The phone tap is one of the more common types of surveillance activities. The military, government agencies, and police use phone taps to listen to conversations. Additionally, there are private investigators and amateur spies who each use some sort of phone tap to obtain information. It is even possible for regular people to participate in phone tapping, if they have the right equipment. This can be helpful in amassing evidence in divorce cases that my include allegations of infidelity or in instances of feeling threatened by someone else.

In order to set up an effective phone tap, however, it is important to know what types of taps there are, as well as what each kind of phone tap does. You should carefully consider your situation and your budget, and then choose the type of phone surveillance that works best for you.

Soft. This type of phone tap is becoming more and more prevalent as technology advances. This is because a soft tap uses special listening software. The idea is to tap into the phone system of a company or a home. Even tapping into the software at the phone company (even many land lines are now serviced at the phone company by digital lines) can be done. By modifying the software that acts as the “switchboard and eavesdropper can obtain access to conversations. It is fairly easy to find this sort of phone tap, as long as you have unrestricted access to the system that is affected by the tap.

Hard. The hard phone tap is one where there is actual physical contact with a wire. For instance, a secondary wire is attached to a PBX cable or to a transfer box containing the desired line. A third location receives the signal via a bridge. There is no way for the parties on the line to detect any interference, and it is very difficult to use a bug sweeper to detect a hard phone tap.

Transmit. A transmit phone tap is one that sends information using airwaves. This means that there is no hooking into a line and there is no need to hack into a software system. However, a transmitter gives off a great deal of RF energy. Nearly any person can use a bug sweeper to detect this type of phone tap.

(c) 2005 Copyright http://www.spyassociates.com.

To learn more about Spy and Surveillance Products visit http://www.spyassociates.com Read other related articles at http://spyassociates.blogspot.com/

The whole meaning of networking is to share programs, but granting others to access a computer device reveals an open window for those with foul motives, too. In the early days networks were quite secure because they were closed in systems, and to do any harm you had to get physical access to a server wired to the LAN. Remote access and Internet possibility to hook up has changed that. Broader availableness and less cost of broadband (DSL and cable) connections means that even home computers remain linked up to the Internet round-the-clock, which add the chances for hackers to gain access to computers.

Computer operating systems were originally planned for stand-alone computers only, not networked ones, and security was not an issue. When computer networking became known, applications and operating systems concentrated on easy accessibility rather than security. Because of this earlier focus on accessibility; security are now retrofitted into a lot of hardware systems. Modern operating systems such as Windows XP are planned with security in mind, but they still have to operate using conventional networking protocols, which can result in security problems.

Security versus access. The users want easy access to network resources. Administrators want to remain the network secure. These two goals are at odds, because access and security are always on conflicting ends of the scale; the more you have of one, the less you have of the other.

For business computer networks, the key is to hit a balance so that employees are not annoyed by security measures, while trying to maintain a level of protection that will keep unauthorized individuals from getting access.

Internal network security threats are those that come from within the organization, as opposed to those that come through the Internet. Internal threats include employees who on purpose attempt to nick data or bring in viruses or attacks on the computer network. Other internal threats are posed by outside employees (contract workers, janitorial services and people posing as utility company employees) who have physical access to the LAN computers. Though, many internal threats are unintended. Employees may install or use their own software or hardware for a private purpose, unaware that it poses a security threat to their computers and the complete network.

External security threats are those that come from outside the LAN, typically from the Internet. These threats are the ones we usually think of when we talk about hackers and computer network attacks. Such people can make use of flaws and characteristics of computer operating systems and software applications. They take advantage of the way various network communications protocols work to do a range of things, including the following: Enter a system and access (read, copy, change or delete) its data. Break down a system and harm or destroy operating system and application files so they do not work anymore. Install virus and worms that can spread to other systems across the LAN. Or use the system to start attacks against other systems or other network.

Huge amount of network security information on this site. Check it out. http://www.networksecurity.infostairs.com

It seems nowadays if you are not online, you don’t exist. It really does not matter what type of company you run, you should have an online presence to let your prospects and clients know about your company and services. When you decide to take the leap onto the Internet there are some precautions you should take. I have friends who say all the time, I really have nothing to hide or worry about. This may be true, but malicious users like to deface websites.Which can ruin you and your businesses reputation.

