A Safer New Year
I believe that the New Year is a great time to improve your security posture, so with that in mind I have a few suggestions that everyone can apply both at home and in their business or workplace.
Use HTTPS Everywhere
The HTTPS protocol is the secure version the HTTP protocol used on the web. HTTPS encrypts the content sent between a website and the browser so it can’t be intercepted and read by someone else. Many websites support using the secure protocol but will respond insecurely if you do not request the HTTPS security. Many modern browsers support a setting to force all requests to use HTTPS by default. In Firefox this can be found the settings menu under privacy & security under the HTTPS-Only Mode setting. Selecting “enable HTTPS-Only Mode in all windows” will make web requests in HTTPS the default. The setting in Chrome the setting is found under privacy and security, security, advanced, “Always use secure connections”. While you are here, also click, “use secure DNS” for even more security.
Use Secure DNS
DNS is the domain name service for the Internet. It converts user friendly names like google.com to numbers (called IP addresses) that are used to send messages between computers on the Internet. By default, DNS has no security and anyone listening to the traffic (like an ISP) could see which web sites you are visiting. Today there are two ways to protect against this; DNS Security (DNSSEC) and DNS over HTTPS (DoH). These are two different approaches for the same goal. DNSSEC can be configured on the router to protect everyone on the LAN or on each individual computer or browser.
DoH is more commonly configured on the browser itself. On Chrome the “use secure DNS” setting from the previous section will set the browser to use DoH. In Firefox use “Settings, Network Settings, “Enable DNS over HTTPS.” By default, this will also point the browser to use Cloudflare as the DNS provider but this can be changed by the setting that follows. https://doh.familyshield.opendns.com/dns-query
More information about OpenDNS for families can be found here: https://www.opendns.com/home-internet-security/
Search Safely
I am sure we have all encountered the situation where we search about something private and personal like information about a disease and then we are followed by ads related to that search for weeks. This is because most search engines make their money by selling targeted ads. DuckDuckGo is a search engine that protects your privacy. It uses Bing for the actual search but your information is never sent to Bing or shared with anyone else and can’t be used to target ads. DuckDuckGo can be found at DuckDuckGo and can be used as the default search engine in most browsers.
Change Your Passwords
Good secure passwords should be changed annually. I always like to do this with the New Year. Another choice is World Password Day in May. Today a “good” password uses a mix of upper- and lower-case characters, digits, and symbols and is 15 characters long or longer. Passwords should also be different for each website or system you access. Some good suggestions on how to create strong passwords that are easy to remember can be found in some of my previous columns found at these links; https://www.beltsvillenewstoday.com/post/tech-sense-another-world-password-day, and https://www.beltsvillenewstoday.com/post/tech-sense-time-to-change-your-passwords.
I also recommend using a password manager to securely store passwords. Lockwise is a password manager that is now built into the Firefox browser and KeyPass (found at https://keypass.info is a free and open source (FOSS) password manager.
Use Multi-Factor Authentication
Passwords and usernames are no longer enough to protect your accounts. Many sites now support technology where an additional factor required. This may be a telephone verification sent by text or voice message or a one-time passcode (OTP) generated by a phone application, or a fingerprint verified by an on-device sensor. In general, any of these methods are better than nothing, however phone calls and text messages can be intercepted negating their value from a security perspective.
I use a free product called Authy (https://authy.com). I prefer Authy because it is easy use on multiple devices and is easy to backup and restore. There are other free from the likes of Google and Microsoft that can be used as well.
Secure Your Files
Our final New Year’s tip is to secure your important files. In general, there are two aspect to this; first use a tool like 7-zip (https://7-zip.org/) to compress and encrypt your import files, then copy the files onto an external thumb-drive or USB hard-drive. Files like tax return related papers, financial statements, and medical records should be protected from anyone that might have access to your computers and should be backed up in case the computer fails or is lost or stolen. An alternative is to back these files up to the cloud using a service like Google Drive or Microsoft’s One Drive. I prefer encrypting before I move the files to the cloud to minimize the risk that someone may be able to view my files in the cloud.
Happy New Year
I am writing this as we wrap up 2021, maybe one of the worst years ever. I am wishing for a happier and more secure 2022 for all of us. Happy New Year!