You Think a Firewall and Anti-Virus Are Enough?

Why do I care? I am not worth hacking!

What precautions have you taken to ensure the security of your personal computer or your company's network? Holland IT, a computer network security firm, offers innovative solutions to the challenges of securing your data, your network, your money and your identity.

You think a firewall and anti-virus are enough? Think again! Anti-virus and a firewall are just the tip of the iceberg! If you have seen the AOL advertisements on television, you know there are worse things than your hard drive making a sound like a yeti! On a personal level, if you are even slightly concerned about a third party obtaining anything on your computer, then your first step is to take a moment and figure out how vulnerable you are. The same basic process applies to a corporate network.

Keep in mind that being connected to the Internet is a bit like stumbling down a dark alley wearing a shiny gold Rolex while you are drunk. Rather dangerous - who knows what is around the next corner! You may end up on the Channel 5 news. Would you risk it, considering how hard you've worked on building your company?

You have a firewall (maybe many!)? Sure, better than no firewall. But you do have holes in it, right? I mean, your e-mail goes through it, you can surf the Web through it, send files right through it. Are any of your people using Instant Messenger? FTP? SSH? Any MP3 servers, WEB servers, WEB e-mail servers anywhere in your network? Your wireless data is encrypted, right? Every vulnerability in every operating system or program you have on every computer in your infrastructure has been patched, right?

Think "proactive" to avoid attack or extortion

At the risk of sounding overly dramatic, computer network security has to be more proactive and not reactive. In a recent survey, Orange County was well below the national average in secure computer network standards. Public companies have no choice but to comply with Sarbanes-Oxley, but what about the privately held companies? Are their systems immune to hackers, worms, viruses, spam and spyware? System security is a highly complicated subject - no one knows everything, especially overworked, stressed out IT persons! But with the appropriate tools and the right procedures and safeguards in place, a hacker may select an easier target to attack or a less proactive company for extortion.

Home computer vulnerabilities

Some individuals are worth hacking, although less so than companies. Thieves can use your connection for criminal activities, send spam, store copyrighted data for illegal distribution, steal your identity or money, and wreak havoc on your credit rating. If you have wireless in your house or home office, your information is easily captured. If you have any connection to the Internet, you can be hacked. If it's broadband, DSL or cable, you can be hacked at any time, even when you are sleeping or not home, and your connection can be abused - firewall or no firewall. If I were a spammer, I wouldn't use my own connection - I would "borrow" yours!

Impact on your business

If your company relies on the Internet for business, just imagine the impact if your connection is locked up. Every time you switch it off and then back on, it's still locked up! It's called a DDOS (denial of service) attack - what are you going to do about it?

Has someone published vulnerabilities to gain access to your systems? A resounding "Yes!" Welcome to the World Wide Web, where all information is available if you know where to look. Although real hack attacks are actually rare, they do happen. The most common hacks are from within, ex-employees or employees with something on the side, but the net result to your business is the same.

Why do most hacks go unreported? How would your customers feel if they knew your network was compromised? Anyone with money or confidential information in his or her systems is a possible target. In 2004, hackers got away with an estimated $800 million and that is surely only a fraction of the true amount.

There are even worse things than theft to deal with. Former CIA Director George J. Tenet said recently, "Telecommunications -and specifically the Internet - is a back door through which terrorists and other enemies of the United States could attack the country, even though great strides have been made in securing the physical infrastructure. The Internet represents a potential. Achilles heel for our financial stability and physical security if the networks we are creating are not protected." (Washington Times) And we have not even talked about viruses, worms or spyware.

Initial course of action

A recommend initial course of action would be for everyone to take time to download the FBI CSI file on Computer Crime from http://www.fbi.gov, study it, and take a look at what other companies are doing to secure their infrastructure. Maybe you can wait; maybe your infrastructure will be okay. But think about why you have car insurance. If it were legal not to have it, would you do without insurance? Attacks and ruined computer networks are a very real problem that cannot be ignored. The solutions are out there - talk to an expert today.

SIDEBAR SIDEBAR ... if you are even slightly concerned about a third party obtaining anything on your computer, then your first step is to take a moment and figure out how vulnerable you are.

At the risk of sounding overly dramatic, computer network security has to be more proactive and not reactive.

Pen Drive - A Necessary Evil?

Technology has always been a necessary evil. The more the technology develops, the greater are the chances of its being abused. Pen drive, the small storage device used to store and transfer data to and from computers, has gained popularity due to its functionality. It has got thousands of uses. Ease of use and convenience is the prime reason of its popularity.

However, like many other equipments, pen drives are also a necessary evil and pose a potential security threat to the technology world. When placed in wrong hands, the portability and high storage capacity of the pen drive can be hazardous. The device has evolved as a threat to the corporate and other organizations where security of data is given utmost importance.

The threats that are associated with pen drives are serious. Some of them are listed below.

Stealing of data:

Apart from the defense department, the corporate sectors all over the world are under the threat of data theft for espionage. There is no dearth of incidents where spies, hackers and other source are employed to steal data. A pen drive gives ample of opportunity for the theft from an unattached or unlocked PC with a USB port. It is easy to access data and steal information like client list, research data or any other information. The hackers can even bring the software with a pen drive allowing the user to hack password or other confidential information.

