Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/13/2017
12:30 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

10 Cocktail Party Security Tips From The Experts

Security pros offer basic advice to help average users ward off the bad guys.
Previous
1 of 11
Next

Image Source: Pixabay

Image Source: Pixabay

It’s getting a little bit more than scary for the average computer user. Companies and federal agencies are regularly hacked. Ransomware stories abound. And now, the CIA, FBI and NSA point to Russian hacking of our recent Presidential election. The plot thickens on alleged Russian transgressions with each passing day.

How can average users protect themselves when corporate giants, large federal agencies and our major political parties can’t?

We spoke to Michael Kaiser, executive director of the National Cyber Security Alliance and Frank Dickson, a research director at IDC, for advice. The idea was to develop a list of 10 simple security tips that could be easily explained at a cocktail party.

While our readers are some of the industry’s foremost experts, many are more used to explaining how to segment VLANs for security than explaining simple steps average users can take.

IDC’s Dickson says people should take care of the basics, such as resetting default passwords on connected devices or limiting the personal information they put on online accounts or social media sites.

“The reality is that hackers tend to go for big targets and people who keep a couple of thousand dollars in their bank accounts to pay their monthly bills are not likely the focus of individually targeted attacks for hackers,” Dickson says.

NCSA’s Kaiser adds that all this information should not overwhelm readers.

“It’s not possible to take care of all the tips at once,” Kaiser says. “People should carve out 15 to 20 minutes in their week and slowly work on them throughout the month.”

Here's a list of 10. We invite readers to chime in and add their own ideas. 

 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
tmbard
100%
0%
tmbard,
User Rank: Apprentice
1/16/2017 | 2:59:02 PM
Home Network Security
Don't forget there are new devices coming to the market that help home network security. A few companies that have these appliances are Bitdefender with Box, and soon Norton with Core. In addition, a few companies have AiProtection from Trend Micro built into the home router solutions.  Adding these devices to your network can help protect all the devices that are connected to your home network.  This ultimately would help solve a lot of the issues that people have when trying to keep their home network secure.
Meleon42
100%
0%
Meleon42,
User Rank: Strategist
1/17/2017 | 12:20:54 PM
guest wireless zone
Create a guest wireless zone which only has access to the internet. So when your kids or guests come over they can get on your guest wireless but not have access to your private network
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/18/2017 | 8:48:58 AM
Re: guest wireless zone
@Alex: Respectfully, I disagree with this notion.  I just wouldn't let guests use my Wi-Fi period.

if you have a non-private, password-less zone/network, then bad guys can use it too.

Then you're getting woken up at 5am as armed federal agents bust down your door and raid your house because some pervert in a van parked outside one day used your guest network to access illegal material.

Also, to use a less extreme example, your Torrenting-freak neighbor could easily access such a network to mass-download large media files -- causing bandwidth issues on your own router and modem as you try to do basic things.

And so on and so forth.

Just say no to password-less networks.

Meleon42
50%
50%
Meleon42,
User Rank: Strategist
1/18/2017 | 11:04:01 AM
Re: guest wireless zone
@Joe

yeah, I didn't define my scenario well enough. I agree not to set a network without a password. This would be a separate SSID with password. It would be segmented from the home network. So when my kids' friends are over and ask to use the wireless, I can give them the latest guest password

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/27/2017 | 1:09:57 PM
Re: guest wireless zone
@Meleon: Okay, that's certainly a more palatable proposition, security-wise, but wait a minute.

Do you trust your friends and their kids?

Then why have a guest Wi-Fi at all?  Why not just give them the password for your "main" Wi-Fi?

After all, you trust them, right?

Because if you don't, then it would be poor practice to give them access of any kind at all.

Now don't get me wrong.  I'm not saying you're somehow wrong to let your friends and their kids use your Wi-Fi.  I'm just suggesting that a guest network probably doesn't really do much for you when you're talking about a personal home connection.  It's probably just as simple as this: either give 'em the router password or don't, and don't worry about guest networks.

That said: In an enterprise/business/institutional environment, sure.  Go to town with guest networks and segregated WiFi logins.  But it's probably unnecessary cybersecurity theatre in the home environment.
Meleon42
50%
50%
Meleon42,
User Rank: Strategist
1/29/2017 | 10:26:33 PM
Re: guest wireless zone
@Joe

Trust is not an absolute - there are levels.

I trust friends to come into my house, but only a few would I trust to be in the house without a family member present, and others I only trust enough to allow them in if I am there. In the same way, I trust them to access the internet from my home, but I think of it as a matter of least privilege. Why give them more access than they need? Why give them access to other devices present on my network if I can easily create a guest network.
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "Elon, I think our cover's been blown."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31597
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
CVE-2021-2299
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...