What this weblog is about

Access denied

The FBI estimates that computer crime costs more than $10 billion each year and that organisations spend more than $4 billion on protection. Computers play an ever-increasing role in modern day businesses and as they continue to play these ever-increasing role, computer systems need to protected.  Each year viruses are more sophisticated and destructive. They destroy files, immobilise mail servers and slow down or stop normal business activity. In the first quater of 2000 for instance, major online companies including CNN Interactive, Amazon,, Yahoo!, Excite, and eBay experienced “Denial of Service” attacks. These attacks send huge amount of traffic to a web site until it can no longer handle the volume. Regular customers then experience a “denial of service” when they attempt to conduct legitimate business at the website.  

 A survey conducted in the US not long revealed that almost 93 percent of employees  recieved no related security guidelines or training on computer security.

An employee breaches computer security

This access can circumvent any internal security policies and leaves the company’s valuable information highly vulnerable to theft or fraud.

With so much at stake, it is clear that every executive, manager, and business owners needs to have a basic knowledge of computer security concepts and solutions. They must be able understand these incidents and ensure that their companies spend the money rationally and effectively. This weblog presents computer security information best practices in an easily understood format.

Who should access this weblog?

 Anyone who is in a leadership position in an organisation would benefit from accessing this weblog frequently. Computer security takes leadership – do you lead by example or is your virus scanner turned off? Senior people are often the worst offenders and undermine security policies. Do you contribute to the problem, forwarding hoaxes? Do you give IT the support and funding they need? Have you sat down and considered the risks and contingency plans? Has computer security even hit your radar? Good IT staff, software, and hardware will not do it all; it takes good policies, strong support, and enforcement of those policies. Only a knowledgeable and aware leadership team can create the culture that will provide this support. IT professionals can also benefit from visiting this weblog along with their leadership. It will provide a common ground and tools to begin the process of working together to improve the organisation’s computer security. Of course, IT professionals will want to augment their visiting this weblog with technical references, but this weblog will help them develop a systematic approach to computer security.

Social engineering – the most sophisticated security breach tool

Social engineering takes advantage of human weaknesses to gain access to passwords and to computer system. In fact, it does not require any computer skills at all. It takes a smooth tongue and sharp mind. Typically someone will call an individual in an organisation and pose as a staff. He will have usually gained enough company information to sound credible and the victim will often provide user name, password or other vital information.
Recently, there has been a rash of social engineering involving email. The email, which appears to be from the site administrator, instructs the recipient to run a previously installed test program. The program then prompts the user to enter his or her password. The program then emails the password to a remote site and the hacker or person retrieves it.
Social engineering is an incredibly effective way of gathering information. The creativity of the hacker and the security awareness of the victim are its only limits. The most accomplished and complete social engineer is Kevin David Mitnick, pictured below.

Kevin Mitnick

For more interesting information on social engineering, click the image below.

Five ways to improve cloud computing security

According to recent research from Gartner, Inc., 60 percent of virtualised servers will be less secure than the physical servers they replace through 2012. Today, most organisations deploy virtualisation technologies without involving information and network security teams in the initial planning stages.
For more information go to http://www.itsecurityportal.com/network.asp.

Motivations a hacker

Personal revenge can motivate current or former employees to hack or break into computer systems. This is a growing problem for organisations. Some polls claim that approximately two-thirds of compter security breaches come from inside the company.These attacks can range from embarrasing to devastating. Eastman Kodak charged Chung-Yuh Soon, a former employee, with transmitting highly confidential software files to a competitor in California. The only reason they detected the alleged theft was that the document was so large it crashed the server. Building a hacker proof wall to the outside world is not enough, security plans must also include inside policies and protections.