Suddenly Sound Security

I'm going to dedicate this post to a bit of an instructional. For those of you who know me out there in meatspace you know I am highly security conscious. So, I'm going to make a basic primer for network security and personal privacy.

At home

Security starts where you live. It is very unlikely that someone will actually try to aggressively penetrate your local network unless you have a particularly high standing or known to have a bit of juicy bit of data access. More likely than not you're going to just have cheapskate neighbors trying to use your wifi. Regardless of the minor security threat you'll have at home there is a basic level of security you should abide by.

Technical Security

• If you are using wireless (WiFi), make sure you have a passphrase set up on your access point. 
• Do not use WEP encryption, use WPA or WPA2 when available. 
• WEP encryption is flawed and can be cracked in under five minutes by something as powerful as a smart phone. WPA and WPA2 are significantly stronger.
• If your router only has WEP or no security option at all, consider upgrading your access point. Not only will you be far more secure but you will benefit from the improved hardware.
• For truly sensitive communications (online banking, corporate email) you should have a wired connection available. 
• Although it is unlikely someone will take the time to crack your wifi, wireless communications are broadcasted in a wide area and can be easily intercepted and stored for later analysis.
• Consider getting a router with a Guest AP mode.
• A Guest AP mode will separate guest access from your local computers and sensitive information with a separate AP name and password.
• If you are using cable (Such as COMCAST) or wirelessly provided internet (Such as CLEAR), strongly consider purchasing a VPN account and using it on all sensitive machines.
• Cable internet works a lot like broadcast television. Everyone in your neighborhood has the ability to tap into their cable lines and receive every single packet being sent to you. The cable modems your cable company provide you act like filters, only letting you view the packets meant for you, however it is trivial to buy your own modem and disable this filter in order to watch all of the traffic in the neighborhood.
• VPNs (Virtual Privet Network) provide an additional layer of security for your internet use by encrypting your data from point to point. This makes is difficult for anyone to tap into your internet sessions regardless of where you are.
• Keep your firewall up.
• A modern router will have a built in firewall with will protect against most attempts to access your local network from outside. However, software firewalls (the ones on your computer) add even more security. As annoying as they may be, don't disable them but instead add firewall exceptions on an as needed basis. Mac (instructions for Linux vary by distro)
• Firewalls help filter out data that you do not request, there are several ways that firewalls can operate but in a home usage scenario they mostly operate as packet filters.
• Keep antivirus software up to date.
• Most antivirus suites are way overkill and will include additional security programs to the simple antivirus scanner.
• I recommend Microsoft Security Essentials or Immunet for Windows, ClamXav for Mac, and ClamAV for Linux. These programs only do scans so will not slow your computer down as much as the big guys.
• I recommend these programs for Mac and Linux not necessarily because of the threat of malware to the Mac or Linux machine but more to keep your files clean in case you transfer them over to a windows machine.
• Antivirus is not a sure defense against infection, but coupled with secure user habits it will protect against most forms of malware.
• Install flashblock, adblock and noscript
• Most malware comes in the form of hijacked advertisement servers.
• flashblock and noscript will make sure nothing runs unless you allow it.
• adblock will remove ads from websites entirely.

Secure Behaviors

• Choose lengthy passwords. 
• At home, you don't need to listen to what your company's requirements for passwords are. Try this simple method of password generation.
• Verify senders of attached email files.
• Ask your friend if he sent you some pictures before opening them.
• Don't click links in email.
• Copy and paste the link instead, emails can show different links then what they send you to when you click them.
• Never enter in your username and password into a website linked to you by an email address.
• Go to the site from google and sign in from there instead. 
• Your bank will never randomly ask you for your username and password, and neither will anyone else. If you didn't ask for a password reset to be sent to your email, be suspicious.
• Be careful what you download from which sites.
• Yes, I mean porn.
• Scan that XXX action for viruses.
• Yes, I mean illegal downloads.
• Scan that wearz action for viruses.
• Yes, I mean Christian Blog Sites
• For the love of God don't click on those banner ads.
• Assume all email can be read by everyone.
• Don't email confidential information, passwords, or something you don't want known.
• The only way to have truly secure email is using Encrypted Email, however this is difficult to do because it requires everyone you email to to have encryption set up and for you to share secret keys with each other beforehand.
• Apple's iMessage and RIM's BBM are encrypted and secure messaging systems. However, these messaging systems only work between their respective devices.
• Give your kids their own accounts.
• Give your kids their own, personally named accounts on your computer and make sure they are not administrators. This also applies to their personal computers. Kids will do dumb things, but making sure that they can't change system files easily will help tremendously with the security issues they might cause.

On the Go

When you are away from home the security risk immediately increases. Public access wifi hotspots are a  gold mine for information phishers. Be on alert when accessing any internet access point you do not control.

• Trust no one.
• Access points can be spoofed, redirected, and cracked very easily. Always assume that the Wifi is compromised.
• VPN is a necessity for security
• The only way you can have any sort of privacy on a public wifi system is to encrypt your communications. VPNs encrypt everything you do online.
• Do not accept suspect certificates.
• When you are on the go and your browser suddenly freaks out about how something may not be secure, listen  to it. Wait until you get home to try the page again.
• Strange USB devices: Not even once.
• It is easy for an attacker to take over your machine once they have a physical device plugged in.
• Encrypt sensitive data on portable computers.
• If you have information that would be ruinous if stolen, Encrypt it.
• Turn off automatic login
• If someone can not log into your computer after it is stolen, they will likely never see your data.
• Windows 7, Mac, Linux varies by Distro.

And that's about everything I can think of.

Stay safe out there!

late lightning log, lamenting lethargy.

So it's been nearly two years since my last post. I am not the best at blogging, so it would seem. The house is currently shaking as there is yet another thunderstorm routing its way through Tampa, my newborn nephew Leo sure chose a noisy week to come into being!

All in all life has been treating me with its usual ambivalence, somewhat of a blessing, though my expectations of the world as a general state has been lowered; pessimism can make one fairly resilient to those lurid stings that seem so prevalent.

This lightning really doesn't want to be ignored! Oh well, no real significant events today other then my discovery of The Idea Channel. If you haven't given them a look over I'd recommend it, it's an easy to consume smattering of pop culture and philosophy. Very likely to give you some nice idle conversation material. For music I'm currently revisiting Squaredance (Released CC 3.0 unported by the artist), though I tend to go through albums like a chain smoker.