October

October 31^st

Always keep an eye on your handheld devices in public places

• Snatching, burglary and leaving devices in public places, etc., comes under the physical loss or theft of handheld devices. It is necessary to keep an eye on handheld devices in public places as there will be private information on the device for eg., credit card numbers, passwords, etc.,
• Keeping the notebook and notebook bag available at hand at any given moment is a good idea. Always keep an eye on your handheld devices in public places.
• If it happens to keep the device away from you, be confident to place it in a safe location. For example, if you leave your laptop, PDA (Personal Digital Assistant) or mobile in car, don’t place it on the rear seat of vehicle, instead put it a box and close it.

October 30^th

Use strong PINs and change regularly in your mobile devices

• In order to access your computer at work, a password is needed.
• A smart phone should not be treated any different. Most phones also have a pin to access them.
• By default the company will offers you four-digit PIN for securing the mobile devices.
• But you cant tell the mobile devices is totally secure because the some of these devices use an incremental timer to prevent brute-force
• PIN cracks.
• For example, after the first time the PIN is entered incorrectly, there’s a one-second delay before the user can try the password again . After the second attempt, there’s a two-second delay.
• After the third attempt, there’s a four-second delay. The delay time doubles after every incorrect guess. This makes it very difficult for someone to enter 10,000 possible PIN numbers in a brute-force crack attack.
• So it is recomended to change your PIN number regularly.

October 29^th

Always update your wireless devices with latest patches

• Before connecting the wireless devices to the network it is better to install the personal firewall and Anti-virus software.
• After installing the personal firewall and anti-virus software update both the protection applications with the latest patches.
• Combining these two pieces of security protection ,will reduce the risks of your PC being infiltrated by hackers and malicious software.
• It is also essential to maintain your operating system by downloading and installing patches for known security vulnerabilities.
• So it is recomended to always update your wireless devices with latest patches.

October 28^th

Use desktop firewalls when using wireless networks

• Hacking is one of the most common threats to a network. Inorder to avoid attacks from hackers, intruders and unauthorized users, you need to install and configure a firewall software or hardware in your computer network and in your gateway computer
• A firewall is either a piece of hardware or software which is used to block outsiders from accessing a network
• Firewalls are an essential part of Wireless Network Security.
• It is used for controlling the traffic
• The firewall you choose should be based primarily on the level of needed security, budget, reliability and the potential need to expand the wireless network.
• The highest level of wireless security is a dedicated desktop firewall device such as a computer with a combination of proxy firewall and full packet filtering.

October 27^th

Keep individual policy and follow the same to avoid security attacks on your PC

October 26^th

Turn off wireless networks when not in use

If you are not using wireless network it is always recommended to turn off wi-fi connection. It is the best way to avoid hackers and avoid security issues. So always disable the wi-fi connection when ever you are not using wi-fi network.

October 25^th

Use encryption technology for sensitive data in wireless networks

October 24^th

Avoid dynamic IP address for home Wi-Fi and use static IP addresses

Avoid Dynamic IP address i.e. dynamic addressing called DHCP and used to assign IP address automatically to the devices and connects to w-fi network and allows mobile computers to move easily but it is an advantage to attackers or hackers and can get valid IP address. So disable this option and assign a static IP address on the network.

October 23^rd

Never Auto-Connect to Open Wi-Fi Networks in Public places

Never use Auto-Connect option to open wi-fi networks in public places because ,if you enable this option in your device it detects wi–fi network automatically and opens network which might be unsecured wi-fi network like wireless hotspot, neighbour’s unsecured network and it will not inform you about the network connection. So always recommended to disable the auto connection option or set permission like allow connection once you have been informed and accepted the connection

October 22^nd

Disable SSID broadcasting in Wireless Access point

October 21^st

Enable MAC address filtering on Wi-Fi devices

October 20^th

Access points and routers all use a network name called the SSID. Change default SSID

• When you set-up your wireless router, it comes with a default system identifier (ID) called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). This ID is commonly known as the name of your Wi-Fi network
• Wireless Router manufacturers assign same SSID to all their devices and many studies says that 90% of Wi-Fi users do not bother to change this default setting.
• Though knowing the SSID does not allow a hacker to hacker to break into your Wi-Fi network. It is usually considered by hackers considered by hackers that the person has not taken due precautions to protect their wireless network. Thus these networks are the most common targets of hackers
• These default settings provide a clear-cut message to hackers about unsecured status of your wireless network and your carelessness towards security.
• Hackers are on prowl to catch Wireless networks with default names. These default SSID are first target of hackers
• Inorder to avoid all these problems, “Change the default SSID as soon as you install your wireless router and configure into the WLAN
• This will not offer any effective protection from a hacker, but changing your SSID to anything other than default like “<your –name> Wi-Fi Network”, will separate from normally unprotected networks, and your Wi-Fi Network will not be first choice to be attacked

