SQLChicken.com

SQL Server DBA Tips & Tricks

By

Internet Security Advice For The Family

Alistor Moody says

Constant Vigilance!

For today’s post I’m channeling my inner Brian Kelley (Blog | Twitter) and talking about security, in particular Internet security. The post today is actually an email exchange between myself and my younger sister. She asked me for some general advice and I wrote a long response and figured I’d share it with you readers (which maybe you can in turn use to send to your own family seeking similar advice).

Without further ado, here’s the email exchange:

Hi Jorge,

   Quick question Michael and I want to be more vigilant about passwords and Internet protections. Do you think companies like Life Lock are worth it? What would you suggest recommend? What do you use? Let me know, Thanks,
Love you,
Vivi
 Constant Vigilance!
[Author's note: I didn't add that picture/tagline at the end, my sister's just awesome like that]
My Response:

There’s a ton of advice I could give you, just take what you can/will and apply it. When talking about security there’s a lot of stuff you could/should do but nobody does and then they’re shocked when something happens to them. Companies like Life Lock are good if you’ve had your identity stolen, or know for a fact that some of your critical information has already been compromised and you’re on the lookout. Otherwise it’s like insurance: you’re paying for something that potentially you’ll never ever use.

Internet Security (yeah I’m heading this like a blog post or term paper)
Passwords

This one is huge one. First off, don’t use same passwords for all your sites. This one is obvious but yet nobody follows it. This is especially important on sites that have critical information for you like banking sites. Need help with passwords? This comic will clue you in on something interesting: http://xkcd.com/936/.

Since coming up with passwords for different sites can be hard, here’s a nice app/site to help: https://lastpass.com/ . If you want to use the mobile apps you’ll have to pay a fee but the website and browser plugins are nice and free. The app also generates a random password if you want to protect your accounts that way.

Another thing I do is for sites that have nothing of real importance (i.e. signing up for a newsletter, Yelp, etc.) I use a rather simple password just for that site. That way if that password gets compromised, no other accounts/sites will have that same password so I don’t have to worry about it. If someone hacked into my Yelp account I really wouldn’t care since it doesn’t affect anyone/anything so my password for that site would be something like Yelp123. Going off that, make sure you don’t give easy password to a site linked with important stuff. You can read lessons learned on that from http://gizmodo.com/5931828/how-gizmodo-got-hacked-and-how-you-should-defend-yourself and here’s Matt’s full story if you want to read the horror of linked accounts http://abcnews.go.com/Technology/hacker-amazon-apple-loopholes-destroy-tech-writers-online/story?id=16951389#.UaNrsUC1FR8.

Bonus: On occasion large sites will get hacked and their user/password lists get leaked. This is another reason I use throwaway passwords on sites like LivingSocial: http://lifehacker.com/livingsocial-hacked-time-to-change-your-passwords-483012132

For email/secure information sites turn on two-factor (also known as two-step) authentication when possible. I do this on my Google account since I know Gmail is huge target for spammers to hack accounts and shoot out spam email. You both use Android devices so I know you use Gmail. Here’s what you do for those accounts: https://support.google.com/accounts/answer/180744?hl=en (here’s one for Microsoft accounts http://lifehacker.com/add-two-factor-authentication-to-your-microsoft-account-474939951 ).

What will happen is if someone tries to login to your Gmail account on a device that hasn’t been authenticated, you’ll get a text message with a validation code. You have to enter that validation code at login in order to login. Don’t worry, you don’t have to do this EVERY time, you get the choice for Google to remember that device for 30 days before you have to do it again. It’s worth the hassle.

 

Securing Your Machine

And all that mess is just for passwords! On your local machine, make sure everything is copacetic. You guys use Macs so make sure you use proper antivirus: http://lifehacker.com/the-best-antivirus-app-for-mac-488021445 (yes, even the mighty Apple is prone to viruses now). Lifehacker also has updated lists on PC antivirus as well. I personally use Avast! antivirus. It does a good job, lightweight and it’s free.

If you’re out and about and using someone else’s machine to login to something sensitive (e.g. bank account) make sure of modern browsers Incognito/Private Browsing mode. What this does it opens browser in mode where no cookies/information is saved or stored locally so when you close the browser someone can’t come in behind you and login as you. Read more here: https://support.google.com/chrome/answer/95464?hl=en

Networks

Speaking of connecting remotely, if you’re out and need to connect to a wifi network BE CAREFUL! What some people will do in very crowded/public areas (i.e. airports, tourist areas, etc.) is setup their own hotspot and name it something people will think is okay to connect to. If you connect to that network all traffic is “sniffed” or tracked by that person and they try to steal passwords that way.

First way to defend against this is make sure you know what network you connect to is the right one. Look for signage in area that tells you network name. Also see if the wifi network is open (no password) or secured. Most OSes will tell you that. Prefer networks with passwords (WPA/WPA2 is preferred). If network is open then be cautious about what information you send while browsing on said network.

Another, more secure/paranoid alternative, is using a VPN. You can read all about that here: http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs. Basically if you connect to public network, connecting to a VPN wraps your network traffic in secured/encrypted channel so if someone is snooping on the wire then your traffic is encrypted and they can’t make use of it.

If this seems like a lot, it is, and that’s why so many people’s information is really so easy to get to and/or gets compromised. Hope this doesn’t turn you into a Doomsday prepper and you fall off the grid. Love you, have fun!

Got any more internet security advice you’d like to pass along? Let’s hear it in the comments section.

Share

3 Responses to Internet Security Advice For The Family

  1. Merrill Aldrich says:

    Great post. I would just like to add that we’ve used 1Password for many years (like LastPass) and like it a lot. It’s super handy to make sure your password vault, whatever flavor, is cross-platform and can deliver the passwords securely from the web to all your widgets.

    • admin says:

      Thanks Merrill. Yup, I use LastPass and love it. Makes it really nice to be able to generate passwords and be able to access your logins cross platform.

  2. Tracy McKibben says:

    Great summary. Lastpass is the first thing I install in a new browser profile.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">