free ebooks ==> www.ebook777.com

  Finally! A Human-Readable Guide to Cybersecurity

  free ebooks ==> www.ebook777.com

  Congratulations on purchasing this book! Protecting yourself online is critically important, and by reading this book, you are taking an important step to keep your personal information secure. The world of digital security is a fascinating one, and today is more important than ever. As you read through this book, you will gain an understanding of some of the most fundamental principles of security, how many hacking schemes work, and how you can outsmart them.

  This knowledge is valuable for anyone who uses a computer. Whether you use your computer primarily for personal reasons, or you are a businessman wanting to make sure that important company information on your computer remains secure, this book contains invaluable information that can help you maintain privacy. It is a concise explanation of security topics written in plain English, so that anyone can understand what it takes to keep computers secure. I’ll also guide you on what to do if you find that your computer has already been compromised. I’ve tried to keep this book as short and concise as possible so that it will be as easy as possible for you to soak up this information.

  These tips that I will give you come from a number of places - many I have learned from talented programmers, and some from my my own sweat and blood. I’ve tried to include a lot of real world examples of hacking schemes to keep this interesting. Then I’ll tell you pro-tips that repair shops and security personnel normally sell you for hundreds of dollars. I’ll tell you how to get the same things done for free or at comparatively little cost, potentially saving you hundreds. I’ll point you to free programs that work nearly as well as commercial ones. And for those of you who are willing to invest a little more in computer security, I ’ ll give you my professional opinion on the best commercial software. Read this book, and you’ll be saved from the legwork of comparing programs, and then trying to change when you realize you picked the wrong one. No more searching Google and sifting through internet to find out what you need - you’ll find it right here. By reading and applying the principles in this book could save you from a destructive hacking attempt.

  

free ebooks ==> www.ebook777.com

  In addition to learning about how to protect your computer, in this book you’ll actually learn about real principles of security, not just a list of dos and don’ts. That will equip you to make smart choices even in areas this book doesn’t cover. Sometimes when we first start learning about something new, we don’t really have our bearings and can get lost, or we waste our time on things that do not really matter. It’s also easy to miss an important area. In the world of digital security, just one omission can leave a computer vulnerable.

  In this book, I’ll give you a holistic view of how security works, so that you can be best prepared to meet the number of attacks that are coming today, and the new ones devised tomorrow. Unfortunately, the more the digital world grows, the more incentive hackers have to break into it. For those of us us who do honest work, it is frustrating that we have to deal with this problem. That said, the consequences of not doing so can be catastrophic. By reading and implementing the security measures in this book, you will be providing yourself with a first line of defense that could be the difference between productive computing, and an incredibly destructive security breach.

  As a final note, while this book is designed to be a help to you in implementing digital security, please be aware that it is impossible to cover every attack. New ones are invented every day. Even if you follow every tip written in this book, there invariably will be other attacks and viruses out there that can cause problems. It is impossible to cover all aspects of security in one book. That said, this book contains valuable information that will get you on the right track. So without further ado, lets get started.

  Sector 1 - Universal Principles of Security A. Encryption.

  In 2014, Home Depot announced that there had been a major breach of their security systems in which many, many credit cards were stolen from their systems. The Wall Street Journal, 56 million credit card numbers were stolen. Criminals had snuck in through a small loophole in their security systems, and quickly began their covert thievery. They basically devised a system where they could intercept the credit card numbers of people who swiped their cards in the store. As data was sent from the credit card readers

  free ebooks ==> www.ebook777.com

  to where it was stored and processed, the hackers listened in on the wires and intercepted it. If Home Depot had been using the technology that I am about to show you, they would have been safe from harm. As it is, however, they did not, and massive damage ensued. At the end of this section, I’ll show you a bit of a report on their website which discusses how they implemented this critical security technology called encryption.

