The Application of Third Party Certification Programme In Malaysia : TRUSTGATE

TRUSTGATE is a licensed Certification Authority (CA) in Malaysia since 1999. They offer complete security solutions and leading trust services that are needed by individuals, enterprises, government, and e-commerce service providers using digital certificates, digital signatures, encryption and decryption.

One of the services provided by the company is SSL Certificate for Internet, Intranet and Server Security where the server of your business will be secured by the programme. The increasing phishing and spoofing attacks on the internet makes customers wants to make sure they are dealing with trusted parties when they are dealing business online and ensure that their information traveled over the Internet reaches the intended recipients and is safe from intruders.

There are seven reasons why to choose this service provided by the company:

1. Authentication: An SSL certificate securely authenticates your web site to your customers - they can be confident that the site they are dealing with is genuine and not a forged or "spoof" site. MSC Trustgate authentication procedures are recognized as the most thorough in the industry. A VeriSign certificate gives confidence that your web site, intranet, or extranet is one that can be trusted.
   
2. Encryption: When a Digital Certificate is correctly installed on your web server, your customers can communicate with your website over an encrypted HTTPS connection - all data (such as credit card details) sent to or from your customers will be secured against interception or eavesdropping. Seeing HTTPS in the URL reassures your clients that they can deal safely with your site.
   
3. High Grade Security: Choose a VeriSign Global Certificate, and you'll receive 128bit SSL encryption - the strongest grade of encryption available. Compare features of our Global and Secure certificates.
   
4. One Year or Two: Our SSL comes with a choice of one or two year validity periods. Two year certificates bring significant cost savings and means fewer certificate renewals.
   
5. Local Support: MSC Trustgate, affiliate of VeriSign in Southeast Asia, prides itself on the quality of our local based support that we offer on our certificates. Get the help you need to enroll, install, use and renew your certificates.


6. VeriSign Secured Seal: Included with your digital certificate is the VeriSign Secured Seal the Web's most recognized trust mark. The seal allows your customers to quickly and easily verify your site's credentials and that their personal data is secure.
   
7. Protection Plan: For your peace of mind a warranty cover of up to RM 400,000 is included with every SSL Certificate. This protects you should you experience any economic loss resulting from corruption, identity theft, or loss of use of your web server certificate.

The services are also divided into:

• Global Server ID that adopts today's strongest encryption commercially available for secure communications via Server Gated Cryptography (SGC) technology. GSID authenticates your web sites and enables 128- or 256-bit encryption to secure communications and transactions between the site and its visitors.

AND

• Secure Server ID which is Secure Site SSL Certificates protect the transfer of sensitive data on Web sites, intranets, and extranets using a minimum of 40-bit and up to 256-bit encryption. It includes the VeriSign Secured Seal.

By having this security in your business website, customers would be more confident in dealing business with you and they will feel more secured. Thus, this increases the success of your business one step further.

All information above are obtained from:

Phishing:Examples and Prevention Method

In computing, phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

EXAMPLE:

In the year 2003 the users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Prevention Methods:

Downloads

• Establish a download policy for your household or workplace. This is especially important if young people share the computer as game and file sharing sites are major sources of spyware.
• Banish peer-to-peer file sharing completely. Or, if that will cause a revolution in your household, banish it to a non-networked, standalone computer which contains no financial or other personal information. Do not use this computer to access financial Web sites or other sites which require a log-in or store account details. Treat this computer as a pariah.
• Before downloading, read the software licence (EULA) in its entirety.

Email

• Never click links in spam.
• Never buy spam-advertised products.
• Never click links to financial institutions or log-in sites; instead, open your browser manually and type the address in directly, or use a previously saved bookmark for the site.
• Establish a Web-based email account and use it for all non-critical email. Do not download this mail to your local machine, view it online.
• Never open attachments from unknown sources.
• Scan attachments from known sources for viruses before you open them.

