One of the biggest threats to your online safety is from nefarious websites which are specifically designed to either trick you into willingly disclosing your financial information or installing malware on your computer which forcibly takes your financial information from you. The act of tricking you out of your personal information is called Phishing and there are many sites that come online daily to do just that. Malware is a generic term which includes viruses, bot networks, key loggers, adware, spam relays, and spyware.<\/p>\n
When these bad sites pop up on the Internet they are identified and added to a list. There are two ways that this list can be checked before your browser connects to the nefarious servers.<\/p>\n
One way is with DNS. DNS stands for Domain Name Service and it looks up and returns the IP address of a named site. So when you type www.google.com into your browser, your computer first asks the DNS infrastructure on the Internet \u00e2\u20ac\u0153What is the IP address for www.google.com?\u00e2\u20ac\u009d DNS responds with a message that says, \u00e2\u20ac\u0153The name www.google.com is found at IP address 74.125.65.99.\u00e2\u20ac\u009d Then your browser connects to the IP address and the information is transferred. What if you had a typo and instead asked for www.goggle.com which a criminal set up to look just like google, but it was designed to secretly install spyware on your computer? Well, if you\u00e2\u20ac\u2122re using OpenDNS<\/a> the conversation would look like this. Your computer would ask OpenDNS<\/a> \u00e2\u20ac\u0153What is the IP address for www.goggle.com?\u00e2\u20ac\u009d OpenDNS<\/a> would look it up and see that www.goggle.com was flagged as hosted malware and is blocked, so it responds, \u00e2\u20ac\u0153www.goggle.com is found at www.opendns.com,\u00c2\u00a0IP address 208.69.38.150\u00e2\u20ac\u009d which is the IP address for the OpenDNS<\/a> services and gives you a page explaining why you didn\u00e2\u20ac\u2122t get to goggle.<\/p>\n But this approach isn\u00e2\u20ac\u2122t foolproof. What if the link in email that you accidentally clicked on didn\u00e2\u20ac\u2122t have a name in it, but sent you straight to the IP address for www.goggle.com? DNS is never called, and this protection doesn\u00e2\u20ac\u2122t help you. Which brings us to our second option, use a proxy server. A proxy is something that acts on your behalf. So your browser only talks to the proxy, the proxy then gets the information the browser asked for and delivers it to the browser. A good proxy, like Bluecoat\u00e2\u20ac\u2122s K9<\/a>, will make sure the site is safe, just like OpenDNS<\/a> does, but it is always called, even when the link in email is for an IP address.<\/p>\n There is one drawback to both of these solutions. They both depend on identifying and reporting the site as nefarious which takes time. This is called a \u00e2\u20ac\u0153black-list\u00e2\u20ac\u009d or a \u00e2\u20ac\u0153negative\u00e2\u20ac\u009d security model. It doesn\u00e2\u20ac\u2122t hurt to use both OpenDNS<\/a> and Bluecoat’s K9 Proxy<\/a>; in doing so, you double your chances of stopping a criminal trying to rob you.<\/p>\n What program you choose to use to surf the web is also very important to keep yourself safe. I am of the opinion that the safest browser to surf with is the latest, greatest version of Firefox<\/a>. I have this opinion not because I feel its coders are more security minded than their competitors, although that was the case years ago. No, today, the reason why I feel Firefox<\/a> is superior to other browsers is because of their plugins. Plugins are mini-programs that run inside your browser and change the behavior of how the browser works. This makes the Firefox<\/a> browser vastly configurable and allows you do to so much more to protect yourself on the Internet.<\/p>\n It is my understanding that all modern day browsers support plugins now. I\u00e2\u20ac\u2122m still standing behind FireFox<\/a> because it has been doing it longer than the rest and the plugin code-base is more mature.<\/p>\n There are a few plugins that you absolutely must have for your browser. You need an Ad Blocker. You need a Bug or Tracker Blocker. You also need to be able to block scripts and flash content.<\/p>\n I recommend\u00c2\u00a0\u00e2\u20ac\u0153AdBlock Plus<\/a>\u00e2\u20ac\u009d (or\u00c2\u00a0\u00e2\u20ac\u0153AdBlock<\/a>\u00e2\u20ac\u009d for Mac)\u00c2\u00a0to block advertising. I recommend Ghostery<\/a> (they have versions for all the major browsers) to block third parties from tracking you online. I recommend \u00e2\u20ac\u0153FlashBlock<\/a>\u00e2\u20ac\u009d (or “ClicktoFlash<\/a>” for Mac) to pause the loading of flash content — if you\u00e2\u20ac\u2122d like to see the flash content you just have to click on the placeholder and it will be loaded. To stop scripts from running I recommend the \u00e2\u20ac\u0153NoScript<\/a>\u00e2\u20ac\u009d plugin (JavaScript Blacklist<\/a> for Mac).<\/p>\n All of these plugins are designed to break things. So if you install them you will need to configure them. For example, after you install them you may find that your online banking with your bank no longer works. You\u00e2\u20ac\u2122ll need to go into these programs and put your online banking site in as an exception so it never blocks scripts from running. \u00c2\u00a0But only do this with sites you trust. \u00c2\u00a0My bank, and credit card company’s account services sites are the only sites I trust.