  Encryption is in many ways the backbone of any secure system. Basically, it is a system of scrambling the contents of a message so that nobody can tell what it says unless they have the right password. The whole point of it is to enable people to transmit confidential information through an insecure route. Here’s an example of how simple encryption might work: If I want to disguise the word “cat” with extremely basic encryption, I could change every letter in the word to the next one in the alphabet - so “c” becomes “d”, “a” becomes “b”, and “t” becomes “u”. The resulting “encrypted” form of the word “cat” would be “dbu”. I could do the same to a whole sentence and get a result that looks completely different than the original. If someone were to look at our sentence without first undoing the encryption, it would have absolutely no meaning. Of course, this encryption algorithm wouldn’t be very difficult for anyone to unravel, so far more complex ones have been devised.

  In encryption formulas created today, there are two parts - the formula, called the cipher, and a secret password called the key. In the example above, we could change it up so that instead of replacing each letter with the one after it in the alphabet, we would replace each letter with the third letter after it. We could replace it with the tenth letter after it (and wrap around back to “a” for letters near the end of the alphabet). In this example, the encryption formula would be quite simple: Replace each letter with the __ letter following it in the alphabet.

  In our first example, we put the number 1 in the blank, so that each letter would be replaced by the one following it in the alphabet. We could, of course, change it to

  

free ebooks ==> www.ebook777.com

  whatever we wish, and thus slightly modify how our message is encrypted.

  In real-life encryption, the key is equivalent to the blank in our encryption formula above. By inserting a different number into the formula, we can alter how the message is scrambled. In the same way, modern encryption algorithms keep messages secret by using a special key to alter how the message is scrambled, to the point that only the person with the key will be able to unscramble the message.

  Usually these formulas to scramble and unscramble the message are freely available so that anyone can use them protect their information. The key, however, is always kept secret. As long as that secret code is protected, the message is safe, and it is virtually impossible to unscramble the message. In fact, many of the algorithms used today are so secure that today the most powerful supercomputers on earth couldn’t decode the scrambled message, even if given thousands of years.

  The use for such a system is pretty clear - you can send a sensitive message through an insecure route, confident that if anyone were to intercept it they still would not be able to find out the contents of your message. This is particularly useful in online transactions, where sensitive data is commonly sent across the internet. Let’s say for example, you are buying this book from Amazon with your credit card (and of course that you don’t have it saved). When you enter your credit card number and click the “Buy” button, your computer sends your credit card number through your internet connection to your internet service provider (like AT&T, Verizon, your cable company, etc.) Then your internet service provider sends your credit card number many miles, possibly hundreds of miles to Amazon’s internet service provider, and then to Amazon’s own computers. Once they have the card, they have to send the number to your credit card provider (like Visa or MasterCard) and make the charge. In one online transaction, your credit card may be sent hundreds, or even thousands of miles.

  Sending your credit card number many miles across internet wires is dangerous. As the distance a message is sent increases, the chances of it getting intercepted likely increase as well. If your message was not encrypted at all, someone could hook into your internet wires or wifi connection and see everything that you were doing. They could see intercept and copy everything you sent to Amazon, including your credit card information. If they were clever, they would listen in right outside of Amazon’s location, and intercept all the

  free ebooks ==> www.ebook777.com

  connections Amazon had with their customers and steal every single credit card number! Obviously that would be a huge, huge problem, that would make online shopping utterly infeasible. By encrypting the credit card number, however, companies ensure that no one but the intended recipient can read them.

  The way this is implemented in real life is brilliant, but also nearly invisible to the end user. Your web browser almost always takes care of it behind the scenes. Occasionally something goes wrong in the encryption process, however, and when it does, you need to know what to do. I’ll go over that in a minute. Right now I’m going to explain in greater detail what your browser is doing under the hood. Knowing this will better equip you to understand what can go wrong. I will warn you, however, that this will get a bit technical; since its not absolutely essential to keeping secure, its an ok section to skip. If you can read it, though, you may find it quite interesting.

  To transfer information securely over the internet, both the sending computer and the receiving computer need to know the same secret key. One computer could come up with a randomly generated key, and send it to the other, then for the rest of the time, they could communicate securely using the secret key they both share. But how can that key be securely exchanged? One could meet in person with the party in question, or one could even speak over the phone and communicate the secret key. Clearly if one were to simply send the key and then the message right after it, the security of the message would be compromised. If I send Amazon the key to decrypt my credit card information, and then immediately send the encrypted information right after that, anyone listening in could just intercept the encryption key and then promptly decrypt my sensitive information.

