Recent Posts
Categories
Project – best practices for people to use to keep there data secure, including tools.
Greetings All —
For a while there have been questions from people on what are the best ways to keep your personal data and information safe from prying eyes on the net. This is is a hard question because your data is now a valuable commodity, by many groups, both business and governmental. Some of it is a good thing, much of the free services would never be around, or of it is it would be a “pay for use” type system if all of your personal data was kept hidden away and not able to be used. The internet we see now may never have grown to what it is today. So some personal information being used as a commodity is a good thing, but, you still need to protect as much as you can of it and how it is being used. For a few blog entries there will be some tips and ways to keep most of it secure, and ways to keep track of it from people that try to take and use it. It is not totally possible to keep all your data safe, never has and never will be, sorry that is the way it is.
For the next few entries I will give you some ideas to keep your data safe and also give you some tools to use to help as well. Here are some of the key points I will try to cover and not in any special order except I will do the general information first.
Key points to cover –
General information
E-mail
File exchange
Web browsing
IM exchange
Buying online
Social media
There are some things you can go right away, some take a bit of work but are worth doing to give you a fighting chance to keep your data safe. For now I will leave you with one quick idea, it is easy but it does require some work. It is passwords, make sure you change them from time to time, and don’t use the same one for everything. Each site should have its own password, Ok you may be saying “well how to I keep track of them all?.” There are programs that will store them and are password protected as well. When it comes to passwords, lengths is not always what matters it is what letters/numbers are being used for the password. A nice rule of thumb is 10 characters with a mix of numbers letters and special characters, that being ($&#*) or a mix of others depending on your keyboard. Use at least three of them and don’t use thinks like your pet, home, kids, or real object names. Many times people will use a dictionary to scan for the names. If you want to do a bit of looking check out Steve Gibsons web site (grc.com) he has a nice write up on password storage programs.
Well that should keep you bust for a while – more to follow.
Keeping your messages safe from prying eyes
With the current political environment your privacy is being chipped away more and more each day. Much of the debate is based on the idea that if you are not doing anything wrong then you should have no worry about your information being viewed by the government, this in itself is a fallacy. Another debate is that they need the ability to view everything to protect you from terrorists that are bent on harming your way of life, this is a long discussion in itself, but not here.
With the next few entries I will discuss ways to keep your messages private between you and the people you want to exchange information with. The key ones will be E-mail, IM and file exchange using encryption and encryption type programs. Some of them require usage of special programs that you and the person your are exchanging information with need to have set up. It is quite simple to do, I will also give some tips and tricks on using them. All of the applications I will talk about are open source so if you wish to view how they work you can.
The E-mail program I will be using in the discussion is Thunderbird with some plugins. It has clients for windows, mac and Linux, I use this because it seems to be on of the more extendable clients for email. It will be used with a public key / private key clients to encrypt and decrypt the messages. For exchanging IM between you and another person I will be expanding on pidgin, it is a multi-service client, that is it works with yahoo, AIM, jabber, exchange and some others. The last group of topics will be encrypting your files, so if you travel you can be generally sure your files will be safe from prying eyes. This is not the entire list of applications you could use, nor is there a guarantee that the data can not be decrypted at some time in the future. As technology changes one never knows, but for now its mostly safe.
I will add different programs as I go from time to time under the same heading, so I hope it will spur you into keeping an eye on your data and who may be snooping on it, for good or evil.
Happy Data Privacy Day
Data Privacy Day is an international holiday that occurs every January 28. The purpose of Data Privacy Day is to raise awareness and promote data privacy education. It is currently celebrated in the United States, Canada, and 27 European countries.
Go out and look for ways to secure your data, if your sites don’t then request they do or save your data in places that do.
Cloud types
What are the general cloud types?
Public cloud
Public clouds provide access to computing resources for the general public over the Internet. The public cloud provider allows customers to self-provision resources typically via a web service interface. Public clouds offer access to pools of scalable resources on a temporary rent as you go basis without the need for capital investment in data center infrastructure.
Private cloud
Private clouds give users immediate access to computing resources hosted within an organization’s infrastructure. Users self-provision and scale collections of resources drawn from the private cloud, just as with a public cloud. However, because it is deployed within the organization’s existing data center, and behind the organization’s firewall, a private cloud is subject to the organization’s physical, electronic, and procedural security measures and thus offers a higher degree of security over sensitive code and data. In addition, private clouds consolidate and optimize the performance of physical hardware through virtualization. Since you use your current data center infrastructure you have a better idea on how the resources are being utilized. The cloud systems I will discuss are of this type.
Hybrid cloud
A hybrid cloud combines computing resources and draws from one or more public clouds and one or more private clouds at the behest of its users.
The Cloud
What is the cloud?
Terms and general.
Currently there are many different terms and descriptions that define what is cloud or cloud computing. Some say it is the “delivery of computing as a service”, others say it is “processing data in a expandable environment. I like the definition that cloud servers are a way to get “flexible resources as they are required”.
