The Principles of system security
Security and internet terrorism are paramount on our mind nowadays.
Security and trust must be at the base of all business transactions.
- A company, a hotel, has an email ebox(s) to receive reservations,
or requests for information.
Everybody has competitor(s).
Now imagine one competitor, a hotel a street away,
hires a hacker who cracks the email ebox and harvests the night's messages.
Senders receive replies with the same or better offer. The victim doesn't know
is being victimized. A perfect crime.
- Imagine somebody sends you an email enclosing a script or a
macro… which your browser sucks into your computer system.
You just had a mini-server installed; a Trojan.
The program will not destroy your accounting files, or
reformat your disk, what for? It would be a stupid prank.
This time his administrator is after your information, addresses, leads,
sales strategies, or every key you strike on your keyboard.
Every time Internet connection is established, while you read
your email for example, the program sends a ping to his base,
uploads you secrets, and downloads new instruction.
It also can do something more surreptitious.
It may change some data in your final copy of the big proposal.
You will look funny in the eyes of unsuspecting client, while your
competitor's figures fill all expectations. He gets the order, while your
offer was rejected. A perfect crime.
- Imagine another situation. Your company invested money in the mineral
exploration. Every week you, as well as your competitor, get the progress report.
It is zipped in a password-protected file.
No problem, the cracking program
will run through a word-file of few millions in the same time you read these words.
Everything flimsy opens. Word, Zip, or other "similar" password protections are
based on fate while men are wise after the damage is done.
- Imagine you have important files on your hard disk, in the office… and you want to
protect your information. You x-copy the files on your portable computer,
tape or diskette, so nobody can read it while you are away. You make
sure it is deleted. Wrong, it is not. Your files were unhooked from the
file address registry. Nothing more. If no other process overwrites them,
your files are as readable as the originals.
- To end this bad trip, imagine, you have a web site, with your email plastered everywhere.
Nothing wrong, you want people to contact you from your web site.
Only, you are getting more junk mail than real leads. The question you may ask
is: how to offer the email address on the web page, while stopping web spiders
from harvesting it?
You may ask as well how to use computer with a modem and sound card to
make encrypted telephony calls to protect the content of your conversation.
You may want to use Internet to make the same encrypted connections
- Now, you may want to put all your key files in an encrypted drive, set
a watch dog on your ports while you connect to Internet, password your BIOS,
lock the profile, scan for Trojans, encrypt all your sounds, files,
zips, emails you send, and freeze in fear each time you hear
unwarranted hard disk clicking while you are connected.
A good start…
The tools to prevent above bad dreams exist:
To secure email
To secure telephone
To secure files
To secure computer
The SuperCode Seminars
Why to discover by pain, learn with pleasure to prevent.
If the idea of dealing with these tools arise in you a bad feeling,
you are no different from the majority.
Your specialty is something else, but the security issue, like a plate
of scrambled eggs, landed on your pants.
Outsmarting the hacker is for a super hacker… all you need is tools
to stop most obvious attacks, plus. You must know how to use these tools.
- In-house training
Tools and how to use them to protect information transmission and storage.
A crash course for your professional staff to pull up the general standard.
The time, place and depth of information covered are adjusted to the expectations
of your organization and needs. Practical cryptography, computer protection and
secure procedures are implemented. A follow up is offered, as time tends to slack
- 3 days on security
Learn while you enjoy. The site is in a beautiful Puerto Misahualli, next to a river
and waterfalls. Beef up your understanding and knowledge in the morning, while
you get in contact with nature during afternoon. The smell of flowers,
or silence inspires learning. The quiet nights offer deep rest, while fresh air,
water and robust country food next to cracking fire feeds the body.
A perfect place to learn about finer points of security. Also it is a very privet
place, a quiet place. At the end of 3 days you will feel good, relax and have all
tools to make your life easy and simple. Many bring someone with them. It will be
more fun for both. We have activities for your spouses or girlfriends, remember,
we are in the center of many tourist attractions.
SIZE: 10 to 15 persons per session
- The Nut Cracker seminar
Sometime you may need to open encoded or password protected document. This
seminar is for selected people only. We reserve the right to refuse anyone
we can't verify the motivations as to why they want to open locked things.
There are many very genuine reasons to do it, as there are plenty of
reasons to not do it. The selected will learn how to open many weak password
protections, bypass poor firewalls, disable
sleepy port watch dogs, and walk away with the information.
If it is encrypted, you must verify if it is crackable, or you face a
good encryption. Recognize it before wasting time on something even NSA
SIZE: Privet arrangement.
1. How to make your computer secure
2. How to make secure and free telephone calls over Internet.
3. How to encoding / decoding document files, programs, hard disks,
network connections, sounds and pictures.
4. How to enclose the secret message within a song or a post card.
5. How to make good passwords. Passwords hiding / recall techniques and tools.
6. How to brand documents. Issue of signatures. How to be certain that
a document originated from a specific person.
7. How to protect your computer system from Trojan attacks and Super viruses
that your general virus protection program can't even discover.
8. While all companies have firewalls and internal network security hardware
or software, most email messages, even transmitted with primitive encoding methods,
are open to public inspection. Making your email secure can be done on two ends;
you can encode it before sending, or use a secure connection to send it to be encoded
by a secure email server, or both, which is the most secure method.
9. Software for protecting your documents, for securing and cleaning your hard
drives, for protecting your basic communication channels.
10. Hacker software. See what a mini-server (Trojan) and its administrator programs are.
Use cracking tools to see how poor is Word and Word Perfect password protection.
Test different cracking methods on your documents.
Attack your email box with a password cracker; see if it stands up. Please
don't use it to read your boyfriend or girlfriend's email. You may find what
you are looking for… then what?
adapted by Rafal Swiecki, p. eng. email
This document is in the public domain.