  So how can we securely exchange the secret code? The answer lies in a genius encryption formula that allows secure one-way transmission of data without first sharing a key. Unlike a standard encryption formula that uses one secret key to both scramble and unscramble the message, this type of encryption uses two different keys, one to scramble the message, and the other to unscramble it. It is specifically designed so that the key used

  

free ebooks ==> www.ebook777.com

  to scramble the message, called the public key, is useless for unscrambling the message. Only the private key, as it is called, can decrypt the message and reveal its contents. Here’s how this plays out in an example scenario.

  Amazon generates a private and public key pair, and sends their public key to anyone who visits their site, but they keep the private key highly secure. When you visit their site, your computer generates another key (unrelated to Amazon’s keys), encrypts this key with Amazon’s public key, and sends it to Amazon. Amazon decrypts the key that your computer generated, and for the rest of the time you are connected, your computers use the key your computer generated to keep your messages secure.

  1. Amazon sends you their public key

  2. Your computer generates another completely unrelated key

  3. Your computer encrypts the new key with Amazon’s public key and sends it back to Amazon

  4. Amazon decrypts it using their private key. Now both sides have the same key

  5. Your computer and Amazon encrypt all information with the key that your computer generated. Amazon’s public and private keys are no longer used.

  Hopefully that makes sense. If not, no worries, try reading it again later and it will likely make more sense after your brain has some time to process it. The main thing to remember is that encryption is just a way of scrambling a message so that nobody but the person with the password can read it. Home Depot posted the following as their solution to the credit card scam: The company has implemented enhanced encryption of payment data in all U.S.

  

stores. The new security protection locks down payment card data, taking raw

payment card information and scrambling it to make it unreadable and virtually

useless to hackers. Home Depot’s encryption technology, provided by Voltage

Security, Inc., has been tested and validated by two independent IT security firms.

  You can read the full article at:

   free ebooks ==> www.ebook777.com

  From what I can tell, they were using encryption any time a credit card left their internal network. Amazingly, the hackers found a way to break into their internal network where credits cards were not encrypted. Home Depot had to step up their security measures, encrypting the cards immediately after people swiped them in the store.

  Now that you know how online encryption works, here’s how you can recognize if your connection is encrypted. In most browsers today, there is a little lock in the url bar that shows that your site is encrypted. Here’s what it looks like in Internet Explorer 11, Chrome, and Firefox: Chrome: Internet Explorer Firefox If you click on the lock, you can see more information about the type of encryption used.

  Here is what it looked like when I visited docs.google.com in Google Chrome.

  

free ebooks ==> www.ebook777.com

  The text to the right of the first green lock icon states that the identity of the site has been verified. I’ll go over how that works later on. For now, I want to focus on how encryption works.

  If you look at the text next to the second green lock, you’ll notice that in this instance the connection is secured with a 256 bit encryption. Usually encryption today is either 128 bit or 256 bit. All that refers to is the length of the secret key used to encrypt your connection. A longer 256 bit key is more secure than a shorter 128 bit key. The longer the key, the more complex the encryption is, and the more difficult it is to undo. As of today both are sufficiently long to be considered secure.

  The next item in the security information box is the name of the protocol that governs how the connection is initiated and encrypted. It says “The connection uses TLS 1.2.” Here, the name of the protocol used is TLS 1.2. Right now TLS 1.2 is widely believed to be the most secure mainstream protocol for transmitting information in a web browser. TLS 1.1 and TLS 1.0 are older versions that are less secure. Another, older method of encryption is SSL 3.0. Both TLS 1.0 and SSL 3.0 have widely known vulnerabilities that make them easier to break into. If you are using a site with very important information, like a banking

  free ebooks ==> www.ebook777.com

  or investing site, you should think twice before you enter your information if the connection is not using TLS 1.2, or at least 1.1. It may just be that they have not updated their software, but for financial institutions, this is unlikely. If you see a bank website with a TLS 1.0 connection, your browser may be out of date. If you have an up-to-date browser, it is possible that there is a third party hacker interfering with the connection, causing the connection to be governed by a less secure protocol.

