Understanding SIEM In Network Security

Security Information and Event Management was introduced in 2005 It analyses security alerts in real-time. Fundamentally, SIEM does three things. Alert, normalize and store log events. This includes alerts from servers, databases, devices and endpoints. These are stored in a secured central location. SIEM can collect information from physical and virtual devices that are located both on-site and outside the organization’s network. In this article, I will discuss all that you need to know about SIEM in Network Security.

It is not possible for investigators to investigate all login events. If these investigations are not carried out, you don’t have a guarantee that attackers have not had access to your device. It runs advanced analytics on data, both in real-time and later. This is to identify network security events that should be investigated. The potential events are prioritized by risk, Severity and impact.

Need For SIEM

This advanced security tools can also monitor when applications and users behaved abnormally on the network. They can identify some of the indicators of compromise and apply sophisticated machine learning models.

It also helps in building up all the security vacuum in order to prevent hackers from having access to the network. For many organisations, the primary driver for purchasing SIEM tools has been regulatory compliance.

There was an introduction of standards in many IT organizations. We have the Payment Card Industry (PCI) standard, HIPPA and other regulatory measures as well as GDPR in 2018. Businesses and other organisations ignore compliance at the initial stage but Cyber Attacks become more complicated. That is why IT Security needed holistic data that will allow organisations and security experts to understand the nature of attacks.

Second Generation SIEM

In the second stage of the development of SIEM, it has a direct detection capability. It can now do historical and real-time analytics. It now adopts the use of Entity Behaviour Analytics. Recently, SIEM has also adopted the use of Machine Learning capabilities. This is particularly needed when you are dealing with Big Data. There is also the problem of segregation and integration of users with SIEM in the second generation.

• It was difficult to identify attacks. It also demands a high level of expertise from the users to know what they are looking for.
• SIEM was not about to handle these situations. It was also aggravated by the two other facts.

#1 IT Security suffers from insufficiently qualified professionals.
#2 The SILO Operations mode used in many security organisations also increases the complexities involved in dealing with situations.

This is because some of the networks involve different protocols and vendors which are very difficult to integrate. This also increases the chances of human errors and reduces network security visibilities. This made it difficult for an organization to move data and architecture from an information platform to a threat intelligence centre.

SIEM has internal and external security limitations.

There was a systemic short supply of Network Security Experts. SIEM has the capability of gathering network and traffic information from various devices connected to it. It can also share this new information about network security and threats with other vendors and internal security teams. The Fortinet SIEM Product is named FortiSIEM and it has all the capabilities discussed so far.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Your email is the very first thing people did when the world when online in the 90s. It comes with very little bandwidth because technology allows for very little bandwidth. It was also so easy and inexpensive to send an email compared to the post office. There are some bulk emails that were sent by businesses that are advertising their products and services. In this article, I want to talk about a secured email gateway in networking. Follow me as we will look at that together in this article. 

There are other mass emails that were sent by bad actors. This is also referred to as spam. It is the act of sending irrelevant and unsolicited messages to people without their consent.

Due to the fact that then an individual can send messages with little or no verification processes, it allows the act of sending spam emails to grow. In 1996, America Online coined the term Phishing to describe the act of sending emails purported to be coming from legitimate sources.

Phishing emails are also sent in order to trick individuals to reveal personal information. They can use the names of characters in your organization.

They can also purchase domain names that are similar to legitimate emails. They can trick you to click a link in the mail that contains malware. They always capitalized on the user’s naivety, carelessness or distractions. There is a need for businesses to educate their employees about phishing tactics.

While educating them may reduce phishing activities, it does not eliminate the threat. That is why something has to be done on the remote server and ISP level to stop phishing. Businesses and ISPs were mandated to stop spam emails.

They do this by identifying specific words in the header or body of messages. For example, the word cash is common in spam. The email server will block any email that contains the word Cash from being delivered.

ISP AND SPAM EMAIL

The ISPs also make use of spam filtering in order to stop spam emails. The ISP begin to implement filtering based on protocols being used. This led to the introduction of SPF. Sender Policy Framework (SPF) hardens your DNS servers and restricts who can send emails from your domain. SPF can prevent domain spoofing. It enables your mail server to determine when a message came from the domain that it uses.

SPF was later proposed as a standard in 2014. With every good measure introduced by ISP, the bad actors always introduce a countermeasure as well. Hackers for example can bypass authentication by using C@sh instead of Cash. Spamming and Phishing seem to be too lucrative for bad actors to give up easily. It was observed the number of phishing attacks has gone up astronomically. Phishing is so lucrative and it has cost over 500Million Dollars in damages to businesses.

During the first quarter of 2020, the Anti Phishing Working Group had 165,772 bad phishing sites. That is why a better defence is needed.

