Security

An auditing system consists of three components: the logger, the analyzer, and the notifier. These components collect data, analyze it, and report the results.

1. Logger
Logging mechanisms record information. The type and quantity of information are dictated by system or program configuration parameters. The mechanisms may record information in binary or human-readable form or transmit it directly to an analysis mechanism (see Section 21.2.2). A log-viewing tool is usually provided if the logs are recorded in binary form, so a user can examine the raw data or manipulate it using text-processing tools.

EXAMPLE: Microsoft's Windows NT has three different sets of logs. The system event log contains records of events that Microsoft has determined warrant recording, such as system crashes, component failures, and other events. The application event log contains records that applications have added. These records are under the control of the applications. The security event log contains records corresponding to security-critical events such as logging in and out, system resource overuses, and accesses to system files. Only administrators can access the security event log.

The original — and still the most popular — means for identifying and removing spyware is to run a spyware-scanning program that will search a workstation or server for spyware, list the spyware found, and remove it if the user so desires. But software that blocks spyware before it can be loaded is becoming more popular. A thorough spyware scanning and removal program must check for spyware in many places, including

1. Cookies: Although cookie-based spyware is the most benign of spyware, many people are concerned about the Web-tracking capability that such spyware facilitates.
2. ActiveX controls: As I mention earlier in this chapter, ActiveX is Microsoft’s proprietary technology whereby scripts (short computer programs) can be dynamically loaded from a Web site and executed on the user’s computer. ActiveX is a “client-side” scripting language similar to JavaScript.
3. Java and JavaScript: Java is a structured computer language introduced in the 1990s; JavaScript, a scripting language similar to Java, is often used as a “client side” scripting language used to execute instructions via a user’s Web browser.
4. Browser Helper Objects (BHOs):
   

Cryptography and computer security are two distinct subjects. Cryptography is the art of encoding information in a secret format such that only the intended recipient can access the information. Cryptography can also be applied to supply proofs of authenticity, integrity, and intent. The use of cryptography has progressed extensively over a long period of time, ranging from the ancient Caesar cipher to cipher machines widely used in World War II to modern cryptosystems implemented with computer hardware and software.

Computer security is the application of measures that ensure that information being processed, stored, or communicated is reliable and available to authorized entities. Computer security first became an issue only in the 1960s, when timesharing, multiuser computer operating systems, such as Cambridge's early computing system and MIT's Multics, were first built. After that, the field of computer security remained relatively obscure for years, apart from a brief active period in the mid-1970s. Security concerns then were based mostly on military requirements. Commercial security did not become fully mainstream until the Internet and electronic commerce (e-commerce)—and Java technology in particular—took center stage in the 1990s.

Marketing is an ugly business. Its mission is to highlight the good points of a product and downplay its bad features. I always marvel at how companies can turn basic products such as toilet paper or chewing gum (spanning two ends of the human spectrum!) and represent them as something more exotic that what they really are.

Marketers do the same with software. And since they can be really clever, it's hard to not be swayed by the influential messages they dangle in front of us simple apes. To that end, I've listed in this chapter some of the most common products that I think are worthy (with a couple of exceptions) that you'll likely encounter in your travels from tree to tree on the Internet. Mixed in for good measure are the freebies I mention in this book so you have a single place to reference them.

1. Software model: Several software-based anti-spam solutions are available that you load on a dedicated server or right on your e-mail server.

2. Appliance model: In anti-spam solutions, the appliance acts as sort of an e-mail firewall, in that it logically is placed between the Internet and enterprise mail server(s). The anti-spam appliance examines every incoming mail message and, using a list of filtering rules, makes a pass or block decision for each message. I’ll grant you that software and ASP solutions also are e-mail firewalls — it’s just that an appliance solution also looks like one.

3. ASP model: ASP stands for Application Service Provider, meaning the application resides on a computer located elsewhere, and what you’re buying is essentially a data service, in this case e-mail filtering. Antispam companies offering the ASP model perform all the spam filtering on their physical (or logical) premises, and deliver only the clean e-mail to you.

If you own an Apple Macintosh computer, should you worry about viruses, worms, and Trojan horses? Yes, but not to the same extent as on a PC. Viruses have been written for Apple computers, but they haven't proliferated to epidemic proportions in the same way they have on Windows-based PCs.

So why not? Well, for one, Apple has designed its operating systems really well, especially the latest one called Mac OS X.

Before the operating system came along, there were about 6080 Mac viruses in the wild that threatened Mac computers. Since, there's been none that have been able to assault Macs running OS X. Apple has had to fix security holes in the operating system and issue patches, however.

Download latest password application, Password Builder for Apple Mac Os. It can build strong random passwords up to 40 characters. It has four types of passwords to cover all flavors. After chosen you password, copy it to the clipboard or paste it in Mac OS X TextEdit for saving. The simple way to build your passwords.

Features
- Automatic: generates passwords up to 40 characters using low case, upper case, numbers and special characters. It’s possible to omit the special characters and ambiguous ones.
- Semi-Auto: This will generate a password based on a word chosen by the user, strengthened by the Password Builder to give it more security.
- Preset: For those who want a quick password without fiddling with things. The user has two choices: Low Security Password and High Security Password.
- Phonemic: A simple password is generated for an every day use. The word created will have no meaning, but it will be easy to remember.

1. Email Forwarding
If you forward an email to dozens of people, make sure you send it to yourself in the To: field and put everyone else in the Bcc: field. Bcc means blind carbon copy. It's used to send a copy of the email to someone without revealing her email address. If Bcc is not used, you expose everyone's email address to dozens of other people. It's been suggested that your email can be exposed to spammers that way. I know a few public relations people who have scooped my email for press release lists when another person has failed to hide my address in the Bcc: field.

2. Website Harvesting
Programs are available that scan public address books on web-based email sites. Spammers also have software that looks for email addresses embedded in websites. If you have a personal web page, an email address you post is almost guaranteed to be found by spammers. In fact, the people who receive the most spam tend to be webmasters. After emails are harvested they are compiled into lists and sold on the Internet.

3. Dictionary Spamming
There are also programs that combine random words and common names and pop them together in an effort to come up with valid email addresses. With so many people using email, all the common

1. Spyware: I Spy with My Little App
Spyware includes programs that can record what you do on your computer and share that information with a stranger via an Internet connection. Some can watch and record your web-surfing habits. Some log everything you type. Spyware can also capture user IDs and passwords. It might have the ability to see where you have been on the Web. If there's information on your computer that is of interest to someone and can make them a little money, there's probably a spyware program to capture it.

2. Adware: Attack of the Pop-ups
Adware is equally annoying because it not only spies on you, but then it shows you ads. Some adware spies on you because its mission is to show you ads customized to your tastes, usually via pop-up ads on your computer's desktop. Sometimes adware is a legitimate part of a free program. Software publishers often bundle adware in with free programs they offer, using it as a revenue source. Many warn you of the adware during installation in the End User License Agreement, also referred to as an EULA. (That term always make me think of a slightly portly aunt that you hate to kiss but who makes good cupcakes.)

3. Snoopware: I Wanna Know What You're Up To!
Snoopware watches your computer habits on behalf of someone else, usually someone you know. This can include parental monitoring softwareprograms designed to track children's computer habits. One of the most popular uses of snoopware is to track the behavior of a spouse. Usually it's purchased by wives who suspect their husbands are up to no good on the Internet, though it can equally track wives who might be sending the pool boy spicy emails.

Free download Google open-source Web app security assessment tool from Google security team
quick download (tar.gz)
download page

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.