Archive for the ‘Internet Security’ Category

Security and Email

Tuesday, February 16th, 2010

Email attachments were the number one way that viruses spread. ¬†The simple way to solve this problem is to not open email attachments. ¬†Most people, however, are not willing to do this. ¬†So, what I recommend is that you only open certain types of attachments. ¬†Usually, Word docs, xcel files, powerpoint files, jpeg, bitmaps, audio files and movies are safe. ¬†I say usually because they have all had vulnerabilities but these vulnerabilities are fixed fairly quickly. ¬†You do have to double check when downloading any file because often times malicious files are disguised as a different kind of file. ¬†For example, a file may be named “mypicture.jpg.exe” so it will look like it is a jpeg image if you are not viewing extensions.

So that brings me to another good practice if you are going to download attachments. ¬†If you are using windows it is a good idea to turn off file extension hiding. ¬†In a file browser window (any window where you are looking at files on your computer, for example, my computer or my documents), go to tools, Folder Options, View, and uncheck “Hide extensions for known file types”. ¬†In Windows 7 go to Control Panel, ¬†Appearance and Personalization, Click Folder Options, select View, and uncheck “Hide extension for known file types”.

But I have an antivirus, that will protect me right? Yes, and no.  An antivirus will try to protect you against known viruses and can sometimes detect unknown viruses.  But, it is not a guarantee that all viruses will be caught.  Also, virus scanners do not usually scan files downloaded in your web browser.  So, it is still a good idea to follow these practices whenever you download files on the Internet.

Second, clicking on links in emails can be just as dangerous as downloading attachments.  Links in emails can be disguised to make you think you are going somewhere that you are not.  For example, a link could say www.paypal.com and actually link to paypal.mymalicioussite.com.  Once you go to the fake site and try to login the attacker now has your login information and then can login to the real site using your information.

These kind of emails are called phishing.  It sounds like fishing, because that is exactly what the attacker is doing.  They put the bait out (the fake email), and wait for you to bite (you go to the fake site and enter info).  Often phishing emails state that your account has expired and in order for you to keep your account you need to reply to the email with your credit card number or login information or they give you a link to click that goes to a malicious site that could look exactly like the real site.

So what should you do?  Well, first never reply to an email with any kind of personal information (including username, password, credit card number, bank account numbers, etc), legitimate companies will not ask for this kind of information via email because email is not secure.  Second, when possible always type the URL of the site manually instead of clicking a link.  If, however, you do click the link, check the URL in your browser to make sure it matches the site you want to go to before entering any information.

Finally, you should know that email is NOT secure.  Anyone who has access to the equipment that your email passes through has access to the entire message.  It is not wise to send anything confidential via email.

-Zach

The often forgotten security problem

Friday, November 20th, 2009

When you think of security backups do not usually come to mind.  However, this is one of the most important security practices.  Backup is not a security measure designed to keep your information private, rather it is a security practice to help ensure the availability of your data.

Almost all computers today have hard drives in them.  This is a tried and true storage device used to store large amounts of data.  What many people do not know is that all hard drives will fail eventually.  Hard drives are mechanical devices and they do wear out.  To give a general idea of how long a hard drive will last I will say this.  If your hard drive does not fail in the first few months you will most likely have at least a couple of years of use.  After those couple of years your chances of the drive failing continuously go up.  This is the number one reason why a consistent backup routine is very important.

Now that we know that a backup routine is a good idea you are probably wondering how often you should backup and how you should backup.  The answer to the first question is that it depends.  How often do you have new data on your computer that you do not want to lose?  Truly you should backup each time you create something that you do not want to lose.  However, that is not usually practical.  The main idea is how much data are you willing to lose?  If you have a number of things every week that would be bad to loose then backup every week.  If it is longer you may not have to backup as often.  My personal backup routine is the following: I back up my documents every Saturday, when I copy photos from my camera I back them up immediately, I have a copy of my music and videos (which do not change often) on two computers.

Now, how do you backup?  The most straight forward way to backup your computer is to manually copy everything to a second device (another hard drive, a CD, a flash drive, another computer).  This is the simplest, but requires the most work on your part.  You need to remember to do it and you need to start the process.  There is software that you can download or buy that you setup once and it will automatically backup specified folders on a specified basis.  This is easier for the user because they do not have to remember to manually backup things.  However, often times it can be forgotten and the backups are not checked to make sure that they work.  One free program that does a fairly good job of automatic backup is SyncToy from Microsoft.

Another important thing to remember with backups is that simply having a copy sitting next to your computer may not be enough. ¬†What would happen in the case of a natural disaster or a theft? ¬†This is where the idea of “off site” backup comes into play. ¬†It is a good idea to have a copy of the most important things in another location. ¬†Give a copy to a friend or family member to store for you or use an online backup service to store a copy of your data on a server that is not in your house. ¬†If you do not want others to be able to see your data you will want to make sure that the service that you choose encrypts your data on your computer before it is sent to them. ¬†This is often an advertised feature for this very reason.

~Zach

Passwords

Sunday, September 13th, 2009

Passwords are one of the most important things to security.  Follow these simple rules to ensure that your password is properly securing your personal data/accounts.

