As you may know I’ve been doing cyber security for a while and lately at work I’ve been doing cyber research. Really all of my career I have been doing cyber but until now it hasn’t been all that I have done. All of the other stuff has actually fed into the cyber research. Networking, program development, reverse engineering, etc.
At work out focus is on industrial control so I have to keep that for work, unless for some reason they let me talk about it here OR I no longer work for them. But everything else is open so I can tell you how to protect yourself on the web, protect your home network, your small business computers and network, web sites,etc.
Of course this will be way to much for one post, or even a couple so I am hoping to do a post for each type of network you might be protecting. I want to start with the most simple and most common and work my way up to enterprise level network protection. This could take a while, I’m starting on drafts today and hope to post a new one a couple of times a week. If there are points people want to know particularly post comments to this post and I will add them.
I will also be posting more about specific attacks and alerts if I can. One of the first |I will cover is the increasingly prevalent crypto-locker style attacks where a users computers files are encrypted and locked so the user cannot access them without paying a ransom.
But to start it all off, some tips to keep safe on the internet. If you can, switch the system you browse the internet to Linux. The attacks out there are all aimed at Windows systems so if you can switch it removes 99.9% of the attack surface. But I know most people cannot do this so you have to make your copy of Windows more secure. Start by applying every important or recommended patch to Microsoft Windows and always keeping your patching up to date. If you can switch to Windows 10 this is better than staying with XP or Windows 7. 10 is more secure, just not totally secure. Turn automatic updates on in Control Panel on older Windows and Setting on Windows 10.
Install an Anti-virus and yes even Microsoft’s Windows Defender is good enough for home use. Again make sure it updates regularly and scans. Do a manual scan once in a while. Windows update should update the antivirus and once a month when it runs it runs the Malware Removal Tool. This tool provided free by Microsoft tackles a list of known malware and removes it from your system. One way you can detect malware is that some malware disables updates so check it is enabled once a month or so.
Then Don’t use Internet Explorer (IE). Use Google’s Chrome or Mozilla’s Firefox or even Edge, although Edge is not as known to us researchers as the others it’s not IE so it’s safer. Disable Flash. Most sites that use Flash also use HTML 5 and can show movies and the like without it. Also ads that use flash won’t work. And unless you are sure you need it disable Java in your browser. Flash and Java vulnerabilities in web browsers are the most common attack against Windows.
After that just be more cautious. If you receive an email or message with a link or attachment, stop, think and decide if it is real or not or someone is trying to “phish” you.
I will cover this all of in more detail in the first post hopefully coming soon.