Press Release Site

Roger Wynd (Technical Manager) helps you to understand what security really is with some practical advice

Security

Before I decided to write this document, I went through the thought process of what aspects to cover. Security, in my opinion, in terms of IT, is the single most important subject and should therefore be a priority.

I'm not just talking about a stolen password or even compromised banking information!
We all have photographs and other items of sentimental value stored on our computers, which if stolen would be irreplaceable. Not to mention the hassle of making an insurance claim and replacing stolen hardware!
Hardware

So what can we do? First action would be to look at ways of securing the hardware. When we leave our homes, we expect to return at some point and find everything as we left it, how long would it take somebody to break in (not many people these days take any notice of security alarms sounding) and steal all of our IT equipment, even a desktop PC will easily fit into a suitcase, do we just leave our laptops on the coffee table?

Where is your PC set up? On the ground floor, near a window (so that you have a nice view), ideal for an opportunist thieving toe rag, gone forever, in 60 seconds, along with all that personal information and items of sentimental value.

The thing is, we now don't have to set up like that, you may still want to use a desktop PC and of course I'm not advocating that you shouldn't, so install it somewhere safer, an upper floor perhaps, behind a locked (internal) door. Maybe consider securing it to the wall or floor, but make it visibly obvious that it is 'nailed down'.

You could look at this another way, with all the technologies available today it is not inconceivable to have your PC installed inside a cupboard in your kitchen, in the garage, loft or cellar, you don't have to be able to access it directly anymore, there are existing hardware technologies that enable us to remotely connect a keyboard, mouse and screen/television to a PC from 100m away, and I'm not just talking wireless.

'Backing up' your hdd to another storage media would prevent the loss of information, and could be configured to run automatically, but where to? A usb type device, small and easily lost, misplaced or stolen with your PC?theft

A NAS (network attached storage) box is the answer, physically not bulky, not expensive and easily concealed, easily accessed, has it's own (simple) operating system. Can be connected into a network with a cable or wirelessly, so can be sited anywhere within the building (make sure it has a network (RJ45) connection), and an added bonus is that they can be accessed from anywhere on the planet without the need for your computer to be switched on, (some setting up would be needed). Then set up a backup routine, this would solve the problem of losing all those important files, data and pictures that you value so much.

To really give yourself a chance, use laptops instead of a desktop, you can lock them away, or hide them easily, any lack of HDD space is resolved by the use of the NAS and often, they can also be set up as a printer server.

If you are travelling, separate your IT, for instance, is it possible to remove the HDD from your laptop and keep the HDD with you? Or leave your laptop in your room, out of sight of course, and put the HDD under the carpet of the car, remove the battery also and secrete it somewhere else (lock it in your suitcase perhaps).
Software

Firstly, let's accept that nothing can be 100% secure, so we must do as much as we can to prevent those things that are private from being compromised. Passwords are very important, not the fact that a password is in use, but how we create a password that is difficult to decipher. There are easily available, downloaded from the internet, 'password dictionaries' that are commonly used to 'crack' passwords, they are used with a technique known as 'brute force'. This technique runs through a sequence as follows: a, aa, aaa, aaaa, readable words and so on, trying every combination until eventually the password is 'cracked'. This takes an awful lot of time to do if your password is created carefully (but possible to 'crack' eventually), readable words, though, are easy to 'crack' quickly with this technique, so your passwords aren't neccessarily very secure.

Do you use the same password for several different applications? If you don't, pat yourself on the back, if you do, you're not alone. One recent survey found that half of people online use the same password for all the sites they visit. It's like having one key for your house, car, bank etc!

Do you change your passwords regularly? 90% of us don't. To scare yourself, try this, search through your emails for some of your own passwords, did you find any? If you did, then potentially any hacker who gets into your emails will also have them! Everyone know's that using the same password for different sites is not a good idea, so why do we still do it?

Because, remembering different passwords is annoying at best, and utterly frustrating if forgotten. Remembering different, difficult passwords is really annoying. Most passwords follow a pattern, people choose a readable word as a base for a password. Then when 'pressed' to add a numeral or symbol, often a 1 or ! is added at the end of the word, if a hacker uses a password dictionary, it wouldn't take long to 'crack' it, if your browsing history is also included, it doesn't take long to come up with a list which will likely include yours!

Here's a few rules:

* choose a password that isn't a readable word
* mix upper and lower case
* use a number or symbol in the middle
* use the 'shift' key
* don't just use 1 or !
* don't use symbols as a replacement for letters

Of course you're then back to...... remembering them!

See Article: Password Creation

Also to be considered is that all too convenient internet browser function that 'remembers' your passwords for you! That means that all your passwords are filed away on your computer, ready to be 'hacked', so disable it, now!
Antivirus

virusIf you use the internet, for whatever reason, it is always at the risk of aquiring a virus. Virus's are created for many reasons, 'fun' (although the recipient won't appreciate the attempt at humour!), to gain control of your computer (often used so that the attacker can employ the joint processing power of many computers to 'shut down' websites by saturating them with queries), to obtain information (particularly personal information for identity theft). There are other reasons too, but the point is, they exist, they are everywhere and they're a real pain at best, expensive and maybe could get you into trouble at worst!

Everyone knows that for a defence against virus's we need to install an 'antivirus' program of some sort and then everything will be OK, install it, forget it, no more problems.


Do you really believe that?
Is it really true?

No, it absolutely is not.

Antivirus software is only as good as the last update and even then, the update only has the latest information on 'known' virus threats.

It's not all 'doom and gloom' though, antivirus software doesn't only guard against specific virus's but also the way in which virus's work, so you may be covered against some unknown virus's because of the way the virus is 'designed' to work!

Most virus's get into our computers because WE, or somebody else using our computer, 'gives it permission', how many times have you been advised that the website you are navigating to may have security issues or may be known to be a source of virus's? Do you navigate away? Or do you continue anyway, because you have virus protection?

What about 'normal' websites? I once received a virus from a well known car sales site, I've known of a lot of people who have gotten virus's from social networking sites, what about email? Infected emails being passed around groups of friends, this 'modus operandi' has also been used by companies for the purposes of advertising, so it's really a form of 'spamming', but it does demonstrate how quickly and easily a virus can spread.

Here's another example, one of your friends receives an email which when opened activates a small program that automatically sends emails to all the contacts on his/her contact list, you then open the email because you know who it's from! What else did the email contain? Has it installed some kind of 'keylogger' which collects keystroke information which could include passwords and bank account details, to be emailed back to the 'hacker' at a future date!

To sum up then:

* install antivirus software
* keep it up to date
* use it to regularly scan your computer
* be very wary about which sites you use
* be careful when opening email attachments, even from friends

The purpose of this article is to raise awareness, and offer some limited advice, and I sincerely hope that I have, security is such an important, relevant and crucial issue that this article can never do it justice on it's own, so do some research of your own, it could save you heartache, hassle and money!

Roger Wynd