Video Entertainment Goes to the Cloud

When was the last time you looked at your cable bill? Has the rate gone up? Chances are it has, as most providers constantly seem to raise their rates on unsuspecting customers. Now, with Netflix, Hulu Plus and similar services, people in your situation can stream their entertainment of choice over their computer or other wireless device, rather than actually downloading (illegally or otherwise) movies or shows or digging out the rabbit ears. As long as your favorite shows are carried by one of these streaming services, you can easily ditch the cable company and still enjoy your favorite entertainment.

The Gaming Industry Is Changing

Since gamers first blew on Nintendo cartridges to get them working, gamers have understood the importance of a physical medium with their games. Cloud computing is ever-so-slowly changing that. Microsoft is pushing the cloud as an option for extra save space at the same time they’re pushing Xbox owners to buy their games as downloads. Once gamers start to fill up their hard drives with downloaded games, they can start using space on the cloud.

Xbox is taking this a step further, though, through the cloud. Now, gamers who have an Xbox 360 console can save their games directly to the cloud, rather than on their console. This means that they can open their game on a different console, such as the one on the TV in their bedroom or the one at their friend’s house. This is technology you couldn’t even have dreamed of 10 years ago, when the “Game Genie” was still considered high tech.

The Cloud Is Changing the Music Industry

It will not be long before a collection of CDs will be a thing of the past, much like cassettes and eight-tracks. Today’s music fan is already using mp3 players and digital copies of their music to enjoy it on the go. Yet, mp3 players can only hold a finite number of songs. If yours is full and you want to add a new song, you will have to find one to delete.

Streaming on-demand music services like Panodora and Spotify are giving music lovers access to all the music they want, all the time, with almost instant access to tap into when they want to hear a song. These utilize cloud technology to give you the ability to stream a song whenever you want. While you may not own the album or song any longer, like you do when you buy a CD or mp3, you have access to just about any song you want, any time you want. It’s likely that many will still utilize local storage, though.

Cloud technology is making data more readily accessible around every turn, and this is clearly seen in changes to modern technology. With this technology, it will not be long before you can stream just about any entertainment option from just about anywhere you have access to the cloud. Whether you are streaming video onto your mobile device or tuning into Spotify on your laptop, chances are you are going to be using the cloud for entertainment sometime in the near future.

As a serial worrier I decided that before considering the idea of treating myself to a fantastic holiday I would find out just how safe an option this is.

Fire Risks

You will find that cruises have a large number of smoke detectors on it, as well as a top of the range sprinkler system which would react automatically in the event of any incident.

Falling Overboard

Maybe I am just too much of a worrier, but doesn’t anyone else think about this as a danger too? I did a bit of investigation and found that cruise vessels tend to have rails with a height of at least 42 inches, so I am guessing that the only way I am going overboard is if I really try to do it. Even if I do then the alarm system and search technology should ensure that I am rescued pretty sharpish.

Other Passengers

I am sure that the vast majority of other passengers just want a good time on their trip too. That doesn’t mean that you are entirely safe from coming across a bad apple though, does it? There is probably less chance of anything untoward happening to you onboard than in your home city but even if you are really unlucky then the ship’s surveillance systems will help the staff come to your rescue.

Crashes and Shipwrecks

The recent Costa Concordia disaster has made us all far more aware of the dangers of being at sea but I am strangely calm about this issue. After all, I never stopped flying after hearing about isolated accidents in different parts of the world. In the case of the Concordia we will need to wait to find out what the causes of the disaster were, but it is clear that there is a lot of safety technology at play on modern ships. The truth of the matter is that as passengers we never get to see any of this stuff and we probably never think about it much either. Perhaps we are all more familiar with the image of an airline pilot ensconced in the cockpit and surrounded by dials and instruments telling him how things are going. In the case of cruise vessels the same sort of approach applies, and the ships’ captains have access to a wide range of modern and sophisticated instruments which let them stay in control of the situation. I’ve gone a cruise holiday from Southampton and had the time of my life.

Analyzing the Data Issues

Know all your databases and functions to the fullest to know how to protect your business. It may require a flow chart of a master database and all other databases that link into the main system. Not only do you protect the main database but each smaller database that feeds and pulls from the main database requires protection as well. Losing one could mean losing a vital picture of part of your business that can cost you a lot of money, even take you down.

Pull together all database managers and users to get a clear overall picture of what is being accessed, when it is accessed, and for what purposes. While you would think this would be logical, each department has its own reasons for what it does and doesn’t really need to communicate with other departments. Each department manager works independently with the IT group to configure ways to pull out specific information. Having a central monitor aware of what everyone is doing, how and why, provides the clearest picture of how to secure the system to keep access rolling, regardless of emergencies. Don’t leave it to just one person. Create a team who individually knows everything about what’s happening.