  The next item in the list states the actual encryption algorithm used to secure messages transmitted. The TLS protocol simply governs how the connection is formed, not what specific algorithm is used to encrypt messages. Computers today support a number of different encryption algorithms (called ciphers), and any of a number of them can be used. The TLS protocol determines how your browser and the site you are accessing will decide on a cipher. Not all computers have the same ciphers, and they must find one that both have in common. In this case, the cipher used is CHACHA20_POLY1305, which is considered a secure encryption algorithm. Here are the other ciphers that are commonly considered secure when used with either TLS 1.1 or 1.2.

• AES ciphers
• Camelia ciphers
• Seed ciphers That covers the basics of secure connections to a website. Generally speaking, connections with TLS 1.2 will be considered the most secure. If the site does not use TLS 1.2, your browser will still connect as usual and tell you that you have a secure connection. Now that you know more about encryption, however, you have the tools to determine if a site is using the latest, most secure protocol, or an older less secure one. This is a picture of the security profile for a stock trading company I found when writing this book. Note that it uses TLS 1.0, a protocol with known security holes. (Disclaimer - TradeStation may have updated their site since the writing of this book. Please check there to see the status)

  

free ebooks ==> www.ebook777.com

  The next item the security popup is the key exchange mechanism. As discussed earlier, all communication between the two computers needs to be encrypted with a secure algorithm and key. Both sides need to have the same key. One computer generates the key, and sends it to the other. The key exchange mechanism describes how the key is securely transmitted once it has been generated. I covered how this works conceptually earlier, but there are a number of different ways this can be implemented. My browser here is telling me exactly what implementation is being used. If you are using TLS 1.2, your browser should take care of choosing a secure key exchange mechanism.

  In addition to making sure that you have good encryption when visiting a website, your browser also needs to verify that you are actually connecting to the site you want to connect to. Digital cryptography is used to verify identity online. Using public and private key cryptography, the identity of a remote server can be verified with a trusted third party. We’ll go over how this works in a later section on phishing.

  It is worth noting that if you see a yellow triangle over the lock in Chrome, it means that only part of the page is secured. Often times web pages are split up into different parts and each part is loaded separately. If one of those parts is not being loaded over an encrypted connection, your browser should alert you. If this is happening, it really is a security risk. If all the information is not encrypted, it is much easier for someone to inject malicious code into the site. If you are accessing a sensitive site and receive a warning that part of the page is not encrypted, then you should proceed with caution. If it is a site with important information like a bank account, it would not be unwise to contact them about it. If the page does not contain sensitive information, however, it shouldn’t be a problem

  free ebooks ==> www.ebook777.com

  Before wrapping up this section, I want to address an important topic, and that is the need to keep your browser up to date. Think about this: if TLS 1.2 was developed to fix security holes TLS 1.1, which was developed to fix security holes in TLS 1.0, which was developed to replace an older, less secure technology, you might begin to wonder about the security of TLS 1.2 itself. When will TLS 1.2 be found insecure? That is an excellent question, and the right one. As time passes, people find holes in standard security protocols that need to be addressed. Software developers respond to these threats by updating their programs with the latest security features. To keep your computer as secure as possible, you should always keep your software up to date.

  In the realm of online security, this is especially important. For example, Internet Explorer 8 does not support TLS 1.1 or 1.2. Internet Explorer 9 and 10 both support it, but do not have it enabled by default. Only Internet Explorer 11 does enable it by default.

  In this case, by using an older version of Internet Explorer, you are putting your system at needless risk. For other browsers like Firefox and Chrome, updates are installed automatically, which means that unless you alter the settings, your browser should be up to date. If you have an older version of Firefox, you may need to update it manually, however, as older versions of Firefox do not automatically update.

B. Protecting Files on Your Personal Computer With Encryption

  Keeping files safe on your computer involves the same technology that is used to keep your information safe while being sent across the internet. You probably have a password on your computer, and you may think that such a precaution is enough to secure your files.

  Unfortunately its not quite that easy. If I had physical access to your computer, I could probably break in and read all your files in a matter of minutes (assuming, of course, that I had your permission to do so). Your password is a good tool for keeping benevolent users from administrative control on your machine, but unless you have a new computer with Windows 8.1, your files will be unprotected from anyone who really want your

  

free ebooks ==> www.ebook777.com

  information.

