Circles of Trust - Antivirus Software


Using multiple layers of security is the best way to protect your computer and information while online. In the previous articles of my series "Who Do You Trust?", I have talked about passwords, Internet routers and firewalls as layers of protection. In this article I will talk about another layer that is a critical part of the layered approach to computer security, anti-virus software.

"Antivirus or anti-virus software is software used to prevent, detect and remove malware, such as: computer viruses, adware, backdoors, malicious BHOs, dialers, fraudtools, hijackers, keyloggers, malicious LSPs, rootkits, spyware, trojan horses and worms." - Wikipedia

Are you scared yet? You do want to prevent all this, right? Credit card numbers, bank account numbers,  passwords, and social security numbers are things that everyone should guard carefully for obvious reasons. But, even as they take reasonable precautions to keep their personal information and valuables protected in many ways, some will let their guard down where they are most vulnerable, online.

Even the least damaging virus infections are costly but, the worst case can be devastating! If you are lucky and none of your financial or personal information is stolen, you may lose the use of your computer, your documents, pictures, music or other media and software you have purchased. Time without your computer and time to recreate or restore documents have real costs. Virus removal by a reputable professional can be costly as well. I will save virus removal for a future article but, suffice it to say here, you should get professional help to remove viruses.

One of the more insidious effects of a virus infection is the fear that you didn't get all of them removed or, that you removed them too late and someone already has your info. Yes, I have experienced this fear first hand. I remove viruses and spyware from computers as a professional, and I have removed viruses from my own computers. Believe me when I say, I know it is important to be thorough when cleaning viruses from a computer!

Here are the most important considerations for the antivirus software security layer:

  • Update your computer software often.
  • Use reputable antivirus software that also protects you from spyware.
  • Update your antivirus software automatically and daily
  • Configure your antivirus software for real time protection and scheduled file scanning.
  • Don’t open attachments in email unless you know that they are from a trusted source.
  • Don’t download files from the Internet unless you know that they are from a trusted source.
  • Use your antivirus software to scan email attachments and files downloaded from the Internet before you open them, regardless of the source.
  • Do not use peer to peer file sharing programs. These include programs such as Limewire, Bearshare, Gnutella, Morpheus, Torrents, etc.
  • Don’t download software from Warez , pirate or cracked software websites.

In upcoming articles in the "Who Do You Trust" series, we will discuss social engineering, phishing, and website security certificates.





~#~


Sign up with email to get updates from The Practical Computer
and subscriber-only tips and giveaways.


For more on Internet Security:

From The USA Educational Foundation: Internet Safety For Adults


From Family Online Safety Institute:
Top Internet Safety Tips for Parents (PDF)


From US-CERT:
Advice about common security issues for
non-technical computer users

     

9 Tips for Designing a Small Business Network

1:  Plan for the software you will require.

The most important consideration for designing a small business network is the software the business will use. Many businesses use vertical market software that has been developed for and customized to a specific industry's needs. For example: A retail business may need point-of-sale software, or a doctor's office may need medical practice management software. If you want to use a particular software package for your specific industry, you will need to plan your hardware and networking to meet the software's requirements.  The cost of the systems required to support any software package should always be considered when selecting software.

Some vertical market software packages will require a database server and may only work with certain ones. If it will work with different databse servers, you will need to decide which one will fit your budget for hardware, software, and ongoing support and maintenance costs.

2:  Plan for people.

You will need to know how many people need to use which software. You will have to plan for user licenses, storage requirements, network cabling and the devices each employee will require.  You will also need to consider your customer requirements. Will they need to access your website or wireless network? Software licensing can be per server, per user, per device, for a number of concurrent users, or any combination of these.

3:  Plan for devices.

How many desktops will you need to support now and in the near future? Will you support smart phones, tablets or wireless laptops? Will you need network printers, scanners, or fax?  You will need to consider all of these questions in order to plan for network cabling, wireless access points or routers, and network switches.

4:  Plan for remote access and telecommuting.

