Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

FADPRT
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone. Any comments, bug reports etc. are welcome...
3
 
LVL 2

Expert Comment

by:Naveen Sharma
Comment Utility
Lepide Active Directory Self Service tool, free for 50 users:
https://www.lepide.com/active-directory-self-service/
0
 
LVL 58

Expert Comment

by:McKnife
Comment Utility
@Naveen: What makes your payware better than this freeware?
0
Concerto's Cloud Advisory Services
LVL 5
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Intels Corporation
Spectre and Meltdown, how it affects me and my clients?
2
 
LVL 50

Expert Comment

by:dbrunton
Comment Utility
That Intel tool is only useful for checking for the Intel Active Management Technology flaw.  That's an old flaw.

This is the Meltdown and Spectre problem which is a new flaw.
0
 
LVL 14

Author Comment

by:Jose Gabriel Ortega C
Comment Utility
Thank you for the comment, I've updated it.
0
Password-Managers
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it's often useful to use more than one.
4
 
LVL 12

Author Comment

by:Andrew Leniart
Comment Utility
@Thomas Zucker-Scharff

Hi Thomas,

I've gotten a response from Sticky Password Premium Support and there is a way to Merge the USB database, though not immediately obvious so I'm not surprised it's easily missed..

The database of the Portable version can be updated by almost the same steps as when installing it. Connect the USB device with the Portable version installed to a Windows computer with the installed desktop version of Sticky Password and navigate to the main Sticky Password window - Menu - Tools - Portable Passwords. You will get an option to replace or merge the databases of both Sticky Password installations:

https://www.stickypassword.com/help/taking-advantage-of-portable-passwords-by-sticky-password-1092

Cloud sync feature for the Portable version is not in our nearest plans however we may add it in future updates.


Hope that helps.

Andrew
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Andrew,

Yes this is how I update my stick database.  I always choose the overwrite option.  It is unfortunate that Sticky Password does not have the option to sync from the stick.
0
Although free tools can be helpful to a limited extent, it’s better to stick to paid versions for business use.
0
2017 was a scary year for cyber security. Hear what our security experts say that hackers have in store for us in 2018.
0
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
5
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense Magazine.
1

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. The term ‘spyware,’ covers a wide variety of such sinister software programs that installs on a computer without the user’s knowledge to essentially hijack web browsers, monitor all user activity on a machine, open backdoors for remote attackers, steal personal information, display unsolicited advertising, and slow PC performance.


The threats and risks posed by spyware for businesses include loss of productivity, profitability and credibility, liability from privacy violations, increased helpdesk cost, and damage to brand reputation. Spyware remediation and countermeasures to keep your company computer systems as safe as possible are in fact as critical as antivirus and antispam measures.


How Does Spyware Work?


Spyware generally falls into two broad categories.


  1. Surveillance software that includes applications such as key loggers, screen capture devices and trojans used to collect sensitive information about the user for monetary exploitation

 

  1. Advertising spyware that can be used by legitimate companies to log information about the user’s browsing history, personal details and online shopping habits to download and display advertisements on your computer utilizing your system resources, such as RAM and CPU.


Once installed on a computer, the program begins logging keystrokes, monitors online purchasing, websites visited, personal data or scans your hard drive to gather valuable information, all of which is then silently transmitted to a third party via file transfers to be aggregated and used for either legal or illegal purposes.


How Does Spyware Infect A Computer?


Spywares are designed to do its work without attracting suspicion and uses a number of convincing disguises to get installed on a user’s computer.


Spyware can be downloaded from web sites, direct file sharing programs, free downloadable software, or even be hidden in email attachments and instant messaging applications. Users can unknowingly install the spyware by clicking on the attachment or weblink, or by downloading the software.


Spyware often relies on “Drive-by installs,” wherein innocuous-looking pop-up windows with “OK” or “Click Here To Read” buttons which, when clicked, leads to the spyware being downloaded. This method of infection is usually accompanied by some form of adware, unwanted toolbars, links, new bookmarks in web browsers, or users get a host of pop-up ads.


Spyware also uses flaws and security holes in certain web browsers.


Often users receive spyware by unwitting accepting an End User License Agreement from a software program.

The new breed of spyware is both clever and tenacious enough to remain undetected for long periods of time. This is when spyware detectors come in handy.


What Are Spyware Detectors?


Spyware detectors are antispyware programs that perform routine checks on the computer to block and prevent spyware infections so that your system is clear of any unwanted and threatening software. Antispyware applications protect organizations from spyware intrusions by automatically scanning and sending potential spyware to quarantine potential malware so that you can delete threats before they can do any damage to your computer software.


They also monitor incoming data from email, websites, and downloads of files to stop spyware programs from being installed. You won’t have to worry about which email attachments are safe to open or whether certain software is suitable for download.


Spyware detectors also send out alerts when a spyware tries to install itself on your computer and warns users against suspicious links within emails, websites and live chats.


Antispyware programs can speed up the computer and browsing performances by removing spyware, adware.


