Internet is a library for all. It rates as the best and reliable source of information in all genres. However, for you to access this sea of knowledge, you need some nitty-gritty on computer knowledge and internet searches. Inbound links is the source for all this information.

For years, inbound links is used in network navigation but currently, technology has made it easier to increase traffic and hits for the website through this technology. Search engine optimization is a new form of websites advertising. This creates market for the websites depending on the keyword strength.

Whenever you need to advertise, increase website performance and increase more views to your site, you need to create quality inbound links. Below are the tips for you:

1. Article Writing:

Article writing is not a new journalistic term. It has been in existence for long but few webmaster and web-owners knew how to utilize this into website marketing. Article writing was more of a delicacy for publications and news website, but currently, it is the fast growing marketing strategy.

This involves use of innovative, creative and imaginative skills and talents to turn ideas into writing and post them in various article directories or in the website links. The service is worthy since you can multi-post the article in many sites which publishes them to increase the number of hits for your link or website.

Article writing is not hard, but it requires innovation. You can hire professional services to produce quality-marketing articles for your products or services. With this, you pay the services to market your website as well as offer you with links to your website.

Always have a link in every article or a section that provides relevant information. This can be comparison of the information, more updates on that piece of information or more details.

2. Reciprocal Link Exchangers

You wish to establish links to other websites, inbound links provides this. All you need is to search for websites that have similar information, services or products you sell and add their websites.  Have necessary and similar information in your website and then invite other websites with similar information to yours. They must add your website too.

3. Provide a Service:

This website marketing strategy includes providing a service to the user or the page viewer. You have seen websites offering free chat rooms, or post your resumes or create your profile.

I do not say you give free services, but these are examples of services that deliver high traffic for your website. Services offer best links. They are well accomplished in article writing, content writing and blogging.

4. Web Directories:

In this web marketing, directories offer the best services. They arrange websites alphabetically with similar products and services.  In this, website directories provide an inbound link to your website hence giving you a chance for more views.

5. Email Signature File:

Have you thought of an opportunity to tell every person you communicate to, your necessary information? Email signatures are inbound links that provides the best marketing services. You include a signature that harbors contact details and a link to your website, in every email you send. The recipient will click and navigate to your email.

6. Webrings:

Webrings, they have the right to advertise a website different from yours. Then, the website owner has to do the same for you; it is a give and take. You sign contracts and establish a relationship between that website and yours. You may or may not have similar information or line of business.

7. Post in Newsgroups:

Maybe, you have signed up in a newsgroup. If not, you need to since this is a way to reach millions of target group for your products or services. Join newsgroups that share similar information and provide links on your articles, blogs or any type of discussion.

8. Social Book Marketing Site:

Ever thought of making quality bookmarks? This is similar to website marketing. You make your advertisements in sought of bookmarks that help clients and viewers to see it. You categorize the bookmarks ion keywords form; hence increasing the website traffic.

9. Blogging:

Blogging is the most common used online marketing tool. Blogs are length information article that deal with a wide range of genres. They are web pages where you directly advertise your products and services inform of information to guide, teach, inform, or entertain.

There are a number of blog writing service providers who can write on anything within a fixed period. All you need is to get the topic, the required key word strength, number of words and deadline for the assigned work.

This will take some hours and you post your information to clients. You must update your blogs with new and competent information or materials.

10. Word of Mouth:

Since time immemorial, sales agents have used word of mouth to advertise or sell the products. Other than writing blogs and articles, many people tend to believe what they hear. Seeing is believing, and you remember 50 % of what you see.

You need to incorporate all these strategies in any website marketing to increase the number of hits, or better said increase internet traffic.

 

Winners and Losers

Let's face it; there can be little doubt that both sides (the bad guys and the good guys) want to be on the winning side of the cyber security tug "o" war game. To complicate matters even more the speed at which the whole cybercrime and cyber attack situation evolves can at times become a bit overwhelming; even for the seasoned professional.

Fortunately there are a number of simple, easy to implement steps that you as an individual can take to reduce both your individual personal risk/threat impact levels as well as those of a large organization and everyone in between.

I will now present a number of simple but effective long standing “tried and true” strategies that have shown time and time again their capacity to reduce or mitigate your risk and your exposure to the most common attacks of today. Also note that reducing the impact and consequences of an attack; should it become a reality, and the measures and countermeasures available to you will be dealt with as well.

Realization and Understanding - Security Awareness

The first thing that we need to acknowledge is that there is always somebody (individuals and/or groups) out there looking to make a fast buck. Denial of this and you are destined to be perpetually on the losing side.

We also need to address such factors as “insider” or “insider” collaboration attacks, scams, social engineering, hacking, cracking, phishing etc. In addition; attacker motivations need to be determined, understood and recognized as this will allow us to construct more specific targeted responses and proactive countermeasures along with custom preventative initiatives.

Some of these motivations include: fraud, identity theft, malicious intent, revenge, financial greed, scams (e.g. Nigerian 419 attacks), extortion, thrill seeking and espionage etc.

Importantly however; most attacks are not perpetrated mindlessly and without any predefined purpose. The attacker always has some goal in mind when perpetrating the attack. This comes as no surprise when one considers the amount of effort that goes into the planning, design and implementation of many attacks.

When we understand what it is that the attacker hopes to achieve through the attack we can implement both reactive and proactive initiatives that will negate a particular type of attack. Using attack specific countermeasures means that the defenders will need to implement and maintain a considerable number of strategies in order to meet most threats head-on. Most current antivirus software is effective against considerable numbers of potential threats.

Password/Pass Phrase Policy

The development of a suitable password policy is always one of the first tasks that you should undertake whenever assessing, planning, implementing, administering, maintaining, documenting and updating your authentication methods and credentials. Passwords/pass phrase are no exception to this most basic of authentication rules.