This is a paper about firewalls protecting your company from outside threats and unauthorized access.

A firewall is a great start. Firewalls can be both hardware and software based. There are many different firewall vendors some of the bigger names are Cisco, Symantec, and Checkpoint. The difficult part is configuring the firewall. This is where many intruders bypass security, because the firewall is poorly configured.

I would like to mention that there are many Open Source programs and operating systems that offer great firewall software. I personally believe that OpenBSD has one of the most secure operating systems and firewall configurations if done right. FreeBSD also has firewall software, it is called IPTABLES.IPTABLES offers packet filtering, NAT and you can even change packets in Linux. I have to say you can do anything you want in Linux, because the source code is right there. It’s a beautiful thing. Linux also uses this; you can build a firewall with the old system sitting in your garage and two Linux compatible network cards.Linux can be hardened, this means to make the operating system more secure. I like the tool Bastille Linux its is developed by Jeff Beale. To really get a grasp on firewalls you need to understand TCP/IP and allot of different protocols to know if you should allow or deny them into your network. IP addresses identify hosts on the Internet they look like this 127.214.234.54. Firewalls can block IP addresses, ports, protocols and even keywords that come into packets. Hackers that want into you network have many different tools at their disposal to try to bypass firewalls. One common attack is known as Denial Of Service or DOS attacks. The attacker simply floods your network, firewalls with so many packets that it cannot handle them and sometimes crashes. Firewalls are available with DOS filtering to keep these attacks low, and start dropping packets.

Firewalls do not protect you from internal threats such as employees bringing in viruses from home. Or remote users using VPN’s (virtual Private Networks) bypassing your firewall. Think about if you bring your son to work and he downloads music on your fast company internet connection only to introduce your corporate network with a worm or even worst a Trojan horse. Service ports that are open to the public such as Port 80 HTTP, have know vulnerabilities on the Internet. FTP has many vulnerabilities as well.

Are there different types of firewalls?

Yes. There are hardware and software firewalls. You might be even using Zone Alarm or Black Ice Defender. These are software based firewalls, the more I study firewall technology I realize that everything truly is a software firewall. A computer is nothing without software to tell it what to do.

Packet Filters

Packet Filters look at source and destination addresses. This is where firewall rule sets come in to play. The firewall administrator must determine which source and destination ports and addresses to allow or deny. The security administrator needs to keep up to date with alerts on vulnerabilities as new holes are found and created daily. A technique known as spoofing can sometimes fool firewalls but making it appear that a packet is coming from inside the protected network when in fact it is an attacker changing the source address.

Application Gateways

Application Gateways are like errand boys. You request a file and the application gateway grabs it for you.This is great for logging connections, and setting up authentication as well.

Statefull Packet Inspection

Statefull Packet Inspection is a technique used by Cisco PIX firewalls and Checkpoint Firewalls these firewalls look at the data coming across the network.It can also authenticate connections, users can usually not notice that the firewall is in place. Allot of firewalls now allow you to configure VPN’s which is awesome if you have remote workers and satellite offices and need to transfer data securely.

Intrusion Detection is also something to consider, I like SNORT. SNORT can detect known attacks against your system and does a great job at logging them if set up correctly. There are thousands of different software and hardware solutions you can purchase for you home or network. I happen to like Open Source, because I like learning and knowledge and the Open Source community has taught me more than the corporate world ever will. A book I would like to recommend that is great for learning firewalls is called simply enough Building Internet Firewalls, it is by O’reilly. That is all for now. One last tip, backup, backup, backup.

Benjamin Hargis CEO MCP Phuture Networks http://www.phuturenetworks.com http://www.computersecurityadvice.com Email ceo@phuturenetworks.com

Spam is one of the curses of the Internet age. But if the clogging of mail boxes with useless emails was bad enough, unsolicited emails aimed at tricking you into giving your valuable passwords, banking and PIN numbers is the most dangerous variety of email that you will ever encounter. This kind of email is known as “phishing” because the unscrupulous authors of these messages are fishing for valuable information which they can use to capture your online identity.

