Security, Security, Security

Posted by Jim Van on June 3, 2011 under data security, entrepreneur, security, small business | 6 Comments to Read

I know…it’s yet another primer about computer security….but, in conversations I’ve recently had with both clients and friends (sometimes, they’re one and the same…), it’s become pretty obvous to me that many users don’t understand computer security and the simple steps to ensure that your system is safe and secure, and that your data (or your clients’) is protected.

Computer security is protecting your computer and, more importantly its data, from a variety of forces including malicious software, malicious individuals & even simple carelessness.

There are certainly a lot of terms used in the news these days when reporting on computer security breeches, so let’s try to define some of them:

A denial of service (DOS) attack’s sole purpose is to prevent users from accessing, or at least getting full benefit from, one or more of their systems. A typical example would be flooding a targeted web server with so much traffic that it can’t respond to legitimate requests. Think of it as the cyber equivalent of parking a car across driveway entrance, denying access to anyone who tries drive in.

Change your password every three months.

No password is unbreakable when you tell people what it is. By letting it languish on your system for long periods of time, you, in a sense, are giving others the opportunity to grab your password, either through sophisticated snooping, or sometimes just simple observation. The best defense: Change it every 90 days. Use AT LEAS 8 characters, at least one of which should be a capital letter, and at least one of which should be a number. Example: u778T?vf0. You could make it easier to remember, but there are risks. One easy way: pick two words. We have a small sailboat, and each time we take her out, we have to set her up, including attaching the rudder. So, in theory, I could use something like “attaC8!Ru4deR as my password. Avoid using names, especially of your kids, nieces, nephews, siblings, etc. Password hackers eat those combinations for lunch. 8 characters is minimum, 15 is better, and 20+ is perfect. Another example: I have a friend who uses an address at a place he once lived in Spain as his password, which looks like: calLeCptCorT5zR0t1#sP2na (Calle Capitain Cortez Rota Espana). Anyways, you get the drift, right? Longer is better.

Firewalls: If you’re connected to the internet, you need a firewall. While many cable, FiOS and DSL providers offer some kind of protection, it’s really up to you to protect yourself. Untangle is one example of a free software-based firewall application that can be downloaded and installed by users with some technical knowledge. Logicomm sells a variety of software and hardware-based firewalls well suited for small business, all very reasonably priced.

Viruses, Worms, Malware, Spyware, Scareware, Trialware.

Lots of words get thrown around regarding computer security. The seven above are most commonly used, and mis-used. Let’s get some definitions straight:

• Malware – is simply any application that is written with the intent of infecting and damaging a computer. That being said, there are several types of malware:
• A virus is a small piece of code that infects files and replicates itself, similar to what a live virus does to a living creature or plant. Not all viruses are malicious. Some simply take over a small section of the host machine, and replicsate, opening up security holes and exposing your system to even more attacks. At the least, someone is using your computer without your permission, and using disk space that belongs to you without your authorization.
• Worms, on the other hand, are self-contained programs that replicates themselves. While a virus relies upon a host file of some kind to infect, a worm works fine on its own, thank you.
• Spyware can be made up of either a worm or virus ‘bot’, a small piece of code that infects your system. Once established,it can log keystrokes made on the host machine, gaining access to information such as credit cards, social security numbers, passwords, in short, just about anything that can be typed in.
• Scareware – ever get those lovely pop-ups warning you of massive infections, and providing a button to click to rid yourself of the offending infections? These have been a gold mine for their authors, as they not only generate revenue for sale of a bogus security application, but they frequently open up more holes than they repair. Avoid them at all fcosts.

Using an effective Anti-virus program

Virus Scanner work by scanning code in memory and/or on hard drives. There are two basic types:

• Signature Scanners – search file content, looking for unique signatures that identify a virus. Almost every piece of data or code, viruses included has a unique string that can be used to find it. However, it is important to keep the virus definition files up to date so they can catch viruses or worms that have recently been identified. I can’t stress the importance of keeping your virus definitions file up to date. Many applications update automatically. Make sure yours does.
• Heuristic Scanners are different. They work by looking for viral behavior. They don’t rely upon signatures, instead they monitor activity and look for suspicious activity. They are much better at catching new viruses because they don’t have to wait for signatures to be updated and they tend to have fewer updates that you have to worry about. They are more unusual, however, and will only catch viruses who have behaviors that the scanner is watching for.

Hope this helps you better understand the world of cybersecurity. Did I leave anything out? Do you have other questions? Feel free to post them in the comments section below.