Jobs

We're talking about information security jobs this week, specifically the types of qualifications and certifications necessary for said positions. There has been a decent degree of discussion concerning the education requirements necessary, and a baseline factor that evens the playing field between trade school and four year degrees are certifications.

Here's a link to a recent article discussing the top five needed certifications from December of 2012. So if you're looking for something to get, one of these might not be a bad idea.

http://www.techrepublic.com/blog/career/the-top-five-in-demand-it-certifications-for-2013/4756

Firewalls

Do you use a firewall? It's a piece of software that helps your computer block unwanted traffic from your network. Generally speaking, antivirus software isn't enough to keep you fully protected. A firewall helps block security holes and it keeps random and bad traffic out of your machine.

Windows has a built in firewall solution, but there are a lot of other free solutions, and paid as well, out there. There are also hardware solutions, and your wireless router in your house probably has its own firewall built in. You're probably familiar with Windows firewall because if you don't have it turned on it nags you until you do.

And really, you should have it turned on. A quick Google will turn up other free firewall solutions, and maybe that software offers some functionality that you need or prefer to Windows. But short of that, even if Windows isn't the best, I'll equate it to one of my earlier posts on Microsoft Security Essentials. Even if it isn't the best solution, it offers enough protection that the residual risk is minimal and probably acceptable for most consumer users.

Back to Basics

We’re going to take it full circle today, back to the first post I made, a very scary topic indeed: sextortion. A new case (and capture thankfully) has prompted the FBI to post a few things to help keep you safe online. Some of this is security theater, but there is some pretty good stuff to.

I’d like to put the focus on the last two bullet points (I’ve copied them from the FBI website and listed them below in case you are hyperlink averted), suspicion and communication. This goes back to a theme I’ve always kept in my posts concerning security, that regardless of the hardware and software protections you may have in place, in the end it’s up to the people involved to maintain security.

We have to be suspicious online. It’s that suspicious that informs us that we aren’t really the millionth visitor and we didn’t really win a new iPad, no matter how colorfully that banner is flashing. Suspicion tells us when something is too good to be true, or when something seems creepy or just not right. This is important because of the layer of anonymity provides. Kids need to be educated on this point. And overall, and emphasis does need to be added that it doesn’t matter if it’s someone you don’t know or someone you trust, you shouldn’t send them anything personal over the internet.

The last point is communication, and I think open lines need to be maintained from the beginning to emphasis the preventative nature of security, but also after an incident has happened.

§  Don't take for granted that your computer's anti-virus software is a guarantee against intrusions.

§  Turn off your computer when you aren't using it.

§  Cover your webcam when not in use.

§  Don't open attachments without independently verifying that they were sent from someone you know.

§  It's okay to be suspicious. If you receive a message with an attachment from your mother at 3 a.m., maybe the message is not really from your mother.

§  If your computer has been compromised and you are receiving extortion threats, don't be afraid to talk to your parents or to call law enforcement.

VIA: http://gizmodo.com/5982356/here-are-the-fbis-official-tips-to-avoid-being-sexually-extorted-online

FROM: http://www.fbi.gov/news/stories/2013/february/sextortion-cons-like-bieber-ruse-targeted-minor-girls/sextortion-cons-like-bieber-ruse-targeted-minor-girls

Passwords and Risk.

We're talking about risk identification, assessment, and management this week. I've linked to an article below that shares some great insight into some very common security problems that most people have. I'm going to focus on the last item on the list -- passwords.

This is a very common problem in people's security world, inadequate passwords. It's something that even I suffer from. It's been on my to-do list for far to long, to take an inventory of my accounts and to manage my passwords. Repetition is probably one of the most common guilty offenses aside from choosing passwords that are just weak to begin with.

Here are a few of the things I have detailed in my to-do list:
- Make sure all accounts have a unique password.
- Make sure my credit card information is not saved for any accounts.
- Make sure my security question is a secret word and not the actual answer to the question.
- Enable two-factor account verification whenever possible

These are just a few of the things we can all do to make our online security a little more secure. It's tough, especially if you'd been steadily collecting different accounts for different things over the past two decades. At some point you've got to sit down and take control of the situation.

Article: http://lifehacker.com/5980126/5-security-holes-almost-everyones-vulnerable-to