Dec 15

Nearly one-third SMEs don’t emphasize on data secure backup

According to the survey conducted by the Internet and Mobile Security Organization AVGTechnologies, most companies hadn’t noted real value of their data. The result of the test showed that 37% of small business manager spent more time on tidying up desks and ordering new business cards rather than doing backup for data. This survey was give to 500 U.S. small businesses managers, and the result showed that although most (75%) businesses relied on automatic backup system, about a quarter (24%) of businesses didn’t require employees to back up data at least every week. However, 30% of respondents thought that more than half of their data were critical data.

 

Given that small business claimed that more than half of the data were sensitive data, the loss of employees’ mobile devices should attract more attention. In fact, about half of small businesses said they had experienced the loss of mobile devices. Interestingly, the survey showed that many small businesses management staff didn’t think employees’ mobile devices contained a lot of sensitive data. They cared more about the security of data transferred to cloud. When asked about cloud-based backup, 64% of small and middle enterprise said security was the issue they cared about most.

 

And the results of the survey can be concluded as below:

 

1. Compared with backup data in UK (22%) and US (21%), a substantial proportion of small and middle businesses often spend more time on tidying up desks and ordering new business cards, which is not even the most conventional computer-related work. 43% of UL companies and 53% of US companies said they spent more time changing passwords.

 

2. When it comes to cloud backup, security is still a most concerned issue. Other key issues include the cost, data recovery and lack of control.

 

3. Most small businesses have not experienced mobile device data loss, but they are approaching (51% in UK, 53% in US).

 

4. Most SMEs (62% in UK, 66% in United States) are confident that they can prevent data loss when employees leave the company.

 

5. Most small businesses (59% in UK, 54% in the US) still don’t require employees to back up daily. A considerable number of backup data (68% UK, 75% of the United States) is operated by IT automation systems.

 

6. When it comes to mobile device data, only 1-10% of employees of about one-third of SMEs (32% in UK, 34% in the US) go out of office at least once a week. On the other hand, mobile devices are increasingly used to work, and only a small number of companies said 80% -100% of their staff go out of office one day a week.

 

7. When the device is lost or stolen, 39% of UK businesses and 41% of US companies priority is to ensure that data cannot be viewed by an unauthorized third party. That’s why you need to protect files in drive with password and configure different users’ permission to content in the drive.

Oct 13

Shortcomings of weak password highlight, encryption software makes data in lost device secure

For documents, enterprise data, design drawing and other important information store in computer, we usually set the boot password to avoid unrelated persons’ view or steal, enterprise will also launch related training to enhance employees’ awareness of data protection. However, under many irresistible impacts, this part of risks of information security needs more attention. Since the crisis of weak password has been gradually occurred, when facing more mature hacker techniques and increasing leak phenomenon, to use file encryption software to add a secure lock to enterprise equipment can make classified data secure in any cases.

Security experts said that for the majority of ordinary laptop users, the most common-used information security defense method may be setting boot password, and they will set longer and more complex password if they need stronger safety, while in this situation, the thieves can dissemble the hard drive and read its original data in another computer. This is virtually easy.

For users having some computer knowledge, he may adopt some advanced security measures, for example, setting a password to lock computer hard drive so that you will be required for correct password every time you start the computer; and even some one dissemble the hard drive, and it’s difficult to read the original data. But with the continuous development of hacker attacks, only depending on password can’t prevent experienced thieves erasing system configuration information to break into the system to obtain classified information.

There a very important point which is often overlooked by enterprises, that is, setting password can’t completely avoid initiative leak. As both setting boot password and hard drive locking password are defense means, no matter how strong or complex the passwords are, they are useless to initiative leakers. To effectively prevent various leak events including employees leak, data leak caused by laptop loss or stolen devices, one of the best methods is to encrypt the valuable files. Classifying the users’ permission and copying protect files on LAN can avoid employees copy the company files away; besides, employees should be forced to add protection to working files store in laptop and other devices to avoid data loss caused by device loss.

