The Average Joe Guide to Understanding those computer things

Cost-saving technology options heard by county

2010-05-28T06:03:00.000-07:00

IT-related service changes could save $47,000 annually

By Wendy Zook, wzook@altoonamirror.com
POSTED: May 27, 2010 on www.altoonamirror.com

BEDFORD Changes to information technology-related services in Bedford County could result in nearly $50,000 in savings, commissioners learned Tuesday.

Clyde Zimmerman, president of FiberCom Inc. of Woodbury, presented findings from three months of research into three companies that provide services to the county Century Link, INFOCON and PC Works.

Century Link handles phone and Internet services to the courthouse and jail as well as emergency lines for elevators, fire alarm panels and power fail lines.

INFOCON handles data storage and recovery for several courthouse departments, including the prothonotary's office, register and recorder and tax assessment office.

PC Works is an outsourced company that handles technology troubleshooting and assistance.

Zimmerman's suggestions included a new long distance plan with Century Link that would save about $2,600 a year as well as eliminating WiFi in the public squares of the borough, for a savings of $1,320 a year.

With INFOCON, Zimmerman suggested moving data storage to a site in-house on a county server, already available from the recently-completed reassessment project, for a savings of $26,542 a year.

Zimmerman also suggested re-negotiating the current PC Works contract and signing a five-year plan with the company for a savings of $10,700 a year.

Zimmerman said he was in contact with department heads to get their opinions on the three services while doing his research.

"We've asked and asked and asked for feedback," Zimmerman said. "We got some and worked through those."

David Cubbison, director of Emergency Services, said that while he liked the idea of moving some services in-house, the cost is the most important issue for him as a department head.

"I'm looking at the bottom line," Cubbison said. "I'm just looking at the numbers."

Commissioner Steve Howsare said he was not too surprised by the amount of savings and was anxious to get that money to the county, especially in light of an unexpected budget shortfall made public this week.

"I plan on trying to get them passed next week," Howsare said of the proposed changes. "I'm interested in getting the money."

Securing Wireless Networks

2010-05-10T07:47:00.000-07:00

Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information.

How do wireless networks work?

As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area.

Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an internet connection. This provides a "hotspot" that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID.

What security threats are associated with wireless networks?

Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.

What can you do to minimize the risks to your wireless network?

• Change default passwords - Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Changing default passwords makes it harder for attackers to take control of the device.

• Restrict access - Only allow authorized users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network.

• Encrypt the data on your network - WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data.

• Protect your SSID - To avoid outsiders easily accessing your network, avoid publicizing your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess.

• Install a firewall - While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall and host-based firewall will add a layer of protection to the data on your computer.

• Maintain anti-virus software - You can reduce the damage attackers may be able to inflict on your network and wireless computer by installing anti-virus software and keeping your virus definitions up to date. Many of these programs also have additional features that may protect against or detect spyware and Trojan horses.

Produced by US-CERT, a government organization

Password Security

2010-01-28T12:39:00.000-08:00

According to a 2006 University of Maryland study, computers connected to the Internet are attacked by hackers every 39 seconds. If you think your computer is immune, think again. Remember, the internet has no border lines. One of the easiest things to do to minimize your risk is to implement a better password practice.

Replace System Default Passwords:
Intruders exploit system default passwords that have not been changed since installation. Be sure to change all default passwords on computer systems and networking equipment prior to deployment.

Difficult to guess Passwords:
Forget about those weird passwords that are difficult for you to remember; just use a “Pass Phrase.”

Pass Phrases:
A much better way for choosing a password is to choose an easy-to-remember phrase, such as "My pet goldfish is 2 years old". Most computer systems will allow for this length and complexity for passwords. Variations of this may include using the first letters to form a password or add some punctuation or mix case letters. Example passwords might be: Mpgfi2yo or MyPetGoldfishIs2YearsOld. (Please DO NOT use these samples for your password.) These passwords should be easy for you to remember but almost impossible to crack.

Use Multiple Passwords/Phrases:
Use completely different password/phrase to connect to your company’s network than you would for your eBay account. This increases the distance between your eBay account and your company accounting information.

Change them frequently:
Other than being a nuisance for you, this is a great way to keep your information secure. Change them every 30 to 90 days.

