10 Data-Security Measures You Can't Do Without

Data security should be an important area of concern for every small-business owner. When you consider all the important data you store virtually -- from financial records, to customers' private information -- it's not hard to see why one breach could seriously damage your business.
According to the most recent Verizon Data Breach Investigations Report [PDF], an estimated "285 million records were compromised in 2008." And 74 percent of those incidents were from outside sources.
We consulted Roland Cloutier, Chief Security Officer for ADP and a board member for the National Cyber Security Alliance, and Matt Watchinski, Senior Director of the Vulnerability Research Team for cybersecurity provider Sourcefire, to find out the key security measures every small business should be taking.
1. Establish strong passwords
Implementing strong passwords is the easiest thing you can do to strengthen your security.

Cloutier shares his tip for crafting a hard-to-crack password: use a combination of capital and lower-case letters, numbers and symbols and make it 8 to 12 characters long.

According to Microsoft, you should definitely avoid using: any personal data (such as your birthdate), common words spelled backwards and sequences of characters or numbers, or those that are close together on the keyboard.

Use their convenient password checker to see how strong yours is.

As for how often you should change your password, Cloutier says that the industry standard is "every 90 days," but don't hesitate to do it more frequently if your data is highly-sensitive.

Another key: make sure every individual has their own username and password for any login system, from desktops to your CMS. "Never just use one shared password," says Cloutier.

And finally, "Never write it down!" he adds.
2. Put up a strong firewall
In order to have a properly protected network, "firewalls are a must," Cloutier says.
A firewall protects your network by controlling internet traffic coming into and flowing out of your business. They're pretty standard across the board -- Cloutier recommends any of the major brands.
3. Install antivirus protection
Antivirus and anti-malware software are essentials in your arsenal of online security weapons, as well.
"They're the last line of defense" should an unwanted attack get through to your network, Cloutier explains.
4. Update your programs regularly
Making sure your computer is "properly patched and updated" is a necessary step towards being fully protected; there's little point in installing all this great software if you're not going to maintain it right.
"Your security applications are only as good as their most recent update," Watchinski explains. "While applications are not 100 percent fool-proof, it is important to regularly update these tools to help keep your users safe."
Frequently updating your programs keeps you up-to-date on any recent issues or holes that programmers have fixed.
5. Secure your laptops
Because of their portable nature, laptops are at a higher risk of being lost or stolen than average company desktops. It's important to take some extra steps to make certain your sensitive data is protected.
Cloutier mandates "absolutely: encrypt your laptop. It's the easiest thing to do."
Encryption software changes the way information looks on the harddrive so that, without the correct password, it can't be read.
Cloutier also stresses the importance of never, ever leaving your laptop in your car, where it's an easy target for thieves. If you must, lock it in your trunk.
6. Secure your mobile phones
Cloutier points out that smartphones hold so much data these days that you should consider them almost as valuable as company computers -- and they're much more easily lost or stolen. As such, securing them is another must.
The must-haves for mobile phones:

• Encryption software
• Password-protection (Cloutier also suggests enabling a specific "lock-out" period, wherein after a short amount of time not being used, the phone locks itself)
• Remote wiping enabled

Remote wiping is "extremely effective," Cloutier says, recounting the story of one executive who lost his Blackberry in an airport, after he had been looking at the company's quarter financials. The exec called IT in a panic, and within 15 minutes they were able to completely wipe the phone.
7. Backup regularly
Scheduling regular backups to an external hard drive, or in the cloud, is a painless way to ensure that all your data is stored safely.
The general rule of thumb for backups: servers should have a complete backup weekly, and incremental backups every night; personal computers should also be backed up completely every week, but you can do incremental backups every few days if you like ("however long you could live without your data," Cloutier explains).
Getting your data compromised is a painful experience -- having it all backed up so you don't completely lose it will make it much less so.
8. Monitor diligently
"All this great technology […] is no good unless you actually use it. You have to have someone be accountable for it," says Cloutier.
One good monitoring tool Cloutier suggests is data-leakage prevention software, which is set up at key network touchpoints to look for specific information coming out of your internal network. It can be configured to look for credit card numbers, pieces of code, or any bits of information relevant to your business that would indicate a breach.
If you don't monitor things, warns Cloutier, "it's a waste of time and a waste of resources." And you won't know that you've been compromised until it's far too late.
9. Be careful with e-mail, IM and surfing the Web
It's not uncommon for a unsuspecting employee to click on a link or download an attachment that they believe is harmless -- only to discover they've been infected with a nasty virus, or worse.
"Links are the numbers one way that malware ends up on computers," says Cloutier. "Links are bad!"
As such, never click on a link that you weren't expecting or you don't know the origination of in an e-mail or IM.
You have to "be smart when surfing the Web," Watchinski warns. "[You] should take every "warning box" that appears on [your] screen seriously and understand that every new piece of software comes with its own set of security vulnerabilities."
10. Educate your employees
Teaching your employees about safe online habits and proactive defense is crucial.
"Educating them about what they are doing and why it is dangerous is a more effective strategy than expecting your IT security staff to constantly react to end users’ bad decisions," Watchinski says.
It's not easy: "One of the most difficult things to do is protect end users against themselves," he adds. But ultimately, prevention is the best approach to handling your data security.
Make sure your employees understand how important your company's data is, and all the measures they can take to protect it.

