Protect Your Computer from Unauthorized Access
Every day personal information is being stolen by third parties. In the past this was commonly accomplished by telephone based social engineering. "Hi, my name is John and I'm with your long distance company. We are updating our records and want to verify we have your correct information. Is your last name spelled ________? Would you please verify your address? and on and on". Well, phone calls are costly and these criminals have moved to more efficient and anonymous media such as the Internet and other networks to which your computer connects.
There are two primary types of attacks that exist today: directed and automated. Directed attacks describes those instances where an attacker singles out a target and specifically attempts to gain access to that target's data. This is extremely common for larger organizations and these organizations generally attempt to implement safeguards against such attacks. Automated attacks describes those attacks that run automatically, trying to find computers that are insecure and exploit those insecurities. This is the most dangerous type of attack, as it can run without user intervention and can use the resources of many computers without the owners of those computers knowing that their equipment is being used to attack someone else. These types of attacks generally affect residential users, small businesses, and medium businesses most frequently since those that administer these users determine that it is not likely they would be a target of a directed attack and thus, implement little to no security, not realizing that their users are vulnerable to dangerous automated attacks.
There are many methods used by these criminals. Some of the more sought after data includes information regarding your financial institution, credit card information, and passwords. This information can be easily obtained via public computers, software right on your computer, and unencrypted passwords.
Many people use computers that don't belong to them, such as public computers at a library or computers of friends or family. "Keylogger" is a term with which every computer user should be thoroughly familiar. A keylogger can take many forms, but the form that is most relevant to this article is a software keylogger. A software keylogger describes a program that can reside on a computer and store every keystroke made. Typically this log of keystrokes is then sent to the criminal who distributed the keylogger. Every computer user today should assume that every computer that does not belong to them has a keylogger running. This means that if you use a public computer to place an order using your credit card or access your bank, all of those bank account codes and credit card numbers that you have typed have been instantly sent to a third party. This means, to stay safe, don't execute any personal tasks on any computer that does not belong to you, especially those in public areas that are used by many people.
This, of course, poses the question: "How do I protect my own computer?" Some of this can be answered in an article by itself. However, following a simple guideline can greatly reduce, if not eliminate, your susceptibility to this type of attack: A.) Ask your IT support if they are keeping your firewalls and computers updated. B.) Have good mainstream firewalls such as the Cisco ASA series or better. Firewalls are extremely important in protecting against the installation of software such as this. C.) If possible, use GNU/Linux computers instead of those that have Windows or Mac OS X. D.) For those that don't have GNU/Linux computers, obtain the best anti-malware software available to you. E.) Ask your IT support to deactivate all "auto-run" features. These are features that are on most computers by default and, when enabled, automatically execute certain commands when disks or other storage devices are connected to your computer.