• Policy Contents - Your password policy should outline and detail all requirements concerning and about passwords and their usage by yourself or within your organization. Consistency across the board is always one goal that a password policy should address.
• Policy Documentation and Enforcement - Thorough documentation and enforcement of your password/pass phrase policies are factors critical to the attainment of the goals and directives set forth in your password/ pass phrase policies.
• Assessment - Be a realist and assess your current password security procedures and status honestly. Do not let anyone else know the details of your self-assessment. The primary purpose of a password security assessment regime is to identify areas of weakness so that you can put them right.
• Logon Password Dialogue - Always reactivate the logon password dialogue if it has been disabled
• Logging, Accounting and Auditing - With logging turned on you will be able to identify such events as attempted, successful and unsuccessful system and network logon attempts. Here you can glean considerable information that may very well point to the presence of an intruder or even attempts by an insider attempting to access system and network resources for which they do not have the necessary account privileges.
• User Education - Through continual user education and updating it is possible to create an environment with a high level of user security awareness. This goes a long way toward the establishment of a security aware culture. The benefits of a security aware culture include a considerable reduction in exposure to potential attacker(s).

Users are less likely to become victims of phishing and social engineering attacks and so enhance an organization's overall resistance to these types of attacks. Remember that it is breaches of user security that is the most common means by which attackers gain authentication credentials including logon account names and password pairs.

Password Complexity

The more complex a password, the harder it is for an attacker to crack. Most attackers will simply move on to easier targets. It is strongly recommended that you ensure that any passwords that you use comply with the following guidelines:

• Minimum Length - Make sure that your passwords are 8 characters or greater in length. The more characters in a password/pass phrase the better so using 14 characters provides immensely better password security than using 8, 9, 10 or 11 characters.
• Case Sensitive, Mixed Case, Numbers and Symbols - Ensure that all password authentication mechanisms are case sensitive and that they use a mixture of upper and lower case characters along with at least one numeral and one non-alphanumeric character (symbol) in every password
• Dictionary - Try not to use any real words that can be found in a dictionary
• Social Engineering - Try not to use names or dates that are associated with you as a person. This means that you should not use your address or birth dates or the names of family, friends or pets either.
• Defaults - Change all default authentication credentials at the earliest possible time. This will include the default administrator account and password. Also disable the Anonymous and Guest account access privileges. Do this for every device including your modems, switches, routers, workstations, firewalls, mobile devices etc.
• Retry Attempts and Retry Rate (Time-to-Wait) Limits - You can use Local Users and Groups > Passwords policy to limit the number of retries available to a user when logging on to the system/network.

Setting the maximum number of retries permitted before the account is locked-out to two or three will go a long way to preventing most password cracking attempts. It also makes brute-force dictionary attacks much harder and for most attackers impossible or undesirable to implement. They won't bother wasting their time on you when there are a lot easy fish to be had.

You can also severely restrict the retry rate. Setting the time that the system waits after an unsuccessful password logon attempt (mismatch) is registered before another password retry will be permitted to 5 seconds will thwart most “brute force” password cracking tools.

• Pass Phrases - Use pass phrases rather than passwords
• Password Renewal - Regularly change authentication credentials including passwords and passphrases

Security in Depth

Surprisingly many systems today still rely on password only authentication. Thus, defending yourself and your organization against the ravages of breaches of password security becomes of heightened importance.

• Single Point of Failure - By using password only authentication you are introducing a single point of failure/attack (the logon name/password combo) into to your network. There is little doubt that this situation does make you considerably more exposed to the efforts of cybercrime.
• Multilevel Authentication - In short; a security-in-depth strategy entails the implementation of more than one authentication mechanism at all points of your system/network. If an attacker can penetrate one authentication mechanism they will still not be granted access to your system and network resources as they are yet to successfully complete all required authentication mechanisms. More often than not the casual attacker (attacker of opportunity) will simply move on to the next potentially easier to “crack” system or network. In this way much of the potential damage that an attacker might cause is averted.

For example; your defenses may be based around the use of user entered passwords to; once authenticated to permit the user to gain access to the next level in your authentication process. Here they will need to correctly complete this element of the authentication process. Once logged into the system or network the user may be required to supply additional authentication verification in order to gain higher levels of privileges. This can of course be as simple as the user being required to enter another different password in order to proceed any further.

Multilevel Password Only Authentication - Here is an example to illustrate the security-in-depth approach using password only authentication systems:

The user logs onto the network using one password, which in association with that account's logon user name will, once authenticated, grant the user access to basic network assets, services and resources.

At a later time the user needs to access a higher privilege level asset or resource; such as a database or administrative capabilities, the user will be prompted to supply another user account name along with a different password for authentication before the user is permitted to go any further.

In this way, we now have implemented a two-tiered hierarchy of access privileges to specific resources. Although; still solely password-based, it is immeasurably more secure than would be the case for all system(s)/network(s)/resource(s) that require just the one logon user account and password to accesses all system/network assets and resources.

If the user needs to have access to assets and resources including the personally identifiable information contained within the customer database they will need to provide an additional different user account logon name and password. In this way we have built a three-tiered password-only authentication system.

Most operating systems, including Windows, Linux and Apple MAC along with specialty application software (MS Word, Open Office, security suites etc), will support this strategy natively out of the box.

Multifactor Authentication - When implementing a multifactor authentication system many different types of authentication mechanisms are used jointly. This means that in order for a user to gain access to system/network resources and assets they will need to provide many different types of information for authentication validation. For instance a user may be required to supply a password as well as a smart card or thumb print, retinal scan or even a voice sample to the authenticating system.

Password Hard Copies

The best advice concerning the practice of making hard copies (paper) of authentication credentials is DON'T DO IT. Physical hard copies of your passwords are liable to the additional risk of physical theft. Here are some more practices you should not do if you feel that you must make a hard copy of your passwords and keep it near to hand:

• Do not leave a hard copy of your passwords in close association and physical proximity to your computer e.g. on your desk or beside PC or monitor.
• Do not maintain a hard copy (paper) of your passwords and keep them locked in your desk drawer. You cannot guarantee that nobody will attempt to break into your desk. The locks on most desks are merely a trivial inconvenience to those with a little know-how and a flat-edged envelope opener. It usually takes no more than five to ten seconds to open the majority of desk drawers. Forgetting to lockup your desk compounds the crime.
• Do not make a hard copy of your logon and password details and leave it in open public view
• Do not write your logon name and password on a post-it-note and attaching the post-it-note to the PC or monitor. This is probably the worst password hard copy security practice of all.