  The reason is because by default, your files are stored unencrypted on your hard drive. A hacker could easily plug in a flash drive with Linux on it, and start your computer up using a completely different operating system. They can completely bypass the Windows user account system altogether, and access all the information on the hard drive. If your computer is stolen, your information is likely unprotected and could be accessed by anyone with moderate technical knowledge. If you have a laptop with important information on it, or have any reason to believe that it might be stolen, you should seriously consider encrypting the information on your hard drive to protect it.

  We’ll go over real steps as to how you can encrypt your information on your computer so that even if it is stolen, nobody can get your personal information. I’ll show you what I think is the best free program for encryption. If you prefer a premium product, I’ll recommend one to you as well. If you don’t want to encrypt your computer at all, or are not interested right now, feel free to just skip the rest of this section, and we’ll see you at the beginning of the next. what is the next section? Before encrypting your computer, you need to remember one thing - if you forget your password, and don’t have it saved anywhere else, your files are lost permanently. The whole point of encryption is to lock out anyone without the password. If you lose it, your files won’t remember you and will be lost forever. For that reason, you MUST backup your encryption key and store multiple copies of it in safe places.

  A new Windows 8.1 PC offers the easiest way to encrypt your files, so I’ll cover this case first. All you have to do is sign in with a Microsoft account with administrator rights to your machine, and your computer will automatically encrypt your files! Pretty easy, right? Microsoft seems to have recognized the security hole in their setup, and has done something to improve the security of your machine. For those of you who have a new Windows 8.1 computer, your account is safe, as long as you log in with a Microsoft online account. It is important to note that if you log in to your computer with a local Windows account instead of an online Microsoft account, encryption will not take place. The reason for this is so that Microsoft can back up your encryption key online so you are not locked out permanently. If you forget your password on your computer, you can reset it through

  free ebooks ==> www.ebook777.com their online service.

  If you upgraded to Windows 8.1, the encryption may not work, because it requires certain hardware that many computers don’t currently have. If your computer has been around for a few years, it likely does not have the right hardware. If you upgraded to Windows 8.1 and want to enable encryption, I’ll point you to Microsoft’s guide at the link below:

  

  For those not using a new Windows 8.1 computer (most of us), there are a number of programs out there that do the same thing, and well. Just remember to keep your encryption key in a secure place.

  For Windows Users who have a Professional or Enterprise edition, you have a built in utility called BitLocker. If you don’t have BitLocker, you’ll need to upgrade to a pro version of the operating system you are using, or use another freeware program I’ll cover later. To use BitLocker, search for BitLocker from the start menu, and you should see something like “Manage BitLocker”. When you click on that, you’ll be taken to the BitLocker page in the Control Panel. From there you can easily enable encryption by clicking on the text to turn on BitLocker, and following the steps in the wizard that appears. BitLocker will allow you to encrypt your whole drive, even if your processor does not support the encryption that comes with new Windows 8.1 PCs.

  If you have a Mac, there is a built in utility called FileVault that you can use to encrypt your data. Just go to system preferences => File Vault. There you can select what folders you want encrypted. Some users may want their whole drive encrypted. Oftentimes, however, you really just need your important documents encrypted. The Mac computer gives you the built-in ability to easily encrypt your computer, no need for any upgrade. Apple doesn’t back up your key, so make sure to store your key in multiple other places so you won’t forget it.

  

free ebooks ==> www.ebook777.com

  For Windows users looking for a free program, the most promising one I have found is called DiskCryptor. DiskCryptor offers encryption for the entire hard drive, is free, and is open source.

  Open source means that the developer of the program has made all the code used to create a program freely available to the public. Most commercial software contains license agreements that strictly prohibit anyone from even trying to see how the program was made. Open source software is just the opposite - anyone and everyone can look at just how the program was made, and even tweak a personal copy of it if they know what they are doing.

