4. Passwords should be complex
• Best practice 5 years ago minimum 8 characters length
• Best practice today is minimum 15 characters length
• Use punctuation, number, upper and/or lower case
Passwords should not be used at multiple sites
Financial passwords should only be used once
Do not write down passwords
Do not store passwords with user names
Passwords should be changed regularly
Simple passwords should be salted
Store your passwords in an password manager
• You don’t need to remember your passwords
• LastPass, 1Password, Roboform
Use tough security questions
5. password sunshine
123456 master
12345678 123123
abc123 welcome
qwerty shadow
monkey ashley
letmein football
dragon jesus
111111 michael
baseball ninja
iloveyou mustang
trustno1 password1
1234567 computer
6. password thomas tiger
Password Thomas REDtiger
Passw0rd Thom@s REDtiger7194
Passw0rdRED! Thom@sRED!
7. Open the pod bay door please Hal
OpenThePodBayDoorPleaseHal
Open!The@Pod#Bay$Door%Please^Hal
0pen!The@P0d#Bay$D00R%Please^Hal
0pen!The@P0d#Bay$D00R%Please^Hal&2042
8. Image Based versus File Based
Onsite verses Offsite
Free Backups
• Timemachine
• WindowsBackup
• Windows System Restore
Cloud Based Backup for SOHO
• Carbonite
• Crashplan
• Mozy
Cloud Based Backups for SMB
• ShadowProtect
• WindowsBackup
• TimeMachine
Cloud based options do not replace local backups
• If you cannot afford both store a USB drive at offsite
9. Encryption “scrambles” or “shreds” the contents of a disk or file
Encryption algorithms use a key to encrypt and decrypt the data
• Key needs to be strong to prevent dictionary attacks
Encryption is reversible
Free Encryption Tools
• GNU Privacy
• True Crypt
• Diskutility(Mac only)
• 7 Zip (PC only)
• AX Crypt (PC only)
Advanced Encryption Standard (AES 128 Bit and AES 256 Bit)
• Virtually unbreakable
Loss of key makes data unusable
Encryption is like compression - it will slow the computer
10. Types of resets
• Soft
• Hard
Battery backup is time dependent on load
• Don’t put printers on battery backup
• Don’t put old CRT monitors on battery backup
• Measured in Amp-Hours (Ah or Ahr)
APC.com for details
Laptops should be connected to surge protectors
Unplug all cables from your devices in severe weather
11. Do not host your own mail
• Relatively expensive when considering TCO
• Very insecure
• Not worth the effort
Bigger is better with respect to email
Real Time Blacklist (RBL)
You get what you pay for
• Don’t build a business on a free email account
• If you do use a “free” service buy a domain
If you do host your own email use a smarthost
• Socketlabs, GFI, Jangomail
• Inbound stops viruses, malware, phishing and spam
• Outbound will keep you off an RBL
12. PCs are still more susceptible to virus outbreaks than Macs
Macs are not inherently more secure
• PCs have a larger attack surface
Recommended PC AV software as of 2/2013
• Vipre is my recommended choice
• AVG, AVAST, NOD32 ESET good too
• Symantec, Trend, MacAfee are not recommended
Suggested Mac AV software as of 2/2013
• ClamXav is first choice – uses ClamAV engine
• Avast, Avira, Sophos, Avira
Free is OK in a multi-layered environment
Not recommending Mac AV for our non-regulated clients
Two or more AV programs can make your computer very slow
Good email hosts have anti virus protection built in
13. Criminal in nature
Mostly effect PCs
Common PC types
• Ransomware/Scareware
• Browser Hijackers
• Banking Viruses
• Gauss (Stuxnet)
• Flame
Common PC anti-malware software
• Malwarebytes is recommended
• CCleaner is recommended
• Most others are snakeoil
No Mac anti-malware
14. Becoming number one threat to individual users
Targeted, non-technical attack
Primary targets
• Cellphone accounts
• Email accounts
Secondary targets
• Bank accounts
• Trading accounts
• Utility accounts
Two factor authentication as a defense
• Something you know?
• Personal Questions
• Something you have?
• Cellphone
• RSA Token
Suspect all inbound communication
15. Limit use of account with administrative privileges
• “Root” accounts
• “Admin” accounts
Regularly delete or disable old accounts
Disable features
• If you do not use WordPress Editor disable it
Uninstall unused tools
16. Open Source Software has a large attack surface
Keep your OS, software and servers patched
• Java, Adobe and Firefox ASAP
• PC’s should install patches as soon as available
Be careful what and how you download
• Don’t trust driver download sites
• Don’t click next-next-done without reading
• Only download from trusted sites
• OEM
• CNET
• Do not host your own servers
• FTP and SQL servers are notoriously vulnerable
WordPress Users
• Watch Dre Armeda’s Videos
17. Use hardware firewalls for the perimeter of your network
• Most cable and DSL modems come with adequate firewall
• Leave them alone and they will work fine
Use software firewalls when connected to an untrusted network
• All networks should be considered untrusted
18. Wireless standards
• 802.11g and 802.11n
• Wimax
• Bluetooth PAN
Encryption Standards Matter
• WEP is bad
• WPA and WPA2 is good