Countering Credit Card Fraud With a Cool Head and Common Sense

In March 2008, Maine-based supermarket chain Hannaford Bros. admitted that credit and debit card numbers were stolen from its systems during the authorization transmissions. In what the Massachusetts Bankers Association (MBA) called a "large retail data security breach," over 4 million credit and debit card numbers may have been taken. By the beginning of April, nearly 2,000 instances of fraud had been reported as a result of the breach.

"We sincerely regret this intrusion into our systems," Hannaford Bros. President and CEO Ronald Hodge said at the time, "which we believe are among the strongest in the industry." In a "customer Q&A" document posted on its website, the company insisted that its security measures were "above and beyond" industry standards.

For its part, the MBA released a statement assuring New England consumers "that this was not a problem caused by banks."

The security went "above and beyond." The banks were not at fault. So who, then, is responsible for protecting the customers' credit card information? And what exactly were these standards that Hannaford Bros. went "above and beyond"?

You are responsible, period

It's simple: If your firm handles a customer's credit card transaction, you are responsible for protecting the information. The standards to which Hannaford CEO Hodge was referring are embodied in the Payment Card Industry Data Security Standard (PCI DSS).

For small and medium-size businesses (SMBs), compliance costs are proportionately higher than for Fortune 500 firms, and "regulatory burden" is a familiar (and unpopular) concept. However, as a comprehensive standard designed to help businesses proactively protect consumers, the PCI DSS is a good investment. With over $3 trillion in credit card purchases in 2007, there is a lot of protecting to do.

Like other payment processing companies, SecureNet Payment Systems and Sage Payment Solutions both have very "safe" sounding programs, Credit Card Vault and Sage Vault, respectively. The programs allow you to store credit card, electronic check and other sensitive data in a secure, reliable, PCI-compliant environment without having to store this data on your local servers. The technology can be seamlessly integrated into your current applications. But the real solution involves "low-tech," too.

First line of defense: awareness

In this web-wild, computerized world, it is easy to fall into the trap of thinking that all the thieves' tools are high-tech, as are the precautions and defenses. Not so, according to Ricardo Harvin, website development manager for the U.S. Chamber of Commerce. "Despite the real threat of theft by outsiders," he writes in Uschambermagazine.com, "in most cases when company information is stolen, it involved either someone working for the victimized company or a nonemployee who has access [to] that data."

Protecting your customers and their credit card data is a multifaceted endeavor. Depending on the nature of your business, it can include analysis of Web assets, database design and administration, network access control and more. It may seem a daunting task, but you will go a long way toward safeguarding your customers and your business by

• cultivating a company environment of alertness and care;
• having strict, enforced policies for card processing;
• storing only the data you need, only for as long as you need it, and offsite if possible;
• providing access to customer data only as required to transact business; and
• maintaining both high- and low-tech security measures.

It is a combination of technology and common sense that will help your business avoid fraudulent transactions. The role of merchant today is more complicated, certainly, but you are not alone in this challenge. Small-business associations and industry trade groups can be a great source of information about what is working for other businesses like yours. And there is one more underutilized tool: pressure tactics.

MasterCard is now publishing the interchange tables, the byzantine formulas and rate structures that set merchant processing costs. According to a study by Amy Dawson and Carl Hugener of Diamond Management & Technology Consultants*, "Once transparency comes to credit card pricing models ... merchants will use the information to force an unbundling of interchange fee structures. The interchange structure as we know it will disappear." (Report is titled, "A New Business Model for Card Payments.")

SMBs can use their aggregate strength to force some overdue revisions of the pricing structure of credit card processing. Once a candid, open negotiation on these matters can commence, savings in this area can be redirected to creating ever safer systems, onsite and off, for the protection of your customer's credit card accounts.

This article provided by Scott McQuarrie who has devoted a lifetime to developing his world-class expertise in electronic security, video surveillance and the myriad technologies involved in both fields. His firm has its major web presence at Video Surveillance Systems, although he maintains several other security related websites.

Scott has a comprehensive knowledge of the design and installation of large commercial video surveillance, alarm and card access systems, which made him a top professional at Honeywell. Among his numerous accomplishments, then and since, are the complete system design and project management for various universities, prisons, airports and corporations. Top clients have included Lockheed, L3, ATK and 3M.

In 1990 Scott founded his first security company, going on to build several security-related firms into regional and national powerhouses over the years. In 2000 he turned his focus to the Internet, which opened up a national and international market for his talents. Scott has other security related websites, including Security-Guy.com, which you can visit for more information.

Working Proxies and Why Free Proxies Break

If you want to obscure your identity and IP address from a particular web site you visit, then you'll need to find some reliable working proxies. there are lots of reasons people use proxies they are surprisingly useful servers and have all sorts of cool uses.

The main difficulty with free working proxies is because generally the administrators of these servers don't even know their server is being used as proxy server. Often these boxes are just misconfigured internet facing servers which have been left open by mistake. It doesn't take long for people to find them and they start getting added to the endless lists of free anonymous proxies on the internet.

It doesn't usually take long before they are completely overwhelmed with surfers bouncing off these proxies and browsing via them becomes a painfully slow process until they either fall over or an embarrassed systems admin realises his mistake. But never fear there will always be a new batch of proxies along very soon.

Whatever your use for using a proxy server, whether you want to bypass your work or schools proxy to access restricted sites or just you believe in privacy and freedom of speech. You should be extremely careful what you use these servers for - many, many free anonymous proxies are set up for the purposes of identity theft and stealing data. When you use a proxy all your web browsing goes through that single point first and as most html traffic is in clear text then obviously identity thieves, hackers and all sorts of spyware is usually found or installed on them.

Unless you know all about who runs a particular free proxy server, then never, ever use it to pass any sort of personal or private information. Personally I would never go near a free anonymous proxy partly because I know exactly the sort of people who target these servers to steal information.

If your goal of protecting your identity and privacy on the internet then a free anonymous proxy is about the worst thing you could use. Sure it will likely block your IP address from the web server you are visiting (if it's configured correctly) but all your data is in the clear before that point and your ISP has a complete list of every server you are visiting anyway (unless you use end-to-end encryption). That's before you include the distinct possibility of Mr Identity Thief sitting on that proxy server with a sniffer capturing every single piece of data both ways!

Free anonymous proxies are extremely costly to run and less face it you never get anything for free. If you want real privacy, real anonymity and to surf at super fast speeds you are either going to have to seduce a systems admin at your local University or use a paid service.

The good news is that it doesn't cost too much if you pick a professional product.

If you want to read about some of my thoughts on using anonymous proxies and how you can surf without being spied on, try the link below. You can also download an exclusive demo version of the most secure way of surfing the internet currently available.

Secure Proxy Surfing

Online Scams and Their Prevention

An Internet scam or online scam is a fraudulent or deceiving business scheme. It is very rampant nowadays. Be careful when using the internet. Do not be vulnerable to such cunning schemes. Be informed.

Here are some of the more popular internet scams:
Nigerian Scam or the 419
This scam came from a Nigerian family. It was first known as "The Spanish Prisoner" in 1920s.

The Nigerian Scam tricks victims to do business with them, with promise of high returns. It operates by first sending out a proposal letter, luring readers of a very lucrative business. You will then be asked to pay a certain amount as investment to them. But you will never receive the money they promised.

Advanced payment for guaranteed loan or credits
In this kind of deception, the victim is asked a certain fee in advance in return for guaranteed loan. Careful not to fall for such tricks. There are no upfront fees when applying for loans. Besides, why would a stranger entrust you with a credit? It is better to turn to well-known and accredited loan institutions.

Lottery Scam
Lottery scams usually come in emails. They will say you won millions in a random lottery draw. Before you can claim your prize, you will have to pay certain processing fees. You will never get the prize after your payment.

Think carefully before falling in the trap. Did you ever join any lottery contest in the first place? Why do you have to pay certain fees before being able to claim your prize?

Overpayment Scams for Items on Sale
These scams often happen during online purchases. As a seller, someone will contact you to offer selling your goods at a premium. He will ask you to send him your product plus the premium price (his selling price less your selling price). The money order he will send you is fake.

