Essential Security

Protecting your data has never been more important. We are under almost constant attack from all directions. The good news is that it doesn’t have to be difficult. It doesn’t even have to cost you anything.

This page is a work in progress, and published only for interest at the moment. Much more work required before it’s actually useful for anything. In the meantime, comments and suggestions are invited.

Below is a quick summary. I’ll expand each section into a full page of suggestions, instructions and walk-throughs when I have a little more time.

Use Proper Passwords!

Obviously the very core of any security infratructure, and yet so often treated with disdain. Adhere to the golden rules and you’ll be reasonably safe:

  1. NEVER use a password in more than one place. Every site or service needs a unique one.
  2. Don’t use any proper nouns, or in fact any word that can be found in a dictionary.
  3. Mix upper and lower case with numbers and (where possible) symbols.
  4. Longer = Stronger. A seven-character password (depending on used characters) is EIGHTY TIMES stronger than a six-character one. Six should be considered the absolute minimum for low-security applications (personal webmail, perhaps?) , and eight or more for anything more serious. High-security stuff should have an extremely crappy-looking password of twenty characters or more.

If you register on this site, you’ll be emailed a password – another example of a good one for personal use.

Steve Gibson’s password generator page is a good source of random rubbish for these things.

One problem, of course, is that you’ve now got 732 ultra-secure passwords you have no hope of remembering, and common sense tells you not to keep them in a file on your USB key. Now what? Have a look at Ken’s password generator, which takes the brain-strain out of trying to come up with random rubbish, and also means you never have to remember them or write them down!

Use decent DNS servers

This really is one of the first lines of defence. Make sure you’re using OpenDNS. This protects you against DNS cache-poisoning and common phishing attacks. This is really easy to do, and is a quick win, so if the button below doesn’t say “you’re using OpenDNS”, then now is a very good time to press it. Don’t be scared! There’s a “Getting Started” link right on the home page that’ll walk you through it all. Once you’re set up properly, the button on this page (when refreshed) should change to confirm.

Use OpenDNS

TrueCrypt

Encrypt your Hard Disk

Next, TrueCrypt. Use it to secure your entire PC hard drive – absolutely essential if you work on a laptop. This won’t stop you losing it, but at least your data won’t escape. Also use it to secure the contents of your removable drives and USB keys. (TODO note: add a simple how-to, with links to the TC documentation)

Browse Safely

I’m astonished by the number of people who still aren’t aware that your privacy (and in fact your entire computer) can be compromised simply by visiting websites, if adequate precautions haven’t been taken. You only have to be infected once and things will just cascade out of control from there. Take back the web!

  1. Switch to FireFox.
  2. Install the NoScript, SiteAdvisor and AdBlockPlus plugins.
  3. Don’t allow scripting for a site unless you implicity trust it.
  4. When in doubt, use a sandbox.

(TODO note: images & links for everything)

Secure your Email

This can be a bit of a trial, especially in the home environment. Email communication, by default, is not secure. Messages (and even login information, which is really scary!) are sent over the internet as plain text, and anybody “sniffing” your connection can read the stuff (and steal your identity) with trivial effort. But there are some ways to tighten things up:

  1. Secure WebMail
    If you use public webmail services such as GMail, Yahoo, etc., or in fact any webmail service, force the session to run over an SSL connection. This is as easy as adding an “s” to the URL. So for example instead of working through http://mail.google.com use https://mail.google.com and that’s all there is to it. The conversation between you and the webmail server is now encrypted, removing one possible interception point.
  2. Secure Client Software
    This one is a little trickier. Most (if not all) email clients allow the option of connecting to servers securely. Find and enable that option, then check that it works (your mail server also needs to be set up to allow it).
  3. Sign & Encrypt your email
    Now moving into the realms of techno-wizardry! By installing GPG (Gnu Privacy Guard) and integrating it with your email client, you can electronically sign messages. People you have shared your public key with can use this to check that the message did in fact originate from you. Then take it a step further and use the keys to encrypt messages, giving you complete end-to-end protection as the emails remain encrypted for thier entire journey across the internet. (TODO note: a how-to is definately needed for this one!)

Do your bit to limit SPAM

There’s an article on how to do this over here: http://blog.pembi.net/help-stop-the-spread-of-spam

PHORM

Link from your social page:
  • Facebook
  • MySpace
  • Twitter
  • Google Bookmarks