Cloud Computing Forensics Using a Communication Data Trunk Transmission Filter – Will It Work?

China, Iran, and a number of other nations have built giant intranet systems which then connect to the overall global Internet. By doing this they can watch the traffic, censor information, and do their intelligence work. Unfortunately, in doing so they also find and eliminate dissension – we do not like that concept in the…

China, Iran, and a number of other nations have built giant intranet systems which then connect to the overall global Internet. By doing this they can watch the traffic, censor information, and do their intelligence work. Unfortunately, in doing so they also find and eliminate dissension – we do not like that concept in the United States because we believe in liberty and liberty above all else, suddenless, this is how they do it in their countries. Okay so let's talk about this for second shall we?

The NSA had a decent concept which was approved by Congress and that was to funnel the information from major Communications Systems which handle Internet, facsimile, and voice traffic and allow a computer to read through what is passing through that chokepoint. They call this system; Einstein 2 and 3. This makes sense, and this is a good way to do it. Why are they doing it here in the United States? Well, in 2003, they were worried about terrorism, and it's a good way to find out who the bad guys are as communications come from overseas.

Lately, it has also been considered that once a system like this was up and running, it can also look for malicious computer code, viruses, or even worms which could infiltrate our software, banking system, stock market, military contractors, or infrastructure. It would also help anyone who had a computer, or was connected to the Internet via a smart phone, tablet, laptop, computer, or perhaps an entire IT system from catching a cold or virus as well. All this makes sense right? Sure it does, but you can imagine that those who wish to maintain privacy, so guarantee freedom and liberty, specifically freedom of speech are up in arms over all this.

Now then, as the infiltrators try to get through this system, surely they will figure out ways to get by it, but as we sift through the data we have collected we could also go back and look at all the previous data which came through, seemingly looking at data without time. In other words time is no longer a variable, as all past and present communication would be available. Strong algorithms could look for variations in various software viruses, malware, and worms – and get smarter as they go with artificial intelligence looking for new exploits.

Could this shut down the hackers once and for all? Could we catch all the terrorists? Could we use this to keep America safe? Perhaps the answer is yes, although it is a moving target, and every time we get better, so do the bad guys. However with such a system only super well-funded hackers, sometimes state-sponsored would have the money to keep up with such a system. In the future as long as no one uses it for ill purposes such as the other countries mentioned above, the US would be a lot safer with such a strategy. Please consider all this.

Use of Taps and Span Ports in Cyber Intelligence Applications

Cyber ​​warfare is unfortunately no longer found only in speculative fiction; it is with us today. Distributed denial-of-service (DDoS) attacks have been launched against the United States, South Korea, Kyrgyzstan, Estonia, and Georgia in recent years, and military and government computer systems around the world are asserted by intruders daily. Some attacks come from nation-states,…

Cyber ​​warfare is unfortunately no longer found only in speculative fiction; it is with us today. Distributed denial-of-service (DDoS) attacks have been launched against the United States, South Korea, Kyrgyzstan, Estonia, and Georgia in recent years, and military and government computer systems around the world are asserted by intruders daily. Some attacks come from nation-states, but others are perpetrated by transnational and unaligned rogue groups. Those bent on inflating harm on nations and citizens not only use networks as an attack vector, but also for organizing, recruiting, and publicizing their beliefs and activities.

On the other side of the fence are the good guys, the members of the cyber intelligence community who aim to understand and track the terrorists, and extremely stymie their plans. Due to the pervasive use of networks by radical and criminal organizations in the modern world, a great deal can be learned about terrorists by examining their use of the World Wide Web, and how the Internet is used as a vector to attack both public and private systems. This field of study is called “terrorism informatics,” which is defined as “the application of advanced methodologies and information fusion and analysis techniques to acquire, integrate, process, analyze, and manage the diversity of terrorism-related information for national / international and homeland security-related applications “(Hsinchun Chen et al., eds., Terrorism Informatics, New York: Springer, 2008, p. xv).

Terrorism informatics analyzes information from data-at-rest sources such as blogs, social media, and databases. For other types of analyzes, it is necessary to examine data in motion, in other words, information as it travels on a network. Access to data-in-motion is often obtained by eavesdropping on the network traffic using Span ports in switches. This paper focuses specifically on the implications of using Span ports in counter-terrorism monitoring applications. It shows that Span ports are particularly ill-suited to this use. Note also that the security vulnerabilities of Span ports in counter-terrorism applications apply equally when Span ports are used for other monitoring needs such as performance or compliance monitoring.

