By Ed Eby
For nearly twenty years, I was the Network Engineer for the USPS Engineering Center in Merrifield VA. One of my primary jobs was to be a White Hat Hacker for the Engineering Center.
A letter signed by the Vice President of Engineering gave me the legal right to break into any machine on the engineering network. It was my job to play the bad guy. If I was able to break in, I would then notify the owner of the machine and help him to fix the problem. This would often result in upset and embarrassed engineers, but the end result was that we produced secure systems.
Even though the threatscape has changed over the past eight years, the principles of secure computing are relatively the same.
I must state a caveat. There is no such thing as secure computing. Anything created by man can break. There is a long gray spectrum from “not very secure” to “pretty good, but not perfect.” (See my previous blog post)
There were things that an engineer could do to make it easy for me to break in. There were also things that a person could do to keep me out.
A high item on the list to keeping things secure is system and software updates. At least once a month, most software manufacturers release updates to their operating system and/or other software. It is critical that these software “patches” get applied as soon as possible. Criminals reverse-engineer the patches and will release a working vulnerability tool within two to three days of the patch’s release. Each patch is different as to what it fixes, so the associated vulnerability can range from annoying to full control of your system. Always keep your system up-to-date. Always.
In my previous job, if a person didn’t have current updates, I could get into their machine in minutes; usually, to Administrator (or root) level or higher. Yes, as a hacker I could get higher than Administrative level.
If your computer is set to update automatically, always shut down at the end of each workday. For all modern operating systems, updates require a reboot. If you always put your computer into sleep mode (by closing the lid or whatever), then your computer won’t run the updates.
Personally, I update my systems manually because I know how critical that piece is. But I understand that the update process seems to be difficult for some people.
For the Apple, do the updates in the AppStore, and get your Microsoft suite. If you use Adobe, there are updates for that software as well.
For Windows 10, get the updates in the Settings app. If you have other software installed, you may have to update that separately.
Keep your phone up-to-date. A lot of people let this piece slide, not realizing all the information they carry there. Apple is really good with their iPhone updates. With Android, it’s a mixed bag depending on your phone carrier.
2. Password Security
- Make your passwords at least eight characters long.
- Include three of the following four: 1) upper case, 2) lower case, 3) number, 4) special character.
- NEVER use the same password on different websites. I used to do this until one of the websites got hacked. I had to go out and change my password on 100 different websites. Since that time, criminals have compiled databases that associate email addresses with passwords. So if you use the same password multiple places, you are most likely compromised.
- Use a password manager. I recommend KeePass (for PCs only), or LastPass (this one is not free). The links are here: https://keepass.info/download.html (use the left upper download button) and https://lastpass.com
- For your really important passwords, use a long sentence with weird characters. An example might be: “I Lov3 2 Sitt 0n the Be@ch” (don’t use that one, just use the idea).
- For giggles (or embarrassment), you can see 2018’s most common passwords by clicking here.
3. Don’t Turn on Network Shares
In my previous job, one of the most common ways to get into a computer was when a person turned on a share but forgot to secure it appropriately. In my current job, most of the end-users don’t know how to turn on a share, so it’s not as big of an issue in this environment.
However, I do see that people often turn things on with their phones and don’t realize it.
4. Don’t Share Your Password
I’ve heard stories of people posting pictures of their brand new credit cards on social media. I hope those stories aren’t real. But the same thing is true with passwords. Treat your password like your toothbrush; don’t share.
5. Back Up Your Data
I like to make two backups of my data. I store them (turned off) in two separate physical locations. Why?
- My hard drive could crash at any minute. Or my computer might get dropped or stolen.
- If my backup media is connected to a turned-on computer, a virus would be able to access the data in both locations. If the backup is not connected to a live computer, then a virus can’t get to it.
- If there’s a fire or flood in one location, it won’t get my backups in the other location.
My worst-case-scenario is getting hit with a cryptovirus. My backup plan covers that eventuality.
6. Be Careful Where You Browse.
When my boys were little I would have to rebuild the operating system every six months. My son would visit guitar tab sites (guitar tabs are a unique musical notation used only for guitars). At the time, these sites were notorious for their infections.
7. Use an Up-to-Date Antivirus
I wish I had a dollar for every time I’ve heard the lie that Apple computers can’t get infected. I’ve cleaned many viruses from many Apple computers.
In recent years, some of my peers have started to rely on Microsoft’s built-in Defender. I haven’t gotten that bold yet, but these are people I respect. So who knows? From a corporate perspective, we are required to have an active and centrally managed antivirus for our PCI certification (PCI allows us to handle credit cards).
8. Stay Away From Public Computers
These computers are often loaded with keystroke loggers. So when you log into your bank or email, the criminals will capture your login credentials.
9. Be Wary of Public WiFi
It is ridiculously easy to capture a person’s data on public WiFi. However, using VPN or SSL helps a lot.
10. Lock Your Computer
This one should be common sense, but I’ve been told that common sense isn’t always so common.
People are shocked when I tell them how easy it is to get hacker tools. Many of these tools are freely available on the Internet. If you don’t believe me, I can show you the sites. ** See blogger’s note below. Other tools that I had at my disposal (when I worked at the Engineering Center) cost many tens of thousands of dollars. Since that was eight years ago, you can bet that the new tools are a lot more powerful.
Some of the tools were software packages I wrote myself. The scary thing about homemade tools is that the antiviruses don’t know about them, so they can’t see them. ** See blogger’s note below.
Every day, thousands of people have their digital world compromised. Do all you can to keep the bad guys at bay. If your machine or bank account is hard to break in, then the criminals will usually move on to the next guy who won’t be so lucky.
Comment below if you think I’ve missed something in my list, or if you have questions.
Here are a few other sites that have some good tips from their perspective:
** BLOGGER’S NOTE: Although these hacker tools are easy to download, DO NOT USE THEM. To attempt to use hacker tools against another person’s machine or company’s system is highly illegal and carries stiff criminal penalties, including fines and prison time. For this reason, I do not keep a copy of these tools on my system.
About The Author:
For nearly twenty years, Ed Eby was the Network Engineer for the USPS Engineering Center. One of his main focuses was to keep the Engineering Center secure from hackers and viruses. Since 2011, Ed has served as the Network Administrator for WorldVenture, bringing those same skills to the Kingdom of God.
In his personal life, Ed Eby has recently become a top-selling novelist and writer. For 15 years, Ed and his wife, Sue, worked in inner-city missions in the ghettos of Washington DC. They did drug and alcohol intervention, prison ministry, and street ministry. They helped to plant a church that is still thriving today. He also is a musician and songwriter and currently in Florida receiving treatment for Lyme’s disease. Connect with him on Facebook.