As you may recall this is Part Deux of my series.
You can find Part I The Hacker: Know Your Enemy, Know Yourself - here.
As you will recall from Part I, there are 4 Types of Hackers that we discussed:
1. Just For Fun
2. To Steal Something
3. The Hacktivist
4. The Disgruntled Employee
So, how can you defend yourself against these hackers?
 |
| ... you only have to outrun your slowest friend. |
I mean, that if you and your friends are being chased by a bear in the woods, you don't have to outrun the bear, you ONLY have to outrun your SLOWEST friend!
If you apply this idea to security, it can go a long way. What I mean is, you don't have to make your data so secure that nobody can get in, you just need to make it more secure than, well... your slowest friend. In security term the only way to really secure a computer system completely is to disconnect if from any network and don't allow any users to touch it. The most secure computer is one that is turned off. We know this is not possible, so we have to be able to use our systems but also protect them
Any system can be broken into given the proper amount of time and computer power. But most people don't have an unlimited supply of either one of those, so if at first you don't succeed? Try to break into an easier system. If a hacker just wants to try to grab some quick credit card data from your network, he or she will most likely try a few things to get in. When their initial efforts come up empty, the hacker will often give up try to see if it is easier somewhere else. Because unfortunately, there are more systems out there that are less secure. You just outran your slowest friend.
What about the Hacktivist and Disgruntled Employee?
There is no good way to protect your self against these types of attacks. First, you don't know when, why or how you will be attacked by either of these two groups. Also, a hacktivist or a disgruntled employee will usually not give up because it gets hard, although it certainly helps deter them. Most will continue, until they are satisfied they have inflected some kind of damage. So it is not so much about stopping this type of attack, but more about how to recover from an attack and that is not the focus of this blog. -- Sorry!Also, if you are being targeted by a type 2 hacker to steal some information specific to you, like the Target Data Breach, then they will try harder to get in. Know Yourself! What do you have that is worth stealing?
How do I outrun my slowest friend?
(or how to make my computer / network less attractive to hackers)
Here is a quick list of a few things you can do today to help protect yourself.If you cannot do these things yourself, ask a friendly IT person for some help. We usually respond well to bribes of alcohol, caffeine and sweets, not always in that order. Seriously, many "tech savvy" computer types can do these things, but if you still have problems contact a professional.
1. Changer your wireless router default passwords and network name. (all default passwords should be changed - routers, printers, thermostats, etc.)
- Don't use the default name and password that came with your AT&T / Comcast / Etc wireless router.
- If you have any other connected devices, thermostat, refrigerator, etc. Change the password.
 |
| WiFi Password: L@rryM03&Curly |
- You can still connect to your WiFi without telling the world it is there.
- If a hacker doesn't see "Dewey, Cheatem and Howe Attorneys at Law WiFi" screaming at him when he drives past looking for open networks he may not take the time to investigate more.
- If you need to offer free WiFi to customers or guest, than make sure it is secure, and not part of your actual network that you do business on. (IT person)
- I will do a separate blog just about Wireless Security
- Same principal as above.
- This one may take an IT person to help.. remember, the bribes mentioned above?
- Not even the one that promises to be a funny kitten video... just don't do it!
- Make it mandatory to change passwords often and try not to reuse your own passwords for multiple sites.
- Check www.haveibeenpawned.com to see if your information is contained in any of the data leaks they have.
- Try to make your passwords harder to crack by using https://password.kaspersky.com/
- I try to make my password take more than 7 days to crack with a standard computer, but for more sensetive information I try for the Century Mark or higher.
- * Password Tip * Take a sentence that only makes sense to you. "My kids are fun and we like to play catch in the yard on Saturdays." NOW, take the first letter from each word - MkRf&wl2pcityoS! You maybe able to see a few things I did there. Replacing are = R, and = &, to = 2. Just created a password that takes 4094 centuries with an average computer to crack.
- The recent WannaCry Ransomware outbreak is a good example of this.
- Like most anything, the software is only as good as it's updates.
- If you have not updated your Anti-Virus in a while, it might not be protecting you very well.
In closing, please be prepared. Start to think about security even if you are a one man shop, or a small business. Most people say, "Why would someone want to steal my information?" This is what the hacker wants you to think so you will let your guard down, or worse, never put a guard up.
I hope you have a better understanding of what is out there without being scared of your own shadow, but worried enough to take some action.
Next time we can discuss the ever popular... Ransomware!
References - Part I and Part II
Chaikivsky, A.
(2016, October 24). How to Keep Your Devices From Joining a Zombie
Botnet Army - Consumer Reports. Retrieved from
http://www.consumerreports.org/privacy/how-to-keep-your-devices-from-joining-a-zombie-botnet-army/
Munoz, M.
(2015, September 21). Cyber Security Case Study: Target Data Breach.
Retrieved from
http://www.cei.com/about-cei/media-room/blog/cyber-security-targets-2013-data-breach
Sunzi, & Giles, L. (2017). The art of war.
No comments:
Post a Comment