Introduction
Span or mirror ports are a convenient and inexpensive way to access traffic lowing through a network switch. Switches that support Span ports – typically high-end switches – can be configured to mirror traffic from selected ports or VLANs to the Span port, where monitoring tools can be attached. At first glance, it seems that a Span port could be a good way to connect an intrusion detection system (IDS), forensic recorder, or other security monitoring device.
Unfortunately, Span ports have several characteristics that can be troublesome and risky in a counter-terrorism application. These characteristics include:

  • The possibility of dropping packets
  • The need for reconfiguring switches
  • The vulnerability of Span ports to attack
  • The fact that Span ports are not passive mechanisms

These issues are elaborated in the following sections.

Problem # 1: Dropped Packets
The first issue with Span ports in a counter-terrorism application is that the visibility of network traffic is less than perfect. In counter-terrorism monitoring, a fundamental requirement is that the security device must be able to see every single packet on the wire. An IDS can not detect a virus if it does not see the packages carrying it. Span ports can not meet this requirement because they drop packets. Spanning is the switch's lowest priority task, and Span traffic is the first thing to go when the switch gets busy. In fact, it is allowable for any port on a switch to drop packets because network protocols are specifically designed to be robust in spite of dropped packets, which are inevitable in a network. But it is not acceptable in a counter-terrorism monitoring application.

Different switches may be more or less before to drop Span packets depending on their internal architecture, which varies from switch to switch. However, it is illegally that the performance of the Span port was evaluated as an important criterion when the switching gear was selected. As a counter-terrorism professional, you probably do not want your security strategy to be dependent on a procurement policy that you do not control.

Neverheless, suppose you do switches with the best possible Spanning performance. Dropped packets may still be an issue depending on how much traffic you need to send through the Span port. If you need to see all of the traffic on a full-duplex 1 Gigabit link, a 1 Gigabit Span port will not do the job. Full duplex link traffic exceeds the 1 Gigabit SPAN port capacity when link utilization goes above 50 percent in both directions. To see all the traffic, you need to dedicate a 10 Gigabit port for Spanning, and now the Span port does not seem so inexpensive any more.

However, Span port visibility issues go beyond simply dropping packets. Being switch technology, Span ports by their very nature are not transparent for layer 1 and layer 2 information: for example, they drop undersized and oversized packets, and packets with CRC errors. They typically remove VLAN tags, too.

In addition, Span ports do not reserve the packet timing of the original traffic, or in some cases even the packet order. This type of information can be critical for detecting certain types of network attacks such as network worms and viruses, and for some behavior-based packet classification algorithms. For example, network consultant Betty DuBois observed, “[Regarding] losing the VLAN tag information when Spanning, if there is an issue with ISL or 802.1q, how will I ever know with a Span port?” ( http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html )

Problem # 2: The Need for Switch Configuration
Another issue with using Span ports in a counter-terrorism application is the very fact that the switch needs to be configured to send specific traffic to the Span port. This fact leads to a host of complications:

  • The configuration may not be done correctly. “If the switch owner mistakenly or intentally configures the span port to not show all the traffic it should, you may or may not discover the misconfiguration.” I have seen this happen countless times, “said Richard Bejtlich, the highly respected author of The Tao of Network Security Monitoring. ( http://www.governmentsecurity.org/All/Why_Network_Taps )
  • Sharing the Span port. A switch typically supports only one or two Span ports, and the network administrator or someone else may need to use “your” Span port for one reason or another. They may or may not tell you when the span traffic profile is changed for their needs. IT Manager Bob Huber recalled, “Span was a huge issue we deal with on the IDS team where I used to work. We had constant issues with the Span going up and down. priority to the limited number of Span ports available. Hoping they remember to reconfigure your Span port was a waste of time. ”
  • Switch configuration may not be available when you need it. If you need to change the profile of the traffic you are Spanning, or change it back after someone else used the port, it may not be easy to get the switch owner's time to do it. In larger organizations, you may also need to get the change authorized through Change Control Board, and then wait for a maintenance window to get it implemented.
  • Changes to the network switches for other reasons can affect the Span traffic. Networks are constantly being reconfigured to optimize applications or support new requirements. If the counter-terrorism monitoring solution depends on Span ports, it is vulnerable to changes (planned or surprises) any time the network is reconfigured for any reason.
  • Switch configuration itself is a security vulnerability. In any counter-terrorism activity, the network's security is of course paramount. Switches are a highly vulnerable network point, and the ability to reconfigure them must be tightly controlled. Does it make sense to require switch reconfiguration as part of the counter-terrorism monitoring solution, when reconfiguring a switch can accidently or certainly seize or bring down the network?

