Main Menu

Sponsored Links

JoomlaWatch Stats 1.2.9 by Matej Koval
XStore Newsletter 6 PDF Print E-mail

[ July 2007 ]

Dear all,

On the menu this month are some topics surrounding web and system security, asd well as deciding whether or not to host yourself, and lastly some information on Microsoft licensing.

  July 2007

  1. To host or not to host, that is the question
  2. Login/System security
  3. Trojans
  4. Spotlight on
  5. Microsoft licensing

 

1. Web and Email hosting

There are a few choices surrounding the topic of hosting web sites and email domains.

  1. do it yourself if you've got a internet gateway/server
  2. host it with a service provider

 

I'll go through the pros and cons on both now:

1. Self hosting

    pros

  • cheaper option if you've already got a system in place and cheaper in ongoing costs
  • easy access to the web and/or email configuration
  • updating the web site is easier
  • inserting specialised spam controls is possible
  • cost is the same no matter how many sites/domains/database you run
  • customisation of server configuration

    cons

  • performance is limited by your internet connection
  • usage is limited to your 'CAP' if you're using a broadband or similar solution
  • you need someone to manage the server

2. ISP hosting

    pros

  • ISPs normally have high speed backbones giving high speed access and low latencies to your site
  • they have a variety of plans from basic ( share with someone else ) to managed servers ( you are on your own server ) or even co-located ( you provide your own server )
  • Control panels provide some means to configure web sites and email users
  • no requirement to manage or host a server on your part

    cons

  • limited control over your server and configuration
  • not much scope for alterations to your installation
  • preset list of applications supported
  • cost grows ( proportionately ) as you add databases/web sites/email domains

 

For the most part, if you have the infrastructure ( stable internet link, power and networking ) it's my recommendation to host yourself as the extra control it gives you is worth the initial outlay/installation. You can also make use of your internet gateway to provide additional services ( not normally covered by ISP options ) such as file sharing, fax server,  ftp service, stateful firewall and for running alternative web applicaitons not covered by the ISP.

 
2. Login/System security

No matter which platform or application one uses, it's always a requirement that you use a strong password. Too may times, people use familiar items for passwords such as pet names, birth dates and favourite actors ( or actresses ). These are quite easy to compromise and can lead to a number of dangerous activities relating to your data and information.

Also, don't reuse the same password too many times as, if it is compromised once, it will be compromised for all the areas you use it for.
3. Trojans

Trojan applications are becoming more prevalent by the day and it's important to keep both your anti-virus and anti-spam/malware packages up to date.

 
4. Microsoft licensing

Microsoft often has a lot to say about the piracy of their products. Howeevr it's quite interesting that their own statistics indicate that a large percentage of companies and individuals that are using pirated software, do not even know it. And I think one of the prime reasons for this is the fact that Microsoft's licensing schemes are overly complex at the best of times.

So if you're unsure, ask your reseller or distributor whether you're in the wrong or right. Better yet, move as much applications and platforms to open source as you can. Not only do you remove the purchase cost, but you also remove the potential for mistakes in licensing ( which Microsoft will punish ). 

 
5. Phishing and pharming

Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords, credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out by email or instant messaging, and often directs users to give details at a website, although phone contact has been used as well.

Herewith follows an example of phishing:

You get an email purporting to be from Standard Bank's Internet Banking section. Everything looks fairly innocent but there are a couple of tests you need to do to make sure any links you click on are valid for this company

- most reputable institutions will never ask you to validate your personal information by sending you an email - these emails are a dead give-away
- check the site's security certificate to make sure it matches the site you are visiting - all browsers will display a little lock icon in the bottom information bar of the browser that you can click on to get information about the site's security
- check any links to requests for information carefully - the following link is bogus:

www.standardbank.co.za

If you hover your mouse over the above link, you will see the true destination for that link.

Pharming (pronounced farming) is a cracker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses — they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". The term pharming is a word play on farming and phishing.

Pharming is very difficult to protect against by using AV or Anti Spyware tools as the problem is not a local infection/issue on the user's computer. This does mean that one needs to look carefully at sites you are visiting to make sure they are valid.


Conclusion: To a certain extent, South Africa's relative electronic obscurity on the world stage in 80's/90's was a security blessing in disguise, but as we become more active on the Internet, we need to be far more vigilant about how we deal with electronic communications. Financial Institutions such as FNB and Standard bank have had a variety of phishing attacks aimed against them in the last year, so local companies are not immune at all. Learning to spot phishing and pharming attacks is the first step to ID protection and a safer Internet experience. For more information about phishing and pharming, please see the Anti-Phishing Working Group's website.


a. if anyone has topics of interest they would like covered, please email your requests and suggestions to This e-mail address is being protected from spambots. You need JavaScript enabled to view it
b. please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it if you would not like to receive this bulletin

Robby Pedrica

< Prev   Next >
 
XStore Consulting, Powered by Joomla!; Joomla templates by SG web hosting