Lose Your Computer Security Insecurity
This is bad. We (almost) all use computers, and its our responsibility to help keep them safe. Who's at fault if you get in an car accident when you're driving without a license? Who's at fault if you leave your door open every day and come home one day to find out you've been robbed? A lot of your important stuff exists on a computer somewhere. What you might not know, is that avoiding having this stuff stolen is not hard nor time intensive; it can be as easy as putting on a seatbelt or locking your door.
So how do we make sure that our computers are secure?
We'll get to that shortly, but first let's understand why we are in a state of constant cyber threat.
Better understanding why there is danger will help us create a plan for stopping danger.
Why There is DangerIf we negated threats stemming from the internet, the world wouldn't be devoid of cyber-danger, however the vast majority of problems would not exist. There is nothing inherently scary about the internet, all it is, is the ability to transmit data between computers. If we think of a computer as a person, the internet is what gives it the ability to speak to any other person in the world. The only issue with this, is that when the researchers who were designing what would one day be referred to as 'the internet' were working, they assumed that the world was this :
when it is really sometimes closer to this :
Consequentially, all the security of the internet was not built into its underlying functionality at the time of its creation, but has been added in layers since then. While programmers do a great job of ensuring our data stays safe, the situation is akin to a treadmill in which we must develop safety measures more quickly than bad guys can figure out how to subvert them.
While it is concerning to think of such a volatile battle for internet supremacy being waged of which you are victim to, as it happens you are not unable to fight in it. The largest issue here at present however, is the computer industry's failing at communicating to users how they should focus on defending themselves. For example, take this graphic :
Batting .200 isn't even good in baseball. Luckily, the next section is going to help us to acquire the tools necessary to change that.
Stopping DangerWhat if those "6 pack abs in 6 minutes" products actually worked? What if they were also free? You'd give it a go, right? Well, beefing up your security is kind of like those, except they work. The situation described in the previous section may sound dire, however the fact of the matter is that there are a lot of tools already out there that you are either not using, or using incorrectly. You can change that for free, and a few hours of following instructions.
This workout plan has four categories: 1. Secure Configuration2. Access control and Administrative Privilege Management3. Patch Management4. Malware Protection
1. Secure ConfigurationThis is the biggest point of concern for computer security experts as reflected by the 'misc errors' category below.
If computer security were a house, and having a password is having a lock on your doors, secure configuration is having doors. Only have as many doors as you need.
1. Any account on any electronic device (including default accounts) that isn't being used should be removed. Don't know why it's there? Remove it.
2. Don't use default passwords, swap them for a strong password.
3. Any applications you've had for years but haven't used; delete them.
4. Disable auto-run for USBs and other insertable media.
5. Your computer has a firewall, turn it on. Got it? Good job. Now configure it to block unapproved connections by default.
2. Access control and Administrative Privilege ManagementA computer has an internal list of rules referenced by the operating system to determine what different user accounts can and cannot do. If one of these accounts is compromised by a malicious entity, that entity can access whatever the account can access. This is having a registered you-know-what on your road, and telling your child to not take free candy from them.
1. Give each account access to only what it NEEDS. You should have an admin account separate from your day to day account used to do computer maintenance.
2. Admin accounts should only be used to perform legitimate admin activities, and should not be granted access to email or the internet.
3. Change your admin password every few months.
4. Require passwords during log-in.
3. Patch ManagementThis is making sure your house is being maintained. Remember those good-guy programmers running on the treadmill? Well, all that work they're doing is no good if you don't download the updates that they make to their code.
1. Use only legally purchased so that you receive software updates. 2. Install these updates in a timely manner. Remember that scary story from 2014 about Heartbleed?
An update solving this issue was made available within days of its update. A year later 33% of servers had failed to install this update. These servers are still vulnerable. 3. If software is no longer being supported, remove it.
4. Malware ProtectionAnti-malware programs scan files and websites and check for publicly known threats. This is having an in-house security team.
1. Install anti-malware software on all computers that are capable of connecting to the internet. There are lots of free alternatives out there; I am currently using one called Sophos.
2. Configure software to scan all accessed files and web pages.
3. Conduct a full scan of your computer every month. Going out for lunch for a few hours? Before leaving, click the scan hard-drive button on your anti-malware program.
And with these...The degree of sophistication in your implementation of these features is likely determined by the value of the data that you are protecting. If you're the average internet user, at the very least you should be able to understand these concepts and have them existing on your computer and in your home network at some degree. The firewall stops internet evil-doers from ever reaching your computer, should these evil-doers "get" to your computer, a secure configuration makes sure that the number of doors leading into your computer are limited, malware protection will alert you if an evil-doer has managed to enter your computer, and patching your software helps to ensure that what the evil-doer can do once on the inside is limited.Together these features are the equivalent of washing your hands.
Be safe out there!We tend to think of malicious programmers as working in late night hours to crack our security defenses. While in certain cases this might be the case, for the vast majority of cases this is not so. Most in-home security breaches occur because there are known security flaws that malicious hackers exploit. While even being aware of these steps isn't going to make you 100% impervious to the evil-doers of the internet, there is one last thing you've now got going for you.
As the old joke goes, you don't need to be faster than the bear, just faster than your slowest friend. Even for an internet evil-doer, stealing data can be difficult. Luckily for the internet evil-doers, the average internet user isn't properly protected. There are plenty of unarmed sheep in the world, so they're much less likely to waste their time on you if you take even the most basic measures toward security.
• Wikipedia (Yes, Wikipedia!) has as good a history of
the internet as any.
• Lecture on the five step workout plan for computer security.
• Verizon's annual data breach report.
• A free e-book that goes in depth on the issues above.
• The security measures above are incredibly adept at keeping you safe, and as a result in instances in which a user implements all of the 4 features discussed, issues arise when users unwittingly invite malicious entities in. Learn how to avoid this.