Employment Scams
These scams frequently happen during online job applications. In the application process, you are required to give some of your important personal details. The scammers can track you down in your house to rob you, or withdraw all your money from your bank. Always check the background of the company, especially if online. Your carelessness may not just lose you money, but also cost the life of your loved ones.

These are just some of the popular online scams. Day by day, the scammers will always find new ways to trick the ignorant and misinformed. It always pays to know. Be wise and smart in your online dealings.

Here are suggested ways to prevent being scammed:

• think twice if advanced payment is asked of you before joining
• avoid Ponzi schemes
• avoid pyramid schemes
• study how the deposit system works
• Use an escrow service as much as possible

For more information on Criminal Lawyers and Email Spam and Phishing please visit our website.

Spotting a Scam Before it Hits You

If you are going to go through life oblivious of the dangers of scams, then more than likely you are going to be a target. Spotting a scam can be the best way to ovoid falling into a nasty financial trap where you are the one snared and have no way of protecting yourself. There are very few measures that the police can offer other than being very cautious and never letting your guard down when dealing with the Internet. If you happen to use the web a great deal, it is a good idea to be protected from the possibility of a scam that could end up costing you a great deal of money.

What have I Done To Deserve This?

When you are being offered something for nothing, this is something that generally raises eyebrows. When spotting a scam, you need to be aware of the scammer that makes it look like you have done something to warrant them offering you something for nothing. This is without question a scam, and you should always question when someone you do not know is trying to give you something. While it is nice to believe that there are good people in the world still, not paying attention to the possibility that someone wants to rip you off is practically an invitation. Stay alert and pay close attention to people that approach you, and offer you a deal that is too good to be true. There are more people like this on the Internet than you could ever imagine, and the people that are not paying attention meet these people in the worst of ways.

Email And Messenger Scams

Spotting a scam today really does not take a great deal of education or experience, all you need to do is stay diligent in your conviction that someone that you do not know is not just going to help you get rich or make money. Anyone that is trying to pressure you to sign on to something that you are not familiar with could in fact be trying to target you for a scam. Most of these scams are run through email, or the various messenger services that you can find on the web today. An anonymous contact will always try to gain trust in you prior to you getting attacked, so it is always a good idea to stay with what you know and avoid strangers.

A Proven Hunting Ground

When you are trying to avoid trouble by spotting a scam, you will need to keep in mind that if you surf the web you are in fact in a proven hunting ground for scammers. This is the best place possible for a scammer to find a target, and more people each year fall victim to Internet scammers than any other scammer form combined. This is because the Internet is an endless source of information and avenues for communication. Where you find people using this tool as a source of information gathering and entertainment, you will find someone that wants to take advantage of you.

Jerry Turner writes articles about online money making and home business opportunities for the Make Money Online Idea website at http://www.makemoneyonlineidea.com

Yes, What You Write on the Web Can Hurt You

It sounds like something on a talk show or in a Ripley's Believe it or Not article. However, the case of Kent Haluska and Marina Solo has a lesson that all real estate professionals can learn from.

Recently, Kent Haluska, a Realtor from Wisconsin, was convicted of criminal defamation and sentenced to 18 months probation, a 1 year ban on practicing as a Realtor and ordered to pay a $1838 fine.

Authorities have alleged that Haluska had targeted another Realtor, Marina Solo, with comments on ActiveRain.com such as "Russians don't shave their legs or armpits. Therefore, M.S. is very hairy."

While obviously a laugh-a-minute for Mr. Haluska, Ms. Solo was not as impressed with his wit. Neither was the law, as police managed to track Haluska via his IP address and arrested him in his home on May 20, 2008.

Haluska was also accused of using the identities of other agents to post his comments about Ms. Solo and sending letters to her clients, claiming that by employing her as their Realtor, they were funding Russian terrorism.

Aside from the fact that this illustrates that Haluska has some issues that definitely need to be addressed ASAP, this also makes a powerful statement about what we Realtors blog about and how we treat others.

The Internet, while it physically separates people from each other when they are engaged in communication, does not separate one from the law. Threats and insults on the Internet are starting to carry as much weight as those that are hand written or spray painted or shouted across a crowded room.

What Haluska was accused of doing is not something that most Realtors are going to have the time and inclination to do. However, we can all take note of how we address those people whom we personally dislike or professionally disagree with. It takes only a moment to reread one's post and only a few minutes to walk away from it and come back to peruse it, looking for things that not only expose one to ridicule, can also expose one to legal action.

The Internet gives many people a false sense of security. However, unless one is an Internet whiz and has the power to leap firewalls in a single bound, there always is a trail that is left. Make sure that it's a trail that you want to have leading back to your keyboard.

For great information on the Atlanta real estate market and for incredible East Atlanta real estate listings, and to browse homes and properties for sale, visit RealSourceBrokers.com. This site is easily the most developed and useful Intown Atlanta real estate resource online.

4 Computer Crimes That Could Destroy Your Online Marketing Business

Identity Theft:
This is the most notorious crime that could bring a load of problems on an Internet marketer's head. Identity theft occurs when customers' personal information, which includes their addresses, passport information, banking details, credit card information are leaked on to the Internet. This leakage could happen as a result of some hackers prying into a legitimate online shopping site and stealing these pieces of information. Millions of dollars are lost yearly due to this crime. This malaise has affected many online shoppers

Illegal Downloading:
Whether you are offering services or selling certain products online, sometime an illegitimate user using very powerful software can download your products without the due payment. Users who shouldn't have had an access to them have regularly downloaded thousands of music files, movies, e-books and other products. Online marketers are hugely affected by this crime, which is increasing at alarming rate around the world.

Scams:
Scams are hard to detect nowadays, because most scammers pretend they are doing a right business and lure customers to buy goods and services on their sites, but which they would never deliver. Even some scammers have filtered into well-known shopping sites and deceive gullible buyers from parting with their money but shy away from delivering the products they had purchased. There have been tales of woes on auction and trading sites recently about scams.

Creation and Distribution Of Viruses:
The rate at which viruses are being created and distributed is high nowadays. Some viruses are quite destructive that they could destroy your computers or incapacitate other software installed on your computers. Annoying spy ware could make your pc slow. If care is not taken, you could lose some vital documents in your computer if attacked by some virulent viruses.

Internet Identity Theft - Wireless Network Security Issues

Seems that everything's going wireless these days and though it may be super convenient, it also brings up some issues about safety and security of your personal information. So we will be discussing some issues concerning wireless network security.

Since many of us may be coming online to do some business or to accomplish our shopping tasks, it is crucial to understand that there are security risks to using just any available wireless network.

Be aware of wireless network security issues including the risk that hackers could potentially break into that wireless network and get the information that can allow your identity to be stolen or allows the thieves to drain all of the money from your accounts. That is why it is so important for you to give some serious thoughts to wireless network security if you are often faced with using this type of technology.

Facts are that most home systems have build in wireless network security that is reliable and this should give you peace of mind. These systems are made so that no one can access them unless they have a specific access code.

If you have a wireless system, then you may notice that your computer can offer up many different signal choices when you go to connect your computer to the Internet. You will also notice that some of them are secure (requiring a password), and some of them are not.

You may be able to hook up to the unsecured ones, but unless you have access to a password you should not be able to access the secured ones. This is because their wireless network security is in place and working properly.

Nowadays, laptops make it very easy for anyone to get online in certain public places but heed the warning that always comes along with this!

During these times is when you should be considering your wireless network security. Most nice hotels and coffee houses among other places, offer free wireless Internet. However, there is very little security when you use these types of services.

For the sake of wireless network security, you should never use this type of access for important things like personal banking or shopping using Paypal or your credit cards. Thieves could very easily get into your accounts this way because you have made it extremely easy for them to see your personal information.

If you are in a hotel using their wireless Internet, and you find that you really must to do some personal banking, then ask the hotel if they have a business center that has a secure connection for this. Never disregard the importance of seeking wireless network security even in the safest looking places!

Also, remember that even though you may have found something that works for you and is convenient in a public business center, you have to be aware that someone will be coming along after you have long gone to use that same computer. So be sure to sign out of everything, and clear the cookies and history before you leave any public computer.