If you think that you won’t be fooled by such tricks, think again. Phishers commonly send emails which look like they come from respected financial institutions, such as PayPal, Visa, Ebay, America Online. The messages spoof the email address of the institutions and the letters have the proper logos and everything. They look real. The subject message usually has a dire warning: “Your Pay Pal Account (or Ebay, or online bank account) has been suspended.” “Warning: Confirm Your Online Banking Account.” These messages look so real, that 5% of recipients respond to them

Naturally if you have a good amount of money in your PayPal or online banking account, you are going to panic when you receive email like this. The first thing to do is to stay calm. Remember, responsible institutions will never suddenly suspend your account or ask you to give personal information in an insecure manner.

Usually the phishing emails will ask you to enter new information for your account and they will give you urls, asking you to click through and log into your account. The urls in the email will look like the log-in addresses for these institutions, but if you put your mouse over them you will see that the actual web address is different.

If you get any email of this type the second rule is never, never click through and try to log in. If you log in with your user name and password, then phishers have captured your password. If you go on to fill out other information such as: bank account numbers, social security number, mother’s maiden name or driver’s license number then the fraudsters will really have you.

If you are worried about your online account and want to see if it is OK. Then go to the home page of PayPal, Ebay or your bank, and log into your account in the customary way using the usual url, such as https://www.paypal.com rather than with the url in the suspectt email. When you get into your account you will probably see that everything is normal. If your institution indeed has a message for you, you will find it in that safe environment without compromising your security. If you are still in doubt, call up your institution using their toll free customer service numbers.

PayPal also has a security section where they tell you what to look for in fraudulent emails. For example, whenever PayPal sends you an email it will always start off with “Dear Donald Nelson,” in my case, or whatever name you used when you signed up. They will not say “Dear Valued Paypal customer.” So log into the proper areas of your institution and learn as much as you can about security procedures.

The third thing to do is to report suspicious email . We have to put these crooks out of business, and that can only happen if we report fraud whenever we see it. You can get quick service from PayPal by forwarding email of this type to spoof@paypal.com. Usually within an hour you will get a reply telling you whether the email comes from PayPal or not. For other instances of Phishing, you can report them to the Anti Phishing Working Group at www.antiphishing.org. This website, staffed by volunteers, has up to date information about the latest scams and is doing its best to make the Internet safer for us.

Finally, if you have given any information to fraudulent websites move swiftly to protect yourself.

Notify your bank, change your passwords for online accounts, and watch your online accounts for any signs of unusual activity. A good guide with useful and detailed information on what to do if you have given out valuable information can be found at http://www.antiphishing.org/consumer_recs2.html

So, enjoy the Internet but take precautions and protect yourself from any devious phishing message which may land in your mail box.

Copyright 2004

Donald Nelson is a web developer, editor, and social worker. He has been working on the Internet since 1995 and is the proprietor of A1-Optimization, http://www.a1-optimization.com, a firm providing search engine optimization, copywriting, reciprocal linking, and other web promotion services. He publishes a monthly ezine, A1-Web Promotion Tips, available at http://www.a1-optimization.com/newsletter.html

At times I laugh when I see companies, banks, educational institutions laying so much emphasis on the deployment of firewalls, anti-virus, server room protection e.t.c.

Yes firewalls, anti-virus are good but without a comprehensive information security program in place all these security technology tools will only provide a false sense of security. When we start thinking about information security, we need to think about security as a system — not a single technology.

Let Us take a Hypothetical Scenario

A company has over 5 million clients. It has an e-business website. It has deployed firewalls, anti-virus solutions and other vendor security solutions. It conducts 90% of its business through its e-business website.

A Hacker studied the situation and asked; how do i get at this company?

What is the weakest link in the companies information security model? Why the weakest link? The hacker knew that going through the firewall, the intrusion detector systems would take him time which he was not willingly to spare. The hacker found out through painstaking research and study that the over 5 million customers were the weakest link.

The attack followed;

• A fake website of the company was created.

The E-mail read.

Dear customer,

We have deployed new security solutions that will help increase the security of conducting business with us through our website. Please kindly enter your contact and billing details, by clicking on this link. www.wilbroser.com/details.html. Thanks for your cooperation.

