Core Security Blog

Securing Internet Connected Devices

Cyber-criminals are broadening their nets to focus on an assortment of gadgets and stages. When new devices are completely unprotected, they can be very vulnerable to malware infections or social engineering scams that can steal personal information.

  • Antivirus software is vital yet it is should have been mindful of fake antivirus software. Ensure; dependably buy the security software from a trustworthy seller. Security software ought to incorporate at any rate: continuous hostile to infection, a two-way firewall, against spyware, against phishing and safe inquiry abilities.
  • Protection of data from theft/loss is the first priority. In case of buy any product or device always consider a product that offers data backup and restore features as well as advanced security that allows locating a missing device and remotely locking that device in case of loss or theft.
  • Awareness should come from personal end. Need to educate family members and pay attention to children’s online activities. It is necessary to discuss with the family members including children’s which information is appropriate to share online and which is not, such as addresses, phone numbers, and other private information.
  • It is recommended always download apps from a reputable app store. Third-party applications can be malicious and need to be careful to download any apps.
  • Backing up of personal handheld devices like; mobile, laptop, Tab etc. is necessary to protect the confidential data.
  • In case of removable storage device, such as a flash drive or portable hard drive, always use encrypted USB stick or protected portable hard drive to protect the sensitive data if the device lost or stolen

Securing Implementation of IOT (Internet of Things)

The Internet of Things is advancing the future of business, bringing new capabilities and efficiencies to companies. Security is a core requirement for manufacturers, engineers, administration suppliers and other people who deliver and utilize associated devices. Most of these – especially those used on the “Internet of Things” – rely on a complex web of embedded systems. Securing these frameworks is a noteworthy test, yet inability to do as such can bring about disastrous results.

Every organization should take the following steps to secure their IoT system:

  • Assess the risk with approved risk management procedure.
  • Take necessary measures to secure both information and devices.
  • Need to align both organization and governance for IoT ecosystem.
  • Organization should define and align with legal and regulatory issues regarding this.

How to be safe on Social Networking sites

During enjoying the social networking sites (Facebook, Twitter, Myspace) users should have to keep in mind about the security also. Based on careful uses and behavior pattern users can protecting their computer, money as well as their family and friends.

Beware of phishing messages:  Email phishing is becoming very common incident now-a-days.  Those types of e-mail pretending to be from someone you know and addressing you by your first name. It does not look like a spam message and it can trick you into revealing even more sensitive information. You have to correctly address such kinds of phishing attempt. Please do not click on any link in such types of email. We all need to use our email (both official and personal) account carefully.

Educate & Monitor:  Children and teenagers are very much fond of social networking sites (Facebook, Twitter, Myspace) and chat rooms (Messenger, Viber, skype). Those sites are especially attractive for them. Parents have to educate their children about safe online behavior and they need to take strong control and proactive measures to monitor their children’s online activity as always.

Never disclose too much Information: Every website provides different levels of privacy settings to control access to the users profile page and interaction among users. Banks, schools, doctor’s offices and retail companies all collect and store sensitive and/or financial information about their customers and employees. In some instances, this information is simply mishandled, either in an errant email or using sophisticated social engineering techniques or a misplaced storage device like a laptop or hard drive. Other times the data is stolen by hackers who penetrate servers with the specific purpose of obtaining private data. Using an identity theft protection service is the best way to protect personal information from being misused. Moreover, users should have to more careful to provide their personal information to any site or any organization or anybody else and they have to check the sites validation and certificates authority (CA) at first in this regard before disclosing their information.

Online Banking Safety Tips & Tricks

  • Enable ‘alerts’ (SMS/ email) & other security measures for online banking account login as well as any sort of transactions.
  • Don’t use the same login ID/password for other websites or software. Use separate and unique ID as well as complex password for online banking account.
  • Change account password on frequent basis and never share your password with anyone. Even don’t write the password anywhere else.
  • Ensure the web site address starts with https:// (for proper encryption of the sensitive data)
  • Be suspicious of unknown emails & text messages from the financial institutions or from any unrecognized sources. Do not click on any link in the email. Do not registrar any online forum, social network site using your official email address.
  • Never save your login name or passwords into the web browsers.
  • Don’t access bank account from a public computer (cyber café or public computer lab) or from unprotected device (mobile/POD without antivirus protected).
  • Properly log out from all logged in accounts after finishing the tasks
  • Do not post personal information or secret questions answer on the internet (like as: date of birth, mother’s maiden name, sibling or parent’s full name etc).  As these are the answers to many security questions and can provide valuable information for a cyber-criminal.

User Access Control by ports (through Firewall)

Ports are virtual access points for software to convey over a system and network and are a standard component of every operating system. Few ports must be open to support normal business functions; however, unnecessary open ports provide ways for attackers to get access to an organization’s system, especially those that been left open to the Internet unintentionally.

  • Check and keep only those ports which usually need to remain open and active; elsewhere close other unused ports with firewall software and hardware.
  • Check whether the data is in protected mode while in transit, such as using SSL and TLS encryption.
  • Configure firewall rules to limit access to those users only, which only needs accessed of any particular services.
  • Configure firewall to keep ports open to the Internet that need to be used by the organization’s global audience and must have close rest of ports.
  • If the port of the service is not known, find the port numbers for the mission-critical services by referencing the application’s configuration and support material or searching for those software and service names at IANA’s Service Name Registry.