Purpose

Dedicated to helping people make themselves safe and their Homes harder targets,...or when James Bond meets Soccer Mom




Tuesday, July 27, 2010

Cyber Security Threats

Cyber threats to a control system refer to persons who attempt unauthorized access to a control system device and/or network using a data communications pathway. This access can be directed from within an organization by trusted users or from remote locations by unknown persons using the Internet. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and malicious intruders.

To protect against these threats, it is necessary to create a secure cyber-barrier around the Industrial Control System (ICS). Though other threats exist, including natural disasters, environmental, mechanical failure, and inadvertent actions of an authorized user, this discussion will focus on the deliberate threats mentioned above.

Terrorists

Traditional terrorist adversaries of the U.S. , despite their intentions to damage U.S. interests, are less developed in their computer network capabilities and propensity to pursue cyber means than are other types of adversaries. They are likely, therefore, to pose only a limited cyber threat. Since bombs still work better than bytes, terrorists are likely to stay focused on traditional attack methods in the near term. We anticipate more substantial cyber threats are possible in the future as a more technically competent generation enters the ranks.

Their goal is to spread terror throughout the U.S. civilian population. Their sub-goals include: attacks to cause 50,000 or more casualties within the U.S. and attacks to weaken the U.S. economy to detract from the Global War on Terror.

Hackers

Although the most numerous and publicized cyber intrusions and other incidents are ascribed to lone computer-hacking hobbyists, such hackers pose a negligible threat of widespread, long-duration damage to national-level infrastructures. The large majority of hackers do not have the requisite tradecraft to threaten difficult targets such as critical U.S. networks and even fewer would have a motive to do so. Nevertheless, the large worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage, including extensive property damage or loss of life. As the hacker population grows, so does the likelihood of an exceptionally skilled and malicious hacker attempting and succeeding in such an attack.

In addition, the huge worldwide volume of relatively less skilled hacking activity raises the possibility of inadvertent disruption of a critical infrastructure.

For the purposes of this discussion, hackers are subdivided as follows:

Sub-communities of hackers

Script kiddies are unskilled attackers who do NOT have the ability to discover new vulnerabilities or write exploit code, and are dependent on the research and tools from others. Their goal is achievement. Their sub-goals are to gain access and deface web pages.

Worm and virus writers are attackers who write the propagation code used in the worms and viruses but not typically the exploit code used to penetrate the systems infected. Their goal is notoriety. Their sub-goals are to cause disruption of networks and attached computer systems.

Security researcher and white hat have two sub-categories; bug hunters and exploit coders. Their goal is profit. Their sub-goals are to improve security, earn money, and achieve recognition with an exploit.

Professional hacker-black hat who gets paid to write exploits or actually penetrate networks; also falls into the two sub-categories-bug hunters and exploit coders. Their goal is profit.

Nature of the computer security community


Hackers and researchers interact with each other to discuss common interests, regardless of color of hat. Hackers and researchers specialize in one or two areas of expertise and depend on the exchange of ideas and tools to boost their capabilities in other areas. Information regarding computer security research flows slowly from the inner circle of the best researchers and hackers to the general IT security world, in a ripple-like pattern.

GAO Threat Table


The following table is an excerpt from NIST 800-82, "Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security (SME draft), provides a description of various threats to CS networks: (click on the table to enlarge)

Monday, July 26, 2010

Sensor Lighting for Home Security

Sensor Lighting For Home Security

Sometimes street lighting and your front/ back home lights are not enough to shed light during the night; making it an easy target for thieves to strike. Some ideas to consider for not only shedding light around your home for safety purposes, but also inside cost effective sensors are:

Setting up a dawn and dusk detection sensor that controls safety and security on your standard porch lights. The Passive Infrared motion sensor will tell your lights when it’s getting dark outside and automatically turn them on and then back on again when it gets light. (Porch light with sensor picture Upper left) and (Sensor for light porch picture Lower left)











Security floodlights are great for securing the perimeter of your home with easily control lights and plenty of remote access. There are some floodlight packages that have a motion activated sensor of up to a 20 foot distance. (Flood lights with sensor picture below)











Inside the home you can have timers hooked up to your lamps, televisions, radios, etc. They can be easily bought cost effectively from your local neighborhood Walgreens store, Wal-Mart, or your Lowe’s or Home Depot stores. Setting these up inside your home gives the illusion that someone is at home and not empty. These are great for when you go out on a family trip or coming home late at night. (Inside timer for electronics picture below)











A sensor light switch is ideal for two reasons: One. If you have children that constantly leave the light on, the sensor will detect that no one is in the room and shut off saving you on the electric bill. Two. It surprises anyone who enters that room by automatically turning on the light when it senses someone or movement in the room. (Sensor light switch picture below)





It is amazing what a little light can do to help you stay safe. Not only will sensor for lights help you in your home security, but if used properly, they can even help you on your light bill (result may vary).

Friday, July 23, 2010

Computer Security - E-Mail Tracker Programs

The man that sent this information is a computer tech.  He spends a lot of time clearing the junk off computers for people and listens to complaints about speed.  All forwards are not bad, just some.  Be sure you read the very last paragraph.

By now, I suspect everyone is familiar with snopes.com and/or truthorfiction.com for determining whether information received via email is just that:  true/false or fact/fiction.  Both are excellent sites.
 
Advice from snopes.com   VERY IMPORTANT!!
1) Any time you see an email that says "forward this on to '10' (or however many) of your friends", "sign this petition", or "you'll get bad luck" or "you'll get good luck" or "you'll see something funny on your screen after you send it" or whatever --- it almost always has an email tracker program attached that tracks the cookies and emails of those folks you forward to.  The host sender is getting a copy each time it gets forwarded and then is able to get lists of 'active' email addresses to use in SPAM emails or sell to other spammers.  Even when you get emails that demand you send the email on if you're not ashamed of God/Jesus --- that is email tracking, and they are playing on our conscience.  These people don't care how they get your email addresses - just as long as they get them.  Also, emails that talk about a missing child or a child with an incurable disease "how would you feel if that was your child" --- email tracking.  Ignore them and don't participate!
 
2) Almost all emails that ask you to add your name and forward on to others are similar to that mass letter years ago that asked people to send business cards to the little kid in Florida who wanted to break the Guinness Book of Records for the most cards.  All it was, and all any of this type of email is, is a way to get names and 'cookie' tracking information for telemarketers and spammers -- to validate active email accounts for their own profitable purposes.

You can do your Friends and Family members a GREAT favor by sending this information to them.  You will be providing a service to your friends.  And you will be rewarded by not getting thousands of spam emails in the future!

Do yourself a favor and STOP adding your name(s) to those types of listing regardless how inviting they might sound! Or make you feel guilty if you don't! It's all about getting email addresses and nothing more.
 
You may think you are supporting a GREAT cause, but you are NOT!
 
Instead, you will be getting tons of junk mail later and very possibly a virus attached!  Plus, we are helping the spammers get rich!  Let's not make it easy for them!

ALSO:  Email petitions are NOT acceptable to Congress of any other organization - i.e. social security, etc.  To be acceptable, petitions must have a "signed signature" and full address of the person signing the petition, so this is a waste of time and you are just helping the email trackers.