Archive for May, 2009

What is Defense in Depth, and Why Should Small Businesses Care?

Friday, May 29th, 2009

“Defense in Depth.” This is a fundamental principle of information security. Essentially it means that you add layers of security so you don’t rely on a single point of failure in your security model. For instance, if you have a hardware firewall for your network, you also run a software firewall on your desktop computers. If it helps, you can think of Defense in Depth as a security backup. The canonical example is a castle, which has not just a keep, but an outer wall, a drawbridge, a moat, low stone walls, etc. to defend it. Castles didn’t rely on just one thing to protect them, and neither should your network. (more…)

Posted in Security | Comments Off

So, How Do I Drop Those Administrative Rights, Anyway?

Friday, May 22nd, 2009

If you’ve read my previous post on why administrative rights over your computer are a bad thing and you are motivated to do something about it, you might ask “just how do I go about dropping these rights to make my system more stable and less prone to malware?” (more…)

Tags: , , , ,
Posted in Desktop Software, Security, System Administration | 1 Comment »

Why You Do NOT Want Administrative Rights on Your Computer

Thursday, May 14th, 2009

This is almost always a hot button with some users. One of the absolutely most effective ways to shield yourself from viruses and spyware is to not log on to your computer as an administrator. As soon as I say this, I usually encounter some resistance, because users think that giving up admin rights equates to giving up power. In a way, you are, but for decades I’ve likened full admin rights on a computer to walking around with a loaded gun that might go off at any minute, and pointing it at people (including yourself). I have seen plenty of damage done by users who thought they needed (or just wanted) administrative rights over machines, and in truth, they did not. (more…)

Tags: , , , ,
Posted in Desktop Software, Security, System Administration | 2 Comments »

Zeus Botnet Self-Destructs

Sunday, May 10th, 2009

Last week, I posted an article explaining why security is everyone’s concern. Today I came across another article which underscores this. The Zeus botnet apparently self-destructed last month, effectively rendering 100,000 computers across the Internet non-functional. (more…)

Posted in Internet, Security | 1 Comment »

We Don’t Have Anything Anyone Else Would Want

Thursday, May 7th, 2009

When I first mention information security to a client, particularly a small business, non-profit, or educational institution, I frequently get a response like this:

  • “Nobody is interested in our network.”
  • “We don’t have anything that anyone would want.”
  • “Our systems aren’t that important.”
  • “No one would steal my account/password/login.”
  • “Why would someone want to hack our computers?”

(more…)

Tags: , , , , ,
Posted in Internet, Security | 3 Comments »