Install Antispyware To Protect Your Business Computers

 

Today, spyware detectors play a critical a role in securing an organization’s system, just like the antivirus and personal firewall software. Always purchase your antispyware program from a retail store or reputable online retailer so that you get a legitimate program. There are many free antispyware programs available on the net but some of these are really spyware programs in disguise and can end up infecting your computer.

Choose the best spyware detector for your business. One that can help scan, detect, remove and block spyware using a friendly and intuitive interface. There are some antispyware programs such as Malwarebytes, SuperAntispyware and Spybot – Search & Destroy  that have been designed specifically to protect your machine from spyware, while others block both viruses and spyware serving as a great endpoint security system, such as Avast Endpoint Protection,  Sophos Endpoint Protection or McAfee. Bitdefender’s GravityZone Business Security package is a more comprehensive security system that can easily detect and fight a variety of malware, ransomware and zero-day threats that may go undetected by traditional security products. For organizations that use a range of different devices and platforms, it may be good to give Trend Micro Worry-Free Business Security a try, as it provides protection for Windows, Mac, mobile devices and servers. Moreover it also stops emails carrying sensitive information from being sent out accidentally or even deliberately.

In today’s world of data threats, your business just cannot do without antivirus and antispyware software. Also implement proactive measures, such as being selective about what you download, reading licensing agreements, being aware of clickable ads and antispyware scams, to deal effectively with both known and unknown threats.

0
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
1
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential to enhance security.
0
The Firewall Audit Checklist
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simple steps...
0
 
LVL 1

Author Comment

by:Muhammad Sajjad
Comment Utility
Dear Thomas

Bundle of thanks for such valued suggestions, I will surely try to edit and repost the article.

Thanks Again
0
 
LVL 2

Expert Comment

by:Naveen Sharma
Comment Utility
Nice points.

Taking regular backup and end-user education, few more security principles that will help to prevent breaches: https://www.lepide.com/blog/five-security-principles-to-prevent-data-breaches-immediately/
0
Phishing emails are a popular malware delivery vehicle for attack. While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to come from a trusted source. Ready to learn more?
1

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security tools at their disposal to keep cybercriminals and hackers at bay. It can be a real challenge to know where to start, when you are defending against malicious code that can damage your system and against cyberthieves on the lookout for sensitive data to sell on the black market. One thing every business can do to protect their website and customers is to use Secure Sockets Layer (SSL) certificates, particularly if they run an e-commerce site or collect personal customer information through their site.


What Is SSL?


The Secure Sockets Layer (SSL) is the most widely used Internet security protocol used today. This encryption technology protects your sensitive information as it travels between the visitors’ web browser and the web server of the website they are interacting with. This secure link ensures that all data is transmitted without being intercepted by prying hackers.


SSL encrypts all data before it is sent so that no one besides you and the website you’re submitting the information to, can see and access what you type into your browser. Random characters are inserted into the original information to make it incomprehensible for anyone without the proper encryption key. Therefore, if it does fall into the wrong hands there is nothing to worry about since the information is unreadable.


SSL Certificate Basics


When you visit a website that has an SSL certificate issued by a trustworthy authority, your browser (i.e. Internet Explorer®, Firefox® and Chrome™) will form a connection with the webserver, recognize the SSL certificate, and then connect your browser and the server so that confidential information can be exchanged.


To enable SSL on your site, you need to get an SSL Certificate that identifies you and install it on your web server. The SSL certificate must also be digitally signed by another trusted root certificate to prove that the SSL certificate provider can be trusted. Business owners can get standard and extended certificates along with tools to manage multiple certificates or security challenges.


Steps For Getting A SSL Certificate


Once you have selected Certification Authority vendor, send a request for certification and pay for the certificate.

Every CA will provide a Certification Practice Statement (CPS) with more specific information about their verification process and how long it will take to receive approval, depending on the complexity of your organization and the type of certification applied for. Business owners then have to go through various stages of vetting before they can install the certificate on their site and connect to a secure server on the web.


When the SSL Certificate is installed properly, you can access a site instantly by changing the URL from http:// to https://. The secure connection happens instantly and technically.


How Can Consumers Tell if a Website is Certified?

SSL is a transparent protocol which requires no interaction from the end user. Users can verify whether the web address in their browser displays a padlock, or, in the case of Extended Validation SSL, if there is both a padlock and a green bar. This assures visitors that the site is SSL certified and that your connection is automatically secured.


How Can SSL Be Used For Business?  

 

The most common applications of SSL are to secure payment transactions, system logins, email, data transfer, and any other sensitive data exchanged online.


If your organization has to comply with regional, national or international regulations, such as Payment Card Industry compliance, on data privacy and security then you will need an SSL certificate with the proper encryption. EV SSL provides advanced security measures to deal with the bigger risks that come with e-commerce today.

SSL is critical for protecting sensitive information such as customer names, phone numbers, addresses and credit card numbers. It also defends your site from malware and prevents malvertising from eating into your resources.