Anti-virus scanners were added to secure email gateway capabilities. Sandboxing and Threat Emulation. Even if employee education and spam filters fail, one of the new additions could detect and neutralize attacks. However, there are still cases of false positives during analysis.

This overwhelms the security team. Email security gateway has continued to evolve as threats evolve. Today, greater automation and Machine Learning have been added to secured email gateway, with little demand placed on Information Security Centres.

Data Loss Prevention is also available to detect and stop all the egress information that should not go out. Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network.

The term describes software products that help a network administrator control the data that users can transfer. DLP products use business rules to classify and protect confidential and critical information so that unauthorized users cannot accidentally or maliciously share data, which would put the organization at risk.

For example, if an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission. Fortinet has a product called FortiMAIL which has all the features mentioned. It can also integrate with other applications and servers.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Sandbox Technology is a means of isolating applications or data in a virtual environment in order to see how it will behave. It also networks security experts to discover whether an application has malware or not. It studies the behaviour of any application in order to uncover any malicious attack. That means if something unusual or malicious happens, it will affect only the sandbox.

Sandbox technology is always managed by the internal security team. Bad actors always explore vulnerabilities in legitimate applications. This is how they can capitalize on that vulnerability in order to infect other devices on the network. They are doing this to launch a Zero Day attack which is the time it takes for Network Security Experts to study an unknown vulnerability.

Before the advent of Sandboxing, there were no effective means to stop a Zero-Day Attack. Firewalls and Antivirus can stop known malware but they were helpless against a Zero-Day Attack. A Sandbox provided an isolated environment that mimics various computer devices, operating systems and applications. It allows the malware to play out in a virtualised environment. If the Sandbox concluded that it is safe, no further action is needed but if it detects a malware, the application will be quarantined.

Many of the Sandbox devices failed to integrate with other devices within the network. While the Sandbox might have identified a Zero-Day attack, the intelligence is not always shared with other devices on the network.

The Sandbox is built on an on-point solution which cannot be integrated with other solutions. It also requires a management console to manage each of the different sandboxing systems.

Therefore any attempt to aggregate threat intelligence data from sandboxes was difficult and time-consuming. The Second Generation Sandbox came about to correct the siloed approach of the first generation sandboxes. It was equipped with more integration tools that allow them to work and integrate with multiple vendors.

As a result, they can share threat intelligence with other security devices such as firewalls, email gateways, endpoints and other devices more effectively.

This now allows Analysts to collate threat intelligence in a central location. Also, in recent times, bad actors are now using machine learning and Artificial intelligence to understand more about networks and release more malware to disrupt networks.

In order for network security administrators to keep up with the new threats, it is imperative that AI and Machine Learning are also added to Sandboxing Technology.

This is what brought about the third generation of Sandbox. It was developed based on the Threat Analysis standard.

They needed to cover the expanding attack surface which is brought about due to the digital transformation of the businesses. Digital transformation can happen due to the movement of business data and applications to the cloud.

There now arose the challenge of categorizing Malware characteristics. There was an organization that proposed the attack framework that describes standard malware characteristics.

The Milder Standard was embraced by many organisations. It become necessary now for a security organization to adopt Milder Standard for security solutions.

It provides security devices with a common language to identify, categorise and describe security threats. This could be shared and understood by all network security devices. As more organisations embraced digital transformations, there are more organisations that are exposed to network security attacks.

One of such organization is the Operation Technology Industries. This includes Security, Oil and Gas and Manufacturing Industries. Most of these organisations kept their operations internal from a corporate business network but increasingly, they access third-party networks. There are also organisations that provide Infrastructure as a Service by hosting other applications. The IaaS vendors make use of Sandboxing in order to ensure that the applications are safe.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

In many of my previous articles, I have discussed it that you need to make sure that you backup your data. When you do data backup, you are protecting your data from eventual loss. Having a data backup will ensure that you are able to quickly restore your data if anything happens to your data. In this article, I want to show you some data backup checklists that you need to consider when you need to back up your data. Follow me as we are going to look at this together in this article.

Here are some of the data backup checklists…

• Backup important documents, photos, and favourite emails to CD, DVD or any other external device at regular intervals. 
• Keep backup data in a safe place.
• Keep important data in multiple locations
• Use encryption techniques to protect data
• Check for automated backup and scheduling features when selecting a backup tool and service as manual backups are liable to human error. 
• If you are using an online backup and data recovery service, check the service provider’s stability and track record.
• Continue to verify your backup service for effectiveness. 