October 19^th

All wi-fi equipment supports some form of encryption, enable them

• Enable the encryption option in your Wi-Fi equipment inorder to avoid attacks from hackers or attackers
• Encryption technology is used to encrypt all the messages which were sent over the Network.
• So the hackers or attackers cannot access or tamper the information which was traveled over the Network.
• All Wi-Fi devices on your wireless network must share the identical encryption settings

October 18^th

Change default administrator passwords and usernames wireless router(s)

• The Username and Password are required to allow your computer / device to connect to wireless router and get access to the network. All hardware manufacturers usually provide default Usernames and Password combination, when you buy / get and install their Wireless (Wi-Fi) Router or AP.
• You as an alert user are required to change this Usernames and Password combination. It is normally seen that very few people change this Usernames and Password combination.
• Some studies find that over 90% user use their wireless router with Usernames and Password combination set as a default by the manufacturer
• The default Usernames and password combination are available in public domain, these are available to hackers. Further, these are easy available on the internet.
• Hackers can effortlessly break into your Wi-Fi Network by just knowing the brand and model of your Wi-Fi router. Even beyond that hackers can change your Username and password and not only control your wireless connection but deny you the usage of the network itself.
• So inorder to avoid all these problems you must change the Username and Password for your wireless router immediately after the installation and first login.
• Once you type the IP address in your browser window after installing wireless Router, the browser will show a password screen. You need to enter the default username and password till you change the same
• The first login will be the default password, which is also defined in the instruction manual. After this, the setup process starts. In this setup process you will find an option to change your username and password. Using this option, change the Username and Password and do not forget to save the new settings
• Try to use strong password which contains the combination of alphabets, special characters and number. It should be minimum 8 characters length and should be difficult to guess.
• It should not contain your personal information like name, date of birth, credit card number, spouse number…etc. And it should not contain Dictionary words

October 17^th

Evaluate your security settings regularly in your Bluetooth devices

• Most of the devices offer a variety of features, you can adapt them to meet your needs and requirements.
• Some of the features may leave you more vulnerable of being attacked by attackers. So, disable the unnecessary features.
• Regularly examine your security settings and select particular options which you need without putting you at increased risk
• One of the basic Bluetooth Security Mechanism is to the device in “non-discoverable mode”. If the device is in discoverable mode, your device will be visible to other devices and is easy to scan and gather information. The hackers / attackers who access your information can use it for illegal purpose like use your device for making calls, sending SMS messages.
• So inorder to avoid all these problems set your Bluetooth device to “non-discoverable mode” which prevents your device from appearing on list during the Bluetooth device search process.

October 16^th

Always use an eight character alphanumeric PIN (personal identification number) code as the minimum in wireless devices

• To transfer files through Bluetooth some sort of authentication is required. The process of authentication is done during the pairing process by entering identical PIN codes (passkeys) on both the devices
• Use critical PIN (Personal Identification Number) to access your Bluetooth. Always use secure PIN with minimum of eight characters of alphanumeric number. The more the characters the more difficult to crack your password
• Once the Bluetooth users have entered their correct PIN codes, both the devices will generate a link key which is stored in the device’s memory

October 15^th

When pairing Bluetooth for the first time, do so in private at home or in the office and avoid public places

• To transfer files through Bluetooth some sort of authentication is required. The process of authentication is done during the pairing process by entering identical PIN codes (passkeys) on both the devices
• Use critical PIN (Personal Identification Number) to access your Bluetooth. Always use secure PIN with minimum of eight characters of alphanumeric number. The more the characters the more difficult to crack your password
• Once the Bluetooth users have entered their correct PIN codes, both the devices will generate a link key which is stored in the device’s memory
• Avoid public places during pairing Bluetooth for the first time. Do it in private place like in your home or in the office
• Due to some of the weaknesses in the manufacturing of these devices allow malicious hacker to steal the photos, phone books and calendar information or allows the hacker to do phone calls, send SMS messages using one’s mobile.
• This is due to lack of authorization
• Inorder to avoid all these problems use private places for pairing the devices, use strong PIN numbers, and disable Bluetooth connection whenever you are not accessing it. Never accept the unknown connections. Use encryption methods to transfer or receive the information via Bluetooth device.

