internet protocol (IP) address of the remote computer, the time the connection was made and the files accessed. High end software may even send alerts to the system administrator when an unknown IP address accesses information or if the wrong user account or password has been entered multiple times, alerting you to the possibility of a brute force attack on your network.

Thanks you for reading my article. Find more information on Virtual Private Network at ShopforVirtualPrivateNetwork.com.