Planning the Emergency Management Procedure

Once you know your systems through and through, the functions and processes, it’s time to develop and fine-tune the backup emergency management procedure, based on your particular circumstances. If you are in a war zone, for instance, the possibilities of bombs, local terrorist takeover, Internet hacking (worldwide issue), will be a daily hazard. You are better off having all your data backed up from one or more hosting companies so that if the building goes down, the data is not lost, only inaccessible (obviously) from your local point. This is equally relevant for businesses in earthquake-prone areas, high tornado, tsunami, and flood crisis areas. If in a war zone, the data should be backed up with hosting companies outside the country.

Cloak of Invisibility

If you are in a high-security risk business, you may want to choose a company that while visible as a managed server hosting company, does most of its work in a secure undisclosed location that passersby have no clue about. The hosting company headquarters carries the company name and logo on the front of the building but basically is an advertising and business presentation location. That means that the “brains” of the company are basically off in another city, state or country, based in some brown brick warehouse-looking building with some obscure business name attached to a sign outside, like “Pappa’s Bread Factory.” There is the question of whether the company provides appropriate baking bread smells to the area too, to make it more realistic.

Backup Location Issues

The further the backup hosting company, the slower your information will travel to you and back again to provide the information you need to conduct business. If your business is in Texas, have a backup server hosting in Kansas, for instance. As Kansas is prone to tornadoes, have a second backup system in Montana. Hosting companies can provide you with multiple backup arrangements on their end and provide cloud storage management easily accessible through the Mozilla Firefox browser and choice of Firefox-friendly desktop apps.

Your Technical Infrastructure Protection

How you arrange your office computer setup can make the difference between having a secure working environment and making it easy for infiltrators to get to your information. Rather than using tower desktops at the workers’ stations, all computer information on location is accessed by fiber cable optics to the mainframe system, and only with specific worker identification sign in procedures. Laptops, iPads, iPhones can all be used to protect a local system against infiltration by accessing the main system remotely and disabling access so that no one can access hard drives and other physical systems. Equally important however, is the protection used on portable devices, such as laptops, allowing only the user entering in sophisticated identification procedures to log into the systems.

Defining Procedures for Accessibility After a Disaster

On your side, you’ll have a small team consisting of your IT group and the team overseeing database information issues, all of whom have been trained on how to reactivate access to the backup system and cloud network via laptop access in a remote area. The procedures will have been worked out with your hosting company so that data recovery is conducted without loss of information and significant downtime. This can be a procedure requiring everyone to meet at a certain location to input keywords and use a fingerprint log in. The procedure design can be as complicated as you like it for added security.

A Final Thought

We can try to cover for every kind of disaster, whether a geographical issue such as war zones, natural disasters, and even a nuclear bomb threat which requires some type of underground bunker facility. What happens when the electricity goes down? Preparation must be made for such a situation such as having access to diesel generators with plenty of stored diesel to keep things going, at least for a while. Whoever you select as a hosting company must assure you of these kinds of backup arrangement. It is the same kind of system that hospitals and very large sensitive security centers use whenever there are blackouts in any given area after a disaster. Or, you can just hope that no one forgets to pay the electricity bill one month.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?

Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.

Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.

Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance.  There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.

I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.

It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.

Wireless systems can be particularly vulnerable to digital intruders, possibly putting sensitive or private data at risk. However, you can protect yourself by using WEP or WPA encryption, which require users to enter a password before they are allowed to access your wireless network.

These encryption methods are described in easy-to-understand language in a new book called “Geeks On Call Wireless Networking: 5-Minute Fixes” (Wiley, $14.95). The book also offers expert advice and step-by-step explanations of topics ranging from configuring a wireless router to troubleshooting a slow connection.

Here are some additional tips from the book that can help you protect your wireless network.

• Reduce the range of your network. Doing so can keep nosy neighbors from intruding on your connection. Move your wireless router into the center of your home and decrease its power settings.

• Pick a new password. Most routers have a default password of “admin.” Be sure to change it.

• Disable SSID broadcasting. Most wireless routers broadcast the names of user networks (SSIDs) so that other users can log on. This could be a security risk.

• Use encryption to protect credit card information you send wirelessly over the Web. Also, only use your card on a Web site that has SSL encryption (look for a padlock in the corner of the site).

• Disable your wireless card when not in use. There’s no better way to secure your computer.

• Use a firewall, which is a program that shields your computer from Internet criminals.

• Don’t use shared files. Remove all important documents from your Shared Files folder before accessing a public network.

