\n\tI’ve been a career IT guy since 1991, where as a kid I was an early tech support phone jockey for a psychology billing software company. Since then, I rose in the ranks, starting with my dream job: network administrator at Williams Pinball. This led to a position that eventually was a pretty big network management position in WMS, the slot manufacturer (same company). I then left WMS to work with Obama’s campaign in Chicago in May 2007 and was one of the senior technical leads on that team. I’ve been under serious exposure and threat, and have made all the mistakes. I’ve since built worldwide network infrastructures, data centers, run infrastructures supporting tens of thousands of people.
\n\tI know this is liable to start a political conversation, but that’s really not my intent here. I’m happy to do that in other threads, but I only mention this so you know the kind of risk I was exposed to for long periods of time.<\/span><\/em><\/p>\n
\tSecurity is about being a little harder to hack than the next person. You don’t have to do much. This book is the best easy read I’d recommend on the topic: http:\/\/amzn.to\/1UCHsTa<\/a><\/p>\n \tHaha, I tricked you!<\/strong> \tOpenDNS to the rescue<\/strong> \tOpenDNS does a few key things that help you: [list][*]sanitizing the DNS that you use when you click stuff in your browser or use apps on your phone. If you click some fake link to some fake bank page designed to steal your information, they’ll block it and tell you.[\/*][*]caching<\/em> which is lumping together absolutely everyone’s queries into a big, fast, ready-to-use state so we all share performance. Quicker DNS means that everything moves more smoothly.[\/*][*]This also gives you an opportunity to implement stricter controls, e.g. parental controls over pornography and such, should you want that kind of control.[\/*][\/list]This is easy to implement<\/a> and inexpensive – basic functionality and safety is free. Check it out here<\/a>. \tThis is a really nice thing to do for gramps\/nana\/ma\/abuela\/auntie who isn’t really technical and can’t use that stuff etc. They won’t know it’s there, but it will protect them for nothing if you put in ten minutes’ effort. The same goes for AirBnB\/HomeAway or bed and breakfast type places you stay: I will break into their router and set up OpenDNS and everyone suddenly thinks "the internet got faster".<\/p>\n \tusername: berto Posted by:<\/strong> Berto on March 17, 2016, 2:49 pm<\/p>\n \t \tFor me, this book was wisdom — this is in the first few pages. This is so simple and yet so powerful, and you almost do it innately. You just know<\/em> that dark alley isn’t the one to walk down. You don’t flash a lot of cash. You assess a lot of security\/safety trade-offs: you might get there faster if you speed, but you also might kill somebody.<\/p>\n \tSecurity as a balance<\/strong> \t\ud83d\ude08 Fear<\/strong> \ud83d\ude08 \tWhat I have discovered over the years is this: fear sells Posted by:<\/strong> Berto on March 17, 2016, 4:43 pm<\/p>\n \tStuff happens. So it goes. Data falls into the bit bucket and it’s sad. \tThis is a "Smokey the Bear" situation. Only you can protect your own data. Back that stuff up!
\n\tIf you clicked that link, I could have stolen your stuff. If you hover over it, you’ll see in the lower-left corner of your browser that I have a different URL than the one you’re clicking. Luckily, I’m on your side and I’m only sending you to a place that hides this site from Amazon on the other end. But this is how a "bad actor" can get you: by spoofing something innocent-looking to get you to click.<\/p>\n
\n\tThis is one of the original services of its kind: OpenDNS provides a service that is essentially "phone book lookups" for the internet. If you type "www.yahoo.com" in your browser, where is that, at what address? That’s what the DNS, or Domain Name System<\/a>, service does.<\/p>\n
\n\tThey’re not the only game in town: there are other filtering services, this is one that’s worked well for me over the years. <\/p>\n
\n\tpassword: godimtiredofthis<\/strong>passwords suck.<\/span> passwords suck. Passwords SUCK!
