1. Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.

2. Use security software with real-time protection and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs will help keep you protected from rogues because they can detect and remove these programs.

3. Access experts at security forums and ask about the software you are considering before you decide to purchase it.

4. Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products.

5. Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.

6. Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.

Author: Erin Earley, editor of Lavasoft News.

—

NOTE: Original article is posted on Help Net Security website: http://www.net-security.org/malware_news.php?id=1245. You can subscribe to their news for up-to-date security news and articles.
Follow us on Twitter: @securetoday.

Aurora Borealis or the Northern Light is a jaw-dropping awe vista to witness. I have not witnessed one but it’s one of my dreams. While we know the beauty of it, there is another and different aurora (not borealis) that is not to be messed with.

The Operation Aurora dubbed by McAfee to describe the very recent Microsoft’s Internet Explorer Zero-Day vulnerability is a “coordinated attack which included a piece of computer code that exploits a vulnerability in Internet Explorer to gain access to computer systems.” It was used to exploit Google and other 30 more companies as previously reported. Last Friday, George Kurtz, McAfee’s CTO talked in his Security blog about the Aurora exploit that is used to attack Google in December is now in public.

Any zero-day vulnerability is always a bad thing. Two weeks ago, one of my older computers crashed and for what I know it could be caused by this same exploit. While the discovery of this vulnerability has been a while now, Microsoft has yet to release an official patch.

The bad thing is, there are third-party patches out there that have gone out to provide temporary fix for this vulnerability. I would not really recommend installing these third-party patches since we don’t know what the ill-effects in the long run. The good news is, Microsoft is going to release a patch tomorrow, January 21st. Read Microsoft’s Bulletin.

To learn more about Operation Aurora from McAfee, watch the video from George Kurtz and the McAfee team here.

On the other side, I believe this same vulnerability is called by Symantec as Hydraq.

Hydraq is a targeted attack. Through the exploitation of a vulnerability, it attempts to install a trojan on a specific computer that steals information from that machine. The trojan attempts to make contact with command and control servers in order to receive instructions and to upload any information that it may have collected. This type of attack is often called an advanced persistent threat because of the sophistication and persistence of the attack within a business.

What I like about reading the page that Symantec provides is they outlined 3 important things to protect yourself, which is what really I wanted to convey to everyone, not only to home users, but also even helpdesk support, or even any security professionals in their workplace.

• Stay up-to-date with security patches. Zero-day vulnerability like this can wreak havoc and even worst, loss of your important data. So make sure that your OS, applications, antivirus are all up-to-date. It’s a must.
• Complete security solution. Having antivirus, firewall, and even host intrusion detection software will spot these from the very beginning. Again, an updated definitions or dat files is as important as the software. Even if you have antivirus installed if the signature definitions are outdated, it is useless. Get them updated.
• User awareness. This is one of the keys. Understand even the basics of security and how important it is will give you an advantage. I like saying this a lot:  “security is nothing until your computer is hacked and you lost all your data, then security is everything”.

As a security professional, we should be very aware and concerned that the security we protect, such as critcal data and confidential information through the technology like firewall, DLP, IDP, and the like can as easily be compromised as someone stealing the physical server, damaged by natural or environmental calamities, or broken by infrastructure faults. So, physical security must not be ignored and should also be incorporated in the security policies as well as included in any security discussions.

Physical security must be implemented based on the model of a layered defense. The idea is, before unauthorized entity can access the valuable asset, they should go through layers of layers of physical barriers before reaching the spot. If one of the layers fails, the others will protect the asset. So layers of defense should move from the perimeter towards the asset.

I am a firm believer that security should not be a patched-approach, rather, it should be part of the architecture. Similar to software applications, I believe that one of the best ways to stay secure is to develop the program as error-, flaw-free. This way, we don’t have to worry about patching it and afraid of getting compromised by its vulnerabilities. Of course, it is not a perfect world, and that is why as much as we can, security should begin at the very start of the design.

Physical security is not exempted. The CPTED (Crime Prevention Through Environmental Design) is a discipline that structures the proper architectural design of a physical environment to reduce crime by directly affecting human behaviors and activities. The CPTED concept has been around since the 1960s. It provides guidance in loss and crime prevention through proper construction of buildings and the arrangement of environmental components.

CPTED Key Concepts

So the idea of CPTED is before even the construction of a facility, it then address the landscaping, entrances, exits, neighborhood layouts, access roads and freeways, lightnings, and traffic patterns. It also puts into consideration the placement of offices, lobby, restrooms, campuses surrounding, and even up to the scale of the wider scope of the city. As you can imagine, before a facility is built, the security is already put in consideration. Putting the proper landscaping should deter intruders, or building the right height of fence or correct placement of lightnings should stop unauthorized people. Another good example is to architect the built of a data center to be located at the center of the facility so that the walls will protect it from any damages from outside.

There are several components to consider when implementing CPTED as shown from the figure above. The best approach is usually to build an environment from a CPTED approach and then apply these components on top of the design where it is needed. The following target-hardening components are derived from Moffat (1983, p.23):

• Access Control
• Natural Surveillance
• Territoriality
• Defensible Space
• Activity Programme
• Formal Organized Surveillance

Access Control (Natural) – this is the guidance of placing of fences, doors, lightnings, and landscaping to address the flow of people going in and out of a location.

Surveillance (Natural and Formal)- is the components that address the placements of CCTV, security guards, and natural strategies such as line of sight, raised entrances, bollards, etc.)

Territoriality – addresses the concepts of security zones. It can be implemented through the use of physical barriers such as walls, dividers, fences, flags, to clearly marked your dedicated scope of coverage or jurisdiction.

Defensible Space – this is similar to Territorial Reinforcement (above), in that the environment or community being designed incorporates sense of ownership. Good examples are the physical fences or logical borders of jurisdiction where you defend of which you own.

Activity Programme - or activity support involves the use of design to encourage intended patterns of usage of public space. This concept aims to protects community by encouraging safe activities and practices in the surrounding environment to deter any unsafe activities from happening. This approach also includes access control, surveillance, and territoriality.

The CPTED discipline adds value in security as it starts where it needs to be. And although as IT Security professionals, our involvement in the construction of facilities and implementation of CPTED is rare, it is a good knowledge to know and it is there. The CPTED is a security concept that if it is implemented correctly, it will benefit everybody.