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations

Choosing Remote-Access VPN Technologies, Securing the VPN Deployment

Defining Remote-Access VPNs

Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace, anytime.

VPNs have become the logical solution for remote-access connectivity for the following reasons:

• Provides secure communications with access rights tailored to individual users, such as employees, contractors, or partners

• Enhances productivity by extending corporate network and applications

• Reduces communications costs and increases flexibility

Using Remote-Access VPNs to Improve Business Productivity

Anytime, anyplace network access gives employees great flexibility regarding when and where they perform their job functions. VPNs accommodate "day extenders", employees who desire network access from home after hours and weekends to perform business functions such as answering e-mail or using networked applications. Using VPN technology, employees can essentially take their office wherever they go, thus improving response times and enabling work without interruptions present in an office environment.

VPNs also provide a secure solution for providing limited network access to non-employees, such as contractors or business partners. With VPNs, contractor and partner network access can be limited to the specific servers, Webpages, or files they are allowed access to, thus extending them the network access they need to contribute to business productivity without compromising network security.

Technology Options: IPsec and SSL VPNs

There are two primary methods for deploying remote-access VPNs: IP Security (IPsec) and Secure Sockets Layer (SSL). Each method has its advantages based on the access requirements of your users and your organization's IT processes. While many solutions only offer either IPsec or SSL, Cisco ® remote-access VPN solutions offer both technologies integrated on a single platform with unified management. Offering both IPsec and SSL technologies enables organizations to customize their remote-access VPN without any additional hardware or management complexity.

SSL-based VPNs provide remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption. It does not require any special-purpose client software to be pre-installed on the system; this makes SSL VPNs capable of "anywhere" connectivity from company-managed desktops and non-company-managed desktops, such as employee-owned PCs, contractor or business partner desktops, and Internet kiosks. Any software required for application access across the SSL VPN connection is dynamically downloaded on an as-needed basis, thereby minimizing desktop software maintenance.

SSL VPNs provide two different types of access: clientless and full network access. Clientless access requires no specialized VPN software on the user desktop. All VPN traffic is transmitted and delivered through a standard Web browser; no other software is required or downloaded. Since all applications and network resources are accessed through a Web browser, only Web-enabled and some client-server applications-such as intranets, applications with Web interfaces, e-mail, calendaring, and file servers-can be accessed using a clientless connection. This limited access, however, is often a perfect fit for business partners or contractors who should only have access to a very limited set of resources on the organization's network. Furthermore, delivering all connectivity through a Web browser eliminates provisioning and support issues since no special-purpose VPN software has to be delivered to the user desktop.

SSL VPN full network access enables access to virtually any application, server, or resource available on the network. Full network access is delivered through a lightweight VPN client that is dynamically downloaded to the user desktop (through a Web browser connection) upon connection to the SSL VPN gateway. This VPN client, because it is dynamically downloaded and updated without any manual software distribution or interaction from the end user, requires little or no desktop support by IT organizations, thereby minimizing deployment and operations costs. Like clientless access, full network access offers full access control customization based on the access privileges of the end user. Full network access is a natural choice for employees who need remote access to the same applications and network resources they use when in the office or for any client-server application that cannot be delivered across a Web-based clientless connection.