Apr 21

Computer Password Cracking Methods Conclusion (2)

Thirdly, crack some commonly used software

Currently, more users understand to use computer software to encrypt some information stored on computer, which makes unauthorized people unable to open the files. Now let’s see some commonly used software password cracking methods:

1. Crack Word document password

Microsoft Office is so famous that the password cracking software against it is much. You only need to download software that aims at cracking Microsoft Office password, and then run it on your computer. This kind of software mostly uses “dictionary” brute-force solution to crack password.

2. Crack Excel documents 

You can find a tool called AdvancedExcel197PasswordRecovery online, which is only 614K and is able to quickly crack password of excel documents. AdvancedExcel197PasswordRecovery needs installation after download. Open the main interface after installation, and open the excel documents that need to decrypt via browse button, choose password length, set password type and click on blue start button. After a while, the program will pop up the prompt menu of document password was cracked. 

3. Crack OICQ password

We use a tool called OICQ Terminator”. The using steps are as below: first set the installation directory of OICQ password Terminator; choose the character set used to search, for example choose the lowercase characters shown on the image, or check all the boxes below the basic settings; and then set password length, but you’re not advised to choose too long; finally, click the “Start ” button to crack OICQ password, now what you need is patience. According to people who used it, the exhaustive speed of OICQPASSOVCR can reach thousands of times per second. If you want to crack 4-5 digits password, it can finish within several minutes.

Fourthly, crack network password

Network is quietly and quickly stepping into our daily life. And as an ordinary network user, people all have a similar concern, namely the network security risks. Therefore, we have to take effective protective measures on personal network activities, such as add passwords. But once we forget the password, our works will be obstructed. Now there’re some network passwords cracking skills:

1. Crack IE Content Advisor password

IE browser provides content advisor feature, which can browse the site. If you forget the password of Content Advisor feature, you can not only access the limited sites but also change the existing restriction level, re-installation of IE is useless. In this situation, you can start the Registry Editor, locate the “HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Ratings ” to find a key value named ” KEY “, it is the IE content advisor password the user set (encrypted data), the user only need to delete the key value, the content advisor will be canceled, and then reset the IE content advisor password. 

2. Crack OE password

There are three types of passwords in OE program: email password, newsgroups password and user identification code. Here we take the “password interception” program as an example. This software can be used to crack Web email password, POP3 reception password, FTP login password, and display, save or send the password to specified mailbox. Password interception process: password interception software can save the password (such as dial-up connection, OICQ, IE the password) in password input box into user-defined file in form of clear text; if it fails to intercept passwords, the password file will not exist. 

3. Crack Foxmail password

There are quite a number of users using a simple but powerful tool Foxmail to receive mail. However, due to Foxmail’s own security risks, some people simply create a new account, enter the Foxmail default installation directory, copy the “account.stg” under the new account directory and cover your account file and then the password of the original account will be removed.

Some solutions above may not work with you, as the vulnerabilities of the software and network are repaired when the time goes by. But anyway, the methods of password cracking can only be used to solve administrators’ urgent problems but not to breach other people’s account.

For more information about data security, please visit: www.kakasoft.com

Apr 01

How to avoid failure of network security equipments deployment? (1)

The enterprise network is rapidly developing! Some of the groups began to clean up phone and tablet and refuse the internet connections from coffee shops and train connections (as a WAN link).

The concept of the extended enterprise brings about more and more severe problems to IT security portfolio, because their sensitive data and valuable data frequently flow out of the traditional network boundaries. In order to protect enterprise from the persistent threats of diverse and low-end low-speed adaptability, IT enterprises are deploying various new network security devices: the next generation of firewalls, IDS and IPS devices, security information event management (SIEM) systems and advanced threat detection system. Ideally, these systems will focus on management, following a centralized security policy, as a part of a universal protection strategy.

However, when deploying these devices, some common mistakes in enterprise will seriously affect their ability of universal protection. This article will introduce some problems which should be noted in the planning and deployment of new network security equipment, and how to avoid related problems that may lead to the failure of defense in depth.

A maximum error is assuming that the security device itself is secure. It’s apparently easy to understand, but we must insist on this footing. How secure is the so-called “enhanced” operating system? What’s its latest status? And how secure is hyper stable “Web server”?

