Monday, March 16, 2009

The Basic Basics - Continued

OK, Part One's list items were probably familiar to most, although perhaps not the last one ("don't normally use Windows logged in with Admin privileges"). Here are some more nuggets of ponderment:
  1. Make sure that the internet router box that you use has "NAT" (Network Address Translation) turned on. It probably is, since most or all consumer-grade routers have it enabled by default, but it doesn't hurt to make sure. One way to see if you have NAT working is to do the following: (1) Figure out what your Windows IP address is - e.g. open a Command Prompt window and type "ipconfig"; it will show a number that might look like "" or something like that. (There are other ways to do this, but I won't detail them here.) (2) Determine what your "external" IP address is - this is the address that the rest of the world thinks you're at. I use this site to get my external address. If your Windows IP address and your external address are different, then you have NAT working. If not, you really need to get this addressed (no pun intended?).
  2. This is another obvious one, but can be tedious to adhere to all the time: Don't Use Obvious Passwords, at least for any sites/accounts that you consider confidential and/or valuable. I was lazy about this for the longest time, but finally hunkered down and changed all of my on-line financial passwords to things less guessable/dictionary lookupable. A tool that made this easier for me is Roboform2Go, which is a "password vault" application that I keep on a USB memory stick. RF2G can act as a Firefox/IE plugin; you have to enter a password to unlock it (optionally for a limited amount of time for each use); after that, it will auto-fill the username and password fields of sites that you've told it about. Generally it works very well although it seems to be a little Firefox-unfriendly (sometimes I have to quit out of FF before starting RF2G; otherwise it doesn't start up correctly). There are other alternatives out there but this is the one I use.
  3. Consider using what's called Multi-Factor Authentication for logging into your on-line commerce/shopping accounts where possible. For instance, both EBay and PayPal can be set up to do this. You have to buy a little gizmo that they sell, but it's quite inexpensive (right now it's $5). After you've received this "security key" you set up your Ebay and/or PayPal accounts to use it. Thereafter, when you log in and enter your normal password on the site, you are prompted to enter the number that the key's LCD display shows whenever you press the button on it. That number changes every 30 seconds... This form of authentication is very secure, and apparently this particular security key is being adopted by more and more on-line businesses, so hopefully your five-buck key will be good for more than just EBay/PayPal. More details are here, and a discussion about using the key with "OpenID" (which is a topic for another day) is here.
  4. Here's a follow-on to the item last time about how you're quite vulnerable when connecting to free public wi-fi access points - be doubly sure that your firewall (either Windows' or a third party one) is turned on before connecting to the WAP. Even if you're going to use some kind of Virtual Private Network to do your surfing, your system is still exposed in the time it takes for you to establish the VPN connection. (A sideline to this - just because you fire up your laptop some place and see a WAP called "Free WiFi For My Homies" or similar, it doesn't mean that it's safe to connect. For all you know it could be a WAP set up specifically to steal whatever it can from your computer when you connect, or to infect it with who-knows-what malware-wise.)
OK, that's a wrap for this lovely Monday!

1 comment:

  1. You can browse to to see what your IP address looks like to the rest of the world.