Security

Internet Security

The media talks about hackers, viruses, spam, data mining, ID stealing, and risks to your family & kids online, yet most people think they are safe.

Unfortunately these risk are real, and we're finding at CompuWell that we spend considerable time helping protect people, after something has gone wrong. Unfortunately, as technology evolves, new threats appear. Simply because you were safe until now, doesn't automatically mean you will be safe in the future.

That's the bad news. But, now the good news, like everything a few precautions can go a long way to making sure you are safe on-line. Have you considered these simple precautions?

"Family safe internet"

You can help protect your family from inappropriate web sites, stalkers and "chat-room" undesirables, hackers or scammers using (often free) screening software.

The Federal Government has introduced the NetAlert initiative. This website is a good starting point for more information and has some free software for download. Make sure you configure (and test) the software is working properly. Configuration is important to make you are shielded from the "nasties" effectively. Test (and keep testing frequently) it works properly by trying to do something you would prefer to be blocked.

If you haven't already, consider installing:

1. Anti-Virus software
2. Anti-spyware software
3. Malware scanners
4. Web scanning / "Net Nanny" type internet content filtering software
5. Firewall software / hardware

Physical security - use 2 computers

Protective software, however good, does have limitations, and can sometimes be bypassed either intentionally or unintentionally.

Thus we also recommend installing "Physical Security" measures. If you have an old(er) laptop or desktop computer lying around, consider setting this one up dedicated for family internet use (you can still use your own personal "work computer" for internet use as well).

Computer 1: "Family Internet Computer"

Consider setting this dedicated family internet computer up in an open area (like the lounge room), so it is easy to monitor what your child is doing (rather than having it hidden away in a bedroom where it is difficult to monitor what is going on).

You can then "lock down" this computer as much as possible with security software to protect your family from the "internet nasties". Many childeren love the idea of having their "own computer" to do stuff on, not realising that you are monitoring and screening what they do.

Also, using this dedicated computer means that if a virus or other undesirable program is accidentally installed on this computer, your files like tax returns or banking records, (which are on your second personal "good computer") will not be damaged or emailed to somebody else by mistake.

Computer 2: "Your computer"

After you have set up the family internet computer, you can still use your own laptop or desktop as you did before, without the restrictions of the family internet computer.

Using two computers like this means that you are unrestricted in what you do on line. Also, as there is no need for the family to use your computer, you are less at risk of files being accidentally deleted, or having soft drink spilt over the keyboard. Many people would also argue, best of all, it stops fights about who can use the internet next.

Email

Use more than one email address. Consider creating a free web-mail email address and use this for on-line activities like competitions, Ebay or bulletin boards. If you find you get lots of spam, or junk emails, just stop using the account and create a new one. When you set up this account, use "dummy" information instead of your personal details to protect your anonymity.

Use caution before disclosing your personal email address on websites or to "friends", instead give them your web-mail one.

Shopping on-line: Credit vs Debit Cards

Consider getting a Visa or Mastercard debit (not credit) card only for internet use, and keep a minimum amount of money on the card (eg $1). If you want to make an online purchase, deposit only enough money to the card so you can complete the purchase.

If a hacker gets hold of the card, the most you can loose is that money. If there is no money on your debit card, the hacker won't be able to do much with it! Don't link other accounts to this card.

If you use your credit card, you could loose as much as your credit limit allows if it falls into the wrong hands. In this case you might not know you've been caught until you get your next statement. You then face a fight with the bank to try and get your money back, which may not happen.

Passwords

Many programs exist to "crack" passwords. Almost any password, no matter how long or complex, can be uncovered. The use of a complex password can makes this very difficult though. This is the aim when selecting your password, so the hacker will give up and try an "easier target".

What makes a "strong" password?

1. Complexity, &
2. Length

While it is a pain to type in a complex password, it is a lot more secure.

Two ways of cracking a password (be it your email or internet backing account) is a "brute-force" attack, whereby a computer tries every combination of letters/ numbers/symbols until it eventually gets the right one, or a "dictionary" attack whereby a computer uses a list of words to attack with. Thus the more unusual combination of numbers and letters, the better.

Using the above examples, to crack :

However, as computers become faster and more powerful each year, these times continue to drop as it is possible to bombard more and more password combinations each second onto the target.