If you have any doubt that Span port misconfiguration can be an issue, take a look at this note in the Cisco Catalyst 6500 Series documentation: “Connectivity issues because of the misconfiguration of Span ports occur frequently in CatOS … Be very careful of the port that you choose as a span destination. ”

Problem # 3: Vulnerability to Attack
Span ports are typically configured for uni-directional traffic, restricted to transmitting traffic to the monitoring device. However, in some cases they can receive traffic as well (a feature Cisco calls ingress traffic forwarding), in order to enable management of the monitoring device over the same switch port and monitoring device NIC as the mirror traffic. When this configuration is used, the span port becomes an open ingress port to the switch, creating a serious security vulnerability. Therefore, this configuration should be avoided as a best practice. If for some reason it becomes necessary to use this configuration, you should at least lock the span port to the monitoring tool's MAC address if possible, so an unauthorized user will not be able to plug a laptop into the connection and hack the switch.

Problem # 4: Not Passive
A final important consideration when using Span ports for counter-terrorism monitoring access is that Span ports are not passive: They can affect the performance of the switch's other ports. For example, Gerald Combs, the father of Wireshark, warns, “Some switch families (eg, the Cisco 3500 series) do not set a lower priority on span traffic, and will slow down the backplane in order to deliver packets to a span port. ” This effect violates a primary principal of security and especially forensic monitoring, that monitoring should not affect the traffic being monitored. It may have legal as well as practical implications.

The Tap Alternative
To avoid the problems that Span ports bring to counter-terrorism monitoring applications, security experts like Bejtlich recommend using traffic access ports (Taps) for access to the network traffic. Taps are specifically designed to provide 100 percent traffic visibility without any impact on monitored traffic. Optical Taps for fiber links use optical splitters to divert part of the light from the link to a monitor port, creating a true copy of the link traffic all the way down to layer 1 and layer 2 errors. Taps for copper links perform a similar function electronically. Optical Taps do not use any power at all, while copper Taps include relays which ensure that link traffic continues to low even when the Tap loses power. Taps avoid all of the pitfalls of Span ports in counter-terrorism applications:

  • Taps send the monitoring tool an exact copy of the link traffic, including layer 1 and layer 2 errors and malformed packets, no matter how busy the link is. They never drop packs.
  • Taps require little or no configuration. Once a Tap is installed in a link, monitoring access to the link traffic is always available, consistently and persistently.
  • Taps are secure. They do not have an IP address so attackers can not see them, and they can not inject traffic into the network under any circumstances. In fact, a Tap actually hides the monitoring tool from the network as well, providing true “stealth” monitoring.
  • Taps are completely passive. They can not affect the link traffic, not even if they lose power.

Tap technology has evolved to offer a range of additional features as well, most of which are not available with Span ports. (Note that some of these features require a trade-off with the previously mentioned characteristics.)

  • Regeneration Taps produce multiple copies of the link traffic so multiple tools and multiple users can view the same traffic simultaniously. Your counter-terrorism monitoring device does not need to give up access when the network administrator needs to put an additional protocol analyzer onto the link.
  • Aggregator Taps combine the traffic from both directions of full-duplex links and from multiple links and sends it to a single NIC on the monitoring tool. No packets are dropped as long as the aggregated traffic does not exceed the monitor port bandwidth.
  • Active Response Taps permit monitoring tools to send response packets such as TCP resets, ICMP messages, and ACL changes into the tapped link. This feature can be used by an IDS to take action when certain types of intrusions are detected. (Active Response Taps are an exception to the Tap “one direction only” traffic rule.)
  • iTaps provide a remote management interface and basic monitoring data about link traffic, such as packet counts and utilization levels. (Remote management interfaces require IP addresses, but they are secured with passwords, SSH, HTTPS, and other measures.)
  • Media Conversion refers to Taps that support different media types on their network and monitor ports. Many Taps have pluggable SFP or XFP ports enabling different media types to be accommodated simply by plugging in different transceiver types. Some Taps even perform 10 Gigabit to 1 Gigabit and 1 Gigabit to 10 Gigabit data rate conversion as well.
  • Filter Taps enable mirrored traffic to be restricted to particular protocols, source and destination IP addresses, VLANs, ports, and other criteria, making it easier to isolate or troubleshoot issues, and relieving monitoring tools from wasting valuable processing cycles on pre-filtering traffic. For example, the Net Optics Director Data Monitoring Switch supports filtering as well as regeneration, aggregation, remote management, and media conversion, all in a single device.
  • Bypass Switches create fail-safe access ports for in-line devices such as intrusion prevention systems and firewalls.

The wide range of Tap devices available today enable appropriate monitoring access to be built into all parts of the network architecture, at the edges, distribution, LAN, and core. Such a Monitoring Access Platform (MAP) does not depend on Span ports for strategic information access, but in fact frees up the Span ports for tactical monitoring access when special needs arise. Permanent and ongoing counter-terrorism monitoring can rely on a tap-based MAP for consistent, persistent and secure monitoring access, immune to the vagaries of day-to-day network administration and management.

