In this thread, I’m going to tell you about a couple of easy practices you can use to keep you and your family safer on the internet.
oh yeah? why should we listen to you?
I’ve been a career IT guy since 1991, where as a kid I was an early tech support phone jockey for a psychology billing software company. Since then, I rose in the ranks, starting with my dream job: network administrator at Williams Pinball. This led to a position that eventually was a pretty big network management position in WMS, the slot manufacturer (same company). I then left WMS to work with Obama’s campaign in Chicago in May 2007 and was one of the senior technical leads on that team. I’ve been under serious exposure and threat, and have made all the mistakes. I’ve since built worldwide network infrastructures, data centers, run infrastructures supporting tens of thousands of people.
I know this is liable to start a political conversation, but that’s really not my intent here. I’m happy to do that in other threads, but I only mention this so you know the kind of risk I was exposed to for long periods of time.
Security is about being a little harder to hack than the next person. You don’t have to do much. This book is the best easy read I’d recommend on the topic: http://amzn.to/1UCHsTa
Haha, I tricked you!
If you clicked that link, I could have stolen your stuff. If you hover over it, you’ll see in the lower-left corner of your browser that I have a different URL than the one you’re clicking. Luckily, I’m on your side and I’m only sending you to a place that hides this site from Amazon on the other end. But this is how a "bad actor" can get you: by spoofing something innocent-looking to get you to click.
OpenDNS to the rescue
This is one of the original services of its kind: OpenDNS provides a service that is essentially "phone book lookups" for the internet. If you type "www.yahoo.com" in your browser, where is that, at what address? That’s what the DNS, or Domain Name System, service does.
OpenDNS does a few key things that help you: [list][*]sanitizing the DNS that you use when you click stuff in your browser or use apps on your phone. If you click some fake link to some fake bank page designed to steal your information, they’ll block it and tell you.[/*][*]caching which is lumping together absolutely everyone’s queries into a big, fast, ready-to-use state so we all share performance. Quicker DNS means that everything moves more smoothly.[/*][*]This also gives you an opportunity to implement stricter controls, e.g. parental controls over pornography and such, should you want that kind of control.[/*][/list]This is easy to implement and inexpensive – basic functionality and safety is free. Check it out here.
They’re not the only game in town: there are other filtering services, this is one that’s worked well for me over the years.
This is a really nice thing to do for gramps/nana/ma/abuela/auntie who isn’t really technical and can’t use that stuff etc. They won’t know it’s there, but it will protect them for nothing if you put in ten minutes’ effort. The same goes for AirBnB/HomeAway or bed and breakfast type places you stay: I will break into their router and set up OpenDNS and everyone suddenly thinks "the internet got faster".
username: berto
password: godimtiredofthispasswords suck. passwords suck. Passwords SUCK!
I use a great service called LastPass, which is used by means of a plugin on your web browser, a phone app and a web site that houses all your passwords. It has a few great advantages.[list][*]It sits in the background while you surf, and helpfully grabs when you log on to something and saves it. Next time you’re logging on there, it fills it in for you.[/*][*]It also remembers when you fill out a form with your name and address, and the next time you can use Lastpass to autofill that. You save a remarkable amount of time never typing (or mistyping!) your name and address ever again[/*][*]once you get used to using it, you can generate passwords that are random and whatever length the website asks for.[/*][/list]
Bottom line on passwords is this: while they suck, they are a terrific way to be a little harder to crack than your neighbor. Using a manager like Lastpass (or 1Password — there are others, I’m only including my favorite) really makes it easy to keep very complex passwords. Only having to remember a couple passwords: [list][*]my phrase I use to get into LastPass: something hard to type and nobody else would know it, but easy for me.[/*][*]my eight character, minimally compliant password that I use to log on at work. Complex so you guard against a brute-force attack, but something I can type over and over all day to get through the day, like my signature, so it has to "feel" easy to type.[/*][*]My Apple ID password for my iPhone. I need this because it needs to be typed on the phone itself, and it’s complex and meaningless, but easy to hammer out on the screen.[/*][/list]
The Network Swiss Army Knife
When you "can’t connect" or "things are slow"
This is a catch-all way to test internet connectivity. Mac, use Terminal. Windows, use cmd.
"ping" is a clever little utility, sort of like sonar in the naval sense, used for echo-location of ships.