• If you use a wireless laptop, disable the feature that attempts to connect your laptop to any available wireless network. For most Windows-based laptops, double-click the wireless icon in the lower right corner of Windows. Then click “Properties.” Click the “Wireless Network” tab. Next, click the “Advanced” button. Uncheck the “Automatically Connect to Non-Preferred Networks” option. Finally, click “Close.”

Did you know that in some states Identity Theft is not even against the law? The victim has to prove their innocence. This shocks most Identity Theft Victims, as it should. It shocks me. Law Enforcement and Credit Card Services should be there to help, but in many cases they don’t.

Being prepared, just in case someone steals your identity is a must. It may be inconvenient, but unless you want to go out and try to use your credit card one day, just to find that someone else has been using your identity to make purchases and your card is no longer accepted, then you need to take steps to prevent your identity from being stolen. It can take years to clear this up if it happens to you, so a little prevention now is the answer.

Facts about Identity Theft;

 It is considered by law enforcement to be an absolute epidemic, the fastest growing crime in the United States at this time.
 For the criminal, identity theft is a relatively low-risk, high-reward endeavor. Credit card issuers often don’t prosecute thieves who are apprehended. Why? The firms figure it’s not cost efficient. They can afford to write off a certain amount of fraud as a cost of doing business.
 Recently criminals have been using the victim’s identity to commit crimes ranging form traffic infractions to felonies. How would you like to find out you are wanted for a crime you know nothing about? It has happened.
 All that is needed is your social security number, your birth date and other identifying information such as your address and phone number and whatever else they can find out about you. With this information, and a false driver’s license with their own picture, they can begin the crime.
 If you wait until it happens to you, it’s a nightmare. You won’t know until you are denied credit or a creditor contacts you about a charge you know nothing about.

How do I prevent Identity Theft?

At Home;
 If you have roommates, employ outside help, or are having work done in your home, make sure your personal information is not readily available to them.
 Deposit your outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox. If you’re planning to be away from home and can’t pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.
 Tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you’re discarding, and credit offers you get in the mail. To opt out of receiving offers of credit in the mail, call: 1-888-5-OPTOUT (1-888-567-8688).
 Give your Social Security number only when absolutely necessary, and ask to use other types of identifiers. If your state uses your Social Security number as your driver’s license number, ask to substitute another number. Do the same if your health insurance company uses your Social Security number as your policy number.

At Work;
 Ask about information security procedures in your workplace or at businesses, doctor’s offices or other institutions that collect your personally identifying information. Find out who has access to your personal information and verify that it is handled securely. Ask about the disposal procedures for those records as well. Find out if your information will be shared with anyone else. If so, ask how your information can be kept confidential. Keep your purse or wallet in a safe place at work; do the same with copies of administrative forms that have your sensitive personal information.

Online;
 If you do financial transactions over the Internet, read their privacy and or security statements. You want to know who they share your personal information with. You want to know they use a “secure server” for transactions. You want to know how they store your personal information. If you don’t like what you hear, don’t do your business at that website. There are always alternatives.
 Use PayPal. You can transfer a limited number of funds into your paypal account and use it to buy merchandise online instead of your credit card.
  Don’t give out personal information on the phone, through the mail, or on the Internet unless you’ve initiated the contact or are sure you know who you’re dealing with.
 Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization’s website by typing its URL in the address line, rather than cutting and pasting it. Be cautious when responding to promotions. Identity thieves may create phony promotional offers to get you to give them your personal information.

Going Out;
 Carry only the identification information and the credit and debit cards that you’ll actually need when you go out. Don’t carry your social security card with you unless you expect to need it.

Should I buy identity theft insurance?

Some companies offer insurance or similar products that claim to give you protection against the costs associated with resolving an identity theft case. Be aware that most creditors will only deal with you to resolve problems, so the insurance company in most cases will not be able to reduce that burden. As with any product or service, make sure you understand what you’re getting before you buy. If you decide to buy an identity theft insurance product, check out the company with your local Better Business Bureau, consumer protection agency and state Attorney General to see if they have any complaints on file.

Conclusion: Be smart. If someone is asking for your personal information, anyone, including friends, acquaintances, companies, stores, websites, or anyone else, ask questions. Find out why they need this information, what they are going to do with it, how long do they keep it stored, who they share it with, and how can you be sure it is going to be kept secure.

There are three different types of intrusion detection systems.

A host-based Intrusion Detection Systems consists of an agent on a host that can identify intrusions by analyzing system calls, application logs, and host activities. Network Intrusion Detection System is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. These gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap.

Hybrid Intrusion Detection Systems combine both approaches and the host agent data is combined with network information to form a complete view of the network.