Electronic, Magnetic and Optical Password Copies

While not as risky as maintaining hard copies of your authentication details considerable care needs to be taken when storing electronic, magnetic or optical copies of authentication credentials.

• Encryption - You should always encrypt authentication credentials data; or any other data for that matter, when storing it in an electronic, magnetic or optical format.
• Physical Security - As with paper hard copies, any physical copy of any data is liable to additional risk of theft. Many thieves find it easier to steal physical objects compared to electronic objects. They may consider your PC too big to put in their pocket but CDs, USB flash drives, floppies disks and external hard drives are another matter all together. Do not leave any of these devices lying around or in a position where they may be stolen.
• Physical Security Measures - Protecting electronic, magnetic and optical physical copies of your data always begins with physical security measures such as using data vaults, lock and key and off-site storage etc.
• Password Protection - Always use a password to add an additional layer of protection to the encrypted data which you need to store. This includes all electronic, magnetic and optical storage media. You should also encryption and password protection for all folders and files including those on your computer.

Maximum Protection

Always afford passwords and other authentication credentials maximal protection and spare no effort in these endeavors, as they will deliver heightened levels of security across the board to your entire system/network.

• Nondisclosure - Never disclose account authentication credentials such as logon names and passwords to anybody. This means your account's authentication credentials as well as those of other users which you may be managing or administering.
• Confidentiality - At all times and under all circumstances you must ensure that authentication and authorization credentials remain known only to you.
• Need to Know - The only exceptions to this being the user in question, your security personal, administration and support personal and then only on a need to know basis.
• Secure Communications - Always assume that you are being tapped or your networking and communications traffic is being “sniffed”. Thus; wherever and whenever possible opt for the highest level of secure communications. Never transmit “plain” English passwords are to be transmitted over publically access networks and transmission media such as wireless networks.
• Hashing Algorithms - Hashing algorithms; such as MD5, should be used to ensure the integrity of files as they will help you to identify that a file has been tampered with. This should be applied to all data that you store as well as your password data.

If you include the file attributes in the hash then you will be able to tell if someone has attempted to open the file. This works best on NTFS systems such as Windows XP, Vista, Server 2003 and Server 2008.

By knowing that you are under attack the attacker loses the element of surprise. Furthermore; they will most likely be unaware that you know that somebody has been there.

Human laziness, carelessness and a casual attitude toward security, particularly where user accounts are concerned is one of the most pervasive issues facing security on an ongoing basis. It is through the development, documentation and implementation of a rigidly enforced password/pass phrase policy that you have the greatest chances of overcoming these issues.

Here are 11 search engines (other than Google) where you can still find exactly what you want...

Technorati

Technorati is by far the best alternative to Google. The 'blog search' allows you to search the hottest blog items, including a list of 'most-linked-to' blogs, a top searches list, as well as movies, music, games and videos that most bloggers link to. It is user-friendly as you can sort results according to timeliness (based on the newest content) or blogs with more inbound links.

Draze MetaSearch

Just like a typical Google page, this site allows you to search results from Google, Yahoo! and MSN quickly. You can choose to view the results from either one of the search engines. There is a 'Peek-a-Boo' feature that gives you page previews so that you do not have to click through unnecessary pages.

Rollyo

stands for Roll Your Own Search Engine. It allows you do category or general searches to get results from the Web or blogs. You may also create your own search engine if you intend to search only specific sites.Rollyo

Clusty

Clusty collects the results from several search engines (excluding Google) and arranges them in clusters to further refine your search. For instance, a search for Sony Vaio returns clusters such as various Sony Vaio model numbers, reviews and prices.

Ask.com

Focusing on "subject-specific popularity", this site is rich in features. It orders results by 'popularity' among pages considered to be experts on the topic of your search. The 'page-preview' and 'editorially selected smart answers' are its best features.

Chacha

At Chacha, you can chat with a real-life professional by submitting your query, and he will return you with results that are customised to your needs and specifications. The service is free and you can have a whole lot of fun.

Scour

Scour aggregates the results from Google, Yahoo! and MSN. There is a social element where users can 'vote' the results up or down.

StumbleUpon

StumbleUpon lets you rate pages and sites that you visit with the thumbs-up/thumbs-down icons in your toolbar. Once it learns your preferences, it becomes better at directing you to the topics you like. You can also add friends to your list. Their preferences will help to further refine your search results. This website is great for finding content that you may not be able to find elsewhere.

Kosmix

This search engine is based on searches by category, including politics, finance, health, travel, autos, video games, etc. It scored better with less-time sensitive issues and search terms. For example, it provided lots of information (prevention, cures and risk factors) on health-related topics.

Can't Find on Google

If you can't get any result for your search query on Google, you may post it here and wait for another user to help you. However, the response-to-post ratio is not very high as there are too many queries. But it is still worth a try if you are desperately looking for something that you can't find on Google.

netTrekker

This site is targeted at schools and students. Each site listed in the search results has been specifically selected by educators whose aim is to ensure safe surfing.

With so many search engines around, I am sure you will be able to find the things you want on the internet. Hope you will find this list useful. All the best! 

Digg

This website is a place where you can share any content with other people on the web. If you like a particular blog post, web page, news item, photo, or video, you can submit it to Digg where your content has the chance to be seen by other Digg users. The people who see your submission will be able to rate your content. If they like it, they will "digg it", and if they don't like it, they will choose to "bury" it. You can do the same for the links submitted by others. Website links which get the most "diggs" (or positive votes) will be posted on the front page of Digg.com, where millions of users can see it!

Some tips on how to use Digg properly:

1. Don't just blindly add friends. Choose Digg users who frequently post links that match your interests. You may also add people who particularly like your submissions. The more friends, the merrier!
2. Don't just post your own website links. The Digg community sees this as a selfish act and may cause other users to bury your submission easily. Rather, look for highly interesting news items all over the web and be kind enough to share it to the Digg community! If you really want to promote your OWN blog posts and website links, then have a friend submit it to Digg for you.
3. Enjoy the Digg experience by posting comments on other people's content and honetly speaking your mind! If you think a particular website deserves to get into the Digg frontpage, then vote for it, and shout it to your friends. If you think a certain webpage contains trash, then bury it and state your reasons for doing so. This will ensure that other people will receive only good content and steer clear of the bad ones. You are the judge!

