I am a security expert. Really. At the company where I work, the network director and myself are in charge of making our company PCI compliant, no small feat for a tier 1 company. What this means is the security of our network (the responsibility of the network director) and systems (my responsibility) follow stringent best security practices.
This means I am very aware of computer security. Add to that the fact that I am also in charge of our companies disaster recovery plans and hot site, and you can see that I just might have some expertise in these areas.
I practice good security on my home systems as well. Yes, security is a pain in the backside, but cleaning your system of viruses or trying to recover your files after your hard drive has crashed is an even sharper and more profound pain.
So here are some quick tips on some things you can do to secure your system. My expertise is on the windows platform; I will not be discussing Linux or the Mac system.
I'll be writing more detailed articles that go more in depth later.
Patching Occasionally someone finds a way to get past the security of the operating system or application by exploiting some flaw. These exploits can allow a hacker to do horrible things to your computer, from making it crash all the way to using it as a spam-sending robot zombie to observing your keystrokes looking for credit card numbers. The best way to stay ahead of this game is to ensure that your system is always up-to-date on current patches (updates which repair the vulnerabilities). Best practice: enable automatic updates to be automatically downloaded and installed.
Antivirus Some foolish people believe they can run a windows system (any version) on the internet without antivirus. There really is no option here as Windows simply is not safe without an antivirus solution set to real-time protection. This means everything is checked for viruses as files are opened. This is especially critical now that web pages themselves can contain viruses which infect your computer invisibly simply by viewing the web page. Best practice: Install a good antivirus program set to real-time protection, scan once a minimum, and automatically update the definitions at least weekly.
Firewall Hackers are always looking for systems on the internet to attack. At my company, we receive thousands of these probes against our network every single day. To prevent these hackers from getting into your system, you must have at least one firewall protecting you, and it is better to have three: Windows firewall, a third-party firewall and the firewall in your cable or DSL modem. Best practice: Turn on Windows Firewall, get a third-party firewall such as the one which comes with Mcafee antivirus and turn it on as well, and enable the firewall on your DSL or Cable modem
Backups If there is one thing you can count on, it's that you will, at one time or another, lose the data on one or more of your hard drives. This is especially true of the newer, extremely cheap USB and firewire drives - they have problems with drive degradation due to overheating. You MUST back up your data often and automatically. You can use disk-to-disk, disk-to-tape or disk-to-DVD (or CD). Just use something. Best practice:Run regular backups disk-to-disk if possible, other media if not.
Off-site backups Someday something might happen to your home: a fire, theft or earthquake, for example, and then any data on those systems is lost. I heartily recommend a project such as Carbonite or Mozy, which performs over-the-internet backups automatically. Failing that, ensure you keep a copy of your data on a disk, DVD or tape somewhere safe, preferably out-of-state. Best practice: Use an over-the-internet product such as Carbonite to automatically back your data up over the internet..
UPS Electrical power does strange things every once in a while. It fails completely, has brownouts and spikes of power. The best way to protect your equipment is to install a good UPS. Best practice: Get a good UPS and plug everything, excluding the printer, into it. Install the automatic powerfail shutdown software to turn off your computer if the power fails for longer than a few minutes.
Passwords Passwords prevent people from getting to your system; or at least make it harder for someone to get access to your system. Best practice: Ensure your system has a password protected screen saver enabled and set to automatically turn on after a few minutes of inactivity.
Secure Internet Explorer By default Internet Explorer grants an obscene amount of privileges to unknown and untrusted web sites. You can control this and make harder for malicious programs to gain access to your system. Best practice:Set the Internet Zone security to high, then manually add sites which you trust and which need more privileges to the Trusted zone.
Email protection Many viruses come in through email. Your antivirus program should give you some protection against these viruses, but you can go a level higher by ensuring the highest spam protection is set in your email application. I use the paid version of Gmail ($50 per year) which includes very sophisticated spam filtering and virus filtering. Best practice: Ensure your email is virus filtered at the server by finding the antivrus controls and setting it up appropriately.
Be cautious Be more observant and more careful about what you do on the internet. Browsing hacker sites or porn sites is probably among the best way to get your system thoroughly infected with viruses, closely followed by downloading and installing software from untrustworthy sources. Best practice: beware of the so-called bad neighborhoods (such as porn sites) and avoid them unless you KNOW they are good.
There are many, many other things you can do to protection your computer and it's data from the evils of the internet world. But if you follow the best practices above, your computer will be reasonably secure.
Unless otherwise noted, all photos and text is Copyright © Richard G Lowe, Jr.