InfoSec360

Passwords You Should Not Use…

Posted on 26 January 2010 | No responses

People who go online and create accounts have a tendency to create login IDs and passwords that are easy for them to remember.

The problem with that is usually those passwords are also easy for a hacker to figure out and then use to get into your accounts.  Here are some passwords that are considered the most commonly used ones and are ones you should refrain from using any variations of…

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)

So what kinds of passwords should you be creating? Well try not to create passwords that are actually words that appear in the dictionary. Try to create passwords that include such characters as:

! @ # $ % ^ & * ( ) ” : ? > +

The passwords should include a mixture of numbers and letters and remember the longer the password the harder it is to figure out!

Do a search on worst passwords and take a look at some of the articles to get a feel for the situation. Here’s a link to a Chicago Tribune article that talks about just this very subject. Enjoy!

http://archives.chicagotribune.com/2009/may/22/business/chi-tc-biz-id-theft-0521-0522may22

So you just got a new computer…

Posted on 24 December 2009 | No responses

Ohhh the smell of new hardware! That fancy wrapping…whoo!!

Here’s something to consider.

1) Read EVERTHING before you turn the computer on. Just to make sure there is nothing that you might have missed that could prove quite aggravating when trying to get the computer to work. Consider this… NO security program is totally fool proof (why do you think the best ones offer regular updates?).

2) BEFORE you start loading all sorts of cool programs. Install a good ANTI-VIRUS suite. Such programs should protect you from intrusions, virus and malware installation attempts. That way you are protected from the start.

3) BEFORE connecting that computer to the internet, complete step number two above.

Should you be “paranoid”? No. That would take the fun out of everything. Just be aware that there are steps you should take to protect yourself from those who’d rather spend their time making your life miserable for whatever reason. Take those steps so that those people would find you a less appealing target and you could spend your time enjoying that nice new computer!

Related articles by Zemanta

• More Viruses News (computerworld.com)
• iPhone worms can create mobile botnets (theregister.co.uk)
• FBI: Pop-Up Security Warnings Pose Threats (lockergnome.com)

Some Tools to protect your kids online

Posted on 24 December 2009 | No responses

Just as home users need to be aware of security issues so too do users in grades k-12, higher education and users in businesses small and large.

Ran across this site while doing some research…

NCSA – National Cyber Security Alliance
Web site: STAYSAFEONLINE.ORG

Their about page states:

“NCSA’s mission is to empower and support digital citizens to use the Internet^G securely and safely, protecting themselves and the cyber infrastructure.

NCSA, a 501 c (3) founded in 2001, is the pre-eminent public private partnership, working with the Department of Homeland Security (DHS), corporate sponsors(Symantec, CISCO, Microsoft, SAIC, EMC, McAfee), and nonprofit collaborators to promote cyber security awareness for home users, small and medium size businesses, and primary and secondary education.”

This organization has partnered with companies like AT&T, Cisco Systems Inc., SAIC,The Dept. of Homeland Security, Microsoft, Google, Symantec and others.

The site contains information that could be useful for home, school and business users.

Here’s a link to their top tips page:

http://www.staysafeonline.org/top-tips

Related articles by Zemanta

• Symantec Offers Cloud Computing Security (web2.sys-con.com)
• FBI Probes Hacks at Citibank (deurainfosec.com)

For Home Computer Users

Posted on 24 December 2009 | No responses

Here is some background information originally released in 2002. It talks about the need for intrusion protection from the home pc perspective and why. Though it is not a new document the information contained in it is timeless. Take a minute and look it over. Let me know what you think after reading it!

Here is the link to the page:

http://www.cert.org/homeusers/HomeComputerSecurity/

Top 5 Things You Must Do to Secure Your Computer

Posted on 11 October 2009 | No responses

Do you fear your computer may be vulnerable to attack or intrusion?
Many people do.

It is hard not to when reports of cyber crime are now mentioned on the six o’clock news.*
BBC News reported Friday, February 8, 2008 that  “Malicious programs hit new high”.  What can be done to protect your computer?

Below are my top 5 recommendations.

1) TAKE INVENTORY:

Have you ever had a home damaged by fire or flood? Do you remember what information the insurance forms asked for?
What did you lose? How old was it? When was it purchased? In order to secure your computer(s), you first need to know what you have. Take inventory: Who is the manufacturer of the device? Is there a model number? What software is loaded? Is there a revision level?  Write down all the information and store it somewhere other than your system (just in case your system crashes or dies).

2) USE A MULTI-LAYERED APPROACH:

Now that you know what you have, you can begin securing it. Start with the physical.  Is the equipment on a surge protector? Is a battery backup necessary? Then go to the software:  Is the hardware’s BIOS updated? Has the password been changed lately? Do you have the software patched? Do you have anti-virus, anti-malware, and a good firewall?  Is the wireless solution sufficently hardened?  Are the application settings at an appropriate level? These are a lot of questionss, but they are all worth asking.  By the way, if any answer is “No”, put this on the To-Do checklist of items to address.

3) STAY EDUCATED:

Once you have a solution in place, that’s not it.  You must continually update it because the landscape of threats and vulnerabilities are not static.  Keep yourself educated on the newest threats.  This involves reading electronic newsletters, visiting security websites or websites with security articles (like this one), and attending webcasts or subscribing to podcasts.

4) STRENGHTEN YOUR WEAKEST LINK:

Did you know you could do all of the above and still fall victim?  One reason is that your weak link was used.  How easy is it for a user to click on the popup that asks, “Are you interested in signing up for this jig-a-ma-bob?, Click Yes or No”.  The trick is that no matter what you click, the action of clicking the button has initiated a download of malware or siphoning of data… Educate all users.  You don’t want the weakest link to be your downfall.  Also, turn off all unneccesary processes.  Not only are you saving energy (the green thing to do), but you are also closing another avenue or point-of-failure.

5) SOMETIMES YOU HAVE TO CALL IN THE PROFESSIONALS:

Sometimes you get to a point when you have to call in the experts.  You have tried all you know and it’s not enough.
Take good notes (making sure to answer the “who”, “what”, “when”, “where”, “why”[if you know] and “how”) and then call in the professionalS.

Following these recommendations will help secure your computer(s) against attacks and intrusions.  Caveat: no solution is 100% fool-proof, but following my top 5 recommendations will put the security of your system(s) well ahead of the curve.

* BBC News article: http://news.bbc.co.uk/2/hi/technology/7232752.stm

older posts »