Measure this.

--Originally published at TC2027 – Blog will Tear us Apart

After a much needed password therapy let’s take on the generals of what are we protecting. We may know some techniques, and we already know that we want to be safe, but how can we measure it?

giphy (2).gif
Measure like its hot

 

Luckily for us, there are already some guidelines to measure how a safe a system is. But before, just like Rick Lehtinen stated on his book, Computer Security Basics:

No man, or computer is an island.

Nowadays everything you have is connected, even just to properly work and be up to date so don’t start shouting out load that you’re a not a potential target, because you definitely are.

So in order to measure safeness, we can stick to the core C-I-A  three pillars concept, which states that in order to be safe, a system must guarantee:

  • Confidentiality
  • Integrity
  • Availability

Pretty straight forward, no? Lets tackle one by one. Again, I’m talking user/client-side, so don’t expect server-side practices.

Confidentiality

Here is where privacy is at play. As you may remember from my first post, security and privacy are not the same, and that security makes privacy possible.

And that’s precisely what confidentiality is all about, keeping what you want secret in secrecy and what you want public, public. You definitely want you bank accounts, passwords, chats, and perhaps some of yours spicy pictures secret (which you shouldn’t be sending to anyone, by the way); meanwhile you definitively want everyone to know your spoiler free (I wish) Game of Thrones death -rant tweets.

How can my confidentiality be compromised?

Easy, there are some really easy steps in which anyone interested, without even having to be a hacker can destroy your confidentiality, here are some possible breaches.

  • Giving out your password. 
    Gee man, just don’t. If you
    to consider yourself as a borrow master it would be great if you set up a guest user (available in every OS), or use something like Applock in your phone to keep the curious eye from your sensitive data.
  • Losing your non encrypted device
    Many users don’t know how easy is to read a disk drive. In five minutes I can take it from the device, connect it to an adapter and see every file you had. Without having to input a password even once.  ENCRYPT YOUR DRIVES.
  • Connecting to a “Free” WiFi network.
    Just don’t. Nothing is this world is free.
  • Non-encrypted communication
    The “s” in https and the green lock on your browser mean something. That your connections are secure, end-to-end. Disregard having personal information running in sites without that lock.
  • Not logging out in borrowed computers.
    Common mistake, rookie. This is, and must be, highly punishable. This may grant someone access to your data and your identity.  And you can’t really know something is odd until it’s too late.

Obviously, this is just the tip of the iceberg on the possible breaches, I’ll be posting some extra ones later on; but remember is your job to inform yourself about this.

Integrity

This all about your system’s data health. The system must be able to treat possible data corruption due to hardware & software failures, viruses, hackers, and even user mistakes.
In this step, you can’t really do much as a user, perhaps a power user can use some Disk and Memory diagnosis tools to check the hardware. Perhaps having some redundancy drives, like with RAID could help too.

Take care physically of your devices. Magnets, falls, heat; most devices are not so tough as they may seem to. This could all lead to compromising the data.

And please, please, please, backup your drives. In a couple of days I’ll be posting a whole topic about backups, but don’t wait for my post, get up and backup everything!

Availability

RANSOMWARE.

Sorry I got carried away. Availability is the about users accessing their data, but not only accessing but also having the right privileges. Maybe the CEO can see and read every inventory status report, but she might not be cleared for modifying none of them. That’s what we need to ensure at this step.

Ransomeware and DDOS are the most known breaches on this category, the first one consists on a malware which encrypts all your, or your company’s data and wont unlock it until you pay an amount of money. The other one manages to take down sites and services by overloading the server’s request capacity.

An antivirus can help a lot in the case of ransomware, by incubating and warning you about malicious viruses. And perhaps a firewall can do some great work in order to filter a Distributed Denial Of Service attack.


Keep asking yourself if you’re safe in the three aspects in order to start securing yourself. And please, remember to act, only reading won’t make you anysafer.

Okay, that’s it for today, keep reading, commenting and sharing. I know this post was a little bit more “lectury”; don’t worry the fun ones are already in the oven.

Be safe.


Cover image Image by Neil Cummings via Flickr.com