Category Archives: Site Security

Implementing Threats, Risk and Security Audits

People used to close business deals with a handshake.

They looked one another in the eye. Today, more and more transactions are electronic, anonymous and, in too many cases, fraudulent. Any organization that stores or moves important information on an electronic network is putting its information at risk. A criminal on the other side of the world or an apparently loyal employee may have the ability to wreak havoc, by stealing, deleting or exposing confidential information.

The Computer Crime and Security Survey, conducted by the Computer Security Institute and the Federal Bureau of Investigation, indicates almost two-thirds of the large corporations and government agencies it surveyed lost money when their computer security broke down.

The survey noted that 9 out of 10 respondents had computer security breaches during the previous 12 months. Proprietary information worth $170.8 million was stolen from 41 respondents. Fraud cost 40 respondents $115.8 million.

When only 45 per cent of executives in North America said they conduct security audits on their e-commerce systems, (around the world, fewer than 35 per cent had conducted security audits) it becomes obvious that organizations must improve their defenses quickly.

The first step in protecting information assets is a Threat and Risk Assessment (TRA). Without the information it provides, organizations are in danger of fixing only what is broken and ignoring potential hazards. While the specifics of a TRA will be unique at each organization, a common methodology provides a starting point.

The first step is risk assessment, to identify the most important assets and information: threats and vulnerabilities are identified; solutions are proposed and refined; corporate policies are tightened up; roles and responsibilities are assigned; standards and training are developed.

The next step is the creation of a security plan, with its own procedures, budget and implementation timetable. Once those steps are complete, any new architecture can be rolled out and new procedures put in place. At this point, the new system should be tested from the outside for any remaining weak points.

Finally, to maintain system security, security should be audited on a regular basis to keep pace with both internal changes and evolving external threats. The TRA provides the map, but organizations must make the journey. Consulting companies have identified factors that contribute to the success or failure of an IT security project. Senior managers have to support the project and demonstrate their involvement. Otherwise, their staffs will place a higher priority on other activities.

Business and technical experts should both be involved because solutions that overburden the enterprise are not acceptable. Individual business units should be responsible for their own TRA to prevent foot-dragging during implementation and finger-pointing later. Interestingly, one consultant recommended conducting assessments on a department-by-department basis, rather than all at once. The reasoning is that valuable resources can be narrowly focused, and lessons learned can be carried over to subsequent assessments.

The Threat and Risk Assessment is an important tool. Recent reports show not enough organizations are using it.

New keylogger records everything (Page 1 of 2)

Invasion of Privacy has never been easier

Actual Spy is a keylogger. It is designed for the hidden computer monitoring and the monitoring of the computer activity. Actual Spy is capable of catching all keystrokes (key logger), capturing the screen within specified time intervals, logging the programs being run and closed, monitoring the clipboard contents, monitoring the printer, monitoring the file system, recording web sites visited on the Internet, monitoring connections to the Internet, monitoring startup/shutdown. All data is logged in the encrypted log file. Actual Spy can create a report in the text as well as in the html format, and send it on the specified email, via FTP and a local area network. It’s absolutely invisible in all operating systems.

Actual Spy can give you all the information that’s currently being processed on your computer by its users. After putting it through a rigorous test, I came to the conclusion that this program is one of the more in depth keyloggers that you’re going to be using. I was surprised by the amount of information it was capable of storing… honestly.

Inside

The tabbed interface supports a variety of functions that are helpful in identifying exactly what goes on within the computer. The tabs are separated into PC Activity, Internet Activity, Reports, and Settings (there’s an about tab if you’re interested about the product).

The PC Activity tab is separated into seven sections; Keystrokes, Screenshots, Applications, Clipboard, Printer, Files and Computer. The most useful of these will be your Keystrokes, Screenshots and Applications tabs. The keystrokes is the key to the whole program since this is its main function. After recording activity, it gives you information on the time certain keys were recorded, the Windows caption (what program was currently selected), the application path (where to find it) and the user name. It performs quite the feat of recording absolutely anything and everything (including several other Web Browsers that some key loggers don’t support like Maxthon, Firefox and Opera). If you’re wondering what sorts of things are recorded; anything from chat services to emails are on the list. AIM, Yahoo Messenger… anything that requires keystrokes will be recorded. Trust me.

