Computer security. The words somehow feel like they belong to two types of people: 1)
Malicious computer hackers who can cause servers to melt worldwide with the casual
swipe of their fingers and a sip of mountain dew. 2) The office IT worker who can
transform you into a narcoleptic with a stained oversized white t-shirt and a
one-sided discussion about the merits of the Hutt's mafioso control of Tatooine's
water supplies. Consequentially, when the topic of computer
security arises, the average computer user's eyes glaze over whilst simultaneously
running away at Olympic gold medal speeds.
This is bad. We (almost) all use
computers, and its our responsibility to help keep them safe. Who's at fault if
you get in an car accident when you're driving without a license? Who's at fault if you leave your door open every day and
come home one day to find out you've been robbed? A lot of your important
stuff exists on a computer somewhere. What you might not know, is
that avoiding having this stuff stolen is not hard nor time intensive; it can be as easy as putting on a seatbelt or
locking your door.
So how do we make sure that our computers are secure?
We'll get
to that shortly, but first let's understand why we are in a state of constant cyber
threat.
Better understanding why there is
danger will help us create a plan for stopping
danger.
Why There is Danger
If we negated threats stemming
from the internet, the world wouldn't be devoid of cyber-danger, however the vast
majority of problems would not exist. There is nothing
inherently scary about the internet, all it is, is the ability to transmit data
between computers. If we think of a computer as a person, the internet is
what gives it the ability to speak to any other person in the world. The only issue with this, is that when the researchers who were
designing what would one day be referred to as 'the internet' were working, they assumed
that the world was this :
when it is really sometimes closer to this : Dystopia
Consequentially, all the
security of the internet was not built into its underlying functionality at the time of
its creation, but has been added in layers since then. While programmers do a great job
of ensuring our data stays safe, the situation is akin to a treadmill in which
we must develop safety measures more quickly than bad guys can figure out how to
subvert them.
While it is concerning to think of such a volatile
battle for internet supremacy being waged of which you are victim to, as it happens you
are not unable to fight in it. The largest issue here at present however, is the computer industry's
failing at communicating to users how they should focus on defending themselves. For
example, take this graphic : Ouch.
Batting .200 isn't even good in baseball. Luckily, the next section is going to help us to acquire the tools
necessary to change that.
Stopping Danger
What if those "6 pack abs in 6 minutes" products actually worked? What if they
were also free? You'd give it a go, right? Well, beefing up your security is kind of
like those, except they work. Your computer now The situation described in the previous section may
sound dire, however the fact of the matter is that there are a
lot of tools already out there that you are either not using, or using incorrectly.
You can change that for free, and a few hours of following
instructions.Your computer in 4 hours
This workout plan has four categories:
1. Secure Configuration2. Access control and Administrative Privilege
Management3. Patch Management4. Malware Protection
1. Secure Configuration
This is
the biggest point of concern for computer security experts as reflected by the 'misc
errors' category below. Verizon 2015 Data Breach Report
If computer security were a house, and having a password is having a lock
on your doors, secure configuration is having doors. Only have as many doors as
you need.
1. Any account on any electronic device (including
default accounts) that isn't being used should be removed. Don't know why it's
there? Remove it.
2. Don't use default passwords, swap them for a strong password.
3. Any
applications you've had for years but haven't used; delete them.
4. Disable
auto-run for USBs and other insertable media.
5. Your computer has a firewall,
turn it on. Got it? Good job. Now configure it to block unapproved connections by
default.
2. Access control and Administrative Privilege
Management
A computer has an internal list of rules referenced by the
operating system to determine what different user accounts can and cannot do. If
one of these accounts is compromised by a malicious entity, that entity can
access whatever the account can access. This is having a
registered you-know-what on your road, and telling your child to not take free candy
from them.
1. Give each account access to only what it NEEDS. You should have
an admin account separate from your day to day account used to do computer
maintenance.
2. Admin accounts should only be used to perform legitimate admin
activities, and should not be granted access to email or the internet.
3.
Change your admin password every few months.
4. Require passwords during
log-in.
3. Patch Management
This is making sure your house is being maintained. Remember
those good-guy programmers running on the treadmill? Well, all that work they're doing is no good if you don't download the
updates that they make to their code.
1. Use only legally purchased so that
you receive software updates. 2. Install these updates in a timely manner. Remember
that scary story from 2014 about Heartbleed?
An update solving this issue was made available within days of its update. A
year later 33% of servers had failed to install this update. These servers are still vulnerable. 3. If software is no
longer being supported, remove it.
4. Malware Protection
Anti-malware programs scan files and websites and check for
publicly known threats. This is having an
in-house security team.
1. Install anti-malware software on all computers that are capable
of connecting to the internet. There are lots of free alternatives out there; I am currently using one called
Sophos.
2. Configure software to scan all accessed files and web pages.
3. Conduct a full scan of your computer every month. Going out for lunch for a few
hours? Before leaving, click the scan
hard-drive button on your anti-malware program.
And with these...
The degree of sophistication in your implementation of these features is
likely determined by the value of the data that you are protecting. If you're the
average internet user, at the very least you should be able to understand these
concepts and have them existing on your computer and in your home network at some
degree. The firewall stops internet evil-doers from ever reaching your computer,
should these evil-doers "get" to your computer, a secure configuration makes sure
that the number of doors leading into your computer are limited, malware protection
will alert you if an evil-doer has managed to enter your computer, and patching your
software helps to ensure that what the evil-doer can do once on the inside is
limited.Together these features are the equivalent of washing your hands.
Be safe out there!
We tend to think of malicious
programmers as working in late night hours to crack our security defenses. While in
certain cases this might be the case, for the vast majority of
cases this is not so. Most in-home security breaches occur because there are
known security flaws that malicious hackers exploit. While even
being aware of these steps isn't going to make you 100% impervious to the evil-doers
of the internet, there is one last thing you've now got going for you. Sheep and wolves
As the old joke goes, you don't need to be faster than the bear, just faster than
your slowest friend. Even for an internet evil-doer, stealing data can be difficult.
Luckily for the internet evil-doers, the average internet user isn't properly
protected. There are plenty of unarmed sheep in the world, so they're much less
likely to waste their time on you if you take even the most basic measures toward
security.
