10 ways to avoid computer intrusion

Sometimes small loopholes in a good sense of habit also create a security hole for cyber criminals to take advantage of to exploit for malicious purposes. Here are 10 ways to avoid creating weaknesses on our computers and networks .

1. Change the default password

It's amazing how many devices and applications are protected by the user by default name and password. Therefore, attackers know how to exploit this habit of users to profit. Only when testing a website looking for the default password, will the user understand why it is not recommended to set a password this way. Using a good password policy (creating a rule to set your own password) is the best way or any character string set for a password is better than leaving it to default.

2. Do not use the password again

Many people use the same login name and password for different websites or services. This habit of users thinks that it is convenient and easy without having to remember much. But if in one case, your password is exposed, many of your other services and logins are also at risk of being hacked. There is a useful way to help users just remember a single password - the administrator password (master) to access a list of saved passwords in it.

For example, the following figure shows the Password Safe application that stores the entire password of the identifiable pages that the user has memorized here. Thus, users only need a single matter password to access Password Safe and see the list of login names and passwords for other websites that users have saved.

3. Delete employee account when this person leaves the company

Infringement of security will be easier when attackers take advantage of information from within the company itself. Therefore, it is necessary to delete the user's account when they no longer work at the company even if the person leaves the company in any way.

4. Review security records

A good administrator must read and review the system's daily log. Because security log is the first line of defense to record the time of logging in and out of the user's network.

For example, when reviewing the security log of a Windows operating system server, the administrator reviews 529 events (error log - not knowing the username or password incorrectly). That said, the administrator needs to determine if this valid user has forgotten the password or that the attacker is trying to access the system.

Logs in the Windows security section are somewhat confusing, but there is a website that defines almost every event recorded in the log.

5. Scan the network regularly

Regular network scanning will help administrators know if any devices are installed on the network and installed at any time.

One way to scan the network is to use a net view command available in Microsoft's operating system or using free programs like NetView

6. Monitor network traffic externally

Today, malicious code or computer worms have become more sophisticated and difficult to detect. One way to detect them is to monitor network traffic externally. The suspicion will increase when the number of outbound connections or total traffic surges from normal levels. From this tracking it can be detected signs of stolen information or the email engine is attacked by spam.

Most current firewall applications can dodge traffic outside and often give the message as shown below:

7. Fix and update regularly

Keeping your operating system and application software up to date is the best way to avoid bad guys taking advantage of vulnerabilities in software to attack the system. It's simple if the operating system and applications have no vulnerabilities, the bad guys won't be able to find the way to the system.

Using products such as Microsoft Baseline Security Analyzer or one of Secunia products is the most effective way to make sure your computer is secured. Therefore, users should update all necessary patches.

8. Make a good security plan

Depending on the size of the company, we should have a reasonable security plan. A reasonable security plan is really invaluable because everyone in the company can work continuously without being interrupted by the attacks and is a safe solution to help users less worry.

Security plans should follow what the business needs. In order to set up a company's security plan, administrators need to know where the data is stored, how many employees store information and how to make an exchange between internal and external information for planning. Best security. Users can learn more about Microsoft and NIST's security plans.

9. Increasing understanding for users about information security

Training to increase the knowledge and awareness of security issues for users is essential. This will contribute to increasing the performance of employees in the corporate environment. From a sense of security, employees will know how to protect themselves and prevent attacks from online attacks.

10. Problems for higher management levels

Requiring a higher level of management to make security policies and equip the necessary security technology for the system is really difficult. And if they have management approval, they don't think that security policy should apply to themselves. Moreover, changing the regular senior manager can happen in the company. Therefore, when changing managers need to review the information security issues in the company.

The above are 10 very simple solutions that people can perform as well as help users realize the habits of using computers which will create vulnerabilities for criminals who are easy to exploit.