Do not document your Passwords:
Do not leave any clear text username/password information in files on any system. This also means, do not have a file on your computer, especially named Passwords, with a list of your usernames and passwords in it. Post-it notes stuck to the monitor is also a bad idea.

Enforcing strict password security is one of the easiest ways to keep your data secure. It’s not the only answer, but it is a great start. Please take a couple of minutes and go to the National Cyber Security Alliance website and take a little quiz. http://staysafeonline.org/content/self-assessment-quiz.html; this will help you quickly and confidentially see how vulnerable you or your organization may be. Once you finish this quiz, you may need to get professional help to implement some security steps.

Computer Security in the Workplace

2009-12-03T13:46:00.001-08:00

Any time employees are allowed access to the web and e-mail, your organization is at risk. Accidental misuse and intentional abuse can create costly and time-consuming legal, regulatory, security and productivity headaches for employers of all sizes and in all industries. Developing and implementing effective Web and e-mail use and security strategies are essential for any business, but it's not always a simple process.

Viruses have been around for more than 20 years. Originally, they were intended to harm or destroy the contents of your hard drive, corrupt your spreadsheet, or display a message. Today, you don’t hear much about this type of virus. Such cyber-vandalism has given way to more lucrative exploits and the threats are no less real today. Now they are low-profile, well-targeted, and more likely to be about making cash than creating chaos.

More commonly today are viruses which don’t cause any apparent damage or announce their presence at all. Instead, a virus might silently install a keystroke logger, which waits until the victim visits a banking website and then records the user’s account details and password, and forwards them to a hacker via the internet. The hacker can then use these details to clone credit cards or plunder bank accounts. The victim isn’t even aware that the computer has been infected. Once the virus has done its job, it may delete itself altogether to avoid detection.

Much of the computer industry has focused on the bad guy and all of the 200,000+ known viruses. It’s not clear where future threats will come from, or how serious they will be. What is clear is that whenever there is an opportunity for financial gain, hackers and criminals will attempt to access and misuse data. Will this ever stop? It won’t!

As I see it, you have two choices. Unplug the computer from the wall and go back to the way things were done only a few short decades ago; or get a handle on your company’s vulnerabilities, patch the holes and educate your employees. Hopefully, no one picked choice number one. Therefore, this is what you need to do to drastically reduce the chances of a virus, Trojan horse, worm or spyware from destroying your company’s assets and possibly leaking your confidential customer data, thus ruining your business.

One: Use anti-virus software. Sure, you can download the free ones. But you get what you pay for. Good anti-virus software will automatically keep itself up to date with all of the latest virus definitions. Don’t skimp on this. Make sure every server and computer that is connected to your network is also running anti-virus software with current virus definitions installed.

Two: Run email filtering software at your email gateway to eliminate most, if not all, of the emails that are the major carrier of viruses, SPAM. I am a strong advocate of having email filtered by a third-party before it evens gets to the mail gateway. All of my email gets filtered, off site, before it is sent to me; what a great service! I don’t waste time reviewing email that I’m going to delete anyway. Besides, my inbox is cluttered enough with emails that I do need to read.

Three: Never install a program without first checking with your IT people. If you don’t have IT people you can count on then stick with software that was purchased from a reputable source.

Four: Use a firewall for every computer that is connected to the internet, especially your servers. Windows Firewall comes with every Windows XP and Vista operating system. There are some others that work equally as well, but I use Windows Firewall.

Five: Keep all of your computers and servers up to date with the latest patches. A great majority of the patches plug the holes in security vulnerabilities.

Six: Back up your data frequently. The rule of thumb is your backup frequency should be equal to your pain threshold. If your business can’t survive without today’s updates, then you better backup every night.

Seven: Your biggest security risk is sitting 12 inches away from the keyboard. Yes, that’s right, your employees. They are the ones that will be inviting the keystroke loggers and Trojan horses in, usually without even knowing they are doing so. Therefore you need to, 1) Train them of the vulnerabilities; 2) Tell them what is expected of them - this is usually done through a written “Acceptable Use Policy” for email, Internet & Fax use; and 3) Run network traffic audits to insure compliance with your AUP on a regular basis.

Just remember, because you have all of these things in place, doesn’t mean you are 100% safe. Security in the workplace is every employee’s job. They may just not know it.

