Top Tech Sites:
Internet Security Best Practices
Stats:
According to a Symantec’s “Website Security Threat Report: Updates from Symantec’s Internet Security Threat Report.” Published May 2011:
*1.1 million identities were exposed per breach (tjx, linkedin etc)
*Email-born malware rose in 2011 w/ large companies seeing the greatest rise: 1 in 205 emails were identified as mailicious. (39% were suspicious links – 23% rise from 2010), the malware was hidden in PDFs and Microsoft Office docs. The PDF attacks explosed a vulnerability in Adobe Reader.
*Spam dropped to its lowest point in 3 years (from 62 Billion in 2010- 42 billion in 2011)
*USA & India are the top sources for all malicious activities(12.6% of Bot activities, 33.5% of web-based attacks, 16.7% of network attacks, & 48% of phishing websites)
The Common Attack Types
SQL Injections: Data theft is most commonly administered through SQL injection. This is where coding gets injected into an unsuspecting website (such as Paul Mccartney’s official site)
Business Logic Attacks: Recently, website hackers have begun to develop attacks that target vulnerabilities in the business logic, rather than in the code itself. The most common example of this is comment spam. This is where hackers insert automatically generated comments into a blog or online forum, directing people to bogus sites that promote bogus pharmaceuticals ,software, etc, when it’s actually malware.
Denial of Service Attacks: This is where a site gets inundated with emails, form entries, or repetitive / unusually large activity, thus bringing down their server. Google was attacked and brought down about a year ago.
Top 10 most frequently Exploited categories of web sites:
Blogs & Web Communications, Hosting & Personal hosted sites, Business & Economy, Shopping, Education & Reference, Technology / Computer/ Internet, Entertainment & Music, Automotive, Health & Medicine, Pornography.
Attacks on cloud computing, smart-phones, tablets and Macs are expected to rise in the coming years
General / Device Tips:
Create a strong password over 8 digits long (the longer the better) using numbers, upper & lower case letters, and other symbols. Adding 1 extra digit to a password makes exponentially harder to crack.
Don’t have your computer, cell phone, tablet, or browser automatically remember or store passwords for any application or software.
Change passwords every 90 days
Set the device or computer to require a password immediately after sleep or screen saver begins.
o For Mac, go to “Accounts” in the System Preferences. Change Automatic Login: to “off”. Display login window as “Name and password”, deselect “Show password hints”.
o Then open the General tab of the Security Pane in System Preferences and change Require password to “immediately” after sleep or screen saver begins. Be sure to select “Disable automatic login” under “For all accounts on this computer”
For Windows 7, go to the Control Panel, click on “Power Options”, Click on “Require a password on wakeup”.
Then in system settings menu, under “Password protection on wakeup”, select “Require a password (recommended).
Never leave your smartphone, tablet, or laptop unattended in a public place. Report any loss or theft of your company issued smartphone/tablet/laptop immediately to police and your library’s IT.
Install tracking software on your device to recover it when it is stolen. o Prey: software to track laptops, tablets, and cell phones:
http://preyproject.com/
o Lojack for Laptops:
Shut off any services you don’t use on your computer/Smartphone/Tablet. Use Ccleaner, Autoruns or similar software for desktops / laptops. Do not click on pop up error messages – go directly to Microsoft to load any necessary software.
Do a custom installation when installing downloaded software – deselect unwanted software
Do not load apps from unknown or little known companies
Keep software up to date (antivirus, OS updates, browser updates, flash updates. Joomla, etc )–
Do not install or run software you have downloaded until you have scanned them for viruses
Web Tips:
Configure your home or work WIFI to require a password Get a firewall, if possible
Visit sites that use persistent SSL (secure Sockets Layer) encryption & authentication The web address will start with https:// and have a little padlock icon next to it.
Facebook has the option of using a secure network. To access secure browsing
(https)
in Facebook: Go to your
Security Settings
page ( > Account Settings >
Security)
Click on the Secure Browsing section
Check the box provided and save your changes
Please note that when you turn on secure browsing, any
other active Facebook sessions will be terminated. This
means that if you're logged into Facebook on another web
browser, you will be prompted to re-enter your login
information.
Only connect to legitimate WiFi networks
Do not provide any personal information on social networking that may lead someone to determine passwords etc.
Be leery of items from unknown sources or even suspicious links from trusted sources.
Roll the mouse pointer over a link to reveal its actual
destination, displayed in the bottom left corner of the browser. In Microsoft Outlook it is displayed above the link.
Do not click on shortened urls without first expanding them with tools or plug-ins:
“Where Does This Link Go?” http://wheredoesthislinkgo.com/ “LongURL” http://longurl.org/
URL X-Ray: http://urlxray.com/
LinkPeelr: http://linkpeelr.appspot.com/
Don’t click on links in twitter, facebook, and forum comments without first checking them.
Configure your computer/network NDS to use google public DNS or OpenDNs . They filter out known malicious sites.
To do this, you would have to access your wifi preferences and change the DNS server and set the following numbers as primary and secondary DNS Google DNS = 8.8.8.8 and 8.8.4.4
OpenDNS = 208.67.222.222 and 208.67.220.220
Look at the Browser’s address bar for the site’s Validation certificate. The site could be an imposter.
Be suspicious of search engine results (google search was hijacked) Be careful of clicking on links for searches on:
Current events (bin laden death, amy winehouse death)
Any search with the words: Lyrics, Free, Web, Gear, Games, Gadgets, Olympics, Music, Videos increases your risk of coming upon an infected site. If you get a warning or pop up window indicating you were infected with a virus – do not click on any link in those warnings – close the browser by using alt-F4, Ctrl+W, or the task manager - update, then run your antivirus scan if you receive such a message)
Use the latest version of your browser or operating system.
