Security

Is NSA Killing USA Internet Business?

To Pamela Jones, undoubtedly, what’s supposed to be a war against terrorism has become an evaporation of

privacy. On August 20, PJ as she’s known on her site, announced the shutdown of Groklaw-dot-net, an

award-winning1 resource for journalists and others interested in laws pertaining to the tech industry. In a

farewell post, Ms. Jones explained that she was influenced by the closure two weeks earlier of Lavabit-dot-com,

an email service provider whose services Edward Snowden, National Security Agency (NSA) whistleblower,

has used in recent weeks.

 

The owner of Lavabit tells us that he’s stopped using email and if we knew what he knew, we’d stop

too,” Ms. Jones wrote in a farewell post. “No matter how good the motives might be or collecting and

screening everything we say to one another, and no matter how ‘clean’ we all are ourselves from the

standpoint of the screeners, I don’t know how to function in such an atmosphere.” 

 

While there seems to be a daily cascade of revelations of NSA surveillance activity, at the time of this

post the Wall Street Journal reports that roughly three-quarters of all U.S. Internet activity is –

potentially, at least – monitored by the NSA. “In some cases it retains the written content of emails

sent between citizens within the U.S. and also filters domestic phone calls made with internet technology,”

the WSJ report stated, attributing its information to current and former NSA officials.2

 

Started with Snowden

 

The surveillance, or some say spy saga, started in May when Snowden, a computer specialist under

contract at the NSA, leaked sensitive information to a British publication about the U.S. program.

As a whistleblower now charged with espionage and theft of government property, Snowden is

likely seeking help such as can be found on the website of the Goldberg Kohn law office, should he

ever return to the U.S. He has received temporary asylum in Russia. 

 

It may be too early to claim the Internet is unraveling, but U.S. government surveillance practices

are toppling some mighty timber. In addition to Groklaw and Lavabit, Silent Circle ceased providing

encrypted email, although not its mobile video and voice service.

 

Ladar Levison, owner of Lavabit, has been dealing with federal authorities over Snowden’s use

of his service. The post on his site explains: “I have been forced to make a difficult decision: to

become complicit in crimes against the American people or walk away from nearly ten years of

hard work by shutting down Lavabit.”

 

As things currently stand, I cannot share my experiences over the last six weeks, even though I

have twice made the appropriate requests,” the Lavabit post continues. “What’s going to happen

now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution

in the Fourth Circuit Court of Appeals. A favorable decision would allow me to resurrect Lavabit 

as an American company.”

 

Made Mark Reporting Tech Litigation

 

Taking its name from a neologism meaning “to understand completely,” Groklaw started as a blog

in 2003 and gained prominence for its coverage of litigation involving SCO Group versus Linux, 

the European Union anti-trust charges against Microsoft and creating Open XML standards.3

 

Emery Jeffries, a longtime newspaper reporter and cable news journalist in Central Florida posted

the Groklaw news on Facebook and later explained:

 

Groklaw is the place to learn how to cut through the legal mumbo jumbo when some lawyers use

the Internet to shake down consumers. It will have a chilling effect on news gathering. If writers

can't safeguard sources, exposing corruption will be difficult on many levels. The American Bar

Association gave Groklaw the designation of being one of the top 100 websites.”

 

Ms. Jones also said of her shutdown: “They tell us that if you send or receive an email from outside

the US, it will be read. If it's encrypted, they keep it for five years, presumably in the hopes of tech

advancing to be able to decrypt it against your will and without your knowledge. Groklaw has readers

all over the world."

 

Her post supplied a link to cyber security laws posted by Harvard’s Berkman Center.“Not that

anyone seems to follow any laws that get in their way these days,” she wrote. “Or if they find they

need a law to make conduct lawful, they just write a new law or reinterpret an old one and keep on

going. That's not the rule of law as I understand the term.”

