This topic may be a bit basic for many regular visitors but I feel that it is important enough to be discussed. Many people often forget the simple things, this discussion is by no means all inclusive nor guarantees that you will be protected. What I hope to accomplish is to highlight a few security mistakes that I see average users make and provide ways to mitigate. For the sake of brevity I won’t get too deep into how or why. These practices are applicable REGARDLESS of operating system.
Layers of Security
Security is a pretty vast topic but for the purposes of our discussion we’ll limit it to Computer Security aka. Computer Exploitation, Viruses, Spyware, Malware and then we’ll discuss Website or Email security to include a little bit on how TLS/SSL works and then we’ll discuss the ever popular username and password security.
1) Malware, Viruses, Spyware
Patch now, patch often, patch always. Ever get that annoying pop-up that says “Update Available!” and you disregard it? You’re wrong. Vulnerabilities in programs and applications are one of the PRIMARY reasons application vendors will release patches. What many people don’t realize is that viruses and malware are designed to exploit flaws in program code. I know that updating Java is irritating but if you NEED it, at least make sure its patched.
2) Firewall vs. Anti-Virus
Firewalls are NOT-anti viruses. Anti-viruses search through your computer and look for hostile files by comparing them to a database that is updated daily (signatures). Firewalls on the other hand BLOCK or ALLOW connections between your computer and another computer. If your computer is listening to or has an established connection to a computer you don’t recognize you may have cause for concern. I like to validate connections using netstat (Windows & *nix). You don’t need to get fancy with your firewall solutions. Windows firewall and iptables for *nix is fine.
Most home computers are set-up like this. [Modem] <-> [Wireless Router] <-> [Computer]. To the world your Wireless Router has a specific IP address that identifies you. If you allow a computer program to run and forward that service to a port on your router you better understand the risks of such actions. Essentially you’re leaving a window open to your house, and that may be intended but you better make sure that service is patched, password protected or even better yet using a key and not running as administrator.
I’m not going to get into the weeds of encryption but suffice to say if you are sending ANYTHING that you deem important you should use encryption to prevent man-in-the-middle attacks. This means you should be using TLS/SSL (HTTPS), SFTP, SSH etc. Get into the habit of not clicking on links in e-mail, instead navigate to the site yourself. If you are sent an attachment that you did not request or cannot verify authenticity do not download it.
Username and Password Security
Do not reuse passwords. If a website that you use is compromised and you reuse passwords then you can no longer trust any account that uses that username and password combo. Do not use passwords that are in the dictionary. Using a password validator (Note: Do not put your actual password into any online “validator”) the password doggie1234 will only take 10 days on a normal desktop computer. By simply using mypasswordisdoggies1234 it will take 4 quintillion years to crack your password. Of course this doesn’t take into account password cracking in a more intelligent manner this is just an example. My preferred method of password use is to use LastPass and use a complex master password. You can either use the grid system, or you can take a phrase that you will remember and use the first letter or two from each word. For example “I took a walk down to the beach. I bought ice cream for $1.” would become “Itawdttb.Ibicf$1”.
This write up was intentionally brief and not designed to cover everything and is tailored to the average user. However its always a good idea to remember the basics. The internet and computers are inherently flawed because of the need for machines to communicate with each other. The best we can do is be the low hanging fruit and avoid being an obvious target. I hope these tips will be helpful in improving your personal security, if you have any questions please let them in the comments below.