Internet Security: Where to go if yours is compromised

It is in the news and heaven knows I talk about it here in this newsletter column often enough: Internet security. We often talk about the threats that are out there, new kinds of spam or phishing, the impact of social networks, etc. While an ounce of prevention is still worth a pound of cure, how do you deal with a problem once it has occurred? If you have an IT Department where the staff are not just high school or college kids looking to make a few dollars from the skills they honed playing online games like Blizzards World of Warcraft, your systems there are probably well in hand. But what do you do with the system or systems you have at home or those if you are in a small business where you are the expert? Where do you turn? Hopefully, after reading this article, you will have a very good idea.

Definitions
The areas that everyone needs to be concerned with and the resources that they can use when a problem does occur can be easily grouped. They include but are not limited to antivirus, hoaxes (used for phishing or malware), consumer information and protection (including the Better Business Bureau, Safe Online shopping and Internet Fraud Complaint Center) and even articles that discuss the baseline for computer security. Many thanks to Jane F. Kinkus, Mathematical Sciences Librarian at Purdue University for the article posted on the web entitled Science and Technology Resources on the Internet where much of this information was gathered.


Antivirus and Hoaxes
The WildList Organization International
http://www.wildlist.org/ 
The WildList Organization's mission is "to provide accurate, timely and comprehensive information about 'In the Wild' computer viruses to both users and product developers." "In the wild" viruses are viruses that have been cited by two or more of the organization's panel of computer experts as spreading in the real world and therefore pose a real threat to computers and networks. The WildList is made available free of charge by the organization and is considered a standard against which the effectiveness of antivirus programs is measured. The WildList Organization has retained its independence from any one antivirus developer and encourages all users to find an antivirus vendor and develop a relationship with its customer support service.

Hoax Busters
http://www.doecirc.energy.gov 
Hoax Busters is a public service of the Department of Energy's Computer Incident Advisory Capability (CIAC). Hoax Busters posits that dealing with hoax emails is annoying and time-consuming at best and costly at worst. The Hoax Busters web is a clearinghouse of information about various types of Internet hoaxes, and strives to debunk dire warnings about various fake viruses and other malicious code that have no basis in fact. The site also confronts chain letters, urban myths, sympathy letters and other cons, and offers suggestions for how to recognize hoaxes and what to do about them.

F-Secure: Security Information Center
http://www.f-secure.com/virus-info/ 
The self described "industry standard source for up-to-date information on new viruses and hoax alerts," this site provides long, easily readable descriptions and screen shots of known viruses, including their variations and information on how to recover if you're hit. While F-Secure naturally promotes the sale of their commercial products, they also offer a few dozen free downloads to fix specific virus problems. Also of interest are a six-minute video entitled "Virus Summary 2001," an account of the most notable (i.e., destructive) virus attacks of 2001, and a list of tips to avoid those pesky, and increasingly popular, email worms.

Consumer Information
Better Business Bureau Online
http://www.bbbonline.org/ 
The Better Business Bureau system, which extends over most of the United States and Canada, has for many years mediated consumer problems by advocating voluntary self-regulation for businesses combined with increased education for consumers. The BBB now extends its services to the e-commerce arena, offering a BBB seal of reliability for qualified businesses to place on their web sites. For consumers, BBBOnline offers a "safe shopping list" of companies which merit the BBB's seal, as well as information on web safety and privacy, and online forms for lodging complaints.

Shopping Safely Online
http://www.cnlnet.org/shoppingonline/index.htm 
The National Consumer League offers Shopping Safely Online as part of its larger web site of general consumer information. In addition to online shopping tips, this site provides "e-ssentials" of online privacy and security for the consumer, and advice for using online auctions. Shopping Safely Online provides a link to the NCL's National Fraud Information Center, where users can report suspected fraud and access a wealth of other sources about the risks of doing business online.

Internet Fraud Complaint Center
{http://www.ic3.gov/} 
The IFCC, a partnership between the FBI and the National White Collar Crime Center, offers this web site as a place for consumers to learn about Internet fraud, which is largely comprised of incidents relating to online auctions, credit card misuse and other consumer-related activity. The site provides an easy-to-complete form for reporting Internet fraud. Of special interest is the IFCC's annual report on the numbers, types and economic impacts of crimes reported through the site.


CYBERCRIME
http://www.cybercrime.gov/ 
This site is maintained by the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice; the information available at this site is presented from a legal, rather than technical, perspective. It provides a plethora of information about the various ways computers can be used to commit crimes, how and to whom to report computer crimes and what to do if you are the victim of computer crime. It includes links to cases, laws, legal and policy issues surrounding hacking, intellectual property infringements and other online offenses

Security Policies
Security Policy Issues
http://www.sans.org/rr/whitepapers/policyissues/ 
The Systems Administration, Networking, and Security Institute (SANS) is an organization comprised of computer security practitioners from government agencies, corporations, and universities. The SANS reading room provides access to over 1300 research articles across the spectrum of computer security; the Security Policy Issues section features over 60 articles, many of which were written by IT professionals to fulfill part of the requirements for the Global Information Assurance Certification. This site also contains an information security policy primer and policy examples and templates. Access to the SANS reading room is free, but users must register to receive a password.


How can I Protect Myself?
It is an old checklist but one that bears repeating. Have a system that is up to date in all aspects is very important, at home and at work. At home, you have more control as you yourself own the equipment, pay for the access and there are less likely to be issues with incompatibilities of one software to another like there can easily be at work. Still, with few exceptions, this Top Ten list will work well for business and home users:
.
1. Use password protection
2. Choose creative passwords.
3. Use encryption.
4. Use firewall software or appliances
5. Don't allow all employees to load their own software at work and, at home, dont download free software from disreputable sources
6. Do backups at least once a week and store your backups off-site
7. Keep all software up-to-date
8. Have an active, up to date anti-virus software
9. Have an active, up to date anti-malware software
10. Consider web filtering.

Yes, even home users can have web filtering that requires no software and does not require an expensive, enterprise-based appliance. In fact, that will be the subject of my next column, so check here next month!

How can I get more information on this subject?
We strive to stay up to date and provide you with the latest information available on technical subjects that are gaining momentum. Technical trade publications and the web are both very good places to start. Getting information from a partner that uses and supports technology is a great way to stay on the leading edge and away from the bleeding edge of technology and also letting someone else do the research so you can do what you do best. If you have questions or comments about this article or if there is anything new on the subject, contact me. I would be happy to respond.