Cyber Security Awareness – Week 3
Been away for a while – no computer – so posts have been a bit delayed in cyber-awareness month. Sorry. We pick up with Day 15 … We’ll wrap up the discussion of younger people online and venture into the world of work, of bosses and employees. Next week we’ll wrap up the month with a 10-day feature – 2 more days on bosses and then on to co-workers.
Day 15 – What Teachers need to know about their Students
The article looks initially at the divide between the student’s peer group expectations and the teacher’s peer group abilities. It outlines the widening divide of technical knowledge between older tutors and their students, and the role of the teacher as more than just an educator in the classroom.
The central point is that students will use the Internet first-and-foremost – for research, for collaboration, for doing illegal stuff they wouldn’t do in th ereal world. Even when they are told not to, the Internet is the first port-of-call for almost anything and everything.
Day 16 – Securing a Donated Computer
The article reflects my own stance on this – wipe the machine and start again. One interesting point is that formatting the machine does not actually erase the data that is on the machine – essentially it just deletes the pointer to the files so that the operating system cannot pick them up directly. This means that viruses (or other illegal stuff) could still be present. The article suggests some tools you can use to perform a complete wipe before installing software from trusted sources.
I actually received a machine which was supposedly new a few years ago, but on start-up it didn’t ask the usual Windows questions. It just booted into Windows. I asked why and was told that “they had set it up in the shop”. I dug deeper and found the machine had been used for file sharing, contained lots of viruses and general smut. First thing – wipe the machine and start over. Once this was done I knew the machine was safe to use.
Day 17 – What a Boss should and should not have access to
The article is positioned as “what should you, the sysadmin, do to facilitate the boss’ need for new technology while also addressing the risks to the top-level data they carry with them or access when moving around?” It raises the risks of cross-boarder movement which may result in confiscation of technology (and therefore data) because the laws are different in the new territory.
The comments are the best part of this post as they are from sysadmins and bosses who have lots of valuable experience and pointers to work from – from the mildly paranoid to the everyday (of course, it depends on the level of confidentiality of the data and the risks associated with exposure or loss).
Day 18 – What you should tell your Boss in a crisis
This is a good process piece on how to manage incidents when they do occur (which they will do at some point). The 4-step process is:
- Detection & Analysis
- Containment, Eradication & Recovery
- Post-Incident Activity
Day 19 – VPN & Remote Access Tools
This is actually a 4-part post (as it turned out) with 4 separate articles being written.
Part 1: Remote Access Tools – Non-VPN Solutions and Other Access Issues in the Wild.
Part 2: Remote User VPN Tunnels – To Split or Not to Split? – A discussion of the pros and cons of both.
Part 3: VPN Architectures – SSL or IPSec? – The move towards SSL and reasons why.
Part 4: Remote User VPN Access – Are things getting too easy, or too hard?
These are more sysadmin oriented and I will leave you to dip into them if you want to know more about each topic.
Day 20 – Securing Mobile Devices
In essence, the mobile device is now a portable powerhouse of computing ability. It’s also always on, ever connected, and fully trackable. But, security tools for this varied platform have not kept pace as they have for desktop and laptop. The end result is an inherently unsecured platform which could lead to unintended data exposure unexpectedly.
A few tips are offered for security by the author and the comments pick up on these topics as usual.
- Corporate: Encrypt where possible; Use a VPN to access the office; Use a remote-wipe system if possible to defend against device loss.
- Personal: Don’t do things like online banking “just because you can” – this exposes personal data which is easily accessible; Avoid clicking links in IM, SMS, etc.
- General: Turn off unneeded services (like GPS & data); Install an AV solution; Use separate devices for personal and work; Use a passcode.
Day 21 – Impossible requests from the Boss
This is an American-focused article about dealing with a boss who appears to ask the impossible. On one-off or occasional situations the best course of action is outlined as:
- Think about is first (it may not actually be as it appears)
- Communicate with your boss – either with a solution, or options to mitigate the impossibility
- Document and File (just in case it comes back to haunt you, it may help save your arse)
There are many more reasons for being given impossible tasks – some of these are simply management posturing – and the article discusses these in more depth and offers suggestions for dealing with different personality types. I read a book once – Dealing with Difficult People – which was quite useful, and there are numerous online resources related to this area which offer good advice.