StumbleUpon

When you open a StumbleUpon (SU) account, you will be prompted to install the SU toolbar. After you install it, you may now start "stumbling", or in other words, surf and discover websites that match your interests! This is a very good way to enjoy the internet. Each time you click the Stumble button on your SU toolbar, you will be taken to a random webpage that matches your interests and is recommended by other SU users as well. Once you see a particular webpage, you have an option to give it a "thumbs up" (if you like it) or a "thumbs down" (if you don't like it). Webpages which get more thumbs ups and reviews will have a chance to be seen by thousands of other like minded individuals!

Some tips on how to use StumbleUpon properly:

1. Don't focus on bringing traffic to your own website links, just enjoy the site! Use the SU toolbar and you'll be surprised to discover awesome webpages submitted by other users. It can really be a fun and educational experience.
2. If you want to share your own website links to the community, then simply send it to your friends by using the SU toolbar (there's a 'send to' option). Let others submit, judge and rate your own webpages.
3. Reach out to other SU users and make friends with them. Don't spam the system! Others simply send a friend request to hundreds of people at once. Nope. Rather, befriend the people who visit your page, who comment on your stumbled pages, and those whose interests matched your own (you can determine this by looking at the StumbleUpon compatibility tool).
4. Only submit high quality sites and get rid of the trashy ones. Period.

That's it. You will discover most of the other great features as you gain more experience with these two websites. Happy Digging and Stumbling!

War Driving Versus Wireless Network Hacking

While; most of us have heard of hacking, the more recent practice of “war driving” is not so well known.

War Driving

War driving is the practice of cruising around with a wireless enabled laptop complete with a plethora of wireless networking detection and cracking tools. Many war drivers even make use of GPS to physically locate with pin-point accuracy the precise locations of any wireless networks detected.

The major distinction between war driving and hacking into wireless networks is that in the strictest sense war driving is all about discovering the existence of wireless networks.

Wireless Network Hacking

Hacking wireless networks on the other hand is about cracking/breaking into the wireless networks discovered through war driving or any other means for that matter. In short, the hacking of wireless networks is all about gaining access to a network whilst not being a legitimate bone fide network user with authentic access privileges and rights. This does not infer in any way that a would-be intruder/hacker is implicitly malevolent.

War Driving and Wireless Network Hacking Tools

Both war driving and wireless network hacking tend to use the same range of tools as each other. Candidates include specialty wireless packet sniffing tools (Airsnort, Kismet, NetStumbler and Wireshark etc).

The sorry reality is that for tools such as Kismet there really is very little you can do to prevent them from discovering the presence of your wireless network. Fortunately however; there are countermeasures such as fully encrypted transmissions, tunneling and heightened authentication procedures, which you can employ to deny the potential malevolent intruders from progressing beyond the discovery phase.

Legitimate Ethical Wireless Network Hacking

There are many reasons that one may attempt to hack one's own wireless networks. For example; legitimate authorized and authenticated security staff may be conducting site surveys, penetration testing or network security preparedness assessments and will usually harbor no truly malevolent or other “evil” intentions.

I say usually because many security breaches do involve breaches of trust by authentic personal. Subversion from within is an issue that has existed since long before wireless networking capabilities were developed. Then there is that group who may be attempting to access/hack into your wireless network for the thrill of it simply because it's there.

War Driving and Wireless Network Hacking Tools

Note that the standard tools used for war driving and wireless hacking purposes are generally the same. They are also the very same tools that authentic network security personal will use to conduct site surveys and penetration testing etc.

Downloadable Self-Extracting and Automatic Installer Packages

In addition, the vast majority of these wireless network tools are freely available for download via the Internet. In general; you will find that the vast majority of these tools will come in the form of self extracting installation packages and/or user installable software.

Here are a few free for private use wireless networking, survey, network discovery, packet sniffing, site assessment and penetration testing tools currently available: Airsnort, ASLeap, CowPatty, Ethereal, Kismet, NetStumbler and Wireshark

Sophisticated Yet User Friendly

What many may not realize is the degree of user friendly sophistication and capabilities that these tools have attained over the years of their existence and development.

Armed by Default

So it is that in today's wireless networking climate we must assume; that by default, attackers will also be armed with these tools. Bearing this in mind, we will construct our defenses in a manner best suited to counteracting a multiplicity of threats originating from all angles.

War Driving Protective Countermeasures

Countermeasures to protect your wireless network from war driving and hackers in general must be well planned and rigorously maintained and update. Vigilance is the key.

Transmission Medium Access

First line of defense in overcoming the threats posed by war driving and wireless network hacking is achieved by reducing a transmission medium's exposure to potential threats.

Network Surveys

Site surveys need to be conducted to identify signal leakage and rogue Wireless Access Points (WAPs). This can be easily accomplished without high-tech gadgets. Simply walk around the various network zones, zone perimeters and site perimeters with a wireless enabled laptop to see what signals it can detect. You should be doing this in very much the same way using the same wireless detection and hacking tools that a war driver or any potential hacker would.

Wireless Network Physical Security

Wireless Access Points (WAPs) need to be located and secured in such a way that they can remain free from physical interference and tampering. A redirected WAP antenna can present external entities with an access point to your network.

Furthermore; if enough WAP antennae are compromised (out of alignment, redirected or non-functional) total wireless network collapse can result. Regular inspection and adjustment of WAPs is the best way to limit the damage that can be caused as a result of WAP physical security issues. It also has a role to play in overall network performance and assessment.

Antennae

The use of mixed unidirectional and omnidirectional antennae in a production environment will be of considerable assistance in helping to reduce network perimeter signal leakage.

Multiple In Multiple Out (MIMO) antennae can be used for areas of high network traffic that are contained entirely within your internal network's publically inaccessible physical perimeters. Careful antennae selection and placement will contribute greatly to wireless networking coverage pattern shaping.