4.2.2.2 is the internet address, or IP address, of a DNS server (explained a bit above). It’s just easy to type & remember. What you see above is success — you get replies. If you see "Request Timed Out" or other, more onerous messages, you have a problem. Have you turned it off and on again?
If it’s slow, run a speed test.
if you use SpeedTest and don’t get the results you want, there’s a very nerdy tool made by the folks at Cal Berkeley. This is a terrific resource for all-in testing of what’s set up and at least giving you Google Search terms you can use to fix whatever ends up in red. This is a Java-based tool, so you may need to use Internet Explorer (Windows) or Safari (Mac) to get it to run — Chrome has trouble with Java.
example:
Replies:
Posted by: Berto on March 17, 2016, 2:49 pm
I’m going to open this thread by sharing a piece of the book I reference above. These are five questions, and some paraphrased commentary, that allow you to assess any security decision you make.
For me, this book was wisdom — this is in the first few pages. This is so simple and yet so powerful, and you almost do it innately. You just know that dark alley isn’t the one to walk down. You don’t flash a lot of cash. You assess a lot of security/safety trade-offs: you might get there faster if you speed, but you also might kill somebody.
Security as a balance
I had a CEO of a billion-dollar public company call me into his office. He loomed over me and then sat back on his desk, at ease. "Rob," he said, smiling confidently. "I want you to take care of this information security problem, so we can put it behind us."
I blanched.
"Sir, it never goes away. It’s an ongoing situation. It’s basically an arms race."
I trail off. It was a scary moment. I couldn’t lie to the guy, because all you can do is add acceptable trade-offs that make you safer, or more secure. The cost-benefit analysis and balance should be being calculated all the time.
😈 Fear 😈
It’s cliche, but Roosevelt had it right: fear really is the enemy; it’s the enemy of rational decision making. It’s not bad to explore fears, to assess your own reaction to them, to think out possible solutions or even just to explore the feelings so you feel more prepared. It’s dwelling on them, letting them lead decisions and guide policy: that’s bad.
What I have discovered over the years is this: fear sells
If I can get you scared, I can sell you a security solution to make you feel better. The converse is that any time you’re buying anything in that space, caveat emptor to the fear they’re protecting against. Any good sales person is going to amplify the risks. What the above Five Questions give you is a rational framework to assess security that subtracts for fear.
Posted by: Berto on March 17, 2016, 4:43 pm
You’re sweating but you’re also cold, not shaking but you feel like you could be. You just wanted to get some of those cute baby photos you’d taken of your nephew for your sister, and the computer’s making a funny noise! You swear inwardly and hope against hope that you can fix this. C’mon, cmon… oh jeez, this isn’t good
Stuff happens. So it goes. Data falls into the bit bucket and it’s sad.
here’s a pretty good interview on a "worst case scenario".
This is a "Smokey the Bear" situation. Only you can protect your own data. Back that stuff up!
CrashPlan has a pretty good name. I use a service called Mozy, but I think it’s expensive.
If you’re paranoid, Spider Oak is a pretty good cloud file service. They allow you fundamental control of the keys used to encrypt your data (Dropbox, Google etc. do that for you, but you’re trusting them to handle it).
Treat it like your taxes, or do it when the time changes. Spend time making sure your backups are sucking up everything. Ask yourself about getting particularly important pieces back (photos, finance, work) and test that you could if you had to. It’s more effort than changing the fire alarm battery, but it saves you heartbreak.
The Cloud
This topic: data integrity, will become less and less relevant. You use Google, Yahoo or whatever for email, can put all your docs in the cloud, and with Dropbox backing up stuff you make yourself, it should all be stored forever. I use Evernote, which is a great notebook app that works on every possible platform. Wish you had that thing you’d written down? Well, put it all in Evernote and it’s everywhere.
I’ll give you two of my use case examples.
1. my travel checklist
I’m a terrific business traveler because of this thing. I duplicate it, adjust it to suit my trip and relax because I know once everything’s checked off (or crossed out), I’m ready to go.
2. appliance and other manuals
when I find a PDF for a manual that I like, I put it in my "Manuals" notebook.
Shut up, berto. You talk too much.
Ok, agreed. Let me know if you have questions, or berate me via PMs because this is uninteresting.
Posted by: Eyez on April 12, 2016, 2:11 am
I’ve never used any of the back up services such as the cloud, but should really consider an external drive or something. Not that I really have much to hide, but there are some things that I don’t want to lose, and don’t want to necessarily be gotten out due to a hack on those systems.