Even though wireless network security is risky, leaving behind clues on any secure connection shared with others can be risky as well.

Always use caution with any type of connection, even if it is one that comes from your home. Although, this is a much bigger worry in urban areas, remember that identity theft can happen in small cities or towns as well.

About The Author: Ana Hernandez DO is a practicing physician and self proclaimed marketing enthusiast. Her website at http://www.netrageouz.net is the portal to her delicious recipes for creating killer online marketing campaigns. Her online course, "NETfabulous! Marketing ECourse" is jam packed with tips n' techniques for both newbie and seasoned marketers alike. Subscribe for FREE by sending a blank email to NETfabulous.Marketing@gmail.com or at http://www.netrageouz.net

Keep Safe From a MSN Messenger Virus

Viruses spreading through messengers and IM clients are very popular as it has the potential to create havoc over a million computers within hours of release mainly spreading through the contact list and chat list of friends usually found in all the messengers.

These viruses usually disguise themselves as harmless links to sites, pictures and come with a compelling harmless title like "Geez, Is this really your picture?" or "Why did you do this to me?" or the like. These titles make you want to click on them and download the virus on to your system and propagate to those in your friends list.

Once affected, these viruses either provide a backdoor for the hacker to use your computer resources, or download more AdWares and viruses to crash your computer totally. You know that you are affected when:

1. Your computer slows down really bad.
2. Friends complain of you sending messages when you actually have not.
3. Computer shows heavy memory and hard disk usage even when it is idle.
4. Ads on antiSpyware and other anti viruses show up frequently as you browse the internet normally.

How to get rid of MSN virus?

It is possible to get rid of most these viruses in MSN or yahoo quite easily if you get to know what type of virus has affected your computer. Just find the name or some behaviour of the virus affecting your computer and manual instructions to remove the same can be found on the internet easily.

How to stop getting your computer affected by messenger virus?

Do not click on each and every link your friends send you! It might be a virus cloaked as a image. Do not open suspicious links and downloads. This will keep your computer safe and the friends on your chat clients will be thankful to you for not helping spread the virus to their computers. You can imagine the havoc if you send porn messages to your business clients due to a silly messenger virus!

MSN virus manual removal instructions can be found on our site at Remove MSN Virus

Your web host could be the reason why you are a sitting duck for a DDos attack

Just as we have been forced to face terrifying new terrorist attacks in the offline world that threatens our very way of life, online and less publicized dangers are an increasing and terrifying threat.

Few people realize that your choice of web host has a lot to do with just how secure your web site is going to be against attack. Even a simple assault from a lone hacker will tend to be easier with an unprepared web host with less resources and experience.

But the real terror emerges from Ddos attacks or Distributed Denial-of-service attacks. Deliberately designed to elude detection by today's most popular tools, these attacks tend to be swift and come without any warning, leaving behind huge losses that can never be recouped. Microsoft lost an estimated $500 million in just a few days from a Ddos attack on the site in January 2001. Of course the costs go way beyond simple monetary terms. Because site performance is compromised, the business ends up with frustrated customers.

The network infrastructure of the host you choose is very important if a web master is to ensure that their site is protected. And yet most of this protection does not come cheap. For example the most recent Cisco Ddos protection appliance costs about $200,000. Without this protection the host and his entire network are "sitting ducks" as any Ddos attack on any single site will affect the entire network and thus other web sites as well.

This is one of the reasons why it is becoming increasingly important for web masters to be aware of a lot of technical details behind the network structure and capabilities of the web host they choose to go with. It is just too risky to leave it all to chance or to base the entire reason for choice on a few simple factors like price and number of years in business.

About the Author

Web-Host-Search continues to do extensive research on web hosts and web hosting. This in-depth valuable information is available for free at the comprehensive web host directory, www.web-host-search.com. Visit now for your free website template.

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?

No, it doesn't mean you grab a pole and head to the late to catch some phish.

The official Webopedia definition of "phishing" is as follows:

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.

Phishers prey on ignorance, fear, and emotion. They also play the numbers game. The more bait they email out, the more phish they'll catch.. By spamming large groups of people, the "phisher" counts on his email being read and believed by a percentage of people who will volunteer their personal and credit card information.

The latest attempt by identity theives to steal the personal information of eBay members hit my inbox earlier this week and I have to say, this one is pretty convincing. Even this old dog did a double-take before realizing that the identity thieves were phishing for my personal information again.

The sender of this email is listed as: eBay Member - rivernick and the email subject line reads: Question from eBay Member.

The email begins: "Question from eBay Member -- Respond Now. eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will not reach the eBay member. Use the Respond Now button below to respond to this message."

Listen to me: DON'T TOUCH THAT BUTTON

Of course the email was NOT sent by an eBay member or sent via eBay's messaging system, as it appears.

The email then takes on a threatening tone.

It reads: "Question from rivernick: I'm still waiting payment for my item for about 7 days. What happened? Please mail me ASAP or I will report you to ebay."

The recipient is then prompted to respond to this rather disturbing email by clicking a "Respond Now." button.

Doing so will take you to a website designed to look like eBay where you will be prompted to login using your eBay user name and password.

Once you pass this point you will be asked to update your account information before proceeding. Unknowing souls will offer not only their eBay password, but personal and credit card information, as well, without even knowing that they are about to have their personal information stolen.

The one thing that makes this scam so effective is the threat by the supposed eBay member to "report you to eBay."

The email preys on the fear of most eBay members that they are in danger of receiving negative feedback. Many eBayers would rather you cut off a pinky than leave them negative feedback. It is this emotion that the new phishers are hoping to hook.

The phisher is betting that most people will either be horrified by the threat of being wrongly reported to eBay or they will be ticked off that some jerk is threatening them by mistake.

Either way the phisher is counting on a percentage of people to have a knee-jerk reaction and login to the fake eBay website he has set up clear matters up.

I've yet to see what percentage of people who receive these phishing emails fall for the scam, but if a phisher gets 1% of recipients to turn over their personal information, he will probably consider his phishing expedition a success.

I've warned you about these phishing scams before, but let's review it one more time.

NEVER reply directly to an email that appears to have come from eBay, Paypal, Amazon, or anyoen else asking you to click a link in the email to update your account information. If there is any doubt in your mind whether or not the email is really from eBay, for example, open a browser and type in the URL http://www.ebay.com. NEVER click a link within the email to respond.

NEVER believe that an email supposedly from another eBay member is for real. Again, do not click an email link to reply. Open a browser and go to eBay directly and log in. If the email was from a real member, there will be a record of the inquiry in your My eBay account.

You must be aware that there are bad guys out there who do nothing but spend time trying to come up with new and innovative ways to steal your information.

Be paranoid. Be aware. But don't be fooled.

The phishers will cast their line, but you do not have to take the bait.

Here's to your success,

Tim Knox, Entrepreneur, Author, Speaker, Radio Host Founder, The Insiders Club, Giving You The Power To Start Your Business Today http://www.theinsidersclub.com Bestselling Author of: "Everything I Know About Business I Learned From My Mama" http://www.timknox.com

Computer Virus and Security Protection Tips

The internet has its fair share of threats and dangers that could harm your PC and access your personal and confidential information without your permission. Computer security entails both detection and prevention from such people and programs. "Prevention" would help in keeping you safe from all such malicious attempts whereas "detection" would inform you whether someone attempted to access/harm your system, either successfully or unsuccessfully and what harm they may have caused.

Why bother about your computer's security anyway? Well, nowadays computers are used for almost everything from shopping to banking and from having casual conversations through internet chat to investing. Yes, much of your information may not be that confidential but you still won't want someone sending forged emails on your behalf or reading your personal or official documentation, like financial statements and bank account information. On a more serious note, an intruder or hacker/cracker may gain access to your computer to launch attacks on other computer systems. With access to your computer they are able to hide their true location while they launch attacks on high profile computer systems, like those of banks and other financial institutions.

