Indianapolis computer service indiana it service and network support         L5 Solutions - Blog      // We make IT easy

    indianapolis computer service

computer security – passwords and media overload

Jun 15th, 2011 | Posted by | Filed under Indianapolis IT support

I’ve observed an acute increase in website and business hacks stories in recent weeks from sites I follow and even main stream media (MSM) outlets like CNN, FoxNews, etc.  Why?  Is it truly an insight into the computer security landscape evolving or maybe something simpler like an increased availability of sophisticated exploit tools that low skilled people and criminals can use, or even just the latest trend from MSM for provocative stories to sell advertising.


Whatever the case, security is in the media forefront and that brings both pros and cons.  Malaise can set in from overexposure to “just another security incident” or denial in that users think they will never be “targeted” because of their seeming anonymity.  Businesses and websites are continually being scanned and probed for open security vulnerabilities.  Are those openings producing more breaches, likely not, but with compromised businesses delaying or avoiding disclosure the statistics are debatable?  Advanced computer and network security exploits are certainly more readily available today than they were just a few years ago.  Not all tools are designed for nefarious purposes, see metasploit, but nonetheless there are seemingly good tools and others that even elementary computer users and criminals may implement to breach a company’s server, bring down websites and more commonly steal user data.


So what are typical users and business to do?  Are they at risk or it is only towering conglomerates and DoD contractors?  What businesses need to understand is that the initial scans and probes are completely automated and will eventually hit their servers, websites, etc.  If those automated tools find open vulnerabilities then additional higher-level tools may be implemented or even a real person may be alerted to the possibilities of exploiting your site.  That is why it is so important to keep up with current patches and security updates for your routers, firewalls, servers, computers and other devices.  If you keep the most obvious holes plugged you are better off than many businesses and users.


Another common unwanted entry into systems and accounts is from poor passwords.  We’ve all been bothered and badgered by different systems requiring 8 or more characters in a password, and sometimes using uppercase and special characters.  There are different thoughts to the usefulness of changing passwords frequently, another common practice, but the length and especially complexity of passwords does help to mitigate threats.  Depending on the security in place, some passwords can be cracked in under 10 seconds and many in under 17 minutes (again this is all done by automated programs checking for common passwords and lower security systems).  Realistically, your password is more likely to be exposed from a larger database hack, seen from several breaches of banks and online commerce sites.  If you use the same password at many, or all, sites as a significant number of people do then all your data can be compromised.  The recent CitiBank hack and some of the gaming and pornography site hacks had the stolen passwords posted to the Internet with a suggestion for others to try logging in with the exposed email addresses and passwords on the users’ Facebook accounts, etc.


There is obviously a need for skilled computer and network security professionals to implement best practices but the above shows us that an old adage of “an ounce of prevention is worth a pound of cure” is true for online and data safety.  If you keep up with the current best practices for known threats and secure passwords you can help yourself, and your data, have a better chance of staying safe and secure.



No comments yet.
You must be logged in to post a comment.