SSL secures webmail and helps establish secure connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.


SSL can also be used to secure intranet based traffic such as internal networks, extranets, and database connections. It also helps transfer of files over https and FTP(s) services safely.


Future-Proof Your Site With SSL Certificate


Online businesses can gain and retain their customer’s trust by getting SSL certification.  Lunarpages offers free dedicated  SSL certificate  and dedicated IP’s with all of our business plans or you can get a Dedicated SSL certificate on your account. Shared SSL certificate will function only with HTML, and cgi/perl based documents/scripts/carts but it will not work with ASP, JSP or PHP pages because of security restrictions on the servers. For that you will need to purchase a Dedicated SSL Certificate and Dedicated IP. If you’re still unsure about how SSL will affect your website, contact Lunarpages at 1-877-586-7207 (US/Canada) to know more.

0

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from others breaking into your data. Google, Mozilla, and other major browsers are on a mission to make insecure HTTP a thing of the past. Google has made HTTPS (Hypertext Transfer Protocol Secure) and website loading speeds major ranking factors.  HTTPS uses a connection encrypted by transport-layer security to protect transmitted data from eavesdropping. Most browsers like Firefox and Chrome now prominently show ‘Not Secure’ warnings in the address bar and warnings also appear directly below form fields on pages using HTTP. These changes show that HTTPS is now a necessity for all sites, because of its privacy and security benefits.


Businesses depend upon SSL certificates to encrypt data and authenticate both internal and external systems and applications to ensure appropriate access. By having websites and endpoints on the Web configured with a SSL certificate, users are assured that the endpoint has been authenticated and any communication with these sites over the HTTPS protocol is encrypted. Complete encryption of data transfer with Secure Socket Layer certificates (SSL certificates) is quickly becoming the norm throughout the Internet.


The Need For Automated SSL Encryption


SSL certificates are used not just for browser-based security but also for secure server-to-server communication for applications and data exchange. The implementation of SSL certificates is rarely automated which means trying to recall special commands, going over steps to renew and deploy a certificate and then tackling complicated installation processes, which can be tricky even for experienced website administrators. The consequences of improperly configured or expired certificate can be disastrous for an organization amounting to financial losses, fines for non-compliance, and lower productivity.


All SSL digital certificates have a lifecycle anywhere between one and three years and upon expiration are not considered valid. SSL certificates need to be renewed at the end of their life to avoid outages, service disruption, and security concerns. Sometimes certificates may also need to be replaced earlier (e.g., bugs, end-of-life of SHA-1 hashing, change in company policy). Keeping certificates up to date, especially when maintaining a multitude of servers can be really annoying. Moving to an automated SSL certificate lifecycle processes takes out the need to rely on manual processes; it takes the guesswork out to improve efficiency and reduce security risks for your business. cPanel addresses the pain point of SSL installation and renewal through the AutoSSL feature.


Fully Automated SSL Encryption With AutoSSL


cPanel, Inc., has recently added a feature called AutoSSL (automated SSL) to automatically provision, issue, configure and install validated SSL certificates to its web hosting partners’ websites. Automated SSL also enables SSL on admin-based logins, email and internally running services in cPanel. AutoSSL is now available to all cPanel web hosting accounts and those running WHM version 60 or later. It is possible to view the logs for AutoSSL right from the WHM interface. AutoSSL automatically includes corresponding www. domains for each domain and subdomain in the certificate. But AutoSSL only includes domains and subdomains that pass a Domain Control Validation (DCV) test as proof of ownership of the domain.


Take The Hard Work Out With Automated SSL Encryption


With AutoSSL enabled, there is no need to fill out lengthy forms and no more having to manually copy certificates into place.  Your websites are automatically secured and encrypted with free Domain Validated SSL certificate and your coverage never lapses. A cronjob handles the request, download, and installation of new SSL certificates around expiration time for all of your hosted domains.


Secure Your Website With Automated SSL Encryption


Users will enjoy a more streamlined experience, with fully automatic issuance, renewal, validation, and setup of SSL certificates for all websites, logins, and endpoints on the server. An automated SSL encryption system eliminates common human errors in the process, which may be caused by the system admin or anyone installing the certificate. Automated SSL encryption improves the privacy, security, and trust of websites for the end users because there will be no lapse in a valid certificate.

0
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
5
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Well written John, and excellent images.  -Jim
0
 
LVL 100

Author Comment

by:John Hurst
Comment Utility
Thanks. I appreciate that. I will work on improving things going forward.
0
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
0
Experts Exchange expands question security options for members.
5
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
2
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
5
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
4
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technology, what hackers may target, more.
0
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
3
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
1
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
0
 
LVL 44

Author Comment

by:Adam Brown
Comment Utility
Thomas,
I'll correct that to say "longer than the universe has existed" instead of as long as. I was working off my memory of the calculations...Not a huge issue, though, since both lengths are stupendously long.
1
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
1
What we learned in Webroot's webinar on multi-vector protection.
4

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.