Computers Security

Shop safe, play hard
You might think that you don’t have to worry about security while shopping online or playing games, but as the PlayStation Network data breach and the more recent hack into the server of the steam gaming platform on shopping platform both show, you are vulnerable even when your at play. HOWEVER, JUST TAKING some basic steps can keep your data more secure, and let you focus on holding the fort against The HordeUse strong passwordsYour password is your first line of defense in protecting your personal information, and it is one aspect of security that you can directly control, so make it good. I some times see people use 12345 or ABCD as their password. That is really bad. Consider using a “pass phrase” like “thetimeis6pm” instead of a password – that’s, string several words together, and replace some letter with other characters. Also, come up with a mnemonic that only you know, and apply it to your passwords. The only person to trust with your password is your God.Avoid entering your credit card informationSome gaming services or other services, such as stream, can store credit card information to make buying games and other product easier. If you have a choice, though, try to avoid using your credit card altogether. This can reduce the risk of your number being stolen in the event that a company’s servers become compromised. Consider using a prepaid credit card or virtual credit card so that you don’t have to give out your actual credit card information. Check with your bank to see what it offersUse prepaid gift cardsFor some gaming service or store, such as PlayStation Network, Walmart store or Xbox Live, you can purchase prepaid cards of gift cards and use those instead of paying with your credit card. This may be a good option if you’re feeling extra paranoid about giving out your credit card details. And these prepaid cards are readily available – look for them at your local supermarket.Use a designated email accountIn other words, set up an email account specifically for use with any credit card you are going to be using online. That way, if someone compromises one of your accounts and gets hold of the email address you used with another service, your main email account won’t be inundated with spam. And because of its service – only use, if your email account becomes compromised, you’ll face a lower risk of having other accounts (Such as your online banking account) hijacked as well. Of course, you should still make sure to use a strong password for your online account and other email account your have.Beware of Facebook gamesWhen you approve a Facebook apps or game (FarmVille, Mafia Wars, or whatever), you allow that app to access various bits of personal data that you’ve posted to your Facebook profile.Users implicitly trust app developers, to manage such personal data responsibly, but ultimately it’s out of our hands: in October 2010, for instance, a class-action lawsuit alleged that Facebook game developer Zynga (FarmVille, Mafia Wars) gave users’ personal information to advertisers and others, violating US privacy laws and Facebook’s own policies.So if you care about your privacy, don’t approve any and every app somebody invites you to try. Instead, use apps only from developers you trust. And if possible, check the app’s terms of use and privacy policy before you approve it, so you know what you’re getting into.Use Steam GuardIf you use the Steam service, use Steam Guard. It’s a feature that adds security to Steam accounts by requiring you to respond to a confirmation email every time you sign into Steam from a new computer. That step will help prevent someone from being able to log into your account and purchase games or access your personal information without your consent.

Friday’s edition of The New York Times newspaper announced the discovery by a team of scientists from Princeton University that Dynamic Random Access Memory (DRAM) chips could be made to retain their data for an extended period of time after being powered down if the chips are cooled. In the experiments, the RAM chips were cooled using an inexpensive can of compressed air, and scientists were still able to extract information from the chips, including the complex encryption keys used to decode files.By cooling the chips, the data is literally frozen in place. Then it was just a matter of reading the strings of zeros and ones that make up the information stored on the chip. From the billions of bits of data, the scientists were able to identify and extract their private encryption keys. This new discovery has industry experts clamoring over this wide loophole in computer security. However, when you think about it, this issue is only related to IT security in the sense that a computer chip is involved. In fact, this is primarily a physical security issue. If the would-be thief cannot access the physical computer chip, there is no threat.The most successful way to protect anything is with a layered security approach. No one method will solve all problems, so you adopt multiple methods to deal with different weaknesses. First and foremost, let us all agree that the only 100% secure computer is one that is disconnected from everything and is turned off. Granted, that is not a very useful computer.The architecture of a layered security for your computers starts with a solid, reliable and reputable firewall. A firewall restricts access to certain types of network traffic. A hardware firewall sits on your network right at the point of internet entry and the software firewalls protect all the network computers. I do not recommend a software firewall on a server as your primary means of defense because you open the server to direct attack. By controlling what has access, you can eliminate most problems.If something sneaks past your firewall, you need an intrusion detection system (IDS). There are different approaches for making IDS work on a network. The most typical method is based on signature matching. Every internet threat has a signature which can be thought of as early warning symptoms. An IDS system constantly monitors your network looking for these early warning signs, then alerts you when it discovers a problem.Finally, install anti-virus software on every machine and you have a solid IT security foundation. If you still need to have the virtues of anti-virus software explained to you then you are still relatively new to the internet. Anti-virus is mandatory now. To further expand your defenses, you need to spend time and resources educating your staff in proper internet behaviors that will reduce risks. This includes not opening email attachments from unknown senders to avoiding many adult-oriented websites.But all of these practices only protect against virtual threats. A physical security system still needs to be put in place to protect the physical equipment. I have seen companies that spend a fortune on virtual security but then leave the door to the server room unlocked. Strict guidelines need to be in place for who gets access to the equipment that runs your business.I am not downplaying the brilliant discoveries of the Princeton University team. What I am arguing is that this is not an IT security issue, but a physical security issue. If the would be thief cannot get the RAM chips, then there is no chance of them stealing the information off the chip. If you can control access to the equipment then you limit the threat. So, start adding layers to your security. The more layers of protection you can throw between your data and a thief the greater likelihood you will stay safe and secure.