Before starting any job, you must create a testing plan to verify all network security devices are really secure. The first is to start from some basic tests: do you timely upgrade, install patches and fix bugs on each device and their supporting network, server and storage infrastructure? In accordance with the currently known vulnerability information clearing-house you must be sure to regularly upgrade and install equipment patch.

Then, turn to aspects that are more difficult to handle: periodically assess potential weaknesses on multiple device configurations. The inappropriate dement sequence of encryption system and application delivery optimization (ADO) will also cause data leakage, even if various devices can operate properly. This process can be carried out in conjunction with penetration test.

For any safety equipment, management/control channel is most prone to have vulnerabilities. Therefore, the most important thing to note is how you need to configure and modify secure devices and who are allowed to carry out these configurations. If you are ready to access the secure system via a Web browser, the security device will run a Web server and allows Web traffic in and out. Are these flows encrypted? Whether it needs to use a standard port? Whether all the devices need to use the same port (so the intruder can easily guess)? Is it accessed by a common network or a separate management network connection? If it belongs to compile the connection, then any host that send traffics through this port may attack this device. If it’s on a managed network, you only need to worry about other devices on the network.

Best scenario is that if you can’t directly access the device, you need to ensure that all configuration changes must use encryption and multi-factor authentication. Moreover, it’s necessary to closely track and control identity information of equipment management to ensure that only authorized users can gain administrative privileges.

For more information about network and computer security information, please visit: www.kakasoft.com

Mar 11

The Global Economical Loss Caused by Cyber Crime Increased by 78%

Ponemon Institute recently released a research report entitled “2013 Cybercrime Cost”. The sponsoring companies for four consecutive years by the HP study estimated the economic impact caused by cybercrime. The report notes that the economic impacts caused by cybercrime in 2013 increased by 78% compared with the past four years, while in the past four years, in order to solve the problem the time cost increased by 130%. Average cost paid for per network attack is over $ 1 million.

In 2013, the frequency of attacks and damage has increased. Based on the sample of U.S. companies and the government, the loss caused by the network attacks is $ 11.56 million every year, which increased by 78% compared with that of the beginning of the study four years ago.

Although the network defense level is increasingly improving, while the cyber crime groups are also showing their strong ability of adapt and adjust facing the continuously improving network defense level.

Some important data in this report are summarized as below:

1) Every enterprise (organization) loss average $ 11.56 million owing to cyber crime every year, the loss range is from $ 1,300,000 to $ 58,000,000. Compared with the average level in 2012, it increases by $ 2.6 million, an increase of 26 %.

2) The fields of military, financial, energy, power industry suffered the largest loss caused by cyber attacks.

3) Data theft is a major factor causing the loss of cybercrime, which accounted for 43% of the total loss, loss of business caused by the shutdown accounted for 36 %.

4) The business or organization suffered 122 times successful network attacks weekly. In 2012 the figure was 102 times

5) The average time to resolve a cyber attack is 32 days; the average cost during this period was $ 1,035,000, which is about U.S. $ 30,002 thousand a day. And in 2012, the average time of solving every network attack is 24 days, the average cost’s $ 591,000.

6) The loss caused by DoS attacks, Web attacks and damage caused by the internal staffs accounted for 55% of enterprises cyber attacks losses.

7) For small businesses, the loss caused by network attacks in accordance with the average figure to every employee is much higher than that of large businesses.

8) For business, finding network attacks and recovery after the attacks was the most expensive two items.

This report also revealed the importance of necessary network defense mechanism and building network security awareness. Researchers also found that adopting security information and event management and Big Data Analytics can help mitigate the loss of network attacks.

For businesses especially the small business, enhancing employees’ data and information protection awareness and company’s data security system is imperative. In order to prevent unethical staffs stealing data and information, administrators can encrypt important folders in computer. For the important files shared with some employees, admin can password protect the shared folders and assign permissions to different users.

