Internet pirates are looting bank accounts, stealing medical research and business secrets and taking over computers for malicious uses. There's no shortage of ways for these thieves to get your company's and your personal sensitive information. Luckily, there are a few ways to thwart these evil-doers, and we'll offer a few in this article.
First, let's look at some ways that information is stolen.
There are many true stories of organizations -- banks, government agencies, universities, hospitals, etc. -- giving laptops loaded with confidential information to contract consultants. Then, the consultant says that the laptop has been lost or stolen. Poof! There goes that confidential data.
Also, it is no secret that there is a high failure rate in websites. Very often, when a site goes belly up, the only thing of value is the database of users. The creditors try to sell that database to the highest bidder. Many sites that sell the personal data of their users have fancy seals of approval and such, but, very often, all that they mean is that someone paid extra to be able to put the seals there -- nice little decorations. Toto, pay no attention to that man behind the curtain.
So, there are many ways in which you and your company are vulnerable to Internet pirates. These unscrupulous folk use phishing, malware and spyware for hostile takeovers of computers, businesses, and identity theft.
- Phishing or
- spoofed e-mails and/orwebsites pretend to be banks, credit card companies or your very best friend/lover; designed to fool you into divulging your personal financial data.
- Spyware lurks in the background of computers to secretly gather information and relay it to advertisers or whoever is buying. Download a freeware version of Spybot Search and Destroy from www.safer-networking.org
- Malware is malicious software designed specifically to damage or disrupt a computer system, such as viruses, worms or Trojan horses.
- Cookies: Many sites offer cookies because they want to be able to recognize you when you return. But there are the sneaks who hide the cookies by using code such as white-on-white HTML. As your mouse travels over the page, a cookie or spyware program is set.
First, dump MS Internet Explorer
Stop using Microsoft Internet Explorer because it is loaded with security problems. That's the advice given by the U.S. Computer Emergency Readiness Team (USCERT), a computer security partnership between the U.S. Government's Department of Homeland Security, the public sector and private sector. Move to another browser, USCERT suggests. Can you take a hint?
If you are on a PC and using Windows Explorer or LookOut (aka Outlook) Express, you are in grave danger. Download other browsers and e-mail clients such as Mozilla Firefox or Thunderbird from Mozilla.org, Netscape from Netscape.com, Opera from Opera.com or Slim Browser from Flashpeak.com.
When setting up your browser, read the preferences section, and do not allow pop-ups; also, consider not allowing graphics. Much of the evil Malware uses graphics to enter your computer system. Browsers like Opera will alert you to a site trying to set an illegal cookie, sending you to a false domain or using a forged security certificate. Opera offers the option to delete private data. This removes your browsing history, clears your cache, deletes cookies, clears e-mail passwords and more. Always use this or a similar option before shutting your machine down.
In Opera and Thunderbird, the downloads go into a special section. This helps to keep malicious software away from your valuable data. Another strategy is to have two e-mail addresses. One is a private e-mail which you give out to people you want to contact you and no one else. Get a public e-mail address, using Yahoo, Netscape, etc. Use this e-mail address to log onto public sites. Treat any e-mail sent to this account as suspect.
A word about wireless
Are you using wireless? Have you set a password? It is not illegal for someone else to hijack your wireless connection. Here's a true story: A friend and I were riding elevators in a high rise filled with law offices. We discovered that most of the law offices had wide-open wireless connections for anyone to steal their data. So, do not leave your wireless port open all the time to allow any stranger entrance into your machine.
Here's an option that can be better than depending on expensive antivirus software that's often hard to keep up to date. You should split, or partition, your hard drive into two sections, or get a second hard drive. To partition you will need to use partitioning software such as Paragon Partition or Partition Magic.
One hard drive (partition) contains your personal data and never, ever sees the Internet. Do not name this C: drive. Viruses and worms hunt for the C: drive, and so does spyware lurking in RAM. It may be best and easiest to get an external hard drive which will be identified as D: for your secure partition. For Unix, Linux, and BSD, set the home directory permissions on the personal data drive to 700. Consider setting up your machines with internal and external nets.
The hard drive (partition) used to browse the World Wide Web and for e-mail has no personal information on it, including e-mail address books. Use a flat text file, if you must have an address book. Many viruses and worms are written to go after address books.
Some people believe that a number of these horrific viruses and worms that shut down entire hospitals, businesses, universities and research centers are being used to create spam search engines. So, the Internet hard drive should be wiped monthly, at least. Loading Linux on this drive will provide an added layer of protection. Finally, do backups of your e-mail.
Here's a true story about Linux security: A friend was trying to do a purchase over the Internet with a company, but she had no success. Finally the company's rep said, "You are using Linux. We can't read your hard drive. We can read Windows and MACs not using OSX." So, just by doing an Internet purchase, you could be opening the door to your hard drive and the confidential information on it.A final word of advice: If you have an employee who downloads something into your untouched-by-the-Internet hard drive (partition), fire that person. Would you tolerate an employee who left your office doors wide open after hours?
Hopefully, following the above security ideas will keep you and your company safe from pirates as you sail the Internet seas.
About the authors: Alexandra Andrews is a Linux webmaster for about 20 sites, including CancerLynx.com, CancerSupportiveCare.com and Self-Sufficiency.org. Neil Dunlop is chair of the Computer Information Systems Department at Vista Community College in Berkeley.
This was first published in November 2004