Sponsored Links
Oakfield Computer Services
More on Security.
This page gives an overview of additional security topics which starts with a little preamble :-
Most companies employ administrators to oversee all aspects of computer and network security. Discipline is imposed, not voluntary. Breach of security can lead to summary dismissal. Companies that allow their end users to copy data to USB memory sticks, CDs, even floppy disks invite data loss / theft which may infringe the Data Protection Act (1998 2003).
Banks claim a high level of security, with sophisticated hardware and a team of security specialists. On line banking has at least two significant weak links; our computers and our attitude to security.
Home users and small businesses have to rely on general products and the integrity of supplier websites.
Nobody gets fired in the domestic environment however. Security, even for the domestic user, is an area that is often neglected and there's no such thing as 100% security, you can't be too careful.
So why do we need to be aware of and use security ?
It isn't just about trojans, spyware or virus infection which will slow down your computer and probably cause it to crash. These are countered by good antivirus, antispy, and firewall products reinforced by good practice.
Bogus websites will gather information about you, and fool you into giving away personal details.
Some spyware is so persistent your hard drive has to be wiped and reloaded; time consuming and expensive.
Hackers know more about the internals of Windows (XP and Vista) than we do. They work in teams, are paid high salaries and probably have pension plans and paid holidays too.
Disposal of your old computer without wiping or destroying the hard drive may expose your private information to prying eyes and lead to identity theft and fraud.
Prevention is better and cheaper than cure.
Don't leave your laptop, briefcase, memory sticks, external hard drives or any valuable visible in your car or public place.
Locked rooms and locked drawers are a useful deterrent. Ensure your house is secure when you leave it.
Consider using a fire-proof box for your most important documents and software.
Don't give out personal information to anybody unless you're prepared to accept the risk.
Do not, under any circumstance use your business computer as a family computer. It will be ruined and you'll end up losing a lot of information if it isn't regularly backed up.
Shred all documents carrying personal information, gas bills, electricity bills, phone bills, bank and credit card statements to name the main ones. Don't make identity theft easy.
Use a mains 4 or 6 way socket strip which has anti surge protection built in.
These come in a number of flavours with or without protection for the phone. They're low cost items which could protect against serious damage to your computer in the event of spikes on the mains.
Use broadband filters with surge protection built-in.
Sudden removal of mains power can damage hard drives irreparably, do not switch your computer off at the mains until you've allowed Windows to "Turn off the computer" normally.
If your work is that important, consider using am Uninterruptible Power Supply (UPS). These start at about £60 and can give you that vital 10 to 20 minutes to back up work in progress and shut down your computer normally with Windows.
A detailed discussion and explanation of wireless security is beyond the scope of this site. There are plenty of sites on the Internet which will provide more information for the curious, just an overview here. There are four levels of security on wireless networks. Five if you switch your router / access point off.
First, write down your wireless network details, the network name or SSID (Service set identifier) , the encryption type (WEP :- 64 or 128 bit, or WPA usually PSK / TKIP) and the password or code. Write them down and put them in a safe plce.
Wireless network range varies widely depending on atmospherics, construction materials of your home, the wireless power of the router receiver / transmitter and your laptop or desktop receiver / transmitter.
Wireless networks operate in the microwave band and are line-of-sight.
50% of the signal is lost through a 9" brick wall. Fridges and freezers and other metallic objects will block the signal completely. So will underfloor heating pipes. Signal losses are compound, that is, in the next room there's only 50% signal, in the room beyond 50% of 50%, ie 25% signal or thereabouts.
Ideal positioning of wireless routers is dead-centre of the "globe of service", your home. In practice most routers are positioned close to the entry point of the broadband service. This means that the distribution of the signal is biased to one part of the house.
First level of security.
The level of security will also affect the range and speed of the network. The principle here is if it works with WPA encryption, don't change it. The lower levels of encryption, WEP, will still provide adequate security from the nearby curious but won't stop a determined hacker. A little bit of extra range can be gained by sacrificing a little security.
Second level of security.
Most routers will allow the broadcast of the SSID to be switched off. This increases security considerably since other wireless networks may only see what's called the MAC address of your router, not the network name.
Third level of security.
It's possible to limit which computers can access the wireless network by using MAC address filtering.
Fourth level of security.
Change the administrator password of the router. Write it down and store it in a safe place.
Fifth level of security.