Questions about security and viruses on Facebook

2009-11-02T10:25:00.000-08:00

Contributing Editor:
Art Costigan
Information Security Analyst
Global Network Security Consultants, LLC

This question was asked from a client about Facebook security and viruses.

Q: I was on Facebook trying to locate a picture for one of our Chamber Board members who was hard to get ahold of to take the physical picture. While I was on there trying to locate him, a program/virus called Cyber Security came popping up and has been popping up automatically ever since and I can't delete this. I have contacted our PC Works Plus on this issue and they told me that this is a virus from Facebook. How could this happen and isn't Facebook a safe place to be?

Art Costigan wrote this reply:
These viruses are spread via Facebook because of the way Facebook is designed. In reality, Facebook is not actually infected. Facebook is simply the vector through which the infection speads. The associated link will take you to the infected file, which in turn, infects your computer. The reason this method is so effective is that Facebook is really just one big "click here to see more" button. The virus writers count on people clicking on links out of curiosity.

Now for the part that always gets me in trouble. The big question people ask is "Why did my friend post this nasty link on my wall or email me this virus-laden link"? The answer is they really didn’t, but they were partly responsible. Facebook friends actually "sell out" their friends by loading those fun applications. We talked about this problem at our Tweetup. Most people don't realize that when they load one of those fun applications, they not only share their own personal information with the maker of the application, but all their friend's information as well. It would be like a friend handing over a journal or diary to a complete stranger who promised them some “free" online fun.

Inevitably the next question always is “How can they get access to that personal information?” The answer is they can’t, without permission. However, when someone loads the Facebook application, by doing so, they give permission. How many times do people read all the legalese and disclaimers before clicking "OK" before installing software? The legalese gives the application writers permission to collect information about the users of the software, and in most cases that includes all the information about the user’s friends. Most people don't realize this.

So, everything falls into place. Virus writers know Facebook users are willing to load untested software with the promise of fun and in the process they collect millions of names and relationships. They also know about 75% of home computers are patched correctly and do not use antivirus software or use ineffective outdated software. Thus, a simple “click here” can instantly hijack a computer and steal the personal information of millions of people.
The only way to protect against these viruses is to set your security settings in Facebook to prevent anyone from posting anything to your Wall and uninstall all applications and games. In reality, we all know that’s not going to happen.

The good news is today's antivirus products do a good job of stopping the spread of these malicious programs. The key is keeping the antivirus software up to date.

The best advice I can offer is:
1. Purchase a good antivirus program and keep it up to date. However, beware of the many fake and malicious antivirus programs and update programs that are for sale on the Internet. Never just click on a link out of curiosity.
2. Patch your computer regularly with Microsoft’s Security Programs.
3. Never use Facebook applications that are written by third-parties.
4. Never load or post any personal information you are unwilling to share with complete strangers.
5. If you ever suspect anything is strange on your Facebook, just delete it off your wall without looking at it.

I hope this sheds a little more light on a problem that millions face each day.

Computer Security in the Workplace

2009-10-30T08:13:00.000-07:00

How to discard those older computers

2009-10-16T10:35:00.000-07:00

It has been reported that every 79 seconds a thief hacks into a computer, steals a victim's identity, and then goes on a buying spree. A federal survey revealed that one in four households is victimized by some sort of identity theft. Cyber-criminals target sold, donated, and discarded computers because of the amount of personal information that they can easily uncover. Your personal computer from home is one thing, but how about those old computers from your business? How much more data is on them about your customers?

Two MIT graduate students uncovered mountains of private data on discarded computer disk drives as reported in January 15, 2003. “Discarded computers, even those with erased disk drives, may harbor confidential information such as credit card numbers and medical records.” These students purchased 158 used disk drives on eBay and other sources and “found more than 5,000 credit card numbers, personal and corporate financial records, numerous medical records, and gigabytes of personal email and pornography.” Of all 158 disk drives purchased, only 12 were properly sanitized. You can read the whole article at http://web.mit.edu/newsoffice/2003/diskdrives.html.

I don’t know about you, but I’m planning on wiping my hard drive clean before I give my older computer to charity. To do so, you need to take precautions to insure all of your sensitive data is properly removed. If you haven't deleted your personal information, you could try and locate a nonprofit or school-based refurbisher. Most of these organizations routinely wipe hard drives and reinstall new operating systems. Simply ask them if they do this and what level of data security they provide. A good first place to check for a list of such nonprofit refurbishers is the Microsoft Authorized Refurbisher Program at www.mar.partners.extranet.microsoft.com.

If you clean your computer of personal information yourself, it's best to use some disk cleaning software to delete your Internet browser's cache, cookies, history, your e-mail contacts and messages, your documents, emptying your recycle or trash folder, and deleting non-transferable software. A disk cleaning utility overwrites data so that is unrecoverable. There are some excellent tools on the market today to do such work. A good place to start looking for these tools is at www.download.com. Once there, type in “disk wipe” in the search field. The search returns dozens of utilities to remove your sensitive personal data from your computer. Many of the products are free or little cost.

If your business is replacing a number of computers, you might want to look into purchasing software from a company such as White Canyon at www.whitecanyon.com. They have DoD approved products specifically for doing this type of work. Look at the WipeDrive and WipeDrive PRO products. Another such place on the web to look is at www.killdisk.com. They have a free version that will work for most of us and a Professional version for you “agency” type folks.

So, don’t leave that old computer sitting in a closet and worse yet, don’t be throwing it in the dumpster at work. There are materials in computers that you won’t want in the ground water. Please consider giving your older computer to charity and “give the gift that keeps on computing.”

How do I keep spam and spyware from driving me crazy?

2009-09-28T18:38:00.000-07:00

Spam anyone? Do you feel like you are getting more and more e-mail from unwanted sources every day? Unwanted commercial e-mail, otherwise known as spam, can be an annoying, costly and time-consuming problem for many people. Here are 6 steps to minimize or reduce spam in your email inbox.

1. Employ a hosted spam service – In a business environment, you may have to subscribe to a spam filtering service which will clean your e-mail before it comes to your inbox with a high degree of accuracy.

2. Use tools to help prevent spam - Learn about tools that can filter or tag spam before it fills your e-mail inbox. Many of these filters are provided by your internet service provider (ISP) or by the web-based mail host that you use. (Atlantic BB, Verizon, Yahoo, MSN, Gmail, Hotmail, AOL to name a few)

3. Use a unique e-mail address - Pick an address that is hard for spammers to guess and easy for you to remember. Also, if chatting online, use a unique screen name that is not associated with your e-mail address.

4. Use multiple e-mail addresses - Consider creating separate addresses or accounts that can be used for online purchases, chat rooms and other public postings.

5. Check the privacy policy when you submit your address to a Web site - Always be familiar with a Web site's privacy policy before submitting any information.

6. If it sounds too good to be true, - it probably is. Fraudsters, scammers, and crooks take advantage of people via unwanted e-mail. Never respond to those get rich quick emails.

As for spyware, is it really a problem or just annoyance?

Symptoms of spyware on your computer are, but not limited to:
• Unwanted ads popping up
• Default home page changes on your internet browser
• Programs being added to your system tray
• Computer acts sluggish or unstable

How does one usually get spyware on their PC?

First and foremost, they are installed by the unsuspecting person using the computer. Spyware can come to you through: e-mail, Web downloads or by bundling themselves with other software you install. These programs are often extremely difficult to find, uninstall or disable.

Prevention is the key to protecting yourself from spyware. If you have recently cleaned your computer of unwanted spyware, review the tips below to keep it that way. While these tips will help you prevent spyware, they are also examples of good habits that will help protect your privacy and security while online.

1. Be skeptical about installing strange or free software - Make sure you know what EXACTLY is being installed onto your computer when you download applications off the Internet.

2. Pay attention to security warnings - You should not blindly accept "Active-X" software installations and be sure you trust the company installing the software.

3. Practice basic computer security hygiene
o Always use Anti-virus software - And keep the software up to date. Over 500 new viruses are discovered each month. You are not just protecting yourself when using virus software, but also others you communicate with.
o Always use a firewall - A firewall is an "internal lock" for information on your computer. Many computer operating systems already have firewalls installed; you just have to turn them on.
o Keep your software up to date - You should always make sure that the software on your computer is up to date with the latest security patches.

4. Read the website Privacy statement - Although sometimes very lengthy, the privacy policy describes what information the business collects about you and how it is used.

5. Use Tools to remove spyware - Learn about tools that can remove spyware if you think it may have been installed on your computer.