If you plan on hosting your website on your network or you have employees that will need to securely access sensitive resources on your network remotely, you will want to use a business class firewall and/or VPN access device.

Most small businesses do not host their own websites but, it can be done securely and may be a good solution for integrating a customer service or business application portal website with other locally stored data. This is an area where you will definitely need the help of  an experienced professional! You will need to design for additional layers of security, use a business class firewall and set up alerts and monitoring.

5:  Avoid consumer class hardware and software whenever possible.

Equipment and software designed for consumers is often used by businesses but can have limitations that will end up costing you more than if you started with business class products. Never use Home editions of Windows. They do not offer the security of Windows Professional editions and cannot join Microsoft Network Domains. A good 16 or 24 port, business class network switch will offer more performance and reliability than a hodgepodge of small home networking switches. Business class server hardware can be configured with auto-failover and hot pluggable disks, an important consideration for the next topic, #6.

6: Determine your requirements for systems availability.

Zero downtime will never exist for any system! The dream of many IT executives is 5 nines, or 99.999% systems availability. That only allows for 5.26 minutes of downtime per year! A worthy goal rarely achieved.  High availability is also expensive. However, there are many cost effective ways you can build fault tolerance into your network. To design your systems for the availability you need, you will first need to weigh the cost of downtime, with the cost of preventing it. You will need to plan downtime for maintenance as well.  Maintenance will most likely be performed during non business hours, and you should be able to schedule for most of it. But expect the occasional need for unscheduled maintenance.

It will probably not be feasible to eliminate every single point of failure in your network but, you can plan for recovering all parts of your systems. Hardware is very reliable today but, it does fail. If you centralize all of your data storage onto one computer and require employees to store all business data there, a single employee’s computer going down should not be a catastrophe, especially if you have a spare computer. If you have 10 desktop computers, a fully configured spare would only cause your desktop costs to increase by 10%. That’s less than the cost of many extended warranties and maintenance agreements. PC warranties only cover the hardware. After the failed hardware is repaired, you will be responsible for re-installing all of the software and recovering the data. A spare PC is smart planning. I would also recommend you create disk images for all of your PC workstations and update them regularly. An image can be restored to a new or repaired PC quickly if needed.

Most systems problems are caused by software issues, viruses and accidents.  Regular software updates and virus protection are vital for systems availability.  Accidents will happen.  Backup your data daily. Another good reason to centralize your data storage is that it will enable you to centralize your data backup system as well. This will increase your backup reliability and lower your costs for protecting your business' data.

7: Document document document!

Can you tell I think documenting is important? It will save you money, time and perhaps even your business!  It will also increase your systems availability by reducing maintenance time and the time it takes to recover systems. Did you ever hear that you shouldn't write passwords anywhere? I have and it is one of the dumbest things I have ever heard. You cannot repair, troubleshoot or operate any system without knowing or somehow recovering the password. You can reset some things to the "factory default", but "factory default" means no configuration and no data! Document your passwords! Just don't store them on the fridge door in the employee lounge.

Document all of the configuration information you can and always update it when system and configuration changes are made. Documentation should include, IP addresses, computer names, user names, software versions, configuration files, screen shots of configurations, vendor maintenance agreements, warranty information, support phone numbers,  support customer and PIN numbers, software licensing documents and any thing else you can think of that you may possibly need.

I always tell my customers that I want to make it easy for them to fire me! Well, I really don't want it to be too easy but, if they can call a professional who has never seen their systems and they have access to thorough documentation, they can get their systems back up in running in the shortest time possible.

8: Use at least one professional!

You need to find someone who knows networking and business software to help you plan and design your network. A pro can help design a system that will meet your needs today and be able to grow with your business. When I say, use at least one professional, I mean that you may also need a specialist to help you configure your financial or specific business software and train your employees. They may be technology savvy, but they will probably not have the experience needed to plan, design, install and configure your network systems. Hiring an experienced networking professional to help you with your planning, network design and configuration, will help you to keep your IT costs down and your systems up.

9: Business requirements always come first!

Technology professionals can get wrapped up in a lot of detail while planning and designing systems. It is up to the business to ensure that the needs and requirements of the business are considered throughout the planning process. A seasoned technology professional, will prompt, prod, and perhaps even aggravate you, to help them with capacity planning and growth estimates. They will want you to document your business processes and requirements. There is that documentation word again! They will schedule planning and project status meetings, and insist on reviewing plans with you. The technology supports the business effort.  The business always leads the technology effort!




~#~


Keep IT Simple: The Small Business Guide to Computers and Networks

Network Know-How: An Essential Guide for the Accidental Admin

Risk-Free Technology: How Small to Medium Businesses Can Stem Huge Losses From Poorly Performing IT Systems


Circles of Trust - Firewalls

After you ensure your passwords are strong and known only to you, you need to ensure your router is properly configured. I discussed these steps in my two previous posts of this series. In this article, we will talk about firewalls, what they are, where and how to use them.

As I have said before, Internet security should be implemented in layers. No one layer offers sufficient protection. Another layer you should always use is a firewall. A firewall is a guard at the door between two networks. It decides who and what goes through the door in both directions. If you have a door connecting your private network or computer with the Internet, you NEED a good door guard!

I will not try and describe how they work in detail. I began to, then realized after typing three paragraphs, that most people don’t need to understand the detail and, there is way too much of it! Technical types can argue about the nuances and exceptions to my explanation, but for most people, it is enough to understand firewalls at a basic level.

Firewalls control which applications on one computer can talk to which applications on another computer. Think of a firewall as a filter that can be configured to block or allow traffic to and from the Internet. You can filter traffic based upon the type (applications, i.e.: ftp, file sharing, etc.), and the source (particular computers or networks). Firewall configurations usually begin by blocking everything. Then exceptions are added as they are required. All firewalls can be configured to allow exceptions, including the firewall that comes with Windows.





Most personal firewalls like the one that comes with Windows, are already configured for the most common uses and block many applications that you do not normally use. The default configuration of Windows Firewall is a great place to start. Just make sure it is turned on! You can access Windows Firewall from Control Panel.

Consider the following list of rules. Traffic coming from the Internet must meet each requirement starting with the first, before it is allowed through to your computer.












Windows Firewall is configured by entering exceptions to its rules for blocking traffic. Most of the time, Windows will configure these exceptions as you require them. For example, if you were to configure Remote Desktop to allow computers to connect to your computer, Windows will add the required exception to its firewall.

You should be protected from computers on the Internet attempting to connect to your computer to use Remote Desktop, by your router. Your computer’s private address is not accessible from the internet directly unless you configure your router to allow it. However, if you want an added layer of security, you can configure the exception rule in Windows Firewall to only allow Remote Desktop from computers on your home network. Remote Desktop will also require your computer’s administrator's user name and password to connect, or another user's credentials that you specifically configured Remote Desktop to allow. I will talk about configuring routers to allow Remote Desktop and other applications from the Internet in a later post.

Even though your router can protect your computer by "hiding" its address from the Internet, you should always use a firewall. You may have a laptop you take with you to another network, or you may need to change your router configuration at some time.

The different layers of security work together to protect you. It is important that each layer is configured and secured properly. Passwords, routers, firewalls, anti-virus anti-spyware software, operating system and software patches and updates, common sense and vigilance are all important layers of security. So far, in the series “Who Do You Trust” we have talked about passwords, routers and firewalls. In my next article, I will write about anti-virus and anti-spyware software, and how you can protect yourself from viruses, spyware and other malware.





~#~


Sign up with email to get updates from The Practical Computer
and subscriber-only tips and giveaways.


For more on Internet Security:

From The USA Educational Foundation: Internet Safety For Adults


From Family Online Safety Institute:
Top Internet Safety Tips for Parents (PDF)


From US-CERT:
Advice about common security issues for
non-technical computer users