  Open source cryptography programs like DiskCryptor are said to be more secure than proprietary ones because any programmer can look at how the program was written to verify that it is secure. Some people have concerns that the governments could compel companies to implement secret weaknesses in encryption so that they can access the encrypted files. Whether this occurs or not is not in the realm of this book to discuss. The main point is just that some people consider open source programs more secure than closed source ones, and thus opt for open source programs like DiskCryptor. Here are links to the homepage and downloads:

  

  Setting up DiskCryptor is significantly harder than setting up BitLocker, so unless you are pretty familiar with computers, I would recommend you go with standard BitLocker encryption. It is faster and easier, and if there are any security holes in it, none have been discovered yet, as far as I can tell.

  As this section on encryption comes to a close, I want to remind you of a few things regarding the security of your data. First, remember to choose a good, strong password. No matter how amazing your encryption program is, if you have a poor password, someone with a powerful computer can test millions of different passwords per second, and may be able to find yours in a “brute force” hacking attempt. Remember to keep your

  free ebooks ==> www.ebook777.com

  browser up to date too. And lastly, I want to remind you once again to always back up your encryption key or password. If you lose it, your files are irrevocably lost.

C. Physical Security

  Sometimes its easy to forget that everything in the digital world, or “the cloud”, as they say, is actually man-made hardware, and is just as susceptible to physical theft as anything else. People often think that the internet is something that just mysteriously exists “in cyberspace”. The reality is, however that “cyberspace” is nothing more than a bunch of computers and wires that connect them together. Really, that’s all that cyberspace is. There are no ghosts, no ethereal clouds. There are just computers and wires. There are big computers and small computers, short wires and long. Copper wires and fiber optic cables. But that’s really all the internet is.

  When you store information in an online storage service like DropBox, or iCloud, you’re actually sending it to a massive warehouse filled with computers, called a server farm. When someone sends an email to your email account, it is also stored in a server farm somewhere. Whether email or a backup from your computer, your data is saved to one or more computers in the server farm. Whenever you want it back, that computer will retrieve your data, and send it across the internet to your computer. The computers in server farms stay on 24/7 so you can access your data whenever you want, and they have internet connections that go unbelievably fast so they can send and receive data from millions of people at once.

  Google has put together a pretty cool website showing how their server farms work. It has a lot of cool pictures and explains some of the technology required to build it. If you have the time, I would encourage you to take a look:

  

  This aggregation of digital information is potentially very dangerous. These server farms contain important information belonging to countless people. A single computer could contain the emails or personal files of hundreds, or even thousands of people, or could

  

free ebooks ==> www.ebook777.com

  contain lists of personal information belonging to millions. If a hacker gets ahold of such information unencrypted, he can quickly sift through the files using automated software, search for passwords and other sensitive information, and depending on what he finds, wreak havoc on the lives of the people whose information is stored therein.

  As you can see, “the cloud” which is in many ways the future of computing, comes with serious risk. To ensure safety, tech companies like Apple and Google usually have 24/7 security guards and strong walls to protect their facilities. They also encrypt their data as well, so that if any computers are stolen, sensitive information is not compromised. Usually they have backups of information stored in different data centers, so users can still access their data. If just one copy is stolen, however, the consumer data is compromised.

  In your situation, you are not likely to be hiring a guard to watch your computer 24/7. That said, people really do physically steal computers to get the data stored in them, and you need to take precautions to prevent data from getting into the wrong hands. I was a part of a nonprofit organization, years ago, whose computer was stolen. My guess is that the criminals were trying to access personal data from the members of the organization.

  They were likely hoping to find important information that can be used to break into bank accounts and such, like social security numbers, dates of birth, and other personally identifiable information. Fortunately, only contact information was stored on the computer, and no worse harm occurred.

  When considering your overall security strategy, don’t forget that someone breaking in and stealing a computer, especially at work, is a real security concern. System admins, and anyone else who stores sensitive data must be careful to keep critical systems locked behind doors, or sensitive data could be compromised. If you run or work at a small company or organization, developing a strategy to keep your computers safe is a very good use of time.