Jan 20

Security Tips for Anti Data Leakage (2)

2. Many large enterprises also have this problem, the database administrator and the network administrator who on the earth should be given more full administrative privileges to complete their work. According to the proportion of employees, the total amount of database administrators and network administrators is also the minority of all employees. And implementing management for them is relatively simple. But there’s a vulnerability of management: whether DBA can view all the data without any limitation? Who can have the administrative privileges of copy of the database? Whether there’s no data loss threats even those who have admin privileges are trustworthy?

I recommend canceling the super administrative privileges of database administrator and network administrator, for they just need to do their own job well, and don’t have any reason to fully grasp the enterprise database administrative privileges. The responsibilities of these IT management staffs should be subdivided, allowing them to set user name and password for their work. These user names and passwords should be submitted to the CIO administrator, while they should be kept by password protection software but not CIO.

3. There’s another situation: some IT user may not need to have powerful privileges, but owing to their work, they need to use other people’s privileges. A typical example is a low- level data center operations staff, he may only be responsible for production scheduling environment, while some of his work may be related to database management and system administrator’s user name and password. This is a significant potential threat for any business.

This situation may seem difficult; in fact, it is not hard to solve. Let all the staffs know that all the network activities in the enterprise will be monitored, so as to prevent data leaks.

“The value of core commercial secrets is self-evident, while the number one way of core secrets leakage is the most common e-mail.” Proofpoint CEO Gary Steele thinks so.

The remarks above show the accuracy of a recent survey-according to Forrester’s survey, IT executive and managers believe that email is one way that most likely cause data leaks, particularly the confidential memo, valuable intellectual property rights and transaction information.

However, after observing a number of leaks, you will find that only a small part of these events is malicious leaks, mostly are caused by negligence.

It can’t be denied that there’re malicious data leakage issues in real life. Enterprise users should have awareness, such as using server protection software that can help companies build information protection platform to prevent inbound mail threats (such as spam and viruses ), and ensure that outbound messages comply with company policies and external regulations.

Jeff Bowling, the founder and CEO of TELXAR stressed that the best way to block data leakage is to perform a good security plan, which should include security notes about preventing service attacks and the internal network, and the network admin guide service. The following information should be included in the plan:

1 The reap time should be shown

2 Assign the login credentials and rights

3 Disable external software

4. Consider internal audit/intrusion monitoring applications

5 Lock the internal hardware components

6 Regular audition, security and resource

7 Disable USB or FireWire port

8 Set message size restrictions or/and block all attachments

9 Define a strict policy

10 Execute secrecy and confidentiality agreements

11 Determined command chain and upgrade procedure

12 Ensure secure plans and policies that managers and users understand

If you want to find enterprise data protection solution, you can visit Kakasoft for more tips.

Dec 23

The Great Loss Caused By Network Crimes

Ponemon Institute recently released a research report entitled “2013 Cybercrime cost”. The research report consecutively sponsored by HP Company for four years estimated the economic impact caused by cybercrime. The report notes that in 2013 the economic impact caused by cybercrime increases 78% compared with that of over the past four years, in the past 4 years, the time cost to solve the problem has increased 130%. Average cost for per network attacks needs more than $ 1 million.

In 2013, the frequency of attacks and damage has increased. Based on the sample of U.S. companies and the government point of view, the loss was caused by cyber attacks every year $ 11.56 million, more than four years ago, when the beginning of the study increased by 78%.

Although the level of network defense is improving, cyber crime groups also show their strong ability of adjust and adopt in front of the continuously improving protection level of network defend.

Some important data presented in this report are summarized as follows:

1) The annual average loss of every enterprise (organization) caused by cybercrime is $ 11.56 million; the loss range is from $ 1,300,000 to $ 58,000,000, which increased $ 2.6 million than that in 2012, an increase of 26%.

2) Military, financial, energy, power industry suffered the largest loss of cyber attacks

3) The major factor of loss caused by cybercrime is data loss or data theft, which accounted for 43% of the total loss, and the loss caused by the shutdown accounted for 36%.

4) The business or organization suffered 122 successful cyber attacks every week. The figure in 2012 was 102.

5) The average time to resolve a cyber attack is 32 days; the average cost during this period was $ 1,035,000, which is about U.S. $ 30,002 thousand a day. And in 2012, the average time to solve the each network attacks was 24 days, with an average cost of $ 591,000.