Browsers

• Always read links and dialog boxes carefully before you click online.
• Never click the Close or Cancel link in a pop-up. Often these links are coded to install spyware.
• Close pop-ups using the X in the top right-hand corner, or click the window's title-bar and press Alt+F4.
• If a pop-up has no apparent way to close it, use Ctrl+Alt+Del to terminate your browser. If you're using Internet Explorer, this will have the unfortunate side effect of restarting the Windows Explorer as well (another reason for not using Explorer).
• Watch how questions are phrased online. Frequently, they are phrased in a way which makes it hard to work out how to avoid signing up for something, or a series of No, No, No responses will precede a question which requires a Yes to avoid accidental sign up.
• Set your browser to kill pop-ups. Most browsers display a notice when they block a pop-up, so you can always allow a specific pop-up if it's on a trusted site.
• Check for updates to your browser each week.
• Regularly check security settings of your browser, to ensure they have not been changed. For example, check that IE's Trusted Sites list contains only those sites you have added.
• Look for the https:// prefix (note the 's' on the end) in the Web address, indicating a secure site, before entering sensitive information online.
• Watch for subtle changes in the way a site appears. If it doesn't look right, close your browser.
• Patch all browsers on your system, not just the one you use as the default. One recent attack used a flaw in Firefox's Java plug-in to worm its way into Internet Explorer and from there to launch pop-ups. Remember that Internet Explorer is integrated into Windows in all sorts of ways, so you must patch it even if you don't use it. IE is used by Messenger, Outlook Express, Digital Imaging Studio and many other programs even if you have chosen another browser as your default.
• Use Microsoft Update to keep Windows patched.

Information above are obtained and refined from:

• http://www.webopedia.com/TERM/p/phishing.htm
• http://www.wikipedia.com/
• http://www.geekgirls.com/security_spyware_prevention.htm
  

How to safeguard our personal and financial data...

Computer and network security attacks are on the rise. Data collected by the computer security institute (CSI), the FBI, and the Computer Emergency Response Team (CERT) indicate that the number of security incidents has skyrocketed since 1998, that the overwhelming majority of firms have experienced computer security breaches from inside and outside the organisation, that the financial losses from these breaches have been substantial, and that it takes a concerted effort to guard against cyber attack. So we have to know how to safeguard our financial and personal data.

First, we need to concern with a variety of security issues:
1) Authorization – The process that ensures that person has the right to access certain recourses.
2) Auditing – The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions.
3) Confidentiality – Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes.
4) Integrity – As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner.
5) Nonrepudiation – The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature.

Several technologies exist that ensure that an organisation’s network boundaries are secure from cyber attack or intrusion and that if the organisation’s boundaries are compromised that the intrusion is detected:
1) Firewall – A network node consisting of both hardware and software that isolates a private network from a public network. Firewall that filter data and requests moving from the public Internet to a private network based on the network addresses of the computer sending or receiving the request. These firewall called Packet-filtering Routers.
2) Personal firewall – A network node designed to protect an individual user’s desktop system from the public network by monitoring all the traffic that passes through the computer’s network interface card.
3) Virtual Private Network – A network that uses the public internet to carry information but remains private by using encryption to scramble the communication, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network.
4) Intrusion detection systems – A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees.

The threat of online security: how safe is our data?

Nowadays, the technology became more and more advance. There are many type of online security to secure our information and data. On the other hand, there are also several of online threat to attack our personal computer, data, and access our system without authorization and permission.

Threat to attack online security:

• A hacker is a person who creates and modifies computer software and hardware, including computer programming, administration, and security-related items. This can be done for either negative or positive reasons. Criminal hackers create malware in order to commit crimes. A virus is a computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. For example, Hackers broke into the systems of an Ohio hospital. To obtain Personal data of 230,000 patients and their family members plus the financial information of 12,000 donors. It happened when the hospital was upgrading its systems.
  


• Trojan horse is a destructive program that can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a back door on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Trojans are not same with the virus or worms; they do not copy themselves to other files.
  


• Denial-of-Service (Dos) which is an attack on a web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources. Many attackers rely on software created by other hackers and made available over the internet other than developing it themselves.
  


• web server and web page can be hijacked and configured to control or redirect unsuspecting to scam or phishing sites.
  


• Click fraud occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase. Click fraud has became a serious problem at google and other website that feature pay-per-click online advertising.
  


• Worm is a software program that runs independently and consuming the resources of its hosts in orders to maintain itself and capable of propagating a complete working version of itself onto another machine. Therefore, the macro virus or macro worm is a virus or worm that is executed when the application object that contains the macro is opened or a particular procedure is executed
  
  Safeguard for our data
  


• Anti-virus software scans a computer's memory and disk drives for viruses. If it finds a virus, the application informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code. For example, AVG antivirus
  


• Encryption is the scrambling of data so that it becomes difficult to unscramble and interpret.
  


• A firewall prevents computers on a network from communicating directly with external computer systems. A firewall typically consists of a computer that acts as a barrier through which all information passing between the networks and the external systems must travel. The firewall software analyzes information passing between the two and rejects it if it does not conform to pre-configured rules.

On the other hand, not only these three safeguard, actually is more than that. By the way, there is several way of online security to make sure be safe.

• Trust only yourself, or only do business with the company you know and trust.
  


• Only use your credit card number on internet sites that have a secure, encrypted system.
  


• Once you think something is wrong, leave it immediately, do not follow any of the instructions it present.