Yours faithfully,
Alex Brown
Head of IT

Result of the E-mail

Out of the 5 million customers, 3 million of them clicked the link and reentered their contact and billing details. The remaining 2 million felt indifferent and didn’t respond to the mail. The credit card information of over 3 million customers was stolen.

Why did the Hacker Target the 5 Million Customers of the Company?

The hacker found out that to commit e-fraud, it will take more effort and time going through the firewall, anti-virus and the other security solutions of the company.

The thought of the weakest link came. The company has never embarked on a security awareness training program for customers. A lot of emphasis has been on staff and security solutions.

The hacker identified the customers as the weakest link. Having identified the weakest link , the attack was launched.

Why Was the Attack Successful?

1. The over 5 million customers. None could tell the difference between a fake copy of the company’s website and the company’s website.

2· The customers could not tell if the company sent mails to customers when there is an upgrading of their information technology infrastructure.

3· The customers could not tell the difference between a fraudulent mail and a mail coming from the company.

By reading this article, you will hopefully be convinced that your information security model goes beyond the use of any single piece of technology. Most people clearly understand the need to secure their information assets. Unfortunately, this high priority generally leads to technology that drives the security.

While I will never be one to argue that a firewall is not a good idea to include in a security model, this is not the proper approach to creating an information security model. It creates a security model that is built around what security a particular device can provide, rather than the security the organisation needs. I counsel my clients that, instead of talking about hardware and software, the first order of business should be to create an information security policy. A security policy is a high-level statement of principle and describes the needs of the organisation. Once we know what we need to do, we can then discuss the information security model. The Information security model is the actual hardware, software, and configuration guidelines that will be used to enforce the policy.

Most e-frauds in this age will come through the weakest link in the information security chain. Identify your weakest link now.

Christopher Okoh
CEO
Computer Security & Network Associates
Website:http://www.compsana.com

What do you do if you have received a suspicious email from a reputable company that you often do business with? Many online users are finding their inboxes packed with strange messages from Ebay, PayPal, their banks, credit cards, and even schools and hospitals. If you are receiving requests for information or further action that you don’t feel comfortable with, use the steps outlined below to help sort out the spam.

1. Don’t click it, use impressions - Impressions are used to tell the link location of an item without clicking through. A link in the body of a text email may look reputable at first. But if you wanted to see where the link will take you without clicking, just point your cursor over the word and the location will show up at the bottom of your brower window. If you don’t see anything at the bottom of your browser window, then your window may not be maximized (opened as large as it can.) Click the Box in the middle of the three icons at the top right-hand corner of your screen. (There should be one to minimize, open full screen, and close or X). If the link starts with anything other than the source it claims to be, don’t click. For example an Ebay buyers warning may say that it is from Ebay, but when you check the impression, it may say that it is from http://sales.site.XX.hpgjs (not an official ebay site.)

2. Don’t reply - This is self explanatory. Replying to the message lets the sender know that you are out there, and checking your emails. Since they are randomly spamming millions of emails (not knowing which emails are still in use), replying is an invitation for more trouble. While it is tempting to let them know that you don’t appreciate the emails, this will only encourage more activity. If you have a yahoo account or something similar, you can hit the "This is spam" button, and it will send it to the trash and flag the sender as a spammer.

3. Don’t unsubscribe - This is for reasons similar to above. If they offer a link to remove you from further mailings, they are wanting to know that you are an active user. Don’t take the bait.

The moral to the story is that if you are in doubt, you can do without. If you just can’t let the email go without taking some action, call your bank or other institution and verify that the request is bogus. And just remember that they aren’t picking on just you. The senders of fraudulent email send out millions of emails a day, it’s nothing personal.

Linsey Knerl is a writer and homeschooling mother of three who enjoys parenting and all of life’s blessings with her husband in rural Nebraska. Her work can be see at http://www.LinseyBKnerl.com

Spyware and adware is advertising supported software that allows its publishers to snoop on a computer user’s internet activity.

It is designed to obtain information about computer users and their surfing behavior usually without their knowledge or consent. Spyware is potentially more harmful than Adware because it can record your keystrokes, history, passwords, credit card number and other confidential and private information. Besides spyware and adware, computers can also be infected with my other internet parasites such as Winfixer 2005, viruses, trojans, dialers, etc.