Physical security checklists…

• Survey the building and deal with obvious problems. 
• Use strong doors for locks and windows.
• Install appropriate air conditioning and fire detection in special rooms. 
• Maintain a temperature of less than 30 degrees centigrade and humidity between 20 and 80 percent in the computer room.
• Make a backup of sensitive information and keep it in a safe place. 
• Minimise the amount of sensitive information and papers left on desks. 
• Lock the documents in cabinets.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 In my previous articles, I have talked about all that you need to know about Home Networks. In this article, I want to look at all that you need to know about Common Threats to Wireless networks. Follow me as we are going to look at that together in this article. 

Here are some of the threats you should know about…

#1 Eavesdropping

Attackers can use a variety of tools to find wireless access points where they can pick up an SSID Broadcast.

#2 Data interception and modification

Attackers who gain access to a network can insert a rogue computer to intercept, modify and relay communications between two legitimate parties. 

#3 Denial of service

Attackers can shut down access points by jamming air with noise, rerouting connections to dead ends, or disconnecting valid clients. 

#4 Spoofing

Even if the user disables broadcasting or turns on Media Access Control (MAC) filtering on the wireless access point, attackers can use antennas to capture the user’s signal, determine SSID or valid MAC Address, and then use it to impersonate an authorised client. 

#5 Freeloading

An attacker can use the network as a free access point to the internet.

#6 Rogue WLANs

Attackers can install unauthorised WLANs on the network with ease.

Using Wireless Networks, attackers can…

• Read the email and instant messages as they travel across the network
• Monitor the website that the user visits
• Copy usernames and passwords 
• View files on a computer and spread malware
• Disclose user’s confidential information
• interrupt the wireless service
• implement unauthorised WLAN
• Send spam or perform an illegal activity with the user’s internet connection
• Slow down the internet performance

Securing wireless networks…

#1 Performance monitoring

One of the primary indicators for you to know if your network has been attacked or not has to do with performance monitoring. When you look at your network statistics and it is not up to the normal standard that is required, it might be an indication that your network has been attacked or is under attack. The web might be slowed down when a hacker is planning to launch a Denial of Service attack. This will allow you to take proactive measures to take back control of your network. 

#2 Access Point Verification

You also need to also verify that access points in your network are configured to use the closest primary IAS servers. This will ensure that your access points are not hijacked by rogue networks. It will ensure that all open and closed ports on your network are monitored so that they do not become tools in the hand of bad actors. 

#3 Turn Off

You need to turn off your network if you are not using it for a very long time. When you left an unused network or ports open, it will give bad actors access to perpetrate evil on your network. In order to prevent that, you need to make sure that your networks and WIfi are switched off when they are not in use for a very long time. 

#4 Wrong placement 

There is a need for you to always do a re-assessment of your network architecture from time to time. You need to make sure that you always look out for wrong configurations on your network and make sure that they are corrected as soon as you discover the wrong configuration on your network. 

#5 Unprotected Wi-fi

There are some of us that are in the habit of looking for free Wi-fi to connect to. This is a terrible habit. It is not all the free Wi-fi that you see around that is secured. Some are set up by bad actors to gain access to your network and data. You have to make sure that you do not connect to free wi-fi. If you must connect to free wi-fi in a public place, make sure the network administrator assists you in identifying the correct SSID to connect and that you are given the network credentials as well. 

#6 Default SSID 

There are also instances when you purchase a device and are forced to use the default password for such a device. There are also some people that have the opportunity of changing the password but decided to stick to the password that came with the device. This particular practice is very wrong. If it happens that the password mistakenly falls into the hand of the wrong person, it might open such a user to more attacks. 

#7 Default username

Just like what I said earlier, you need to change the default username and password for your device. Hackers can use a dictionary meaning to discover the default username and password to unlock your device. If you decided not to change the default username and password that comes with your device, it will definitely expose the user to more attacks. You have to make sure that the default Bluetooth and wi-fi usernames and passwords are changed in order to secure your device. 

#8 No SSID Broadcast

also, in order to secure your network from attackers, you have to disable your network SSID Broadcast. When you turn on SSID broadcast, it will allow everyone to discover that network and possibly login into that network. Switching off the SSID broadcasts will ensure that the network cannot be seen by bad actors who might want to log in or hijack the network session. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

In my previous article, I have talked about some of the facts that you need to know about computer network security generally. In this article, I want to throw more light on how to fo Window Easy Transfer on Windows Operating System. Follow me as we will look at that together in this article. 

Windows Easy Transfer helps the user to transfer personal files, emails, data, files, media and all other applications from one computer to another computer. You have to know that this method cannot be used to transfer program applications. You should also note that you cannot find this feature on Windows 10 Operating Systems. 
[embedyt] https://www.youtube.com/watch?v=Ds7UhfAwHQk[/embedyt]
This platform provides a number of ways for users to connect two computers to transfer the data. These include: 

• Easy Transfer Cable. This is a special USB cable designed to work with Windows Vista and Windows Easy Transfer.
• If the user already has a wired or wireless network, this is a great way to transfer all of the data.
• It can copy the data to a removable hard disk and then copy data from that disk to a new computer. 
• It can use a computer’s CD or DVD burner to transfer the user’s data. 

