Contact us at 319-277-0436 or info@aerialservicesinc.com

Personal Internet Security – Part III

Personal Internet Security – Part III

Editor’s Note: This is the final article in this series on Personal Internet Security for the Geospatial Professional.  If you haven’t read Part I and Part II of this three-part series read them first. 

In Part I & Part II of this three-part series on cyber security, we learned how dangerous the internet has become for us personally and for our businesses. Criminal activity is empowered and scales equally well using internet technologies as do good and beneficial activities. It is imperative that geospatial professionals become aware of the threats to our security and privacy, and become technically literate to behave securely while using the Internet.

top 10Top 10 Things to Do and Eliminate 85% of the Threats (#6 – 10)

The Top 5 (#1-5) important behaviors were covered in Part II.

Six: Don’t ever attach USB drives to your computernot using usbs

Unless you trust the person that gives you a USB drive, don’t ever attach it to your computer or any device. Many organizations have already outright banned these very convenient devices from their networks. Many firms fill their USB ports with glue to permanently disable them. There are new exploits that will electrically fry your computer the instant the USB is attached.

Seven: Ensure your System Administrator stays current on risks.

They should subscribe to the US-CERT weekly Vulnerability Summary. This report details every known exploit discovered and lists them by severity. This is an excellent resource to review regularly and will keep your SysAdmin current.

system administratorRelated to #1 on our list, it is critically important that your SysAdmin stays current with the updates and patches available for the computers and applications on your firm’s network. Patches for Windows, Linux, switches, routers and other devices need to be applied as they are released. Because these attack surfaces can be very large, this is very important.

Eight: Change the “.js” file type association to NOTEPAD.javascript

Files on your Windows computer with the .js file extension are typically “javascript” routines. This ubiquitous Internet code is used on virtually every web page and is the code of choice for many nasty exploits. WSH is a very powerful, low level application that has elevated privileges to run operations on your computer. By default, .js files are associated with Windows Scripting Host (WSH).  Anytime a user clicks on a .js attachment WSH executes the code.  POW! Game over if its malicious. However, if these files are associated with Notepad then they are not executed by WSH but harmlessly opened in this text editor and cause no harm.

Nine: KNOW you have good backups all the time.backup button

Good backups have always been essential for protection of data loss or corruption. But today, If you are a victim of ransomware attack, there is NO protection except a backup. Period! Game over!

Ransomware is a type of malicious software that infects a computer and restricts users’ access to all the user files on it until a ransom is paid to unlock it. Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. The past several years ransomware threats have only grown in size and numbers. Your only protection today from a ransomware attack is a good backup of your devices.

Ten: Encrypt your PC / Mac.veracrypt

Vercrypt is open-source software that encrypts data. It recently completed a security audit and provides very good, very secure encryption of all the data on your computer. Veracrypt (formerly TrueCrypt) is very easy to use and it only takes 10 minutes to encrypt your hard drive. Instructions are here and here.

Bonus: Practices that provide even more security and safeguard your privacy

Eleven: Use a VPN all the time.VPN

It’s nearly free (Hotspot Shield costs 10 coffees for a year of use on all your devices. Virtual Private Networking (VPN) encrypts all data traversing to and from your device across an untraceable connection. You should never connect to public Wi-Fi (like in airports or hotels, or any network you don’t own, manage, or trust who manages) without using a VPN. A great bonus when using a VPN is your surfing is anonymized and you can no longer be tracked by the zillions of sites that like to track you and build up scary detailed profiles of your life.

Twelve: Don’t buy and use IOT devices

Most IOT devices manufactured today have been shown to have little or no security. What this means is that they create a door to your network that Crime, Inc. can use to waltz into your private life or business and cause mayhem. The only exception to this rule is if you know how to secure them behind an impenetrable router like the amazingly solid and inexpensive Ubiquity Edge router or similar.Internet of Things

Americans now own an average of 3.4 IOT devices. By 2020, there will be an estimated 50 billion connected to the internet. Without any security standards in place and few manufacturers using any meaningful security design, IOT devices are dangerous. They have already been used to take down major sites on numerous occasions. Nest thermostats, baby cams, video doorbells, smart lightbulbs, and many other devices are now commonly available. Think of these as computers that control your furnace or as computers that show you who is at your door, or computers that enable lighting.

There are no security standards for these deviceds yet and most of them are being sold with particularly poor security that are quite dangerous for your networks at home and work. The best advice is “don’t buy any” until manufacturers enable much better security. NOTE: most of these devices claim they use strong encryption and protect privacy. They don’t! The U.S. Government is beginning to take these manufacturers to court and suing them for false advertising.

Remember this: Just because a manufacturer uses “strong encryption” does not necessarily mean it affords good security. There is much more to security than simply whether encryption is used.

If you have any other suggestions for cyber security, please add them to the comments below.

A very helpful glossary of cyber security and privacy terms can be found here (compliments to komando.com).

Sources for this article series: Parts 1, Part 2, and Part 3:
1. Years of listening to “Security Now” podcast at grc.com
2. Future Crimes: Inside the Digital Underground and the Battle for our connected World, Marc Goodman, Anchor Books, 2015
3. Bruce Schneier, ‘The internet era of fun and games is over’. The Daily Dot, 16 Nov 2016
4. Austin Powell, Experts issue dire warning to government about the Internet of Things. The Daily Dot, 16 Nov 2016

Mike Tully has been the President & CEO of Aerial Services, Inc. (Cedar Falls, IA) since 2002. He is a certified photogrammetrist, and has a B.S. in Forestry from Northern Arizona University, a M.S. in Forestry Entomology from the University of Maine, and a Masters in Business Administration from the University of Northern Iowa. He is a certified GIS-Professional, techno-geek, and the head of "Getting Right Things Done Well" at Aerial Services. Mike is an innovator and thinker.

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*