Network Segmentation

Subdividing your network into a number of smaller logical subnets will also help reduce exposure while at the same time delivering greater overall network efficiency and performance. You can also use this as a means of adding extra layers of authentication.

Demilitarized Zones (DMZs)

Use DMZs with limited access rights and privileges to confine potentially “undesirable” traffic to areas of limited functionality without exposing your entire internal network to the threats that they may pose. In this way you can provision and maintain a lower risk publically accessible zone on your network's periphery if so desired. It also greatly simplifies firewall access lists and rules configuration, management and upkeep.

Disable Internal Anonymous Ad Hoc Connectivity

Sometimes circumstances will dictate that you have no choice other than to permit some degree of anonymous publically accessible ad hoc connectivity to your wireless Network. Confining this type of accessibility to your network's perimeter using DMZs is usually the way to go.

However; anonymous ad hoc wireless connectivity is not needed for purely internal wireless network accessibility. From a security standpoint once authorized users are internal to your wireless network's perimeter, they do not need anonymous ad hoc connectivity capabilities, so disable it. All they need do is log onto the network in their usual prescribed manner. Your network access authentication procedures will define who is, and who is not permitted access.

Signal Leakage

You will need to conduct regular site surveys and network preparedness assessments to check and verify that no signal leakage from the fully internal wireless network to the publically accessible zones is occurring. Also check to ensure that there is no leakage from the publically accessible ad hoc wireless networks into your network core.

Change Default Settings

This one is really a no-brainer. Once your wireless devices are up and running change the manufacturer default settings for such properties as administrator name, password or better still passphrase, authentication mechanisms, network name and ID, broadcast parameters, pre-shared keys and the default encryption methods and settings as well as the connection method used to gain access to network resources.

Microsoft Windows Zero Configuration

Microsoft Windows zero configuration anonymous ad hoc wireless network implementations will; by default, result in both wireless enabled client devices and Wireless Access Points (WAPs) alike to persistently advertise their presence to the rest of the world.

Advertising Connectivity Offers and Requests

The client will continually transmit a request for connectivity and the WAP will continually transmit an offer to provide connectivity. This advertising activity by both sides will continue regardless of whether or not the client and WAP are actually connected.

Wireless Networking Administrative Overheads

Yes; this does contribute to a wireless network's administrative overheads. Most operating systems, networks and wireless access devices also exhibit the same type of behavior when it comes to announcing their presence.

MAC Address Filtering

Wireless enabled device authentication can be most easily implemented through MAC Address filtering. Wireless Access Points (WAPs) and wireless routers have administrator definable access control capabilities based on Layer 2 addressing.

The MAC Addresses of permitted wireless enabled devices are entered into the Wireless Access Point (WAP) or wireless routers MAC Address filter table. Simple Permit/Allow or Deny rules are associated with each MAC Address contained within the devices MAC Address filter table.

The simplest way of using a MAC Address filter table is by entering a list of specifically permitted client MAC Addresses and access is denied to all other devices. All devices lacking a qualified listed in the MAC Address filter table will be automatically denied network access and packets originating from them will be automatically dropped.

MAC Address filter table based access control actually precedes any user based authentication mechanisms since the MAC Address is contained in the Layer 2 header of every packet placed onto the network. This means that packets originating from devices not listed as being permitted in the MAC Address filter table will be dropped without ever being placed on the network transmission medium.

Service Set Identifier (SSID)

Service Set Identifier (SSID) is the name used to identify various different 802.11x wireless networks (WLAN). By default all client devices receive SSID broadcasts from all Wireless Access Points (WAPs) that are within range.

Selection of the Wireless Access Point (WAP) that is to be used for the current connection depends on the specific configuration of the client, either a pre-configured Wireless Access Point (WAP) or the user will select the Wireless Access Point (WAP) from a list of Wireless Access Points (WAPs) discovered as a result of their SSID broadcasts.

Disabling SSID broadcasting by WAPs is one of the best ways of ensuring that you do not come to the attention of war drivers. Although tools such as Kismet can still discover your non SSID broadcasting wireless network many would be intruders will however be thwarted by a lack of SSID broadcasts. Wireless network SSID verification prior to connecting to a wireless network can also help users to avoid the threats posed by “evil twin” attacks.

Encryption

All traffic over publically accessible transmission media such as wireless networks should be protected by very strong advanced encryption.

128-bit Encryption

If your default encryption is Wired Equivalent Protection (WEP) then you should be using a 128-bit encryption key and not the default 40-bit key as a 128-bit key will take considerably longer for intruders to crack.

WPA and WPA2

However; if your equipment supports it, use WPA or WPA2 instead of WEP (although this may require a firmware or software update). WAP2 uses AES which is essentially unrealistic and impractical to break by most hackers.

Authenticated Access Only

Configure your wireless network to permit authenticated user and system access only.

Pre-Shared Keys

If using pre-shared keys make them long and complex as this type of key has less chance of being cracked via brute force dictionary attacks which means that it is impractical for most hackers to guess/crack.

EAP Protected Authentication

In corporate scenarios use EAP or even EAP-FAST to protect authentication and severely restrict the number and frequency of retries before the account is locked-out.

Certificates

If using certificates configure the certificate-based authentication to validate both user and remote device prior to being granted access to the wireless network. Also ensure that rogue systems will be denied access by default.

Tunneling

Corporate users should be using IPSec VPN with split-tunneling disabled.  This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES. Remember public wireless hot

Application Layer Encryption

Because public wireless hot spots do not generally offer encryption you can use application layer encryption software to rectify this failing. Simplite does a good job of encrypting IM sessions.

Firewalls

Install and run software firewall if you have not already done so. Microsoft Windows XP and Vista both have a built-in firewall application. Although it receives, criticism from some quarters the Windows Firewall application is free with the Microsoft Windows OS and has recently received additional improvements. If nothing else is available, use it.

Directory Services

Correct configuration of user accounts and credentials through directory services such as Microsoft's Active Directory will help with a more granular control over user wireless network access and privileges.

