Hackers are to be employed to test the effectiveness of the IT security defences for the House of Commons computer systems.
A three-year IT security contract is up for grabs to conduct internal and external penetration testing on routers, firewalls and critical servers using a range of independent vulnerability assessment techniques. The winning contractor will need to have the CHECK government IT security accreditation and will be required to carry out the tests at least twice a year.
Students and staff at Florida International University (FIU) were warned they are at risk of identity fraud this week after techies discovered hackers had broken into college systems. A file found on a compromised computer showed that an unknown hacker had access to the username and password for 165 computers at the University, sparking a major security alert.
Security researchers have discovered an attack aimed at would-be visitors to Google.com, one that attempts to download malicious programs onto the computers of people who simply mistype the search giant's Web address.
According to security specialist F-Secure, unsuspecting Web surfers may be bombarded with various types of Trojan horse threats, spyware and backdoors when they go to "Googkle.com". The scheme is meant to take advantage of sloppy or hurried typists, given that on qwerty keyboards the letter "k" key sits next to the "l" needed to type "Google."
Every organization understands the importance of using a firewall to protect its assets. But what happens if someone finds a hole in the wall? What if the infiltrator is actually someone from within your organization who wants to access information that he shouldn't? To cover those contingencies, you need an intrusion detection system (IDS) to complement your firewall. Fortunately, with a minimum amount of time and money you can set up an IDS with open source tools such as Snort, Shadow, and ACID.
Auditing your network at the packet level is a practice that is not done very often, if at all. The truth of it is that there are untold riches in all those packets flying about on your LAN. All one has to do is log them, and dig into them. One never knows what they will find.