D. Managing User Permissions

  This is a concept that I think most people already understand. All it really means is managing who can do what on your computer. Computers today come with a built-in set of access controls that allow certain users to do certain things. Just like its important to give out information only on a need-to-know basis, it’s critical that in digital security, permissions on the computer are given out on a need-to-use basis. Be smart about how you give out access to people in your company. Don’t give anyone you do not trust access

  free ebooks ==> www.ebook777.com

  to things they don’t need. Even if you do trust them, its still probably better not to give them access. Why? First, because no matter who they are, they may deal with your data maliciously. Second, even though they may have absolutely good intentions, they may not have the skill or knowledge to deal with it in a secure way. They could accidentally damage your information, or even compromise your system. I’ve seen it happen before where an inexperienced person was given administrator access to a system and accidentally downloaded a piece of malware on an organization’s computer. The person may not be trying to share company secrets, but they may accidentally lose a sticky note with their username and password. If their account gets hacked and they have administrator permissions, you could be in serious danger.

  In general, by restricting access to anything that could be used destructively to a need-to- have-access basis is wise. Computer programmers take this to heart, restricting not only how people, but how programs can access sensitive information. For example, security measures are used to try to prevent any unauthorized programs from running on your computer. If you have Windows 7 or 8, you are probably familiar with the somewhat annoying alerts that Windows sets off when you try to install software. The reason for those alerts is because Windows limits the abilities that the installer has on your computer so that it can’t install anything you do not permit. It actually considers that installer a different “user” of the computer, and requires you, the administrator to authorize the program to install. By requiring you to explicitly OK the installation of programs, Microsoft is trying to protect you from malware and other programs that you don’t want installed on your computer.

  Implementing a secure user access policy is pretty easy on today’s computers. There are almost always two main groups - standard users and administrators. Sometimes there are other account types like guest accounts, and sometimes you can define your own account types. Standard and administrator accounts are really the only two you need for day-to- day purposes.

  As the name implies, administrator accounts have the ability to administer the system - they can add and remove programs, change system files, or whatever else they like. Users

  

free ebooks ==> www.ebook777.com

  with standard accounts can run programs on the computer as normal, but they generally can’t install programs or change important system files. If you have someone using your computer, say another person in the family who just uses the computer to browse the web, they don’t need administrative rights. If they have administrative rights, but don’t know about security, they can unknowingly install programs on your computer that might contain malware.

  It can also be a good idea for you to have two different accounts for yourself on your computer - an administrative account and a standard account. If you are using the standard account and download a piece of malware on your computer, it is less likely to actually infect your computer. Because standard accounts can’t install most software or change system files, malware that may be trying to install itself will likely be blocked as well.

  One excellent example of critical system files that need protection are startup files. Malicious programmers usually want their viruses to run automatically at startup. They want their programs and spyware to be running every time you turn your computer on. If you accidentally run some malicious software while logged in to an administrative account, a piece of malware can easily inject itself into your startup files. If you run it on a standard account, however, the program will have more difficulty getting into those important startup files.

  One other important aspect of user permissions is that standard accounts do not have access to most files created by another user. This is important because it keeps standard users from accidentally or maliciously deleting files on a computer. If your kids use the same computer you do, its probably a good idea to give them a different, standard user account so they can’t accidentally delete your files.

  To change user permissions on a Windows computer, just search for “User Accounts” at the start menu, and you should see something with that name and a picture of two people. If that doesn’t work, or if you are still running Windows XP, go to start => control panel, and then click on user accounts. Here’s what it looks like in Windows 8.1: free ebooks ==> www.ebook777.com

  From there you can manage the accounts on your computer. As you can see, it offers you the option of changing your account type, or if you click “Manage another account”, you can see all the accounts on the computer. When you click on any of them, you’ll see the option to change the user account type. There you can switch users from administrator to standard permissions and visa versa. If you have a different version of Windows, it may look a bit different, but the same basic functionality is there.

  On a Mac, click the Apple icon in the top left of the screen, then select system preferences, then choose Users & Groups. From there you can easily change and manage user permissions.

  By limiting administrator access to your computer, you are protecting your system from being damaged by an unthinking user. By using a standard account on a day-to-day basis, you are further protecting your computer from unintended harm. And by restricting people who may not have the best interests of your company at heart, you can prevent them from destroying important files or installing dangerous malware.

E. Login Security: How to Keep Hackers Out of Your Accounts

  Keeping logins confidential is a critical aspect of computer security. If you don’t have a good strategy for keeping people out of your online accounts, hackers can steal passwords

  

free ebooks ==> www.ebook777.com

  and break in much more easily. In this section, I’ll first go over how and why you should choose a good password, then talk about other important ways to maintain secure logins.