Corporate Firewalls

For larger networks it is probably more appropriate to implement a strategy that includes the deployment of one or more dedicated hardware firewall devices/appliances with Intrusion Detection (IDS) and Intrusion Prevention (IPS) capabilities. Vyatta and Untangle both offer viable lower cost alternatives to other more expensive commercially available firewalls such as Cisco's PIX and Microsoft ISA 2004.

Malware

Use antivirus and other malware applications as appropriate

Updates

Regular updating of your current and future security applications and tools should never be overlooked. This will include regular testing of both your wireless and wired networks and a thorough appraisal and assessment of their current state of readiness. Here is your best protection against so-called zero-hour vulnerabilities.

Security Policies

Develop, implement and maintain appropriate wireless usage security policies.

User Education and Security Culture

Educate your users in wireless security best practices. Update and communicate with wireless users whenever issues arise. What affects one user is in all likelihood capable of affecting them all. Develop a security conscious atmosphere and culture.

Other Technologies

SSL, Extended Validation SSL, SSH, OpenID, PPPTP, L2TP, IPSec VPN, digital certificates, hashing algorithms

Image Source

1. Networking.

   Some sites have groups of writers that work for them, all on their own, from home. These writers can show their support for each other by posting comments. A way of saying, "I have seen your site, now check out mine", without actually saying that.
   

2. Bragging Rights = More Sharing.

   A site where you can post your comment is more likely to be shared by you personally as a way of showing your friends that you have your name on a site, with your opinions.
   

3. Input for Improvement

   Some writers like to have input as a way to improve. When they get feedback they can return to their site and edit, omit, or add things to make the site better. A better site generates more hits, and most site creators want this.
   

4. Approval

   Some writers like to have comments as a sort of pat on the back, a way to feel good. A way to get interaction with people.

Why wouldn't a site have a comments area?

1. They do not want any negative feedback.
   
2. They do not have time to manage feedback. Most sites enable the user to delete any feedback, or require them to check it before it is posted. Some site owners do not have time for this so simply do not allow feedback of any kind.
   
3. They simply over looked the importance of allowing it.
   
4. The site isn't conducive to having comments added. Meaning that what ever the site is about, there is no point in commenting on it.

My own thoughts for you to comment on, if you wish.

1. I have dial up Internet, it is slow and annoying. It is hard and time consuming to post comments, so I only do so when I am passionate about something, or have lots of time to wait for a site to down load. I prefer sites where the comment shows up right away, as opposed to ones where it has to go through a moderator.
   
2. I am frustrated when I cannot have input, especially to correct something or point out something. Recently there was a site about a couple who lost a cat for several years, and then found it. The site reported they lost a "ginger" cat, but the picture clearly showed a calico cat.
   
3. I would LOVE to be able to add comments on links where certain pet foods are being marketed as good food. However, these sites usually do not allow comments, or would certainly delete mine!
   
4. From the social networking aspect, it is sometimes hard to come up with comments more exciting than the standard "that is a good poem" comment. Sometimes I would rather say nothing than add a redundant comment.

Cybercrime Tug "o" War

As attackers develop new strategies defenders develop new countermeasures. So the attackers develop counter-countermeasures to which the defenders respond with counter-counter-countermeasures and so on it goes and at such a rate that it sets your mind spinning. It really does seem to get quite overwhelming at times.

Everybody's objective in the cybercrime, tug "o" war games is to be on the winning side. Nobody likes losing especially when the prize is your own personal property or even worse your identity that is at stake. However, there are steps you can take to reduce both an organization's and your individual personal risk/threat impact levels.

Single Point of Failure

Many systems today, still rely on password only authentication. Thus, defending yourself and your organization against the ravages of breaches of password security becomes of heightened importance. Having a single point of failure/attack (the logon name/password combo) does leave one more exposed to the efforts of cybercrime.

Ostrich tactics won't work here so be a cold-blooded pragmatic realist and assess your current password security procedures and status honestly. Do not let anyone else know the details of your self-assessment. Identify areas of weakness and put them right.

Passwords - Hard Copies (Paper)

Human laziness, carelessness and a casual attitude toward security, particularly where user accounts are concerned is one of the most pervasive ongoing long-running issues facing the information security specialist.

The best advice concerning the practice of making hard copies of authentication credentials is DON'T. But we live in the real world and people do. So here is what can be done to tighten security for password hard copies.

Keeping a Copy in the Desk

Maintaining a hard copy (paper) of your passwords and locking it in your desk is not as secure a practice as you might think. You cannot guarantee that nobody will attempt to break into your desk.

The locks on most desks are merely a trivial inconvenience to those with a little know-how and a flat-edged envelope opener. Five to ten seconds is usually all that it takes to open the majority of desk drawers.

Failing to lockup your desk compounds the crime. It may save damage to your desk's lock but will do nothing to save the hard copy of your passwords. You cannot keep watch over your desk 24/7 so there really is no way that you can guarantee that your desk is a secure location to store password authentication credentials.

Password Hard Copy Security Basics (If You Really Must)

• Do not leave a hard copy of your passwords in close association and physical proximity to your computer e.g. on your desk or beside PC or monitor
• Do not make a hard copy of your logon and password details and leave it in open public view
• Do not write your logon name and password on a post-it-note and attaching the post-it-note to the PC or monitor. This is probably the worst password hard copy security practice of all.
• Lock desk
• Use a safe
• Store the credentials in another room or even off-site

Passwords - Electronic, Magnetic and Optical Copies

While not as risky as maintaining hard copies of your authentication details considerable care still needs to be taken when storing electronic, magnetic or optical copies of authentication credentials. Here are a few pointers to improve your security preparedness with regards to storing password authentication credentials on electronic, magnetic or optical media:

Encryption - You should always encrypt the authentication credentials data when storing it in an electronic, magnetic or optical format.

Password Protection - Use a password to lock and protect the file for additional security.

Hashing - While you are at it I do recommend using a hashing algorithm; such as MD5, to ensure the integrity of the file. It will help by identifying that the file has been tampered with. Apply the hashing algorithm after the file has been saved to disk and make sure that you include the files attributes in the hash. This works best on NTFS systems such as Windows XP, Vista, Server 2003 and Server 2008.