It transfers: 

• Users accounts
• Files and folders 
• Program data files and settings
• Email messages, settings and contacts 
• Photo, music and videos 
• Windows Settings and Internet settings

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

When it comes to the process of connecting two or more computers together, there are some risks that are associated with it which you have to be aware of. I want to talk about ten different types of such risks in this article. Follow me as we are going to do that together in this article.

#1 Malware

Email, Instant Messaging and file programs have traditionally been used to spread viruses, worms, backdoors. rootkits, Trojans and spyware from computer to computer.

#2 Sniffing

Unsecured network connections such as Wifi access points are used by hackers to set up packet sniffers to monitor all traffic that comes and goes to a network.

#3 Denial of service

Denial of service causes the computer to crash or to become so busy processing data that you are not able to use such a device for a legitimate purpose. 

#4 Mobile Code

Intruders use multiple codes to gather information such as the website visited or to run malicious code on your computer as well. 

#5 Email Spoofing

An email message appears to have originated from one source when it actually was sent from another source to trick the user to expose sensitive information. 

#6 Chat Clients 

Chat clients allow the exchange of executable code that may be malicious to be sent through chats. 

#7 Being Intermediary for other attacks

Intruders use compromised computers as launching pads for attacking other devices on a network. This may happen due to negligence and non-compliance on the part of users. 

#8 Backdoor and Remote Administration Program

A malicious web developer may attach a script to something sent to a website, such as a URL that is transferred to your browser when the website responds to you. 

#9 Cross-Site Scripting 

A malicious web designer may attach a script to something sent to a website, such as a URL that is transferred to your browser when the website responds to you. 

#10 Unprotected Windows Share 

Unprotected Windows networking share can be exploited by intruders to place distributed attack tools of Windows-based computers attached to the internet. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

A firewall is a part of the computer system or network that is designed to block unauthorised access from devices. In this article, I want to talk about some of the ways to use firewalls and virus for device protection. Follow me as we are going to look at that together in this article. 

It controls traffic coming into and leaving the system by permitting authorised communication. The firewall can hide the user’s home network from the outside world. Also, It can also be either software or hardware.
 

It is also recommended that we implement firewall technology on every device. It will help to prevent unauthorised access to devices. 

The firewall also monitors all the requests coming into the system, alert the user, and asks permission for allowing and blocking them from accessing devices. 

Examples of software firewalls include: 

• WIndows FIrewall ( check Securing Operating System module)
• Norton Personal FIrewall
• Sunbelt Personal FIrewall
• ZoneAlarm 
• Comodo Personal Firewall

Use Anti-Virus Protection

Anti-Virus software is used to prevent, detect, and remove malware, including computer viruses , worms, and trojan horses. 
They offer “real-time” protection for email and files as they are received.  They are to be configured to scan: 

• All the workstations 
• complete network regularly
• All incoming and outgoing traffic
• Email attachments 
• Downloads 
• Browsing

Use Strong Passwords 

Password must be something that a user can remember but is not related to the user (Such as date of birth, maiden name, spouse name among others). 
A strong password is 8-10 digital long with letters, numbers, and characters (a special character can be used, but the password should be easy to remember). Always use a strong password when you are accessing resources. 

Make Regular Backups

Back up the data regularly, it helps to resolve data during security issues. Backup settings and configurations of the router and firewall. 
You need to create a boot disk before a security event occurs; it helps in recovering the system when it is damaged and compromised. 

 Know about Encryption

Encryption is the conversion of data into an unreadable form called cipher text , unencrypted data is called Plain Text. This protects the sensitive information that is transmitted online. 
It is also an effective way to achieve data security. Also, a web browser will encrypt text automatically when connected to a secure server. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Threat actors include but are not limited to, amateurs, hacktivists, organized crime groups, state-sponsored, and terrorist groups. Threat actors are individuals or groups of individuals who perform cyberattacks. Cyberattacks are intentional malicious acts meant to negatively impact another individual or organization. In this article, I will talk about four types of threat actors in Cyber Attacks.

Amateurs, also known as script kiddies, have little or no skill. They often use existing tools or instructions found on the internet to launch attacks. Some are just curious, while others try to demonstrate their skills by causing harm. Even though they are using basic tools, the results can still be devastating.

#2 Hactivitists

Much of the hacking activity that consistently threatens our security is motivated by financial gain. These cybercriminals want to gain access to our bank accounts, personal data, and anything else they can leverage to generate cash flow.

