OpenSec

Azwan Asmat asked:




Firewall is software that monitors the ingoing and outgoing traffic from your PC. It’s a crucial component in protecting you from online threats. People usually installed anti-virus, anti-spyware but often they forgot to install it.

In my opinion, it is a slightly advance protection software and can cause some headache for those who don’t know anything about computer. I would suggest you to read a few things about this software first before actually using it. It’s because you’re going to need to know about the processes going in or out from your PC.

In this article, I will share with you two best free firewalls available on the internet for you to download. The first software is Comodo Firewall Pro.

I use it personally and to be honest, I like it. But you need some knowledge on which processes to allow access and which to deny and if you don’t have the necessary knowledge, you might allow the malicious process access into your PC.

If you would like to know which process is malicious, you can do so by searching it on Google. This way, if the process is malicious, you will know about it immediately and then you can deny the access.

The next software is ZoneAlarm. I didn’t use it because I already use the Comodo Firewall Pro. I don’t think you need two firewalls in one PC. Even though I didn’t use this software, it actually gets good reviews among the PC users.

In fact, in order for you to know if your firewall is reliable or not, you can download simple software that will test it. It’s called the Leaktest and don’t worry about this software because it’s not malicious and it’s safe. I used it previously to test mine and it passed.

Surprisingly, there are few firewalls out there that didn’t pass this LeakTest. So, test your firewall first after installing it to make sure it’s good enough to block any access into and going out your PC.

But, having the best firewall in the world is no use if you don’t know how to use it. So, learn more and apply it.

Jason C asked:


My father and I have just started a camera security business. We sell and install network cameras (IP) in people’s homes and business’. We also offer remote recording so people don’t have to worry about video storage. What are some other types of services that we could offer? Here is our site take a look if ya want! http://www.icukansas.com

Eamon Carlyle asked:




In the last 20 or 30 years, crime rates and different cities all over the US have shown a general trend of steady decline. This should not be taken complacently though as populations continue to increase.

Over the years, home security surveillance systems have gotten more sophisticated and common place. As prices of home security systems continue to decrease, more and more homeowners are able to afford it. Sometimes though, you won’t even need any electronic security devices if your home is built in such a way that it reduces opportunities for the common criminal. A consult with a home security specialist can help you with designing a home that will be proofed from breaking and entering.

With the help of local law enforcement or security consultants, take a look at your home and identify the vulnerable points where criminals may possibly hide out or enter. Once the weak points have been identified, the solution may be as simple as installing additional locks, trimming a few hedges or adopting a security conscious attitude.

There are plenty of commercially available home security surveillance systems that will go easy on your budget. Double locks and deadbolts for you doors and window locks remain as primary security features at very low prices. Surveillance video systems have become much cheaper to provide the ordinary homeowner with round the clock surveillance.

Because of credit cards, people are able to buy expensive valuables such as jewelry. Nowadays, having a safe place to store your valuables inside the house is a major concern. Metal safes that were once the exclusive necessity of businesses and the upper class are fast becoming a common addition to most houses. Various safes for different purposes are being manufactured to meet the demands of clients. There are even whole rooms that are made to be impenetrable from the outside. These panic rooms are also fire proofed to provide people with a safe haven in case their house catches fire. What is the cost for all of this? Installing a panic room costs just a wee bit more than remodeling a single room in your house.

Lighting is very important for a home’s security. This is especially true in the surroundings of the house where criminals usually hide before breaking in. Antiquated lighting systems were controlled by an automatic timer to switch the lights on or off depending on the time of day. Now, you can let your computer do the job of keeping your lights active.

Personal security is also an issue especially in places like the famous streets of New York where people are prone to mugging. Some people carry concealed firearms for defensive purposes. Still, this is illegal in some places which make tasers, sprays and other defensive devices as the common choice for securing your personal well-being out on the streets.

Whereas people in the 1980s started to live in relative isolation, this attitude is being reversed as studies have shown that an active, friendly community acts as a major deterrent against crime. This is even more evident in neighborhoods that have a watch system in place. The theory is if you know anyone and everyone in your neighborhood, the chances of spotting strangers becomes very high. Once a stranger is spotted, members of the neighborhood can keep tabs on the strangers as they pass through.