Conclusion
Monitoring is an essential building block of Bejtlich's “defensible network architecture,” the first of seven key characteristics: monitored, inventoried, controlled, claimed, minimized, assessed, and current.

Utilizing Span ports for counter-terrorism monitoring access is placing that building block on a weak foundation, subject to packet loss, misconfiguration, and intrusion. A Monitoring Access Platform, based on Tap technology and integrated within the network architecture, is an alternate access approach that provides a solid base on which to build your network's security and counter-terrorism applications.

How Digital Forensic Services Help Companies

It's no secret that computer-facilitated crime, or “cybercrime,” is one of the major problems in today's business world. However, many businesses are unaware of both their vulnerability to cybercrime and the steps they can take to minimize their exposure to such malicious acts by outsiders. This short article will explore some areas of concern that…

It's no secret that computer-facilitated crime, or “cybercrime,” is one of the major problems in today's business world. However, many businesses are unaware of both their vulnerability to cybercrime and the steps they can take to minimize their exposure to such malicious acts by outsiders. This short article will explore some areas of concern that can be addressed by hiring a Digital Forensic Services (DFS) firm.

Having a network that is well-protected against both external and internal disruption should be a goal of every business. Hiring an experienced DFS firm, one that has seen “all the tricks” used by those that would attack a business network, is an ideal way to implement and maintain a high level of network security.

All DFS firms can conduct a wide variety of simulated computer attacks against a network to determine that network's security level. Once an attack has occurred, a DFS company is often able to “backtrack” to the attack source by using resources such as system logs and Internet Service Provider traffic records.

A secure computer network is vital in the protection of intellectual property such as original research and prototypes of software applications. An evaluation by a DFS firm can help provide the level of security appropriate to any business operations.

It is common for an intruder to leave behind files or malicious programs that will attempt to associate a business with unsavory business practices. This is often done in order to “sabotage” a business's reputation with its suppliers and / or clients. In such instances a DFS firm will often be able to pinpoint the date and circumstances under which such events occurred and demonstrate that an outside entity was responsible for its presence on the victim's computer system.

One of the basic “rules” of digital information technology can be summarized as follows: “Given enough computers, and enough time, someone will eventually do something stupid and crash the computer that contains the data most essential to normal business operations.” A DFS company can usually recover such data within a few days and, more importantly, how to take steps to prevent similar instances in the future.

Many hackers are members of criminal elements that operate purely to profit from stolen business data. Many of these elements recognize that there is little likelihood that they will face criminal prosecution simply because evidence of their crimes that would be “left behind” would not stand up in court. Since most established DFS firms meet or exceed the most stringent federal standards recommendations, they will provide services which techniques will satisfy all legal requirements related to the processing of evidence.

Forensics For Technology – What Is It?

Forensics technology has become a broad field of investigation that reflects to the scientific evidence used in criminal cases. This physical evidence is comprised of scientific collection, and its analysis. There are many new aspects of this type of technology geared towards evidence or establishing facts to be used in civil or criminal proceedings. One…

Forensics technology has become a broad field of investigation that reflects to the scientific evidence used in criminal cases. This physical evidence is comprised of scientific collection, and its analysis. There are many new aspects of this type of technology geared towards evidence or establishing facts to be used in civil or criminal proceedings.

One of the technical areas that have much to offer is digital software. Criminals and terrorists have the opportunity to use a wide variety of electronic devices in their crimes. As crimes with a digital component are on the increase, it is necessary for law enforcement to have the equipment to counter these crimes. Digital forensic software has the capacity to recover data from a computer that has been reformatted or repartitioned

Other applicable software programs:

• A program capable of wiping a hard drive clean
• A spy type of software can locate hidden partitions, plus, quickly process large hard drives, and more.
• Images can be compresses into “flat” images from floppy disks for analysis
• A “partition manager” that examines all partitions on a hard drive and can switch them around or even hide them
• A new write blocker program protects computer information more effectively than past programs

The science which interprets image content is forensic image analysis. Several companies have produced efficient equipment that cut cost and speed up investigations. The equipment is designed to do comparison photography, analysis the content, photogrammetry (using photographs to make measurements) and to authenticate the image. Through a variety of techniques, mega data, pixel aspect ratios, and errors are utilized to extract information from video, photographs and animations. This is effective even when an individual has attempted to clock the evidence.

One of the newer tools is video forensics, which is primarily the scientific examination and evaluation of multimedia evidence in legal matters. The goal of this technology is to produce an accurate picture of evidence for a judge and jury to help determine the verdicts in a civil or criminal case. In addition, this technology uses processing techniques to enhance video footage, refine grainy photographs, and to enhance a particular person or an object in a video footage, plus it converts digital video into specific formats for forensic analysis. This type of work is important in resolving cases for law enforcement, security, surveillance and even military operations.

