Spiked Security

So far, I have offered advice for the normal dude, dudette, and the little dudesters…but Internet security is not just for big companies and homes; it is for everyone.  Today, I’d like to offer some tips for small-business owners on what you can do to protect your business.

In October, the National Cyber Security Alliance released its first study on cyber security practices of small- and medium-sized companies.  The study suggested that SMBs need to focus a bit more energy on security.

In these economic times, the thought of spending money on something you can’t see, stops threats you don’t know are happening, and you barely understand is hardly logical, right?  Wrong.

Let’s work from the outside in. By the way, for the homeowners who haven’t tuned out yet, this is a good stuff.

At your entry point, you have some form of connection to the Internet in the form of a cable modem, ADSL, ISDN, or other connection from a communications carrier.  Normally, they leave you with some box or other that has an ethernet (RJ-45) plug in it an tell you to plug a wire from their into your computer or local swith/hub.  This is where we want to start our protection.  What we want to do is to plug in a firewall between the carriers connection and your local computer or switch.

If you business is very small (less than 10 employees) you can go to your local big box retail center and purchase a router/firewall or cable router firewall from many vendors such as Linksys, Netgear or Belkin.  This box should cost less than $150 and is easy to set up.  Some of the more expensive models ($125 to $200) offer the ability to add annual subscriptions for anti-virus, email spam filtering and traffic management.  You should consider those options (we’ll talk about them further down the page).

If your company is larger, talk to a reseller.  You can find a computer network security reseller in the phone book, web, or by checking vendor websites such as Cisco, Checkpoint, Fortinet or Symantec.  Again, the firewall you need will cost between $300 and $1,000, depending on the size of your network.  These reseller can offer installation and customization assistance if you feel technically overwhelmed.

So you have plugged the new firewall into the circuit and followed the easy setup guide.  (It should have taken you about 30 minutes).  Make sure you CHANGE the password to something you won’t forget, yet is hard to guess.  Step one of basic protection in place.  Note to the homeowner: You can and should do the same thing.

Step two, the computers.  Your computers need protection too.  If you can afford to buy a good commercial package, this should be your first move.  For about $40 per machine you can get a great Internet security suite from Symantec (Norton), AVG, Avira, Kasperky, Zone Alarm and many others.  Again, if you are small business, you can set up individual systems. If your business is bigger and you can dedicate some computing resources,  set them up to work with a  management console.  Just like the firewall, if you do it yourself, you can buy off the web at any of those companies mentioned above or from your local network security reseller.  You want a personal firewall, anti-virus (or anti-malware), anti-spyware, and intrusion detection suite.  The companies I mentioned above all offer suites with all these features.   (There are a number of free packages available for home use but most charge for a business license.)

Now that you have installed a physical firewall and PC-based protection suites, you have completed the basic steps for protection.

The last step is to read my last couple of blog entries on safe browsing and browser add-ons and educate your staff. Remember, WHERE you browse and WHAT information you tell them is more of the security battle than all the tools in the world!   My blogs offers tips and education about safe browsing. Another group,  Stay Safe Online, has a great site with good information at www.staysafeonline.com as well.  In fact, check out their article here.  They point out even more resources.

So take a moment to think about cyber security at your business and your home.

The Internet is full of snakes; don’t let them eat you!
Spike

Dude, this is totally gnarly!

There is this great article from Herbert H. Thompson posted on Scientific American’s website that will blow your mind!  Thompson used information already on the Internet about his friends, and WITH THEIR PERMISSION,  gained access to their bank accounts!  Read this article and substitute “BLOG” with “Your Favorite Social Media Site of Choice.”

Spike was impressed!

The Internet is full of snakes; don’t let them eat you!
Spike

Spike made friends with a puppy today; that is, StormDawg.com!  

Bryan Jennewein, the Director of Social Media at infoGROUP and contributor to StormDawg.com, was helping me clean out my cage, so to speak, with some sage advice on my blog (no Mom, still not a blob!)  While he was visiting, we got to squeaking about safe surfing.  You really only need a wetsuit if the water is cold or the wax has sand in it and the surfboard rubs your chest wrong… oh, um, sorry…yet again another life.

OK, so Bryan and I were talking about safe web surfing and I gave him my top tools for making my browsing experience safer (or more annoying, according to my family), and then I thought, ”Hmm, I should make this a blog post.”

So here we go:

No matter what browser you use, install AVG Linkscanner, a free tool from AVG.  By the way, AVG’s anti-virus is great if you don’t have one yet!

Then set up OpenDNS for your house or computer.  Go to opendns.com and sign up.  It is free for most families and inexpensive for businesses.

Finally, add some great add-ons to your Firefox browser.  (You are using Firefox, right?) Some add-on suggestions: Ad-Block Plus, Ad-Block Plus Helper, Better Privacy, No Script and Ref Control.