Finally, that ever faithful friend of men, is a very good way to burglar proof your home. Burglars would rather not take the chance of the dogs making noises that could lead to their detection.

lockergnome asked:

live.pirillo.com – Is it safe to use a wireless security camera in your house? Is it possible a burglar can use the signal to spy on you?

techsupportguy650 asked:

www.wirelessnetworkingworld.com A tip on how to lock down your wireless network to specific machines. Hope you find this helpful! Specs on me I’ve been in the tech support field for about 9yrs (helpdesk to now sys admin) and I’m just looking to share the knowledge and help folks out. I don’t know everything (some techs act otherwise…haha), but if there’s something you need help with, let me know. No question is too small or too big…but if it happens to be on the “big” side and I don’t …

Jeffrey Bennett asked:




Business security professionals make it a point to study their craft and learn ways to counter evolving threat. Business intelligence methods need to continue to keep up with technology to analyze and prevent the internal and external influences that can ruin the enterprise. The threats corporations face include: theft, vandalism, workplace violence, fraud, and computer attacks. Through a system of identification, analysis, risk assessment operation security and prevention, astute managers can mitigate risks.

Theft affects all. On average the median loss of theft of cash and non-cash assets is $223,000 (ACFE). The costs of theft are passed on to consumers to bear the cost of the loss. A simple way for companies in retail to get back from a bottom line loss is to pass the costs on by increasing the top line. Raising prices is a symptom of theft, but not a cure. It does nothing by itself to stop the activity other than punish the innocent.

Many companies have invested in security staff. This staff focuses efforts to identify and prevent theft. Many businesses have created “loss prevention” jobs. The whole career is oriented on identifying risky behavior, observing others, investigating theft, and finding methods of reducing risk. In retail, they may be secret shoppers; in transportation they may be monitoring cameras and patrolling as guards, or dressed in business suits advising in board rooms.

Information technology (IT) and lessons from business intelligence (BI) can be applied to detecting and preventing theft. For the internal threat, access can be controlled by badge or biometrics. Capabilities of these can limit access by employee, time of day, and certain days of the week. For example, employees that work in the warehouse can access their warehouse doors, but cannot gain entry to the supply department. Those who have janitorial privileges with their access cards can only do so during work hours and not when the business is closed.

Other IT help includes closed circuit television (CCTV). This is a great deterrent and detection device for both the internal and external threat. Current technologies allow the use of tilt/pan/zoom cameras that can record digital data for months. This data can be reviewed to see the habits and patterns of suspect customers and employees. All of this leaves a data trail that can be put into a data warehouse. Besides employee protection and assistance roles, this data can be mined to see patterns and recognize traits of potential perpetrators. For example, a supply bin in a warehouse may suffer shortage at each inventory. The installation of a CCTV device would provide digital feedback of whether or not supplies are being stolen and who is doing the stealing.

Sabotage and vandalism is a constant threat and can be categorized with workplace violence, criminal trespass activities, and industrial espionage or in conjunction with a theft. Though it is a rare, its costs are heavy and depending where in the supply chain the product is, the expense may fall on the company or the customer. Here supply chain is a generic term, but is used to identify an IT tool that provides and automated tracking of inventory and information along business practices. These practices can include campuses, apartments, retail, transportation, factories and other industries.

Security solutions to detect and prevent include monitoring the workplace and removing the internal threat, building security in depth to prevent the external threat, training employees on operation security, and employing loss prevention techniques. Other effective measures against vandalism and sabotage include volunteer forces, employee incentive programs and other organizations such as neighborhood watch programs. Industry, churches, community activity centers and schools have learned the value of relying on volunteers. Volunteers serve as force multiplies that report criminal activities like vandalism to the proper authorities.

Employee workplace violence makes huge headlines for a very good reason. It is shocking behavior with the most serious events resulting in multiple deaths. These incidents lead to law suits, low morale, a bad reputation for the company and leaves families and victims devastated. In 2003, workplace violence led to 631 deaths, the third leading cause of job related injury deaths (BLS).

This is acts of abuse physical or verbal that is taken out on employees, customers or other individuals at a place of business. For the purpose of this paper, the workplace is identified as a corporate building, warehouse, gas station, restaurant, school, taxi cab or other place where people engage in business.

