MidAtlanticBroadBand!
[top] [midatlanticbb]
MABB Tutor: Network Security

Security Concepts

  • Choose an adequite password.

    Hackers guess passwords. That's what they do. If you use a password that reflects information about yourself that is available to hackers, you are a prime target for a successful hack. Your work, family, pets, hobbies and more can be directly acquired or inferred from a variety of sources. And using the same password on multiple systems simply invites the owners (or employees) of those systems to effectively steal your identity. Most are responsibile, and wouldn't think of such things, but can you trust them all?

    Choose a password that only has a meaningful pattern to YOU! Hackers often use "password dictionaries" in their attacks. Avoid common words and phrases entirely, mix letters and numbers for best results. An uncommon word with a seemingly random number thrown in is probably the best. Remember, longer does not in itself mean more secure. A password like "ilovetheweb" might have a lot of characters, but is obviously NOT hard to guess. A better choice would be something like 'red1998sox', which is far tougher to guess.

  • Secure Windows Shares.

    If you're running Windows and are using drive sharing, there are some serious issues for you to consider.

    Windows 'share level' security is inherently weak. If you MUST use it, choose adequite passwords, as described above, to protect your shares. If you aren't sharing across the 'net, make sure you 'unbind' the TCP/IP protocol from Microsoft File and Printer Sharing. This is done via control panel, and for some reason defaults to the least secure settings.

    If you have a Windows NT/2K/XP or Windows For Workgroups SERVER in your network, you have a better option in 'user level' security. Your shares can be dependent on thoses servers' much more robust security systems, and therefore MUCH harder to crack. A properly configured NT server won't even ALLOW users to have very short passwords in the first place, and password expirations ensure that passwords are changed on a regular basis.

  • Be aware of hacker techniques.

    You should realize that mail addresses can be forged, and email that looks like it came from a known source could actually be malicious code sent by a hacker or other vandal. The Melissa Virus, for example, uses an infected system's own address book(s) to send out messages containing the virus. To the unwary, it looks like a legitimate message from a friend or contact, and many simply open it without examination. They are then silently infected, and the process begins again with THEIR address book!

    Recent outbreaks of the "Klez Worm" have shown that it is very simple to impersonate the average email address, even to the point of utilizing that email address's normal mail server. Target and source addresses are collected from throughout an infected machine, including their web browser cache. That means if the infected person visited a website with your email address on it, you could be the next victim.

    Be careful what you click on. If an email looks odd to you, DON'T OPEN IT until you have verified with the sender just what it is this message contains. If they don't remember sending it, delete it, and advise them to immediately scan their own system(s) for viruses! It wouldn't hurt to scan your own for good measure.

toc  1  2  3  4 


Copyright 1996-2007 MidAtlantic BroadBand . All rights reserved. Reproduction in whole or in part in any form or medium without express written permission. is prohibited. MidAtlantic BroadBand, MABB, and the associated logos are trademarks of MidAtlantic BroadBand.

Please feel free to comment about this site to our webmaster at midatlanticbb.com!

http://www.midatlanticbb.com
This site is powered by MidAtlantic BroadBand!