Spyware and adware are installed quite easily on most computers. Many spyware programs often enter computers hidden in programs such as freeware, shareware or demos. Some programs like Winfixer 2005 will often load on boot up, take up your computer memory, cause a computer to display system errors, spawn multiple pop-up windows and even shut down itself.

Why is it important to detect and remove spyware, adware and other internet parasites?

- Loss of privacy

- Reduced and slow PC performance

- Annoying pop-ups that do not go away.

- A computer’s homepage can be changed.

- In severe cases, a person’s sensitive and confidential information can be recorded and then subsequently misused…exposing that person to identity theft, unauthorized use of their bank account or credit card and many other problems.

How to protect against spyware:

- Download and install a spyware remover. Every week you should check for updates to install for the scanner. This will help protect you against the latest threats.

- Use a firewall and an Anti-virus program. Many people have a direct connection the Internet and do not setup and run a firewall. This can potentially be very dangerous. Firewalls should be running to protect against many potential problems including hackers and spyware.

- Be careful about installing freeware software and downloading music online. Some spyware programs display messages asking for your permission to install the application. Read their agreements carefully as well.

- Be careful as to what sites you visit…sometimes spyware and adware can be installed on a computer simply by visiting a website.

- Use The Mozilla Firefox browser as it is less vulnerable to spyware and adware than Internet Explorer.

Edward is the owner of http://www.theadwareremover.com where you can download the highest rated spyware remover for 2004. This superior anti-spyware and adware software has been downloaded over 35 million times by people in over 100 countries. It really works!

• When last was our information security policy reviewed?

Christopher Okoh
CEO
Computer Security & Network Associates
Website: http://www.compsana.com

Most organizations over look this very important security tool. How can an organization or an individual verify the authenticity of an in coming mail? Attaching a signature to your mail should be a standard practice. Your E-mail Signature is an electronic business card and as such is a very important security tool in e-mail verification.

Here is a sample of an e-mail signatureCustomer Consideration Ltd info@customerconsider.comhttp://:www.customerconsider.comNo 20 Ibadan Road, Opposite Yemi Book Shop,Kaduna, Nigeria, West Africa.GSM:, Tel No:We Sell Affordable Baby Clothes 

This is an example. The design of the e-mail signature is based on choice. The e-mail signature must contain the following;

All the ways by which your organization can be contacted; phone numbers, fax number, mailing address, e-mail address, url address.

The particular designation of the individual or the department’s name sending the mail. Example if it’s the CEO of a bank it should be stated. ceo @ xyzbank.com

Every e-mail address must have an e-mail signature. Example ceo @ xyzbank.com

info @ xzybank.com Each e-mail address should have an e-mail signature.

The organization’s logo and slogan should also be added.

As A Weapon Against E-mail Fraud
A mail stating that, they must not honor any mail not containing the attached e-mail signature must be sent to all clients. A copy of all e-mail signatures must be forwarded to the company’s lawyer.

How Do You Set Up An E-mail Signature
All standard e-mail programs come with the ability to set up an e-mail signature. The e-mail programs also give you the option of attaching the e-mail signature to every outgoing mail.

Advantages Of E-mail Signatures
Any Organization or Individual, claiming to have received a fraudulent mail from a well established organization, should be made to send a copy of the fraudulent mail for verification. Once the e-mail signature is not attached to it. The lawyer can always sue for name defamation, if the said organization is not aware of the company’s e-mail signature.

Advice:
In information security, the little things we over look counts. How many companies in Nigeria are aware of e-mail signatures?

A copy of the e-mail signature or signatures must be registered with the appropriate copyright organization.

Website development must be accompanied by an it security consultant. Recently a disclaimer Advertisement was placed in one of the widely read newspapers stating "scams involving illegal reference".

The question now is, how can people identify legitimate mails?

Christopher Okoh
CEO
Computer Security & Network Associates
Website:http://www.compsana.com

Scammers are everywhere online and off. You will find their stint in the classifieds, on all auctions, e-stores, merchants such as Paypal, your email and anywhere else they perceive as avenues for swindling money from you. Many people have been scammed and are living the painful consequences. Some people fall prey to scams because of their own greed, some because of their desperate circumstances and others because of ignorance. But whatever the reason, pain is pain.