Not all violence in the workplace end in death. They range from simple assault to much worse. What ever the level of crime, innocent people are attacked at the work place. In the corporate world this may be shocking. In other industries like law enforcement, retail sales and health care systems it is much different. These three have the most incidents. The US department of Justice conducted a study on workplace violence from 1993 to 1999. In this study they found that 1.7 million workers fell victim to many types of non-fatal crime. These crimes include, rape, assault, robbery, and sexual assault. These studies don’t always mean employee on employee violence, but include outsider on employee violence and vice versa (DETIS).

Concerning homicides at the workplace, it is very expensive. For the risk of sounding cold, the average mean cost of a work related homicide from 1992 to 2001 was a round $800,000. The total cost of homicides during those years was almost $6.5 billion (ASIS). These cold hard facts derived from the National Institute for Occupational Safety and Health (NIOSH) are what industry must deal with in creating their risk management plan. It is a tough but necessary evil that must be calculated.

When dealing with these facts and creating a mitigation plan, industry has to make choices to protect the workplace. The company has two obligations. The first includes the legal responsibility of the employer to protect and safeguard against preventable harm. This includes all those who work in or visit the workplace. The second responsibility is to handle incidents and investigations, discipline and other processes appropriately (ASIS). It is as important to respect the rights of all persons involved throughout the prevention and investigation processes.

All departments in the enterprise are involved in the prevention and detection. All can contribute to the design, construction, and use of the data warehouse necessary for executing this type of prevention and detection. Each part could maintain a data mart with senior managers mining from the entire warehouse. In this scenario, all team members would build the data base with discriminating features. Alone, these features would probably not mean much, but any behaviors or habits when combined, may identify an abuser.

The more serious discriminators would be identified and “non-hire” criteria. For example, one discriminator that would prevent a person from getting a job would be a history of violence. This would be identified in during the employee pre-employment screening phase. Another would be specific questions about performance during the interview that might indicate propensity for violence or not being able to work well with others.

By building these rules, all sources could contribute to the database to identify high risk people throughout the employment. Rules could be input that when breached, could help management make a determination of who might be a threat to harmony in the workplace. For example, HR can input results of pre-employment background checks, job interview records and disciplinary actions within the company. Managers could provide information from performance reviews about questionable comments. Employees could make anonymous tips about other employees concerning their behavior.

Employees’ may not be the threat. Nature of customers, friends and family members could provide risk to the work place. These criteria could be identified as well. Employees who have abusive partners or spouses and employees who perform in risky environments such as retail must be considered in the risk analysis and data warehouse input.

Some additional mitigating factors for employee workplace violence include traditional security methods. Additional lighting in darker areas, an armed guard, security cameras and panic alarms do wonders to give employees a peace of mind as well as help prevent violent behavior. Knowing security is in place deters the criminal element. These security measures could be linked in a network to provide feedback and evidence for use in analyzing and determining actions to prevent this behavior.

Occupational fraud describes the use of “one’s occupation for personal enrichment through the deliberate misuse of resources or assets” (ACFE). Whether an employee feels entitled to his fair share, is disgruntled or other reasons, this crime is costly. The median cost to business for this scheme is $159,000. Some reported fraud cases have cost upward of $1 billion (ACFE). Fraud accounts for approximately five percent of losses of their annual revenues or $652 billion in fraud losses.

This crime can be broken down into three categories: Asset misappropriation, corruption, and fraudulent statement. Examples of asset misappropriation include fraudulent invoicing, payroll fraud, and skimming revenue. Corruption can involve bribery and conduction business laced with undisclosed conflict of interest. Fraudulent statement covers booking fictitious sales and recording expenses in the wrong period (ACFE).

Fraud losses affect small business the greatest. For example, compared to the median loss of all businesses, small businesses suffer median losses of $190,000. Losses like these can devastate an unwitting company and fraud can continue for 18 months before being detected (ACFE). Whenever possible, business should focus on reducing both the mean cost of a fraud incident as well as the time it takes to reduce the fraud discovery timeline.

Out of all industries, fraud causes the highest median losses per scheme in whole sale trade, construction and manufacturing. Government and retail has the lowest losses per scheme (ACFE). These industries have a huge impact on costs of finished product. Wholesale trade, construction and manufacturing all wrap up the costs in the final product. Of course the costs aren’t recovered immediately. In construction and some manufacturing, the jobs are bid on and regardless of losses; the project must be completed at or below cost of bid. However, later bids may be higher as a result to gain back costs.