Using a hash will tell you if anybody has attempted to access the file in the period between when you applied the hash and are now checking the files validity. It will not tell you as to whether or not they had any success but it will tell you that they were there. It may not be able to tell you who it was but if it was another network user then they may well have left identifying evidence behind.

Forewarned is forearmed. Knowing that you are under attack removes the advantage of surprise from your attacker they will most likely be unaware that you know that somebody has been there.

Theft - As with paper hard copies, any physical copy of any data is liable to additional risk of physical theft. Many thieves find it easier to steal physical objects compared to electronic objects. They may consider your PC too big to put in their pocket but CDs, USB flash drives, floppies disks and external hard drives are another matter all together.

Physical Security - Protecting electronic, magnetic and optically stored physical copies of your data always begins with physical security measures such as using data vaults, lock and key and off-site storage etc. You should also only store this information in an encrypted format to increase your data protection strategies.

Password Protect Electronic Copies - Password locking the files containing the copies of your password authentication credentials is also important.

Password Complexity

The more complex a password, the harder it is for an attacker to crack. Most attackers will simply move on to easier targets. It is strongly recommended that you ensure that any passwords that you use comply with the following guidelines:

Minimum Length - Make sure that your passwords are 8 characters or greater in length. The more characters in a password/pass phrase the better so using 14 characters provides immensely better password security than using 8, 9, 10 or 11 characters.

Case Sensitive - Ensure that all password authentication mechanisms are case sensitive

Mixed Case - Use a mixture of upper and lower case characters

Numbers - Include at least one numeral in every password

Symbols - Include at least one non-alphanumeric character (symbol) in every password

Dictionary - Try not to use any real words that can be found in a dictionary

Social Engineering - Try not to use names or dates that are associated with you as a person. This means that you should not use your address or birth dates or the names of family, friends or pets either.

Defaults - Change all default authentication credentials at the earliest possible time. This will include the default administrator account and password. Also disable the Anonymous and Guest account access privileges.

Retry Limits - You can use Local Users and Groups > Passwords policy to limit the number of retries. Setting the maximum number of retries permitted before the account is locked-out to two or three will go a long way to preventing most password cracking attempts. It also makes brute-force dictionary attacks much harder and for most attackers impossible or undesirable to implement. They won't bother wasting their time on you when there are a lot easy fish to be had.

Retry Rate (Time-to-Wait) - You can also severely restrict the retry rate. Setting the time to wait before another password retry will be permitted after a mismatch to 5 seconds will thwart most “brute force” password cracking tools.

Password Renewal - Regularly change authentication credentials including passwords and passphrases.

Password Policy - Develop, document and implement a password/pass phrase policy and enforce it.

Pass Phrases

Using pass phrases rather than passwords is a far more secure practice. It also means that a higher degree of complexity can be built-in while still remaining user friendly. As an example you could use pass phrases like this - 2Shorts&3Longs. Note that in this example we have a total of 14 characters and that it includes a mixture of upper and lower case, numeric characters and a the ampersand symbol.

A simple modification of this could be - 2*Shorts&3*Longs. Simply including the two asterisks has made this a 16 character mixed upper and lower case alphanumeric with symbols included pass phrase. It is easy to remember if you think of it like this - 2 times Shorts & 3 times Longs.

Automatically Generated Passwords

Most modern operating systems including Windows and Linux have the capacity to automatically generate passwords that adhere rigidly to a predefined set of rules such as those contained within password policies.

The passwords so generated are not necessarily easy to remember for most us mere mortal humans. Thus pass phrases as outlined above may be more appropriate for you.

Here is another pass phrase - InTheDoor4*4 at 12 characters of mixed upper and lower case with numerals and a symbol this is quite a strong pass phrase and will be accepted by most if not all systems. Say it as “In The Door 4 by 4”. It's the rhyming factor that makes it easy to remember.

Security-In-Depth

Using a security-in-depth strategy entails the implementation of more than one mechanism in your defenses. You can build multiple layers of defenses based around password authentication.

One set of credentials (user logon name and password) to open a channel after which you use additional passwords to gain any additional access privileges and user rights as required. This is a strategy that Cisco has used with their IOS. They have also provided the capacity to make the password encrypted through the use of the “enable secret” command.

Here is an example to illustrate the security-in-depth approach using password authentication systems:

1. You log onto the network using one password, which in association with your logon user name will, once authenticated, allow you access to basic network assets, services and resources
2. If some time later you need access to a resource requiring a higher privilege level, such as a database, you may need to supply another user name with a different password. In this way, we now have a two-tiered hierarchy of access privileges to specific resources. Still password-based, but immeasurably more secure than just a one password accesses all system implementation provides.
3. Now suppose you wish to gain access to and modify sensitive information held within that database. In this case, you will need to supply another different user name and password. A third layer of password protection access has now taken place. Your level of security has increased yet again and the best bit is that it is not going to cost you anything.

Most operating systems, including Windows, Linux and Apple MAC along with specialty application software (MS Word, Open Office, security suites etc), will support this strategy natively out of the box.

A classic example of this would be your email account. Your operating system will require you to supply the first password protected authentication level at logon. Your email service provider will require another password protected authentication when you wish to check your email.

WARNING: A word of caution however, most email password authentication processes occur unencrypted which is a very bad idea. Anybody with a “packet sniffer” utility can capture the traffic and view it in plain text at their leisure. To overcome this you can configure more secure communications channels and use multifactor authentication systems, which I do recommend and will discuss in another article which I hope to have finished in a day or two.

Conclusions

NEVER disclose account authentication credentials such as logon names and passwords. At all times and under all circumstances you must ensure that this type of information (authorization credentials) remains known only to you, the user in question, your security, administration and support personal and then only on a need to know basis.

NEVER keep hard copies of passwords and other authentication details

ALWAYS store data in an encrypted format

ALWAYS afford authentication credentials maximal protection and spare no effort in these endeavors, as they will deliver heightened levels of security across the board to your entire system/network

ALWAYS implement multiple layers of password-protected authentication. A security-in-depth approach is applicable to practically every system with a little careful planning.