Global Politics Factors

In my previous article, I have talked more about social engineering and some of the reasons why you need to keep your personal data and identity secured. In this article, I want to discuss some of the facts that you need to know about human-based social engineering. Follow me as we are going to look at this together in this article. 

Social Engineering is the art of convincing people to reveal confidential information. It is the trick used to gain sensitive information by exploiting basic human nature. The act intends to gather sensitive information such as credit card details, social security numbers among others which include passwords and other personal information.

Some examples…

“Hi, we are from CONESCO Software. We are hiring new software development team. We got your contact from a popular job portal. Please provide details of your job profile , current project information , social security number and your residential address.”

Another one…

” Hi, I am Mike calling from CITI Bank. Due to threat perception, we are updating our core systems with new security features. Can you provide your personal details to verify that you are Stella?”

And another one…

“Hi. I am John Brown. I am with the external auditor Mr Sandrex. We have been told by Corporate to do a surprise inspection of your disaster recovery procedures. You have 10 minutes to show me how you would recover from a website crash”

We have two types of social engineering which are:

• Human-based social engineering
• Computer-based social engineering

#1 Human-Based Social Engineering

Eavesdropping is unauthorised listening to conversations or reading of messages. It is interception of any form of communication such as audio, video, or written conversions. 

#2 Shoulder Surfing 

Shoulder surfing is the procedure where the attacker looks over the user’s shoulder to gain critical information such as password, personal identification number, account numbers, credit card information e.t.c.
An attacker may also watch the user from a distance using binoculars in order to get the piece of information. 

#3 Dumpster Diving

Dumpster diving includes searching for sensitive information at the target company’s trash bin, printer thrash bin, or user’s desk for sticky notes among others.
It involves the collection of phone bills, contact information, financial information, operations related information among others. 

Computer-Based Social Engineering

Here are some of the instances of computer-based social engineering…

#1 Pop Up Windows 

Windows that suddenly pop up while surfing the internet and ask for the user’s information to log in or sign in.

#2 Hoax letters

Hoax letters are emails that issue warnings to the users on new viruses, Trojans, or worms that may harm users’ systems.

#3 Chain letters 

Chain letters are emails that offer free gifts such as money and software on the condition that the user has to forward the mail to the said number of persons.

#4 Instant Messaging

Gathering personal information by chatting with a selected online user to get information such as birth names and maiden names.

#5 Spam Email

Irrelevant, unwanted, and unsolicited email to collect the financial information, social security numbers, and network information.

#6 Phishing

This is an illegitimate email falsely claiming to be from a legitimate site that attempts to acquire the user’s personal or acquired information.
Phishing emails or pop-ups redirect users to fake websites or mimic trustworthy site that asks them to submit their personal information.

#7 Phony Security Alerts

Phoney security alerts are the emails or pop up windows that seem to be from reputable hardware or software manufacturers like Microsoft, Dell among others.
It warns/ alerts the user that the system is infected and thus will provide an attachment or a link in order to patch the system. Scammers suggest to the user to download and install those patches. The trap is that the file contains malicious programs that may infect the user’s system.

#8 Social Networking sites

Computer-based social engineering is carried out through social networking sites such as Orkut, Facebook, Myspace, LinkedIn, and Twitter among others. Attackers use social networking sites to exploit a user’s personal information. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

In my previous articles, I have talked about some of the facts that you need to know about how you can secure yourself online. Please note that the mistake that many people are making is that they always feel that they have nothing that is of importance to a hacker.

You should note that you have a lot that a hacker can use even though you are the poorest person in the world. You need to keep your data and personal effects secured. In this article, I want to look at some facts about Identity theft in computer security. Follow me as we will look at that together in this article.

Let us start with this customer’s complaint…

“I lost my purse in 2006. But Surprisingly I got notices of bounced cheques in 2007. About a year later, I received information that someone using my identity had bought a car. In 2008, I came to know that someone is using my Social Security Number for a number of years. A person got arrested and produced my SSN on his arrest sheet. I can’t get credit because of this situation. I was denied a mortgage, employment, credit cards and medical care for my children”

What is Identity theft?

Identity theft or ID Fraud refers to fraud where an offender wrongly obtains key pieces of the intended victim’s personal identifying information, such as date of birth, Social Security Number, and driver’s license number among others. and make gains by using personal data. 

Negative effects of such losses…

#1 Financial losses 

One of the negative impacts of identity theft is that it will lead to financial losses for the victim. When such details are stolen, they can use them to process loans or buy products online. This can negatively impact your credit records. That is why you have to keep such identities of yours secured. 

#2 Criminal charges

Also, when your identities are stolen, a crime can be committed on your behalf and you will have to answer for such offences. Take, for example, you have just lost your ID card and the person that stole your ID card now went for an armed robbery attack. During the investigation, your ID card was now found at the crime scene. It will take time before you can be cleared of the charges. This will be worsened if you failed to report such loss to the police in the first place.