Switch your router off when you're not using the Internet. If you don't, it will use about100 kilowatt-hours in a year. Multiply that up for the number of routers left on 24 hours a day in the UK by businesses and home users and then work out how much carbon dioxide has to go into the atmosphere for our Internet pleasure. Even when we're not using it. Switch it off at night if you can.
Do not use unsecured networks, it's not just about hackers gaining access to your data, it's also about the unsavoury stuff can be put on your computer.
Pharming, phishing, grooming and identity theft are the unfortunate realities of the modern age.
Credit card fraud isn't a new phenomenon. Twenty years ago the four major clearing banks declared about £160 million of losses due to fraud. Today the sum exceeds billions worldwide.
How did they get our card number, pin number, passwords and answers to secret questions ?
Because we told them.
We told them by leaving our bank statements , our utility bills, unwanted social security information, personal letters, copies of e-mails and even passport application documents out with the rubbish or recycling.
We told them because our computers are not 100% secure, we leave our computers on twenty four hours a day ( a computer uses about 10 watts in standby x 24 x 365 = 87600 Watt / hours, call it 88 kilowatts of power, just in standby) , and we click on a link in an e-mail which takes us to a phishing site that hasn't been logged yet. Phishing sites have a life of 24 to 36 hours before they're dismantled, but by then the damage has been done.
We told them because some scam Lottery has just sent us a winning ticket notification and asks us to a) call a number in Spain b) send a fax with details including bank details or c) provides a link to a site which will also ask the same personal questions.
We told them because we leave our username and password in the Internet browser and their spyware picked it up from there, or they used keylogger software to monitor our every keyboard keystroke.
We also leave things like laptops, mobile phones, CDs, and documents visible in our cars.
It's not all us though.
Some employees are less than honest, may have access to the our information and may want to further their own ends by perpetrating fraud using our details.
There are people who will go through dustbins and recycling boxes for this type of information. Why do you think the security services have CCTV overlooking their bins ?
Avoid identity theft by keeping all computer security thoroughly up to date. Use products like Sitehound which will provide a measure of protection whilst browsing the Internet.
Shred important documents. Shred documents that have your name and address on them.
Follow some of the suggestions on this page and take more care, the suggestions here are only a guideline.
Carelessness can cost you much more than money.
When you use someone else's computer, in a library, Internet cafe or Internet kiosk always remember to clear the Internet files and log off your username from Windows.
Don't use these places for Internet banking or any financial or private transactions.
Don't leave your details of browsing history or passwords for someone else to see.
If the data is that important, encrypt it. Don't forget the password, write it down and keep it safe.
Windows Vista Ultimate provides an encryption capability (untried) built-in.
If you intend to donate your old computer to a charity or abroad, be thorough when removing private data. At the very least reformat the hard disk, put some dummy data on it and wipe it again.
The MOD (many years ago) insisted that hard drives were formatted seven times with different binary patterns to thoroughly scrub the magnetic image on the surface of the hard drive platters. Today forensics can detect a magnetic residue after many more disk formats than that.
One client of ours always removes the hard drives from their old computers and physically destroys them, and then recycles the metal component.
Whatever you do always :-
Destroy My Documents
Destroy any folders outside My Documents that contain private data
Destroy e-mails
Destroy the address book
Do a thorough maintenance that clears all history
Destroy all usernames and delete the files then create a new username
You could also use Tune-Up utilities to electronically shred important data.
It's easy to read a hard drive for deleted data, even after it's been formatted. Either remove the hard drive and smash it to pieces with a sledge hammer or re-use it in a USB enclosure as an external hard drive for the remainder of it's useful life.
Then take the old computer, monitor, printer or components to the dump at St Phillips or to your local council domestic refuse site which caters for electronic consumer equipment. Please dispose of it responsibly. Don't forget to check the CD / DVD drive to make sure there isn't a data CD / DVD left in them.
A website can be an asset that earns money and you may want to think about including it in your will. It may also contain intellectual property which may have value.
Our computers contain private data. Who is going to dispose of the computer(s) when we die ? Please refer to the section on computer disposal above, perhaps it might be wise to leave specific instructions in your will.
Click the "Shields Up" link at Gibson Research's site to test your security. Click here to navigate, use your web browser back arrow to return to this page. It costs nothing and may help you to to tighten up your security.
It's an interesting site with a wealth of information, well worth a visit.
Click here to find out a little about your own details.
© Oakfield Computer Services 2002 - 2009 Updated - 23 Jan 2009
