Encryption, Network and Online Security – Part 2
This article is part two of a two part series on computer security. Part two features network security, online security, and encryption.
Encryption is a way of scrambling data and communications so only the owner, or the authorized sender and receiver, can read the data. Without the ‘encryption key’, which is usually just a password, the information is just jibberish. Encryption is a great way to protect sensitive data on your computer, such as personal documents, income tax software saved files, and other financial information from prying eyes.
The Ultimate or Enterprise editions of the Vista operating system from Microsoft comes with a built-in encryption tool called BitLocker. BitLocker uses a USB specially-formatted thumbdrive like a physical key to access your PC; plug it into a USB port and your PC will boot up, but if you ever lose it you will have no access to your data.
Mac OSX has a tool called FileVault that accomplishes the same task. It is included in OSX on all recent Macintosh computers.
If you don’t have a Mac or the high-end versions of Windows Vista you can still benefit from encryption technology. A free program called TrueCrypt – http://www.truecrypt.org/ – can accomplish almost any level of encryption you can imagine. It is not for the novice user but can be used by the average PC user after reading the well-organized tutorials on the TrueCrypt website. You can also use it to encrypt a USB thumbdrive or entire laptop so if it is lost or stolen you can rest assured that no data on it can ever be viewed without your password.
Almost all computer security threats come from the Internet via email or infected websites. Yes, infected websites. Unless your Internet Explorer, Firefox, Opera, etc web browser is updated you risk infecting your PC simply by viewing a specially-crafted website. There are a couple of tools to help you avoid many websites known to be ‘bad’: SiteAdvisor and AVG Link Scanner. Both of these tools, once installed on your system, display icons that tell you if a website is known to have dangerous file downloads, spam you after submitting your email address, or link to other ‘bad’ sites, etc.
McAfee Site Advisor: http://www.siteadvisor.com/
If you don’t have a wireless network (Wi-Fi) for you home or office then your network security is probably pretty good. Either way, the primary piece of equipment you need is a firewall. A firewall is basically a software or hardware tool that manages the flow of data on your network to keep out unwanted people from snooping around. It’s akin to a doorman at a hotel who only lets in known guests and legitimate visitors. Sometimes the cable or DSL modem you get from your ISP (Comcast, Verizon, RCN, etc) has a firewall built-in. If not, you should consider buying a basic wireless router with a firewall such as this quality piece from Linksys that also includes Wi-Fi: http://tinyurl.com/2stetu.
Once you have a wireless network, though, you have to secure it. The fastest way to secure a wireless network is to password-protect it with an encryption key. There are several methods for encrypting/securing wireless networks and not all are very good at it. The old way is with a technique called WEP (Wired Equivalent Privacy) which can be broken in about 15 minutes by a knowledgeable individual. The better way is with a security standard called WAP2 (Wireless Application Protocol) which is still extremely difficult to break. When setting up your wireless network security, usually using a program included with the device that walks you through the setup, you can choose the type of security to use. Always use WPA2, if available.
Advanced methods for securing wireless networks include MAC filtering and hiding the SSID. If you have no idea what I just said then start with the basics and work up to this.
This article is part two of a two part series on computer security. The state of Massachusetts is currently reviewing regulations that would enforce strict new requirements on data security and the privacy of client data at many businesses across the state. The final requirements of the law, however, are still in flux. The MAR is watching the proposed regulations closely and will provide tools and resources to help you and your business comply. In the meantime, good security practices should be a part of everything you do online whether at home or in the office.