Report any security incident (ex. responding to a scam email with your login credentials) to IT immediately. (facebook, Twitter, etc)
Use a different password for every website. If you have only one password, a
criminal simply has to break a single password to gain access to all your information and accounts.
When using public Wi-Fi, refrain from sending or receiving private information.
Email Tips:
Don’t click on ecards, documents, or links unless they are expected Never give out login credentials (over the phone, in person, email).
Never click on a link imbedded in an email claiming to be from a bank, government agency, paypal, ebay, etc.
Here’s an email scam IQ test. http://www.sonicwall.com/furl/phishing/
Use an expendable email such a yahoo or hotmail just for use for listerservs, marketing, subscriptions, shopping, etc.
Have your mail server block certain attachments: .vbs, .bat, .exe, .pif, & .scr) Use an POP3 or IMAP email client (outlook, thunderbird),as opposed to direct online emails (hotmail, yahoo, google).
Have your email client (outlook, thunderbird, etc) configured to only load emails in plain text (safest) or simplified / original html (not as safe). Do not configure the mail client to automatically open emails in rich HTML or XHTML (not safe)
Apps for managing updates:
CNet TechTrackerhttp://download.cnet.com/CNET-TechTracker/3000-18513_4-10912909.html?tag=mncol;6
Update Checker
http://download.cnet.com/Update-Checker/3000-2094_4-11464527.html
Antivirus / Anti-Spyware software:
Avast: http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?tag=mncol;1 AVG: http://download.cnet.com/AVG-AntiVirus-Free-2013/3000-2239_4-10320142.html?tag=mncol;1 ClamWin http://download.cnet.com/ClamWin-Antivirus/3000-2239_4-10369483.html?tag=mncol;1 CLamXav http://download.cnet.com/ClamXav/3000-2239_4-10668194.html?tag=mncol;2 Emsisoft http://download.cnet.com/Emsisoft-Anti-Malware-Free-Previously-A-squared-Free/3000-8022_4-10262215.html?tag=mncol;2 Sophos http://www.sophos.com/en-us/products.aspx
Spybot search & destroy
Spamassassin
http://spamassassin.apache.org/
Vipre Antivirus / Vipre Rescue
http://www.gfi.com/
Comment spam tools:
Akismethttp://akismet.com/
Wordpress Anti Comment Spam Codex
http://codex.wordpress.org/Combating_Comment_Spam
SystemTools:
Autoruns http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx Ccleaner http://www.piriform.com/ccleaner Recuva http://www.piriform.com/recuvaOther Useful Sites:
Baseline (Baseline Briefing is their newsletter)
http://www.baselinemag.com/?kc=BLBLBEMNLHEAD
Cnet.com
http://ww.cnet.com
eWeek Technology News
http://www.eweek.com/
Google’s DNS server
https://developers.google.com/speed/public-dns/docs/using
Macafee Advice Center
http://home.mcafee.com/advicecenter/default.aspx?id=ad_sfs Mashable.com
http://mashable.com
OpenDNS
Techrepublic.com
http://www.techrepublic.com/
ZDnet.com
http://www.zdnet.com
Useful Articles:
5 Best Android Apps to Find a Lost or Stolen Phone
http://www.androidtapp.com/5-best-android-apps-to-find-a-lost-or-stolen-phone-android-app-recommendations-from-the-experts-at-androidtapp-com/
5 Tips to Keep Spear Phishers Out of Your Inbox
http://mashable.com/2012/07/11/spear-phishing-email/
5 URL Expanders to Help You Avoid Spammy Links
http://mashable.com/2012/01/10/url-expanders/
6 Ways to Find Your Stolen Laptop
http://www.pcmag.com/article2/0,2817,2387748,00.asp 9 Things businesses need to know about Web Security
http://mashable.com/2012/04/25/web-security-tips-small-businesses/
10 Online Security Tips for Gen Y
http://mashable.com/2012/08/16/online-security-tips/
10 Security Tips for All General-Purpose OSes
http://www.techrepublic.com/blog/security/10-security-tips-for-all-general-purpose-oses/336
10 services to turn off in windows XP:
http://www.techrepublic.com/blog/security/10-services-to-turn-off-in-ms-windows-xp/354
10 Tips to Avoid Cyber Monday Scams:
http://mashable.com/2011/11/26/cyber-monday-scams-tips/
Basic email security tips:
http://www.techrepublic.com/blog/security/basic-e-mail-security-tips/411
Computer Safety Tips – 9 Safety Tips to Protect Your Computer from Viruses and Other Malware:
http://antivirus.about.com/od/securitytips/a/safetytips.htm
Computer Security Tips – PCTechbytes.com:
http://www.pctechbytes.com/security/computer-security-tips/
Computer Security Tips – Schoolcounselor.com:
How to Get Your Stolen Laptop Back – wired.com:
http://howto.wired.com/wiki/Get_Your_Stolen_Laptop_Back Mapping the Mal Web: the World’s Riskiest Domains:
http://promos.mcafee.com/en-US/PDF/MTMW_Report.pdf
Online Security Tips for Journalists (Also good for any traveler):
http://mashable.com/2012/08/21/online-security-tips-journalists/
“’Password’ Tops List of Worst Passwords of 2012”:
http://mashable.com/2012/10/23/worst-passwords/
Security Tips – ComputerTips.com:
http://www.computertips.com/security-tips/
SonicWALL Phishing IQ test:
http://www.sonicwall.com/furl/phishing/
The Web’s Most Dangerous Search Terms:
