Friday, September 9, 2005

My Interview - Geek Speak (Part 1 of 3)

Some topics covered include my career as a Network Security Consultant and tips to keep computers, businesses and home users safe online. I felt this section was very education for those of you that want to learn more about computer security and technology in general. I did my best to answer in the most simple and clear terms I could so that everyone could understand no matter what level of computer knowledge they hold. Let the Q and A session begin!


What one thing about computer security would you have computer users understand?

That technology is constantly changing and with that comes the constant need to protect yourself from the numerous amount of security issues facing computers today. It's important to stay informed about things such as viruses, software patches and spyware...but don't be too paranoid. Yes, the Internet can be a dangerous place, although for the average computer user, the chances that a hacker solely targets you is unlikely. A hacker is much more likely to go after a large corporation where the "pot of gold" on the other end is higher than the average Joe's home PC.

---------------------------------------------------------------

What is the most dangerous, or foolhardy, thing a person can do with their computer regarding security?

Use Windows straight out of the box. Ha-ha, tech joke that many probably won't get. Seriously though, connecting to the net without first turning on a firewall! Even the built-in Windows firewall is better than nothing. If you fail to turn on your firewall and connect to the net for the first time, literally within minutes you will be infected with MSBlast or another virus. That is just a fact and a scary one at that.

---------------------------------------------------------------

What is the first thing a person should get in the habit of doing to protect their computer?

There are a few things people should get into the habit of doing, but #1 would be to turn on your firewall. Then go to the Windows Update site and download/install the service packs and patches. Next I would install some anti-virus software (I like Norton AntiVirus) and allow it to run in the background to protect you. You may also want to install some anti-spyware software too (I like the free Ad-Aware SE). Lastly use good passwords for your router, Windows login, e-mail and any account you own. A good password should be at least 8 characters long and contain both upper and lower case letters, numbers and symbols. It also should not contain any words that could be found in a dictionary or could be easily tied to you - such as your spouse's name. The more random, the better.

---------------------------------------------------------------

Is it a good thing to have Windows automatically download updates?

Yes, definitely. By allowing Windows to automatically download updates, it saves you the hassle of going to their site and searching for new patches and fixes. Let your computer do the work for you. Then you can sit back and relax knowing your system is protected.

---------------------------------------------------------------

There are all kinds of tracking devices out there. Are there any dangers with these? What security level do you recommend with cookies?

Cookies get a bad rap. There are some "bad cookies", but most cookies aren't as harmful as the media plays them out to be. Basically a cookie just saves some preferences for you to speed up your surfing habits. For example, a cookie can hold your username and password for you on a message board. As long as you are the only person who uses that computer, then it's not a security concern. Most people don't realize that no matter where you go online, nearly every site tracks you to some extent. For the average user, I would suggest "medium" security level when it comes to cookies. You will find the option in IE by going to Internet Options and clicking on the Privacy tab.

---------------------------------------------------------------

What is a day in the life of a computer security consultant like?

It varies from day to day and depends on the client. Some clients require very basic security needs and routine work, while other clients request tighter security and are more demanding. No matter how big or small the client is, the initial consultation service is the same. I'll meet with them, listen to what their problems and needs are, then I'll give my advice on how I can help them. If they like what I have to say, then I will begin putting together a plan of what needs to be done, how often and of course the cost. After we reach an agreement, I get a contract signed and the job begins. What I do is quite different and much more involved than what a typical IT guy does. It is somewhat difficult to sum up or explain, but the best way I know how to say it is that I do reverse engineering. What that means is that I usually work from the outside in. A company may feel their network is secure, but they want to make certain, so they call on me. I will find their weaknesses and security holes for them before a hacker does. I find what needs to be secured or fixed and protect the company from a possible attack in the future. In some cases a company has already fallen victim to an attack, so I am called on to do the clean-up work and prevent a similar situation happening to the company again. Some days can be very stressful, especially when I work for the government. The best part is that everyday there is something new. I love to learn and "outsmart the bad guy". Technology always changes and for me, keeping up with it and ahead of hackers is a fun challenge. It's rewarding to know at the end of the day you may of helped protect a company from losing millions of dollars in damage. Better yet, that you help secure places like the Pentagon. Not too many people can say that at the end of a workday.

---------------------------------------------------------------

What do you consider the most interesting thing about what you do?

I guess if you are into technology at all, then alot of what I do may be interesting to people. For the average computer user, what I do is probably over their head and I don't mean to say that to sound rude, but it can be confusing and hard to explain to someone who isn't up on all the terms and things of that nature. I'm not sure if this is really "interesting" as much as it is "shocking", but the public would be surprised at what information government keeps on you. It's also surprising to work for some well respected businesses and colleges and find out that they are central servers for kiddie porn rings! It's very disturbing and not something you can just pull someone aside and let them know they are caught and give a reprimanding too. Other interesting/shocking things include the unwavering amount of trust even security companies have in terms of believing that they are "un-hackable". Let me make it clear that there is no such thing as 100% secure. I lost count at the number of businesses that "secure" the most sensitive data with default logins such as admin/password.

---------------------------------------------------------------

Since the "average hacker" goes after the pot of gold at the big corporations, should we be wary of doing financial business over the internet with our credit card companies and our banks? What precautions should we take with that?

Well I know many people do their banking and other financial business online. However, I don't. I guess when it comes to my banking, mutual funds, stocks, ect I like to do it the old fashion way. It's very sensitive data and being in the line of work that I am in, I have seen so many banks and stock broker agencies get compromised. It doesn't happen that often and usually when it does it only affects a rather small percentage of accounts. Still, one is too many for me to take the risk on. Yes, virtually all of that data is stored on computers somewhere, I just don't want to be punching in my assets from another computer increasing the risk of someone intercepting the information during a transaction. Now that's just me and perhaps I am a little paranoid and overly cautious so it's a personal decision everyone has to make on their own. The risks are slim, but there is always a risk so don't be fooled thinking 100% secure.

Now I do use PayPal for money transactions online such as purchasing something on eBay. I've bought products from numerous sites, both small and large companies and I have never had a problem with my credit card information being misused. I do pay close attention to my credit card and bank statements that I get in the mail and I suggest everyone keep in eye on those to detect any fraudulent use that may occur. It's a good habit to get into whether you pay bills online or offline because cyber criminals may be the new breed of "bad guy", but the good old fashion offline crook still exists too.

To keep safe, only shop with reputable businesses online. Even an online business should be listed with the BBB so if you have any doubt, check with them. Only enter personal information via a website that uses security certificates and encrypts their data. Never give your credit card or other personal information via an e-mail or IM. If you are asked to do that, be aware that you are probably being scammed. Get yourself a PayPal account. They are free , easy to use and widely accepted form of payment on just about every site.


---------------------------------------------------------------

Without getting too technical, what is the worst thing a virus can do? Since anti-virus software is not 100% effective, is there anything we should beware of contracting viruses?

A virus can do minor to major damage depending on what virus you have. Viruses can be as harmless as just changing your homepage in IE to a porn site or they can be as damaging in terms of erasing your entire hard drive or configuring your computer in a way that allows the hacker total control over your computer. A keylogger is another problem that many viruses carry. A keylogger collects every login (username/password) and every word you type. Some viruses can do so much damage that they can even cause problems with the hardware in your computer - changing the BIOS settings on your motherboard and literally frying your system.

To stay away from viruses, it's a good idea to not download any file online that you know little about. Adult websites and file sharing sites are notorious for being infected with viruses. Stick with reputable websites and only download software from sources you trust.

No comments:

Post a Comment