Security Corner

Nov 30 2014   2:46AM GMT

The 15th Golden Rule of computer security

Ken Harthun Ken Harthun Profile: Ken Harthun

tips and tricks

14goldenIn 2009, I published 14 Golden Rules of Computer Security as a downloadable eBook. It was quite popular and I have decided to bring it up to date and re-release it sometime next month (December 2014). If you aren’t familiar with those rules, here’s an excerpt from my August 31, 2009 posting (note that these are broad statements and the book goes into much greater detail):

#1: The best security measures are completely useless if you invite attackers into your PCs or networks. 
#2: A first, important step in securing your PC is to install  and configure a NAT router. 
#3: Always change the default username and password of any configurable device you put on your home network. 
#4: Use an un-guessable, or difficult-to-guess password always. 
#5: A vital part of PC security is keeping up with software patches for ALL of the software on your system, not just the operating system. Where it is available, use the software’s automatic updates feature. 
#6: Always disable any message preview or auto-open features in your e-mail client. View messages as text-only until you know they are safe. 
#7: If you store sensitive information on a PC or laptop, even if it’s only personal information, encrypt the 
folders or drives where the information is stored and use an un-guessable passphrase as  the encryption key. 
#8: Physical security is  almost as important as data security. Make it as difficult as possible through any 
physical means for a thief to steal your hardware. Rules of thumb: Lock it up and lock it down; out of sight, out of mind. 
#9: When surfing the web, testing unknown programs, or engaging in other activities with the potential to harm your computer, use a sandbox or virtual machine to protect your base system from harm. 
#10: When using external removable media for backups, either encrypt the backup files or make sure the media is taken offline after the backup has been completed. 
#11 Never enter sensitive information into any web page unless you have verified that the information is being sent over a secure connection signified by https:// in the address bar and a lock icon in the browser’s status bar. 
#12: Once a PC is infected with malware, you can’t trust it. The only way to restore trust is to wipe the hard drive clean and reload the operating system.
#13: When it comes to securing a WiFi network, the only way is WPA. 
#14: If your email address will be visible to the public, obfuscate it.

Now, for the 15th Golden Rule. I have noticed when cleaning off adware and potentially unwanted programs (PUPS) from computers that many of these programs open browser windows (phone home) and try to talk you out of uninstalling their junk or try to scare you into buying it (this usually happens with the junk “cleaner” and “backup” programs). So, here’s the new rule:

Golden Rule #15 – Before cleaning adware and potentially unwanted programs (PUPS) from any computer, disconnect from the internet to prevent the program from phoning home.

The new rule will appear in the new edition of the eBook: 15 Golden Rules of Computer Security which will also be revised to include some additional advice and more detailed information on each of the rules.

Follow Ken Harthun on Twitter
Follow me on Twitter

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: