Tips Archive on internet and information security -- provided courtesy of Craig Herberg
Internet and information security is only as strong as its weakest link. In our experience, people, because of their trusting nature, and desktop computers present the greatest targets for fraud and other harm.
- Just what is information security?
- Information security, in simple terms, is about keeping your information resources available for proper and authorized use, and protecting them from unauthorized and inappropriate use.
- Where is a good place to start?
- With a good backup strategy. Even if you do a superb job preventing unauthorized and inappropriate use of your information resources, if your hard drive crashes and you have no backup, your information is not at all secure -- in fact, it is lost.
- What do you recommend?
- If you just need to backup your documents, you can do that with a jumpdrive available at any computer store or office supply. Just about any business, however, needs to be able to very quickly recover from any type of data disaster. Given the reasonable cost of external hard drives, disk imaging software and an external hard drive make it inexpensive and easy for a small business to quickly recover. We recommend Norton Ghost, which can be ordered on our products page or purchased at most computer stores.
Norton Ghost 10.0 requires Windows XP Home, XP Pro, 2000 Pro SP2 or later and at least 256 MB of RAM. One way to set it up is to have it do full monthly image backups and daily incremental backups. You can also have Ghost divide the backup image into smaller files, to simplify archiving to CD or DVD. Although the process will take longer, you always want to specify verify backup image after creation.
To prevent running out of space on your external hard drive, you should specify limit the number of backups saved for each drive. When disaster strikes, boot from the Ghost emergency boot CD to begin the recovery process. [NOTE: Ghost 10.0 includes support for high encryption, which is not available in earlier versions.]
- What do you recommend for removing spyware?
- Spysweeper is our favorite product for dealing with spyware. It is constantly updated with new spyware signatures, and is excellent at removing most spyware. In addition, it provides real time protection against spyware installation, browser hijacking, changes to your hosts file, and unauthorized programs starting when Windows boots.
Please be warned, however, that it does require a lot of system resources, and is not compatible with Norton Internet Security 2007. With Windows XP, 256MB RAM should be considered an absolute minimum, and 512MB or more RAM is preferred for best performance. This product appears to start up much more quickly if you check "Disable Splash Screen" on the Options menu.
- What about other anti-spyware tools?
- PC Tools Spyware Doctor is extremely good. Its removal and protection tools are on a par with Spysweeper, but its information on the spyware it detects leaves a lot of room for improvement.
Likewise, it's not for use with Norton Internet Security 2007.
Spybot Search & Destroy is good shareware, but, in our opinion, not on a par with the above two packages. Microsoft Defender, currently free, in our opinion, also belongs in the second tier of anti-spyware products.
All of the above packages are in our arsenal of available tools, in addition to
Hijack This, which is a great tool for the technically inclined, and one that should be used (if at all) with great caution.
- I am a mental health provider who uses a Linksys wireless network in my home office. Do I need to do anything to secure it?
- Absolutely! Out of the box, your wireless network opens your HIPAA protected information to your neighbors without wireless networks, and, more importantly, to the criminals who travel around sniffing for open wireless networks.
- Somebody from support called and asked for my username and password, to fix a problem (I didn't know I had) with my account. What should I do?
- NEVER give out your password. The same goes for your (ATM etc) PIN. Unfortunately, a lot of people have been victimized by the problem with your account scam.
- During slow times of my work day at a DOD contractor, I would like to download songs from peer-to-peer networks like KaZaA. Is this ok?
- Aside from the legal implications regarding intellectual property rights, you could unintentionally be granting unfettered access to people around the world, with incorrect setup. Even if national security is not involved, do you really want strangers to be able to have free rein with your computer? Hopefully, the firewall will block access to peer-to-peer traffic, but our advice to people at home or the office is don't do it. The security risks are too great.
- What should I do when I get email with attachments from people I don't know. The email sounds important?
- Delete it. In most cases, current anti-virus software will catch these (likely) viruses, but there are exceptions. You should even be careful about opening attachments from people you do know. Always check with them to make sure that this is not some sort of malware making its way around the internet.
- I just got an email that appeared to be from my bank, asking me to click on a link to login to my online account. What should I do?
- Be very leery. Con artists around the internet forge email to appear to be from your bank, eBay, PayPal, etc., and set up web sites that look like the original. Their intent is to steal your username, password, credit card numbers, etc., and help themselves to your money and identity. Sophisticated computer users could view the internet message header and carefully check the url where the link takes you, but a safer method is to simply start up your browser and type the url or use your bookmark.
- Does Microsoft email security patches?
- No. If you get a "security patch" in an email from someone claiming to be Microsoft, delete it. If your browser does not have a link to Windows Update, you can go to http://windowsupdate.microsoft.com to download security patches. Your browser will be redirected to the appropriate page for your version of Windows.
- Is it ok to let a coworker use my account on the administrative system at work?
- Absolutely not. In many instances, giving others access to your account is grounds for termination. In any case, you could be liable for any misdeeds performed by the person using your account. If your coworker has legitimate need for an account, he needs to get his own.
- My work uses a web-enabled administrative system with a Java plug-in for the browser. I use the same personal firewall at home and the office. Everything works fine at the office, but I cannot login from home. What gives?
- First, check with your IT folks, to see if access is only available at the office. If that is the case, you are probably out of luck, unless they are willing to provide you with a proxy. Assuming that access is available from your home, you should first try unloading from memory all unnecessary applications (but not anti-virus or firewall software). If that does not work, try using another personal firewall. A different firewall worked for us in the past.
Are you ready to
let us help you?
Craig has helped me with my home computers on several occasions. As Craig says, the next worse thing after a computer virus , is a teenager on-line at home. Craig once managed to revive my teenager's college laptop, successfully saving the entire contents of the hard drive. I believe he ended up installing a new hard drive. That computer recently died finally after four years of college with the hinges cracked and the monitor held on by duct tape. Whatever he did to revive that laptop, it worked....and this saved me the need of buying a new laptop halfway through college... I had enough other bills to pay at the time. If you have computer frustration that needs remediation, you need Craig