S. Lamar Barnett
407-900-6991

Top 10: To-Do's to Harden Against Internet Intruders

First, Some Observations

This shows about a 10-day window from my website's log.

What do you notice about this data?

HINT: There IS no actual admin account.

This one's pretty scary. What do you notice here?

What are possible next steps? You could:

The good news: in these types of exploits, built-in browser safeguards will protect you against most intrusions based on simply accessing a site. That's why the hacker wants you to click a link or hotspot, which will cause the actual intrusion.

The best answer is to close your browser if possible, otherwise simply shut down your other running programs and log out. When you log back in, you should be fine, though it's a good idea to run a virus scan.

Get over your wishful thinking that exploits aren't being attempted on your system!

1. Click wherever and whenever you want - after verifying the link.

  1. Think before you click!
  2. Never click on an email link to go to your bank or other locations that use personal information. Instead, go to the site by using your password database application or manually enter the address in your browser.
  3. Hyperlinks often don't show the actual domain your browser will open, only what the sender wants you to see. Use hover to see where you'll be taken.
  4. Use a review source client to see where hyperlinks will go - learn how to scan through/ignore the imbedded code.
  5. Use WOT or other similar products to see the safety rating of sites before you visit them.
    1. Hover over links before clicking on them to see the domain name you'd be going to.
    2. Allow WOT to provide feedback
    3. Use website scanning sites like Web Inspector to quickly scan a website.

2. Treat applications like tomato varieties.

  1. Investigate an application's reputation before downloading.
  2. Remove all unnecessary programs, including apps and extensions.
  3. Keep all apps and programs updated - preferably automatically.
  4. Routine backups are essential to survival in the event of ransomware!!!
    1. Keep your backups current and offline.
    2. Test your backups through trial restore cycles.
  5. Obtain, maintain, and schedule daily runs of good anti-malware
    1. Look at the options. Microsoft comes with their own flavor, there are lots of free and paid alternatives. Be sure if you install and activate another one to turn off and deactivate Microsoft.
    2. Assure it automatically runs daily - at LEAST every other day.
      1. Physically unplug the network cable or turn off WiFi for best protection, otherwise use the control panel settings to disable the network interface.
      2. It's not uncommon to leave your computer running overnight to run a scheduled backup and/or anti-mailware scan. If you do, before leaving it for the night, refresh the antivirus definitions, then disable the network interface (if you're not backing up to network location).

3. Your Passwords are locks on your valuables. Don't leave your diamonds in a shoebox.
(More secure usually means less convenient - get used to it.)

  1. ALWAYS change default/preset passwords immediately
  2. Longer passwords are safer. 12 characters is good, 16 better, 20 strong.
  3. Mix upper/lowercase, numbers, special characters.
  4. Don't rely on common cheats - they're easily predictable - 1 (one) for the letter L, 0 (zero) for the letter O, etc. These do help protect against shoulder surfers (if someone sees your password on your screen), but cracking programs that guess by brute force know to try these alternatives.
  5. NEVER use password iforgot or other simple common-word combinations.
  6. Use an online password complexity checker to teach yourself how to generate strong passwords manually (BUT NEVER ENTER PASSWORDS YOU INTEND TO ACTUALLY USE INTO SITES LIKE THIS - only similarly structured ones).
  7. Use a password management program like Keepass.

4. There are bargains online - if that CD doesn't end up costing $3000!

  1. Use credit cards instead of debit cards
  2. Don't wait until you're ready to submit:
      Javascript can forward your information before you click submit!
    1. Always assure you're on the right site by checking the domain or watching closely for notices indicating you'll be redirected.
    2. Always check for a secure connection (logging in as well as when you enter your cc information).
  3. Consider a service like Blur that will issue one-time credit card numbers for your purchases.

5. Speak LAN?

  1. Keep your home LAN safe.
    1. Don't think you have a home LAN? Think again!
    2. Change your default router and WiFi passwords - hackers can find the default online and log in.
    3. See recommendations for strong passwords
  2. Avoid Free WiFi or use VPN
    1. Set your phone and laptop when out and about to disable WiFi until you need it.
    2. Set your default network settings to NOT attach to known networks automatically.
    3. Verify the name of the WiFi hotspot with the enterprise before attaching (hackers often provide a hotspot, route your traffic, but in the process see what you send)
    4. Be aware that While some companies like AT&T provide automated connection to their free WiFi, it is NOT a secured or firewalled access.
  3. Use a DNS server that examines and blocks malicious sites and offers additional control.
    1. Comodo & openDNS are examples.

6. Don't become the little dutch boy.

  1. Microsoft isn't the only one providing Windows firewalls, e.g., Comodo.
  2. Load a firewall such as Lostnet Noroot Firewall or CIA Firewall on your Android.

7. TMI!!!

  1. Your friends already have your birthday. Don't put it online.
  2. Turn off GPS-associated postings, such as where you are at any given time, or where pictures are taken.
  3. No one needs to know where you graduated from high school or college, or if you think they should, be sure you never use this information as the answer to security questions.

8. Suspect the baker!

Apps, extension, and plugins you might download are prime targets for hackers. Sometimes hackers are able to hijack a perfectly good program and bake in their own code to compromise your system, so assure your anti-malware checks all downloads.

9. Join the party.

Signing up for membership or a login for a new site can be risky, since some site owners will sell your email address to spammers. You could just make up some email address, but most of the time, the site will send an email to the address you provide to verify your entry and complete your registration.

So What do you do? When required by a site to provide an email address that must be validated, use a service like Blur. You can obtain a unique email address from them to use. Plug in that email address for your registration. Then the Blur service will receive the email sent from the site and forward it to your inbox. If you start getting spammed, you can simply go to the Blur website and turn off email forwarding for that email address.

10. Why are states being forced to adopt no texting laws?

Because people will do the wrong thing and feel they're right to do so. Don't make the mistake of smugly ignoring these safe practices!

Appendix

Use hover

Hover over links and examine closely before clicking.

Web Inspector

Use a reputation checker for sites you're unsure of.

unsafe connection

Systems will warn of suspicious connections.


Copyright © 2018. All rights reserved.