There are a number of digital security techniques that can help protect your system from the bad guys. In this video, you’ll learn about anti-virus/anti-spyware software, firewalls, account protection, and user rights and permissions
<< Previous Video: Physical Security TechniquesNext: Security Awareness >>
One of the more common digital security techniques you can implement is an anti-virus client on your computer. The viruses are out there. And these days, it doesn’t matter what operating system you’re using, there’s a virus that’s going to try to attack you.
One of the ways you can tell what’s going on in the world is to see what the anti-virus companies are doing. Kapersky Labs always provides monthly updates. And the update from 2012 shows that there were 134 million attempted web-borne infections that were prevented with their anti-virus product. 280 million malicious programs were detected and neutralized on computers. And these days, because of this huge amount of malware out there, 24 million malicious URLs were detected and stopped with the software. You can go out to Kapersky, there’s the URL I pulled the statistics from, and you can check every month to see what’s happening with their anti-virus products.
It’s easy to get those Kapersky statistics. But it doesn’t matter who’s anti-virus you use. I use Microsoft Security Essentials on my computers because it’s free. But the important thing is that you have it installed and you keep it updated. Signatures for anti-virus are updated constantly. You want to be sure you keep those signatures always current.
And remember that no anti-virus product is going to be able to stop 100% percent of the threats. So you have to be careful about what you’re doing online, the sites you visit, the things that you click in an email, to make sure that you’re not doing things that are a little bit more risky than they should be.
Spyware is a little bit different than a virus on your computer. Spyware is embedding itself and gathering information about you. It may be looking at your browsing activity. It may be gathering key logs of all of the things that you type into your keyboard. Or maybe it’s gathering your information that you use when you log into your financial organization.
You need some type of anti-spyware application to look for these because they react and work a little bit differently than a virus might. So you want to be sure that your application that you’re using for security is specifically designed not only to look for viruses, but also look for spyware.
Your anti-spyware utility is always looking to see what your applications are doing. They’re looking to see what type of network traffic is going in and out of your computer. And they’re looking for anything odd. Not just things that the application knows about, but things that are heuristically unusual with traffic patterns. Be sure that you have also all of the latest updates for your anti-spyware so that it’s able to find as many of these situations as possible.
If you’re connected to the network, you should absolutely have a software-based firewall running on your computer to protect against traffic that may be coming into or maybe going out of your computer. This allows you to set very tight restrictions so that you can be assured that nobody from outside of your computer has unfettered access to all of your files and services on your computer. And what’s nice about it, because it’s on your computer, it’s software based. Wherever you take your laptop, you’re always going to be protected.
This restricts access by not only the port numbers, which are traditionally used when your have information going back and forth across the network, but it’s aware of all of the applications running on your computer so you can set rights and permissions of who can access what port number and what application that’s using that port number. That gives these host-based firewalls a little bit more visibility than what you would find on a traditional network-based hardware firewall.
Of course, the network-based firewalls do have their place. And they’re incredibly important, especially as your network gets larger and larger. If you have a wireless access point and a router that’s connected to your cable modem or your DSL line at home, that is also a hardware-based firewall. It’s traditionally limiting traffic through your network based on port number and based on state. We call these stateful firewalls because they know what traffic is going out and they’re only going to allow the proper responses back to that traffic.
In larger environments, you can even encrypt this information, especially if you’re sending it to a remote site. This encryption of data allows you to send very sensitive information across the internet. But if somebody was to gather that information in between one side and the other, they wouldn’t be able to do anything with it because every single bit of it is encrypted.
These can also often proxy traffic. They can sit in the middle. So when I talk to Google, I’m really talking to my firewall. The firewall, on my behalf, is going to talk to Google, get the response. And then before it sends that response to me, it checks to make sure that the response is valid and that there’s nothing inside of that that might harm my computer.
A lot of the firewalls that we deal with, especially in larger environments, are also routers. And we’ve seen that even in smaller environments. With your home office or your cable modem or DSL router, these are routing at layer 3 of that OSI model. So not only can they firewall and proxy and stop all that information, they’re also routing from the inside to the outside of our network as well.
One of the most common forms of digital security is your username and your password. It’s the authentication that you would use to log into a resource that’s available somewhere on your network or on your computer. The username and password is important. You have that username associated with it. And in Windows, we also associate something called a Security Identifier to every single account.
You of course need credentials like a username and a password. You may be asked for additional information as well. You may have a smart card. There might be a pin number. You might need some type of token generator with you so that you can finally gain access to those resources.
Once you gain access to that resource and the system recognizes you, there’s usually a profile associated with you. It might have your full name. It might have your address. And of course, it might have a list of all of the resources that you need access to.
These username and passwords are common. But because of that, they become a very important target vector for the bad guys. They want to be able to figure out what your password is. And if they know your password your username, they can now gain access to your resources.
You want to have a strong password. The bad guys can easily figure out something like a weak password because they’re doing brute force attacks. They’re trying your username in every possible iteration that they can think of for a password. There’s also a number of tables online that help the bad guys with this, where information is already hashed and they can find a password exceptionally easy that way.
You want to be sure your password is complex enough to prevent those brute force attacks. But even then, you want to make sure you change it often. If somebody does happen to get your password, they would only be able to use it for a limited amount of time.
Here’s where this really becomes a problem. If you look at some of the breaches that have occurred in the industry, you know how weak some of these passwords are. A good example of this was in 2009 the website Rockyou.com had a breach, a SQL injection that allowed the bad guys to download every single username and password in the clear. It was not encrypted. 32 million accounts and what was even more interesting is they posted all of them to the internet.
Well obviously that was a security concern, especially if you had an account on Rockyou.com. But what it also allowed us to do was examine just how secure were the passwords that all 32 million accounts were using. A company called Imperva analyzed the entire password database. And the entire study is from this link.
Some of the highlights are that 30% of the passwords were six characters or less. These are very short passwords. Interestingly enough, the minimum requirement at Rockyou.com was only five characters, which makes brute force attacks exceptionally easy.
60% of the passwords had common characters in it. There weren’t a lot of special characters included with the passwords, which made it that much easier for bad guys to brute force attack. 50% of the passwords were names, common things that you can pull out of a dictionary. Don’t use dictionary words. That makes it really easy for brute force attacks.
The most common password that was found in the database was the password 1, 2, 3, 4, 5, 6. I thought this was interesting since the minimum number of characters in a password was five. But of course as you can see, the second most popular was 1, 2, 3, 4, 5. And of course, you have people using the word “password” and using words like “I love you” and “ninja.” These are things that are commonly seen when we start doing analysis of these large database breaches.
It’s uncommon to see someone using very complex passwords. And yet that’s one of the best ways that you can prevent somebody from gaining access to your resources.
Once you gain access to your system, there are a number of rights and permissions you want to be sure are set up so that you can have that digital security. In NTFS, that file system supports a lot of granularity for security. You can really lock down access and allow or disallow people certain access and rights to the files that you have on your hard drive.
If you don’t want people to see files, you can make sure they don’t see them. If you want only read only or you want to be sure that nobody can override files, that’s a great way to implement rights and permissions on your existing computer.
The user permissions themselves are also important. It doesn’t do much good to have rights and permissions set up if you’re letting everybody be an administrator on the system.
It’s actually not unusual to see organizations have to audit themselves every so often because of the large number of administrators that are suddenly assigned in the organization. It’s a significant problem. So you want to be sure that users only have the rights that they need to be able to do their job. And if they need additional capabilities, the default should not be to give them administrator access. Its to assign the proper rights and permissions for what they need to do.