Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
02 January 2006  
Untitled Document
Sections

Market
Management
Technology
 Technology Life
Columns

Between The Bytes

Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

10 simple steps for safe computing

There’s more to safe computing than anti-virus and other reactive solutions. Captain Raghu Raman, lists out 10 simple steps to ensure computing without bugs.

When I was a little boy I picked up this gem in a book about card tricks. It said that if you knew 10 ways to discover a card and only one way to present it, the audience thought that you knew just a card trick. But if you knew only one way to discover the card and 10 ways to present it, you were known as a man who knew 10 card tricks.

Safe computing works pretty much that way.

Many buzz words spring up when we talk about computer security. These range from PKI, encryption, firewalling, firewalking to DMZs and IDSes. The problem is, the intelligent attacker will not be bothered to try and break into systems through any one of these tough routes. Why will he? All he needs to do is discover your credentials and exploit it in 10 different ways. And that is what this piece is about. Getting those fundamentals right.

Get into the habit of having two passwords. One for your official accounts, mail and so on. The other for casual browsing. Make these passwords tough

I am going to claim something quite radical in this article. And that is: if you and your corporate followed the 10 steps that are given below, just these 10 steps and nothing else, you will improve the safety factor of your system by at least 100 percent. And these steps will cost you nothing in terms of hardware or tools to buy. Though it may sound like a tall claim, just read on and decide for yourself.

  • Step 1. Get into the habit of having two passwords. One for your official accounts, mail and so on. The other for casual browsing. Make these passwords tough. Think of a phrase. Any phrase will do. For instance “I am the star performer of my company.” Now derive your password from the first alphabet of each word with a couple of twists. Instead of the word “star” use an asterix and instead of alphabet “o” use a zero. If you did that you will get “Iat*p0mc.” Now that is a strong password. Want to be doubly sure? Log onto MSN and start an account. MSN has a nifty tool during the account signup page which checks the strength of your password. Now you not only have a strong password but you will also not forget it.
  • Step 2. If your computer does not have basic hygiene software, install it. Ok, so what is basic hygiene software? Anti-virus, anti-spyware and a firewall. All these are available in freeware as well. I personally use AVG, Microsoft and Tiny. It takes all of 20 minutes to install them and configure for automatic updates.
  • Step 3. Schedule a regular back up. Weekly will do for most of us. Use a time like Friday night after 10 pm so that your computer can continue working when you are partying. Again Windows comes with a backup tool built in. You just need to specify the media. I recommend an old hard disk that you are not using anymore. Just be sure that your disk is working properly.
  • Step 4. Create a partition (or a folder if you are non-technical) and encrypt it. Use a freeware or a tool such a truecrypt to do this. Especially, if you use a laptop. Make sure all your sensitive and confidential data is in that folder or partition. That way, even if you lose your laptop you will not lose the data within it. Do the same with other mobile computing devices. Next, enable your bios password. For the technically challenged, it’s that password which kicks in when your laptop starts booting. All phones or PDAs have a similar facility. Please enable them.
  • Step 5. Take out your PDA or mobile phone now and remove all the passwords that you have written down there. Be honest!! And do it. You may however keep the username and a reminder phrase that will remind only you about the password that you use. Make no mistake ladies and gentlemen, more accounts are hacked into every day because the owner of the account has lost his PDA or phone with the account details written down on it than due to software vulnerabilities. (And anyone telling you otherwise is trying to sell you some new tool).
    While you are at it, make sure you erase the account details from your laptop, good old fashioned paper diaries and so on. Here is another tip. Always write your name and phone number on your laptop and PDA. Also write that you will give a reward to the finder. You will have better chance of someone returning you the equipment if you lose it.
  • Step 6. Don’t believe in fairy tales. No king of Nigeria is going to die and leave for you his wealth to share with one of his ministers. For those who don’t know what I am talking about let me spell it out for you. This is one of the oldest forms of fraud and it is called the confidence con. You get a mail telling you that you are the lucky recipient of a free gift or a lottery or a package has arrived for you, the aim is to get your greed stoked and then lead you on. And if you believe you are too smart to fall for this kind of fraud, think again. The examples I gave out here are pretty obvious (at least to computer savvy individuals) but the baits used by tricksters are much more sophisticated these days. And if the fraudster knows some details about you he has a better chance of trapping you. Consider some classic examples. A fraud site collecting donations came up within hours of the tsunami tragedy last year. You may get mails from Amazon, Yahoo, or your bank asking you to validate your account. Hundreds of people fall for it every day.
  • Step 7. Don’t forward unsolicited mail. Sending unsolicited mail is SPAM. Just don’t do it. Although it sounds harmless, spam is the single most damaging phenomenon to hit the corporate world. More than viruses or worms it’s spam which causes bandwidth choke, wastage of time and opportunity loss. Let’s take a quick look at why this is so. Peep into your mail box. If you are not protected by anti-spam software, chances are one out of every two mails is spam. This is pretty much the global average of spam traffic. In other words half of all e-mail correspondence going through the networks is unnecessary but demands the same investments in infrastructure, bandwidth and usage costs as legitimate mail. Similarly, each time you have to upgrade your Internet connectivity because you do not have sufficient bandwidth, half of that expense is a waste as spam is the reason you need to expand. If you use a service provider like Yahoo or MSN, start reporting spammers. It just takes one click from you to join the battle against spam.
  • Step 8. This is a bit tricky one, especially for the road warriors. Don’t use internet cafes. Sounds draconian, but here is why. You have no way of knowing who has been there before you and what interesting software he has installed. A favourite one used by many scammers is to install key loggers and then access your accounts using captured key strokes. Nowadays wireless cards are priced reasonably enough to be bundled into the laptop. Some telephone service providers also provide Internet connectivity using mobile phones, which cuts out this risk altogether.
  • Step 9. Don’t give away your e-mail IDs unnecessarily. So, next time you are filling out a contest, coupon, Web site, or an airline survey, remember not to divulge your official e-mail ID. This also goes for your cell number. You never know what lists these IDs will get into and start getting bombarded with cold calls or spam.
  • Step 10. Inform your children or employees or friends and associates about these steps. As the cliché goes—a system is only as good as its weakest link. And like most clichés it has truth in it. All your expensive defences can be rendered useless by some employee deciding to turn off a firewall or anti-virus or telling a potential hacker the password over the phone (This happens more often than you think)

So there you have it. 10 ways to secure your computers, systems and people. If I had to choose one step as the most important one though it will be the last one. There is no stronger defence that an organisation can put up than a ‘PeopleWall.’ If you have that in place, technological advances, wily scammers, and vulnerabilities in software can all be dealt with. If you don’t, even the best technology won’t be enough.

The author is CEO, Mahindra Special Services Group.
He can be reached at raghu@mahindrassg.com

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.