Some Resources and tools

I was asked to do a training for a group the other day.  At the end of the training they asked me to give a list of the tools i recommend.. I figured this might be a good place to also see that list.  So here it is.  If you have other recommendations let me know as well.

iPad Security additional info

I have had some time with the iPad device and love it. That being said there is an old style hack that lends itself to this device. It is one of the oldest and simplest methods, shoulder surfing. This is when someone looks lover your shoulder to gain information or passwords. This onscreen keyboard size really lends itself to this style of attack. The simplest way to avoid this is through attentive behavior. Pay attention to your surroundings. Also keep in mind that when you type someone could be watching on video (remote possibility but still present).

Safe Surfing!

iPad security

I have recently started to work with an iPad from apple. I find myself using the device quite a bit (even writing this blog entry on it). I find the machine to be quite fast and simple to use, but this post is not about the iPad itself. This blog post is to keep people safe while using the device.

I have come to the conclusion the best method to keep your iPad secure is to follow the same methods used to secure your other smart devices such as iPhone, and blackberry.

Wireless protection methods:
Be aware of who is on your networks (possibly my next blog post).
Use VPN services (also a future blog post).
Do not check email unless you know your email is secure (SSL).

The methods above are a start, but the best defense is to be smart on your surfing habits.

The other is element of security is physical security of the device. Please turn on your passcode locks, turn on the require password immediately, and the ever important wipe data after 10 failed attempts. I am not going to go into these steps because on the iPad they are almost exactly identical to the steps on the iPhone.

I have truly enjoyed the use of this device. I hope you have similar success as mine and continue to be safe as well!

Education Workshop – “Everyday Security – A Non-Geek Approach”

On Wed June 9th at 1P.M. I (Anthony Gartner) will be doing a presentation entitled “Everyday Security – A Non-Geek Approach”

I will be presenting it at the Keller Williams in Virginia Beach.  Everyone is welcome to attend please reserve your spot on Facebook so we know who will be there.

Everyday Security – A Non-Geek Approach

Type:     Education – Workshop
Date:     Wednesday, June 9, 2010
Time:     1:00pm – 2:00pm
Location:     Keller Williams Virginia Beach
Street:     1709 Laskin Rd
City/Town:     Virginia Beach, VA
Link:        http://www.facebook.com/?ref=logo#!/event.php?eid=124586864234469&index=1

Grassroots Security : What every small business owner and individual needs to know to protect their organization and what every individual needs to know to protect their laptops.

This will be an interactive discussion on how your data may be vulnerable and what you can do.

Things covered to include :

Using Care when reading and opening email attachments
Making backups of important files and folders
Using strong passwords
Using and installing and hardware firewall
Things you need to know before connecting to that “FREE” wifi
When to hire an IT professional

Have questions on privacy, intrustion, identity theft, virus, spam, worm, trojan horse, malware, spyware, etc… We will discuss and help answer these questions to avoid cyber crimes and security risks.

Some simple ways to protect your cell phone information

I was at the apple store today because i had to replace my iPhone.  It had a bad switch on it that would not let me put it in vibrate any more.  Apple resolved the problem problem my giving me a new phone.  This was a good answer for me as I have a phone that works for vibrate.

So why am I writing about this then.  Simple, I just gave someone I do not know a fully functioning, fully loaded cell phone with all my data and information on it.  Now I realize, that neither apple, or it’s employees are likely to want or care about my cell phone but what if…

What if my phone had been stolen instead, or what if I had purchased the phone from a kiosk, or a private vendor.  This vendor honors the warranty for the phone and replaces it.  I have now given the vendor all the private information on my phone. At the very least they can look though any pictures that may reside on the phone, or look though my phone book for numbers of people I may know.

There are a couple more what if’s I would like to point out:
What if I happen to know someone famous and their private number is in my phone?
What if I have attached pictures / text messages of a person that should not be in public?
What if I have stored my password or critical information in the notes section of a contact?

This now leaves my data very vulnerable to whoever might not be quite as nice as I am.  I have now lost control of some very personal information.

So what can you do to prevent this from being a problem. I believe there are a couple ways to help mitigate the exposure of your data.  Most smart phones have a method to lock your phone.  This will require you to put in a password to unlock your phone for use.  The second is not on all phones but i believe it is still available on many including my iPhone.  The second method is a followup to the first.  The second method is a phone wipe.

You set the first and second by going to the following:

Settings on the phone

General iPhone Screen

Picture of the iphone screen for settings

General

General on the iphone screen

This is the General Tab on the iphone screen

Passcode Lock

Passcode Lock screen on the iphone

Passcode Lock screen on the IPhone

Enter your 4 digit code

Passcode Screen

Passcode screen for the Iphone

Re-enter your 4 digit code

Erase Phone screen

Erase Phone screen of the Iphone

I want to point out above the erase data is now set to 10 failed attempts

This combination of security measures will do the best to help you in your fight to keep your data private.  The final option is the remote wipe.  This option is not always available but in the case of an iPhone it can be done if you have Mobile Me from apple.  This is also something many blackberries have full access to as well when running on an exchange server.

Happy safe computing!!!

Have you Googled yourself lately?

I know, you are think why would I want to Google myself.  How could this possibly be security related?  Am not so vain I have to see what is listed about me?

Answer: YES, yes it is!

Here is my thought process on this.  Social Engineering, it is a clear and present danger to you, your business, your family.  I have spoke of passwords on several occasions, well when you tie in a Google search to yourself, you find a LOT of data out there that can arm a bad guy with a place to start gaining control of your identity.

Anthony Gartner - Google Search

I spoke in earlier posts that human nature is to use a password that is something you will remember.  Anniversary dates, kids names, pets are all fair game to user for passwords.  While this is a bad idea it is very common.  So based on the Google search you will find my web site.  This gives you both my name, my wife’s name, and my sons name. (cats name is Kitty) Don’t worry none of my passwords match any of these so don’t try :).

Image of AnthonyGartner.com Web site

So armed with the above information, if you have a password that is family related for ease, please stop reading this and go change it.

Another reason to do a search is to simply know what kind of things really are being said about you.  This is important if you ever go to apply for a job, security clearance, or even dating now.  If there are things being shown that you are unaware of you can research why they are there and ask the owner to withdraw it or adjust it.  Knowledge is the key!!!

So go do an Existential search on yourself!!!