If you get confused at the technicalities of the log files, you can easily take a look at the screenshots that you can also set to record (you can set the specified interval as well). The advantage to this program is that it also lets you see what’s been copied and pasted by recording the clipboard actions.

The Internet Activity tab generally shows you the same information that PC Activity does (as in windows caption, URL and username). This is where you can see the detailed Web sites that were visited. Your Reports tab will give you the option of choosing what sorts of reports you’d like to record (Keystrokes, Screenshots, Files, Computer, Internet Connections, Applications, Clipboard, Websites visited, or printer). You can set the reports in either HTML of text format and assign when a report is due to be created. The last useful program tab is your Settings tab. Here’s where you’ll make sure to see if your log file path is correct, you can even create a password protect hiding option. I thought the cool thing about Actual Spy was that you’re even given the option of encrypting your log files. I mean, that’s pretty hardcore right there. You can set it to start up with your system and automatically set it to autohide (you cannot see the application in your Ctrl-Alt-Del Taskbar). Under the hiding option, you’re able to remove the program’s shortcut from your Desktop and Start Menu… You can even remove it from “Add Remove Programs” as well as hide the program folder… Again, this is pretty intense.

New keylogger records everything (Page 1 of 2)

Invasion of Privacy has never been easier

Actual Spy is a keylogger. It is designed for the hidden computer monitoring and the monitoring of the computer activity. Actual Spy is capable of catching all keystrokes (key logger), capturing the screen within specified time intervals, logging the programs being run and closed, monitoring the clipboard contents, monitoring the printer, monitoring the file system, recording web sites visited on the Internet, monitoring connections to the Internet, monitoring startup/shutdown. All data is logged in the encrypted log file. Actual Spy can create a report in the text as well as in the html format, and send it on the specified email, via FTP and a local area network. It’s absolutely invisible in all operating systems.

Actual Spy can give you all the information that’s currently being processed on your computer by its users. After putting it through a rigorous test, I came to the conclusion that this program is one of the more in depth keyloggers that you’re going to be using. I was surprised by the amount of information it was capable of storing… honestly.

Inside

The tabbed interface supports a variety of functions that are helpful in identifying exactly what goes on within the computer. The tabs are separated into PC Activity, Internet Activity, Reports, and Settings (there’s an about tab if you’re interested about the product).

The PC Activity tab is separated into seven sections; Keystrokes, Screenshots, Applications, Clipboard, Printer, Files and Computer. The most useful of these will be your Keystrokes, Screenshots and Applications tabs. The keystrokes is the key to the whole program since this is its main function. After recording activity, it gives you information on the time certain keys were recorded, the Windows caption (what program was currently selected), the application path (where to find it) and the user name. It performs quite the feat of recording absolutely anything and everything (including several other Web Browsers that some key loggers don’t support like Maxthon, Firefox and Opera). If you’re wondering what sorts of things are recorded; anything from chat services to emails are on the list. AIM, Yahoo Messenger… anything that requires keystrokes will be recorded. Trust me.

If you get confused at the technicalities of the log files, you can easily take a look at the screenshots that you can also set to record (you can set the specified interval as well). The advantage to this program is that it also lets you see what’s been copied and pasted by recording the clipboard actions.

The Internet Activity tab generally shows you the same information that PC Activity does (as in windows caption, URL and username). This is where you can see the detailed Web sites that were visited. Your Reports tab will give you the option of choosing what sorts of reports you’d like to record (Keystrokes, Screenshots, Files, Computer, Internet Connections, Applications, Clipboard, Websites visited, or printer). You can set the reports in either HTML of text format and assign when a report is due to be created. The last useful program tab is your Settings tab. Here’s where you’ll make sure to see if your log file path is correct, you can even create a password protect hiding option. I thought the cool thing about Actual Spy was that you’re even given the option of encrypting your log files. I mean, that’s pretty hardcore right there. You can set it to start up with your system and automatically set it to autohide (you cannot see the application in your Ctrl-Alt-Del Taskbar). Under the hiding option, you’re able to remove the program’s shortcut from your Desktop and Start Menu… You can even remove it from “Add Remove Programs” as well as hide the program folder… Again, this is pretty intense.