#3 Denials 

In some advanced countries, life can be very difficult when you lose your Social Security Number. It can make your life miserable. You can be denied a loan, employment, medicare and other facilities if your ID is stolen and such ID was used to process loans without your consent. This will give you a poor credit rating. 

#4 Legal Issues

Also, you can find yourself entering into serious legal issues when your IDs are stolen and it is being used to commit identity crime. This can put you behind bars or damage your reputation. This can even take away ample time that you should have used in concentrating on other tasks. You need to keep your ID safe and maintain your privacy when dealing with others. 

Personal Information that can be stolen…

• Passport numbers
• Birth Certificates
• Credit card and bank account numbers
• Driver licence numbers
• Social Security numbers 
• Names 
• Address 
• Date of Birth
• Mother’s maiden name
• Telephone numbers

How do Attackers steal an identity?

#1 Social Engineering 

This is an act of manipulating people’s trust to perform certain actions or divulging private information, without using a technical cracking method.

#2 Phishing 

Here, fraudsters pretend to be a financial institution and send spam/pop-up messages to trick the user to reveal personal information. 

#3 Hacking

Attackers may hack computer systems to steal personal information. Here, they always rely on the ignorance or carelessness of the user in order to perpetuate their attacks. That is why it is very vital that you should ask when you do not know or you are not sure of the right thing to do. 

#4 Theft of personal stuff

Fraudsters may steal wallets and purses, mail including bank and credit card statements, pre-approved credit card offers and new cheques or tax information.

What attackers do with a stolen identity

Here are some of what attackers do with stolen identity generally…

#1 Credit Card Fraud

They may open new credit card accounts in the name of the user and do not pay the bills in return. This will definitely spoil your credit card record generally. 

#2 Phone or Utility fraud

They may open a new phone or wireless account in the user’s name, or run up charges on his or her existing account. 
They may use the user’s name to get utility services such as electricity, heating or cable TV. 

#3 Other fraud

They may also try to get a job using the person’s Social Security Number. They may also give legitimate users’ information to police during an arrest and if they do not turn up for their court date, a warrant for arrest is issued in the legitimate user’s name. 

#4 Bank/Finance Fraud

You should also note that they may create counterfeit cheques using a victim’s name or account number. Also, they may open a bank account in the victim’s name and issue the cheques. In addition, they may clone an ATM or credit card and make electronic withdrawals in the victim’s name. They may also take a loan in the victim’s name.

#4 Government documents Fraud

It is possible that they get a driving licence or official ID Card issued on a legitimate user’s name but with their photo. They may also use the victim’s name and Social Security Name to get government benefits. Also, they may file a fraudulent tax return using legitimate user information.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

In my previous article, I have talked about some of the ways that you can secure email accounts, In this article, I want to provide a clear guide on how you can secure your email account by using an email digital signature. Follow me as we are going to look at some of the procedures together in this article.

Just like I said in my previous article, Digital Signature is used to authenticate the sender of an email and it is used to authenticate the sender of an email. In order not to waste time, let me now tell you some of the things that you need to know.

How to do it…

• Go to the Certificate Authorities website,
• Purchase and download a Digital Certificate
• Some Certificate Authorities offer a free personal email security certificate such as Comodo
• Provide personal details to download the certificate
• Login to the email account that you have provided while downloading the certificate
• Check your inbox for an installation link
• Click on the installation link and install the digital certificate
• In the Internet Explorer go to Tool→Internet Options→Content tab
• In the Content tab, click Certificates button
• Select the Certificate and click on Export button
• Click on Next
• Check the Yes, Export the Private Key option
• Click on Next
• Protect the private key by giving a password and confirming it. 
• Specify the file you want to export and save it to a particular location

How to do the same on Microsoft Outlook…

• Go to the Microsoft Outlook ⇒ File ⇒ Options
• Click on Trust Centre ⇒ Trust Centre Settings ⇒ Email Security 
• Encrypt the email by selecting the appropriate checkboxes under the encrypted email section
• Click the Import/Export button
• Browse to find the file to open and give the password and Digital ID name
• Click the OK button
• Click new email to write a message 
• After clicking on the send button, it will prompt you to encrypt the message 
• Click the send unencrypted button {if the recipient do not have a private key) 
• Click on the continue button if the recipient has a private key 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CEHNIGERIA is committed to fact-checking in a fair, transparent, and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

A firewall is a part of the computer system or network that is designed to block unauthorised access from devices. In this article, I want to talk about some of the ways to use firewalls and virus for device protection. Follow me as we are going to look at that together in this article. 

