Pages

Showing posts with label security tips. Show all posts
Showing posts with label security tips. Show all posts

Sunday, August 31, 2014

How Trustworthy are Mobile Apps or Applications ?



   Have a look at the the permissions being asked by these Andriod Apps. What do you make out of these snapshots? Which App is more secure - not from the point of view of security for the App but security for the user who downloads and uses them. The one on the extreme left(first one) is likely to have more access to your device than the other two. The makers would argue that these permissions are required for the features and functionality of the App. The question here is who will decide how much permission is required and who will guarantee that these permissions would not be abused. The one on the extreme right-bottom is more trustworthy as it requires no special permissions. But how many of us really pay any attention to such details?
    Unlike the applications on a Desktop, with mobile apps it is difficult to find what they are really doing behind the scenes. The situation is compounded by the fact that the mobile devices contain enormous amount of personal, sensitive and financial data. The email apps are always online.The device is always connected to internet in most cases. The passwords and others credentials are just there begging to be stolen away.

   Personally i prefer to use my browser on my mobile to access the various web sites and web applications rather than download an App. Re-entering usernames and passwords every time you access an web application or a website should not bother you if your are worried about safety of your data and online identity.

    Having written what i wanted to convey, i would like to clarify that i am not aware that the above mentioned Apps are untrustworthy in anyway. I just picked them up for an illustration.

Saturday, December 14, 2013

Maintain Online Privacy. How to do that?

   One of the big issues of online activities is to maintain a right balance of information that is voluntarily shared with information that is not shared. However, there is a general agreement or baseline which tells us what is private information. This baseline would contain recommendations like donot share private telephone number; do not share primary email id etc etc.

    This perceived privacy posture may vary from person to person. The privacy settings and features on many sites and applications are provided in a elaborated fashion these days. But these keep changing very often and it is very difficult for a user to keep track and manage them. Therefore what one needs do is follow three simple rules:

    Rule 1: Initially assume everything is private information


    Rule 2: Always share or post only when required and only with few(required)
                  people

    Rule 3: Remove, rename, modify all information that can be traced to you,
                   identify   you  or identify your activities.


This link can be used to directly access the privacy setting features of your favourite  application.            http://adjustyourprivacy.com/

Saturday, September 28, 2013

5 Biggest Challenges in Information Security Management


Based on my past experiences in implementing ISMS as an Information security Manager, I would rate the following as the biggest five challenges

1.  Attitude or the prevailing culture:
The responsibility of implementing and ensuring security automatically qualifies one as  "not so friendly" for computerisation and IT services. The top management(c-level) want you to implement and drive the policies and strategies but general employees who are end users of the various IT assets want minimum barriers and maximum convenience.

You end up sandwiched between both the parties hating you as you are not listening to them. It takes time and considerable effort to change attitude and culture for better cyber security health  although it is worth the effort. Surmounting such attitudes and changing the culture is the biggest challenge.

2. Technology as a solution:
Every medical problem does not have a medicine. Even if there are medicines available, they may not treat you completely. You do not rule out the side effects of the medicines though advances are being made everyday.

Similarly technology alone is not a complete security solution. Just the other day we heard of google getting affected due to  redundant network path failures simultaneously.
The ultimate success and efficacy of any security program will always be due to people, procedures and processes in conjunction with technology.

Most management and end users still perceive technology and products as the magic bullet. Breaking this myth is the next  biggest challenge.

3. Incorrect priorities:
CIA which stands for Confidentiality, Integrity and Availability is not clearly understood. Every functional organisation and every department needs to understand which one element is more important than the other two or one. Giving equal priority to all the three aspects may hamper the work  output and operations and would lead to unnecessary friction. Security professionals need to understand this and should advise accordingly.

4. Under Staffing:
The next biggest challenge is of under staffing. Though the situation in IT per say has improved to some extent, the situation in security remains grim. Senior management needs to appreciate this and provide sufficient staff to overlook information security.