Spreading virus:

Earlier, floppy drives and emails were considered as main source of virus to computers. However, there has been anti-virus software developed to counter virus and protect the PC. But with pen drive it is difficult to check the virus with the safeguard as the device can bypass the protection. It is almost impossible to defend against the viruses unless and until you have strong anti-virus policies or you are not scanning all files in your network. It is easy for a virus writer to corrupt the entire network of a corporate environment with a pen drive.

Plant malicious software:

Virus apart, it is not difficult for anyone to take any spamware and plant it in the PC. In corporate sectors the threat multiplies when employees use pen drives to bring unauthorized software or any other data such as software pranks, sharewares, mp3 files, pornography pictures, video clips and other inappropriate data that is against the corporate ethics. As pen drives allow more space, it is easy to bring bulky software which impossible with a floppy. Situation worsens when the software is used to crack password.

Causing data loss:

Pen drives barely allow any security system in terms of password or any other built in security feature. So it is more likely that if a person loses a pen drive, the data inside it can be accessed by anyone. If it falls in wrong hands he or she can misuse it. a pen drive can be easily stolen or misplaced and the data stored inside it can be easily manipulated. There have large demand for pen drives with some security systems such as finger-print reader or protective software.

There has been a conscious protest against pen drives in many private and government organization. Though it is a convenient device for the productive brains, it has proved to be beneficial for the thieves as well. Pen drives are small in size and have greater capacity to store information. Hence the thieves can carry the device stealthily in pockets and take information.

Unless and until any drastic step has been takes against it, the security of any organization can be in stake. Even a visitor can retrieve data easily from an open computer. Considering these threats, some companies have taken some protective measures for their security by banning pen drive inside company premises. It can reduce the threat to some extent.

Recovery Tips For Errored, Damaged Or Unfinalized DVDs

The following procedures can be tried in the event of you having an unsuccessfully finalized DVD, a damaged DVD or a DVD that has not been burned correctly by the video camcorder or recorder and has some corrupt data.

It is a good idea for you to first consider other possible causes of what appears to be errors such as a dirty disc surface, a dirty lens in the DVD reader or other software and hardware related problems. Prior to embarking on any of the following you need to eliminate all possible causes for having trouble with a DVD. Check to see your DVD burner has the latest firmware by going to the manufacturers website. Check to see if the media (brand and type) are compatible with your DVD burner/reader. Once you are certain that you have an unsuccessfully finalized DVD or a corrupt DVD you can get started.

Scratched DVD Disks

A simple visual inspection of the surface of the disc will tell you straight away whether your first problem is physical damage to the disc. If you can see a scratch or scratches on the surface then this may need to be addressed first. I say "may" because personally I use DVDFab to check to see if the disc will copy before I embark on any other course of action. DVDFab can read through a lot of surface errors because of its superior algorithms so I always take the lazy route and see if I can simply make a new copy. Now failing that you could go online and buy some expensive DVD scratch repair kit. Or you could do as I do and go to your local hardware store or even your own garage! All you will need is a bottle of any neutral colored (clear) car polishing product. Turtlewax happens to be the one I use. Take a VERY soft cloth (NOT paper towel), apply a little polish to the surface of the disc and GENTLY (remember, it's not a car!) rub the disc. Use straight strokes from the centre of the disc to the outer edge and continue to do this until you can see the scratch either disappear or reduce noticeably. Then using the same motion and fresh cloth buff the disc back to its original shine. Now try it with DVDFab. If you are still unsuccessful repeat the process until you can be certain, again by visual inspection, that the problem is now not coming from a damaged disc surface.

DVD data Repair/Recovery

The software you can use for this are DVDFab, Nero 8 (trial) and Isobuster. In the case of Isobuster you can try the free features first but failing that the full featured version needs to be purchased. A straight search of Yahoo or Google will find you the relevant sites.

Put the problem disc in the DVD drive of your computer then:

1. DVDFab. Try to use DVDFab first, as it has the best algorithms for reading anything on a DVD including how it integrates with the DVD drive, honestly sometimes I think it would read a bagel if you put it in there!

Select "DVD to DVD." DVDFab will now try to read the contents of the disc and, if it can, write the contents to a folder on your hard drive. It is as simple as that. It is either going to work or not! If it does do it then the copy you now have on your hard drive will be fully repaired and you can then burn a new copy.

Failing that:

2. Isobuster. Using the free functions try to make a disc image file and burn to another DVD. Isobuster has three alternate methods of dealing with data corruption. It can replace the corrupted area with nothing, with fake data or with a series of zeros. It will give you the choice and just select them in order to try each until one works. Isobuster will not create the disc image file unless it knows it will be successful. If Isobuster has created the file (note where it was going to put it first!) you will have to re-name the extension to .iso. Use the disc image file to burn a new DVD disc. At this point, if you now have a new disc, you need to check that new one carefully. There is always the possibility that Isobuster has just made a perfect copy of your faulty disc! So now you have a brand new faulty disc!

