Encrypt everything

Being that I work in Information Security, I’ll concede that I’m much more cynical when it comes to the Internet than the average computer user.  However, I also know how simple it is to capture unencrypted information as it traverses networks.  All it takes is a cheap hub, some Open Source software, and one unscrupulous Network Administrator and you’ll find your secrets suddenly aren’t so secret.

If you use Gmail, make sure you browse to https://gmail.com and not http://gmail.com (notice the ‘s’), this will ensure your session stays encrypted while you are browsing your email and not just during authentication.  And if you think you are safe and secure using your employer’s email system, think again.  Most email administrators have full access to your mailbox.

If you have files on your hard drive that you want to keep secure, make sure you are encrypting them.  Even if your system requires a login and password, that doesn’t mean you are the only one with access.  But if you use a program like TrueCrypt, you add an extra layer of protection that even a computer forensics expert would have immense trouble deciphering.

Lastly, and maybe most importantly is chat or IM.  Many people use IM to like a telephone and assume that it isn’t susceptible to eavsedroppoing.  Nothing could be further from the truth.  Most IM programs are inherently insecure; they transmit all communication in clear text.  Rebuilding a chat session doesn’t require much knowledge and most any network administrator could learn to do it with a little practice.  I recommend using a free program, called SimpLite, that adds a layer of protection to popular IM programs.

 Now go forth and be secure!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s