Believe it or not, the position of who commit fraud is directly related to the cost of the fraud. For example, the losses caused by owners or executives in a business are 13% higher than the losses caused by employees (ACFE). Managers may not be sticking product in their pockets and sneaking out the door. People in higher positions can be found falsifying travel reports, creating false accounts, diverting payment and other crimes. Some of this is evident as we continue to prosecute chief officers involved in huge schemes.

Fraud is difficult to detect and many schemes can continue for long periods of time before they are detected. Detection can be accidental, the result of a tip, an audit (internal, external or surprise), hotline or as referred to by law enforcement. Focus and discipline could be perceived as the best means to detect fraud. Paying attention to patterns, verifying paperwork and checking records is time consuming, but must be performed.

The most successful but less used method to detect fraud involves the input of employees. Training employees on fraud and awareness cuts down on the time span of a fraud as well as the overall cost. Training increases morale in many ways and creates a team like atmosphere. Business can gain from the proper training. Employees are a great resource in fraud prevention. There has been great success with using hotlines and anonymous reporting to detect and deter fraud (ACFE).

Information technology (IT) and lessons from business intelligence (BI) can be applied to detecting and preventing fraud. We have already mentioned that employee and hotline tips are most effective but business doesn’t take advantage of this. Computer links could be set up on corporate sites to allow employees to report fraud. Some methods could include survey, direct question and answer, or just a space for reporting.

The audit, hotlines and tips are effective after or during the commission of the lengthy fraud period. These are all reactionary events. What about being proactive? Many companies have the capability to automate almost everything. Time sheets, accounting, billing, production and supply chain records are often on a server. Most require supervisor approval or at the very least have the capability of real time monitoring. This information can be integrated into a company version of a data warehouse and be manipulated according to the input rules. Specific habits of employees can be pulled to look for and address financial inconsistencies.

As mentioned earlier, businesses have employed access control measures such as card scanners, code readers and biometrics. They leave a trail of employee activity and regardless of position all are required to enter information to gain entry. Computer keyboard activity can be limited by password protection and all media should go through the security department before introduction or removal. All of this leaves a data trail that can be put into a data warehouse. Besides employee protection and assistance roles, this data can be mined to see patterns and recognize traits of potential perpetrators.

Finally, computer attacks are a huge risk to all businesses. The threat of hackers, malicious viruses, and those who hijack websites and hold financial transactions for ransom are just a few serious events of which the security manager must the aware. Data can be destroyed, reputations can be ruined, and lives can be stolen. These attacks can cripple an enterprise and could take months or years to recover. Businesses need to have IT tools to detect and combat this type of threat as soon as possible. Identity protection and other computer related incidents requires the same type of protection afforded to an employee as in the section about employee workplace violence.

Worms and viruses are quickly destroying years of input. These threats appear innocently enough in the beginning and when the right time comes, they activate. They recreate themselves, and spread through out networks and stand alone systems. Hackers continually knock at the internet portal trying to learn passwords and the inner most secrets of protect to exploit for espionage, theft or horrible fun. Hijackers enter a system and threaten to cripple financial transactions until payment is made; extortion in high-tech form.

Unprotected systems perpetuate all the above threats. Businesses that get involved either innocently as naive contributors or as the hapless victims suffer greatly financially and productively. There is another cost that could take longer to recover from. This is the of their valuable reputations with their customers. A technically illiterate or unprotected business has no excuse when dealing with customers or partners. Embarrassing things happen when a virus or cyber trail leads to a witless company. Industry cannot take the risk.

There are many existing security methods available to help companies take the offense against such attack. As the in the above examples, this effort takes the coordination, input and involvement of all business units and departments in the organization. This cannot be given to the security department alone to handle, however such actions should be accountable to one department.

There are new positions created called Chief Security Officer (CSO) and Chief Information Officer (CIO). The hot new topic for these positions is convergence. Convergence is the alignment of physical and information security under the same department. According to CSO Magazine, this should be run by one point of contact being the CSO. This can align physical security, information security, compliance and privacy under one function. This enables the security executive to address Insurance Portability and Accountability Act and Sarbanes-Oxley with focus and intent (CSO Online).

Other aggressive measures that can be taken are password protection, rules on internet use, firewalls and internet access blocking. These can be regulated with the convergence concept. Software already exists to help generate and protect passwords on network and stand alone systems. These help ensure not only that authorized users are accessing the systems, but they also provide a basis for auditing systems. This is vital to protect a company from the threat of social engineering. Information technology can track who used which system to access which information. The user leaves an automatic automated electronic trail.