<\/p>\n There are growing pains involved with security. Remember, our goal is to stop the bad things from reaching your computer. Chances are we\u00e2\u20ac\u2122re going to stop a few good things in the process. It\u00e2\u20ac\u2122s your job to identify that something good was stopped, and fix it. After about a week or two browsing with these new controls in place you\u00e2\u20ac\u2122ll find that exceptions are now very rare.<\/p>\n These programs are of vital importance and I cannot stress how absolutely essential they are. \u00c2\u00a0However, they do come with a cost, checking all those files against huge virus-finger-print lists will slow your computer down, so you want to pick the fastest and most effective program available.\u00c2\u00a0If you are running a windows computer I recommend removing your antivirus and installing Avira Anti-Virus Software<\/a>. There\u00e2\u20ac\u2122s a free version at http:\/\/free-av.com\/<\/a> which is free for personal use. It\u00e2\u20ac\u2122s the best anti-virus software made and it\u00e2\u20ac\u2122s free. I also recommend \u00e2\u20ac\u0153Spybot Search and Destroy<\/a>\u00e2\u20ac\u009d to stop spyware.\u00c2\u00a0If you are running on a Mac, ClamXav<\/a> is free, but I haven\u00e2\u20ac\u2122t found anything that compares to Spybot for the Macintosh. Some may argue that Mac’s don’t need virus protection. Believe me, some time soon someone is going to get tired of that smug attitude and write a devastating Mac virus just to shut those fanboys up. It is a fiasco waiting to happen.<\/p>\n It doesn’t matter if you’re running a PC or a Mac, always have your Firewall turned on — it’s built into every computer nowadays.\u00c2\u00a0Although it’s out of scope of this document to explain how to configure a firewall, I think it needs mentioning that having a misconfigured firewall is about as bad as having no Firewall at all.\u00c2\u00a0Only allow traffic to pass that you know should pass.\u00c2\u00a0If in doubt, deny it and see if anything breaks.<\/p>\n If you’re using a Mac I highly recommend Little Snitch<\/a>.\u00c2\u00a0It’s an application firewall that acts like a traffic cop, either allowing or denying programs from connecting to the Internet.<\/p>\n And last but by no means least is something overlooked all too often: pick a strong, unique password and don\u00e2\u20ac\u2122t write it down. Nowadays that\u00e2\u20ac\u2122s asking a lot. I must have 200+ logins on different web sites. It would be impossible for me to create and memorize unique, strong, passwords for each site; to remember them all I have to store them somewhere. Well, storing them somewhere secure is OK. Writing them down on paper isn\u00e2\u20ac\u2122t secure, no matter where you store that piece of paper.<\/p>\n So to conquer this challenge I recommend PasswordSafe<\/a> for the PC and 1Password<\/a> for the Mac. PasswordSafe is free and the most robust offering I’ve found. 1Password<\/a> is not free, but it\u00e2\u20ac\u2122s extremely robust and easy to use as it’s integrated into whichever browser you use. When I go to my online banking site and I\u00e2\u20ac\u2122m prompted to login, I right click on the login box. I\u00e2\u20ac\u2122m presented with a 1Password<\/a> list item. A submenu of that item displays all the \u00e2\u20ac\u0153saved logins\u00e2\u20ac\u009d for the URL I\u00e2\u20ac\u2122m at. If I\u00e2\u20ac\u2122ve been a victim of a phishing attempt, the site I\u00e2\u20ac\u2122m on will not match the site in the 1Password<\/a> configuration and I will not be able to login automatically and I\u00e2\u20ac\u2122ll know right away something is phishy (pun intended). If I am on my online banking site when I right click, I\u00e2\u20ac\u2122ll see my \u00e2\u20ac\u0153Banking\u00e2\u20ac\u009d login that I saved and labeled. Clicking on it, prompts me for the only password I need to commit to memory, my One and Only Password… or my 1Password<\/a>. After authenticating to the\u00c2\u00a01Password<\/a> program, it then automatically types in my username, 30 character, complex, password, and clicks the “login” button inside my browser to take me to the account summary page. It\u00e2\u20ac\u2122s amazing, and if you buy one program ever, this is the program to purchase.<\/p>\n Following these steps will greatly enhance your ability to surf safely.<\/p>\n Did I miss something? Do you know of a better solution that the programs I suggested? Feel free to leave a comment.<\/p>\n","protected":false},"excerpt":{"rendered":" Nefarious Sites (Phishing and Malware) One of the biggest threats to your online safety is from nefarious websites which are specifically designed to either trick you into willingly disclosing your financial information or installing malware on your computer which forcibly takes your financial information from you. The act of tricking you out of your personal … [Read more…]<\/a><\/span><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[19,6,18],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-siteuser","4":"post-192","6":"format-standard","7":"category-technical","8":"post_tag-howto","9":"post_tag-personal","10":"post_tag-security"},"_links":{"self":[{"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/posts\/192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/comments?post=192"}],"version-history":[{"count":0,"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/posts\/192\/revisions"}],"wp:attachment":[{"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/media?parent=192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/categories?post=192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andrew.the-espositos.net\/blog\/wp-json\/wp\/v2\/tags?post=192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Browser Choice<\/h1>\n
Browser Plugins<\/h1>\n
Virus and Spyware Protections<\/h1>\n
Firewalls<\/h1>\n
Password Complexity and Storage<\/h1>\n