1-   E-MAIL SECURITY



a-   About E-mail Viruses:

E-mail viruses, worms, and Trojan horses continue to spread through the Internet via e-mail attachments (not to mention the host of internet hoaxes that are wide spread).). These programs range from being mildly annoying to being extremely destructive (i.e. completely eradicating all files on the hard drive). In many cases, for these programs to activate, the user must save the program to a local hard drive, and then deliberately execute it by double-clicking the program file. Thus, many e-mail viruses are dependent upon the user to bring it to life and to initiate its destructive processes. Precautions can be taken to minimize your chance of falling prey to these malicious programs.

b-   Safeguards    (or E-Mail Tips)

 Executable File Extensions:  To best protect one’s self from the majority of e-mail viruses, do not send, click, open, save, or run EXECUTABLE e-mail attachments. Executable file extensions include the following designations:  .EXE,  .COM, .VBS, .LNK, .PIF, .SCR, and .BAT.

Executable attachments:  If you receive a file via e-mail that ends with ‘clickme.exe’, iloveyou.jpg.pif’, ‘memo.doc.scr’, ‘newdean.bat’, or ‘your_tenure.vbs’, it is best to  delete it  Most  people do not  need to receive an executable computer program via e-mail.  Typically, these programs should come from software manufacturers on CD-ROMs or via another media (or source?).

Be aware that even trusted friends and associates may have fallen victim to a worms or virus, and might have unknowingly sent it to you!   Therefore, the wisest policy is to never send or receive executable attachments by e-mail

If you must send or receive documents via e-mail, please ensure the following:

  • Know what you are distributing before you send  it via an e-mail (e.g. do not  inadvertently victimize others for the sake of a humorous  program or document);

  • Know whom the e-mail attachment is from before you click, save, or run it.  Ensure that it is from a known and trusted user.  Contact your friend before opening the attachment to ask, "Did you mean to send this to me?"

  • Back-up vital documents on your computer.   (We have encountered e-mail borne programs that have wiped every file off of the user’s computer.) Obtain a Zip/CD-RW drive and make regular back-ups of your data files. (Program files are already backed up on the original manufacturer’s installation disks.)

  • If you have any doubt about the security of an e-mail message or attachment, delete it.  Send an -mail back to its originator advising that you suspect a virus.

  • Have current anti-virus software installed on your computer


2.   PASSWORDS



a-   About passwords:

A good password is your first security defense. You should always use a password, especially on a shared computer.  , This is prudent so that no one can access your private information, use your account, or impersonate you on the Internet.

From least to most secure, there are three types of passwords:

Things you have: such as door keys and pass cards; these can be lost or stolen.

Things you know: such as computer accounts or building alarm passwords, which are entered on a keypad? These can be copied if someone is observing you while you are entering it.

Things you are:   such as fingerprints, retinal patterns, or other biometric passwords. These are much more difficult to copy, and are the most secure passwords.

b-   Password Tips:

For standard alphanumeric passwords, there are four rules to ensure maximum security:

(Insert bullet) Pronounceable:  The best password is a minimum of eight letters and is pronounceable, thereby making it more memorable.  In less secure environments where there is unmonitored access to your computer, your password should not be an obvious, recognizable word and should include at least one number. An easy trick in creating a password from pronounceable nonsense words is to combine letters in random "noun-vowel-noun" combinations, like "wegorand8", "tilupsam6", and "somican33". In lower threat environments you can use less complex passwords, such as “batman2", "cougar7", or “dandelion4".

(Bullet)Avoid clichés: Many people choose their birthdays or spouses’ birthdays, the name of a family member, friend, or favorite pet, or some other high profile subject as their password.  Avoid obvious choices, since professional hackers try these first.

(Bullet)Recording:  The smartest advice is not to write your password down. I If you absolutely need to write it down, do not store it in your wallet or tape it to the computer!  Write it, in pencil, on a document that you store in a file drawer with many other documents, or on the inside margin of a book that can be placed on   a shelf with many other books. That way, even if someone searches for it, it would be more difficult to find.   Also, even if it were found, it would not be as obvious that it is your password.

(Bullet)Uniqueness:  Never use the same password for more than one purpose.  Use different passwords for your computer login, internet account, e-mail account, and other functions.  Use of the same password for more than one purpose increases the risk of infiltration and lowers your security. Once someone gains access to a password that is used for multiple purposes   they can break into all of your accounts. (This rule may be relaxed for low threat environments, such as your home office).

3.  SUMMARY/ADDITIONAL COMPUTER TIPS



  1. Do not open suspicious attachments - you do not know where it has been.
  2. If you cannot   trust the source you are downloading from, you cannot trust the file.
  3. Do not leave a computer that you have logged onto unattended or unprotected.
  4. Keep your passwords strong, and memorize them.
  5. 5. Data on paper is the same as data on the screen.
  6. Beware of “Social Engineers".

 
Tell a friend
 
 
  
Privacy Policy | Our Process Steps | Contact Us | Site Map
Copyright © 2008 Bright Solutions. All Rights Reserved