Please note: Always write down your password and log-on details and put them somewhere safe (where you can find them again).

Router security

Most internet routers (the box that you plug into the phone line to connect to the internet) come standard with advanced security options. Unfortunately, by default these are often not turned on at the factory, or users don't configure them properly when they turn their router on the first time.

When you got your router, was it "pre-setup" by your supplier, and all you had to do was plug it in the wall and go? Unfortunately these types of easy "plug and go" setups are rarely configured for security.

Have you changed your router login and password from the default?

In our experience solving network problems and security breaches, about 80% of users have never configured their internet connection from the "default" settings it came with from the factory. This is a hackers dream, as they can access the core of your system with no protections at all. When you change your passwords, don't use the same password for everything, and make it a "strong" password.

Wireless link security

Do you connect to your home or office network/internet using wireless? Have you configured WEP or WPA security? These are two methods of encrypting your data, so it is secure (otherwise it is like a radio broadcast and anyone can "listen in" to what you are doing). If not, anyone could be using your internet for free. It could be your neighbours or someone in a car parked outside.

WEP and WPA are security protocols. WPA (or WPA2) is much more secure than WEP. If possible always use WPA, as WEP has been "cracked", and hackers can generally get into a WEP secured network within 60 mintues.

Once they have got your password, they get "free" internet. Most people only know this has happened when they get their internet bill and find out their internet use has suddenly increased. Depending on your internet plan, this can mean a massive bill.

Firewall

Do you have a firewall? A firewall is like a "traffic cop". It is a barrier that continuously examines your internet connection and stops unauthorised "traffic". This stops people hacking into your computer, and also stops unauthorised programs (like spyware) installed without your knowledge on your computer from reporting "back to base" with your passwords, credit card details or other information. Correctly configured, a firewall can make your computer seem "invisible" to anyone out on the internet.

We also recommend a software firewall to be installed on each computer. This may seem like overkill, but the two work together to form a double barrier - if one is breached, the second one kicks in.

Spyware & Data Mining

Spyware is the name given to little software programs that get installed on your computer without your knowledge or consent. Spyware can then monitor your keystrokes and "captures" data as you type it in. For example, as you type in your login name and password for your internet banking, the spyware could record the sequence of keys you pressed.. The spyware program then sends this back to base, where it is collected by the program writer. This is also known as "data mining".

How do I get spyware?

Spyware has to be installed on your computer. Often it can be hidden in a legitimate program, like a program that is downloaded for "free" from the internet. It can also be sent in attachments in email. Some websites even have "pop up" boxes telling you your computer is not secured or has a problem, telling you to "click here" to fix it, or to run a "free system check".

These are prime candidates for installing spyware. Always use extreme caution using these unsolicited website "pop ups".

How to prevent spyware contamination

1. Never install downloaded software off the internet, unless you know the source is reputable and safe.
2. Never allow internet "pop up boxes" to run tests or to install software, unless absolutely sure it is safe.
3. Use a firewall to prevent programs "reporting to base"
4. Install, regularly update and scan your computer with anti-spyware scanning software.

Data Security

What happened to your last old Hard Drive?

Do you have any "sensitive" data on your old drive or computer? How would you feel if this fell into the wrong hands?

Did you know that even if you delete your files or format your old Hard Disk Drive (or USB drive) it can still contain personal information? Even if the disk seems blank, with special software, this data can often be recovered. This can include your old files (eg Word Documents, Excel spreadsheets, Web browsing history) which can contain bank records, credit card numbers. Even your old passwords for internet banking, email accounts, or your internet connection can be recovered and used.

The most secure way to protect an old drive is to physically damage it (ie to destroy it and the internal disk "platter"). This may not always be practical or ideal, so another secure option is to "overwrite" the whole drive with meaningless data. Done properly, this will replace and thus destroy all the old data.

Secure Data Destruction?

We offer a Data Destruction Service as part of our Hard Drive supply and installation service. Even if you are retiring your old PC, and giving it to a charity, friend, child or relative, your old data may still be there.

We can securely destroy all data on the drive and then, if you would like, make the computer usable again, reinstall Windows so it is like a "brand new, fresh from the factory PC" with no trace of any old data. This is ideal if you want to give your child their own computer for surfing the net, homework, or playing games.