Data Security for Home Users

Posted by : Rob Stevens | Tuesday, May 27, 2008 | Published in

I've been doing quite a lot of reading recently about network traffic content and it's pretty scary to realise just how much sensitive login info for various different network applications and protocols is floating around in clear text, and how many websites run background scripts designed to analyse your Internet usage and store information on you. Usernames and passwords for all sorts of things like Internet messaging programs (i.e MSN, AIM, etc.) and logins for various web pages and forums are there for the taking by anyone with a rough knowledge of what they're doing and the right tools.
Lots of attention is given to securing data within the work place with many organisations employing technologies such as Active Directory to secure access to the network and users data internally and firewall, IDS, and proxy filtering proxy filtering (amongst other things) to monitor and control external access. What is always surprising is how many people, the most experienced IT professionals included, tend to totally forget all that they know about protecting data and securing their systems when they are at home in front of their own computers. Whilst this is a problem that is being addressed these days, with more people becoming aware of problems like email phishing scams, people still generally don't know or care what information is being sent and received by their home PC. What I'd like to do with this post is share some ideas that people can easily implement that will help to secure their data, in ways that won't cause too much interference with their day to day computer use. This is the main problem with home computer security - it's a hassle. Remembering to run scans and check for updates, etc., etc., it's more than most people can be bothered with and as a result they end up with machines ridled with viruses and other malware.

The first thing to look at is anti-virus software. Pretty much everyone with a computer knows they should have it, but many people don't bother for any number of reasons - it's too expensive, it slows the computer down, blah blah blah. There are several perfectly decent free antivirus programs out there, many of which are light-weight (i.e. they won't hog resources) and easy to use. One that I would suggest is Antivir. This is an excellent program, that has a very good reputation for successfully identifying software threats. It can be set to both update itself and run scans by a scheduler, meaning that you don't even really need to remember to do anything. Antivirus software really is important. Without it your computer could be doing god knows what. It could be part of a botnet (a network of computers illegally controlled by malicious parties and used for any number of unpleasant things from spamming to denial of service attacks) or it could be riddled with programs that do things like gathering your personal info or firing popups at you constantly. Having malware like this running will almost certainly slow your machine down more than the average antivirus program. It won't solve all of your security problems, but it's a really good start.

The Internet is rife with methods of appropriating other peoples data for any number of reasons, whether it be for ID fraud, credit card scams, or relatively 'innocent' marketing purposes. How often do you try and access information on a web page only to be asked for all sorts of seemingly irrelevant details like full name, address, phone number, etc.? Pretty often I would guess. Now, how many of you when presented with this will just give it what it wants so that you can get on with browsing the site? Before you something like this, think. Does this site really need these details? Can I get the same information from somewhere else without answering these questions? More often than not there is no reason whatsoever for sites to gain this info. All that's happening is that your personal data is being stored in yet another potentially insecure database, waiting to be ripped off and used for fraudulent purposes. If there is somewhere else you can get the information you need, go there. If not, consider being less than truthful when filling in the form. These people usually don't need your data, so don't make it easy for them to get. I cannot stress enough how much of a problem identity fraud really is these days. Think before you type!
Another prevelant problem is the amount of background scripts there are running on many web sites which, again, are there purely for the purpose of gathering info. It could be something simple such as script for keeping an eye on site traffic, but it could also be trying to steal data or install something unpleasant (such as a trojan) on your computer via your web browser. My preferred method of dealing with this is to use the Firefox web browser combined with a plugin called NoScript. What this does is to block any scripts running on a page you visit until you authorise them to run. It then remembers which pages you have authorised and loads them up without problem from there on. Once you start using this plugin you really start to notice just how much is happening in the background of many web pages that you wouldn't even suspect. There are lots of good addons/plugins for firefox - FlashBlock and AdBlock Plus are both good ones that limit the amount of unnecessary data finding its way down your net connection. Have a look around and see if you find anything useful.

While I'm on the subject of installing things I'd like to talk about 'bonus' software that comes packaged as part of another program. Many people when installing something will just sit there clicking next without even looking at what they're agreeing to. Do you really want yet another 'amazingly useful search bar and funky widget' installing on your machine? Even if it's purpose is totally innocent it's one more thing using up your machines resources and slowing it down. Read before you click and yet again think! Quite often you can opt out of installing your 'freebie' and just get the software you were expecting. Failing to do this is yet another way to end up with a riddled machine.

The last thing I'd like to talk about is the use of public computers in web cafes, libraries, wherever. A badly managed public computer, i.e. one that doesn't clear out all personal information after a user has logged off, can be a goldmine for anyone attempting harvest user details, passwords, and personal info. My suggestion for anyone using a public service like this is to use the local computer as little as possible. By this I mean establishing a remote encrypted connection to your home computer and doing your browsing from there. This might sound a little complicated but it's actually really easy! A free service called LogMeIn makes it possible to log into your home computer from anywhere using just the browser. All you have to do to set up this service is install the program provided by the site on your home computer, and this then handles everything else. Very easy, and the encrypted connection provides excellent protection for any information you input while using the public terminal.

Obviously the steps outlined here aren't the be all of personal data security, but hopefully it should be a good place to get people started. If there's one thing I'd like people to take away from reading this it would be this. Engage brain. Think!

Edit: Since writing this I've come accross a post on gmgDesign.com that takes a more in depth look at encryption for home use. Worth looking at if your interested in doing this.

(0) Comments