Essential Computer Security

It is no secret that VoIP is a popular and growing technology. VoIP, and its bigger, more converged, and feature-rich brother, unified communications, represent a significant shift in communications technology and a quantum evolution in how businesses leverage communications to improve productivity and increase efficiency. Bottom line- businesses that don’t have it now will have it soon and new tools and technologies will continue to drive the adoption of VoIP and unified communications.

VoIP security is frequently talked about, but it is rare to hear of actual VoIP attacks. From both a theoretical and practical point of view there are a number of vulnerabilities and weaknesses in various VoIP implementations, but I think that the attackers are still working out their ‘business model’ and examining how to go from exploit to income. So far it seems like the most prevalent attacks are old-fashioned toll fraud attacks against VoIP systems. Without a strategy to monetize the attack, there is little incentive to execute one. Once the Internet criminals of the world figure out how to make money from VoIP exploits the gloves will be off.

A recent article in CSOOnline.com by Bob Bradley (Excellent last name! He must know what he is talking about), spells out some of the most prevalent security issues with VoIP, and some recommendations and best practices to guard against them. There are plenty of resources available, and a growing number of vendors and consulting companies dedicated to providing VoIP and unified communications security. It is the responsibility of CSO’s, CIO’s, and other IT mangement and security individuals to be informed about the threats and aware of the available mitigations and countermeasures to enure that their VoIP and unified communications environments are adequately protected.

Follow me on Twitter

Tags: Blog by Tony Bradley
Comments Off

Well, actually, I believe the answer is “most people”. But, that is more a commentary on their level of information security savvy and common sense than a fear of the malware itself. Antivirus, which has now evolved in most cases to a multi-faceted antimalware suite to protect against viruses, worms, spyware, spam, phishing and more, is accepted as  default essential for home computer users and enterprise desktop systems alike. However, as Steve Riley points out in this blog post, computer professionals who have some common sense and show some discretion, mixed with just an ounce of information security knowledge, don’t really need the extra protection. Steve is not the only security expert I have met that feels that way either. The fact is that antimalware [Read more →]

Tags: Blog by Tony Bradley
3 Comments »

It is very convenient to have your various usernames and passwords stored in your computer system. When you are logging into a web site or application, the information is automatically filled in for you so you don’t have to try to remember what alternate identity you used, or what unique variation of your password (or, better yet, passphrase) you used when registering. Unfortunately, as with virtually everything that provides more convenience or efficiency for you, it also represents a security concern that can be leveraged by an attacker to more conveniently and efficiently compromise your system. [Read more →]

Tags: Blog by Tony Bradley
1 Comment »

Back up your data!!! With more consumers relying solely on digital cameras to capture life’s moments, entire photographic and video histories are stored on computer hard drives. If you don’t back up your data, it could all be gone in the blink of a nanosecond. The latest trend in security suites is to include some type of maintenance and backup functionality, and Windows has included at least a rudimentary backup function for a while. Symantec takes it one step farther than the competition, providing [Read more →]

Tags: Blog by Tony Bradley
Comments Off

I have been talking for years about the relative insecurity of wireless networks. Companies and consumers alike buy and implement wireless technology for its convenience, without stopping to consider the security implications. If you can sit on your couch in the living room and connect to the wireless router in your den, then your neighbor can probably connect from his house, or the guy sitting in his car parked [Read more →]

Tags: Blog by Tony Bradley
3 Comments »

It seems like there are so many data breaches these days that the news of such events is more or less brushed aside. The public is becoming de-sensitized and just says “oh, another one of *those* new stories”. Recently, it was discovered that Monster.com, the popular job-hunting web site, was the victim of a breach into their systems which compromised an estimated 1.3 million accounts. Monster.com has issued this notice, which was also emailed out to registered members, and they have allegedly increased monitoring and security on their servers. [Read more →]

Tags: Blog by Tony Bradley
Comments Off

Your passwords are the keys that keep your personal information and sensitive data locked away. If you choose a password that is easy to guess, like your dog’s name, or your wedding anniversary, anyone who knows anything about you can guess it and those who don’t know anything about you can probably find that type of information. You want to make sure you choose a password that others won’t guess and that will not be easy to crack. When I wrote Essential Computer Security, I ran this little test [Read more →]

Tags: Blog by Tony Bradley
Comments Off

Have you received any emails lately about your eBay or Paypal account being suspended due to suspected fraud? Perhaps you have been notified by a financial institution (often a bank that you do not even do business with in the first place), that they have upgraded their systems and they need you to click on a link to enter your username and password for verification. These are examples of phishing attacks, or phishing scams. The email is the “bait” to lure you (the “phish”) into surrendering sensitive or confidential information such as your passwords or credit card numbers. You can protect yourself against becoming a phishing victim by following the 5 simple steps I outlined in this About.com Internet / Network Security article.

Tags: Blog by Tony Bradley
Comments Off

To tell the truth, these are almost the only 5 products worth considering, not just the top. There are hundreds of anti-spyware products available, including many that claim to be anti-spyware but are malware products in and of themselves. Products like these 5 (Windows Defender, AdAware Personal SE, Spybot Search & Destroy, Webroot Spy Sweeper, and McAfee Anti-Spyware) represent commercial products from vendors you can trust. [Read more →]

Tags: Blog by Tony Bradley
Comments Off