  So how do you choose a good password? Well first, it’s probably better if you know what threat you are up against. The greater the ability of the hacker, the more complex your password needs to be to avoid a hack. To crack passwords, hackers use powerful computers that can test sometimes billions of passwords per second. Because they go through a huge number of records per second, common passwords will be easily guessed.

  To make a strong password, don’t use any combination of words in the dictionary. Hackers have their own dictionaries of passwords that contain all sorts of combinations of dictionary words to crack passwords. The programs they use are powerful and quite clever. If you use anything that has any sort of meaning, they can usually crack it pretty easily. Sometimes people think that if they use a clever placement of numbers or special characters they can be secure. However passwords like “passw0rd” or “s3cr3t” are easily understood by password cracking programs and are highly insecure.

  Using easy-to-find personal information in a password is another common mistake people make. For example, including a zip code, or a name of someone close in the password. Skilled hackers sometimes do background checks on their targets, and can feed such personal information into the password cracking program, thus making that kind of password insecure. It’s not too hard for a criminal to do a background check on you, especially with the advent of social networking sites like Facebook; so, it is not unlikely even if you are not a high profile target. Furthermore, someone who knows you and doesn’t like you will find it easier to guess your password. And while we are talking about unsecured personal information, it is also worth mentioning that you should choose very obscure security questions so that someone close who does not like you cannot reset your password on you. In that same line, if you find someone asking you what your mother’s maiden name is for no apparent reason, take note, and don’t give it to them.

  Another good practice in password security is to keep your password at least 8 letters long, and use an assortment of lowercase and capital letters, and perhaps some punctuation. Ten characters is even better. Obviously the shorter the password, the easier it is to guess, or crack by a massive brute-force hacking attempt. Furthermore, by adding in just capital letters you exponentially decrease the probability of your password being guessed. free ebooks ==> www.ebook777.com

  Those are the major guidelines for choosing a password. Unfortunately, in addition to making a password hard to guess, following these criteria can also make it difficult to remember your password. So how can you choose a memorable password that is still secure? One popular technique today is to come up with a memorable sentence and take the first letter and punctuation of each word in it. For example, “My best friend, John, read a book on cyber security”. Taking the first word and punctuation yields a password “Mbf,J,rabocs”. It’s a lot easier to remember the sentence “My best friend, John, read a book on cyber security” than it is to remember “Mbf,J,rabocs”. And a password like that is random enough that a computer will have a very difficult time finding it. To recap, here are the rules for secure password generation:

  1. At least 8-10 characters long

  2. NO words that are contained in the dictionary

  3. Substituting special characters for letters, and similar tricks doesn’t really help

  4. No personal information

  5. If the password’s meaning is anything but extremely obscure, it is not as secure as it could be Ok, so now you know about choosing a good password. But one good password isn’t enough. You need to have a different password for the most important logins you have, like email and bank accounts. Why? Because if any of your accounts that use the same password are compromised, all are at risk. There are a number of ways this can happen, and each is quite problematic.

  One way hackers can get ahold of your password is by physically stealing a login server from a website you use. (A server, by the way, is just a computer with special software that allows it to run a website.) Alternatively, they could also create a virus that could digitally steal the files from the site as well. Either way, the hacker gets ahold of a list of users, along with their email addresses and passwords used for logging in. Usually the passwords will be encrypted, but if anyone is using a weak password, the encryption will likely be broken, and the password discovered. Unfortunately, these same people with weak passwords probably are not very security conscious, and so likely use the same password on other sites as well. The hacker then tries to log into the person’s email

  

free ebooks ==> www.ebook777.com

  account with the password he discovered, and if the passwords for both accounts are the same, the hacker can successfully take over the email.

  Another reason to make sure you don’t reuse the same password across multiple sites is because you don’t know what the website will do with your information. They may immediately encrypt it as they should, never looking at your password, or they may store it in their own personal database and promptly try and log in to your email with it. It may seem like a reputable site, but it is quite possible that it is simply a scam to get your log-in information.