With all of these tools, you can see which link in your Google search is safe to visit (AVG Linkscanner).  When you visit a web page, No Script will tell you all of the scripts that page is trying to run and from WHOM are they coming.  Start with only allowing the script from the main page owner and then allow ones you feel good about!   This will take a little bit of getting used to, but it will protect you from many bad things.

Last, when you close your browser, Better Privacy will ask you if you want to remove ## LSO Cookies.  YES, YES, YES!  Let the tool remove those flash cookies!

That should help “safe up” your surfing! 

The Internet is full of snakes; don’t let them eat you!
Spike

OK, I just ran into someone at work who did not have a firewall or antivirus at home.  It made my furry little head spin.

Really?  No security at home?  This must be fixed!  Read on.

Part One – Tools you must have before you browse

1. Viking helmet and a hazmat suit

Uh… sorry wait, that is another blog.

OK, the real list.

1. A firewall on your computer:

Usually sold as part of a firewall/antivirus package, this little gizmo protects your system from stuff wandering around the Internet. You do have some responsibility to pay attention to it when it asks you, “Hey! Should I allow this?”  If you always say yes, delete your firewall because you are making it useless.  Look the message – did you do what it is asking you to allow? IF you did, then ask why did it set off a security alarm?  If you really meant to do it, then by all means say yes!

2. Antivirus/anti-spyware on your computer:

Again normally bundled with your firewall, this tool looks at files you move to and from the Internet and at the rest on your computer.  It will try to determine whether the files contain things that could harm you.  Set it to be live all the time (usually termed “real-time mode”) and to scan you machine every day.  You also need to let it update itself with the latest Internet threats every day. These three are normal default settings on most good packages.

3. A secure browser:

1. Firefox is an excellent security-minded browser (and it is free).  If you really want to be secure, install an add-on called “no-script,” which will let you control any program (script) that someone wants to run on your computer. It’s a very cool tool.
2. Google Chrome.  This browser is also security-minded (and free).
3. If you insist on using Microsoft’s IE, then patch it every time Microsoft releases a critical patch.

4.  Little secure add-ons to make sure your browser is safe:

1. McAfee’s site advisor is free and colors your address bar green or red based on the safety of the site.
2. AVG’s linkscanner is also free and will tell you whether the link on your search page is safe with a green check mark.

5. Your own common sense:

1. Seriously, if you browse sites of a questionable nature you risk a higher chance of infection, so think before you browse.
2. Don’t share information unless you know why and to whom you are sharing it.
3. Be careful with your commerce.  Think before you buy.  Have you ever heard of this store before?  Have you done any research to find out if they are legit?
4. Is the webpage secure before you put in your credit card number, user ID, password, bank account number and so on… you get the picture!  Is there a little lock on the address bar or bottom status bar?

One last note, check out this site for more great advice!

Next time in part two: Tools from the Hardware Side

The Internet is full of snakes; don’t let them eat you!
Spike

It is official.  President Barack Obama has designated October as Cyber Security Awareness month.  As a furry little security adviser and citizen of the U.S.A. (rodent division), I am excited that cyber security is getting noticed and that the president is calling on all Americans to do their part to help secure our Internet. Check out the president’s 3-minute video here.   

Now as a security geek I am happy to see our government posting some good basic rules for Internet safety on their websites, http://www.onguardonline.gov/ and www.DHS.gov/cyber. 

This blog is all about taking basic steps to protect yourself and your family online. In his video, the president mentions some good basics.  In the next two weeks, I will post my own tips to help you all stay safe on the Internet.  So look for “Let’s Take a Step Back,” Parts One and Two!

I am just going to do a little guinea pig happy dance now…be safe and live securely!

The Internet is full of snakes; don’t let them eat you!
Spike

Spike is sad to report that AVG, a highly regarded security and anti-virus company,  released a report and recommendation this week that people avoid playing the Facebook games CityFireDepartment, MyGirliespace, Ferrarifone, Mashpro, MyNemesis, Pass-it-on, fillinthe, and Aquariumlife.

Sadly, those games have been compromised and exploit a vulnerability in the Adobe Reader or Acrobat tool.  Adobe has released a patch for those tools, so PATCH YOUR SYSTEM and PATCH your applications regularly.

For more information, check out the blog post here.

The Internet is full of snakes; don’t let them eat you!
Spike

Every few weeks Tuesdays are special, and today is one of those Tuesdays.

 Today, Microsoft Corporation will release a group of important patches for various Windows systems and functions.  Tonight or tomorrow you should update your computer.

In fact, Spike implores you to update your computer today or tomorrow!