Computer hackers / crackers are always looking for weaknesses or holes in the system. Developers are not always able to run comprehensive tests on their softwares because of its ever growing complexity. Later on when these holes are brought to the developer's notice, they create patches to address the problem. So, the number one tip to all computer users is to make sure you obtain and install the patches and security fixes regularly. Some software like chat programs actually allow other users to execute commands on your system which could open the window to all kinds of harmful programs. Therefore there is a need to be more careful when using chat programs of various kinds.

Install a firewall. Hackers/crackers are constantly scanning for known holes or vulnerabilities in the system. Software or hardware based firewalls can provide good protection from such attacks. Having said that, no firewall is capable enough to keep out all threats, therefore having a fire wall is not quite enough.

Use Antivirus software on each PC that connecting to the internet but an anti virus software that is not updated may do little or no good. Some antivirus software comes with automatic update options - these are thoroughly recommended.

Disable JavaScript, Active X and Java if possible. By disabling these scripting languages you will keep your system safe from malicious scripts. By disabling these options you may degrade the functionality of some websites. For More information on disabling scripting languages please visit http://www.cert.org/tech_tips/malicious_code_FAQ.html.

It is also thoroughly recommended to disable scripting features in email programs as many email programs use the same code as web browsers.

Be careful not to open email attachments even if you are familiar with the source of the attachment. The only reason the Melissa virus spread so far and so rapidly was because it originated from a familiar address. Before opening an attachment, make sure your virus definitions are up-to-date, save the file to your hard disk, scan the file using your anti virus software and then open the file. If possible, even disconnect from the internet before you open the file.

Don't run a program that's come from an un-authorized or un-known source. Don't also send these programs to your colleagues and friends as it may contain a Trojan horse (these programs are used to enter into the system and trick the user into installing various programs which allow hackers and intruders access to your system).

Turn off your computer when it is not being used. A turned off system or a system that is completely disconnected from the network is safe from all intruders.

Make a bootable disk which will come in handy if your computer has suffered an intrusion or a hard disk failure. The bootable disk may help your computer recover from such an event but remember, the bootable needs to be created prior to any security breach or malfunction.

Make a back up of all important files on a removable storage device like a CD or DVD and keep the storage device away from the computer. In order to safe space, you may also choose to ZIP your data (compress your data) using a compression software while making a backup.

For more PC security tips, advice and anti virus software reviews visit http://www.antivirus-software.com

Computer Defense System

Computer security is very important today. Without a great computer defense system, if you go online, you leave yourself open to all kinds of attacks both minor and very serious. Today all business and commerce is conducted by way of the computer. Additionally, once a transaction is completed, it is sent over the Internet to another computer where the transaction is verified and completed. It is very important to be aware of the steps that you need to take before you connect to the Internet to secure your computer. Those who wish to compromise systems are becoming more cleaver in their approaches everyday. It also seems with technology changing everyday, it is harder and harder to keep up.

A good computer defense system first means making sure that on a fresh install of any operating system, Apple OS included, all software updates are downloaded and any security updates are applied. In windows, set your security update options to at least "notify" you of updates even if you don't want to download them automatically. It is also most prudent to make sure all critical updates are downloaded and applied as soon as they become available. Microsoft Windows makes this easy with the Windows Update feature. Similarly there is a feature called software update in the Finder under the "Apple Menu" called software update. It is essential that you do this regularly. If you do not have options set to notify you immediately of updates, check for them a minimum of two to three times a month.

Another Part of your computer Defense System is your anti-virus software. In recent years their has been a tendency for the best know names in the anti-virus business to bloat their product with more and more features that many users will not use or use very sparingly. This taxes computer resources and slows down your computer because it is trying to do more and more background processes. There are many retail packages out there, but they are not all created equal. Also, be aware that program definition files (that tell the program about what viruses may exist on your computer) often expires at the end of a year meaning you will have to renew your anti-virus definition subscription in order to continue to receive updates. An alternative is a free antiviral software solution that provides updates for free. One of the best is by a company called Grisoft. It is called AVG. While I cannot put a link here, if you type "AVG Free" into Google, the link to the download page will be on the top of the list.

For your computer to be running properly, you also need to enable any firewalls on your system. For example, in the Control Panel of recent Windows OS versions (like XP or Vista), you will find a security section (Tab or Icon). Once there, make sure the Windows firewall is enabled. However limit the installation of firewall software because not only can this cause program conflicts and slow down your system, cryptic warnings about a possible intrusion will not benefit you and scare an inexperienced user. Instead install a router or get someone to do it for you. Even if you only have one computer because a router is a physical firewall blocking potentially harmful Internet traffic for you. Also much lower prices on computers now means having multiple computers is affordable. A router allows multiple computers to share a single Internet connection.

Another important consideration is not to install toolbars unless from a recognized and trusted source. A good computer defense system recognizes that many of these installations are actually malware in disguise that can do things in the background that may harm and compromise your system. Also, do not download email attachments. This is one of the major ways that a virus or other malicious or self-executing code actually gets on your system in the first place. You need to exercise do vigilance when on the Internet and click with care. Also make sure that things like Active X controls are not automatically set to run on a page. (Unless on a trusted site that requires it.) Additionally, think seriously about changing the browser you use to surf the Internet with. Type "Get Firefox" in Google. Firefox is a better browsing alternative than its man competitor and it is more secure because it is more of a basic browser that does not automatically execute advanced functions that can lead to viruses, malware, Trojan horses and other malicious code that can seriously harm your computer.

A good computer defense system requires more than what has just been detailed, but these steps are important and will go along way toward a more secure and safe computer system. For even more extensive information; look to the end of this article for links showing you where you can go next.

For more information, please visit the Marketplace section of http://www.learnherenow.com - You will find additional articles on this website. Please check out our sister site at http://www.stevenmilbrandt.com - Thank you. It is hoped you find this article both helpful and informative.

Is There Still a Future For Anti-Virus Software?

Look, if you told me that people should stop wasting their money on stand-alone anti-virus applications then I could have agreed with you to some point. The only thing that's outdated is the term "anti-virus". Strictly speaking, the main online threat is no longer called a virus, a more appropriate term should be "malware" and it is time we started to adapt to this new term. Online threats consist of viruses, spyware, key-loggers and trojans, all residing under the common term of malware.

I understand that the term "anti-virus" is a heavily marketed term and when you mention the term "anti-virus" to computer illiterate and inexperienced users they know exactly what you are talking about, but when you talk about malware they often give you that glossy stare, you know, the kind of stare that screams: "What the hell are you talking about!" Most anti-virus applications now offer protection against spyware and other malware related threats as well, so it is really silly to keep calling them anti-virus applications, they are in essence anti-malware applications.

Scraping your anti-virus solution is reckless and plain stupid. It's just as good as saying we should stop patching the security flaws in software, leave them un-patched because the threats, exploiting these flaws, are evolving way too fast. Should we stop installing security systems in our homes because new, more advanced burglars are born each day? If you can protect your system against known threats why not do it?

It is true, malware evolves much faster than the anti-malware solutions, but known malware gets recycled on the web over and over again. Protecting yourself against a known variant means you can't be attacked by it again and believe me it is not uncommon to be attacked by the same variant more than once. This means anti-virus software still plays a vital role in your protection against malware, it also means that anti-virus software developers are still detecting new threats at a very high rate. New variants may infect quite a lot of computers before they get detected, but once the anti-virus vendors release an updated signature file to all their users, they are at least constraining the spread of the malware and preventing uninfected users from getting infected.

Scraping anti-virus solutions means systems are left unprotected, meaning that they are left infected, thus making a contribution to the processing power of bot networks like Storm. At least an infected system can be cleaned once a new variant has been detected, therefore you are pro-actively taking a bot network down bit by bit and making it harder for the malware to spread any further. Remember, an infected machine becomes a distributor for new variants of the malware. Killing a known variant means you are preventing it from mutating and spreading any further.

