Random Post: KeePass
RSS .92| RSS 2.0| ATOM 0.3
  • Home
  • About Me
  •  

    Protect Your Online World

    December 28th, 2014

    As our everyday world becomes more dependent on Information Technology (IT) everyone must take steps to protect themselves from malicious threats. Government agencies and large corporations have large budgets for cybersecurity teams to prevent, detect, and respond to intrusions. Unfortunately home users typically do not.

    I’m sharing my thoughts on how to protect yourself and your family. Some steps may seem obvious to those who work in the IT field, but I hope you still find this information useful.

    Email Account

    Your primary email account is one of your most important assets. If someone can access your email account, they can do some very bad stuff:

    • Read your private correspondence.
    • Impersonate you by sending email from your mailbox.
    • Read information about your contacts, and use that to attack them.
    • Prevent you from accessing your email by changing your email password.
    • Reset your other passwords as most services allow a password reset by emailing you a link to click.

    You should take extra precautions to protect your email account. I recommend the following steps to protect yourself:

    1. Use one of the major online email providers like GMail, Outlook, or Yahoo. They typically invest in the latest security standards and provide the most user friendly experience. Also, if you use your Internet Service Provider (ISP) to host your email, you will need to change your email address whenever you change your ISP.
    2. Use a complex and unique password.
    3. Turn on two-factor authentication.

    Passwords

    Nearly every website and service you subscribe to asks you to create an account with a username and password. Unfortunately it is increasingly common for websites to be compromised which can expose your password to the attacker. For these reasons, I recommend that everyone use a password management tool to keep track of them.

    1. Use a password manager. Consider an online service such as LastPass, RoboForm, or Dashlane which can synchronize your password database among several computers and handheld devices. Alternatively you can use software such as KeePass, 1Password, or Password Safe which keep your password database protected on your own PC. If you’re really old fashioned, a paper notebook and pen will work though you run the risk of losing it.
    2. Use long and complex passwords. If your password is short or easy, malicious software can easily guess what it is. If you can remember a password, it is probably not a good password. Every website and service has different requirements and limitations. I recommend at least 10 characters with a combination of letters, numbers, and symbols. Password managers make this easy. They can generate and type complex passwords for you automatically.
    3. Never reuse passwords. If you reuse passwords, an attacker can capture your password from one hacked site and use that to compromise your other accounts too. Password managers make this easy, and can even warn you if you reuse a password unintentionally.
    4. Safeguard a backup copy. Regularly make a backup copy of your password database and keep it in a safe place. This might be on a USB drive in a small safe at home, or in a safety deposit box at the bank.

    Two-Factor Authentication

    To establish who you are, most services require only a username and password (something you know.) A second factor might be something you have (such as a cellphone or token.) This makes it much more difficult for someone to impersonate you or gain unauthorized access to your account.  Your ATM card operates on a similar principle, your card is something you have, and your PIN is something you know. Someone with both can withdraw cash from your account.

    Tokens come in both physical and virtual form. Your most important accounts like email and banking should support two factor authentication. Google, Microsoft, Apple, Yahoo, LastPass, and Facebook all support multifactor authentication. Turn it on!

    • Phone – After you login with a password, you will receive either an SMS text or phone call with a one-time code. You must also enter that to continue.
    • Authy – Use your smartphone or laptop as a soft token.  Syncs among multiple phones/devices.
    • Google Authenticator – Use your smartphone as a soft token for multiple web services.
    • YubiKey – A physical token that supports USB and NFC connection.
    • Symantec VIP – Both soft and physical tokens, supported by some banks.

    Use Security Software

    Anti-virus (AV) software became very common in the 1990s as malicious software began to be more common. AV providers will identify, track, and create signatures for known viruses. Today, malicious software can be automatically generated so fast it is no longer possible to keep up. AV software alone will not protect you anymore.

    I recommend a comprehensive security suite such as Norton Security, McAfee LiveSafe, Kaspersky, TrendMicro, Webroot, or Bitdefender.  Be sure to enable both anti-virus and firewall features. Most of these packages protect multiple devices and include online backup and password management features. All of these are purchased on an annual subscription, but you can sometimes find a better deal from a reseller like Amazon.

    Automate Backups

    Use an automated backup solution to keep backup copies of your important files, photos, videos, and software. Backups are “recovery points” that can be restored in the event of hardware failure, data corruption, or malicious attack. More frequent backups provide more recovery points.

    External hard drives are a low-cost and effective place to store backup data. Both Mac and Windows come with free backup software that works with external hard drives. Consider using more than one external drive, and occasionally rotate them between your desk (for daily use) and a safe (in case of fire or theft.)

    If you have a fast internet connection, also consider a cloud provider such as Mozy, Carbonite, iDrive, Backblaze, or Acronis who can keep backups in your home, and in the cloud.

    Embrace Encryption

    Encryption protects data from being accessed by unauthorized parties. Typically a “key” is used to unlock encrypted data. Think of an encryption key as an extra-long password. Be sure your password manager uses encryption to protect your password database. Also ensure your backup data is encrypted so it cannot be restored without your key.

    Software Updates

    Flaws and vulnerabilities are found in software on a regular basis. Quickly apply updates to your device operating systems such as Windows, Android, Mac, and iPhone. If possible, enable automatic updates for trusted software so you don’t have to remember to do it.

    DNS Service

    Your Internet Service Provider (ISP) includes DNS service which translates the easy-to-remember names like google.com to more complicated IP addresses.  There are third party DNS providers that can provide enhanced security by making a configuration change to your home router.  This change will provide some protection to all your home devices.  Read more at OpenDNS, CloudFlare, and Google.

    Note: Updated on April 3, 2018.


    High Speed Personal Scanner

    October 5th, 2008

    I prefer to store documents digitally, rather than with paper in drawers.  I have long sought a way to quickly convert paper documents into digital form for archival and search/retrieval purposes.  I recently found a great product which sits on my desk, and does exactly that.

    Fujitsu ScanSnap S510 Instant PDF Sheet-Fed Scanner

    Increase productivity in a snap with the Fujitsu ScanSnap S510 Sheet-Fed Scanner. The S510 digitizes both sides of a document in a single pass at up to 18 pages per minute in color, making it ideal for a small office or home office environment.

    Changing how documents are managed

    • One button scanning to searchable PDF
    • Scan directly to Microsoft® applications
    • New multifunction Quick Menu feature
    • Easily protect, preserve, & share documents
    • Business card scanning
    • Color Duplex 18 pages per minute
    • Adobe® Acrobat® 8.0 Standard

    The Fujitsu ScanSnap S510 is around the size of a toaster.  I can put a document in its feeder tray (up to 50 pages at a time) and just hit go to start.  Both sides of each page are scanned simulateously.  When its done, a PDF is created and OCR processes begin.  It sits just to the right of my monitor in prime desktop realestate.  I use the ScanSnap regularly to scan bills, paper correspondence, and even drawings created by my kids.

    My only complaint is that the scanner driver is not TWAIN compliant, so applications like PhotoShop, and NeatReceipts don’t recognize it.  The “workaround” is to use the ScanSnap to scan first to PDF for import to other applications.

    Update: I should point out that this product is not cheap.  The average price is around $400.  At the moment, a $50 mail-in-rebate is available though October 2008 at Newegg.com.

    s510_header