5. Skill Retention:
The last of the five challenges in my opinion is of skill retention or continuity of job for lower level of Information security staff who are actually responsible to translate the policies and decisions into actions.  Insufficient skill and under staffing  not only increase the implementation gaps but also increase the stress level of the IT security staff.

Friday, August 17, 2012

Dangers of Geotagging and Location Aware Services

Every new and wonderful technology feature brings along its share of undesired effects bundled with the effervescent benefits. Geotagging or Geo Tagging is one such feature. To explain Geotagging in simple terms, it is nothing but including geographical information(location data) as tag within a file. These files can be of any type but mostly picture files are geotagged.

Why has geotagging suddenly become so prominent?
Smartphones and cameras with  GPS (Global Positioning System) feature is the norm now-a-days. By default the GPS location data is embedded into all the pictures taken by these devices. In addition you have location aware applications and games and location based social networking sites/platforms. Facebook uses "Update Status" for location update. Foursquare is a game wherein in your location is the integral part of the gaming strategy. There are software available which can add location data to picture and other files if this was not done inherently.

What can be bad about Geotagging and location data?
If you indiscriminately share geotagged pictures, SMSs and other files and update your current location in applications like Facebook then you are revealing too much of your whereabouts to the public at large. You can become a victim of cyberstalking. Burglars can target your house when you tweet that your are away somewhere in the woods enjoying a sunday picnic. In fact your are giving away information about your pattern of movements, place of residence and other such details for free and putting yourself and your family at risk. Kids who share photos and tweet on twitter a lot without giving a thought about the broadcasted location information may land up as victims of serious crimes.

It is important that all of us are aware of the dangers of this feature and know how to adopt the countermeasures. The most important countermeasure is to avoid oversharing. The default configurations which automatically include location data or tags need to be disabled or changed. The specific tips are listed on the SECURITY TIPS page.

Interesting links on the topic :
 http://icanstalku.com  
 http://www.geotagsecurity.com  


Sunday, January 1, 2012

Wireless or WiFi Security

Wireless or WiFi security from a normal users point of view is as important as anything else. With WiFi enabled mobiles, gaming devices the environment becomes much more dangerous. I have listed some useful tips on my "Tips and Tricks" page.

Tuesday, November 22, 2011

Android Smart - Phones Security

Android devices have become so ubiquitous that not acknowledging them would be a sin. These smartphones are nothing but mini computers or rather super computers of a previous era. It would be beneficial if users are aware about the security features available on these phones. I have listed some important security tips, in brief, on the Tips and Tricks page. They are also listed below. Hope they are of help to all.

1. Activate lock screen(‘Settings’ > ‘Location & security’). A pattern style is recommended.
2. Use a good data enryption app.
3. Donot store passwords as passwords in the phone.
4. Deactivate bluetooth when not required.
5. Deactivate WiFi when not required.
6. Deactivate GPS when not required. Do not update GPS location unnecessarily.
7. Turn off bluetooth discovery mode when not required(Settings > Wireless and networks > Bluetooth settings > Discoverable).
8. Install only trusted apps.
9. Ensure that the Browser does not store usernames and passwords.
10. Be careful when using wifi-hotspots.
11. De-activate geo-location feature.
12. Update(Settings > About phone > System updates) and upgrade wherever possible.
13. Use apps like 'Where’s my Droid' to Remote locate the phone in case it is lost.
14. Backup and sync important data(Settings > Privacy > Back up my data).
15. Install a good antivirus app.
15. Customize screenlock screen to display alternate contact information.
16. Consider using a 'Remote Wipe' app for contigencies
17. You can use 'Famigo Sandbox' to provide a safe environment for kids on your phone.
18. Use VPN (Settings > Wireless and networks > VPN settings).
19. Pay attention to tell-tale signs of SPAM.



Monday, October 17, 2011

Useful Security Tips

I am creating a new page to list some  useful "Security Tips". It would list out all important and relevant tips, rather than club them as " Top 5 " or " Top 10 ". Probably i would mark the more relevant ones appropriately later on.