It controls traffic coming into and leaving the system by permitting authorised communication. The firewall can hide the user’s home network from the outside world. Also, It can also be either software or hardware.
 
It is also recommended that we implement firewall technology on every device. It will help to prevent unauthorised access to devices. 
The firewall also monitors all the requests coming into the system, alerts the user, and asks permission for allowing and blocking them from accessing devices. 

Examples of software firewalls include: 

• WIndows FIrewall ( check Securing Operating System module)
• Norton Personal FIrewall
• Sunbelt Personal FIrewall
• ZoneAlarm 
• Comodo Personal Firewall

Use Anti-Virus Protection

Anti-Virus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. 
They offer “real-time” protection for email and files as they are received.  They are to be configured to scan: 

• All the workstations 
• complete network regularly
• All incoming and outgoing traffic
• Email attachments 
• Downloads 
• Browsing

Use Strong Passwords 

Password must be something that a user can remember but is not related to the user (Such as date of birth, maiden name, spouse name among others). 
A strong password is 8-10 digital long with letters, numbers, and characters (a special character can be used, but the password should be easy to remember). Always use a strong password when you are accessing resources. 

Make Regular Backups

Back up the data regularly, it helps to resolve data during security issues. Backup settings and configurations of the router and firewall. 
You need to create a boot disk before a security event occurs; it helps in recovering the system when it is damaged and compromised. 

 Know about Encryption

Encryption is the conversion of data into an unreadable form called cipher text , unencrypted data is called Plain Text. This protects the sensitive information that is transmitted online. 
It is also an effective way to achieve data security. Also, a web browser will encrypt text automatically when connected to a secure server. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be delighted to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Online banking has become commonplace, although some people are still afraid of using it online banking. There is no need for you to fear. You just need to take all the necessary precautions in order to be safe when you are carrying out online banking transactions. In this article, I want to talk about some of the major benefits of online banking platforms generally. Follow me as we look at that together in this article. 

What is online banking…

Online banking is the method of making bank transactions or paying bills over the internet. Through this method, you can make use of USSD or the Internet in order to carry out transactions online. It allows the user to make deposits, withdrawals and pay bills with a single click of the mouse. This allows you to carry out banking transactions without leaving the comfort of your house. 

Merits…

#1 All-round

Online banking will allow you to perform banking transactions in real-time. You can carry out banking transactions at any time of the day. The most awesome part of it is that you can carry out banking transactions without leaving the comfort of your house. 

#2 Effective

Another amazing feature of online banking is that it is fast and convenient. You only need to be connected to the internet in order to carry out such a banking transaction. It is very fast and effective. Besides, you do not need to queue for several hours at the bank. It is pretty fast. 

Demerits…

#1 Tricky

Just like I said earlier in this article, online banking can be tricky for beginners. Some of just afraid to start because of high cases of internet banking fraud. Many people have been duped. Because of that, a large majority of people will not want to use internet banking even though it is very simple. 

#2 Doubt

Another major issue with online banking is that most times, the customer might not be sure whether the transactions are successful or not. This might create some kind of panic between the customer and the bank. At times, some of the transactions might fail, and some might end up sending money to the wrong account. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be delighted to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Hi, I now use RavenBank to send, receive and save money. I also pay my bills with ease, you should try it out too

In my previous article, I talked about why we need to embrace online payments as an option. In this article, I want to talk about eight major types of credit card fraud that we should know when it comes to making payments online. Follow me as we are going to look at that together in this article.

Now the frauds…

#1 Credit Card Mail-Order Fraud

Here, the offender gathers information about a cardholder and sends a request to the bank for a new or a replacement card on behalf of the cardholder.

#2 Skimming / Counterfeit Card Fraud

Electronically copying authentic data on a card’s magnetic stripe to another card without the genuine cardholder’s consent.

#3 Chargeback fraud

A Genuine cardholder uses the card to purchase goods and services, and when the bank statements are issued, they call the bank and claim that they never authorised the transaction.

#4 Lost and Stolen Card fraud

The card is physically stolen or lost and then used by the offender to make online payments or perform any other transaction.

#5 Card Not Present (CNP) Fraud

An offender obtains credit card details and then purchases goods and services over the internet or by telephone, fax or email.

#6 Cash Machine Fraud

The offender tampers with a cash machine and then tricks the user into entering the pin in their presence.

#7 Shoulder Surfing

The offender oversees the card user when he is entering his card information. This is with the sole purpose of using the card for an online transaction later on. 

#8 Identity Theft

The offender uses fraudulently obtained the personal information of a credit card holder to access credit card accounts. 