  1. NEVER use words or commonly known arrangement of characters.
  2. Never use your name or any part of your username, birth-date, siblings names, etc.
  3. Use Special Characters, numbers, upper and lower case letters (You want at least three of the four in your password).
  4. Do not reuse passwords.
  5. At least 8 characters

Now for an explanation of why you need to follow those rules:

  1. Words or other common arrangements of characters are the first thing that someone trying to guess your password will try.  Passwords are not cracked (guessed) manually, there are files that contain common passwords (rainbow tables) that programs can quickly use as a guess to your password.  If your password is only a dictionary word it will be cracked in seconds.
  2. Again, your name and public information is easy for someone to find and guess.
  3. Using a mixture of these three types of characters greatly increases the number of guesses that have to be made before a password is cracked.  Let us think about this.  Lets think about a 1 character password.  If only lowercase letters are used you have a 1 in 26 chance of guessing the password.  Adding upper case letters lowers the chance to 1 in 52.  Adding numbers and special characters decreases the chance of guessing it even lower.
  4. If you reuse the same password everywhere and it is cracked in one location that essentially gives the attacker access to your accounts everywhere.
  5. Each character that you add decreases the odds of guessing the password.  Today 8 characters is long enough that in most cases the password cannot be easily guessed.

Suggestions on creating passwords:

One common technique is to use one “main” password, but mix things in for each place that you use it. ¬†For a really bad example) if you use “password” as your main password on Amazon you would use the password “ApMaAsZsOwNord”. ¬†That is AMAZON and password mixed together. ¬†For google you would use “GpOaOsGsLwEord”. ¬†This same technique is useful when creating your main password. ¬†For instance you make take your dog’s name and your name and the year you got your dog. ¬†ZACH + doggie + 2005 = dZoAgCg2H0i0e5. ¬†You just have to remember what you used and you can always recreate the password.

Another suggestion is to use a password vault.  This is a piece of software that you install on your computer.  You have a password to login to the vault and then it generates a new random password for each website that you go to.

The last thing I am going to say is that these techniques do not guarantee that your password will always be safe.  All passwords are crackable, it is just a matter of time.  If you follow all of the guidelines your password will be strong enough for most cases today.

~Zach

Firewalls Explained

Monday, August 24th, 2009

A firewall is like a brick wall between your computer and the Internet. ¬†Its main purpose is to protect your computer from attackers on the Internet by blocking services that you don’t use. ¬†For those that you do use, you have to punch a hole in the firewall. ¬†This hole allows you to use the Internet like normal with the services that you use. ¬†For instance, you punch a whole so you can check your email, so you can surf to a website, or use an Instant Messenger. ¬†There are two common types of firewalls.

1. Hardware firewall (recommended) РThis is a physical device that you connect between your computer and Internet connection.  The most basic and most common hardware firewall is a router.  For the average use this is all that is needed.  The router works as a firewall by dropping anything trying to go from the outside to the inside unless a request was made from the inside first.  This requires no configuration on your part.  There are more advanced firewalls such as the Astaro gateway and software that you put on a spare computer such as SmoothWall.  These allow for much more configuration and options.

2. Software Firewall Рthis is software that you install on your computer.  It works in a way similar to the hardware firewall, but it does it all inside of your computer.  This kind of firewall adds the additional protection of asking you what kind of traffic you want going out of your computer.  But, this could also be somewhat annoying because it pops up a window asking if you want to allow a certain program to access the Internet.  Software firewalls can also be easily turned off by viruses and other malware (bad software).  All modern Operating Systems come with software firewalls built in.  After Windows XP SP2 the software firewall in windows XP is on by default.  The same is true for windows Vista and windows 7 when it comes out.  You can turn the firewall on in OS X in the System Preferences.  It is not a bad idea to have the software firewall turned on for a couple of reasons.  If a computer on your home network (if you have more than one computer at home) is infected with a virus it could potentially spread to other computers on your home network even if you have a hardware firewall because all of the computers would be on the inside of the firewall.  It is also a good idea to have your software firewall on when you bring your laptop to other networks for this same reason.

-Zach

The number one most important thing to do

Saturday, August 15th, 2009

The most important thing that I can recommend to keep you safe on the Internet is to update, update and update.  It is very important that you keep your computer up-to-date.  Many of the updates for your Operating System (Window or Mac OS X) are security updates.  These updates fix problems that could potentially allow an attacker into your computer.  Without the update you are pretty much wide open.  So, whenever you see that little yellow shield in the system tray (the area next to the clock in the lower right hand corner) on Windows XP, or the Software Update window appear on a mac, you should make sure to install the updates.

Many people claim that the updates have messed up their computer in the past. ¬†My response, it is better to update your computer and have a problem than to get a virus or be attacked in some other way because you didn’t update. ¬†Usually a problem due to an update will be fixed quickly, whereas removing a virus is usually a difficult process.

You don’t need to just update your Operating System. ¬†You also need to make sure that your Anti-viruses, spyware scanners and other software are updated. ¬†Your anti-virus and spyware scanners are useless against new viruses unless you keep them updated. ¬†Other software can have security flaws that make you more vulnerable as well, so it is important to keep all of your software updated.