Data recovery is a process used for legal purposes to retrieve data from computers. It is much more difficult to erase all the information from a computer than most people realize. The purpose of data recovery is to retrieve lost or deleted information. The mined data is done using a process of collection, analysis, and then preservation. With the successful completion of these steps the computer expert will have the lost data to present to the court. This technology may be used in civil or criminal proceedings to provide evidence for the court.

If forensic describes evidence that can be used in court, then it also must cover the technology and science necessary to provide this evidence. A forensic investigation is conducted in a lawful manner, establishing facts and evidences that have been thoroughly examined, keeping in mind the chain of custody, to be presented in a courtroom. Subdivisions that exist under this area of ​​investigation are firewall forensics, database forensics and mobile device forensics.

Diablo III Hacked And Blizzards Security System

Last month, the gaming giant Blizzard Entertainment, had their security system breached. Hackers had their eyes set on the company's new game that just launched, Diablo III. Users of the game Diablo III have had many of their online valuables wrongfully stolen from them. Some of the valuables consist of online currency and precious hard…

Last month, the gaming giant Blizzard Entertainment, had their security system breached. Hackers had their eyes set on the company's new game that just launched, Diablo III. Users of the game Diablo III have had many of their online valuables wrongfully stolen from them. Some of the valuables consist of online currency and precious hard to obtain gear. These may not seem like much, but as a gamer, one would know that all this equates to time consuming efforts in making one's character stronger and better, which is part of the rewarding gaming experience. Hackers often targeted items like the user's online currency and gear because this could easily transfer to either the hacker's own Diablo III account or sold to anyone who wished to purchase them. The game itself had had a lot of issues while launching, such as several launch issues, server downtime, securing their systems, and much more.

Blizzard Entertainment does offer a service called Blizzard Authenticator. However, this system of authenticating users is flawed. The authenticator, the Battle.net Mobile Authenticator app or the Battle.net Authenticator, is not adopted and used by most users. Blizzard states that, “… in all of the individual Diablo III related cases we've investigated, none have occurred after a physical battle.net authenticator or battle.net mobile authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account. ” Although Blizzard states the above, some Diablo gamers say they have had their accounts hacked while they have implemented Blizzard's Authenticator. The Authenticator is a 2 factor authentication security system but is not the best form of 2 factor authentication that is available out in the market.

The Battle.net Authenticator uses an authenticator's identity to verify the validity and a user's login credentials. This is essentially a two factor authenticating security system that Blizzard has implemented, with one factor being the user's credentials and the second factor being the password on the mobile authenticator app or the actual battle.net authenticator which validates the user and authorizes him / her to access their online account.

The most successful game launch, Diablo III, selling over 10 million copies since the product launched, has generated over $ 500 million in sales revenue for the company. This staggering amount of revenue brings the attention to many, which some wonders whether if Blizzard will give back to the gaming community. There are some users that are hesitant in purchasing Diablo III because of the data breach that has occurred recently. Many gamers do not want to see all their hard earned work one day just disappear just because of the lack of proper security that Blizzard possess when handling users' accounts. Blizzard does have a way of helping out Diablo III users in recovering their accounts by restoring their account to an earlier point in which they can continue from a point prior to the hacking. Not until the hacking has occurred, most users were unaware that the authentic service was available to them.

Despite having said that users who subscribed to Blizzard's Authenticator have not been hacked, there are copious amounts of Diablo III users voting on forums that they have been hacked. The Battle.net Authenticator and the Mobile Authenticator app are flawed in a couple of different ways. The way the authenticator works is by generating a password every 30 seconds. This is fine but the problem is that there is a section where you can enter in a previous password anywhere from 2 to 6 minutes. “Man in the Middle” attacks can easily use this loop hole in order to gain access to Diablo III user accounts. Once permitted to these accounts, the hackers can steal and pawn off the user's hard earned goods. The other main problem with Blizzard's Authenticator is that the one time password that they send out, are in fact not a true OTP (One Time Password). The authenticating security system uses a time based interval system which uses an algorithm that can be easily hacked because the server is on the same network and not an out of band authentication network. With an out of band authentication network, the one time password sent would be less likely compromised.

Blizzard has an abundance of users and should consider beefing up their security system, especially when the company is expected generate $ 4,500,000,000. Allocating a fraction of this enormous amount of revenue would only keep their customers happy and willing to continue playing as much as they do. Blizzard should be looking into two factor authentication with the added layer of protection, out of band authentication network.