\n\tI use a great service called LastPass<\/a>, which is used by means of a plugin on your web browser, a phone app and a web site that houses all your passwords. It has a few great advantages.[list][*]It sits in the background while you surf, and helpfully grabs when you log on to something and saves it. Next time you’re logging on there, it fills it in for you.[\/*][*]It also remembers when you fill out a form with your name and address, and the next time you can use Lastpass to autofill that. You save a remarkable amount of time never typing (or mistyping!) your name and address ever again<\/em>[\/*][*]once you get used to using it, you can generate passwords that are random and whatever length the website asks for.[\/*][\/list]
\n\tBottom line on passwords is this<\/u>: while they suck, they are a terrific<\/em> way to be a little harder to crack than your neighbor. Using a manager like Lastpass (or 1Password<\/a> — there are others, I’m only including my favorite) really makes it easy to keep very complex passwords. Only having to remember a couple passwords: [list][*]my phrase I use to get into LastPass: something hard to type and nobody else would know it, but easy for me.[\/*][*]my eight character, minimally compliant password that I use to log on at work. Complex so you guard against a brute-force attack, but something I can type over and over all day to get through the day, like my signature, so it has to "feel" easy to type.[\/*][*]My Apple ID password for my iPhone. I need this because it needs to be typed on the phone itself, and it’s complex and meaningless, but easy to hammer out on the screen.[\/*][\/list]
\n\t
\n\tThe Network Swiss Army Knife<\/strong>
\n\tWhen you "can’t connect" or "things are slow"
\n\tThis is a catch-all way to test internet connectivity. Mac, use Terminal. Windows, use cmd.
\n\t"ping" is a clever little utility<\/a>, sort of like sonar in the naval sense<\/a>, used for echo-location of ships.
\n\t![\"\"](\"http:\/\/i.imgur.com\/oNFrzbBl.png\")
\n\t4.2.2.2<\/strong> is the internet address, or IP address, of a DNS server (explained a bit above). It’s just easy to type & remember. What you see above is success — you get replies. If you see "Request Timed Out" or other, more onerous messages, you have a problem. Have you turned it off and on again<\/a>?
\n\tIf it’s slow, run a speed test.
\n\tif you use SpeedTest<\/a> and don’t get the results you want, there’s a very nerdy tool made by the folks at Cal Berkeley<\/a>. This is a terrific resource for all-in testing of what’s set up and at least giving you Google Search terms you can use to fix whatever ends up in red. This is a Java-based tool, so you may need to use Internet Explorer (Windows) or Safari (Mac) to get it to run — Chrome has trouble with Java.
\n\texample:
\n\t![\"\"](\"http:\/\/i.imgur.com\/VNRKIIQh.png\")
<\/p>\n
\nReplies:<\/h3>\n
\n\tI’m going to open this thread by sharing a piece of the book I reference above. These are five questions, and some paraphrased commentary, that allow you to assess any security decision you make.<\/p>\n![\"\"](\"http:\/\/i.imgur.com\/1QWPdzkl.png\")
![\"\"](\"http:\/\/i.imgur.com\/E7nFVLal.png\")
<\/p>\n
\n\tI had a CEO of a billion-dollar public company call me into his office. He loomed over me and then sat back on his desk, at ease. "Rob," he said, smiling confidently. "I want you to take care of this information security problem, so we can put it behind us."
\n\tI blanched.
\n\t"Sir, it never goes away. It’s an ongoing situation. It’s basically an arms race."
\n\tI trail off. It was a scary moment. I couldn’t lie to the guy, because all you can do is add acceptable trade-offs<\/em> that make you safer, or more secure. The cost-benefit analysis and balance should be being calculated all the time.<\/p>\n
\n\tIt’s cliche, but Roosevelt had it right: fear really is the enemy; it’s the enemy of rational decision making. It’s not bad to explore fears, to assess your own reaction to them, to think out possible solutions or even just to explore the feelings so you feel more prepared. It’s dwelling on them, letting them lead decisions and guide policy: that’s bad.<\/p>\n
\n\tIf I can get you scared, I can sell you a security solution to make you feel better. The converse is that any time you’re buying anything in that space, caveat emptor<\/em> to the fear they’re protecting against. Any good sales person is going to amplify the risks. What the above Five Questions<\/em> give you is a rational framework to assess security that subtracts for fear.<\/div>\n<\/div>\n
\n\tYou’re sweating but you’re also cold, not shaking but you feel like you could be. You just wanted to get some of those cute baby photos you’d taken of your nephew for your sister, and the computer’s making a funny noise! You swear inwardly and hope against hope that you can fix this. C’mon, cmon… oh jeez, this isn’t good<\/span><\/p>\n
\n\there’s a pretty good interview<\/a> on a "worst case scenario".<\/p>\n
\n\tCrashPlan<\/a> has a pretty good name. I use a service called Mozy, but I think it’s expensive.<\/p>\n
![\"\"](\"http:\/\/i.imgur.com\/8vc52qvl.png\")
![\"\"](\"http:\/\/i.imgur.com\/Y2M36T9h.png\")
<\/p>\n![\"\"](\"http:\/\/i.imgur.com\/ly9zGhgh.gif\")