If you carefully check this safety overview, there's a good chance you can make data thieves shift their focus to easier targets.
Data thieves aren't always the black hat hackers who hide in dark rooms and continuously type on keyboards like in the movie "The Matrix." Some employees at data centers are troublemakers with the technical skills to deceive their "leaders," and they often bear responsibility as well.
So how should you deal with this? Whether you're only responsible for your own computer or managing hundreds or even thousands of PCs, PCs are susceptible to various threats, including:
- P2P client programs
- Insecure wireless networks
- Phishing
- Spyware
- Viruses
- Insecure work-from-home environments
- Social engineering
This article will teach you how to stop these threats.
**Say No to P2P File Sharing**
As a convenient way to share music and video files with other media enthusiasts, peer-to-peer file transfer client programs like Gnutella, BitTorrent, Kazaa, and LimeWire are almost as popular as viruses. Unfortunately, they also allow sensitive company and personal data to be shared with strangers in the neighborhood, across the country, and even around the world.
Recent surveys on the use of P2P file sharing in banks and federal government agencies have shown how easy it is for programs originally written to share media to access confidential and secret information. Dartmouth University's Tuck School of Business conducted a survey on the use of P2P file sharing by the top thirty U.S. banks and found that searching for lyrics in P2P file sharing songs or video file names revealed various types of matching information, including company names, addresses, and more.
A survey by security company Tiversa found that using the P2P client program LimeWire for just two or three hours of searching discovered over 200 confidential documents.
Why is P2P file sharing so potentially dangerous? Depending on the client program, P2P file sharing usually occurs by file type rather than by folder. Therefore, after a P2P search, music or video files stored in the same folder as confidential information could expose all the contents of the entire folder.
Worse still, some P2P client programs make it easy to share entire drives rather than just designated folders. Nowadays, P2P client programs are everywhere, including children's PCs or other home PCs, and sometimes even on company PCs.
To prevent the threat of P2P file sharing in the workplace, companies should configure their security settings to block P2P client programs. If you're working remotely, encrypt your work folders and ensure that P2P client programs are never installed to monitor work folders. Also, stay up-to-date with developments in P2P technology.
**Protecting Insecure Wireless Networks**
Wireless networks are easy to set up - especially insecure ones. Your office may have a wireless network protected by WPA or WPA2 encryption and a Radius authentication server; however, if you're working from home or in public places using an insecure wireless network, sensitive information could be exposed. What kinds of threats exist outside?
- If restaurants or other retail stores use insecure wireless networks for point-of-sale systems, "wireless eavesdroppers" (war drivers) parked in the parking lot could obtain credit card numbers from business credit cards and then sell them or go on unauthorized shopping sprees.
- Free wireless hotspots are abundant in restaurants and cafes. If network sharing on your laptop isn't blocked by a firewall, other internet users could eat while secretly stealing your data.
- Home wireless networks have double insecurity: they may be unprotected (lacking WPA or WPA2 encryption) and may use standard service set identifiers (SSIDs) or workgroup names, making it easy for intruders to access any shared folders on the system.
This issue is multifaceted, and so are the solutions. It's difficult to determine whether a retailer's point-of-sale system is secure, but any public hotspot is inherently insecure. Windows Vista's firewall can automatically block access to shared resources on public networks (such as wireless hotspots). However, the Windows XP SP2 firewall requires you to select the "no exceptions" setting to protect shared resources when using public networks.
If your email client doesn't provide a secure login mechanism, don't use it on public hotspots. Instead, establish a secure connection for email, file transfers, remote desktops, and other applications by setting up a secure HTTP (HTTPS) or virtual private network (VPN) connection with your main computer, or use secure remote access services like GoToMyPC.
Anyone working from home should set up a secure wireless network. If your company's remote workers lack networking skills, help them configure their networks securely. If your staff is familiar with specific routers, consider providing a list of recommended routers.
If you or your employees use VPN connections, consider recommending or requiring routers that support multiple simultaneous VPN connections. With such routers, multiple VPN connections can be pulled simultaneously from home. Remember: VPN connections offer end-to-end security, even on public networks.
**Preventing Phishing and Social Engineering**
Phishing involves sending official-looking emails warning users about potential issues with their credit cards, bank accounts, or PayPal accounts, luring them to fake websites designed to steal identities. This tactic is widespread today, but prevention methods have never been more numerous.
The latest versions of Microsoft's Internet Explorer 7 and Mozilla's Firefox 2.0 both include anti-phishing features that compare URLs with known phishing sites and provide tools to report suspicious phishing attempts. If you're running older versions of IE or Firefox, it's time to upgrade to the latest versions.
To further enhance security, report suspicious sites to anti-phishing websites like PhishTank (http://www.phishtank.com/) and PIRT Squad (http://www.castlecops.com/pirt). PIRT Squad will also attempt to shut down phishing sites.
However, you don't need high-tech solutions to help stop phishing - common sense works wonders. Don't click on links provided by banks or other institutions; manually log in instead of auto-login. If you have concerns about any link in an email or website, remember this method: hover your mouse over the link to see its true destination.
Phishing is just the latest form of one of the oldest hacking techniques: social engineering. To prevent hackers from impersonating someone from the "help desk" or "internet provider," verify the identity of anyone who can access sensitive information, such as calling the supervisor of the person's employee or asking questions with predetermined answers.
If you must provide a password to someone so they can solve your problem, ensure you change it immediately afterward. Security Focus (http://www.securityfocus.com/) is a great resource offering countermeasures against phishing, social engineering, and other threats.
**Using Built-in Operating System Tools**
Both Microsoft Windows XP Service Pack 2 and Vista come with many tools to help detect and block intruders. As mentioned earlier, both have user-friendly firewalls that can be set to "no exceptions" mode for use in public places while still accessing shared resources on more secure networks. Both (business editions) also support the Encrypted File System (EFS), which provides user-based security for sensitive files.
However, Windows Vista includes several additional features to block intrusions. It includes the Windows Defender antispyware tool (available for download on Windows XP); Internet Explorer 7 (available for download on Windows XP) and the new email client Windows Mail have anti-phishing features; a new browser attachment manager has been added; parental controls report websites and activities; a new internal design uses address space allocation randomization to change the address space used by system functions, helping prevent attacks; and in enterprise and ultimate editions, BitLocker full disk encryption prevents data theft caused by stolen laptops, desktops, or drives.
**Plugging the Gaps**
Although Windows Vista helps close many security loopholes present in Windows XP, you can take steps to further improve system security. Ensure that new security updates are installed promptly once they appear on Windows Update or Microsoft Security Bulletins.
You can find the latest Windows security headlines on the TechNet Security Center. Regularly using and updating antivirus and antispyware toolkits can help prevent software-based attacks.
Source: [http://safe.it168.com/ss/2008-07-14/200807141639108.shtml](http://safe.it168.com/ss/2008-07-14/200807141639108.shtml)