Internet Security Whitepapers

Understanding Computer Viruses

Internet Security Whitepapers Viruses and Worms

Computer viruses are real—and they're costly. Springing up seemingly from nowhere, spreading like wildfire, computer viruses attack computer systems large and small, damaging files and rendering computers and networks unusable. They proliferate through e-mail, Internet file downloads, and shared diskettes. And they don’t play favorites; your home computer is just as likely as a Fortune 500 company’s network to experience an infection.

Understanding RFID Challenges and Risks

Internet Security Whitepapers RFID Hacking

Radio Frequency Identification (RFID) presents both an opportunity and a challenge in the face of these vast changes. Significant developments have brought new focus to RFID adoption and commercialization. Key market drivers include usage mandates, improving cost economics, demonstrated adoption benefits, technological advances and standards development. However, most wholesaler-distributors have not yet made RFID adoption a priority in their businesses.

Understanding Tuning TCP

Internet Security Whitepapers Evading IDS Firewall and Honeypot

This BluePrints article describes some of key Transport Control Protocol (TCP) tunable parameters related to performance tuning. More importantly it describes how these tunables work, how they interact with each other, and how they impact network traffic when they are modified. Applications often recommend TCP settings for tunable parameters, but offer few details on the meaning of the parameters and adverse effects that might result from the recommended settings. This article is intended as a guide to understanding those recommendations. This article is intended for network architects and administrators who have an intermediate knowledge of networking and TCP.

Unicornscan Documentation Getting Started

Internet Security Whitepapers Enumeration

Unicornscan can be installed from a package for your distribution. This guide is intended for those wishing to manually compile unicornscan for their specific needs. Use the table of contents to skip directly sections that seem relevant to you. This guide describes how to install unicornscan on most POSIX platforms.

USB CopyNotify

Internet Security Whitepapers Hacking USB Devices

USB CopyNotify! is a security software that notifies a user when a USB Drive / Memory Stick, USB Pen Drive etc. is used on any computer on the network. As soon as there is any USB activity, the software detects this activity and notifies the user of the same immediately.

USB Sticks with the U3 Feature Threaten the Security of Workstations

Internet Security Whitepapers Hacking USB Devices

USB memory sticks can be found almost everywhere. Today, they can be seen as the replacement for floppydisks, ZIP-drives and all that kind of media. Nearly unnoticed, many of todays memory sticks contain the two characters "U3" in a symbol on the backside. Where is the difference to the old fashioned USB sticks? Do they bear any risks?

User's Guide - Truecrypt Free Open-Source On-The-Fly Encryption

Internet Security Whitepapers Cryptography

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Until decrypted, a TrueCrypt volume appears to be nothing more than a series of random numbers. Entire file system is encrypted (i.e., file names, folder names, contents of every file, and free space). TrueCrypt never writes decrypted data to any storage device (it only temporarily writes data being decrypted to RAM).

Using the Internet for Research: Advanced Google Searching

Internet Security Whitepapers Google Hacking

A click of the Advanced Search link takes you to Google's Advanced Search page. Here you can use fill-in boxes and a series of drop-down options to expand or limit your searches. For example, you can use the Domain box to restrict your search to a specific site or to exclude a site from the search results. Using the Page Specific search you can find all pages which link to a particular page. You don't need to visit the Advanced Search page to use these features. Most of them are accessible by using keywords in the main Google search box coupled with your search terms.

Virtual Private Network (VPN)

Internet Security Whitepapers Evading IDS Firewall and Honeypot

Virtual Private Network (VPN) service is scalable and inexpensive solution that provides secure connectivity between corporate and branch offices. In addition, remote access capability of VPNs can be used to provide secure access to corporate resources for mobile employees and tele-commuters. VPNs use shared infrastructure such as Internet and provides data security to the traffic flowing between the corporate office and branch offices, partners and employees. VPN addresses security issues by peer authentication, access control, per-packet authentication and data integrity, and by encrypting the traffic. IPSEC protocols are defined by IETF and conforming solutions are interoperable.

Vulnerability Assessment: The Right Tools to Protect Your Critical Data

Internet Security Whitepapers Hacking Database Servers

Over the last several years, Vulnerability Assessment (VA) has become one of the hottest fields within the computer security market. VA tools are designed to detect and report on security holes within various software applications, allowing organizations to take corrective actions before a devastating attack occurs. Due to the reduction in “time to exploit” once a new vulnerability reaches the public domain, and the regulatory pressures imposed on businesses within a variety of verticals, the need for reliable vulnerability assessment has never been greater. Unfortunately, the environment in which software applications are developed today is largely driven by schedule and features, rather then stability or security. This situation has led to corporate networking being ripe with vulnerabilities there for the picking, and the software vendors are doing very little to remedy the situation. Risks to corporate applications are further exacerbated by overburdened and understaffed IT departments.