IPsec-based VPNs are the deployment-proven remote-access technology used by most organizations today. IPsec VPN connections are established using pre-installed VPN client software on the user desktop, thus focusing it primarily on company-managed desktops. IPSec-based remote access also offers tremendous versatility and customizability through modification of the VPN client software. Using APIs in IPsec client software, organizations can control the appearance and function of the VPN client for use in applications such as unattended kiosks, integration with other desktop applications, and other special use cases.

Both IPsec and SSL VPN technologies offer access to virtually any network application or resource. SSL VPNs offer additional features such as easy connectivity from non-company-managed desktops, little or no desktop software maintenance, and user-customized Web portals upon login. Table 1 compares the two technologies.

Table 1. Comparing IPsec and SSL VPN Technologies

	Characteristics
Application and Network Resource Access	• SSL (using full network access) and IPsec VPNs offer broad access to virtually any application or network resource
End-User Access Method	• SSL VPNs are initiated using a Web browser • IPsec VPNs are initiated using pre-installed VPN client software
End-User Access Device Options	• SSL VPN enables access from company-managed, employee-owned, contractor and business partner desktops, as well as Internet kiosks • IPsec VPN enables access primarily from company-managed desktops
Desktop Software Requirements	• Only a Web browser is required for SSL VPN • IPsec VPN requires proprietary pre-installed client software
Desktop Software Updates	• Basic SSL VPN access can operate without any special-purpose desktop software, thus no updates are required. Full network application access is provided using software that automatically installs and updates without any user knowledge or intervention. • IPsec VPNs can automatically update, but is more intrusive and requires user input
Customized User Access	• SSL VPNs offer granular access policies to define what network resources a user has access to, as well as user-customized Web portals • IPsec offers granular access policies, but no Web portals

Which To Deploy: Choosing Between IPsec and SSL VPNs

IPsec is a widely deployed technology that is well-understood by end users and has established IT deployment support processes. Many organizations find that IPsec meets the requirements of users already using the technology. But the advantages of dynamic, self-updating desktop software, ease of access for non-company-managed desktops, and highly customizable user access make SSL VPNs a compelling choice for reducing remote-access VPN operations costs and extending network access to hard-to-serve users like contractors and business partners. As such, organizations often deploy a combination of SSL and IPsec approaches. IPsec is commonly left in place for the existing installed base. SSL is deployed for new users, users with "anywhere" access requirements, contractors, and extranet business partners. By offering both technologies on a single platform, Cisco remote-access VPN solutions make the choice simple-deploy the technology that is optimized for your deployment and operating environment. Table 2 summarizes the issues to consider when evaluating which VPN technology best fits your operating environment.

Table 2. Choosing a Remote-Access VPN Technology

	SSL VPN	IPsec VPN
"Anywhere" Access from Non-Company-Managed Devices, such as Employee-Owned Desktops and Internet Kiosks	X
Business Partner Access	X
User-Customized Access Portals	X
Minimized Desktop Support and Software Distribution	X
Greatest Flexibility to the End-Users	X	X
Greatest VPN Client Customizability		X
Ability to Maintain Existing IT Deployment and Support Processes		X

Remote-Access VPN Security Considerations

Worms, viruses, spyware, hacking, data theft, and application abuse are considered among the greatest security challenges in today's networks. Remote-access and remote-office VPN connectivity are common points of entry for such threats, due to how VPNs are designed and deployed. For both new and existing IPsec and SSL VPN installations, VPNs are often deployed without proper endpoint and network security. Unprotected or incomplete VPN security can lead to the following network threats:

• Allows remote-user VPN sessions to bring malware into the main office network, causing virus outbreaks that infect other users and network servers

• Allows users to generate unwanted application traffic, such as peer-to-peer file sharing, into the main office network causing slow network traffic conditions and unnecessary consumption of expensive WAN bandwidth

• Enables theft of sensitive information, such as downloaded customer data, from a VPN user desktop

• Enables hackers to hijack remote-access VPN sessions, providing the hacker access to the network as if they were a legitimate user

To combat these threats, the user desktop and the VPN gateway that the user connects to must be properly secured as part of the VPN deployment. User desktops should have endpoint security measures such as data security for data and files generated or downloaded during the VPN session, anti-spyware, antivirus, and personal firewall. The VPN gateway should offer integrated firewall, antivirus, anti-spyware, and intrusion prevention. Alternatively, if the VPN gateway does not provide these security functions, separate security equipment can be deployed adjacent to the VPN gateway to provide appropriate protection.

