I’ve been pondering the Palin e-mail fiasco of late. It never fails that it’s the simplest of things that leave open doors in environments. I had suspected that at some point this would happen: all the FUD that the overall security industry has heaped upon the average person has dulled their sense of security and awareness. And it’s starting to show itself in today’s environment. Last weeks crash seemed to mimic the crash we’ll likely see at some point in computer security.
Seriously. We should not have mentalities where employees spend their day poking their Facebook applications; that it’s corporately acceptable to never change our default password from the very first one we received; that laptops issued to mobile employees don’t come with security filters to prevent theft of intellectual property. Our environments are far too connected to ignore the simplest of security practices. People are starting to become lax in security in the wrong areas. There is a belief by many that local networks do not need to have security because, well, it’s internal. While we’d like to believe that all employees are here to do a good job and not go over to the competition, it happens.
So the obvious question is what do we do when we’ve pushed people to the limit of their wanting to be security minded and this has resulted in a more lax attitude towards the simplest of security features. So here’s a list of the simplest of things that you can do, whether at home or at work:
Passwords: Always use passwords and ensure they are a combination of lower case, upper case, special characters and numbers. The trick is to create a password that rememberable and doesn’t have to be written down to be recalled. First, let’s consider what not to use: birthdates, names of family and friends, no pet names, no kid names, no names of favourite teams, singers, actors, etc., do not use your SSN/SIN, or other common identifiers. Now, what should we use? A phrase that you like can be used as the password if it’s got enough varying characters and such. Alternatively, you can use a password generator like the following to create a password and commit it to memory. This is the method I prefer to use and have a variety of generated passwords committed to memory as “regular” passwords that I use.
Secure Network Practices: Regardless of what is being transported on the internal network, some form of network security should be utilized. Since most home environments today utilize wireless this should be easy to do. Products like Linksys WRT54G Wireless-G Router to create a secure local environment. I’ve used this particular brand for the last four years with great success. You can use this to ensure that any connections are protected, at least, by WEP. Again, you can use the password generator to create new passphrases to generate a good key.
Updates: It’s not just Windows that needs updates but also your applications, anti-virus programs and spyware detection programs. Keeping these up-to-date can help address those new virii that are and will be released. When you do your scans, put your system into safe mode and do the scan in that mode. If you run these scans when the system is fully running, it will slow down the progress of the scan and some trojans/virus will hide when the full kernel is loaded.
This is a good enough start but there is more to do and I will be adding those thoughts and ideas over the next few days and weeks. If there is an area of specific interest, let me know.