3 Simple Tips for Internet Security
by Matt James
Cyber Security isn’t just a buzzword for nation-states and corporations. It’s no surprise that stories about hacking are published daily in the press. Even around the water-cooler, I’m sure most readers have stories about annoying situations where their identities were compromised, or their systems were affected by a virus or malware.
Here are some very simple tips that, when applied appropriately, will significantly increase your defenses.
1. Always Apply Security Patches
If you simply apply patches as they become available, it will spare a tremendous amount of heartache, and decrease your chances of being hacked. While a lot of updates to software are related to functionality, a great bit more correct flaws that have been identified by security researchers and practitioners such as myself.
When a security-related flaw is discovered, it is responsibly disclosed to the vendor—giving them time to address the flaw and release an appropriate update. If a researcher is able to identify the flaw, so are the bad-guys. That means, by the time a fix has been engineered and released, the possibility of exploits being available already is significant. That is why it’s important to apply patches as soon as they are released.
2. Browser Security Protections
Most of our time is spent surfing the web. This includes the dynamic websites that now liter the vast majority of the internet. A dynamic website is one that has a lot of underlying technology that allows for a more interesting experience when you visit. It also includes a lot of scripts, or secondary programs, that will run simultaneously as you access the site’s web-pages.
Most of the time these scripts are harmless. But, what you may not realize is, that in the background, you’re actually running content from many different websites—not just the one you think you’re visiting. This can lead to exploitation, as your browser is pulling data from many different sources. Below is an image of the content that’s running when I visit a major website, like MLB.com
As you can see, there are 17 different scripts, or trackers, that load. All of these are for advertisements, or analytics. Simply put, potentially sensitive information about me (and my habits) is disclosed. Privacy issues aside, if a malicious script is present, it could compromise my computer.
Some options available for protecting your browsing are as follows. Please note, by disabling third-party scripts, you may affect the functionality of the website you’re attempting to visit.
Privacy Badger: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/
3. Beware and Be Aware
Simply put, your own awareness will often be your greatest defense. Malicious programs that have made their way on to your system could present a pop-up window that says you should update immediately. These almost always look odd and out of place, and often have misspelled words. If you don’t see an update from your operating system tray (such as the image under our first tip), it’s best to investigate it separately by going to the vendor directly. It’s easy to become lax and automatically click something that says “Update” without reading what it is. If you take a few moments to read what is displayed, you will save yourself a lot of potential problems.
This article first appeared in The Havok Journal 12 August 2018.
Matt James (CISSP, CISM, CPT, CEH, CDNA, Security+) has more than 15 years of experience in cyber security and information technology. He has lead and performed numerous red-team activities against the public and private sector, as well as major Fortune 500 corporations and federal agencies. Medically retired from the Army after injuries sustained during combat operations, Matt resides in the Washington, D.C. area where he manages a cyber red team for a major telecommunication corporation.