Improve the technology, don't scrap it. Yes, definition based protection is nearing its end, but anti-malware solutions are moving towards behaviour based detection. It is suicidal to scrap anti-malware solutions completely just because of the fast evolution of new threats. The argument that the value of anti-virus software is declining is a bunch of hogwash. Big corporations should stop putting reckless ideas into the minds of ordinary users, they should stop the throw-away-your-anti-virus-program-and-buy-our-software kind of marketing. The Internet is dangerous enough as it is, so don't go encouraging people to throw a way their anti-malware applications, not even in today's world of advanced malware attacks. Anti-malware applications are often the only line of defence that's available to novice Internet users.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, an online resource providing education to the Internet Community about online threats. Coenraad also writes about cyber security related topics on the Cyber Top Cops Blog.

How to Detect a Scam

I am sure that some of you have been a victim of Internet Scam. How do you detect a scam? I can tell you from my personal experience how to detect a scam and what needs to be done about it. Internet scams comes in variety of ways. If you type in the keywords for "work at home, surveys, mystery shoppers, online business, and processing credit cards", you will see a dozen of website that literally beg for your undivided attention. Their website looks as though it is so easy to make money. They have testimonials of people making big bucks. They say you can make $500 to $1000 per day part time. It says that you can start in 10 minutes after purchasing their service. What service you may ask after purchasing their service. The only thing you see is a bunch of websites that say that you can make money being a mystery shopper, filing out surveys, and processing credit cards.

Most of the scam sights are not secured. It does not have a padlock or https. Therefore, anyone can see your personal information. Needless to say, they ask everything about you: What is your income, your age, address, and telephone number. Little did I know that I would get junk mails and phone calls from telemarketers wanting to allure you to their business. What surprised me is that they sell your information to third parties. I was charged for some website service on my Verizon telephone bill.

Please be careful of websites with an ending of .org. It's supposed to be a non profit organization but some deceitful people use it to fool consumer thinking that their content can be trusted. Surveys and processing credit cards are scams. If you have to pay $1.97 for a trial period and be charged $37.95 monthly thereafter, please don't do it. Most likely, they will add charges you don't recognize and give you a hard time with refunds. I ended up putting a dispute with my credit card and bank account. I had a terrible experience with work at home companies found by googling the keyword: "best work at home opportunity, how to make money part time". If you have trouble with refunds, you can file a complain with the better business bureau or the FBI.

They say when it rains it always shine. Here is the good news. I found a genuine, remarkable, authentic, Internet marketing course that takes you by the hand and teaches you what you should not do and what you should do. This service is incredible because it reveals the secret of being successful. I can't believe that Mike Andrews is giving away such valuable information that most gurus would keep to themselves. He has tons of tutorials, videos, resources, and great tools provided to members. I have never seen such a wonderful sight for learning how to start your own business. He has pre-made websites with your own id for you to promote. I get very excited when I talk about the materials he offers. What's more amazing is that you can try out the course for 80 days with an unconditional money back guarantee for only $87.00. This is a bargain. This is nothing compared to what you have to pay for a one day seminar which is around $150.00. Just by learning his tutorial, I learned how to get traffic to my website in different forms. You have everything to gain and nothing to loose. For more information, please visit my blog at:

http://howtodetectscam.blogspot.com/

I enjoy teaching and writing articles that provide helpful information for family and children. Please visit my blog at http://howtodetectscam.blogspot.com/

Does Your Business Need to Be PCI DSS Compliant?

Despite increasingly heightened security by merchants and service providers, credit and debit card fraud is still on the rise. Perpetrators are using even more sophisticated methods of infiltration to access sensitive payment card information. The financial cost of fraud to any sized corporation can be huge and the price of preventing it is vast.

Any company which stores, processes or transmits payment card data bearing the logo of the five major payment companies has to comply with the Payment Card Industry Data Security Standards (PCI DSS). These five companies include American Express, Discover, JCB, MasterCard and Visa. These standards were devised in 2004 to provide a common set of industry tools for the storage of payment card data in order to prevent, detect, and react to security incidents.

As well as merchants or banking institutions, compliance is required by any third party who accepts or processes payment cards. This includes call centres who receive cardholder data which they are unable to delete. If merchants use payment gateways to process transactions on their behalf, compliance is not required but they must ensure contractual obligation from the third party that they comply with PCI DSS and are responsible for the security of cardholder data.

Fines for non-compliance or security breaches can be huge, reaching $500,000. High profile cases involving huge corporations have hit the headlines. Some card brands have threatened huge fines against larger merchants of up to $25,000 per month until compliance is obtained. In severe cases, they have even threatened to remove the ability to process credit card payments, which could be economically fatal for any merchant.

While Visa reports that the majority of security breaches occur in small enterprises, any company that stores, processes, or transmits card information has to comply with a strict set of guidelines. Although intended to create a global standard which protects both consumers and corporations alike, these guidelines can be time consuming, costly, and complex to implement. Corporations that require PCI DSS compliance are prevented from storing sensitive credit card information, including security codes, track data from the magnetic strip, and PIN numbers. Information which can be stored includes credit card numbers, expiration dates and customer details, but the method of storage needs to meet certain requirements.

How to obtain PCI DSS compliance

The recommended first step to obtaining compliance is to hire the services of a Quality Security Assessor, who can advise on steps needed to reach compliance as well as completing the official assessments required. Smaller companies that process less than 80,000 transactions per year are permitted to complete a self-assessment questionnaire.

Compliance covers 6 areas of security:

1. Construction and maintenance of a secure network - including installation of a firewall to protect cardholder data
2. Protection of cardholder data - including encryption during data transmission
3. Vulnerability management - with regular updates of anti-virus software
4. Access control - to prevent and restrict access to sensitive data
5. Regular monitoring and testing of networks
6. Maintenance of an information security policy

The latest updated guidelines for PCI DSS are due for release in October 2008.

The benefits of PCI DSS compliance

• Protection from PCI related fines if compliant at the time of breach
• Increased customer confidence in data protection
• Advice on how to remediate any data security risks
• Advice on how to prevent service providers from putting your business at risk from data security
• Increased protection from fraudsters
• Protection from unwanted negative media attention

With this said, there is no question as to why PCI compliant is as important as it is. It both protects the consumer and the merchant, making transactions considerably safer than they would be otherwise.

Managed Hosting provider for companies with applications that demand the highest levels of security and availability.

E-commerce Security - Issues and Controls

The internet facilitates open and easy communication across the globe, and has made e-commerce possible. However, because of its unregulated nature, it poses a threat to the security of e-commerce systems. Hence, as an e-business owner, you should be ready to address an array of e-commerce security issues.

Here are some of the common problems created by hackers:

• Denial-of-service (DoS) attacks that will prevent authorized users from accessing your website. If this happens too often, your customers will walk away.
• Gaining access to sensitive data such as price lists, catalogues and intellectual property, and copying, changing or destroying the same. Who hasn't been a victim of virus attack at some time?
• Altering your website. Unscrupulous rival companies might resort to such tactics in order to spoil your company's image.
• Directing your customers to another site. You do the hard work, and someone else reaps the benefits.

Hence, you should introduce adequate e-commerce security control measures to reduce the risk to your systems. But remember, these controls should not be so restrictive that they impact the efficiency of your business.

Authentication: This is the technique of positively identifying someone seeking to access your e-commerce system. This usually involves any or all of the following:

• Assigning a user name and password combination to registered visitors.
• Instituting a two-factor verification process that requires confirmation of information known only to authentic users. For example, asking for an authentication token and a personal identification number.
• Scanning a person's unique physical attribute such as a fingerprint or facial-feature.

Access control: In this type of control, access is restricted based on a need to know. This limits the number of people who can access a particular piece of information, and therefore reduces the risk of misdemeanor.

Encryption: This technique uses technologies like virtual private networks (VPNs) and secure socket layers (SSLs) to protect information that is being displayed on a computer or transmitted over a network. Companies like banks, which deal with sensitive information will most certainly encrypt data.

Firewall: This is either software or hardware that protects a server, network or computer system from attack by viruses and hackers. It is also a safeguard against user negligence. Many companies use the Kerberos protocol which uses symmetric secret key cryptography to restrict access to authorized employees.

Intrusion detection system (IDS): It inspects all inbound and outbound network activity and identifies any attempt being made to gain illegal access. If IDS suspects an attack, it generates an alarm or sends out an e-mail alert.

The importance of e-commerce security cannot be overemphasized. If your business strategy envisages the use of the internet, make sure that your systems are adequately protected. Books like "The Business of E-commerce: From Corporate Strategy to Technology" and "Security Becomes A Business Requirement For E-Commerce Companies" from amazon.com might be useful in order to deepen your understanding. You might also like to check out the e-commerce security products and services available at x-cart.com.

Hi, I'm Akhil Shahani, a serial entrepreneur who wants to help you succeed. If you like to work smart, check out http://www.SmartEntrepreneur.net . It's full of articles and resources to help you start and grow your business successfully. Please visit us & download our special "Freebie of The Month" at http://www.smartentrepreneur.net/freebie-of-the-month.html

"Ransomware" - Extortion by Encryption

Recently there has been a rash of reports of computers becoming infected with the Gpcode.ak virus, a new variant of an attack that surfaced a few years ago. Gpcode encrypts data on the affected computer's hard drive, plus any shares to which it has access. It leaves the basic system software alone (so the computer remains useable), but encrypts the user's data files. The encryption for the original version was cracked, making it easy for anyone to decrypt his or her own files, but this new version uses a 1024-bit encryption key. According to Kaspersky, this would take a relatively modern PC about 30 years to crack.

Affected users find a "README" file directing them to contact a specific email address for details on purchasing a "decryption tool" in order to recover their files. Sometimes the additional threat of publicizing confidential information is included in this ransom note.

However, because of a flaw in this version, it is currently possible to recover the encrypted files. Gpcode makes a copy of the files before encrypting them, and then deletes this copy. These deleted files can be recovered with file-recovery software that is widely available in both free and commercial offerings. Affected users should avoid rebooting their computers, and should not use them for anything else until they've recovered their files. This limits the risk of the deleted files being overwritten by other processes. This method of recovery is a temporary work-around - at best - because it has been widely publicized on the security forums, and it is only a matter of time before the virus authors add a step to wipe the deleted files from the disk.

It is unclear exactly how this virus spreads, but the vast majority of malicious infections come directly from spam email or from rogue web sites to which spam directs users. Therefore, minimizing one's risk of exposure to this virus means taking the normal precautions against any malware, such as keeping virus scanners and spam filters up to date, and having a clearly communicated policy about not following links in unsolicited emails (spam).

Try our award winning free anti virus protection for 30 days!

Christopher is an Information Security Consultant You are welcome to reproduce this article on Computer Security related web site, as long as you reproduce the article in full, including this resource box and link to our website.

Dirty Little Computer Viruses and How To Protect Yourself

Whether you have learned your lesson from a past experience with a nasty computer virus or have been pressing your luck by surfing the web and downloading various files or opening those email messages sent to you by people you don’t know without any real understanding of just how vulnerable you really are each time you log onto your computer you now have the opportunity to discover what steps you can take to avoid such an annoying and many times destructive infestation.

Listed below are some of the guidelines you can follow in order to keep those nasty viruses from making a mess out of your computer and your life.

•Purchase and install a well respected antivirus software program and be sure to set it up so that it automatically runs when the computer starts up each time.

•Make sure to keep your antivirus software up to date by either using the automatic update feature that many come with or make it a habit to manually check at least once or twice a week for updates on your own.

•Set your antivirus program to scan for potential viruses each time you open a word-processing document like the ones that get sent through email. Viruses found in word-processing documents are called Macro Viruses.

•When purchasing software make sure to only buy from vendors that are well known and from ones you trust.

•Resist swapping data with the use of floppy disks or other mobile storage devices between various computers. If exchanging programs between computers is unavoidable just make sure to scan the storage device(s) for viruses before transferring data from one computer to the next.

•If using floppy disks to transfer data make sure to format them before using them for the first time.

•Never use pirated software. This is both illegal and a very good way to invite an unwanted computer virus.

•When downloading software from the internet do so as little as possible. There are many neat programs available on the internet, but unfortunately there are many viruses that go along with them also.

•If you must download programs from the internet ALWAYS scan them for viruses BEFORE opening them up to install on your computer.

•Probably the most important and neglected method of disaster recovery are periodic backups of all important files found on your computer. Should a virus happen to get through your lines of defense you may need to replace the virus corrupted files with fresh ones that have been kept for such an occasion.

Finally, it is not guaranteed that if you follow the above steps that you will not be the victim of a computer virus, but you can sure bet that if followed you will greatly reduce the chance of being an unsuspecting recipient of such an unwanted program.

Dan devotes much time working on his internet ventures. He currently has a T-Shirt store at http://www.cafepress.com/giftsandtshirts and an ebook store at http://infoheaven-digital-books.com that caters to his visitors.

Read This Important Report If You Are Looking For a Free Spyware Cleaner

Have you been infected by spyware? Or perhaps you just want to keep your computer safe and that is why you are looking for a free spyware cleaner. Either way, I want to caution you. Before I get into the warning, I'd like to share some general information about spyware.

Spyware can get in a computer as a software virus or as the result of installing a new program. Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. Spyware, adware and other unwanted malicious software have become increasingly serious thread to computers, where they are violating privacy by collecting private information and computer data and send to outsiders or person who plants the program without user consent. Worse, there are increasing attempts to collect information such as banking details, credit card details, usernames, passwords, or even personal details are gathered. Spyware is a huge problem that affects nearly everyone with a computer that is on the internet. It reduces productivity at our businesses, and drives us mad at our homes.

Anti-spyware software will look for evidence of these files and delete them if found. These programs have gained popularity as effective tools to remove or intercept spyware programs. Anti-spyware and anti-virus creators are working overtime to keep up with the development of spyware and adware programs. They need to release versions of their utilities as quickly as possible or they will be overrun by spyware's development.

So why all the concern about free spyware cleaners? It's simple, many of the "free" programs are actually spyware themselves! You need to be careful of programs that are free because nothing is ever free.

Many of the best programs offer free downloads, and allow you to try the program out first, and that's okay, but be wary of those that are 100% free. It's probably a trap!

Get rid of annoying and dangerous spyware and adware today with NoAdware It is my top recommended spyware removal program.

They even offer a free download. You can learn more here

Internet Security Threats

Internet is not a safe place for the web users. Every unprotected online computer can be affected with the viruses, malware, adware, hackers' attacks and Trojans with only in 20 minutes. There are numerous security risks on internet that can lead you to serious financial loss, information theft and the attack on your computer.

There are specialized hackings tools and scripts that are designed to attack an unprotected computer. Being a web user, it is very important for you to learn about the common online threats. To deal with these threats you need to implement security solution on your computer, which includes antivirus, antispyware and firewall software or hardware device. The common online security threats include the following.

· Viruses

· Spyware

· Adware

· Malware

· Hackers

· Intruders

· Trojans

Every a computer is attacked with the viruses or other threats, all the connected computers also gets attacked. There are preventive measures, tools and techniques that can be used to deal with these threats.

Security Tips

· Do not open any email attachment from any unknown and unauthenticated source.

· Never reply to the emails whose identity you don't know.

· Protect your computer by installing up-to-dated antivirus and antispyware programs and regularly scan your computer with them.

· Implement a hardware or software firewall on your computer.

· Never send your user names, bank account information, passwords and credit card details to someone via emails.

· Before doing online shopping through a website ensure the validity and repute of that website.

· While doing online shopping make sure that your browser is displaying a lock sign at the bottom right column of your browser.

· Never open any web link that you receive through the web messengers from unknown
users.

· If you are administering a computer network then make sure that you are using very strong passwords at the computer server.

· Monitor the online activities of your network users.

· Block the suspicious websites, web applications, P2P sites and other files sharing websites.

· Never download software or games from the untrusted websites.

· In case of any online credit card fraud event, immediately contact your credit card issuing company or bank and report the abuse.

These tips will certainly help you to have safe browsing, chatting and secure online shopping experience.

B. Bashir manages this website Networking Tutorials and regularly writes articles on various topics such as Computer Networking, Computer Network Wireless Networking, Computer Hardware, Certifications, How Tos, Computer Networking Tips and computer tips.

