 |
 |
 |
|||||||
Here you will find informational articles that I find on the net, in various magazines and periodicals, as well as some I have written.
Security Measures - What you should know Today’s computer environment is filled with pitfalls. From computer viruses, phishing attacks, spyware and spam. If you connect your computer to anything other than a power outlet, you need to have some sort of security system software installed. Viruses are a danger to any computer system, whether or not they are connected to a network, bulletin board system, or Internet connection. Anyone can get into your system by setting down at its keyboard and inserting a floppy disk, CD, DVD, or even a USB drive. Once that media is inserted, your computer system is at risk. The security needed to protect your system is in the form of an anti-virus program that is installed and running at all times. (See Anti-virus Programs article.) Phishing attacks are on the rise in email. Phishing is sending you an email falsely claiming to be an established legitimate enterprise in an attempt to scam you into surrendering private information that will be used for identity theft. Currently, the only protection against phishing is to be vigilant. Software manufacturers are constantly updating their email programs to help combat this threat. But still, when you check your email, be sure you know who is sending you that missive and never click on any hyperlink in a questionable email. Most reputable companies like eBay, PayPal, and banks will not send you an email requesting you to click on a hyperlink. (See Phishing Attacks article.) Spyware is any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers. Your defense against this is to have a good anti-spyware program installed and running at all times. (See Anti-spyware Programsarticle.) Spam is electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it's unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup. Two things you can do to limit your exposure to spam is a) never give out your email address to any website you visit unless you really want email from them, alternatively, give that website an alternate email address that you have set up especially to use as a junk email collector (a good choice as some websites require you to login with an email address to even view their site) and b) install a good anti-spam program into your email program and have it running at all times. Last but most important of all, if you have Internet access at all, you absolutely need to have a firewall program running at all times. A firewall program is designed to prevent unauthorized access to or from your computer and/or private network. Firewalls can be installed as hardware or software, or a combination of both. If you share you Internet connection with other computers in your home or business, your hardware router should have a firewall built into it (check the box – if it doesn’t have one, don’t buy it). In addition, have a software firewall program installed on all computers connected to the Internet whether or not the connection is shared. This program should also be running at all times. (See Firewalls article.) If you have read this far, you can see that all of the protection programs mentioned above need to be running on your computer system at all times. But that isn’t enough. In order to keep your computer well protected, these programs need to be updated on a regular basis – just as your car needs oil changes, your computer needs ‘oil changes’ in the form of program updates. All of these programs can only protect you against threats they know about and there are newer, more vicious threats created every day. Keep your computer system safe by making sure ALL your protective programs are updated on at least a weekly basis. Secure Passwords and Password Security How many passwords do you have?A typical person in today’s society may have over 60 passwords to various websites, financial institutions, club memberships, credit cards, debit cards, and insurance companies. If you are like most people, you probably use the same password for more than one of these. Bad idea. What would happen to you if someone either learned or hacked your password? Could they have complete access to your financial information or be able to impersonate you via ID theft? You bet! What do your passwords look like?Every single password you have should be unique. No two passwords should even have the same pattern to be secure!(Example: Ag42#XIp and Bu83%NVw). Anything that can be learned from your password patterns effectively decreases the security of all your passwords. Check your current password’s security level at this website. What your passwords should look like.Here are some good practices for creating your passwords. By using this technique, you will be extremely hard to ‘crack’.
Some websites only allow 6 character passwords – in this case, decrease the requirements for uppercase, lowercase or numeric digits to 1 (do this differently for each 6 character password you need – don’t use the same format each time!). Always have at least 1 special character in your passwords for high security. Other websites, particularly some financial websites, only allow 4 digit PINs for a password (they should know better!). How do you keep track of your passwords?These types of passwords are hard to remember – especially if you have a lot of them. Writing the passwords down on a sticky note and sticking it to the monitor is not a good idea. Putting them in a drawer near your computer is also bad. Here are some programs that can help you keep your passwords organized and safe.
What do firewalls do?Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on "always on" connections such as cable or DSL modems. What type of firewall is best?Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.
If you don't have a firewall on your computer system, you are at risk! Install one immediately! How do you know what configuration settings to apply?Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it in order to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a web site). Also, alerts about current viruses or worms (such as Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as antivirus software and "safe" computing practices) will strengthen your resistance to attacks.
Protection from viruses is a necessity with the connection of your computer to the Internet or to a network. No longer can you be assured that the programs you downloaded from your network or from the Internet are free from viruses. You can even get a virus from an email without opening it! Updates to your anti-virus program should be done through the manufacturers website or through the program itself on at least a weekly basis. Your program will store the updates where they are needed. If you perform the updates manually, follow the manufacturer's instructions on where to place them. If you don't have an anti-virus program on your computer system, you are at risk! Install one immediately! Here is a list of some Anti-Virus programs on the market today:
First, a few definitions of what these programs are and what they do to your computer...
If you don't have an anti-spyware program on your computer system, you are at risk! Install one immediately! ProtectionThere are quite a few retail products on the market to protect you from these nuisances, but what I recommend are two very good programs that won't cost you a thing - unless you want to support them or upgrade to the 'professional' version of their software packages, and one inexpensive one that is top of the market.