A Signature-Based Intrusion Detection System can identify intrusions by watching for patterns of traffic or application data presumed to be malicious. These systems are able to detect only known attacks, but depending on their rule set, signature based IDS’s can sometimes detect new attacks which share characteristics with old attacks.

Anomaly-Based Intrusion Detection Systems identify intrusions by notifying operators of traffic or application content presumed to be different from normal activity on the network or host. Anomaly-Based Intrusion Detection Systems typically achieve this with self-learning.

A Signature-Based Intrusion Detection System identifies intrusions by watching for patterns of traffic or application data presumed to be malicious. These type of systems are presumed to be able to detect only ‘known’ attacks. However, depending on their rule set, signature-based IDSs can sometimes detect new attacks which share characteristics with old attacks, e.g., accessing ‘cmd.exe’ via a HTTP GET request.

An Anomaly-Based Intrusion Detection System identifies intrusions by notifying operators of traffic or application content presumed to be different from ‘normal’ activity on the network or host. Anomaly-based IDSs typically achieve this with self-learning.

Features and Benefits The Managed Intrusion Prevention Service includes:

Configure and provision device

Create initial policy; update and tune policy on an ongoing basis

Monitor and report on health and security events 24×7

Industry leading Service Level Agreement

Report all security events on the Client Resource Portal

Flexible reporting options on Client Resource Portal

Notify customers of major security and health issues

Upgrade and patch devices

Seamless integration with VeriSign’s Incident Response and Computer Forensics team

Whether used for detection or prevention, Intrusion SecureNet technology is peerless in accurately detecting attacks and proactively reporting indicators of future information loss or service interruption. Using pattern matching for performance and protocol decoding to detect intentional evasion and polymorphic or patternless attacks, as well as protocol and network anomalies before a new attack has a signature created, the SecureNet System is ideal for protecting critical networks and valuable information assets.

Spyware/Adware is the latest form of internet intrusion, being any software installed on your computer without your knowledge or consent which allows information about you and/or your computer to be seen and used by others in an unwelcome manner.  Being very difficult to remove on your own it usually requires installation of anti-spyware software to erase it completely from your hard drive.  A lot of people think that their anti-virus software will protect against spyware as well, this is not the case since this software is not designed to specifically remove spyware, it goes undetected when your hard drive is scanned.  Whether you’re a small business owner or even if you just use your computer on a regular basis, if don’t have some type of antivirus and anti-spyware protection installed on your computer you are extremely visible on the web (you want to be “invisible” when browsing the web) and are placing yourself at risk to intrusion and/or theft by internet predators.  I would know since I had to pay $225 just to have viruses removed from my computer’s hard drive-which is never any fun by the way.  So as a word of caution, make sure your information will be safe before placing it on your PC.  You can visit Trend Micro to learn more about what to look for and how to protect yourself from malware, phishing sites, and, joke programs.

Furthermore, an FTC survey reported that 4.6% of those polled reported that they had been a victim of identity theft within the past year. Additionally, according to a recent General Accounting Office report, it is estimated that as many as 750,000 Americans are victims of identity theft every year.

Is this an invisible enemy and are American’s personal and financial information that easily accessible to identity thieves? What can the average American do to protect themselves from these personal attacks on their privacy? Although there are no guarantees, here are five simple steps to help prevent identity theft:

1) Shred private credit card statements, tax documents, bank statements, pre-approved credit card offers or any other documentation with private financial information.

2) If you are inundated with pre-approved credit card offers you can call toll free 1-888-567-8688 to opt out and request to have your name removed from the mailing list. In addition, you can call the national do not call registry at 1-888-382-1222 to stop unsolicited telemarketing calls where you could divulge personal information.

3) Monitor your credit report at least once a year. You are entitled to a free credit report and can get one by calling 1-877-322-8228. Look for suspicious activity. It is also wise to subscribe to a credit protection service which will inform you of changes in your credit report.

4) Check your mailbox daily and do not allow mail to sit overnight in your mailbox. Mail theft is an easy way for thieves to secure personal information. It is best to mail outgoing bills and checks at the post office or other secure locations. If you believe your mail has been stolen you must contact the nearest postal inspector. You can look in the white pages under Government Services or call 1-800-ASK-USPS.

5) Be defensive and more guarded with your information. Do not divulge your personal information freely. Never “validate” your personal or financial information when contacted through an email, even if it is a company you do business with; they have this information on file. It may look legitimate and realistic, but these attempts are getting more sophisticated and these types of scams are what is known as “phishing”.

We have explored five simple steps that the average person can do to help themselves prevent identity theft. In this age of advanced communications and technology and with the thieves getting more deceptive than ever, it is imperative to continue to educate yourself. Be cautious and understand that this information can be abused and it is up to you to safeguard yourself and your famliy from this growing trend.