October 14^th

Be aware with social engineering attacks towards mobile and Bluetooth devices

• Hackers attack Bluetooth enabled mobile users by using Social Engineering techniques. This is due the lack of basic security awareness among phone users and general lack of understanding of Bluetooth technology
• The Hackers / attackers rename their Bluetooth device to hide themselves and establish as a trusted connection with the choice of discovered Bluetooth devices.
• The victim does not know that the person who has sent the request for connection establishment is hacker and accepts the connection
• The feature of Bluetooth is it will allow the other Bluetooth device which has connected to it to retrieve the phonebook, sent SMS messages and Inbox SMS messages
• By using this information the Hackers / attackers will send virus files or business cards via Bluetooth to perform authentication and then they take advantage of the target machine
• The victim is not aware that the device is still connected and active
• Inorder to avoid all these problems "Disable Bluetooth option if it is not used and be careful while using your Bluetooth in public places by not accepting the unnecessary requests".

October 13^th

Disable booting from external media in personal computers

• We can boot the System by using the storage devices like floppy disk, CD or DVD, or even an USB flash media
• So the persons who want to harm your system may reboot your machine by using security cracking tools inserted in the bootable device media and can access to your file system without the need for logging in
• They may reset the administrator password and keep it as blank or they may do Brute-force attack and get your login password
• So inorder to avoid all these problems “Disable all the boot devices” apart from the primary Hard-disk of the system

October 12^th

Disable the automatic downloading of graphics in HTML mail in mobile devices

• In the internet world there are many spammers who send HTML mail with a link of Graphic file.
• This file will track all the mail messages when ever the E-mail client opens their mail account
• When the mail-client downloads the graphic from their web server, the spammers will get the intimation that the particular client has opened the E-mail message
• So inorder to avoid these problems disable HTML mail entirely
• Use encryption methods to transfer or receive the mails

October 11^th

Make sure that all of your Bluetooth connections are configured to require secure connections

• Disable Bluetooth when you are not using it for transferring the information from one device to another inorder to prevent your information from unauthorized access
• Use your Bluetooth device in hidden mode to prevent your device from recognized by other devices
• Be conscious while using your device in public places. Because there may be unknown persons accessing Bluetooth devices. Intentionly strangers may  send Virus files to your device if they  recognized your  device is in “ON” status
• Configure security settings in your device like authentication and encryption, to make sure that the information which was sent by your device or received information is secure and is not tampered by anyone.

October 10^th

Enable encryption when establishing Bluetooth connection to your PC

• Keep BT in the disabled state, enable it only when needed and disable immediately after the intended task is completed.
• Keep the device in non-discoverable (hidden) mode,
• Always enable encryption when establishing BT connection to your PC.
• You can turn on encryption by removing the # in front of 'encrypt enable;' in the file /etc/bluetooth/hcid.conf and restarting Bluetooth.
• If you do not want your Zaurus to be discoverable, in the file /etc/bluetooth/hcid.conf, change 'iscan enable;' to 'iscan disable;' and restart Bluetooth.
• If you do not want anyone to be able to connect to your Zaurus at all via Bluetooth (but still be able to connect from it) then in /etc/bluetooth/hcid.conf change 'pscan enable;' to 'pscan disable;' and restart Bluetooth.

October 09^th

Update your mobile phone firmware to a latest version

• There is a lot of profit of improvement your phone’s firmware. You may get useful enhancements, bug fixes etc. Some issues that you might be having with your phone can be solved with a firmware upgrade.
• Once your mobile has been updated, you will notice all the menu systems are clearer, at liberty, and often faster too. 
• There are also the latest firmwares to date, which will hold improvements on your old firmware.  This often removes any software fault that your phone previously had.

October 08^th

Check list of paired devices in Bluetooth from time to time to ensure there are no unknown devices on the list

• The pairs of devices which set up a bond by creating a common secret link key which is also known as pairing.
• A device that wishes to exchange a few words only with a bonded device can cryptographically authenticate the identity of the other device, and so be sure that it is the same device it previously paired with.
• Once a bond key has been generated, a valid ACL link between the devices may be encrypted so that the data that they switch over over the airwaves is protected against eavesdropping.
• Link keys can be deleted at any time by either device, if done by either device this will implicitly remove the bonding between the devices; so it is possible one of the device to have a link key stored but not be aware that it is no longer bonded to the device associated with the given link key

October 07^th

Reject all unexpected pairing requests for Bluetooth devices

• If your device is affected by the blue bugging then take your device to the authorized dealer for proper identification.
• Initiate pairing and query PIN entry by the user. PIN entry might also be done by an application.
• Use long and hard to guess PIN key when pairing the device
• Reject all surprising pairing requests. Most Bluetooth devices use common identifiers, normally based on their seller name and model type, making classification a bit hard in the presence of many choices.
• The first key exchange is the weakest connection of your total Bluetooth security. And to make things worse, while you can use wired connections to secure your routers, Bluetooth devices must transmit wireless signals, which are receivable by any Bluetooth-capable device within the range.
• The best way to pair devices is to do this in lonely rooms, far from nosy eyes and ears. Most Bluetooth devices have a very short range, so if there are no antennas within a few meters of your location, you should be fine.

