All Your Data Are Belong To Us!

My last post discussed some tactics for realizing what’s happening under the hood of our browsers when we’re surfing the web, and hopefully generated some thoughts for novice and intermediate users who want to browse the Internet safely. This week, we’re going to look a step beyond that and focus on steps to protect our passwords and data from unwanted visitors.

Passwords are the bane of every system administrator’s existence. Policies are created to secure organizations, but when enforced they cause people to have trouble coming up with (and keeping track of) the multitude of passwords necessary. As a result, people commonly use the same passwords in multiple places. This makes it easier on us as users because we can remember puppy123 a lot easier than we can those passwords that attackers can’t or don’t guess. Doing so also makes it easier on attackers to find a foot hold, and what’s worse is that if they are able to brute force your Yahoo! email account then they now have the password to your online banking, paypal, or insurance company login as well.

Hopefully some of you are thinking to yourselves “Is this guy telling me I shouldn’t be using the same password for everything?” If you are, you get a gold star and you’re half-way toward a solution. For those of you who are not, either you have mastered the password problem or still don’t care- in which case I’ll see you when our Incident Response Team is called to clean up the mess.

To solve this problem, find your favorite password manager (Google will help with this), or use what our team uses- KeePass. This is a fast, light, secure password manager that allows users to sort and store all their passwords under one master password. This enables you to use puppies123 to access your other passwords, which can be copied and pasted so you have no need to memorize those long, complex passwords. KeePass also includes a password generator. This tool lets users decide how long and what characters will make up their passwords. So you’re able to tailor passwords to meet any policy needs (whitespace, special characters, caps, etc) and not have to think about creating something different than the last password created- the tool handles this for you.

In addition to password composition, this tool lets you decide when and if the password should expire so you can force yourself to change this on a regular basis- this is an invaluable feature that helps minimize damage if and when a breach DOES occur. Once passwords are created, they are saved into a database file that is encrypted- so if your computer is lost, stolen, or breeched in some other manner, the attacker will have a harder time getting to your protected password data. There are many of these solutions available for varying price ranges, but I highly recommend KeePass as a free solution that has worked really well for me for quite some time. It’s amazing how nice it is to not have to remember passwords any longer!

Okay, so our passwords are now safe, what about the rest of our files? Local hard drive storage is a great convenience that allows us to save files to our hard drive at will. The downside to this is that upon breaking into our PC an attacker has access to any file within their permission scope, which means a root user can access ALL files on a compromised file system! While full disk encryption is still gaining popularity, “On the fly encryption” products are making their mark by offering strog and flexible encryption tools that create encrypted containers for data that can be accessed when given the appropriate password.

I have used the tool TrueCrypt for years and it has proven to be invaluable in this arena! TrueCrypt allows users to create containers of any size which becomes an encrypted drive that can be accessed once unlocked. After being locked, it is highly unlikely that an attacker will successfully break the encryption to decipher the data, so if you’re using a strong password, your data is as “safe” as it can be. This tool is one of the best out there in that it offers on the fly and total disk encryption, as well as allowing for encryption of individual disk partitions including the partition where Windows is installed (along with pre-boot authentication), and even allows these containers to be hidden at will.

Wow, we’ve gone through a lot together! You’re managing passwords, protecting stored data, learning what’s going on when your browsing the web, and becoming a human intrusion detection/prevention system by recognizing anomalies that occur in regular online activities! Visit next time as I explorer updates with you to round out this series on basic user guidelines.

How to Safely Use a PC and the Internet: Fear Them No More!

As the MicroSolved team strives to bring quality service to our clients, we also make every effort to educate the masses and try to contribute not only to the Info Sec community, but to the “average Joe” out there trying to bank online, check email, or use Facebook without sacrificing their digital security or personal identity.

It’s human nature to fear the unknown. We don’t like to deal with things we don’t understand. Once upon a time, it might have been ok to just avoid what we didn’t know. But today’s world is becoming more and more reliant on machines, computers, and the Internet. Before, a person used be able to go through life without knowing how to work with technology. Today this is becoming more difficult. People use computers at work, at home, and at the store. Children are required to do papers, reports, and projects on a computer- it’s not something that can be easily circumvented any longer.

This being said, it is time to STOP fearing these things. The only way to do is it to face the fear. Realize the machines only do what they’re told- you just need to know how to give the proper orders. Computers are dumb. They’re basically a digital filing cabinet which holds files with digital instructions on them. They can be manipulated to the will of the user, and can be helpful tools once the apprehension subsides. Take a basic course on how to use a PC and the Internet- they’re not costly and should be readily available. If you have trouble finding one, ask around. Many libraries and community centers offer basic introduction courses either for free or at low cost. You don’t need to be a Windows Jedi or a Linux Guru to operate these machines.

The Internet is a staggering creation of man. Nearly everything in the world can be accessed in some form online. Learn what a web browser is, what it does, how to operate it, and how it should behave. Learn to pay attention to how your browser acts when surfing and how commonly visited pages act. When something changes don’t dismiss it! These changes can indicate unsafe conditions and should not be ignored. Using the Internet is a responsibility and users need to be aware when they’re online.

Over the coming weeks, the MicroSolved team will be working to create blog and video content focused on educating end users to keep them safe while surfing the web. If you have a topic you’d like to see covered, contact us! We’re always excited to hear from you.