Cloud computing is a way to access computers and their functionality via the Internet or a local area network. Access to the cloud come through a set of web services that manage a pool of computing resources (i.e., machines, network, storage, operating systems, application development environments, application programs). A fraction of the resources in the pool is dedicated to the user until he or she releases them. It is called “cloud computing” because the user cannot actually see or specify the physical location and organization of the equipment hosting the resources they are allowed to use. The resources are drawn from a “cloud”of resources which are used and then returned to the cloud when they are released. A “cloud” is a set of machines and web services that implement cloud computing.
cloud styles
IaaS
IaaS (Infrastructure as a Service) style clouds provide access to collections of virtualized computer hardware resources, including machines, network, and storage. Users assemble their own virtual cluster on which they are responsible for installing, maintaining, and executing their own software stack.
PaaS
PaaS (Platform as a Service) style clouds provide access to a programming or runtime environment with scalable computer and data structures embedded in it. Users develop and execute their own applications within an environment offered by the service provider.
SaaS
SaaS (Software as a Service) referred to as “Software on Demand” style clouds deliver access to collections of software application programs. Providers offer users access to specific application programs controlled and executed on the provider’s infrastructure.
Cloud Types
Public cloud
Public clouds provide access to computing resources for the general public over the Internet. The public cloud provider allows customers to self-provision resources typically via a web service interface. Public clouds offer access to pools of scalable resources on a temporary rent as you go basis without the need for capital investment in data center infrastructure.
Private cloud
Private clouds give users immediate access to computing resources hosted within an organization’s infrastructure. Users self-provision and scale collections of resources drawn from the private cloud, just as with a public cloud. However, because it is deployed within the organization’s existing data center, and behind the organization’s firewall, a private cloud is subject to the organization’s physical, electronic, and procedural security measures and thus offers a higher degree of security over sensitive code and data. In addition, private clouds consolidate and optimize the performance of physical hardware through virtualization. Since you use your current data center infrastructure you have a better idea on how the resources are being utilized. The cloud systems I will discuss are of this type.
Hybrid cloud
A hybrid cloud combines computing resources and draws from one or more public clouds and one or more private
Welcome
Welcome to Otaku Systems blog.
From time to time there will be news of note in the technology world
E-Mail Security Tips
E-mail security tips.
This posting I will define some E-mail security tips, as always it is not a full and all fix for security but a good list of tips.
If you use a browser to access your Email, one of the most important tips is to make sure it uses SSL to connect you to the mail server. SSL or Secure Socket Layer is a internet standard of connection that will encrypt the connection so no or very little information is visible about what is being send.
A way (but not all the ways known) is to look for the https:// in the browser path. Some will change part of the dialog box green. Google does this, Other E-mail systems do as well.
If it connects using HTTPS then falls back to HTTP, my advice is to use a different web based E-mail client. On that note when ever possible do not use public machines to Login to your E-mail. Firstly you have no idea the setup of the machine and what programs are running at he same time your are trying to log into your account. Many places will add logging programs to there systems. This is not as a desire to track you but some places must to protect them from you.
When setting up A Email client connection (the way I would recommend when possible), IMAP or POP, try to set the connection to SSL or TSL to begin with. You will need to look at your client closer to know were the settings are located. Or go a simple search using your search engine of choice.
I want to talk a little on email clients, there are many to choose from, some are cross platform others are single platform. Cross platform clients are nice because you only need to learn one way to do something and most have the same function for each of the operating system. Many have the same basic functions, most are free so give them a try.
The ideas discussed here will only get you security for the connection and the exchange from your machine to the email server. There still is a risk if the other receiver gets the message from a unsecured machine or connection. One way to reduce the risk is to encrypt the message on the mail server and in turn require the receiver un-encrypt any messages sent. The next posting will hope to cover ways to to have your messages kept secured on the mail server, your own client and the receivers system.
General Security Post
Being this is the first post of the year, I am going to start again with the basics of general security. These postings will cover simple security tips and tricks for things like, E-mail, site access, etc. Some of this may be things you know already some may not be.
First and foremost a question – “How long has it been from your last password change?”
This includes E-mail, the machine your currently using now, banking sites. If it has been over a few months then change them today to new ones. And try not to use the same password for everything, yes it difficult to remember but in the long run you will be safer. When you think up a password make sure it has a number letter mix, with upper and lower cases. Don’t use your kids, pets, or easy to find names like that..
A question many times arises, “were do I keep the password?”. There are many programs that will store the passwords for you. Yes you can write it down on a sheet of paper and put in “safe” place. Do a google, bing or what ever your search engine of choice is for password saving programs. There are many ways out there, but use something.
Now go forth and change them..now.. now.. now..
Also when accessing your sites using your web browser make sure you connect securely. When your at the login site see if there is a “https://” in the site bar, or some will have a lock or green bar to tell you they are security connected. If no then enter https://, Example – https://mysite.com. Later I will cover ways to always force the secure SSL connection to sites.
This will keep you busy for a while..bye for now
Passwords Passwords Passwords
New month starting soon.. Time to change your passwords.
Time to change your passwords
OtakuSystems Blog
Welcome to Otakusystems Blog
Security tips and tricks, general open source and Linux information.
Recent Comments