Supervisory Control and Data Acquisition (SCADA) System to Control Industrial Processes

SCADA typically refers to computer based industrial control system which basically aids to monitor and control facility based industrial processes and infrastructure. Here industrial processes include production, power generation and manufacturing in a repetitive or continuous batch and infrastructure including treatment of wastewater, water distribution and treatment. Infrastructure processes could be private or public. SCADA…

SCADA typically refers to computer based industrial control system which basically aids to monitor and control facility based industrial processes and infrastructure. Here industrial processes include production, power generation and manufacturing in a repetitive or continuous batch and infrastructure including treatment of wastewater, water distribution and treatment. Infrastructure processes could be private or public.

SCADA basically works as a centralized controlling and monitoring system for the entire project area or sites. It is practically used in gas refining, power plants, telecommunications, water and waste control systems and transportation. SCADA system includes software and hardware components. This process requires SCADA software installed in a PC where hardware aids to gather and feed data into the computer. Data processing unit of the computer then processes the collected data of the SCADA system in a timely manner. SCADA also keeps records of all events as a stored file on the PC memory. By buzzing alarms SCADA gives warning of the hazardous condition of processes.

SCADA controls and monitors a process in a loop system. As an example- in an industrial process there is a PLC system to monitor and control discharge, pressure and temperature of steam flow through a pipeline. These parameters bear a significant effect on production. That is why it becomes necessary to control these parameters perfectly to have better production with minimum cost. So the significance of controlling industrial process parameters has become clear to us. Now, the value of discharge, pressure and temperature can be controlled manually by putting required values ​​by an operator. In that case SCADA aids to control the total loop system of the steam flow process. The same thing happens after any chemical plant, and here SCADA plays a great role to overcome the critical situation with pressure and temperature control systems. To produce sulfuric acid, it is necessary to control the temperature and pressure of the process accurately. To do it easily and easily SCADA loop control system becomes necessary in that production process.

Data acquisition starts at the PLC level with all readings of pressure, temperature and flow status reports which are communicated to SCADA. The system then compiles the data and allows an operator to monitor position to take necessary supervision decision. The data acquisition system allows an operator to override or adjust PLC controls.

Finally, it can be said that SCADA reflects to the wide range of implementation of distributed database. SCADA systems bear significant importance in the field of water supplies, electric grids and pipelines.

Tokenization, the PCI DSS and the Number One Threat to Your Organization’s Data

I was recently sent a whitepaper by a colleague of mine which covered the subject of tokenization. It took a belligient tone regarding the PCI DSS and the PCI Security Councils views of Tokenization, which is understandable in context – the vendors involved with the whitepaper are fighting their corner and believe passionately that tokenization…

I was recently sent a whitepaper by a colleague of mine which covered the subject of tokenization. It took a belligient tone regarding the PCI DSS and the PCI Security Councils views of Tokenization, which is understandable in context – the vendors involved with the whitepaper are fighting their corner and believe passionately that tokenization is a great solution to the problem of how best to protect cardholder data.

To summarize the message of the whitepaper, the authors were attacking the PCI Security Standards Council because the Council's' Information Supplement covering PCI DSS Tokenization Guidelines' document was specifically positioned as' for guidance only 'and explicitly stated that it did not' replace or supersede requirements in the PCI DSS '.

The whitepaper also quoted a PCI Security Standards Council Press Release on the subject of Tokenization where Bob Russo, the General Manager of the PCI SSC had stated that tokenization should be implemented as an additional PCI DSS 'layer'. The tokenization whitepaper took issue with this, the argument being that tokenization should be sanctioned as an alternative to encryption rather than yet another layer of protection that a Merchant could optionally implement.

The unfortunate reality is that Bob Russo runs the PCI Standards Security Council and it is them who define the PCI DSS, not any vendors of specific security point-products. Also, where I would say the statement above is completely wrong is where they say 'It's not about layering' because the PCI DSS – and best practice in security in general – is absolutely all about layering!

The reason why the PCI DSS is often seen as overly prescriptive and over-bearing in its demands for so much security process is that card data theft still happens on a daily basis. What's more pertinent is that while card date theft can be the result of clever hackers, or polymorphous malware, or cross-site scripting or even card skimming using fake PEDs.

The number one Card data theft threat remains consistent – complacency about security .

In other words, corners are being cut in security – a lack of vigilance and more often than not, silly, basic mistakes being made in security procedures.

So what is the solution? Tokenization will not help if it gets switched off, or if it has a conflict with a windows patch or if it gets targeted by malware, or simply bypassed by a card skimming Trojan – also it will not protect against a malicious or unintentional internal break. Tokenization also will not help protect cardholder data if the Card Swipe or PED (PIN Entry Device in Europe) gets hacked, or if a card number gets written down or recorded at a call center.

