One topic that comes up from time to time is how do people keep themselves safe online in todays technology rich environment. This is one of those areas where a little bit of knowledge can go a long way. First thing to note is not to rely too heavily on security products like Antivirus, Antispyware and Firewalls. These products you will need to invest in, especially if you are in a Windows Environment. Mac and Linux can get away without using Antivirus and Antispyware however some sort of Firewall is advisable.
Over my reasonably long tenure in the IT industry one truth has been constant, that being the weakest link in any security system is the human one. This is not a criticism against people or me telling you that most people are stupid. It’s more that most people aren’t aware of some of the things unsavoury people can use to convince people to let them in.
The technique used for conning people into compromising the security of the network they are using, whether this is your home and a business network is called Social Engineering. This technique is as old as computer networking and is the most effective to use against a system and the hardest to combat against.
Social Engineering is the number one technique for getting into someones computer. This technique can either be by phone or email. The most common is email since you can scale the attack (as in send multiple emails), as in send lots of emails whereas you can only interact with one person at a time by phone.
Both of these types of sites are havens for spyware and trojans and have been from the beginning.
The fact that pornographic sites appear on the Alexa sites list (this is a list of the highest trafficked websites) is evidence that allot of people are going to these sites.
One of the longest running cons is for spammers to send you an email themed to look like it came from a bank. These generally ask you to change your username and password. Note: do not go to sites from unsolicited emails!!! Â If I’m at all interested I will Google search for the site and go to it that way. I repeat…Do not click on links in unsolicited emails.
As per the above tip do not open attachments from unsolicited emails. It is just not worth the risk.
I know it’s convenient to save your passwords in your browser however I’d would strongly recommend that you do not do this with critical sites. By that I mean sites you cannot risk being compromised.
One of this biggest issues in IT security is the use of weak passwords. The easiest attack to instigate against a system is call a dictionary attacker. With this the attacker uses an attack program to systematically try every possible username/password combination contained in a list of dictionary words. So if your username and password is either a name or a word in any language dictionary then it can easily be broken into.
Like most people I have some standard passwords I used across allot of the web. I will however stress that any of my critical accounts are different from these. I don’t want to risk someone compromising a website I don’t use very often. An attacker could use the captured details to attack my bank accounts or any other critical sites I use.
I know it’s tempting to just pop onto the public wifi in the shopping centre/mall and that’s fine for general browsing. I recommend not doing any e-commerce or bank transactions on these. You never know who else is on the network and whether or not they are hostile.
Since I’m paranoid I rarely use public wifi. That’s what a broadband dongle or phone tethering is for.
Wifi has definitely gotten more secure however it’s still far from adequately secure. While most access points now have encryption and passwords on by default that still actively broadcast. So anyone with a wifi device like a phone or a tablet can see this.
Turn SSID broadcast off. This is the name the Wifi stations announce themselves as when your phone, table or laptop picks them up. Â Every modern access point I’ve used has an option to turn this off. What this means is you will have to manually add your wifi. Yes I know this is a pain however it makes you wifi so much more secure and your computer will save this so you should only have to do this once.
Make sure your SSID cannot be guessed. Once you’ve turned off the broadcasting ensure you SSID cannot be guest and is definitely not the one it came with from the factory. Note letters and numbers can be used.
Make sure the password is a strong one. Ten characters long and a combination of uppercase, lowercase, numbers and letters can be used. Since it only needs to be entered during initial connection you can go crazy with this one. Note: I just start typing random numbers and letters.
Turn the Mac address filtering on. What this does is help to prevent unknown devices to connect to your access point by only talking to known Mac addresses. A Mac address is the unique identifier of the network adaptors in your computer. If you have a laptop you likely have one for you ethernet port (the one you plug the blue cable into) and one for the Wifi adapter.
Yes I know your wifi can still be compromised with these features turned on however it is going to take more than the average set of skills to do this. Since allot of houses have them these days the attackers are likely to pick an easier target.
For those of you with an iPhone make sure you turn the “Personal Hostspot” off when not in use. While iPhones are great devices (i have one myself) this particular feature is not as secure as I would like.
Recently I have been repeatably contacted by someone calling themselves “Telstra Technical Department” advising me that my computer has been compromised. Now these people keep hanging up on me because I keep saying things and asking questions that they are unprepared for. I believe that they sound credibly enough that people are likely to fall for this.
Plus there is a warning about this on Scam Watch website so it must be working.
So wrapping up if you follow these tips you will have gone a long way to stopping allot of the common risks online. This article is in no way exhaustive and new threats are coming out all the time. So it pays to keep informed about new threats to help keep you safe online.
Copyright © 2020 | Ben Hutton