DMANd Security » Free Software

Computer Security 101: Laptop Security

Joe Lofshult — Wed, 25 Mar 2009 17:23:41 +0000

With over 600,000 laptops stolen or lost each year (at airports alone), it is important to take the following steps to protect confidential data on your laptop.

Laptop Theft Prevention

Of course, what you really want is to not have your laptop stolen in the first place. Here are some preventative measures you can take to deter someone from running off with your laptop:

Keep it with you when traveling – Don’t check your laptop. Don’t leave it alone in an airport in an obvious laptop bag.

Don’t leave in your car – If you have to keep it in your car, put it in the trunk or under a back seat (especially if you have tinted windows).

Engrave it – Permanently engraving your name, address, and phone number greatly increase the odds of you getting your laptop returned if it gets lost.

Get a cable lock and use it – Cable locks cost less than $40 and will deter casual thieves, even though they won’t stop determined thieves with bolt cutters. You should keep your laptop locked while in a hotel room or while resting in an airport. You may also want to keep it locked down in your office to keep it from walking off.

If Your Laptop Is Stolen or Lost

If, despite your efforts, your laptop does get stolen, you’ll want to know (a) if you can recover your laptop, (b) that the data on your laptop is safe, and (c) you have that data somewhere else so you can get back to work.

Track your laptop – There are several services available that will help track your laptop if it is lost or stolen and aid in the recovery. Some of the services available are Computrace Lojack, MyLaptopGPS, and Trackion. There is also a free, open-source project being developed called Adeona.

Have a backup – Make sure you are using an online or offline backup utility on a regular basis to enable you to recover your data in case of a theft, a hard disk crash, or just an accidental deletion.

Encrypt your hard disk – If you are concerned about sensitive data being stolen from your laptop, you should use encryption. You can either encrypt the entire hard disk, encrypt just the sensitive files, or use an encrypted folder in which you store that sensitive files. I would suggest whole disk encryption since the other options can still leave traces behind that a determined attacker might find.

There are several commercial tools available to encrypt your hard disk from vendors such as PGP, Check Point, McAfee, and BitArmor. There is also the free tool that is my choice, TrueCrypt. TrueCrypt can encrypt your entire hard drive while you are still using it. It will then present you with a password screen at startupto allow the system to boot. With all of these solutions, the security of your system relies on you choosing strong passwords.

Easy Offsite Backups Just plug in one of these disk docking stations...

Related posts brought to you by Yet Another Related Posts Plugin.

Computer Security 101: Password Security

Joe Lofshult — Wed, 18 Mar 2009 11:57:10 +0000

Choosing a secure password and keeping it private is one of the most basic rules for good computer security, and you’ve probably heard it over and over. But what is a good password, anyway and how should you keep it safe?

Creating A Strong Password

A good password is one that’s not easily guessed and can not be easily cracked using one of the readily available password cracking tools. Password cracking tools generally use word lists to crack passwords using words from the list as well as simple variations of the words (like adding a number to the beginning or end, capitalizing the first letter, replacing letters with lookalike characters, and reversing the word). If your password is in a dictionary (any dictionary), it can be guessed very, very quickly by these tools.

The second phase in password cracking is a brute force attack that involves trying all combinations of characters starting with single character passwords, then two character passwords, and so on. So the longer your password is the longer it takes to try all the combinations. In fact, by the time you get to eight character passwords, there are over 6000 billion possible combinations (6.2 x 10¹⁵), which means a good, strong password will not be feasible to crack in our lifetime using a password cracking tool.

Elements of a Bad Password

Here are some mistakes to avoid when choosing a password:

It’s short (less than 8 characters)
It’s your real name
It’s your username (aka login name)
It’s your spouse’s name (or one of your children’s names)
It’s your pet’s name
It’s your company name
It’s your birthday
It’s your phone number
It’s in a dictionary (any dictionary)
It’s the name of anyone or anything (really, there are word lists available for just about everything)

Making a Strong, Unguessable Password

So, how do you create a good, strong password? Here are some suggestions:

A strong password should be at least 8 characters long
A strong password should be a mix of upper and lower case characters, as well as numbers and/or special characters
A strong password could be the first letter of a phrase you can remember or a sentence from a book. For example, you could use the phrase “A person’s a person, no matter how small” from Dr. Seuss as the password “aPaPnMhS” which makes it easy to remember, but hard to guess. You could make it even stronger by replacing some of the characters with lookalike symbols. For example, “aP4PnMh$”
The best passwords are actually pass phrases – an entire phrase of words separated by spaces. If a system supports them, they are your best bet. Then you could use the entire phrase “A person’s a person, no matter how small.”
A strong password could be a word with special characters inserted in the middle. If I wanted to use the word “backyard” as the basis for my password, I might use “Bac%ky/ar#d”.
A strong password can be two unrelated words separated by a symbol, such as “bIrd#gRaphiTe”. Again, you can make it even stronger by replacing a couple of letters with symbols, such as “b1rd#gR4phiTe”

Finally, if you use a tool like RoboForm, KeePass Password Safe or LastPass, they include tools for generating strong random passwords which they can securely store on your computer so you don’t have to remember them. With those tools, then, you only have to remember one master password rather than one for every account you have.

You’ve Made It Secure, Don’t Lose It

Here are some final rules for managing your passwords once you’ve created them.

Use different passwords for different accounts. In other words, don’t make your Facebook password the same as your online banking password.
Protect your password based on the information you are trying to protect. For example, you’ll want to strongly protect your online banking password, but you probably aren’t as worried about your password to view your son’s baseball schedule.
Don’t write down your password and keep it near your computer. I take the view that it’s okay to write down your password and keep it in your purse or wallet, though. Just don’t write the username or what account the password is for along with the password.
Don’t send your password in email or in response to an email request.
Don’t share your password via instant messaging.
Basically, don’t share your important passwords with anyone.

Do you have other password creation rules you favor or tips for password management you’d like to share? Please leave a comment to let me and other readers know.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Six Firefox Security Add-Ons You Should Consider

Joe Lofshult — Tue, 03 Mar 2009 11:55:25 +0000

I have to say up front that Firefox is already a more secure browser than Internet Explorer. However, the add-ons below can add even more security and privacy, and some other cool functionality, to your browsing experience.

NoScript - NoScript prevents untrusted Javascript code from being executed on your system without your permission. It also blocks Flash, Java, Silverlight, and other executable code. It gives you complete control over what is allowed to execute and what isn’t. The only downside is that it can be a bit of a hassle since many sites require Javascript, and you have to determine which Javascript you need to allow to make the site usable. For more information see the official NoScript web site.
StumbleUpon Toolbar – StumbleUpon is a web service that is useful for security and it’s a lot of fun, too. StumbleUpon allows people to vote on sites they like. When you find sites you like, you let StumbleUpon know and it then brings you more like it. It’s like channel surfing for the web. From a security perspective, the great thing about the StumbleUpon toolbar is that when you do a Google search, the StumbleUpon toolbar marks the resulting sites that have been rated by its users so you can have a better feel for sites that are valid and popular versus sites that might be dangerous.
Adblock Plus – This add-on allows you to block ad banners that show up on web sites. You just right click on the ad banners you don’t want to see, and they won’t be downloaded again. For more information, see the Adblock Plus web site.
WOT (Web of Trust) – Web of Trust provides security ratings of 21 million web sites based on input from multiple sources and provides warnings of sites that may not be safe to visit. In Google search results, it provides ratings of trustworthiness, child friendliness, privacy, and vendor reliability. It will also provide warnings if you try to directly visit a site that might not be safe. For more information see the official WOT web site.
LastPass Password Manager - Lastpass is an online password manager and form filler that makes web browsing easier and more secure. It allows you to use strong passwords (that you might not use otherwise) for the various sites you visit since you don’t have to remember them. You only need to remember one master password for Lastpass and it keeps track of all your others. It encrypts all your password and form information using strong encryption to keep it from prying eyes. It also allows you to store your password and form information online so you can access it from other computers. More information can be found here.
CustomizeGoogle – CustomizeGoogle is a Firefox extension that enhances Google search results by adding extra information (like links to Yahoo, Ask.com, MSN etc) and removing unwanted information (like ads and spam). It also secures Gmail and Google Calendar by converting to https. You can also anonymize your Google userid to avoid tracking and you can remove click tracking to enhance your browsing privacy. The CustomizeGoogle web site has more information and introductory videos.