A decision must be made on your part as to what you feel needs to be backed up. With most home computers, backing up just the data files - such as word processing documents, spreadsheets, databases, email correspondence, name and address listings, and anything else that you have created - should be fine. The reason behind this is that the non-data files of your software are already backed up on the original installation CDs and/or DVDs. At the other end of the spectrum is a backup of everything on your hard drive. This can be done in two ways: The first is to select the drive you wish to back up from the programs selection screen and backing up to a rewriteable drive, such as a CD-RW drive, DVD±RW DL drive, or an external USB Hard Drive (recommended). The second is using a backup program such as Acronis True Image. This program will back up your entire system faster and with less hassle. Data File Backup Programs
Imaging Software (Faster & Easier Full Backups)
Cyber Security Tip ST05-010 You may have been exposed to web site, or host, certificates if you have ever clicked on the padlock in your browser or, when visiting a web site, have been presented with a dialog box claiming that there is an error with the name or date on the certificate. Understanding what these certificates are may help you protect your privacy. What are web site certificates?If an organization wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. Some steps you can take to help determine if a site uses encryption are to look for a closed padlock in the status bar at the bottom of your browser window and to look for "https:" rather than "http:" in the URL (see Protecting Your Privacy for more information). By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit anything (see Avoiding Social Engineering and Phishing Attacks for more information). If a web site has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organization. When you type a URL or follow a link to a secure web site, your browser will check the certificate for the following characteristics:
Can you trust a certificate?The level of trust you put in a certificate is connected to how much you trust the organization and the certificate authority. If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you want to visit is actually the site that you are visiting. However, unless you personally verify that certificate's unique fingerprint by calling the organization directly, there is no way to be absolutely sure. By trusting a certificate, you have trusted the certificate authority to perform this verification for you. However, it is important to realize that certificate authorities vary in how strict they are about validating all of the information in the requests and about making sure that their data is secure. By default, your browser contains a list of more than 100 trusted certificate authorities. That means that, by extension, you are trusting all of those certificate authorities to properly verify and validate the information. Before submitting any personal information, you may want to look at the certificate. How do you check a certificate?There are two ways to verify a web site's certificate in Internet Explorer or Mozilla. One option is to click on the padlock in the status bar of your browser window. However, your browser may not display the status bar by default. Also, attackers may be able to create malicious web sites that fake a padlock icon and display a false dialog window if you click that icon. A more secure way to find information about the certificate is to look for the certificate feature in the menu options. This information may be under the file properties or the security option within the page information. You will get a dialog box with information about the certificate, including the following:
When visiting a web site, you may have been presented with a dialog box that claims that there is an error with the site certificate. This may happen if the name the certificate is registered to does not match the site name, you have chosen not to trust the company who issued the certificate, or the certificate has expired. You will usually be presented with the option to examine the certificate, after which you can accept the certificate forever, accept it only for that particular visit, or choose not to accept it. The confusion is sometimes easy to resolve (perhaps the certificate was issued to a particular department within the organization rather than the name on file). If you are unsure whether the certificate is valid or question the security of the site, do not submit personal information. Even if the information is encrypted, make sure to read the organization's privacy policy first so that you know what is being done with that information (see Protecting Your Privacy for more information). Cyber Security Tip ST05-011 Before selling or discarding an old computer, or throwing away a disk or CD, you naturally make sure that you've copied all of the files you need. You've probably also attempted to delete your personal files so that other people aren't able to access them. However, unless you have taken the proper steps to make sure the hard drive, disk, or CD is erased, people may still be able to resurrect those files. Where do deleted files go?When you delete a file, depending on your operating system and your settings, it may be transferred to your trash or recycle bin. This "holding area" essentially protects you from yourself--if you accidentally delete a file, you can easily restore it. However, you may have experienced the panic that results from emptying the trash bin prematurely or having a file seem to disappear on its own. The good news is that even though it may be difficult to locate, the file is probably still somewhere on your machine. The bad news is that even though you think you've deleted a file, an attacker or other unauthorized person may be able to retrieve it. What are the risks?Think of the information you have saved on your computer. Is there banking or credit card account information? Tax returns? Passwords? Medical or other personal data? Personal photos? Sensitive corporate information? How much would someone be able to find out about you or your company by looking through your computer files? Depending on what kind of information an attacker can find, he or she may be able to use it maliciously. You may become a victim of identity theft. Another possibility is that the information could be used in a social engineering attack. Attackers may use information they find about you or an organization you're affiliated with to appear to be legitimate and gain access to sensitive data (see Avoiding Social Engineering and Phishing Attacks for more information). Can you erase files by reformatting?Reformatting your hard drive or CD may superficially delete the files, but the information is still buried somewhere. Unless those areas of the disk are effectively overwritten with new content, it is still possible that knowledgeable attackers may be able to access the information. How can you be sure that your information is completely erased?Some people use extreme measures to make sure their information is destroyed, but these measures can be dangerous and may not be completely successful. Your best option is to investigate software programs and hardware devices that claim to erase your hard drive or CD. Even so, these programs and devices have varying levels of effectiveness. When choosing a software program to perform this task, look for the following characteristics:
While many of these programs assume that you want to erase an entire disk, there are programs that give you the option to erase and overwrite individual files. An effective way to ruin a CD or DVD is to wrap it in a paper towel and shatter it. However, there are also hardware devices that erase CDs or DVDs by destroying their surface. Some of these devices actually shred the media itself, while others puncture the writable surface with a pattern of holes. If you decide to use one of these devices, compare the various features and prices to determine which option best suits your needs. Cyber Security Tip ST04-014 What is a social engineering attack?To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.What is a phishing attack?Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information. How do you avoid being a victim?
What do you do if you think you are a victim?
|
|||||||