 

About the Author

 

Like many Americans Terry Duschinski doesn't know if NSA programs keep us safe or make us

serfs. But he's fascinated with whistleblowers and suggests if you know of questionable deeds

being done in secret, you might want to consult the Goldberg Kohn law office website for a vast

assortment of helpful resources.

Improving Network Security with a Virtual Network

A virtual network uses virtual links to connect computers rather than physical connections. A virtual link is a combination of hardware and software that provides the functionality of a network. A virtual network is a single administrative entity that may also use virtualized resources and platforms. Businesses often use virtualization to improve network security.

Deployment

RAD Data Communications states that virtual networks may be based on virtual protocols or devices. Networks based on virtual protocols include Virtual Local Area Networks, Virtual Private LAN Services and Virtual Private Networks. An organization can deploy a VLAN by using a VLAN ID to partition a physical LAN into logical LANs. It's also possible to combine physical LANs into a logical LAN. A single router may connect the computers on a partitioned network, or each VLAN may use its own router.

Organizations often deploy a VLAN onto a VPN, which consists of multiple endpoints connected by a tunnel through a physical network. A VPN's endpoints typically consist of VPN gateways to software clients, and a third party usually administers the physical network. Two endpoints in a VPN comprise a Point-to-Point VPN. An organization can also deploy a multipoint VPN by creating multiple tunnels.

A VPLS is a type of multipoint VPN that can be classified into Ethernet Virtual Connection Services and Transparent LAN Services. An EVCS has a VLAN ID that provides it with sub-netting capability, while a TLS does not have this capability.

Networks based on virtual devices include networks that use a hypervisor to connect virtual machines. A virtual machine is a software application that emulates the characteristics of a physical machine. A hypervisor is a program that creates and manages the virtual machines, which typically run on a single physical machine. This type of network has virtualized network components such as virtual firewalls, routers and switches. It may use virtual protocols such as IEEE 802.1Q, or it may use physical protocols such as Ethernet.

Security

Organizations often use a VPN when they need a secure virtual network. A VPN allows computers to send and receive secure data over a public network like the Internet as if they were on a physical private network. This solution has the connectivity of a public network while providing the functionality, management and security of a private network. A VPN accomplishes this by creating a virtual PTP connection between the two computers. This connection use encryption, dedicated connections or both.

A common use of a VPN is to communicate between an organization's main office and its satellite offices by using the Internet. Kent Information Services reports that this implementation of a virtual network is especially beneficial to medium-sized business. It eliminates the expense of a dedicated data line to provide the required security, which this example accomplishes with tunneling protocols and authenticated remote access.

The VPN Consortium reports that the VPN security model prevents attackers from seeing plain-text data, even when they sniff the network traffic at the packet level. Authentication of the sender prevents an unauthorized user from gaining access to the VPN, and message integrity can detect when an attacker modifies a transmitted message. A VPN must authenticate the endpoints of a tunnel before it can establish a connection between computers. VPNs that allow remote access may use additional methods to authenticate users such as biometrics, two-factor authentication and passwords.

VPNs use a variety of protocols to maintain security, such as Internet Protocol Security. The Internet Engineering Task Force originally developed IPsec for IPv6, although it's primarily used in the Layer 2 Tunneling Protocol and IPv4. IPsec encrypts an IP packet within an IPsec packet, sends it through the tunnel and decrypts the IP packet at the end of the tunnel. Secure Socket Layer/Transport Layer Security can send the traffic for an entire network through a tunnel, and it can also establish a secure connection for an individual session.

Author Bio

Matt Smith is a Dell employee who writes to help raise awareness on the topic of Virtualization and other network management subjects.

 

Essential WordPress Security Tips

WordPress is one of the most well-known Content Management Systems worldwide, applied by around sixty million websites in the online world. But WordPress is a free web application. Because it's free, everyone contains easy access to its Programmed Code which enables him to try out new hacking strategies easily. Typically WordPress is quite safe and protected if you use some security steps as well as follow some general points to keep hackers away from your blog. The guidelines pointed out in this post are will give the security of your blog to the next level. You can secure your WordPress website by using the below mentioned points to solidify the protection.