In summary – Tokenization is undeniably a good security measure for protecting cardholder data, but it does not remove the need to implement all PCI DSS measures. 'There has never been and there still is NO SILVER BULLET when it comes to security.

In fact the only sensible solution to card data theft is layered security, operated with stringent checks and balances at all times. What PCI Merchants need now and will continue to need in the future is quality, proven PCI solutions from a specialist with a long track record in practicing the Art of Layered Security, combining multiple security risks to protect from external and internal threats, combining such things as good change management, file integrity monitoring with SIEM for example to provide the necessary vigilance essential for tight data protection security.

Tips From Reputable SEO Companies

The best SEO companies provide e-marketing services. These firms train online businesses specifically small-scale proprietors to sell their merchandise in a highly cost effective way to intended customers. One critical function of this provider is to build and sustain traffic to websites to get customers or obtain email addresses and build an inventory of prospects.…

The best SEO companies provide e-marketing services. These firms train online businesses specifically small-scale proprietors to sell their merchandise in a highly cost effective way to intended customers. One critical function of this provider is to build and sustain traffic to websites to get customers or obtain email addresses and build an inventory of prospects.

This online enterprise that has acquainted the expertise canpart to enthusiast entrepreneurs the requirements to thrive in the business. There are some guidelines that the reliable online expert would like to share with website owners:

• The major objective of a website used for business ventures must always be to build up conversion and not merely website traffic. The ultimate aim is acquire more traffic that could be converted into income. The volume does not guarantee the success of the enterprise. A good number of daily visitors should be persuaded to buy from you. This decides the profitability of your initiatives.

• Website owners should be capable of classifying the types of visitors with the help of the best SEO companies. There are aggressive visitors who know the requirements and what they want from websites. There are methodical clients who will require many details and find time to assess these before opting to buy from you. Accuracy and logical judgment are relatively important to them. The irresponsible visitors are not so sure about their needs but anything that catches their attention can urge them to buy immediately. This category is easily impressed by website videos, pictures and graphics as well as promotional offers and bonuses. Finally, the social client is often knowledgeable about social networking and are inclined to check with a lot of friends and associated before deciding to purchase any merchandise. These people are brand and product-conscious.

• Website owners should consult expert about the attitudes and characteristics of visitors. This will enable them to highlight the principal features and benefits of their goods and services. These business managers must be able to make use of techniques that can induce the shrewd or careful customer to buy from them.

• Social networking is critical to websites. This unique concept is a big help to the marketing efforts of online entrepreneurs. A social bookmark is valuable although the bookmark appears on a freely accessible social media site. Other people can perceive the bookmark and be exposed to the content of the website. As a bookmark obtains more views, its importance in the social site is enhanced and will drive more and more users to your site. The aim here is to have one of the bookmarked pages emerge on the homepage of a social site.

Before anything else, the website developer should work together with the best SEO companies to craft attention-grabbing, quality and unique content that will entice more visitors and hep in positioning the website in premier search engines.

10 Tips for Conducting a Preliminary Online Private Investigation

In the past, private investigators and attorneys spent a great deal of their investigative time in the field. Traditional methods of gathering evidence invve interviewing witnesses, friends, family members and acquaints, examining crime scenes, taking photographs, conducting undercover surveillance and visiting libraries and dingy storage rooms to hunt down dusty records. While there is certainly…

In the past, private investigators and attorneys spent a great deal of their investigative time in the field. Traditional methods of gathering evidence invve interviewing witnesses, friends, family members and acquaints, examining crime scenes, taking photographs, conducting undercover surveillance and visiting libraries and dingy storage rooms to hunt down dusty records.

While there is certainly no substitute for hiring a professional to spend time gathering physical evidence in the field, today an important part of an investigation can be preliminarily agreed with nothing more than a telephone, reliable laptop and an Internet connection. Conducting thorough and successful preliminary online investigations can generate substantial value before ever setting foot in the field.

Here are some tips for conducting an effective preliminary online private investigation to gather background information about a subject:

