For the sniffer tools include the attack on the Internet - for example, still has no proof provided that "Operation Aurora" did not come from China. More than 30 major companies such as Adobe, Google, Yahoo, Dow Chemical and Symantec were, as was announced in 2010, probably appeal to a sophisticated phishing attack victim, in which individual users unnoticed spy software was loaded on the computer. An alternative to such e-mail attacks, the oft-quoted (Chinese) student who likes to work overtime and it attracts the business secrets to USB sticks. But even within their own borders to keep the data out for thieves and are regularly looking for, when businessmen enter or representatives of foreign government agencies. Toral Dirro , security strategist in the research laboratory of virus hunters from McAfee knows that government agencies work laptops and mobile phones for business travellers with espionage agents. He says: "Whoever is involved in research and development or to the employees, is one in which outsiders expect far-reaching powers to access company data, should prepare themselves before traveling abroad." Because the risk is high, to be victims of data theft.
Professional VPN solutions to secure the connection using certificates
It is best Dirro According to travel with a virtually virgin device on which no data - are stored - and not private. This is also the famous American hacker Dan Kaminsky , "What must not be lost, should better stay right at home who brings something to the foreign country, must expect to lose it.." Everything you need is in the case of the naked laptop while traveling then secure Virtual Private Network (VPN) settled into the corporate network. This Dirro: "Professional VPN solutions to secure the connection via so-called certificates in this case, also state snoopers powerless you can eavesdrop on the data stream but can not decipher the first click after booting the PC should also serve to launch the software... to establish the VPN tunnel. "
The situation is different when accessing online services such as Webmail, which are encrypted with Secure Socket Layer (SSL). Although SSL provides adequate protection in most cases and is thus for online shop owners and banks are still the best way to secure their services. Government agencies come into question as a listener, but is SSL overturn easily and recognize only professionals using the supplied SSL certificate that the connection has been tampered with. Conclusion: For travelers with real espionage risk is an SSL connection is not sufficient protection.
This applies to wireless LANS in a hotel or airport as well as wired access in the hotel room or airport lounge. Without adequate protection through VPN should be no sensitive data is transferred. The encryption of any existing wireless lan offers no protection in these cases.
If all else fails: hard drive encryption
Data must be stored in any event on the device, for example because of access over the Internet due to the large volume of data is not practicable, the safety experts recommend that you encrypt the hard disk of the machine. The professional versions of Windows Vista and Windows 7 bring this off with Bitlocker work is regarded as the safe technique. Even Mac OS X FileVault has something suitable on board. Alternatively, experts recommend installing the free software TrueCrypt .
Important when encrypting the hard disk is the used password. It was - as usual - his most complex. To prevent that, for example at a security checkpoint at the entry into the country, the data is read out, despite coding, the notebook should always be driven all the way down. "Otherwise, the password can still be read from the memory of the mobile PCs," says Toralv Dirro.
Security specialist recommends a combination of fully encrypted hard drive and also encoded with a different password each folder. This will prevent that, during the Windows operating - if the disk is decrypted so already - possibly entrained malware can search the entire contents of the disk.
Despite all measures, a well-secured computer using software still infected with malicious software . With a poisoned stick a computer is infected quickly. The same danger threatens, even if it is left unattended in hotel rooms remains. Then the danger in professional circles "Evil Maid attack" called an alleged attack by Maid (Maid).
The term is not politically correct, describes the phenomenon but true: Leaving the traveller's room, to make the supposed cleaning staff with the USB-stick approach to the notebook and installed, for example a so-called BIOS or MBR (Master Boot Record) rootkit. This type of malware infects the BIOS either the laptop or the first used at each boot master boot record of HDD. In both cases, can thus overturn any encryption. Anti-virus software is able to detect such infections while in principle. Prevent it but can not because the security software is still inactive at the time of infection. Moreover, it is security strategist Dirro assume that programmed by government agencies used malicious software so that was a virus guard does not suspect. Behind one of our experts sometimes expressed Tip Dirro is not: the masking of interfaces such as USB ports to prevent infection via memory stick. "Consequently, should all other ports such as Firewire, eSATA, Thunderbolt, or PC card to be sealed. Then the danger is great that it will damage the device."
Store also the advice passwords in a file on a USB flash drive and use copy and paste from there leads to a wrong path. Because modern pests not only monitor the keystrokes, but also to the clipboard. And that's where the passwords end up copying.
Telecoms equipment companies have been spying since 2000. Industrial espionage in the digital age is already part of everyday life. In countries like France and Russia support the local economy is required by our own intelligence services even.
For the sniffer tools include the attack on the Internet - for example, still has no proof provided that "Operation Aurora" did not come from China. More than 30 major companies such as Adobe Google, Yahoo, Dow Chemical and Symantec were, as was announced in 2010, probably appeal to a sophisticated phis hing attack victim, in which individual users unnoticed spy software was loaded on the computer. An alternative to such e-mail attacks, the oft-quoted (Chinese) student who likes to work overtime and it attracts the business secrets to USB sticks. But even within their own borders to keep the data out for thieves and are regularly looking for, when businessmen enter or representatives of foreign government agencies. Toral Dirro , security strategist in the research laboratory of virus hunters from McAfee knows that government agencies work laptops and mobile phones for business travellers with espionage agents. He says: "Whoever is involved in research and development or to the employees, is one in which outsiders expect far-reaching powers to access company data, should prepare themselves before travelling abroad." Because the risk is high, to be victims of data theft.
No comments:
Post a Comment