Navigate:
Table of Contents

Lessons:
Introduction
Keeping Up
Talk to Friends
Blogs and Comics
Online Radio
Share your Stuff
Wikis
Games
Make Stuff

Stay safe! Read my Smart Computer Security eBook.

Tip Jar:
Help keep this site running! Donations greatly appreciated.

There's a lot to talk about when it comes to security. In general, security takes more time than you want, but probably less than you think. It's also important to be security-conscious—keep security issues in the back of your mind as you use computers, without obssessing over every page you visit.

There are many aspects of security, which you can think about like earning belts in martial arts. You may already be somewhat accomplished in certain aspects of all the belts, but you don't earn a belt until you've mastered that level.

Much thanks to Bill Taylor at Boldon IT Solutions for the inspiration and structure for this lesson.

Seven Levels of Preparedness

  1. White Belt — Information Protection — Do you have any sensitive information on your computer or the web? By "sensitive," I mean of use to anyone trying to steal from you (social security number, bank account numbers, etc.). If so, can you delete that information? If not, can you move it to a safer place, like a removable disk?
  2. Yellow Belt — Physical Security — Who physically sits down at your computer? What can they potentially access of yours? If you own a laptop, do you take it with you? If that laptop were stolen, what would a thief find on it? The same applies to devices like personal organizers and cel phones.
  3. Orange Belt — Passwords — Do you have to enter a password to use your computer? If not, would you be willing to have one? What other passwords do you use? How frequently do you change them? How strong are they? (See the "Password Strength" section below.)
  4. Green Belt — Update Your Software — Do you update Windows whenever you're told? If you use non-Microsoft software, how often do you check for updates? Searching the web for the name of the software will take you to the product's homepage, where you can look for updates.
  5. Blue Belt — Anti-Malware Software — Do you run a virus scanner? Do you switch it off (or "disable" it)? How often do you update it?
  6. Brown Belt — Internet Security — Do you run a firewall (software or hardware that filters internet data to stop hack attempts)? If you have a wireless internet connection, is it password-protected (if you want to restrict its use)? If so, how strong is the password?
  7. Black Belt — Preparing For Disaster — Do you have backups? If your computer crashed, losing all its data, how would you recover? Can you reset your computer from scratch, including the operating system (Windows or Mac) and all your software and data? If not, do you know someone who can?

The above list may have scared you a bit! You may not be as prepared as you'd like to be. That's okay; almost nobody is. I have a very rigorous system, which I detail at the end of this section, and I still feel I'm not as protected as I'd like to be.

Things To Do

  1. On a piece of paper, list all the important information on your computer(s), including documents, account information, financial information, and software.
  2. List all the people who use your computer(s), and what they should or shouldn't have access to.
  3. List all the passwords you have for your computer and web sites.
  4. If any of your passwords are weak (see "Password Strength," below), change them.
  5. Review your list of important software. Search the web for any updates to that software.
  6. Do you run a virus scanner? One comes free with Windows XP and Vista. If you don't, good free virus scanners include AVG, Avast!, and ClamWin, which also scan for spyware (programs that look at your data, instead of just trying to damage it) and spam. If your virus scanner is off, turn it on and check its settings to see if it needs to be updated to the latest version.
  7. Check all those brochures and paperwork that came when your internet connection was set up, to see if your router (the hardware that you use to connect to the internet) has a firewall. If so, check its settings. If not, search the web for a good software firewall, and install one.
  8. If you have a wireless internet conection, check network settings to see if it's password-protected. (Even if you don't have to enter a password, it may be saved on your computer.) If it isn't, consider setting a strong password.
  9. Do you have backups of all your important data? If you only need to back up a relatively small amount of data, such as a few documents, you can burn them to a blank CD periodically. Otherwise, consider buying an inexpensive external hard drive (they can be had for less than $100), which you can plug into your computer, and drag-and-drop all your documents and files to. If you're on a Mac with the latest version of OS X, you can use Time Machine to do this automatically.

If you have any very important information, consider offsite storage, keeping a copy of it somewhere away from your home in case of a fire, flood, etc.

Password Strength

A strong password is one that's very hard to guess, like "R3a*spx-F50Q". A weak password is easy to guess, like "123" or your first name.

Here are the characteristics of a strong password:

Here's one good way to create a strong password:

  1. Pick a short phrase, such as "Seize the day!"
  2. Capitalize each word, making "Seize The Day!"
  3. Remove all spaces, making "SeizeTheDay!"
  4. Replace vowels with numbers, using 1 for i, 3 for e, and zero for o, making "S31z3Th3Day!"

My System

So, how much do you have to do? I'm slightly paranoid about security, so I've implemented a hefty set of policies and procedures. Here's what I do, just to give you an idea of what's feasible.

Passwords

I've grouped all my accounts into "classes." One class of accounts is for websites that store my credit card number; another class is for financial information. All logins in a particular class use the same password, so I only have to remember half a dozen different passwords (one for each class).

I keep all my passwords on a sheet of paper, which I keep locked in a fireproof safe. This is the only record, anywhere, of my passwords. If I create a new account somewhere, I add it to the sheet. The sheet is separated into several different areas, one for each class, listing the class name (such as "Credit Card Websites"), the password for that class, each site or service, and the username for that site or service.

I change all my passwords every six months, and all my passwords are strong.

Backups

I use an Apple Time Capsule wireless backup device, which uses Mac OS X's Time Machine software to automatically back up all changes to my files every hour onto the Time Capsule device. I also have two separate external hard drives in rotation, one stored in a separate physical location and the other stored in my studio. Once a week, I back up all my files to the local hard drive, then drive to the offsite location and swap drives.

I also have a spare drive on which I keep large movie files, documents downloaded from the internet, and other data that I don't want taking up space on my main computer, but I don't want to re-download. I also have many CD and DVD backups of various and sundry things.

In Addition...

I install operating system and software updates the day they're made available, or a few days later if the update changes certain major elements of my system and I want to watch the web to see if anyone else has problems.

I rarely stay logged in on any web site. I usually have to re-login every day, so the browser doesn't store my username and password.

The router that came with my internet connection has a firewall installed, and I've checked the firewall's settings thoroughly. It follows a strict security policy.

This page is Copyright 2008-2009 Brent P. Newhall. Please copy only for your own personal use.