6) The loss due to DoS attacks, Web attacks and damage caused by the internal staff accounted for 55% of enterprises cybercrimes.

7) For small businesses, the loss caused by network attacks of per employee is much higher than that of large enterprises.

8) For business, the costs of finding network attacks and recovery after network attacks are the highest.

The report also reveals the importance of the necessary network protection mechanisms and establishment of network security awareness. The researchers also found that the use of Security Information and Event Management (SIEM) and big data analysis can help mitigate the loss of network attacks. For enterprise and organizations, data and information may be two of most important assets, data or information loss will lead to not only financial loss but also reputational loss. Every company should establish strong awareness of data security, what’s more, the admin of company need to improve employees’ data protection awareness. For example, admin must remind employees to password protect folder stored in PC and portable storage devices.

Dec 17

Dangers in Mobile Information Age

The development of the Internet and information technology makes people step into the information age, but with the change of the information processing terminal, people also enter the mobile information era. In this mobile era, people can use their mobile information devices to connect the network anytime and anywhere, beginning their informationalized living, office and entertainment. It’s sure that the mobile situation will continue for a long period of time, because it fit people’s hope of free.

But it is this portable mobile device that brings about information and data security issues to people. How to deal with mobile device security issues has become one of most concerned things of individuals, companies and even countries. Also due to the diversity of mobile devices and information technology, the protection solutions must keep up with them, namely is able to adapt to various possible environment and safety requirements.

Mobile Device Management (hereinafter referred to as MDM), namely management of smart phones, tablet PCs and other mobile network client. Now, MDM is an indispensable measure for enterprises, because the mobile network clients are similar to traditional computer, poor management is likely to cause a bad impact on operating safety.

Smart phones and tablet computers are developed from the PDA (Personal Digital Assistant, Pocket PC), their history is not long. They can be used as a mobile network clients, the earliest portable microcomputer appeared in the late 1990s.

Mobile + Portable= Increasing chance of stolen

Owing to the small size and portability, the stolen risk of microcomputer is significantly higher than desktop computer. Most desktop computers are larger in the volume and fixed on positions in the office, they are seldom stolen if you close the door. But because of the small size of laptops and smart phones, the stolen difficulty is sharply decreased.

Many researches show that mobile phone is now more important than our wallets for people. The reason why phones are becoming so important is that in addition to its intrinsic value, the important data stored in the phone, such as scheduling, address book, and so such private information are important.

Business people tend to store data involving many business secrets in office tablet PCs and smart phones, especially in the email. E-mail specific contents are different based on each company ‘s information infrastructure, which may include unimportant chat, and may also include customer information, corporate plans, and even the contract documents. Email possibly contains passwords of common office applications.

The most frightening thing is data. Important data may be lost due to security vulnerabilities in equipment: hackers can gain access to the device, and access the data in the device. Another way is through the phishing application. As long as you download some phishing applications, they will be able to access to the data stored in your device. Apparently, users who download these applications are insufficient of vigilance. As long as the application is free, users are willing to download; they are seldom concerned about the possibility that the data in their own equipment may therefore be compromised.

The traditional Trojan viruses can also spread on a mobile platform. Even though Apple, Google, Microsoft and other companies have considered this problem in the design of operating procedures and ensure that the factory equipment is not toxic, but it’s impossible that the program has no flaws.

As the security issues come with the development of mobile technology and IT are more and more, in order to decrease the loss caused by mobile device stolen we’d better password protect the data stored in it. If the threatening objects aim at the value of data, you can use encryption solution to protect the data.

People look for freedom, while the yearning for freedom also affects their attitudes of handling things. In the face of security issues in the information age, individuals, companies and countries need encryption technology to protect files and lock portable storage devices.

Oct 21

Establish Email Communication Network to Enhance Information Security

For the countries, the impacts caused by the issue of prism finally gradually emerged, and as a former world power, Germany finally plans to take actions on the information security aspect.

“Close the door on the U.S. National Security Agency!” German “Focus” magazine said on the 14th, the Germany’s largest telecommunications operator Deutsche Telekom Group appealed to set up a domestic email communication network to prevent foreign spies and hackers monitoring Germany local e-mail.

