SECURITY AWARENESS PROGRAMME FOR MOBILE DEVICES(SMARTPHONE USERS(ESPECIALLY MY COURSE MATES)

Mobile phones(mostly smartphones are so in used that it does practically all PCs does and the advantage is that it is really mobile and portable but little is known by the users of the security threats smartphones could pose not only to the owner but also to the employers as well.

It is necessary to adopt the following dos and dons to reduce our vulnerabilities to the security threats:

1. Keep a clean phone: It is important to note that mobile devices are also computers with software that also requires to be updated like the PCs, laptops and Tablets, so it is necessary to ensure that our your devices have latest protections, this could be achieved by  having the latest mobile security software, web  browser and operating system running on our mobile devices as they have strong defences against  malware and other on-line threats.
2. Protect your personal information: As phones contain valuable information not only of us but of friends and company(employer), it is advisable to guide this information jealously by using strong passwords(better still pass-phrase)  to lock our phones when not used, always reviewing the privacy policy and understand what data an application can access on our phones before we download them, disabling the geotagging feature of our phone to keep low profile of where we are or what do per to´time as commonly done by social networks users.
3. Do not exchange your numbers with strangers, this may lead us to the den of social engineering with serious consequences. It also not good to give another person's number out to a stranger without the consent of the rightful owner.
4. Connect or respond care: just as it is possible to get into security and privacy trouble by downloading attachment from an unknown source, so it is to fraudulent texting, voice niotes, hence, always connect and respond with care using your mobile devices. Personal informations might be requested for, but never respond when in doubt. Also do not connect to networks you are not 100% sure of, Criminals are found of enticing their victims with the phrases such as; Free WiFi, The truth is that there is hardly free launch anywhere.

Guys be mobile wise!

For more details, do visit:

http://www.rbc.com/privacysecurity/ca/alert-security-and-privacy-in-a-mobile-device-world.html

https://www.staysafeonline.org/stay-safe-online/mobile-and-on-the-go/mobile-devices

TECHNOLOGY

Overview of Intrusion Detection System(IDS) using case of University library, high school and retail store.

Intrusion detection system is a software application that monitors network or system activities for malicious activities or policy violations and invariably produces report to a management station e.g administrator for action to be taken.

There are Two types of IDS with the placed at points within the system to monitor to and from all devices on the network called Network  Intrusion Detection System (NIDS) while those that run on only the host or devices on the networks are referred to as Host Intrusion Detection System.

Functionally, it can be passive or reactive in nature, the passive ones only send signal to the administrator console when suspicious activity is detected and the reactive ones prevent the occurrence of the  suspicious activities by reconfiguration of the firewalls to combat the malware.

In a public university library, the likelihood of attack is high considering the intellectual assets under their care and even the curious users, hence, i will recommend NIDS  having both the passive and reactive nature.

Also in case of High school, i will recommend the same looking at the students exploratory nature, i will recommend the same as in the case of the university library above.

For a retail shop,  HIDS would suffice with passive nature so that administrator would be able to respond to detected suspicious activities within the system.

IDS limitations could be dangerous anyway, one of such is the fact that number of false alarm in most cases surpass that of positive alarm and this might deceive administrator to ignore the real threats.

Also Invalid data and IP stacks may cause an NIDS to crash, it also difficult to detect encrypted packets.

The evasion techniques used by attackers varied from fragmentation,avoiding default, coordinated low-bandwidth attacks, address spoofing/proxying  to pattern change evasion.  These evasion techniques need to be considered when thinking of the choice of IDS to use in any case.

In summary, technology in itself is not enough for network security, appropriate security policy covering accessibility, availability, audit even password usage should be in place in all organisation. Also training and education of the users should also follow.

both the technology, policies and training need to be updated from time to time considering the dynamic nature of the networked society we operate in today.

Sources;

https://en.wikipedia.org/wiki/Intrusion_detection_system

https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/Technology:_A_mighty_knight_with_no_pants_on%3F