October 06^th

Use long and difficult to guess PIN key when pairing the Bluetooth device

• In order to avoid a condition in which an attacker is able to obtain the secret keys of victim devices, it is important to use sufficiently long and sufficiently random PINs. The authors determine that 64 bit PINs should be sufficient enough.
• Using a little like to Certificates can stop Man in the middle attack attacks from incident.
• Building positive that certain devices are not able to change importance will help with Man in the Middle attacks since an attacker will not be able to jam the devices.
• The attacks on the key exchange trust on the attacker being able to detect the signals transmitted by the victim devices.
• The attacks next to the cipher can be avoided by replacing the cipher, e.g., with AES.

• The nearly everyone well-known and basic Bluetooth security method is the user's ability to choose if a device is in "Discoverable" mode (visible to other devices) or "non-discoverable" mode
• Keep Bluetooth in the disabled state, enable it only when required and disable right away after the future task is completed.
• Do not agree to any unknown and unexpected request for pairing your device.
• Use non ordinary patterns as PIN keys while pairing a device. Use those key combinations which are not in order, not understandable on the keypad.
• Keep a check of all paired devices in the past from time to time and delete any unknown paired device which you are not sure about.
• List your device at the manufacturer site and ensure that security updates are installed frequently to protect from threats which had been rectified in new models.
• Always enable encryption when establishing Bluetooth connection to your PC.

• Be careful while downloading applications through MMS, SMS, and Bluetooth as they may contain some harmful software which will affect the mobile PC/ Mobile.
• Keep the Bluetooth connection in an invisible mode unless you need some user to access your mobile or laptop.
• Delete the MMS messages without opening from unknown sources.
• Set PIN code to access your mobiles and enable other security features as per your mobile manual.
• Note the IMEI code of your mobile phone and keep it in a safe place to prevent the access to the stolen mobiles.

• Desktop Firewall provides a superior weapon store of defense against PC penetration by denying unauthorized access by remote hackers and protecting against data theft, denial-of-service attacks, privacy breach, Trojan horses, spyware and more.
• Delivers positive firewall protection with many layers of security that stop inbound, outbound, and program attacks while remaining completely invisible to hackers. The additional OSFirewall prevents spyware, rootkits and kernel-level threats from getting onto your PC.
• TZ personal desktop firewall stops Hackers, Trojans, Spyware, Viruses, and Denial of Service attacks & data thieves. Put a secure barrier between your hard drive & hackers, whether you use a dial -up, and ISDN, DSL & cable connection.
• Integrated desktop firewall and multi-layer intrusion prevention software delivers signature-less, zero-hour protection from known or new spyware, viruses, hacking techniques and other intrusions on Windows desktops and servers.

• A computer virus is a program – a portion of executable code – that has the exclusive ability to repeat
• Floppies are unmoving one of the most common ways viruses are transmitted. If you are using a floppy disk while working on your computer, remove it when you shut the machine off.
• If you don't the computer will without human intervention tries to boot from the floppy when you restart and this can launch any viruses on the disk. Similarly, don't share floppies - even a well-meaning friend may accidentally pass along a virus, Trojan horse, or worm.
• Make your floppies evidently so you know they're yours and don't loan them out - there are other methods of file sharing. In any case, scan floppies before using them.
• You could have easily chosen up a virus from an insecure network and set up it into your system. Running a virus scan before launching any of the programs on the disk will prevent infection.

• If your industry has suffered a virus attack and your network has been compromised, you'll need to act fast in order to prevent the virus from spreading to other computers on your network.
• Once a virus penetrates your security lines it can quickly break through your network, destroying files, corrupting data, rendering applications useless and causing expensive lulls in productivity.
• If you suppose one of your computers has suffered a virus attack, without delay quarantine the computer by physically disconnecting it, as infected machines pose a danger to all other computers connected to the network.
• If you think other computers may be infected, even if they aren't displaying any symptoms, still treat them like they are. It's counter-productive to clean one machine while an infected computer is still connected to the network.
• Once you've actually cut off the computer, focus on removing the malicious code. Use virus removal tools written for the specific virus causing the damage.
• Many of these tools can be found online. In addition, your anti-virus software should have updates or patches available for the specific security threat. If your antivirus software hasn't been updated recently, be sure to do so.