Why patch?  Well, one of these patches arriving today fixes something called a “Zero Day Vulnerability” in the operating system.  A Zero Day Vulnerability is a section of code someone found in the operating system that can be exploited to do more than it was originally intended to do.  By not patching these, your system can be controlled remotely and used to do things you really don’t want it doing.

So patch…in fact check every Tuesday night to see if it is a “Patch Tuesday”.

The Internet is full of snakes; don’t let them eat you!
Spike

Sure you do!  There’s nothing more fun than having the FBI show up at 6 a.m., bust into your house and take all your computers away for a field trip…all of your carefully gathered stamp-collecting material (wink, wink, nudge, nudge) gone in a bad federal suit flash.

Not gonna happen to you?  You think, “Hey,  I don’t hack people, I don’t cruise questionable sites, I don’t do follow ‘those’ blogs.”

You don’t, but your neighbor might, and he may be using your wireless connection because you didn’t take basic precautions when you set it up. 

Let’s talk about wireless.  Wireless – also called WiFi or a Hot Spot – was designed around an international standard created to broadcast a network connection to computers.  The original wireless standard did not have any security because is was assumed years ago that this technology would only be in large businesses, universities, the government, etc.

Just like the Internet, wireless has spread to homes and everywhere else.  So at your house, if you just take your new wireless router out of the box and turn it on it, it will broadcast wireless to every computer within range (approximately 100 to 300 feet).  Everyone who can receive that signal can use your Internet connection.  In fact, the way most operating systems are set up,  they will use the strongest signal over a weaker signal.  In my master bedroom, my neighbor’s wireless is stronger than mine, which is two floors below in my basement. My laptop would connect to his network if I let it.

 What should you do?  Here is a list of basics: 

1. Rename your device:  It comes with a name from the maker, such as Linksys or Netgear.  So give a name - it can be anything and it really doesn’t matter as long as you remember it.
2. Stop the broadcast of the SSID:  The SSID is the name of your wireless device or router that calls out to the world every few seconds so computers can find it.  This setting is just an ON or OFF.  Turn it off.  By doing just this, many computers will not connect to you network first.
3. Start WPA (wireless encryption):  This requires that you choose a password and tell you wireless router and your computer what that password is.  Once you do this, only computers with the password can connect to your network AND - this is a big AND - you are stopping anyone with a wireless card from reading your traffic.  That’s right: If you don’t turn this setting on, your traffic is traveling the airwaves in clear text and anyone can see everything you sent to the Internet, even your credit cards and passwords.

 There are more settings, so read the manual,  but these are a good solid secure starting point.

The Internet is full of snakes; don’t let them eat you!
Spike

So I logged onto my Facebook account the other evening when I got home from work and my daughters are snickering and hovering behind me.  Not completely uncommon behavior for my daughters but a little odd.  So I check my home page, check on my Pirates (Facebook game), and head for my favorite game (Bejeweled Blitz) and begin to play.  They look disappointed and wander off.   My wife sits at the computer next to mine and says “Oh look, congrats, you got your 100k badge” and points to her screen.  So I look, and there is my daughter’s guinea pig looking at me from a little picture with my name under it and my badge I just got on her FB wall.  It took a moment, and then I realize what I am seeing.  So I turn back to my system and click “profile” and sure enough there instead of my blank picture (yes I did not post one) is a picture of our little black guinea pig in a doll school desk.   Both my girls and my wife are laughing as I realize, “HEY, I am a guinea pig!”

Long story but it has a point.  How did I become a guinea pig?  Well I shared my password.  Why would I, the paranoid security dude, do that?  Well that is another story, but, what happens when other people know your passwords is you become a guinea pig or worse.  This story is only cute, but if they had wanted to they could have changed many settings including the password and “taken over” my account.

Moral of the story:  Never share your password

The Internet is full of snakes, don’t let them eat you!

- Spike

How much do my friends know about me? A question often asked in the Facebook community.  How do you find out?  Well, build a quiz of course!!  Great, huh?!?  Um, well, maybe.  Before you do maybe the question you should have asked first is, “How much should my friends know about me?”  A recent quiz crossed my spouses virtual desk from a good friend of hers.  It asked simply to fill out a quiz.  Now, I have to admit, I am security person and more paranoid that most and a quiz that asks how much I know about someone seems both a little sycophantic and like a bad privacy idea. So we looked at the quiz.  After the 5th question I could have applied for a loan as her and gotten it, or made a phone transfer of funds from her bank.

Moral of the story here is, getting to know your friends is great and important, we are social animals, but keeping a certain level of privacy along the way is also important.

Last note, there is a scam quiz builder out there that “helps” you build quizzes for your friends while actually doing two things,  first building the quiz, and second pharming you for personal information which it sends to various websites around the world.

The Internet is full of snakes; don’t let them eat you!

- Spike