How A SSO Implementation Improved Security While Easing On-The-Job Frustrations Of Staff

Some consider security to be beyond the reach of usual measures of return on investment, but most would agree that the costs of a security program should be known and under control. As Southwest Washington Medical Center (SWMC) completed a company-wide project to electronically enable its patient records and organizational data, the IT staff discovered that among all of the benefits that the new system gave the organization (increased security, better organization, ease of information finding, compliance with regulations) the resulting passwords and protocols greatly increased the amount of time staff needed to access records and data.

SWMC is a community-owned, not-for-profit medical institution located in Vancouver, Washington that provides a full range of outpatient and inpatient diagnostic, medical and surgical services to Clark County residents. The region's health care leader and steward for nearly 150 years, SWMC is one of its largest employers and a six-time winner of the Solucient Top 100 Hospitals award. SWMC's employees help support dozens of medical specialty services and programs, focused on cancer, heart, emergency, trauma, neuro-musculoskeletal, family birth and primary care.

The healthcare industry in general presents a significant challenge for internal IT organizations. In the healthcare setting, there are far more users than workstations; the workforce is highly mobile; every worker needs to be able to access an IT workstation from just about anywhere-and be able to securely access a wide variety of applications from it. The challenge for SWMC was to figure out how to both protect patient information and at the same time, find a way to securely provide acute care clinical staff the ability to walk up to any workstation and log into the network to access applications and information that enable them to provide timely care and service to patients.

The password policies in place required staff to use-and therefore remember-a different password for each application. This added strain was compounded by help desk calls to reset forgotten passwords and "adhesive" memory tactics (using sticky notes to remind users of new passwords) that hurt patient privacy far more than the new security programs helped. To make matters worse, even successfully executed logins were taking an average of 30 seconds, adding up to an average of five minutes per day, per employee. For SWMC's more than 3,000 employees that's 25 hours wasted per day, or 150 + hours per week - assuming zero password-related problems that week. With the average hospital cost at $17.00 per hour, the total comes to $2,500 per week, or $130,000 per year-time and money lost to the login process. The system also supports 2,800 clinical and medical support staff of partnering community clinics, making this a cost issue outside the hospital's walls.

It was easy to see that this was something that needed to be fixed quickly, as it was becoming a huge frustration for staff and had the potential to become something that could both hurt retention efforts and ultimately take time away from providing patient care.

As issues around frustrations with the electronic record/information systems came to light, the organization was also dealing with two other concerns: compliance with the Health Insurance Portability and Accountability Act (HIPAA); and staff and physician retention in the highly-competitive healthcare industry.

After thoroughly researching various technologies and options, the IT leadership team determined that a comprehensive single sign-on (SSO) implementation could solve several of these issues: eliminate the password problem, producing significant efficiencies for both the IT team and hospital staff; reduce costs; increase the time spent on patient care; help satisfy HIPAA regulations on patient information protection, user login requirements and workstation time-outs; and enable the IT staff to gain organization-wide, centralized control over all IT access control management.

After looking at companies such as IBM, Novell, CA and Sentillion, SWMC chose to go with Imprivata's OneSign Single Sign-On solution, an appliance-based product that provided an intelligent and affordable solution for password management and user access. In evaluations, the team agreed that there were two major features that set OneSign apart from the other solutions:

(1) It was easy-to-use, meaning care staff would have no problem learning how to use it-and it would not force them to change the way they work, other than limiting the time spent on password logins and logouts; and

(2) It could easily be integrated with existing systems and with a zero-server-footprint. This was especially important for SWMC's situation, as it had information stored in dispersed and different locations, across 160 applications, with multiple authentication schemas (Novell NDS, RADIUS, MS Active Directory)-and were in the process of migrating over to Microsoft Active Directory as the new source of all access authentication. SWMC needed a solution that could easily take information from and seamlessly interface with all of these areas-and OneSign was it.

With more than 3,000 users, 125 departments and 160 applications, the IT staff decided to break the project down into two phases: phase I, the full deployment of SSO with fifty core applications; and phase II, the deployment of the balance of critical applications. Because of the success of phase I, phase II was quickly undertaken and the whole system was up and running within three months.

At SWMC, the Microsoft Active Directory group policies manage all role-based-access-control at the enterprise level-including internal use, outside vendor access and remote VPN access by coders, transcriptionists and "road warriors." The SSO product then manages the initial application-layer access-which has its own access controls, especially within the clinical systems. Access to Protected Health Information (PHI) is managed down to the screens or menus within the PHI-enabled applications. Each workforce member's access rights are set within an enterprise standard-via a Human Resources job code-which is then mapped to access control groups at the application layer.

Because of this, any user can use any workstation within the network - the security now follows the user. Every workstation is what we call a "fast user switching" workstation that can log a user off of a machine, close all applications and get the machine ready for the next user login in about 15 seconds. This approach gives the needed security to protect patient data-but at the same time eradicates the old hassle of locked workstations and prevents the use of the power switch to unlock the machine, a process which can potentially cause hard disk corruption.

Imprivata's solution provided SSO access, enabling users to get a common log-in across all applications, using either a password or a finger biometric to authenticate. The solution allowed SWMC to create one consistent user interface, one security posture for policy management and one principal authentication store for HIPAA-and did so without requiring any code changes to internal or external applications.

In short, SWMC's SSO initiative has transformed its ability to provide quick access to applications and information for the clinical staff, while enabling them to provide more timely and therefore better care to patients-all while helping the organization meet strict HIPAA guidelines. SSO saves staff 15 to 30 seconds per logon-or roughly five minutes per day, per employee.

The security improvements that the SSO implementation has brought about cannot be overstated. Before, it was difficult to get users to adhere to password policies and change their password every six months or so-especially when the number of passwords grew as more and more workflow at the organization was done electronically. Now, password changes happen when they are supposed to-and the team can easily tell when staff is not adhering to policy and make them change their password.

Feedback has been resoundingly positive. The use of single sign-on is appreciated every time a user walks up to a workstation, which happens thousands of times each day. The staff loves SSO-and now wants it on all of their other (non-core) applications.

SWMC has a new competitor hospital just eight short miles away, so keeping staff happy is more essential than ever. As I alluded to earlier, physician and medical staff satisfaction with their work environment has become a crucial part of staff retention. Providing a positive environment that limits mundane tasks-like repetitively logging in to several applications throughout the day-and freeing up time for patient care are critical components of our organization's retention efforts.

Imprivata, Inc.
10 Maguire Road
Building 4
Lexington, MA 02421-3120 USA

phone: 781-674-2700
fax: 781-674-2760
toll-free: 1-877-OneSign

Threats to Internet Security

Viruses have already become the biggest curse of the internet world, affecting millions of internet users and other business communities. Hackers, Spammers- whatever names you choose to call them, these programmes termed as malwares, have sown the seeds of fear and doubt in the minds of the general internet users. Privacy and security are the most affected segments and to escape from the hassles of the viruses,Up-to-date anti-virus software is essential for all PCs, particularly those that connect to the internet. It helps to prevent viruses, worms and other malicious software infecting your computer. It scans new files and emails, and regularly checks existing files and folders for abnormal behaviour. Computer viruses are a sickness that every computer user encounters sooner or later. In fact, viruses are just one example of a whole group of nuisance programs which are known as malware. Types of malware include,Viruses which like their biological counterparts, these are programs that infect a computer (by various methods) and then spread to other computers when infected files or disks are exchanged,Worms which are similar to viruses but are carried on the Internet and can spread from one computer to another by themselves, with no need for a user to assist the process by giving someone an infected file or disk,Trojans so named after the Trojan Horse of mythology, these are programs that pretend to be harmless and useful, but which in fact do something sinister, like plant a virus in a computer,Spyware that is nothing but a software that tracks your online activity or monitors your keystrokes and sends this information to a remote server,Dialers which are programs that are downloaded to your computer from a web page, which then steal money from you by dialling premium rate phone numbers, Hijackers which are little programs that are usually infiltrated on to your system via email or your web browser, which then hijack your browser settings by (for example) changing your default home page setting.

