Security

The Internet is a wonderful place, but there are nasty things out there. Computer viruses make front page news, but the most dangerous thread to you is yourself. Many people are ignorant of the dangers and don't even do the simple things that could protect them from becoming victims.

Here are some simple tips to protect yourself.

Leaving the key in the door

Do you leave your key in the door so that you don't have to find it when you want to unlock the door? What do you say to people who suggest that you let them hold onto your key for the same reason?

Browsers and other programs are offering to remember passwords for you - just say no! Firstly, the passwords are stored somewhere well known and in an insecure form. It is very easy for another program to steal the passwords. Secondly, the person who says "yes" is being lulled into a false sense of security.

Paper chains

Would you chain up a bike with a paper chain, or leave your front door key hanging near the front door?

If you are using a password, use a good one. We have all heard the rules about not using your date of birth or spouse's name as a password. That was in the old days when people would try to guess your password. These days, computers do the dirty work. They can try many ways of guessing your password in a very short space of time. Don't use a real word, because cracking programs can easily try every word in the dictionary in a few minutes. Don't rely on tricks like changing 'o' to zero and 'i' to ones in the word, everyone knows those tricks and the cracking programs do too. Don't use short passwords, cracking programs can try every combination of letters in minutes or hours - the longer the better. Don't use just letters and numbers for the same reason.

It is not as bad as it seems, because password cracking are often prevented by other security mechanisms. However, you shouldn't blindly assume those mechanisms are present. Also, you should develop the habit of using good passwords.

Walking down dark alleys

If you had a choice, between going through a potentially dangerous place (where many incidents have occured in the past) and going via a safer place, which would you choose?

Nearly all email viruses target Microsoft Outlook and Outlook Express. It is a popular target because it has many security flaws and is widely used. Taking the simple step of using a different email program will greatly reduce your risk of becoming a victim (and propagator to your friends) of email viruses.

There are many excellent alternative email programs you can use. Some browsers (such as Mozilla and Opera) come with email clients. You can read email in emacs using vm or gnus. There are standalong programs like Eudora and Ximin.

Storing valuables in a see through bag

Would you walk down the street to the bank carrying a lot of money in a clear plastic bag?

Protocols like ftp and telnet were created in an era where security didn't matter. They send your password across the network in the clear - for any snooper to see and steal. You might be able to get away with it if no one happens to be looking, but if they were looking then it will be there for all the world to see.

Use secure protocols like Secure SHell (SSH). The only exception would be when security doesn't matter (such as when you are doing an anonymous ftp). The mail protocols, IMAP and POP3, are also insecure: they should be run across a secure transport like SSL or SSH tunnelling.

Ignorance is bliss

The more valuable the asset and greater the risk, the more security measures need to be taken. However, that does not mean you should be lax with trivial things, because you are developing skills and habits. If you get used to driving on lonely country roads without habitually checking your mirrors and reading signs, you're going to be in trouble on a busy city freeway. Practice defensive computing, because one day it is going to really matter.