Set a Custom Username


During the Installation process, the default username is "admin" and hackers try this username while trying to login. If your username is already set to "admin" then you cannot change it directly, first you will have to make a new user with full admin rights and then login with that username and delete the previous one. It's essential that you choose an un-common username.

Change database table prefixes


By default, WordPress table prefix is wp_. Since WordPress is Free and every hacker knows its source code and database information. If you keep the database table prefixes same, everyone know the names of your database tables and can make SQL queries easily. You can change the prefix during installation process simply by writing a 2-3 characters long prefix in its option. If you have already installed WordPress without changing the prefix then you can change with it with the help of any suitable plugin such as "WP Secure Scan".

Keep the Code Up-To-Date


Always keep all the files updated. When there's a fresh release of WordPress, update it instantly. Generally a message will be informed in the top of the dashboard as well as in the updates menu that there's a fresh release of WordPress. Always do the update process through the dashboard or in case you don't want to do it through the dashboard then don't download the new version from any other website than WordPress.org.

Password Protect WP Admin Directory


One of the best ways to keep your login page secure is to password protect your wp-admin folder because not a single find in this sensitive folder is used by the visitors who're browsing the website. It is done through the hosting. Go to the file manager and right click on the wp-admin folder and then click on the password protect option. A page will open in which you will set a username and password. When it is done, all the authorized admins will have to perform a 2 step verification process to go to the WP admin dashboard.

Delete Unnecessary Files


Delete inactivated plugins that you aren't making use of them. Just deactivating them is not sufficient because the files of the plugin remain on your hosting server. Any weak point in the plugin can be harmful and can allow the hackers to make a breaking. Double check that you delete those plugins completely from your hosting server to avoid any chance for the hackers.

Don't Show WordPress Version on Your Blog


You shouldn't show the current version of your WordPress installation publicly. The specific WordPress version you have installed will be able to help the hacker in determining the way to enter the sensitive areas of your website. It can be removed through including the below mentioned code into the functions.php file.  remove_action( 'wp_head', 'wp_generator' );

Limit the Login Attempts


By default WordPress makes it possible for unrestricted login tries most likely through the login web page or perhaps by delivering specific cookies. This enables automatic login attempts to guess the correct one. In order to avoid this type of hacking method, the plugin "login lock down" is used because it blocks an IP address after making the specified number of login attempts.

Regular Backups of WordPress site and database


You also have to get frequent backups of your website and the database depending upon how you update your website.

Remove WP Read Me and License Files


Do remember to delete the read me and the license files, because they contain the version of your WordPress installation as well as other sensitive information that can help the hackers.

Intelligent Solutions Systems offers SEO friendly and secured WordPress Web Design in Pakistan.

Our company also provides SEO in Pakistan with latest techniques to deliver business.

How to Secure Your Wireless Network

How to Secure Your Wireless Network

If you use a wireless network, chances are good it is not secure. If you don’t make some important configuration changes on your wireless router after installing it, your wireless network is wide open to hackers, curious neighbors and people who would rather use your broadband internet service instead of buying their own.

Several of my neighbors have a wireless network set up in their home, and from my living room I can connect to three different networks in addition to my own. I do this easily, using no special skills, software or equipment. All I do is click on my wireless networking icon and select “view available wireless networks”. I choose one, click “connect”, and in an instant I am using my neighbor’s internet connection instead of my own. Kind of creepy, isn’t it?

Following are 6 things you can do to make your wireless network invisible and impenetrable to the majority of intruders.

