| Although they are often well-hidden, botnets represent a significant online threat. Most users are unaware that their computers are being compromised to forward transmissions of sensitive data. This article defines a botnet and explores some of the purposes for setting up a botnet. It then takes a look at some botnet detection techniques and anti-botnet solutions. What is a Botnet?
A botnet (from “robot network”) refers to a group of computers that run an application that is controlled and manipulated by the source or owner only. While the term “botnet” generally refers to computers, or software agents, running malicious software (malware; robot [...] Internet cookies are at the center of various privacy protection concerns for a number of reasons, including persistent tracking. Persistent data tracking capabilities of new types of cookies have been met with various consumer protection and anonymity solutions. Discussed in this article is the recent development, Nevercookie, a new tool developed by the company Anonymizer, Inc. Cookies that never go away…
Evercookie refers to a javascript API, which produces persistent browser cookies. Evercookie was developed by Samy Kamkar, through already existing techniques, with the goal of raising user awareness about online tracking methods. It currently remains as an opensource project for anyone [...] Privacy risks are inherent to browsing and interacting online. The recently developed tool, Firesheep, draws attention to user vulnerabilities in web sessions. This article discusses some threats of HTTP session hijacking, as well as potential methods of reducing such threats. HTTP Session Hijacking
Typically, users logging into a web site are requested to submit their user name and password. The server then verifies this information with a matching account. Once verified, the server sends back a cookie that is used by the user’s browser for subsequent requests. This initial login process is normally protected through encryption, however, the rest of the HTTP [...] There are numerous technological tools and resources that can help individuals preserve their online privacy. Some tools ensure that email communications are confidential, some allow users to browse webpages securely and others still ensure that files are encrypted before they are transferred between two computers. This article will explore some tools that a user might rely on to protect their online [...] Cryptography refers to the science of rendering information unrecognizable and thus useless to those without proper authorization. This field includes mathematics, computer science and engineering. While cryptography was initially applied to protect message confidentiality, it has grown to include issues such as privacy concerns, data integrity, identity authentication, secure computing and more. This article introduces the field of cryptography, defines the basic concepts of encryption and decryption and discusses related concepts. It also explores current uses of cryptography in the information security [...] Access controls determine the authorized activities of legitimate users, while mediating users’ access to system resources. Access controls ensure that data are being used by the appropriate people in the correct roles in particular contexts. For instance, IT infrastructures employ access control systems at a number of levels. Operating systems also rely on access controls to protect directories or files. As a result of regulatory compliance, there has been a noticeable push for controls in the IT industry. This article looks at basic concepts around access [...] Risk management plays a crucial role in helping organizations protect and secure their information assets. Effective risk management programs are a significant component of any IT security program. This article will discuss the role of risk management, including the identification, assessment, prioritization and diffusion of risks. Risks, Threats & Vulnerabilities Risk is often confused with other related terms and concepts. The lines between risks, threats and vulnerabilities are sometimes confused. Further, the terms “risk assessment” and “vulnerability assessment” are frequently used interchangeably, though they have very different applications. The term “risk” is defined as the impact that could result from vulnerability, or the [...] The CIA triad is a well-known model in information security development. It is applied in various situations to identify problems or weaknesses and to establish security solutions. It is an industry standard that information systems professionals should be familiar with. What is the CIA Triad? The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. In order to avoid confusion, the CIA triad is sometimes referred to as the AIC triad, or PAIN, which stands for privacy, availability/authentication, integrity and non-repudiation. The three components [...] In recent years, RFID (radio frequency identification) has caught the attention of privacy watchdogs, civil organizations and the general public. Its ability to identify and track items as well as individuals raises a number of privacy and security concerns, while the potential for integration into numerous contexts has increased with the development of technology. Discussion and integration of RFID in the workplace, retail situations and other environments should be informed by a number of privacy-respecting practices that will be explored in this [...] The ISO (International Organization for Standards) publishes international standards for the private sector. The ISO 27000 standards series refers to information security matters. Since October 2005, the ISO has published six of these standards, with controls ranging from managing security systems to problem solving methodology to [...] | |
