Secure IT Foundation

Posts Tagged ‘Secure Computer Standard

As can be seen from recent news of leaks of 100, 000s user names and passwords, regardless of the length or strength of your password, you should change it at least once a year for all your email, websites and computer accounts.

The reason being is that passwords are mathematically secure for a limited period of time. The longer time between you changing the password gives the bad guys longer time to crack it. Same also applies to your bank PIN numbers! So do your security a favour and do change your password (and your PIN numbers) at least once a year. Can’t remember your passwords then use a password manager like LastPass or write them down and store the paper securely. Better to change your passwords regularly with a bit of paper than never changing them or worse using one password for everything online!

You can read more about the topic of password cracking on wikipedia.

SecurityBrad

Advertisements

Version 2.0 of the Secure Computer Standard has been published on the Standards and Documents pages.

The Secure Computer Standard is a document published by the Secure IT Foundation, to give computer manufacturers, repairers and sellers guidance as to what steps they should be taking to provide a computer ‘secure out the box’ or a baseline for repairers to give good service. It has been simplified and reworked following over six months testing at Brads Computer Service Station in Rotterdam, The Netherlands.

The rating scheme has also been simplified following real world feedback.

As usual this is a living document, and all suggestions for improvement and error corrections are appreciated. You can contact us here.

SecurityBrad

While there is no magic solution to protect your financial information when banking online, there is a service offered for free called Trusteer Rapport. Mainly provided for US and UK banks to supply to their own customers as an added service, its protection works on other bank sites as well.

Windows users can download it here and Mac users can download it here or you can visit the official page at http://www.trusteer.com/webform/download-rapport

Once installed, you get a new button next to your browsers address bar which you click when using your own bank site and it helps give another layer of security to your session.

It starts out with a list of 50-60 ‘partner’ banking sites and is limited to 100 sites in total, but that means that most of your own favourite sites can also added.

Do remember that you need to combine software this with many other security steps in our security guides to be even remotely confident in your computer’s security and secure use.

SecurityBrad

From experience we can safely say the biggest cause of hard drive failure is… YOU, the computer user!

Do you shut your computer off completely before you move it? Do you turn it off by using your operating system shutdown option? If  you answered no to either question and your hard drive fails then you now know why! Just held in the power button as you were fed up waiting for it to shutdown? Well a hard drive is a mechanical device and can be compared to an old fashioned record player. A needle moves over disks of metal reather than vinyl and is air cushioned these days but the principle is similar. Unless you shutdown the computer using the shutdown option then you are scratching the needle over your record by moving it. Same goes for holding in the power button to turn it off, this is like having a fancy automated record player which auto returns if you let it. Instead of waiting for the device to do its job, you are grabbing the needle and forcing it back into its housing violently.

The future for computers is to use Solid State Devices called SSDs which have no moving parts. Too expensive for most they are slowly becoming available. All laptops should have SSD storage over mechanical devices in our opinion. Both types suffer electronic failure but the user has to do some bad things to damage a SSD compared to hard drive!

SecurityBrad

‘Defence in depth’. That is what the commercial security world calls having multiple layers of security to protect you in case one fails.

Simply put, your home computer needs to have multiple layers of defences including an up to date browser like Firefox, have Anti Virus software that works, run Windows Update every month and update all your applications at least weekly, as a minimum. Sounds like hard work, no one interested in your computer? Don’t be a muppet!

If your computer is hacked then you could be storing child porn, terrorist training material, or your computer could be used to send spam. Assuming that you never entered any personal or financial information, else that would have been stolen as well, the worst case scenario is that your home gets raided as part of the war on terror and computers seized…

No one can guarantee perfect Internet computer security unless you unplug the Internet.

A recent hacking contest showed that ALL major browsers on the Internet can have security issues including Safari on Macs, iPhones, Windows 7,  and both Internet Explorer 8 and Firefox on any computer. So next time you click on a link sent to you, visit dubious websites, or download a file from the Internet, be sure of your defences and make sure they are deep!

SecurityBrad

For those of you who do not use Secunia’s Personal Security Inspector software already (it is free for personal use!), make sure you have done your updates.

Adobe has become the new Microsoft for releasing insecure software and their Flash, Shockwave and Reader products all need urgent updating. Sun’s Java is not far behind in the insecurity stakes, and also needs to be checked that you are using the latest version. Both Adobe and Sun share one ability though, their old software is not fully removed when you update your products, so do check your browser plugins and installed software for old versions, or you can just use PSI and let it do the work for you!

You can blame the software providers for not fully security testing and releasing poorly secured software. The usual analogy is that it is like getting a car missing parts or a car with known defects, and this would never happen. Recent history has shown that car manufacturers also use the same security testing practices…

SecurityBrad

A common question we get asked a lot, why have a firewall on each computer when the network is protected by the firewall in my router? Simple answer, it is a question of trust. If you follow secure computing advice like the Secure IT Foundation’s Home Computer Policy, then you will know that safe computing starts with not giving away trust. Why do you need to trust the other computers on your network just to read your emails and access the Internet. Even if you do share files with other people in your computer network then that is all your firewall should allow.

In case this seems like paranoia, then a new method of hacking has been developed which allows the bad guys to bypass your router’s firewall completely! You can read more about it on The Register. Suddenly your computer’s only defence is your software firewall that comes with your operating system. This includes Apple Mac OSX users, as your firewall may not be on by default. As long as it is properly configured to block all incoming requests, then you will be protected while the majority of computer users will be vulnerable. For once smugness is not the preserve of Mac users as the Windows firewall is not fully secure in its default configuration either!

SecurityBrad
www.securitybrad.com



  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories