Security has always been an issue for Internet usage. Until recently, this was swept under the carpet by major Software Houses such as Microsoft, and large financial institutions who want to offload their data entry to the end-user. Recently there have been some serious attempts to address these issues. Banks and large traders have tightened up on security and procedures and Microsoft have released Microsoft Vista.
Vista, however may not be such a big step forward for Internet security. Although there are many features introduced in Vista which improve corporate security, in particular the security of the Microsoft distribution model and the entertainment media distribution channels, it does not really address the issue of the individual end-user security. The reasons for this are many and varied. If you are interested there are many sites that explorer the issues of Vista security (or lack of). Vista also has the invidious reputation of the slowest operating system every written.
If you are searching for the means to improve your security, you can do it something yourself. There are basically two ways:
-
If money is no object, and you have lots to spare, you can hire at least one full-time network administrator, also competent in the area of security, systems integration and performance tuning, and instruct him or her (or them) to secure your network. You can now stop reading this blog.
-
If you are budget constrained, there are some things you can do yourself. In the list below, steps 1 to 3 can be performed by most reasonably intelligent computer users. If you can't do it, perhaps your kids, or maybe even your mother can help you. Steps 4 to 6 will probably require expert help.
A lot of this is just common sense. I have enumerated seven simple steps that will improve Internet security for any user. As already stated, steps 1 to 3 are easy. If you are reasonably competent computer user and feel confident about installing software, you can do these yourself. These three steps are more or less the equivalent of making sure that the doors and windows in your domicile have locks and that you fasten those locks when it is unattended. Steps 4 to 6 are more like building a brick wall around your property, installing steel doors and shutters, a monitored surveillance system, and three dobermans in the yard.
It is tempting to use the analogy of household security, because of the similarities. There are bad guys (burglars), who look for vulnerable buildings and try the locks on the doors and windows. Same on the Internet. However the analogy doesn't quite hold. You can be a complete slacker about household security and never get done over, because the burglar just didn't come around at the time your house. On the Internet, there is a bad guy rattling the doors and windows every minute. If you are not secure and you are on the Internet your system will be compromised. You can bank on it! Or, in some cases, the bad guy will be banking on it (possibly with your bank account).
Most security breaches occur because of failure to implement steps 1 to 3.
Basic Security (can be performed by any competent user)
-
Use a secure Open Source Browser. I recommend Firefox 3.0.1 or greater.
-
Use a secure Open Source Mail User Agent. There are many of these. Evolution, Thunderbird, Kmail etc.
-
Use a secure Open Source Operating System. I recommend Ubuntu Hardy Heron or greater. In fact if you download the latest distribution here, you can accomplish all of the above steps in one easy installation.
Additional Security (May require the assistance of an expert).
-
Install a (hardware) firewall between your modem and your site network. This applies to the office and/or home system(s). I recommend using a small computer equipped with two network cards, running Ubuntu server and a firewall script. If you want to use wireless networking, connect the wireless router to the local side of the firewall and make sure that you use authentication for the all workstations connecting via wireless.
This will probably require the assistance of an experienced IT professional. You should ask whoever does this, to build the system so that the firewall script starts automatically with the correct routing information when it is powered on. You should also ask for a backup copy of the system so that your firewall can be rebuilt easily in the event of a system failure. Once every six months or at least once a year you should arrange for a professional to check the system and bring it up to date with the latest Ubuntu patches.
-
Create a separate account for every user on your internal network. If you have a small number of users, you can manage them manually (use NFS and make sure that the User ID is identical for each user on each machine). For larger networks you can use NIS and/or samba and/or LDAP.
-
Make sure that only a few trusted users have administrator privileges. Update the software regularly. If you have a medium sized network you may want to schedule Ubuntu updates with crontab.