Computer Security Fundamentals


Viruses, house fires, theft, lightning strikes, hackers and more — it’s a list of potential computer disasters that would stop a hyena from laughing. You cannot be absolutely safe, because the bad guys and the fickle finger of fate are always cooking up new ways to turn your life into a cyber-hell. Fortunately, a few simple steps will prevent most physical and virtual threats to your system and your data.

Physical Security:

(1) Most modern electronics require very little physical attention, beyond some common sense rules:

  • Don’t drop computer equipment. (Yeah, you would think it goes without saying, but you would be wrong. There are people that clueless.)
  • Dust is bad for microcircuits. Wipe down the computer case with a dusting cloth and blow all openings clean with canned air. If your place gets really dusty, an air purifier is a good investment.
  • Water and electronics don’t mix, at least, not in a friendly fashion. Keep your PC dry. If you live in a very humid climate, a dehumidifier is a good investment.
  • Flowing electricity generates heat, which will reduce the service life of microcircuits. Keep your computer system well ventilated. Placing them in fully-enclosed cabinets is not recommended. If the internal fans aren’t up to the job, a small external fan or two can keep enough air moving to hold the temperature down.

(2) Use power protection to safeguard your computer: Should you worry about every thunderstorm or brownout? Yes, cutting power suddenly won’t definitely hurt your computer, but physical and data damage is always possible. An uninterruptible power supply (or UPS) is a big battery that will keep your computer hardware running long enough to save your work and shut everything down properly. Never plug your PC directly into the power grid. Surge protectors are like fuses: they detect sudden increases in electrical flow and cut off that flow before a tsunami of electrons drown your hardware. Neither of these problems occurs often, but once is enough to cause you a world of grief!

(3) Collect all your original hardware paperwork (purchase receipts, warranties, etc.) and store them off-site — with relatives, your lawyer, in a safe deposit box, or wherever you store birth certificates, passports and other vital documents. If you lose your office or home, you can’t lose what isn’t there and these will be vital when you file a homeowner’s or renter’s insurance claim. (Oh, by the way, get homeowner’s or renter’s insurance!)

(4) Lock your computer system. Just because most computer crimes involve data, don’t think the burglary problem has disappeared. If someone breaks into your home or office, they will steal your hardware as certainly as an ID thief will steal your SSN. Wire cables, padlocks, keylocks and related items will secure your hardware in place. Thieve are lazy, they’re looking for an easy mark — don’t be one and they’ll probably go somewhere else.

Virtual security:

The greatest danger of cyber-crime is the attitude of cyber-criminals: “Victims aren’t people, they’re just computers!” or “Hey, look, I dropped out of high school but I’m smarter than a software engineer!” No, they are not; no you are not. Unfortunately, until those attitudes changes, cyber-crime isn’t going away.

(1) Protect (and better manage) your computer system by using utilities software:

  • Anti-spyware prevents outside software from reading private files and sending the data outside your computer system.
  • Anti-virus software prevents outside programs from entering and damaging your computer system.
  • Compression software reduces the size of files, allowing more to be stored in the system.
  • Encryption software codes files so only individuals with clearance can open or read them.
  • Firewall software acts like a cyber-traffic cop; it prevents unauthorized communication by your software or devices with the outside and inspects incoming traffic, granting passage only to items previously cleared to enter.
  • Monitoring software allows system administrators to track use of computers (also a great tool for parents to keep an eye on children in cyber-space).

(2) Don’t open email attachments unless you know and trust the sender. Even then, be cautious, many people have had their email accounts hacked and used without their knowledge, let alone their permission. When in doubt, delete.

(3) Patch your operating system. Even the best programmers make mistakes or hackers may find other vulnerabilities. In either case, programmers create “patches,” operating system updates that correct problems hackers might employ. Visit your OS supplier’s website regularly and see what new patches are available for your software.

(4) Create weird, stupid, off the wall passwords:

  • Use words that have meaning to you, but not to someone else (like your great-great grandmother’s middle name).
  • Code your passwords by using numbers or punctuation marks (“d01v09d” is a lot tougher to guess than “david”).
  • Transliterate foreign words into English — it may be spelled “Beijing” but it’s pronounced “bayzhing”.
  • Do not use common names, dates or other data that can easily be traced to you — in other words, don’t use your wife’s birthdate as a password unless you’ve never been married.

(5) When purchasing software, be wary of downloads. You may not be able to determine that some extra you didn’t order got downloaded with what you did order. The same is theoretically true for a software disk but illicit extras placed on a disk are what law enforcement agencies call ‘evidence.’

Data Security:

Anything that poses a threat to your computer hardware poses an equal, if not greater, threat to your software. Hardware can be repaired or replaced; if a data file is lost, it is gone forever, unless there’s a copy somewhere. To fully safeguard your software and data:

1) Collect all your original software (installation CDs, manuals, key codes, activation codes, etc.) and store them off-site — with relatives, your lawyer, in a safe deposit box, or wherever you store birth certificates, passports and other vital documents. If you lose the house or apartment, you can’t lose what isn’t there. [Say, that sounds familiar.]

2) Purchase archive/file recovery software. It can be set to automatically save copies (every week, every day, every hour) in case the system has problems. There are companies which provide this service, including secure off-site data repositories and automated, web-based archive downloads at pre-arranged times (weekly, daily, hourly, as needed). This service is probably beyond the budget of most private users but, if your business depends on the Internet, think of it as data insurance.

3) Buy an external hard drive, then regularly (monthly, weekly, as needed) download a copy of everything to this hard drive. Do not connect this drive to your computer except when actually performing the download. A virus or hacker can only hit the computer components that are connected to the computer.

4) Regularly (annually, monthly, as needed) burn a permanent CD or DVD with all your files and documents you’ve collected over that year and store it offsite.

Including the active files on your computer, this makes four copies. The probability that four distinct soft and hard copies at two or three different locations will be destroyed all at once is infinitesimal. That may sound excessive but, just because they are cliches doesn’t make them wrong: Better safe than sorry. An ounce of prevention is worth a pound of cure. Just because you’re paranoid doesn’t mean no one is after you.

For More information:

CERT (http://www.cert.org) is a federally-funded software engineering group based at Carnegie-Mellon University. CERT anticipates, prepares for then responds to cyber-security threats.

The Association for Computer Security Day (http://www.computersecurityday.org) was created to promote cyber-security awareness; they celebrate every November 30th.

Related posts