There’s report that since the United States the “prism” scandal disclosed, transnational Internet information and communication security has been questioned by various sectors. So far, the contents of emails transferred between Germany local users have to be sent to the destination by passing the server set in the United States or the UK. Therefore, Deutsche Telekom expressed the hope that in conjunction with other network operators to establish domestic mail communications network.

The director of Deutsche Telekom data confidentiality affairs-Mel Klein said that by this, e-mail communications between users in Germany has no need to pass the international focal point, but to restrict the data in the territory, which ensures that Germany data will not be monitored by the third party.

Deutsche Telekom has taken a step for the establishment of domestic e-mail communications network. The group has come to an agreement about providing a more secure email services framework with the German mail carrier Wed.de and GMX.de. Three companies employ more secure e-mail technology “Email – Made in Germany” to ensure that e-mail message sent by the user will be transferred with encryption technology. Moreover, all data of three carriers will only be stored on a server in Germany.

Allegedly, Deutsche Telekom has set an ambitious goal. In addition to the immediate objectives of establishment of the e-mail communications network in Germany outside, Deutsche Telekom is also proposed to extend the network to the European Schengen countries. Of course, this does not include the United Kingdom, one reason is that the UK is not a Schengen country, and the other reason is that there’s a complex relationship between the United Kingdom and the United States. Mel Klein said now all aspects have been matured, what we need is the consent of the German government and support of the network operator. But Deutsche Telekom’s competitor broadband network operators QSC said it’s impossible to determine that data is transferred through domestic or international routes.

Since there had been a history of monitoring people during the period of East Germany and Hitler’s Nazi, acts of government surveillance is a very sensitive topic in Germany. If establish a domestic e-mail communications network, the German intelligence agency may still monitor domestic data and telephone communication ​​under existing laws. Currently, the German government is authenticating on this proposal, many people expressed support.

Since the expansion of the prism’s impacts, countries are bound to introduce their own information security measures to deal with the problem, and as us, using file encryption software for data security protection is a must.

Oct 09

The Ban on Samsung Smartphone Import Is in Effect

According to the news, the U.S. Trade Representative’s office (USTR) said on Thursday that the ban on importing Samsung smartphones proposed by U.S. International Trade Commission (hereinafter referred to as “ITC”) will come into effect.

The earlier report said that owing to the absence of a veto by the United States President Barack Obama, the ban on imports of Samsung smartphones ruled by ITC is already in force.

However, the ITC’s ruling has to be handed over to U.S. President Barack Obama for considering, Obama has 60 days to give the final result of this ruling. If Obama does not veto the ITC ruling, the ruling will come into effect. Several media reports said, now 60 days time has passed, and Obama did not veto the decision.

ITC’s decision does not clearly indicate which devices of Samsung infringe, but has been determined that, Galaxy S 4G, Fascinate and Galaxy Tab these old models are infringing.

In sharp contrast, Apple has had a similar experience, but the result was the opposite. In June this year, ITC has ruled that some old products of Apple has infringed the patent of data transferring of Samsung’s products and ban the import or sale of AT & T version of the iPhone 4, iPhone 3GS, iPad (3G version) and iPad2 (3G version). But in August this year, the Obama government has rejected ITC’s ruling.

Nowadays, innovations in the field of IT usually rely on many small improvements involving numerous technologies, which means the patent is not always clear precisely. The open secret is that everyone infringes others’ patents in some way.

The battles of patent between companies are continuing, the fights of copyright are also continuous. If you operate a business and your company specializes in selling created videos or documents to customers, most companies tend to store the videos or documents into a USB and sell this USB to customers, but what can you do to protect your copyright from being breached by others? Here, I recommend you to use USB encryption solution to ensure the contents in your USBs will not be copied or transmitted by unauthorized users. You can use USB copy protection program to password protect the USB and configure access permissions to specific groups or individuals to allow them to access the contents in it and prevent other unauthorized access at the same time. Complete protection is the indispensable measure to ensure the security of companies’ wealth and inventions.