Companies need a firewall to protect information from both leaving and entering the enterprise system. These firewalls help prevent hacking, high jacking and malicious viruses. The firewall needs to be updated regularly with updates. Most importantly, the CSO or CIO should be checking and running analysis identifying the threat. This analysis of threat and defenses can be conducted the same way as military strategy.

This identification should track where the threat is coming from, how often the defenses are probed, what the threat using to probe the defenses is, and what times of day are the threats the strongest. For operations security, the chief should look at what makes their business so tempting to the threat.

When a chief information or security officer analyses his own operation, they should be trying to identify strengths and weaknesses that the adversary is trying to exploit. When is the IT asset most vulnerable? Are our passwords easy to break? How much intrusion would it take to stop our operations? Are just a few questions that must be analyzed along with external threat analysis.

Internet discipline is also vital. An enemy doesn’t have to break down your defenses to wreak havoc. Just like old vampire lore, all you have to do is invite them in. When employees visit unauthorized websites, download unauthorized software, transfer data from a home computer or forward corrupted email, they can cause just as much harm. Blocking websites, allowing only IT personnel to upload software, and screening all mobile media or preventing all media such as CDs and other portable storage devices is crucial to protecting the enterprise.

As mentioned in other paragraphs, protecting your company with security in depth will solve many problems. This security in depth includes previously mentioned biometric or card reader access devices, alarms and CCTV cameras. These are available IT devices that are popular and effective at monitoring employee movement and activity. The chief can also store vital risk assessment detail in a data warehouse to better analyze events and proactively mitigate risks before damage occurs.

As mentioned throughout this paper, somebody needs to take charge of organizing a multiple business unit task force to protect the company. Traditional methods of segmenting units and having them work in a vacuum do not produce effective results. When the IT department handles all internet activity, human resources execute the laying off offenders, finance department handle all payroll discrepancies and accounting performs all audits, the result is a broken chain of incomplete activity.

The willing participation and information sharing is better handled in the form of a committee. Each respective department can do their day to day activities, but results can be presented to the entire group to help detect and determine any one of the threats addressed in this paper.

We began with the news reports of businesses needing to protect their personnel and the assets. We showed examples from the headlines of people coming to places of business to conduct senseless acts of terrorism and violence and the need for having a corporate culture or environment to address the different types of threats. This culture involves quickly evolving the role of security to become the protector of personnel, facilities and product. This evolution will enable them to use IT as a tool to help detect and deter risks to the enterprise.

Having said that, we can conclude that security professionals need to continue to make it a point to study their craft and learn ways to counter evolving threat. Business intelligence methods need to continue to keep up with technology to analyze and prevent the internal and external influences that can ruin the enterprise. The threats corporations face include: theft, vandalism, workplace violence, fraud, and computer attacks. We have reviewed the roles of security to converge traditional physical protection with the capabilities of IT systems. The IT can provide a great tool to enterprise as a system of identification, analysis, risk assessment operation security and prevention, astute managers can mitigate risks.

Works Cited:

ACFE. 2006 ACFE Report To The Nation On Occupational Fraud & Abuse, Association of Certified Fraud Examiners, Austin, TX, 2006

American Society of Industrial Security, Workplace Violence Prevention and Response, ASIS International, 2005

Detis. Violence in the workplace, 1993-1999. NCJ 190076. December 2001

Berinato, Scott; Carr, Kathleen; Datz, Todd; Kaplan, Simone and Scalet, Sarah. CSO Fundamentals: ABCs of Physical and IT Security Convergence. CSO Magazine. http://www.csoonline.com/fundamentals/abc_convergence.html

Cummings, Maeve; Haag, Stephen; Phillips, Amy, Management Information Systems for the Information Age. McGraw-Hill. New York, NY 2007

DeFreeze asked:


I’m currently running Windows Vista home premium, which I assume has a firewall of its own, although I’m not sure how good it is. I’m also running Trend Micro Anti Virus and Webroot Spy Sweeper.

lockergnome asked:

live.pirillo.com – Comcast has announced its new surveillance policy. Their storage practices regarding customer information closely follows the letter of the law. Anything you do online can be tracked by your internet provider, as mandated by law enforcement officials.