Hacking attacks happen all the time and pose a real security threat. Here are ten things you can do to protect yourself:
1) Don’t use the same password for all of your user accounts. Choose a variety of passwords, and make each one strong (no full words, use both numbers and letters). Keep your list of passwords in a safe place– NOT on your computer!
2) Don’t share personal information on any website unless you have a secure connection (i.e. the url starts with https). Log out of all personal accounts at the end of each session.
4) Update your machine and software to take advantage of new security sandbox technology.
5) Don’t run free software downloads unless you trust the source.
6) Strengthen the security of your home wifi network by using a WPA-2 protection protocol.
7) Install software updates when they become available– many contain patches that improve your software’s security.
8) Keep abreast of current security issues:
- For Windows PCs: Subscribe to: http://www.microsoft.com/security/resources/newsletter.aspx. Microsoft is a leader in the security field, in many respects. They have to be; they are the biggest target.
- For Macs: Scheduling regular software updates through System Preferences. If you really want to beef up on security for your Mac, check out the Mac OS X Security Configuration Guides published by Apple. Unfortunately, the newest guide is for Snow Leopard (10.6). Some guides for older versions of Max OS X are missing; the links are dead. You can find the Tiger (10.4) guide still on the NSA site.
- For Linux: Each Linux distribution will have its own website. Check that website for security information.
9) Be hyper-vigilant if you provide Internet content (for ANY website, including WordPress websites). After hearing the story of a friend of mine who runs a WordPress site, I realized that if you’re not careful, you can be held for ransom by hackers who threaten your website.
- If you’re not doing it already, make the Internet Storm Center part of your normal daily reading. These folks are GREAT! Their business is computer security education, and they have lots of great classes on various computer security topics. The Internet Storm Center website has the latest news about the hacking going on on the Internet. It’s one of the best computer security websites I know of.
- If you’re not doing it already, go to SecurityFocus and subscribe to the Bugtraq mailing list. You will get email about software vulnerabilities and updates. The notifications include information about WordPress and WordPress plugins. It’s a fairly active list. If you see a vulnerability for a software package you are running, you should research it, and see if there is a workaround you can implement. If you see an update for a software package that you are running, you need to apply the update ASAP.
10) If you’re still nervous (or if, like me, you’re really interested in this stuff), do more research! Here are some resources:
- For general education, check out: “Always Use Protection: A Teen’s Guide to Safe Computing”, by Dan Appleman. I’ve read it. It’s a little dated, but still pretty good, and very cheap now. Not just for teens.
- A really fun read about tracking a hacker: The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, by Cliff Stoll.
- The Carnegie Mellon CERT has some good resources. Of course, my favorite advisory is the one that got this whole blog started. 🙂
- The National Security Agency (NSA) has a number of secure configuration guides to help secure Windows, Apple, and Linux.
- The U.S. Department of Defense has a collection of Security Technical Implementation Guides (STIGs). They are detailed documents for how you can securely configure different software packages, including Windows and Mac OS X.
- The U.S. National Institute of Standards and Technology (NIST) has a website called the National Vulnerability Database. It is a fabulous online resource about computer security. It has a checklist of things to do to make software systems more secure.
Recent Comments