  1. Take detailed notes. Do not rely on your memory to keep track of the thousands of pieces of data that you will encounter. Write down all the searches you have run and catalog all the relevant results.
  2. Start with the major search engines. Google, Yahoo, Bing and other free Internet search engines are always the best place to begin gathering leads for your preliminary investigation. However, remember to try using a variety of search strings to broaden or narrow your search. For example, searching for “John Smith” is going to be too broad, but searching for “John Albert Smith, owner of a Brooklyn construction company” may be too narrow. By constantly applying a variety of flexible search terms, you will ensure that you do not accidently exclude potential potentially valuable results. Also, if you locate a target's e-mail address, make sure to search for it in quotes. Such a search may reveal blog comments or other relevant information.
  3. Maps: GoogleMaps and Mapquest offer satellite and street views of relevant address locations. Getting directions to and from relevant locations may also suggest frequent routes of travel worth exploring.
  4. Social Media sites: Today, many people will openly reveal a treasure trove of information about themselves on social networking sites without even realizing it. Even a basic profile on Facebook or LinkedIn can contain valuable information about where the person you are searching for is currently working and where they went to high school or college. Once you have identified a target's profile on a social media site, expand your search efforts to catalog their family, friends, contacts and those who are associated with in photographs.
  5. Property records: Once you have located a physical street address of interest, you will want to find out who owns it. Many local governments offer free building and property search records online, and third-party sites Zillow.com and BlockShopper.com are freely offer a tremendous amount of data including photographs, estimated property values, square footage, property taxes paid, as well as neighbor's names .
  6. Websites / Domain Names: If you are investigating a target that may own a domain name or website, there is a rich amount of data that can be collected from analyzing the history of those sites. For example, “Whois” information, IP addresses and source code can reveal a great deal about who is actually operating a website or domain name. Additional information about a company can be attained by conducting a domain search on a website like DomainTools.com. DomainTools provides detailed registration information for a website, a related mailing address, information about past versions of a website, and other related contact information.
  7. Online telephone directories : A reverse phone lookup can be used to find name and address information about a phone number. Intelius-powered public records searches can return useful information about a person. For example, a search of a name will give you information about the person's age as well as names of potential relatives. For more detailed information, one can buy a specialized report from Intelius for a fee.
  8. Pick up the telephone: Various telephonic methods exist for finding the owner of a business or other related information. Such methods could be as simple as placing a telephone call to the business itself, contacting its licensing or regulatory agency, or searching various other online sources.
  9. Obituaries: Often a target's name will appear in obituaries about a declined relative. Obituaries usually list a variety of information about the decedent including dates of birth and death, last known address, identities of their next of kin, as well as educational and employment history.
  10. Criminal Records and Lawsuits: There are several paid services online where you can find out details of a target's criminal records and civil lawsuits. Keep in mind that in most cases, so-called “free” sites are simply marketing tricks to get you to pay for the information you need. However, sites such as PeopleFinders.com offer some limited information for free. Justia.com offers a service to look for records of recent civil litigations.

By investing time and effort conducting a thorough preliminary online investigation, you can focus your efforts on the right target.

Computer Forensics, Computer Crimes, and Data Recovery

Computer Forensics Computer forensics is the science of obtaining information from computers and digital media. This information is usually intended to be used as legal evidence. The aim of the computer forensic analyst is twofold. First, he or she must retrieve data from the computer discs and other digital media in question. Then the data…

Computer Forensics

Computer forensics is the science of obtaining information from computers and digital media. This information is usually intended to be used as legal evidence. The aim of the computer forensic analyst is twofold. First, he or she must retrieve data from the computer discs and other digital media in question. Then the data must be stored. It must be stored in a manner that is safe and that allows the analyst to affirm that it was found on the original device. A computer forensics specialist must be expert in both the technology of data recovery and the legal aspects of evidence handling.

Computer Crimes

Computer forensics is a relatively new science. Before the 1980s, there were no personal computers and therefore no computer crimes. Now computers figure in a wide variety of illegal activity, both directly and in the form of an information storage medium.

There are some crimes in which computers are directly involved. One of these is hacking into corporate and government websites. Hackers may try to obtain information like customer's credit card or bank account information. They may try to embarrass government agencies and prevent the access of citizens by shutting down websites or posting false information. Another crime is that of abuse in chat rooms and social media sites. This may take the form of bullying, encouraging others to attack a person or spreading false information about someone to damage their reputation.

In other crimes, the computer is not used in committing the crime itself. It is used to store information that may be used as evidence of the crime. This may include journals of criminal activity, spread sheets with financial information or emails.

Another category of computer crime might be considered to be one in which the computer is not absolutely necessary for the crime, but makes it much easier and more likely to be committed. Crimes of this nature may include storing child pornography or trying to soliciting meetings with minors.

Data Recovery Techniques

The main mission of the computer analyst is data recovery. There are several techniques that might be used:

Live Recovery – If the computer is located while it is still running, or is shut down but operational, live recovery may be used. This may involve searching the hard drive of the computer using the installed operating system or third-party software.

Deleted File Recovery – Many people do not realize that when files are deleted from a computer, they are actually removed from the hard drive. When the delete function is used, all this does is remove the file's location from the computer's file location list. Software is available to recover these files in most cases. Even if the hard drive has been erased, the data is often still there.

Steganography – This is an interesting method of hiding data in which the information is mixed into an image. The data may also be intermixed with the coding of a computer file.

Computer forensics is a fascinating science. Its practitioners must be part computer expert, part evidence handling specialist and part detective.