Viruses, worms and trojans cause a nuisance just by spreading their infections, but most of them also do something else, known as the payload. The payload may be something innocuous, like displaying a message or changing the system colours, or it may be something destructive like deleting files or formatting the hard disk. This payload often isn't activated until the virus has infected your computer for a while (giving it a chance to spread) so the fact that you haven't noticed anything unusual doesn't mean your computer is necessarily in good health.If your computer gets infected, whether the payload is harmful or not you want to get rid of the virus as quickly as possible, so as to remove the risk of it spreading to the computers of your friends and colleagues.The only sure way to get rid of a virus is to use anti-virus software. Some viruses can be removed manually, but different viruses need different removal methods and by the time you've found out the correct procedure a software virus scanner could already have done the job.

In a few cases, the virus scanner may not be able to cleanly remove a virus from a file, and the file may be left corrupt and unusable. In this case, your only option is to restore an uninfected copy of the file from software installation disks or a backup.

A good backup system is by far the best safeguard against losing data due to the action of a virus (as well as other disasters). But it must work hand-in-glove with the regular use of a virus scanner, otherwise your clean backup files could be replaced by infected ones before you realise your system has a virus.It's better to prevent a virus from infecting your computer in the first place, than have to remove one after it has. Therefore, it's worth paying close attention to virus prevention measures.

The best all-round system of protection is to install anti-virus software and enable on-access scanning (this is usually enabled by default.) This will work silently in the background, checking files for the presence of viruses. You need not worry about it until it detects a virus and raises the alert.

However, you must remain conscious of the need for virus protection to the extent of remembering to update your virus scanner regularly. These days, daily updates are not too often! New viruses are constantly appearing on the scene, and despite the claims of software vendors, virus scanners are not very good at detecting viruses they don't know about. Updating is the only way to maintain your virus scanner at top effectiveness by ensuring it knows about, and can detect, all the latest threats. Trusted and reliable anti virus programs include McAfee, Norton Anti-virus, AVG, PCCillin, Trend-Micro and many others. Anti-virus programs work on continuous updates of anti-virus definitions and thwart new viruses by managing to keep a few steps ahead of them.

PKP Iyer ,Java Development India

Java Development India is premium Java development Services provider in India

Security and the Family Internet Experience

The Internet is all about freedom. It is the freedom to explore, the freedom to learn new things and the freedom to pursue a business that can make money.

There are certain countries that restrict the freedom of their citizens when it comes to online exploration, but the free exchange of information and ideas is what makes using the Internet so appealing to many.

According to each individual's way of thinking there are a lot of strange websites out there. You can find websites that offend and may seem distasteful to your senses. Yet, you will also find many more that will connect with your interests and values.

Some, who may have never used an online entry point, may view the web as a place where evil can be found on every site. If you use a search engine you can quickly find an abundance of sites that will easily offend, but the truth is the Internet is simply a tool that can be useful for either positive or negative purposes.

If you go online in a deliberate attempt to find something negative you will find it, but the opposite is also true. The same logic can be applied to television. The form of media can contain material that is positive and negative depending on your point of view. That doesn't make the television good or bad - it simply causes the user to exercise caution when using this form of media.

When parents discover objectionable programming they can use available technology to block certain channels and use other technology to block any shows with a rating they don't want their family to see.

In the same way there is a form of security for parents when it comes to allowing their children to gain access to the web. In some cases parents who supervise their children online do not have much problem of their children encountering site content that may be objectionable. They may also be able to divert online messaging that could pose potential dangers to their child.

There are programs like Net Nanny that allow parents to gain remarkable control over what their children are allowed to see online. They can monitor where they have been, and they can do this without the need to stay with their child every moment they are online.

A program called Covenant Eyes can also help individuals who may be attracted to material on sites that may not be healthy to an ongoing relationship or finances. This site can help by providing an accountability partner with a report about sites that have been visited. The idea is to help an individual who may have a gambling addiction or may be prone to visit sites with pornography to kick the habit using a trusted friend who can monitor online activity and gently confront the problem.

These and similar programs provide family security online because sometimes we can stumble into a place we know we shouldn't be and decide to stay too long.

The Internet is not evil, but we could all use a little help in making sure we are comfortable in using it wisely.

Make A Website in minutes with HighPowerSites.com or Build A Website with BuildAGreatSite.com. Start a HOME BUSINESS and Resell Ebooks at BooksWealth.com.

Denial Of Service Attack

A Distributed Denial of Service (DDoS) is an attack on a network which is designed to bring it to a halt. This is done by sending useless traffic to a specific service/port on a server. The amount of traffic sent would overwhelm the service, so that legitimate traffic would be dropped or ignored.

DDoS attacks have developed from the basic DoS attacks that were in the wild in 1997. These attacks originate from one source and can emerge from 100’s of locations around the world. The most visible attacks were those in February 2000, where high traffic sites (eBay/Amazon/Yahoo/CNN/Buy.Com/Datek/ZDNet) were faced with the task of handling huge amounts of spoofed traffic. In recent days, there have been attacks on Cisco which resulted in considerable downtime. Some public blacklist have also been targeted by spammers and taken out of business.

The following are different types of attacks.

Smurfing: The culprit sends a large amount of ICMP echo traffic at IP Broadcast addresses, all of it having a spoofed source address of a victim. This multiplies the traffic by the number of hosts.

Fraggle: This is the cousin of the smurf attack. This attack uses UDP echo packets in the same was as the ICMP echo traffic.

Ping Flood: The culprit attempts to disrupt service by sending ping request directly to the victim.

Syn Flood: Exploiting the flaw in the TCP three-way handshake, the culprit will create connection requests aimed at the victim. These requests are made with packets of unreachable source addresses. The server/device is not able to complete the connection and as a result the server ends up using the majority of its network resources trying to acknowledge each SYN.

Land: The culprit sends a forged packet with the same source and destination IP address. The victims system will be confused and crash or reboot.

Teardrop: The culprit sends two fragments that cannot be reassembled properly by manipulating the offset value of the packet and cause a reboot or halt of the victim’s system.

Bonk: This attack usually affects Windows OS machines. The culprit sends corrupted UDP Packets to DNS port 53. The system gets confused and crashes.

Boink: This is similar to the Bonk attack; accept that it targets multiple ports instead of only 53.

Worming: The worm sends a large amount of data to remote servers. It then verifies that a connection is active by attempting to contact a website outside the network. If successful, an attack is initiated. This would be in conjunction with a mass-mailing of some sort.

With the current TCP/IP implementation, there is very little that companies can do to prevent their network from being DDoSed. Some companies can be proactive and make sure all their systems are patched and are only running services they need. Also implementing, Egress/Ingress filtering and enable logging on all routers will disable some DDoS attacks.

“Egress filtering is the process of examining all packet headers leaving a subnet for address validity. If the packet's source IP address originates inside the subnet that the router serves, then the packet is forwarded. If the packet has an illegal source address, then the packet is simply dropped. There is very little overhead involved, therefore there is no degradation to network performance.”

- Cisco Website

Below you will find a simple SYN attack detection script that could be set to run every 5 minutes via a cronjob. In case of an attack you would receive and email with IP information; remember the IP information is usually spoofed.

#!/usr/bin/perl -w
#Simple Script to monitor syn attacks.
$syn_alert=15;
$hostname=`hostname`;
chomp($hostname);
$num_of_syn=`netstat -an | grep -c SYN`;
if($num_of_syn > $syn_alert)
{
`netstat -an | grep SYN | mail -s "SYN ATTACK DETECTED ON $hostname" admin@yourcompany.com`;
}
else {
}
exit;

Conclusion: DDoS attacks are very difficult to trace and stop. New hardware appliances are being manufactured specifically for these types of attacks. Many dedicated server providers simply unplug the server that is being attacked until the attack has stopped. This is not a solution this is a careless and temporary fix. The culprit will still exist and has not been held accountable for their actions. Once an attack is detected hosts should immediately engage their upstream providers.

About The Author

Edwin Gonzalez is the founder of Datums Internet Solutions, LLC (http://www.datums.net) based out of New York. In addition to dealing with day-to-day operations, he works on building his library of shell one-liners