Church File Security

August 25, 2008

Whether government, corporate or faith-based file security is important.

No matter the denomination, church file security is especially important because it may not only deal with money, and privacy but the sanctity of the church community. The member, guest and family information must be protected just as much as the preacher, reverend, deacons, bishops, nuns, and/or administrators.

Coordination of church file security:
It is important to first identify what are the churches sensitive data. You may have in your mind what is or isn’t important files to protect for the church, but you may not have the authority or prerogative to make such an important determination. Even if you do, it important to get ideas from the staff and or clergy of what files should be protected and what level of protection should be considered. And interview or meeting with information owners is the first step.

Access to the church files:
Anyone with access to the church files should sign a user license agreement. This is a standard for security no matter what organization you enter. This is to make sure that those who are trusted with access understand what they can and can not do when entering the system. Items in a basic user license agreement include: what can be copied and/or installed on the system, what can and can not be done while accessing church files, whether or not church files are monitored for heightened security. User License agreements are usually done when multiple people have access to a medium to large network with critical resource (i.e. privacy data, financial information, sensitive data). They are also done for software, website/forum and data base access.

You can find examples of a user license agreement on the Internet.

What Church Files to Protect:
Files in a church community may include mission, member, drive, donation and service information that need to be protected. Any files dealing with any money should be protected always. Personal files of church members should be protected as well as data bases with potentially sensitive information. Even if the church has NO sensitive information, the files that allow any access from the Internet (such as webpages or ftp files and folders) should protected with various levels of security including: Username password (don’t EVER use anonymous for FTP), mandatory user registrations, and file permission lock down.

The reason this is important even for churches with no sensitive information, is that some malicious hackers like to use other organizations resources to upload viruses, spam, scams and pornography.

Regulations to consider:
The Privacy Act of 1974 make it mandatory to protect the personal information of all individuals

No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, MORE

Health Insurance Portability and Accountability Act (HIPAA) is another important law to consider when addressing church file security. Among other things, HIPAA deals with the protection of peoples medical and health history.

File Permission:
Files that are sensitive for a church should have some permissions assigned to them to allow only authorized users (system administrators, missionaries, clergy, secretaries) access. This is one part of the access control. Most operating systems have this capability. Don’t forget that not only computers need to be protected, routers, switches and databases also need adequate security.

Popularity: 1% [?]

Written by elamb.security · Filed Under Access Control, Certification/Security+/General Security Concepts/Commo, Certification/Security+/General Security Concepts/Malwa, Computer Security, Main Digg, security

What a Virus looks like on Hijackthis

June 5, 2005

Popularity: 2% [?]

Written by elamb.security · Filed Under Certification/Security+/General Security Concepts/Commo, Certification/Security+/General Security Concepts/Malwa, Computer Security, Computer Security/Home Computer Security, Computer Security/Home Computer Security/Home Computer , I got hacked, Malware, Malware/Malware Removal, Malware/Virus, Super GEEK, security

Google Hacking Part 1

June 5, 2005

I love Google. It is changing the entire Internet for
the better. The only problem is that their search engine is TOO
effective.

If webmasters, security professionals and even home computer
users aren't careful in securing their websites they could end up
posting more information than they bargained for.

Here is an examples [ copy and paste the code in your browser ]:

http://www.google.ca/search?q=inurl:password+intitle:index-of&num=100&hl=en&lr=&output=search
Results 1 - 100 of about 4,030 for inurl:password intitle:index-of

If you look through the websites you will actually see usernames and passwords.

There are many groups on the Internet that find web site vulerabilites as a
hobby.
They are called Google Dorks:
www.ihackgoogle.com
http://jn0×00.com
http://linuxweblog.com/node/147

With google hacking ALL roads lead to Johnny Long - iHackgoogle.com

Google Hacking Documents:
Hacking Primer
Google Honey Pot
Google Hacking

Another cool site I found among Mr. Longs Links:
Google Cooking
http://www.researchbuzz.org/cookin_with_google.shtml

Popularity: 3% [?]

Written by elamb.security · Filed Under Certification/Security+/Communication Security/Internet, Certification/Security+/General Security Concepts/Commo, Certification/Security+/General Security Concepts/Vulne, Google Hacks, Super GEEK, security

Remove the HWCLOCK.EXE/W32.Hwbot-A Trojan

May 22, 2005

I got the HWCLOCK.EXE when I was testing my new Internet connection. I noticed it when my Internet DSL connection started feeling like a 56K dialup.

I removed it by going into Showing all files, going into Safe Mode and deleting the HWCLOCK.exe/W32.Hwbot-A Trojan.

This is a trojan that can actually steal your passwords and other personal data. On my system is was attacking other system.

I've got more detail instructions on how to remove the HWCLOCK.exe at http://elamb.blogharbor.com/hacked/hwclock.htm

If you found this post or others useful, feel free to donate to

elamb - Home Computer Security. No amount is too low (or high).

Popularity: 3% [?]

Written by elamb.security · Filed Under Broadband Internet Security, Certification/Security+/Communication Security/Internet, Certification/Security+/General Security Concepts/Commo, Certification/Security+/General Security Concepts/Malwa, Certification/Security+/General Security Concepts/Vulne, Computer Security, Computer Security/Home Computer Security, Computer Security/Home Computer Security/Home Computer , I got hacked, Malware, Malware/Malware Removal, Malware/Trojans, Super GEEK, security

I got Hacked: phishing, hacking, social engineering, INFOSEC

May 8, 2005

As a tribute to hacking, white hat and black hat (both the Dark Side and Light Side of the Force) I've put together a page called “I Got Hacked.”

In it I talk about how I was almost a victim of phishing while on ebay in December 04. I'll also talk more on how I wiped “trojan-spy.html.smithfraud” from my friends system, since that seems to be popular.

I'm still working on getting some more content that is more fitting to home computer security made easy, so relax folx. If you want some basics on how to get some security on your broadband dsl/cable device go my “Broadband Internet Security” page.

Seems the more aware of information security I become the more hacks I am able to reckognize and get rid of and the more weakness' and risks I see in other peoples systems, software and social practices.

I like security and hacking because it can be used to strengthens existing structures be they legal or technological. And the irony of it all is that all structures must eventually be destroyed for even galaxies die.

There can not be birth without death, light without shadow or security without hacker exploits.