Below I will delineate some clear and definite ways you can protect yourself from being scammed and identify the primary clues to recognizing scammer activity. I have also listed some resources that you may find helpful.

1) Don’t be greedy. You are not going to get something for nothing. If it sounds too good to be true…it is NOT true. Any correspondence you receive that even hint at your getting more than expected or bargained for is a clear red alert. Keep in mind that an online business is just that: a business. Any transaction that is not in keeping with common ethical business practices is not to be engaged in.

2) Be sure your buyer or seller is VERIFIED. Paypal, pppay and others are set up to protect us against scammers but only if we follow their guidelines.

3) Scammers are notorious for wanting to pay via THEIR method and have items shipped THEIR way. Do not waste your time.

4) Scammers have cleverly designed email correspondence to resemble paypal and actual banking institutions as well. BEWARE!! If you conduct transactions through paypal, get acquainted with their method of doing business. For example, when they send you an email it will always have the accounts name on it. Scammers do not know your account name and therefore uses terms such as “customer.” Their phony email will inform you that your account is in jeopardy and will encourage you to click on a link contained in the email to be taken to your account where you can make necessary adjustments. DO NOT DO IT!!! This is scamming activity. If you are unsure, go to your account via paypal.com; never click the link in the email. This goes for ALL accounts. In other words, never respond to an email requesting account or credit card information. This is called “phishing.” No reputable business will request this information via email. The following is an example of one I received recently.

Dear valued PayPal member:

It has come to out attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any futur problems with the online services.

However, failure to update your records will result in account suspension. Please update your records on or before November 21, 2005.

Once you have updated. your account records, your PayPal session will not be interrupted and will continue as normal.

To update your PayPal records click on the following link: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run http://203.76.135.170/.cgi-bin/webscrcmd=_login-run/

Thank you for using Paypal !
The PayPal Update Team.

5) Any correspondence that includes “Africa” usually Nigeria, should be avoided.

6) Do not get sucked in the religious jargon many scammers are using these days. It is a trick to get you to trust them enough to engage in their nefarious scam.

7) Notice the language of the email or correspondence. Most scammers write with improper grammar and misspelled words and often the sentence structure is difficult to follow. Did you notice unprofessionalism quality of the paypal memo?

8) Read about the Nigerian 419 Letter. http://www.fraudwatchinternational.com/internet/nigerian419.shtml

9) Trust your instincts!!

10) Be cautious when conducting business with countries known for high fraud activities: Romania, Indonesia, Singapore, Ghana (a rising star of fraud!), Ukraine , Uganda, Nigeria, Hungary, Belarus, Estonia, Latvia, Lithuania, Slovak Republic, Russia, Yugoslavia, Macedonia, Phillipines, Thailand, Malaysia.

Additional Online Fraud Resources

Better Business Bureau (www.bbb.org )
IFCC - Internet Fraud Complaint Center (www.ifccfbi.gov )
Shipping Carrier (www.usps.com , www.ups.com , www.fedex.com , etc.)
Anti-Phishing Working Group (www.anti-phishing.org )
Federal Trade Commission (www.ftc.gov )
PayPal Security Center
Scam Busters: http://www.scambusters.org/NigerianFee.html
Break the Chain: http://www.breakthechain.org/exclusives/scams.html
Scamorama: http://www.scamorama.com/scam117.shtml
US Secret Service: http://www.secretservice.gov/alert419.shtml
Read about one person’s response to scammers: http://spl.haxial.net/nigerian-fraud

Rev. Saundra L. Washington, D.D., is an ordained clergywoman, veteran social worker, and Founder of AMEN Ministries. She is also the author of two coffee table books: Room Beneath the Snow: Poems that Preach and Negative Disturbances: Homilies that Teach which can be reviewed on her site. Her new book, Out of Deep Waters: My Grief Management Workbook, though delayed in publication, is expected to be available early 2006.

You have an open invitation to visit us at AMEN Ministries: Your Soul’s Service Station for reviewing spiritual services being offered, obtain spiritual refreshing and soul edification, get your daily dose of humor, browse our newly expanded Stop & Shop Store and to visit our prayer sanctum for quiet time with God.

Blessings to all!