  • Change the default password of your wireless router. This makes it harder for a would-be intruder to access the router administration controls.
  • Change the name of your SSID. The SSID (service set identifier) is the name of your wireless network, and by default is usually the brand name of your wireless router (like Linksys). Change this to a unique name of your choice. A good rule of thumb to follow when setting up any type of network is to always change the default settings to something else, which makes it harder for an intruder to get in.
  • Use an encryption key. Most wireless routers have WEP encryption capability (Wireless Equivalent Protocol), and the newer ones also have WPA (Wi-Fi Protected Access). WEP is an older standard and less secure than WPA, so if you have both, choose WPA. Even WEP is probably good enough, and if this is all you have choose the highest bit encryption possible (usually 128 bit).
Once you set up encryption on your wireless router, write down the method you are using as well as the key (a long string of cryptic-looking characters), because you will need this to set up encryption on each of your computers that will use the wireless network.
  • Disable broadcasting of your SSID. By default, the SSID (your wireless network’s name) is broadcast to anyone with a wireless network card. Although this makes it easy to configure your computers to access your network, it also makes it easy for outsiders to know about your network. By disabling SSID broadcast, no one will ever see your network.
  • Limit the number of IP addresses your wireless router allows on the network. By default, your wireless router will assign an IP address to as many computers that request one. If you limit the number of addresses that the router’s DHCP server assigns to just the number that you need, you will “block” all other computers that try to connect to your network.
  • Use MAC address filtering. You can configure your wireless router to only allow certain computers on the wireless network by including each computer’s MAC address in the list of “allowed” users. A MAC address is a unique physical address that is hard coded onto each network interface card. It is much like a serial number, as every MAC address is unique.
Find your network card’s MAC address by opening up a command prompt and typing in ipconfig /all. Look for something that says “physical address”, and the series of letters and numbers following this is your MAC address. It will look something like this: 00-06-5B-CE-DA-B5. Key this information into the wireless router’s MAC address filtering setup under MAC address 1. Repeat this process for every computer on your network, using MAC address 2, 3, and so on.

In addition to securing your wireless network, there is one more thing you need to do to make sure your wireless network is safe:

  • Install a personal firewall on each of the computers on your wireless network. If an intruder does happen to get into your network, a personal firewall (also known as a software firewall) will keep him out of your computer. With a personal firewall running, the most an intruder can do is use your internet connection and your bandwidth; he will not be able to access your data.
 

Internet Security Demystified

Everyone who uses the Internet has heard the stories of compromised Pentagon computers, millions of stolen password, denial of service attacks and more. So what causes the Internet to be so insecure? This article attempts to shed light on the evolution of Internet security issues.

Genesis

American taxpayers paid for the development of the Internet under the large umbrella of the Department of Defense (DoD); more specifically the Defense Advanced Research Planning Agency or DARPA funded the necessary research at universities and private corporations. Our military had some very basic requirements at the time. Computers made by Company A needed to be able to exchange information with computers made by Company B. This requirement arose because Congress had mandated that DoD use a competitive bidding process for procurements to insure that the low bidder won the contract. Consequently, the DoD was home to every kind of computer made and none of them talked to each other. One other Internet design requirement imposed by the military was that the Internet should be robust enough to operate during wartime when many of the telephone lines that carried military communications (voice and data) could be bombed out of existence. As it turned out, this requirement for “survivability” meant that the technical architecture of the Internet needed to provide ways for data to be “dynamically rerouted” via whatever links were not bombed out to insure that the message eventually had the greatest chance of reaching the intended destination. As we will see later, this requirement imposed such unique design requirements that the military willingly traded off poor security for a higher probability of deliver.

Who Needs Security Anyway?

There was of course a great reason why the most powerful military in history willingly traded off security for survivability. Surprising, the answer was because transmission security was not really needed! This is because the military has long employed encryption capabilities on all of its communications links to prevent an enemy from intercepting transmissions. With encryption capabilities already in place the computers could effectively be “relieved” of the need for concern about security. This drove the design requirements of the Internet protocols, which are effectively the language used by the equipment within the Internet.