You can find these and other Firefox add-ons at https://addons.mozilla.org/.

Do you have other add-ons you really like? Leave a comment and tell me which others I should check out.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Instant Messaging Security

Joe Lofshult — Sun, 15 Feb 2009 23:34:19 +0000

Photo by http://www.flickr.com/photos/tattoodjay/

Instant messaging is common these days. We all use it to keep in touch with friends, associates, and employees. But there is a danger in using the free instant messaging tools like Yahoo, AIM, or Live Messenger.

The Danger of Instant Messaging

These tools all use the public Internet for exchanging messages and the messages all pass through servers over which you have no control. In addition, the messages are sent in plain text (not encrypted) so anyone who intercepts the message can read it.

If you are just having a social conversation, this may be fine. But if you are exchanging confidential information – personal information, financial account numbers, passwords, sensitive business data – you certainly would not want that to be seen by prying eyes.

You Can Make Instant Messaging More Secure

There are tools that can make instant messaging more secure, though.

First, either download Pidgin (Windows) or Adium (Mac OS X). These are versatile IM clients that will work with just about every instant messaging network there is. They both work with all the popular networks like AOL, Google Talk, Yahoo, and MSN.

Next download and install the Off-the-Record plugin for Pidgin (Adium has Off-the-Record built in). Off-the-Record is privacy software that allows you to have IM conversations with a friend and encrypt those conversations over the network so nobody else can read them.

Anyone else you want to communicate with using encrypted IM will also need to install Off-the-Record, but after that secure communications are easy. Simply click on the lock button (or the OTR menu) to start a secure conversation and your messages will be encrypted.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Top 10 Ways To Get Your Computer Infected

Joe Lofshult — Fri, 06 Feb 2009 12:57:35 +0000

Today I’ve created a Top Ten list (in David Letterman style) for the best ways to ensure your computer gets infected with some type of malicious software.

10) Click on every link you get in email messages and instant messages, whether you know who the messages are from or not.

9) Download lots of free applications over file sharing networks like BitTorrent and LimeWire. Oh boy, someone just uploaded a new version of Quickbooks or a cool new screen saver. And nobody would every put an infected piece of code on those networks, right, so why should you worry.

8) Don’t use anti-spyware software. Just because the Identifty Theft Research Center calls identity theft America’s fastest growing crime and predicts a boom year for identity thieves in 2009, there’s no reason to worry, right. Nobody would ever want to steal your credit card numbers, bank accounts, or passwords. Even though there are great free options like AdAware and Spybot, why bother.

7) Use Internet Explorer as your default browser, rather than a more secure browser like Firefox. Microsoft’s browser is just so convenient, and after all, Microsoft’s browser never has security holes, right.

6) Don’t use the Firefox NoScript add-on. The NoScript add on (for Firefox and Flock) blocks many of the malicious Javascript and Flash programs on the Internet, but you’re not worried about those, are you.

5) Don’t use a firewall. Turn off Windows firewall and any firewall you have in your home router. And don’t use any free firewalls like Comodo. They’re just too much trouble and keep you from using the file sharing networks you want to.

4) Don’t use anti-virus software on your computer. The number of malicious programs on the Internet tripled between 2007 and 2008 to a record 1.5 million, but you’re not going to run into any of those, are you. And even though there are plenty of great anti-virus programs out there like F-Secure, Trend Micro, Kaspersky Labs, Symantec, and the free AVG, they’re just too much bother.

3) Don’t update your anti-virus software. The version you bought in 2004 and stopped updating should be good enough, right. Just because the number of new malicious programs has gone from 250,000 total in 1997-2006 to 500,000 in 2007 to 1.5 million in 2008, that’s no reason to upgrade.

2) Never upgrade your software applications. Sure, Quicktime, Acrobat Reader, and about every other software application has security issues identified on a regular basis, but you’re sure the version you have is just fine.

And…

1) Don’t apply patches to your computer. It’s just too much trouble to download those latest Microsoft patches, so why bother.

This list, of course, is done in jest, as a way to remind everyone of the importance of following basic Internet safety to keep your computer from becoming just another zombie (or bot) under some hacker’s control.

I hope you’ve enjoyed reading it and have found the humor in it. However, I also hope it has also provided you with some ideas for ways to increase the security of your computer so you can better enjoy your online experience.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.