Failing that: You will need to pay for the full version of Isobuster but ONLY buy it if you got this far. If Isobuster free couldn't even read the disc then don't bother.

From this point forward the best you can hope for is the extraction of the MPEG video files or data files on the disc. You ARE going to lose the video menus and you may lose some of the video or data.

a. Start Isobuster then load the disc.

b. When Isobuster has detected the files on the disc run the "Find Missing Files and Folders" option under the "File" menu.

c. You will now have an entry on the left hand column of "files and folders found by their signature."

d. Select that, then go to "File," "Files found via their signature" then "Extract files found via their signature." Choose a location and let it run.

Now you will have all the files where you selected them to go. The ones with the extension .VOB are the MPEG files from your disc wrapped in the VOB container. They can then be imported into a video editing program using the "Import DVD/VR" function or can be read by most DVD burning software.

Unfinalized discs. If at all possible try to get the original device used to create the disc to finalize it. If this is not possible or the original device is failing to successfully finalize the disc you may have to resort to the Isobuster routine above.

If you have been left with an otherwise perfectly good disc, but unfinalized do the following.

This requires Nero 8 (Trial version) and is suited to unfinalized discs only. Go to the Nero link above, download and install Nero 8. Yes, it's big...sorry!

Place the unfinalized disc into the computer DVD tray. Open Nero 8 StartSmart. Click "create and edit" at the top of the screen. Click "author, edit and capture video." NeroVision 5 will start. Click on the disk tools drop down menu then click "finalize disk." In the option box that appears choose "no menus" and let it run. Hopefully you now have a fully finalized disc that is readable.

Hope this helps!

Identity Theft by Selling a Used Computer

Selling a Used Computer and Identity Theft

Identity Theft is the fastest growing crime over the last few years. The amount of data stored on computer systems is an ideal repository for criminals to attempt identity theft. When someone either discards or sells a used computer system, hard drive, or external storage device most people do not appropriately sanitize the media, but rather delete or format a disk falsely believing all the data is gone.

A friend of mine recently bought a new fancy rig costing $2,000 or so. When I asked him what he did with his old system, he said he sold it on craigslist for $550 to help fund the new purchase. "Did you put in a new hard drive?" "No, but I reformatted it."

There is a misconception among those unfamiliar with the inner workings of computers that deleting files and formatting hard drives removes data completely. Think back and try to remember all the files you deleted over the past 10 years. Did you ever delete financial data, such as accounting spreadsheets, bank numbers, credit card data, or personal information? How about scanned documents, such as mortgage paperwork, driver's licenses, birth certificates, or pay stubs? What happened to those computers or hard drives with which you think you deleted those files from? Did you sell the PC like my friend, donate it to an organization, or just throw it away? Who has used that computer since, and what may they have found? These are all important and scary questions.

I recall a thesis paper written by some graduate students from the Massachusetts Institute of Technology that outlined this very threat. They had purchased 150 or so used hard drives from eBay to study how much personal data was left on old systems. They reportedly found medical records, email correspondence, corporate financial data, illicit personal photographs, thousands of credit card numbers, and even an ATM drive with numerous bank accounts. This is a very real concern for every computer owner, especially my friend now that the system is out of his possession.

What Deleting and Formatting Really Does

I proceeded to give my friend a little education on how computers store information and what deleting and formatting actually does. Basically, the hard drive is broken down into sectors in which the data is stored. In the figure below, suppose File A is a Tax return for 2007. 2008 comes around and you delete 2007's record and the file appears gone. All that has happened is the Operating System (OS) has marked those sectors as available and removed it from the user's view. It is still easily recoverable through a variety of software. The file still exists and is in just as good of shape as before you deleted it.

See Hard Drive Sectors Image

When space is needed the Operating System will then overwrite the sector with a new file. Perhaps, 2008's Tax return isn't as large as 2007's, and the OS decides to use Sector 1 and 2 to store the data. 2007 (File A) has now been overwritten, but part of Sector 2 was not needed. This extra space is called "Slack Space," and still retains part of the deleted file. Again, this information is recoverable.

Because my friend decided to format the drive, he figured all the information on the drive was inaccessible regardless. In reality, formatting only redefines the hard drives characteristics to store information. The data is still physically embedded on the media and recoverable with simple tools. This software even allows for the overwrite sanitization technique I explain below.

How to Really Erase Hard Drives
What needs to happen to totally remove the data yet keep the drive functioning is repetitive overwriting. This should be done multiple times. As an analogy, say your child writes his name with permanent marker on the living room wall. You take some left over paint and coat the area, but after it dries the writing is still visible. This is called residual data. The same applies with overwriting as a technique to sanitize your computer drives. You'll need multiple coats or overwrites to sufficiently mask what was originally written. Some Tools will overwrite all addressable sectors with random characters eliminating the slack space and the residual data.

If you are going to donate, sell, or dispose of your computer be sure to appropriately safeguard your private information by using some sort of sanitization method. You don't want to be a victim to evil folks whom actually purchased used computers for just this purpose.