Internet Design

To understand why the Internet is so insecure you have to actually consider the rules of communication used between pieces of equipment. Actually, understanding just a few of the design choices goes a long way in understanding Internet security. Since the DoD was already using systems that scrambled up everything transmitted, the Internet Protocol design could be free to use the lowest overhead communication of all – namely “plain text.” Plain text protocol design essentially means that all of the communication rules are built around transmissions that anyone can simply read like today's newspaper. Without the encryption devices present, credit cards, email messages, entire file transfers, chat sessions and every other application exchange are as easy to read as today's newspaper. Of course, that doesn't apply to the DoD because their links employ encryption.

Another interesting design decision employed within the Internet protocols is best understood by the “survivability” requirement. Instead of sending all of the information via a “dedicated link” the Internet protocols chop the data up into small pieces which travel independently over whatever link is up and are put back together again in the proper order by the receiving system. Since it is possible during wartime for many different paths to be out of commission it was necessary to define timers that allowed incredibly long periods (in computer processing time) of time for each piece of information to arrive. Under conditions where security was not taken off the table as a requirement, protocol timers would be expected to be set in computer time, which is milliseconds. But if security is not a concern its possible to define timers that allow say 20 minutes to pass without the sender or receiver tearing down the connection. The consequence of this, however, is that a human hacker has all of the time in the world to manipulate the exchange of information so it really isn't even necessary to automate an attack because Internet systems will just “assume” the transmitter is operating under severely degraded conditions.

Really Open Systems

These two characteristics of the Internet, plain text transmissions and almost unlimited (in computer time) timers make the Internet incredibly insecure for anyone who is not using encryption on their transmissions. And since the Internet is an “open system” environment the documents that define the required protocol exchanges between any two applications are defined and published for everyone with an interest to read by the Internet Engineering Task Force (IETF). From a security perspective this is a bit like the Bank of America publishing the combination for all of its safes in the New York times but from an engineering perspective this greatly helps to rapidly deploy new Internet applications.

Shhhh...That's a Secret

Why do we hear about Pentagon computer break-ins if the military has encryption on all its systems? Ah, the truth is that not every computer used by the military has the level of sensitive information required to justify encryption protection. Even though the military, and most Federal Government agencies, view everything as “For Official Use Only” the truth is that someone breaking into a computer in the Press Release office in the Pentagon is not really going to obtain any secretive information anyway. Sometimes, such disclosed “break ins” are little more than a bureaucrat trying to justify a larger budget for the office.

Theft By Any Other Name

What about hacking account passwords at banks? Yes, that is legitimate theft of corporate property.  In comparison, however, let's imagine a similar situation at the level of an individual. Let's say you visit Central Park in New York City and sit down on a bench and spent some time cleaning out your wallet. You decide a cup of coffee would be nice so you place your wallet down on the park bench and stroll leisurely across the street to a coffee shop. You buy the coffee and head back to the bench where you expect your wallet will still be sitting just where you left it and no one would dare even take a peek inside because its your personal property, right? Absurd? Yes, very! Consider then how the government has spent millions and millions of dollars building sophisticated monitoring systems over its Internet protocol networks and then voraciously prosecuted teenage kids who dared to take a peek at computer systems that had their data hanging out on the Internet for anyone who cared to read it. Well of course breaking into any computer should be illegal based on the morality that stealing is wrong but it seems that it should be equally wrong for billion dollar corporations and governments, both of which employ the highest educated computer experts possible, from putting their sensitive computers on the Internet in the first place. The hackers have been vilified as some type of genius level computer guru who thwarted the best security experts in the world when in fact they interacted with systems that were all too anxious to hand over any and all requests for information without even so much as a timer set on how fast the hacker should type!

Have Glue, Will Stick

Fortunately, industry came along many years later with add-on security tools that allow information such as credit card accounts to use lightweight quality encryption such as Secure Socket Layer (SSL), Transport Layer Security (TLS), and other capabilities that enabled electronic commerce to flourish on the Internet.  Other than these features, however, the Internet still operates like the fully open system it was designed to be.

About the Author

Jason Canon has over 30 years experience in the computer industry and served as a voting member of the Federal Internetworking Requirements Panel.