Amazing Facts About Credit Card Payments

These days, we will notice that almost everyone is looking for ways of making things easy for themselves. Because of the fact that we are not ready to stress ourselves, it has led to a situation where individual all over has embraced online payments as a means of reducing the need to carry cash about. This has made online payments become so popular. In this article, I want to look at some of the amazing facts about credit card payments. Follow me as we are going to look at that together in this article. 

First and foremost, credit cards are still the preferred means for online purchases because of the ease of use and the ability to pay the bills at a later date.

Credit cards are issued by a credit-issuing bank or credit union after verifying the user’s credentials. Also, the card user always agrees to pay the card issuer the amount used in making the purchase of the card. 

The cardholder indicates consent to pay by signing a receipt with a record of the card details and indicating the amount to be paid or by entering a Personal Identification Number (PIN) or Card Verification Value (CVV) among other requirements. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be delighted to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staffs of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 In many of my previous articles, I have talked about how you can carry out a proper online transaction with your card and other payment alternatives. In this article, I want to tell you some of the major online transaction checklists that you need to consider when it comes to making transactions online. Follow me as we are going to look at that in this article.

Here are some of the checklists…

• Never respond to unsolicited email offers or respond to information.
• Use browser filters that warn about reported phishing sites and block access to the address
• Register for the bank mobile SMS alert service to get an alert whenever there is any transaction on your account.
• Protect yourself from identity theft
• Always check the address bar for the correct URL
• Always check the website certificate, SSL padlock, and https.
• Regularly update your operating system and other installed applications
• Ensure that you have the latest browser installed on your system
• Ensure that you are connected to a secured network when using a wireless network.
• Regularly scan your system for viruses, worms, trojans, spyware, key loggers, and other malware using updated anti-virus software. 
• Use strong passwords for all online transactions and keep them changing at regular intervals.
• Use a virtual keyboard to enter sensitive information.
• Do not perform online transactions from public systems.
• Always completely log off after performing an online transaction.

If there is one thing that has become so annoying to me as a person, it is this process of receiving unwanted emails in my inbox. I do not know about you. I do receive these emails every day. They are so annoying. At times, I do wonder how these people got my email address. You can’t beat it, there are some people who receive your email legally and they turn back and sell your emails and your phone numbers. It is so annoying but it seems we can not stop it. In this article, I really want to talk about how we can stop email inbox spamming. Follow me as we are going to talk about this in this article. 

What is Spamming?

Spamming is the use of email systems to send unsolicited bulk messages indiscriminately overloading the user’s inbox as you do that. 
Spam email may contain malicious computer programs such as viruses and Trojans. According to Symantec, spam makes up 89.1% of all email traffic. That means the sending and receiving of spam emails is a serious issue. 

There are six things that you can do as counter-measure 

#1 Avoid opening 

One of the very first things that you need to be aware of is that you should never open spam emails when it comes to your inbox. You should always delete them immediately. The reason is that some of these spam emails contain links that if opened can introduce malware to your device. That is why you should avoid opening spam emails like a plague. 

#2 Use Spam Filter 

Also, another means of safeguarding yourself again spam email is to make use of spam filters. Although email provider like Gmail has done this categorization for us. They have their own algorithms that help to prevent some unwanted emails from coming to your inbox. You need to check these once in a way in order to be sure that there are no force positives. But this only happens on a few occasions.

#3 Never follow the link in spam messages 

In addition, just like I have said earlier you should not open links in spam messages. I also want to advise you that you should never be tempted to follow links in email messages that are being sent from an unknown person. It is very possible that the email was sent by any hacker who is trying to have access to your personal information. No matter how good the message is, do not be tempted to click on links that come with unwanted emails. Never do that. 

#4 Report as spam 

When it comes to email security, it has to be a collective responsibility for all. There is a need for you as a user to check whatever emails that come into your inbox. You should always take it as a duty to report all spam email that comes into your inbox. This will allow those platforms to tag those emails as spam. It will allow the email from such recipients to go into the spam folder in the future. 

#5 Never use official email 

Also, you have to be very careful not to use official email when you are registering on any public platform in the future. You should be more careful when you have the feeling that such an email platform is not too secure. This will prevent a situation where your email ended up falling into the wrong hand. You should be guarded. 

#6 Use a different email

Just like I told you that you should not use your official email to signup anywhere. I need to also tell you that when you have to comment on public forums or platforms, you should never use your official email address. You should have a dedicated email that you will be using for such a purpose. You need to ensure that you are not using such email for financial transactions or anything relating to your business. 

Hoax Email

Hoax emails are email messages warning users about non-existent threats. Users are also warned about the adverse effect of not forwarding such emails to others to warn them about threats. 

Scam Email

A scam email asks for personal information such as bank account details, credit card numbers, passwords, and other sensitive information from recipients. 
The sender of scam emails may also ask the recipient to forward the email to everyone on his or her contact list as well.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.