Cisco remote-access VPN solutions offer threat-protected VPN services with full firewall, antivirus, anti-spyware, intrusion prevention, application control, and full endpoint security capabilities. These security services are integrated into the VPN platform, delivering a threat-protected VPN solution without any additional equipment, design, deployment, or operational complexity.

Steps to Securing the Remote-Access VPN

Technologies required for mitigating malware such as worms, viruses, and spyware and for preventing application abuse, data theft, and hacking exist in the security infrastructure of many organizations' networks. In most cases, however, they are not deployed in such a way that they can protect the remote-access VPN, due to the native encryption of VPN traffic. While additional security equipment may be purchased and installed to protect the VPN, the most cost-effective and operationally efficient method of securing remote-access VPN traffic is to look for VPN gateways that offer native malware mitigation and application firewall services as an integrated part of the product (Figure 1).

Figure 1. Securing the Remote-Access VPN-External Security Equipment or Security Services Integrated on the VPN Gateway

Cisco Remote-Access VPN Solutions

Cisco Systems ® offers a variety of remote-access VPN solutions customized for small, medium-sized, and large organizations. Available on the Cisco ASA 5500 Series VPN Edition and Cisco integrated services routers, Cisco remote-access solution features include Web-based clientless access and full network access without pre-installed desktop VPN software, threat-protected VPN to guard against malware and hackers, cost-effective pricing with no hidden "per-feature" licenses, and single-device solutions for both SSL and IPSec-based VPNs that deliver robust remote access and site-to-site VPN services from a single platform.

The Cisco ASA 5500 Series Security Appliance is Cisco's most advanced SSL VPN solution, delivering concurrent user scalability from 10 to 10,000 sessions per device and tens of thousands of sessions per cluster through integrated load balancing. Converging VPN services with comprehensive threat defense technologies, the ASA 5500 Series delivers highly customizable remote network access while providing fully secured connectivity.

Cisco Integrated Services Routers enable organizations to use their existing router deployment to provide full tunnel SSL VPN capabilities to as many as 200 concurrent users. Integrating security, industry-leading routing, and converged data, voice, and wireless with Cisco IOS® SSL VPN provides a highly manageable and cost-effective network solution for small and medium-sized businesses and organizations.

Acknowledgements

C program to print diamond pattern

Diamond pattern in c: This code print diamond pattern of stars. Diamond shape is as follows:

  *
 ***
*****
 ***
  *

C programming code

#include <stdio.h>
 
int main()
{
  int n, c, k, space = 1;
 
  printf("Enter number of rows\n");
  scanf("%d", &n);
 
  space = n - 1;
 
  for (k = 1; k <= n; k++)
  {
    for (c = 1; c <= space; c++)
      printf(" ");
 
    space--;
 
    for (c = 1; c <= 2*k-1; c++)
      printf("*");
 
    printf("\n");
  }
 
  space = 1;
 
  for (k = 1; k <= n - 1; k++)
  {
    for (c = 1; c <= space; c++)
      printf(" ");
 
    space++;
 
    for (c = 1 ; c <= 2*(n-k)-1; c++)
      printf("*");
 
    printf("\n");
  }
 
  return 0;
}

Download Diamond program.
Output of program:

C program to print diamond using recursion

#include <stdio.h>
 
void print (int);
 
int main () {
   int rows;
 
   scanf("%d", &rows);
 
   print(rows);
 
   return 0;
}
 
void print (int r) {
   int c, space;
   static int stars = -1;
 
   if (r <= 0)
     return;
 
   space = r - 1;
   stars += 2;
 
   for (c = 0; c < space; c++)
      printf(" ");
 
   for (c = 0; c < stars; c++)
      printf("*"); 
 
   printf("\n");
 
   print(--r);
 
   space = r + 1; 
   stars -= 2;
 
   for (c = 0; c < space; c++)
      printf(" ");
 
   for (c = 0; c < stars; c++)
      printf("*");
 
   printf("\n");
}

Decimal to binary conversion

C program to convert decimal to binary: c language code to convert an integer from decimal number system(base-10) to binary number system(base-2). Size of integer is assumed to be 32 bits. We use bitwise operators to perform the desired task. We right shift the original number by 31, 30, 29, ..., 1, 0 bits using a loop and bitwise AND the number obtained with 1(one), if the result is 1 then that bit is 1 otherwise it is 0(zero).