REACTIVATE the logon password dialogue if it has been disabled

One final thought is to remember the 3 A's:

AAA - Appropriate Authenticated Accessibility

When I originally started out on this trek of mine, I did it not knowing anything about social media or the process of using social media websites. All I knew was how to write about what I felt and what I knew. I began by joining a website that a former colleague was a member of. It is referred to as one of the largest Real Estate networks around. It is known as ActiveRain Real Estate Network. When I joined I fumbled my way through the site and soon I learned how to maneuver my way around. I quickly sstarted to amass a following from this website. I was getting to a point where I could master the use of their systems and make my posts look interesting.

Soon, I decided to start a post outside the network and build a following of my own. I learned quickly that not all platforms worked the same and I ran into some road blocks. I regrouped and learned how to operate on both platforms efficiently. But, there still was the problem of getting traffic to come to me. It was not until I joined HubPages that I learned about social media and how to use it to benefit my time and get the much sought after exposure.

What I did not realize was the fact that I already belonged to two of the biggest networks around. One was ActiveRain which I blogged in regularly and the other was LinkedIn that I had joined years ago to help me in recruiting employees for the company that I was working for at the time. Where ActiveRain was closing in on 100,000 members and growing, LinkedIn had me connected to 25 million plus. What I did not realize for years was the fact that I had a social network in my hands and did not use it to my advantage.

After joining HubPages, I also learned about eHow and how to use this to write articles about things that you know. We all have things in our lives that we know about. For most of us, we just do not know how to put it into words. What was good witheHow is it taught me a little more about writing because of the different type of format that it uses. Between eHow and HubPages, I began to explore the pages within looking for more knowledge on how to grow.

One day, I found the knowledge that I longed for; Social Media websites and how I could use them to benefit me. It took me a while to figure all the sites out, but soon I was off into a totally new world. A world where I could come across millions of people and still only scrape the surface. One of the first things I did was load "The Button". It has been the greatest tool that I use today. What this does for me is allow me to connect to all the social media sites that I am a member of and add any post (blog page) that I have to their site. It is a social bookmarking tool if you will. In using this tool, I can spread a post that I write to millions of people in a matter of minutes.

Now, for most people, they use these tools in many different ways, so I am not going to go into the details of each. What I will do is tell you the ones that work for me. As with all things that work, consistency is the main key to it. Inconsistent behavior on these sites can tear apart what you have worked hard to build. Below is the list that I promised you and they can all be found in "The Button."

Digg

Twitter

FaceBook

MySpace

Reddit

StumbleUpon

Technorati

Google Bookmarks

Yahoo Bookmarks

FriendFeed

Mixx

BlinkList

Mister Wong

Just as there are different types of social networking groups, the age of the networker varies from the youngest to the oldest. Businesses can work on projects on line and charities can raise money and organize there plan by the internet. Social networking has been the evolution of an unmet need and the tool to meet that need. The largest and successful social networking sites grow through viral network marketing. In simple, the word of mouth, but sent virally to thousands with a few clicks on the keyboard. Products are made number one over night by some internet buzz, or a program can get blackballed by a few well placed critiques.

Most social networking sites have a focus. It could be photos, school, business, education, chat, blogging, military groups and hobbyist of all kinds. Some of the biggest social networking sites are Myspace, Facebook, Flicker and they have become household names. Sonico, a Spanish social networking group is one the biggest, however not widely known, with over 8 million registered users. The cultural implication of social networking is becoming apparent. Another cultural netmarketing group is BlackPlanet.com and dedicated to African Americans.

Niche communities are housed in the social network and are used by those that have the most in common. Subgroups and categories related to specific topics develop. Advertisement can be target at the specific topic or product and be exposed to people that are actually interested. There is a generation gap between the college age person with their parents and grandparents. Many older people do not understand or appreciate the power or necessity of the social interaction on the web. This does not detour the millions of networkers. This is a generational issue and the outcome could plot the path for social networking in the future. It is unlikely that the diehard networkers will be swayed buy lack of generation support. Social networking is too big to be suppressed. The internet has changed from a repository of information and data to a vessel for building commerce and relationships. Humans like to feel apart of something, it does not matter if it is across the world or in there own home.

Do you remember being young and wishing you could be invisible? It seemed exciting to be able to sneak around and listen to people’s conversations, peek into other people’s lives and never get caught. The intention was not to cause harm; it was more like being Superman and having special powers. To be invisible was simply a childish fantasy.

Being on the Internet is much like being invisible. You can observe others, read their blogs, look through their family pictures and no one can see you. Seems harmless enough. If people have put their information out there for everyone to see, what is the harm in looking at it? The problems arise when previously “civilized” people take liberties they never would in real life.

In chat groups and social networking sites, people say and do things online that they would never consider in their real lives. If you are rude and abusive in a chat group or on a social networking site, you can simply change your email address and name and get right back online.

Basic grammar, manners and social rules are often discarded. Invisible people don’t have to worry about what they say and do online. You can be braver, feel wiser and smarter and you don’t have to face your audience. If you don’t like a co-worker or school mate, leave an anonymous nasty message on a social networking page or send an email. Websites like Yahoo and Hotmail allow you to have several email addresses and unless you provide them to your recipient, you can be anonymous.

Poor behavior and etiquette are not limited to socializing; it has crept into businesses as well. How many times have you received an email that is simply a few words or a terse comment? Prior to email, a letter, fax or phone call would initiate a request for information. The letter or fax would be properly written (think back to high school typing classes and how much time you spent learning to write a proper letter) and formatted. A phone call is a more personal contact and in business, it was imperative that you were well mannered and clear and concise in your requests.

We need to return to the basic rules of behavior and etiquette. Being online does not give you license to be rude, abusive or harassing to others. Treat the opportunity to communicate with people all over the world as a gift, an opportunity to learn about the world around you and uphold the basic tenets of a “polite” society. In turn, you can make new and interesting friends and learn about things you never thought possible. Be a good example for others and perhaps over time, we can turn the Internet into a place where being safe from rudeness and harassment is not just a dream.