Binary Code
Computers and other electronic devices store information as Binary Code (which is a series of 1s and 0s that might look like this: 10101001 01101100 11001010).
Network Topology Map
A Network Topology Map is a diagram of a computer network's components, including network access points and connections between its various parts.
Fake Anti-Virus Software
Fake Anti-Virus Software - also known as 'scareware' - is designed to trick you into buying worthless anti-virus protection that you do not need.
Domain Name System
The Domain Name System (DNS) is like the ‘telephone book’ of the Web – it translates a website's name into its corresponding numerical IP address on the Internet.
Social Engineering
A Phishing e-mail is an attempt to trick the recipient into giving up information, such as account, credit card or password information.
Data Encryption
Data Encryption is the intentional scrambling of information into unreadable form - until it is later converted back into its original form by the intended recipient.
Botnet, or Compromised Computers
A Botnet is a collection of computers compromised by a malware attack that can be controlled remotely (via the Internet) to attack websites, send out spam emails, etc.
Distributed Denial of Service Attack
A Distributed Denial of Service (DDoS) Attack can use a botnet to force a website, network or other resource to shut down by overloading it with requests for data.
USB Flash Drive
A USB Flash Drive, aka a 'stick drive' or 'thumb drive' is a portable data storage device which connects to a computer's USB port to send and receive data.
Electronic vs. Static Media
Static Media is something like a book, magazine or printed photo, while Electronic or Digital Media (websites, digital photos, etc.) requires power to be viewed.
Administrative Access
A user with Administrative Rights has unrestricted power to create, modify or delete files, folders, settings and programs on a particular computer.
Computer Security Tip of the Week
Scott Aurnou – Logging in and out of your various online accounts over and over again can be a little annoying. And, besides, it’s your own stuff, so what’s the big deal? Well, what if you put down or step away from your computer, smartphone or tablet (or it gets lost or stolen) while all of those accounts are open…?
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.
By Gilad Parann-Nissany
The Health Insurance Portability and Accountability Act (HIPAA) has been around for many years with the main purpose of governing the use and disclosure of individuals’ health information. The recent dramatic trend of healthcare-driven companies to migrate to cloud computing requires a cloud-specific security approach for HIPAA and the cloud. In this article, I will touch on some of the major HIPAA requirements as they relate to the cloud, and will highlight points to consider when securing patient data in the cloud.
HIPAA cloud requirement #1: Access control
According to HIPAA, a covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information – this is highly relevant for HIPAA and the cloud. Once operating within the cloud, healthcare data can be potentially accessed from within the cloud by a snooping employee (one of many examples of possible breaches). To adhere to this requirement in cloud environments, address the following points:
A. Automate:
Make sure your cloud key management system [which manages the cryptographic keys in an encryption system] can be automated so that administrators cannot access or see key values used for encrypting healthcare data.
Read more ›
Computer Security Tip of the Week
Scott Aurnou – Help desk personnel are there to iron out a variety of problems and keep business operations running smoothly. As the name implies, they are there to help – a trait that hackers are more than happy to use against them to gain access and steal or sabotage your company’s sensitive data.
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel (and subscribe if you like).
By Scott Aurnou
Over the past few months, a steady stream of information regarding NSA surveillance practices obtained from former agency contractor Edward Snowden has been released through the media. While these leaks have revealed a surprisingly pervasive monitoring apparatus covering everything from apparent deals for access to data held by well-known technical companies to mass harvesting of telephone call records, the real shock came on September 5th: in effect the agency has compromised much of the fundamental encryption underlying the Internet itself, as well as a number of commercial software products thought to be secure.
This article will cover what happened, how it happened, what the effects are and what steps you can take to try and keep your private information secure from prying eyes.
The basics. The New York Times, The Guardian and ProPublica co-authored a report revealing that the National Security Agency can decrypt most of the electronic traffic on the Internet, likely including data protected via the Secure Sockets Layer (the encrypted protocol that oversees the connection between your browser and the websites it displays) and many supposedly secure virtual private networks (aka VPNs).
Read more ›
Computer Security Tip of the Week
Scott Aurnou – If you own or run a website – no matter how large or small – hackers are trying to break in. This video includes a few basic tips to keep your site safer and where to go if it does get hacked.
Websites referenced in this video include:
Use Strong Passwords to Protect Your Business from Hackers
StopBadware
Google – Webmasters help for hacked sites
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel (and subscribe if you like).