C programming code

#include <stdio.h>
 
int main()
{
  int n, c, k;
 
  printf("Enter an integer in decimal number system\n");
  scanf("%d", &n);
 
  printf("%d in binary number system is:\n", n);
 
  for (c = 31; c >= 0; c--)
  {
    k = n >> c;
 
    if (k & 1)
      printf("1");
    else
      printf("0");
  }
 
  printf("\n");
 
  return 0;
}

Download Decimal binary program.
Output of program:

Above code only prints binary of integer, but we may wish to perform operations on binary so in the code below we are storing the binary in a string. We create a function which returns a pointer to string which is the binary of the number passed as argument to the function.

C code to store decimal to binary conversion in a string

#include <stdio.h>
#include <stdlib.h>
 
char *decimal_to_binary(int);
 
main()
{
   int n, c, k;
   char *pointer;
 
   printf("Enter an integer in decimal number system\n");
   scanf("%d",&n);
 
   pointer = decimal_to_binary(n);
   printf("Binary string of %d is: %s\n", n, t);
 
   free(pointer);
 
   return 0;
}
 
char *decimal_to_binary(int n)
{
   int c, d, count;
   char *pointer;
 
   count = 0;
   pointer = (char*)malloc(32+1);
 
   if ( pointer == NULL )
      exit(EXIT_FAILURE);
 
   for ( c = 31 ; c >= 0 ; c-- )
   {
      d = n >> c;
 
      if ( d & 1 )
         *(pointer+count) = 1 + '0';
      else
         *(pointer+count) = 0 + '0';
 
      count++;
   }
   *(pointer+count) = '\0';
 
   return  pointer;
}

Memory is allocated dynamically because we can't return a pointer to a local variable (character array in this case). If we return a pointer to local variable then program may crash or we get incorrect result.

C program to check odd or even

C program to check odd or even: We will determine whether a number is odd or even by using different methods all are provided with a code in c language. As you have study in mathematics that in decimal number system even numbers are divisible by 2 while odd are not so we may use modulus operator(%) which returns remainder, For example 4%3 gives 1 ( remainder when four is divided by three). Even numbers are of the form 2*p and odd are of the form (2*p+1) where p is is an integer.

C program to check odd or even using modulus operator

#include <stdio.h>
 
int main()
{
   int n;
 
   printf("Enter an integer\n");
   scanf("%d", &n);
 
   if (n%2 == 0)
      printf("Even\n");
   else
      printf("Odd\n");
 
   return 0;
}

We can use bitwise AND (&) operator to check odd or even, as an example consider binary of 7 (0111) when we perform 7 & 1 the result will be one and you may observe that the least significant bit of every odd number is 1, so ( odd_number & 1 ) will be one always and also ( even_number & 1 ) is zero.

C program to check odd or even using bitwise operator

#include <stdio.h>
 
int main()
{
   int n;
 
   printf("Enter an integer\n");
   scanf("%d", &n);
 
   if (n & 1 == 1)
      printf("Odd\n");
   else
      printf("Even\n");
 
   return 0;
}

Find odd or even using conditional operator

#include <stdio.h>
 
int main()
{
   int n;
 
   printf("Input an integer\n");
   scanf("%d", &n);
 
   n%2 == 0 ? printf("Even\n") : printf("Odd\n");
 
   return 0;
}

C program to check odd or even without using bitwise or modulus operator

#include <stdio.h>
 
int main()
{
   int n;
 
   printf("Enter an integer\n");
   scanf("%d", &n);
 
   if ((n/2)*2 == n)
      printf("Even\n");
   else
      printf("Odd\n");
 
   return 0;
}

In c programming language when we divide two integers we get an integer result, For example the result of 7/3 will be 2. So we can take advantage of this and may use it to find whether the number is odd or even. Consider an integer n we can first divide by 2 and then multiply it by 2 if the result is the original number then the number is even otherwise the number is odd. For example 11/2 = 5, 5*2 = 10 (which is not equal to eleven), now consider 12/2 = 6 and 6*2 = 12 (same as original number). These are some logic which may help you in finding if a number is odd or not.