Endpoint
1/13/2017
12:30 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

10 Cocktail Party Security Tips From The Experts

Security pros offer basic advice to help average users ward off the bad guys.
Previous
1 of 11
Next

Image Source: Pixabay

Image Source: Pixabay

It’s getting a little bit more than scary for the average computer user. Companies and federal agencies are regularly hacked. Ransomware stories abound. And now, the CIA, FBI and NSA point to Russian hacking of our recent Presidential election. The plot thickens on alleged Russian transgressions with each passing day.

How can average users protect themselves when corporate giants, large federal agencies and our major political parties can’t?

We spoke to Michael Kaiser, executive director of the National Cyber Security Alliance and Frank Dickson, a research director at IDC, for advice. The idea was to develop a list of 10 simple security tips that could be easily explained at a cocktail party.

While our readers are some of the industry’s foremost experts, many are more used to explaining how to segment VLANs for security than explaining simple steps average users can take.

IDC’s Dickson says people should take care of the basics, such as resetting default passwords on connected devices or limiting the personal information they put on online accounts or social media sites.

“The reality is that hackers tend to go for big targets and people who keep a couple of thousand dollars in their bank accounts to pay their monthly bills are not likely the focus of individually targeted attacks for hackers,” Dickson says.

NCSA’s Kaiser adds that all this information should not overwhelm readers.

“It’s not possible to take care of all the tips at once,” Kaiser says. “People should carve out 15 to 20 minutes in their week and slowly work on them throughout the month.”

Here's a list of 10. We invite readers to chime in and add their own ideas. 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Meleon42
50%
50%
Meleon42,
User Rank: Strategist
1/29/2017 | 10:26:33 PM
Re: guest wireless zone
@Joe

Trust is not an absolute - there are levels.

I trust friends to come into my house, but only a few would I trust to be in the house without a family member present, and others I only trust enough to allow them in if I am there. In the same way, I trust them to access the internet from my home, but I think of it as a matter of least privilege. Why give them more access than they need? Why give them access to other devices present on my network if I can easily create a guest network.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/27/2017 | 1:09:57 PM
Re: guest wireless zone
@Meleon: Okay, that's certainly a more palatable proposition, security-wise, but wait a minute.

Do you trust your friends and their kids?

Then why have a guest Wi-Fi at all?  Why not just give them the password for your "main" Wi-Fi?

After all, you trust them, right?

Because if you don't, then it would be poor practice to give them access of any kind at all.

Now don't get me wrong.  I'm not saying you're somehow wrong to let your friends and their kids use your Wi-Fi.  I'm just suggesting that a guest network probably doesn't really do much for you when you're talking about a personal home connection.  It's probably just as simple as this: either give 'em the router password or don't, and don't worry about guest networks.

That said: In an enterprise/business/institutional environment, sure.  Go to town with guest networks and segregated WiFi logins.  But it's probably unnecessary cybersecurity theatre in the home environment.
Meleon42
50%
50%
Meleon42,
User Rank: Strategist
1/18/2017 | 11:04:01 AM
Re: guest wireless zone
@Joe

yeah, I didn't define my scenario well enough. I agree not to set a network without a password. This would be a separate SSID with password. It would be segmented from the home network. So when my kids' friends are over and ask to use the wireless, I can give them the latest guest password

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/18/2017 | 8:48:58 AM
Re: guest wireless zone
@Alex: Respectfully, I disagree with this notion.  I just wouldn't let guests use my Wi-Fi period.

if you have a non-private, password-less zone/network, then bad guys can use it too.

Then you're getting woken up at 5am as armed federal agents bust down your door and raid your house because some pervert in a van parked outside one day used your guest network to access illegal material.

Also, to use a less extreme example, your Torrenting-freak neighbor could easily access such a network to mass-download large media files -- causing bandwidth issues on your own router and modem as you try to do basic things.

And so on and so forth.

Just say no to password-less networks.

Meleon42
100%
0%
Meleon42,
User Rank: Strategist
1/17/2017 | 12:20:54 PM
guest wireless zone
Create a guest wireless zone which only has access to the internet. So when your kids or guests come over they can get on your guest wireless but not have access to your private network
tmbard
100%
0%
tmbard,
User Rank: Apprentice
1/16/2017 | 2:59:02 PM
Home Network Security
Don't forget there are new devices coming to the market that help home network security. A few companies that have these appliances are Bitdefender with Box, and soon Norton with Core. In addition, a few companies have AiProtection from Trend Micro built into the home router solutions.  Adding these devices to your network can help protect all the devices that are connected to your home network.  This ultimately would help solve a lot of the issues that people have when trying to keep their home network secure.
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.